rsa: rename FIT_RSASSA_PSS to RSASSA_PSS and move symbols under lib/rsa

This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.

It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

diff --git a/boot/Kconfig b/boot/Kconfig
index a37d08eff1d4997e757c161d0d9ebe126d0a201f..708a18fd0ad7a1830edb072fd202b0e4bbd6c174 100644 (file)
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -116,13 +116,6 @@ config FIT_SIGNATURE_MAX_SIZE
          device memory. Assure this size does not extend past expected storage
          space.
 
-config FIT_RSASSA_PSS
-       bool "Support rsassa-pss signature scheme"
-       depends on RSA_VERIFY
-       help
-         Enable this to support the pss padding algorithm as described
-         in the rfc8017 (https://tools.ietf.org/html/rfc8017).
-
 config FIT_CIPHER
        bool "Enable ciphering data in a FIT uImages"
        depends on DM
@@ -212,13 +205,6 @@ config SPL_FIT_SIGNATURE_MAX_SIZE
          device memory. Assure this size does not extend past expected storage
          space.
 
-config SPL_FIT_RSASSA_PSS
-       bool "Support rsassa-pss signature scheme in SPL"
-       depends on SPL_RSA_VERIFY
-       help
-         Enable this to support the pss padding algorithm as described
-         in the rfc8017 (https://tools.ietf.org/html/rfc8017) in SPL.
-
 config SPL_LOAD_FIT
        bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)"
        depends on SPL

diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index cf5a8accd507662dc0dde17d8811f0cd8fc55b83..f4c2cc5d15558e70993be44b18498b8059de8946 100644 (file)
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -18,7 +18,6 @@ CONFIG_EFI_CAPSULE_AUTHENTICATE=y
 CONFIG_EFI_CAPSULE_CRT_FILE="board/sandbox/capsule_pub_key_good.crt"
 CONFIG_BUTTON_CMD=y
 CONFIG_FIT=y
-CONFIG_FIT_RSASSA_PSS=y
 CONFIG_FIT_CIPHER=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_BOOTMETH_ANDROID=y
@@ -383,6 +382,7 @@ CONFIG_MBEDTLS_LIB=y
 CONFIG_HKDF_MBEDTLS=y
 CONFIG_ECDSA=y
 CONFIG_ECDSA_VERIFY=y
+CONFIG_RSASSA_PSS=y
 CONFIG_TPM=y
 CONFIG_ERRNO_STR=y
 CONFIG_GETOPT=y

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 9033384e60a3355504ba5c8a1ea3abaf37a9e601..904eafa9441503c3d29b8463970ea07505c15d8d 100644 (file)
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -67,6 +67,20 @@ config SPL_RSA_VERIFY_WITH_PKEY
          key properties will be calculated on the fly in verification code
          in the SPL.
 
+config RSASSA_PSS
+       bool "Support rsassa-pss signature scheme"
+       depends on RSA_VERIFY
+       help
+         Enable this to support the pss padding algorithm as described
+         in the rfc8017 (https://tools.ietf.org/html/rfc8017).
+
+config SPL_RSASSA_PSS
+       bool "Support rsassa-pss signature scheme within SPL"
+       depends on SPL_RSA_VERIFY
+       help
+         Enable this to support the pss padding algorithm as described
+         in the rfc8017 (https://tools.ietf.org/html/rfc8017) within SPL.
+
 config RSA_SOFTWARE_EXP
        bool "Enable driver for RSA Modular Exponentiation in software"
        depends on DM

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 92b9d7876e52ef535cc32fbcdb0c10bcf8aceba8..0e38c9e802fde47d2b2c509de4298225dd04c2a1 100644 (file)
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -421,7 +421,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
                goto err_sign;
        }
 
-       if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo &&
+       if (CONFIG_IS_ENABLED(RSASSA_PSS) && padding_algo &&
            !strcmp(padding_algo->name, "pss")) {
                if (EVP_PKEY_CTX_set_rsa_padding(ckey,
                                                 RSA_PKCS1_PSS_PADDING) <= 0) {

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index b65fbe440073f4f2fb1b74e6f56dc623117abfd4..0d618f15ea99737ebc1cc130484bff750831004a 100644 (file)
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -89,7 +89,7 @@ U_BOOT_PADDING_ALGO(pkcs_15) = {
 };
 #endif
 
-#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
+#if CONFIG_IS_ENABLED(RSASSA_PSS)
 static void u32_i2osp(uint32_t val, uint8_t *buf)
 {
        buf[0] = (uint8_t)((val >> 24) & 0xff);

diff --git a/tools/Kconfig b/tools/Kconfig
index 652b0f225579def92cfda61f017686970a2dcaec..a1b4d701ac78f9c574a47f08a76476ba3e065a77 100644 (file)
--- a/tools/Kconfig
+++ b/tools/Kconfig
@@ -55,7 +55,7 @@ config TOOLS_FIT_PRINT
        help
          Print the content of the FIT verbosely in the tools builds
 
-config TOOLS_FIT_RSASSA_PSS
+config TOOLS_RSASSA_PSS
        def_bool y
        help
          Support the rsassa-pss signature scheme in the tools builds