From: Jonas Rebmann <jre@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
Jonas Rebmann <jre@pengutronix.de>
Subject: [PATCH v2 04/17] fit: only accept keys from "fit"-keyring
Date: Tue, 28 Oct 2025 19:03:09 +0100 [thread overview]
Message-ID: <20251028-tlv-signature-v2-4-3bafce636ad7@pengutronix.de> (raw)
In-Reply-To: <20251028-tlv-signature-v2-0-3bafce636ad7@pengutronix.de>
Separate keys shall be used for fitimage verification and the upcoming
TLV verification.
Based on the newly introduced keyring feature, limit fitimage
verification to the keys in the keyring literally named "fit", which is
also the current default keyring name in keytoc for backwards
compatibility.
Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
common/image-fit.c | 13 ++++++++-----
crypto/public-keys.c | 13 ++++++++++---
crypto/rsa.c | 1 +
include/crypto/public_key.h | 9 ++++++++-
include/tlv/tlv.h | 1 +
5 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index a072339798..5c3a3e8f23 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -261,7 +261,7 @@ static struct digest *fit_alloc_digest(struct device_node *sig_node,
static int fit_check_signature(struct fit_handle *handle, struct device_node *sig_node,
enum hash_algo algo, void *hash)
{
- const char *fail_reason = "no built-in keys";
+ const char *fail_reason;
const struct public_key *key;
const char *key_name = NULL;
int sig_len;
@@ -274,10 +274,13 @@ static int fit_check_signature(struct fit_handle *handle, struct device_node *si
return -EINVAL;
}
+ fail_reason = "no matching keys";
+
of_property_read_string(sig_node, "key-name-hint", &key_name);
if (key_name) {
- key = public_key_get(key_name);
+ key = public_key_get(key_name, "fit");
if (key) {
+ fail_reason = "verification failed";
ret = public_key_verify(key, sig_value, sig_len, hash, algo);
if (handle->verbose)
pr_info("Key %*phN (%s) -> signature %s\n", key->hashlen,
@@ -287,13 +290,13 @@ static int fit_check_signature(struct fit_handle *handle, struct device_node *si
}
}
- for_each_public_key(key, id) {
- fail_reason = "verification failed";
+ for_each_public_key_keyring(key, id, "fit") {
- /* Don't recheck with same key_name as before */
+ /* Don't recheck with same key as before */
if (key_name && streq_ptr(key->key_name_hint, key_name))
continue;
+ fail_reason = "verification failed";
ret = public_key_verify(key, sig_value, sig_len, hash, algo);
if (handle->verbose)
diff --git a/crypto/public-keys.c b/crypto/public-keys.c
index 6d86be8d34..496970cc72 100644
--- a/crypto/public-keys.c
+++ b/crypto/public-keys.c
@@ -8,12 +8,12 @@
DEFINE_IDR(public_keys);
-const struct public_key *public_key_get(const char *name)
+const struct public_key *public_key_get(const char *name, const char *keyring)
{
const struct public_key *key;
int id;
- for_each_public_key(key, id) {
+ for_each_public_key_keyring(key, id, keyring) {
if (!strcmp(key->key_name_hint, name))
return key;
}
@@ -23,8 +23,15 @@ const struct public_key *public_key_get(const char *name)
int public_key_add(struct public_key *key)
{
- if (public_key_get(key->key_name_hint))
+ if (!key->keyring || *key->keyring == '\0') {
+ pr_warn("Aborting addition of public key: No keyring specified\n");
+ return -EINVAL;
+ }
+
+ if (public_key_get(key->key_name_hint, key->keyring)) {
+ pr_warn("Aborting addition of public key: Duplicate fit name hint\n");
return -EEXIST;
+ }
return idr_alloc(&public_keys, key, 0, INT_MAX, GFP_NOWAIT);
}
diff --git a/crypto/rsa.c b/crypto/rsa.c
index ec5bd45115..0e752f11b4 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -468,6 +468,7 @@ static void rsa_init_keys_of(void)
continue;
}
+ key->keyring = "fit";
ret = public_key_add(key);
if (ret)
pr_err("Cannot add rsa key %s: %pe\n",
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 612efa8f38..4954fab089 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -3,6 +3,7 @@
#include <digest.h>
#include <linux/idr.h>
+#include <string.h>
struct rsa_public_key;
struct ecdsa_public_key;
@@ -26,7 +27,7 @@ struct public_key {
};
int public_key_add(struct public_key *key);
-const struct public_key *public_key_get(const char *name);
+const struct public_key *public_key_get(const char *name, const char *keyring);
const struct public_key *public_key_next(const struct public_key *prev);
extern struct idr public_keys;
@@ -34,6 +35,12 @@ extern struct idr public_keys;
#define for_each_public_key(key, id) \
idr_for_each_entry(&public_keys, key, id)
+#define for_each_public_key_keyring(key, id, _keyring) \
+ for_each_public_key(key, id) \
+ if (!key->keyring || strcmp(key->keyring, _keyring) != 0) \
+ continue; \
+ else
+
int public_key_verify(const struct public_key *key, const uint8_t *sig,
const uint32_t sig_len, const uint8_t *hash,
enum hash_algo algo);
diff --git a/include/tlv/tlv.h b/include/tlv/tlv.h
index 2a3fb14392..536f61646c 100644
--- a/include/tlv/tlv.h
+++ b/include/tlv/tlv.h
@@ -42,6 +42,7 @@ extern int tlv_handle_eth_address_seq(struct tlv_device *dev, struct tlv_mapping
struct tlv_decoder {
u32 magic;
+ const char *signature_keyring;
void *driverata;
struct tlv_mapping **mappings;
struct driver driver;
--
2.51.2.535.g419c72cb8a
next prev parent reply other threads:[~2025-10-28 18:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-28 18:03 [PATCH v2 00/17] TLV-Signature and keyrings Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 01/17] lib: idr: avoid dangling else in idr_for_each_entry() Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 02/17] common: clean up TLV code Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 03/17] crypto: Add support for keyrings Jonas Rebmann
2025-10-28 18:03 ` Jonas Rebmann [this message]
2025-10-28 18:03 ` [PATCH v2 05/17] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 06/17] commands: keys: update output format to include keyring Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 07/17] commands: tlv: Error out on invalid TLVs Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 08/17] scripts: bareboxtlv-generator: Implement signature Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 09/17] scripts: bareboxtlv-generator: Increase max_size in example schema Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 10/17] common: tlv: Add TLV-Signature support Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 11/17] common: tlv: default decoder for signed TLV Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 12/17] crypto: Use "development" keys for "fit" and "tlv" keyring Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 13/17] test: py: add signature to TLV integration tests Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 14/17] ci: pytest: Add kconfig fragment for TLV signature " Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 15/17] crypto: concatenate fit development certificate with private key Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 16/17] doc/barebox-tlv: Update documentation regarding TLV-Signature Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 17/17] Documentation: migration-2025.11.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS Jonas Rebmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251028-tlv-signature-v2-4-3bafce636ad7@pengutronix.de \
--to=jre@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox