From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH v4 03/16] keytoc: fix ECDSA endianess problems
Date: Fri, 13 Sep 2024 09:59:11 +0200 [thread overview]
Message-ID: <20240913075924.1652866-4-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20240913075924.1652866-1-s.hauer@pengutronix.de>
We print the ECDSA key values out as an uint32_t C array. They are used in
barebox as a uint64_t C array, so when the endianess of the build system
differs from the system barebox runs on we end up with the 32bit words
swapped in the u64 array. Fix this by printing out the key values as
an uint64_t array.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
scripts/keytoc.c | 42 +++++++++++++++++++++---------------------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/scripts/keytoc.c b/scripts/keytoc.c
index 7e73c786a3..b140160688 100644
--- a/scripts/keytoc.c
+++ b/scripts/keytoc.c
@@ -315,12 +315,12 @@ static int rsa_get_params(EVP_PKEY *key, uint64_t *exponent, uint32_t *n0_invp,
static FILE *outfilep;
-static int print_bignum(BIGNUM *num, int num_bits)
+static int print_bignum(BIGNUM *num, int num_bits, int width)
{
BIGNUM *tmp, *big2, *big32, *big2_32;
BN_CTX *ctx;
int i;
- uint32_t *arr;
+ uint64_t *arr;
tmp = BN_new();
big2 = BN_new();
@@ -345,34 +345,34 @@ static int print_bignum(BIGNUM *num, int num_bits)
return -ENOMEM;
}
BN_set_word(big2, 2L);
- BN_set_word(big32, 32L);
- BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */
+ BN_set_word(big32, width);
+ BN_exp(big2_32, big2, big32, ctx); /* B = 2^width */
- arr = malloc(num_bits / 32 * sizeof(uint32_t));
+ arr = malloc(num_bits / width * sizeof(*arr));
- for (i = 0; i < num_bits / 32; i++) {
+ for (i = 0; i < num_bits / width; i++) {
BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
arr[i] = BN_get_word(tmp);
- BN_rshift(num, num, 32); /* N = N/B */
+ BN_rshift(num, num, width); /* N = N/B */
}
if (dts) {
- for (i = 0; i < num_bits / 32; i++) {
+ for (i = 0; i < num_bits / width; i++) {
if (i % 4)
fprintf(outfilep, " ");
else
fprintf(outfilep, "\n\t\t\t\t");
- fprintf(outfilep, "0x%08x", arr[num_bits / 32 - 1 - i]);
- BN_rshift(num, num, 32); /* N = N/B */
+ fprintf(outfilep, "0x%0*jx", width / 4, arr[num_bits / width - 1 - i]);
+ BN_rshift(num, num, width); /* N = N/B */
}
} else {
- for (i = 0; i < num_bits / 32; i++) {
+ for (i = 0; i < num_bits / width; i++) {
if (i % 4)
fprintf(outfilep, " ");
else
fprintf(outfilep, "\n\t");
- fprintf(outfilep, "0x%08x,", arr[i]);
- BN_rshift(num, num, 32); /* N = N/B */
+ fprintf(outfilep, "0x%0*jx,", width / 4, arr[i]);
+ BN_rshift(num, num, width); /* N = N/B */
}
}
@@ -473,12 +473,12 @@ static int gen_key_ecdsa(EVP_PKEY *key, const char *key_name, const char *key_na
fprintf(stderr, "ERROR: generating a dts snippet for ECDSA keys is not yet supported\n");
return -EOPNOTSUPP;
} else {
- fprintf(outfilep, "\nstatic uint32_t %s_x[] = {", key_name_c);
- print_bignum(key_x, bits);
+ fprintf(outfilep, "\nstatic uint64_t %s_x[] = {", key_name_c);
+ print_bignum(key_x, bits, 64);
fprintf(outfilep, "\n};\n\n");
- fprintf(outfilep, "static uint32_t %s_y[] = {", key_name_c);
- print_bignum(key_y, bits);
+ fprintf(outfilep, "static uint64_t %s_y[] = {", key_name_c);
+ print_bignum(key_y, bits, 64);
fprintf(outfilep, "\n};\n\n");
fprintf(outfilep, "static struct ecdsa_public_key %s = {\n", key_name_c);
@@ -512,10 +512,10 @@ static int gen_key_rsa(EVP_PKEY *key, const char *key_name, const char *key_name
if (dts) {
fprintf(outfilep, "\t\tkey-%s {\n", key_name_c);
fprintf(outfilep, "\t\t\trsa,r-squared = <");
- print_bignum(r_squared, bits);
+ print_bignum(r_squared, bits, 32);
fprintf(outfilep, ">;\n");
fprintf(outfilep, "\t\t\trsa,modulus= <");
- print_bignum(modulus, bits);
+ print_bignum(modulus, bits, 32);
fprintf(outfilep, ">;\n");
fprintf(outfilep, "\t\t\trsa,exponent = <0x%0lx 0x%lx>;\n",
(exponent >> 32) & 0xffffffff,
@@ -526,11 +526,11 @@ static int gen_key_rsa(EVP_PKEY *key, const char *key_name, const char *key_name
fprintf(outfilep, "\t\t};\n");
} else {
fprintf(outfilep, "\nstatic uint32_t %s_modulus[] = {", key_name_c);
- print_bignum(modulus, bits);
+ print_bignum(modulus, bits, 32);
fprintf(outfilep, "\n};\n\n");
fprintf(outfilep, "static uint32_t %s_rr[] = {", key_name_c);
- print_bignum(r_squared, bits);
+ print_bignum(r_squared, bits, 32);
fprintf(outfilep, "\n};\n\n");
if (standalone) {
--
2.39.2
next prev parent reply other threads:[~2024-09-13 8:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-13 7:59 [PATCH v4 00/16] Add ECDSA support for FIT image verification Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 01/16] keytoc: remove ECDSA dts support Sascha Hauer
2024-09-25 8:53 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 02/16] keytoc: fail in case gen_key() fails Sascha Hauer
2024-09-25 8:53 ` Ahmad Fatoum
2024-09-13 7:59 ` Sascha Hauer [this message]
2024-09-27 8:11 ` [PATCH v4 03/16] keytoc: fix ECDSA endianess problems Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 04/16] keytoc: remove duplicate __ENV__ check Sascha Hauer
2024-09-27 6:59 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 05/16] crypto: Makefile: make simpler Sascha Hauer
2024-09-27 7:01 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 06/16] crypto/Makefile: Drop unnecessary dependencies Sascha Hauer
2024-09-27 7:03 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 07/16] keytoc: make key name hint optional Sascha Hauer
2024-09-27 8:18 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 08/16] crypto: rsa: include key name hint into CONFIG_CRYPTO_RSA_KEY Sascha Hauer
2024-09-27 7:55 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 09/16] crypto: rsa: encapsulate rsa keys in public keys struct Sascha Hauer
2024-09-27 8:02 ` Ahmad Fatoum
2024-09-27 11:11 ` Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 10/16] crypto: add public_key functions Sascha Hauer
2024-09-27 8:20 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 11/16] crypto: builtin_keys: Allow to specify multiple keys in CONFIG_CRYPTO_PUBLIC_KEYS Sascha Hauer
2024-09-25 8:22 ` Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 12/16] crypto: public-keys: use array of public_keys Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 13/16] crypto: rsa: create static inline wrapper for rsa_verify() Sascha Hauer
2024-09-27 8:09 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 14/16] Add elliptic curve cryptography (ECC) helper functions Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 15/16] crypto: add ECDSA support Sascha Hauer
2024-09-27 8:07 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 16/16] crypto: make RSA a visible option Sascha Hauer
2024-09-27 11:23 ` [PATCH v4 00/16] Add ECDSA support for FIT image verification Sascha Hauer
2024-09-27 11:23 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240913075924.1652866-4-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox