From: Quentin Schulz Date: Fri, 31 Oct 2025 17:08:23 +0000 (+0100) Subject: rsa: rename FIT_RSASSA_PSS to RSASSA_PSS and move symbols under lib/rsa X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=360dd89b361dde2a0bbad65763538e1eea7d3c94;p=thirdparty%2Fu-boot.git rsa: rename FIT_RSASSA_PSS to RSASSA_PSS and move symbols under lib/rsa This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid potential confusion since there's nothing FIT specific to those symbols. It also isn't really related to booting, so boot/Kconfig is an odd place for them to live. Since they make sense only in relation with RSA, simply move them to lib/rsa where it makes more sense for them to reside. Signed-off-by: Quentin Schulz --- diff --git a/boot/Kconfig b/boot/Kconfig index a37d08eff1d..708a18fd0ad 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -116,13 +116,6 @@ config FIT_SIGNATURE_MAX_SIZE device memory. Assure this size does not extend past expected storage space. -config FIT_RSASSA_PSS - bool "Support rsassa-pss signature scheme" - depends on RSA_VERIFY - help - Enable this to support the pss padding algorithm as described - in the rfc8017 (https://tools.ietf.org/html/rfc8017). - config FIT_CIPHER bool "Enable ciphering data in a FIT uImages" depends on DM @@ -212,13 +205,6 @@ config SPL_FIT_SIGNATURE_MAX_SIZE device memory. Assure this size does not extend past expected storage space. -config SPL_FIT_RSASSA_PSS - bool "Support rsassa-pss signature scheme in SPL" - depends on SPL_RSA_VERIFY - help - Enable this to support the pss padding algorithm as described - in the rfc8017 (https://tools.ietf.org/html/rfc8017) in SPL. - config SPL_LOAD_FIT bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)" depends on SPL diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index cf5a8accd50..f4c2cc5d155 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -18,7 +18,6 @@ CONFIG_EFI_CAPSULE_AUTHENTICATE=y CONFIG_EFI_CAPSULE_CRT_FILE="board/sandbox/capsule_pub_key_good.crt" CONFIG_BUTTON_CMD=y CONFIG_FIT=y -CONFIG_FIT_RSASSA_PSS=y CONFIG_FIT_CIPHER=y CONFIG_FIT_VERBOSE=y CONFIG_BOOTMETH_ANDROID=y @@ -383,6 +382,7 @@ CONFIG_MBEDTLS_LIB=y CONFIG_HKDF_MBEDTLS=y CONFIG_ECDSA=y CONFIG_ECDSA_VERIFY=y +CONFIG_RSASSA_PSS=y CONFIG_TPM=y CONFIG_ERRNO_STR=y CONFIG_GETOPT=y diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 9033384e60a..904eafa9441 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -67,6 +67,20 @@ config SPL_RSA_VERIFY_WITH_PKEY key properties will be calculated on the fly in verification code in the SPL. +config RSASSA_PSS + bool "Support rsassa-pss signature scheme" + depends on RSA_VERIFY + help + Enable this to support the pss padding algorithm as described + in the rfc8017 (https://tools.ietf.org/html/rfc8017). + +config SPL_RSASSA_PSS + bool "Support rsassa-pss signature scheme within SPL" + depends on SPL_RSA_VERIFY + help + Enable this to support the pss padding algorithm as described + in the rfc8017 (https://tools.ietf.org/html/rfc8017) within SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 92b9d7876e5..0e38c9e802f 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -421,7 +421,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo, goto err_sign; } - if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo && + if (CONFIG_IS_ENABLED(RSASSA_PSS) && padding_algo && !strcmp(padding_algo->name, "pss")) { if (EVP_PKEY_CTX_set_rsa_padding(ckey, RSA_PKCS1_PSS_PADDING) <= 0) { diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index b65fbe44007..0d618f15ea9 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -89,7 +89,7 @@ U_BOOT_PADDING_ALGO(pkcs_15) = { }; #endif -#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS) +#if CONFIG_IS_ENABLED(RSASSA_PSS) static void u32_i2osp(uint32_t val, uint8_t *buf) { buf[0] = (uint8_t)((val >> 24) & 0xff); diff --git a/tools/Kconfig b/tools/Kconfig index 652b0f22557..a1b4d701ac7 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -55,7 +55,7 @@ config TOOLS_FIT_PRINT help Print the content of the FIT verbosely in the tools builds -config TOOLS_FIT_RSASSA_PSS +config TOOLS_RSASSA_PSS def_bool y help Support the rsassa-pss signature scheme in the tools builds