Merge patch series "rsa: fix dependency, rename and relocate RSASSA PSS symbols"

Quentin Schulz <foss+uboot@0leil.net> says:

While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.

Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.

Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.

Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.

Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de

boot/Kconfig

@@ -134,13 +134,6 @@ config FIT_SIGNATURE_MAX_SIZE
 	  device memory. Assure this size does not extend past expected storage
 	  space.
 
-config FIT_RSASSA_PSS
-	bool "Support rsassa-pss signature scheme of FIT image contents"
-	depends on FIT_SIGNATURE
-	help
-	  Enable this to support the pss padding algorithm as described
-	  in the rfc8017 (https://tools.ietf.org/html/rfc8017).
-
 config FIT_CIPHER
 	bool "Enable ciphering data in a FIT uImages"
 	depends on DM
@@ -192,18 +185,6 @@ config SPL_FIT
 	select SPL_HASH
 	select SPL_OF_LIBFDT
 
-config VPL_FIT
-	bool "Support Flattened Image Tree within VPL"
-	depends on VPL
-	select VPL_HASH
-	select VPL_OF_LIBFDT
-
-config TPL_FIT
-	bool "Support Flattened Image Tree within TPL"
-	depends on TPL
-	select TPL_HASH
-	select TPL_OF_LIBFDT
-
 config SPL_FIT_PRINT
 	bool "Support FIT printing within SPL"
 	depends on SPL_FIT
@@ -242,13 +223,6 @@ config SPL_FIT_SIGNATURE_MAX_SIZE
 	  device memory. Assure this size does not extend past expected storage
 	  space.
 
-config SPL_FIT_RSASSA_PSS
-	bool "Support rsassa-pss signature scheme of FIT image contents in SPL"
-	depends on SPL_FIT_SIGNATURE
-	help
-	  Enable this to support the pss padding algorithm as described
-	  in the rfc8017 (https://tools.ietf.org/html/rfc8017) in SPL.
-
 config SPL_LOAD_FIT
 	bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)"
 	depends on SPL
@@ -309,6 +283,27 @@ config SPL_LOAD_FIT_FULL
 	  particular it can handle selecting from multiple device tree
 	  and passing the correct one to U-Boot.
 
+config SPL_FIT_IMAGE_POST_PROCESS
+	bool "Enable post-processing of FIT artifacts after loading by the SPL"
+	depends on SPL_LOAD_FIT
+	default y if TI_SECURE_DEVICE
+	help
+	  Allows doing any sort of manipulation to blobs after they got extracted
+	  from the U-Boot FIT image like stripping off headers or modifying the
+	  size of the blob, verification, authentication, decryption etc. in a
+	  platform or board specific way. In order to use this feature a platform
+	  or board-specific implementation of board_fit_image_post_process() must
+	  be provided. Also, anything done during this post-processing step would
+	  need to be comprehended in how the images were prepared before being
+	  injected into the FIT creation (i.e. the blobs would have been pre-
+	  processed before being added to the FIT image).
+
+config TPL_FIT
+	bool "Support Flattened Image Tree within TPL"
+	depends on TPL
+	select TPL_HASH
+	select TPL_OF_LIBFDT
+
 config TPL_LOAD_FIT
 	bool "Enable TPL loading U-Boot as a FIT (basic fitImage features)"
 	depends on TPL
@@ -331,21 +326,6 @@ config TPL_LOAD_FIT
 	  3. FDTs are only loaded for images with an "os" property of "u-boot".
 	     "linux" images are also supported with Falcon boot mode.
 
-config SPL_FIT_IMAGE_POST_PROCESS
-	bool "Enable post-processing of FIT artifacts after loading by the SPL"
-	depends on SPL_LOAD_FIT
-	default y if TI_SECURE_DEVICE
-	help
-	  Allows doing any sort of manipulation to blobs after they got extracted
-	  from the U-Boot FIT image like stripping off headers or modifying the
-	  size of the blob, verification, authentication, decryption etc. in a
-	  platform or board specific way. In order to use this feature a platform
-	  or board-specific implementation of board_fit_image_post_process() must
-	  be provided. Also, anything done during this post-processing step would
-	  need to be comprehended in how the images were prepared before being
-	  injected into the FIT creation (i.e. the blobs would have been pre-
-	  processed before being added to the FIT image).
-
 if VPL
 
 config VPL_FIT

configs/sandbox_defconfig

@@ -18,7 +18,6 @@ CONFIG_EFI_CAPSULE_AUTHENTICATE=y
 CONFIG_EFI_CAPSULE_CRT_FILE="board/sandbox/capsule_pub_key_good.crt"
 CONFIG_BUTTON_CMD=y
 CONFIG_FIT=y
-CONFIG_FIT_RSASSA_PSS=y
 CONFIG_FIT_CIPHER=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_BOOTMETH_ANDROID=y
@@ -383,6 +382,7 @@ CONFIG_MBEDTLS_LIB=y
 CONFIG_HKDF_MBEDTLS=y
 CONFIG_ECDSA=y
 CONFIG_ECDSA_VERIFY=y
+CONFIG_RSASSA_PSS=y
 CONFIG_TPM=y
 CONFIG_ERRNO_STR=y
 CONFIG_GETOPT=y

lib/rsa/Kconfig

@@ -67,6 +67,20 @@ config SPL_RSA_VERIFY_WITH_PKEY
 	  key properties will be calculated on the fly in verification code
 	  in the SPL.
 
+config RSASSA_PSS
+	bool "Support rsassa-pss signature scheme"
+	depends on RSA_VERIFY
+	help
+	  Enable this to support the pss padding algorithm as described
+	  in the rfc8017 (https://tools.ietf.org/html/rfc8017).
+
+config SPL_RSASSA_PSS
+	bool "Support rsassa-pss signature scheme within SPL"
+	depends on SPL_RSA_VERIFY
+	help
+	  Enable this to support the pss padding algorithm as described
+	  in the rfc8017 (https://tools.ietf.org/html/rfc8017) within SPL.
+
 config RSA_SOFTWARE_EXP
 	bool "Enable driver for RSA Modular Exponentiation in software"
 	depends on DM

lib/rsa/rsa-sign.c

@@ -421,7 +421,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
 		goto err_sign;
 	}
 
-	if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo &&
+	if (CONFIG_IS_ENABLED(RSASSA_PSS) && padding_algo &&
 	    !strcmp(padding_algo->name, "pss")) {
 		if (EVP_PKEY_CTX_set_rsa_padding(ckey,
 						 RSA_PKCS1_PSS_PADDING) <= 0) {

lib/rsa/rsa-verify.c

@@ -89,7 +89,7 @@ U_BOOT_PADDING_ALGO(pkcs_15) = {
 };
 #endif
 
-#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
+#if CONFIG_IS_ENABLED(RSASSA_PSS)
 static void u32_i2osp(uint32_t val, uint8_t *buf)
 {
 	buf[0] = (uint8_t)((val >> 24) & 0xff);
@@ -310,7 +310,7 @@ U_BOOT_PADDING_ALGO(pss) = {
 /**
  * rsa_verify_key() - Verify a signature against some data using RSA Key
  *
- * Verify a RSA PKCS1.5 signature against an expected hash using
+ * Verify a RSA PKCS1.5/PSS signature against an expected hash using
  * the RSA Key properties in prop structure.
  *
  * @info:	Specifies key and FIT information
@@ -388,7 +388,7 @@ static int rsa_verify_key(struct image_sign_info *info,
  * @sig_len:	Number of bytes in signature
  *
  * Parse a RSA public key blob in DER format pointed to in @info and fill
- * a key_prop structure with properties of the key. Then verify a RSA PKCS1.5
+ * a key_prop structure with properties of the key. Then verify a RSA PKCS1.5/PSS
  * signature against an expected hash using the calculated properties.
  *
  * Return	0 if verified, -ve on error
@@ -423,7 +423,7 @@ int rsa_verify_with_pkey(struct image_sign_info *info,
  * information in node with prperties of RSA Key like modulus, exponent etc.
  *
  * Parse sign-node and fill a key_prop structure with properties of the
- * key.  Verify a RSA PKCS1.5 signature against an expected hash using
+ * key.  Verify a RSA PKCS1.5/PSS signature against an expected hash using
  * the properties parsed
  *
  * @info:	Specifies key and FIT information

tools/Kconfig

@@ -55,7 +55,7 @@ config TOOLS_FIT_PRINT
 	help
 	  Print the content of the FIT verbosely in the tools builds
 
-config TOOLS_FIT_RSASSA_PSS
+config TOOLS_RSASSA_PSS
 	def_bool y
 	help
 	  Support the rsassa-pss signature scheme in the tools builds