mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH v3 03/15] keytoc: fix ECDSA endianess problems
Date: Fri,  6 Sep 2024 12:40:16 +0200	[thread overview]
Message-ID: <20240906104028.2187872-4-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20240906104028.2187872-1-s.hauer@pengutronix.de>

We print the ECDSA key values out as an uint32_t C array. They are used in
barebox as a uint64_t C array, so when the endianess of the build system
differs from the system barebox runs on we end up with the 32bit words
swapped in the u64 array. Fix this by printing out the key values as
an uint64_t array.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 scripts/keytoc.c | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/scripts/keytoc.c b/scripts/keytoc.c
index 7e73c786a3..b140160688 100644
--- a/scripts/keytoc.c
+++ b/scripts/keytoc.c
@@ -315,12 +315,12 @@ static int rsa_get_params(EVP_PKEY *key, uint64_t *exponent, uint32_t *n0_invp,
 
 static FILE *outfilep;
 
-static int print_bignum(BIGNUM *num, int num_bits)
+static int print_bignum(BIGNUM *num, int num_bits, int width)
 {
 	BIGNUM *tmp, *big2, *big32, *big2_32;
 	BN_CTX *ctx;
 	int i;
-	uint32_t *arr;
+	uint64_t *arr;
 
 	tmp = BN_new();
 	big2 = BN_new();
@@ -345,34 +345,34 @@ static int print_bignum(BIGNUM *num, int num_bits)
 		return -ENOMEM;
 	}
 	BN_set_word(big2, 2L);
-	BN_set_word(big32, 32L);
-	BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */
+	BN_set_word(big32, width);
+	BN_exp(big2_32, big2, big32, ctx); /* B = 2^width */
 
-	arr = malloc(num_bits / 32 * sizeof(uint32_t));
+	arr = malloc(num_bits / width * sizeof(*arr));
 
-	for (i = 0; i < num_bits / 32; i++) {
+	for (i = 0; i < num_bits / width; i++) {
 		BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
 		arr[i] = BN_get_word(tmp);
-		BN_rshift(num, num, 32); /*  N = N/B */
+		BN_rshift(num, num, width); /*  N = N/B */
 	}
 
 	if (dts) {
-		for (i = 0; i < num_bits / 32; i++) {
+		for (i = 0; i < num_bits / width; i++) {
 			if (i % 4)
 				fprintf(outfilep, " ");
 			else
 				fprintf(outfilep, "\n\t\t\t\t");
-			fprintf(outfilep, "0x%08x", arr[num_bits / 32 - 1 - i]);
-			BN_rshift(num, num, 32); /*  N = N/B */
+			fprintf(outfilep, "0x%0*jx", width / 4, arr[num_bits / width - 1 - i]);
+			BN_rshift(num, num, width); /*  N = N/B */
 		}
 	} else {
-		for (i = 0; i < num_bits / 32; i++) {
+		for (i = 0; i < num_bits / width; i++) {
 			if (i % 4)
 				fprintf(outfilep, " ");
 			else
 				fprintf(outfilep, "\n\t");
-			fprintf(outfilep, "0x%08x,", arr[i]);
-			BN_rshift(num, num, 32); /*  N = N/B */
+			fprintf(outfilep, "0x%0*jx,", width / 4, arr[i]);
+			BN_rshift(num, num, width); /*  N = N/B */
 		}
 	}
 
@@ -473,12 +473,12 @@ static int gen_key_ecdsa(EVP_PKEY *key, const char *key_name, const char *key_na
 		fprintf(stderr, "ERROR: generating a dts snippet for ECDSA keys is not yet supported\n");
 		return -EOPNOTSUPP;
 	} else {
-		fprintf(outfilep, "\nstatic uint32_t %s_x[] = {", key_name_c);
-		print_bignum(key_x, bits);
+		fprintf(outfilep, "\nstatic uint64_t %s_x[] = {", key_name_c);
+		print_bignum(key_x, bits, 64);
 		fprintf(outfilep, "\n};\n\n");
 
-		fprintf(outfilep, "static uint32_t %s_y[] = {", key_name_c);
-		print_bignum(key_y, bits);
+		fprintf(outfilep, "static uint64_t %s_y[] = {", key_name_c);
+		print_bignum(key_y, bits, 64);
 		fprintf(outfilep, "\n};\n\n");
 
 		fprintf(outfilep, "static struct ecdsa_public_key %s = {\n", key_name_c);
@@ -512,10 +512,10 @@ static int gen_key_rsa(EVP_PKEY *key, const char *key_name, const char *key_name
 	if (dts) {
 		fprintf(outfilep, "\t\tkey-%s {\n", key_name_c);
 		fprintf(outfilep, "\t\t\trsa,r-squared = <");
-		print_bignum(r_squared, bits);
+		print_bignum(r_squared, bits, 32);
 		fprintf(outfilep, ">;\n");
 		fprintf(outfilep, "\t\t\trsa,modulus= <");
-		print_bignum(modulus, bits);
+		print_bignum(modulus, bits, 32);
 		fprintf(outfilep, ">;\n");
 		fprintf(outfilep, "\t\t\trsa,exponent = <0x%0lx 0x%lx>;\n",
 			(exponent >> 32) & 0xffffffff,
@@ -526,11 +526,11 @@ static int gen_key_rsa(EVP_PKEY *key, const char *key_name, const char *key_name
 		fprintf(outfilep, "\t\t};\n");
 	} else {
 		fprintf(outfilep, "\nstatic uint32_t %s_modulus[] = {", key_name_c);
-		print_bignum(modulus, bits);
+		print_bignum(modulus, bits, 32);
 		fprintf(outfilep, "\n};\n\n");
 
 		fprintf(outfilep, "static uint32_t %s_rr[] = {", key_name_c);
-		print_bignum(r_squared, bits);
+		print_bignum(r_squared, bits, 32);
 		fprintf(outfilep, "\n};\n\n");
 
 		if (standalone) {
-- 
2.39.2




  parent reply	other threads:[~2024-09-06 10:41 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-06 10:40 [PATCH v3 00/15] Add ECDSA support for FIT image verification Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 01/15] keytoc: remove ECDSA dts support Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 02/15] keytoc: fail in case gen_key() fails Sascha Hauer
2024-09-06 10:40 ` Sascha Hauer [this message]
2024-09-06 10:40 ` [PATCH v3 04/15] keytoc: remove duplicate __ENV__ check Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 05/15] crypto: Makefile: make simpler Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 06/15] keytoc: make key name hint optional Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 07/15] crypto: rsa: include key name hint into CONFIG_CRYPTO_RSA_KEY Sascha Hauer
2024-09-11  8:27   ` Ahmad Fatoum
2024-09-13  7:05     ` Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 08/15] crypto: rsa: encapsulate rsa keys in public keys struct Sascha Hauer
2024-09-11  8:33   ` Ahmad Fatoum
2024-09-13  7:06     ` Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 09/15] crypto: add public_key functions Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 10/15] crypto: builtin_keys: Allow to specify multiple keys in CONFIG_CRYPTO_PUBLIC_KEYS Sascha Hauer
2024-09-11  8:34   ` Ahmad Fatoum
2024-09-06 10:40 ` [PATCH v3 11/15] crypto: public-keys: use array of public_keys Sascha Hauer
2024-09-11  8:38   ` Ahmad Fatoum
2024-09-06 10:40 ` [PATCH v3 12/15] crypto: rsa: create static inline wrapper for rsa_verify() Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 13/15] Add elliptic curve cryptography (ECC) helper functions Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 14/15] crypto: add ECDSA support Sascha Hauer
2024-09-06 10:40 ` [PATCH v3 15/15] crypto: make RSA a visible option Sascha Hauer
2024-09-11  8:43 ` [PATCH v3 00/15] Add ECDSA support for FIT image verification Ahmad Fatoum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240906104028.2187872-4-s.hauer@pengutronix.de \
    --to=s.hauer@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox