rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

7 files changed, 112 insertions, 2 deletions

diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 19cde87..d0886b7 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -312,3 +312,4 @@ CONFIG_TEST_FDTDEC=y
 CONFIG_UNIT_TEST=y
 CONFIG_UT_TIME=y
 CONFIG_UT_DM=y
+CONFIG_SHA384=y
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 01b480d..b9634e3 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -111,6 +111,7 @@ int padding_pss_verify(struct image_sign_info *info,
 #define RSA_DEFAULT_PADDING_NAME		"pkcs-1.5"
 
 #define RSA2048_BYTES	(2048 / 8)
+#define RSA3072_BYTES	(3072 / 8)
 #define RSA4096_BYTES	(4096 / 8)
 
 /* This is the minimum/maximum key size we support, in bits */
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 32c7507..1126640 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -595,6 +595,12 @@ U_BOOT_CRYPTO_ALGO(rsa2048) = {
 	.verify = rsa_verify,
 };
 
+U_BOOT_CRYPTO_ALGO(rsa3072) = {
+	.name = "rsa3072",
+	.key_len = RSA3072_BYTES,
+	.verify = rsa_verify,
+};
+
 U_BOOT_CRYPTO_ALGO(rsa4096) = {
 	.name = "rsa4096",
 	.key_len = RSA4096_BYTES,
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index 095e00c..b080d48 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -45,6 +45,8 @@ TESTDATA = [
     ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False],
     ['sha256-pss-required', 'sha256', '-pss', None, True, False],
     ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True],
+    ['sha384-basic', 'sha384', '', None, False, False],
+    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False],
 ]
 
 @pytest.mark.boardspec('sandbox')
@@ -180,10 +182,16 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
             name: Name of of the key (e.g. 'dev')
         """
         public_exponent = 65537
+
+        if sha_algo == "sha384":
+            rsa_keygen_bits = 3072
+        else:
+            rsa_keygen_bits = 2048
+
         util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %s%s.key '
-                     '-pkeyopt rsa_keygen_bits:2048 '
+                     '-pkeyopt rsa_keygen_bits:%d '
                      '-pkeyopt rsa_keygen_pubexp:%d' %
-                     (tmpdir, name, public_exponent))
+                     (tmpdir, name, rsa_keygen_bits, public_exponent))
 
         # Create a certificate containing the public key
         util.run_and_log(cons, 'openssl req -batch -new -x509 -key %s%s.key '
diff --git a/test/py/tests/vboot/sign-configs-sha384.its b/test/py/tests/vboot/sign-configs-sha384.its
new file mode 100644
index 0000000..2869401
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha384.its
@@ -0,0 +1,45 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			hash-1 {
+				algo = "sha384";
+			};
+		};
+		fdt-1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			hash-1 {
+				algo = "sha384";
+			};
+		};
+	};
+	configurations {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
+				algo = "sha384,rsa3072";
+				key-name-hint = "dev";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
diff --git a/test/py/tests/vboot/sign-images-sha384.its b/test/py/tests/vboot/sign-images-sha384.its
new file mode 100644
index 0000000..be1a9a6
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-sha384.its
@@ -0,0 +1,42 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			signature {
+				algo = "sha384,rsa3072";
+				key-name-hint = "dev";
+			};
+		};
+		fdt-1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			signature {
+				algo = "sha384,rsa3072";
+				key-name-hint = "dev";
+			};
+		};
+	};
+	configurations {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+		};
+	};
+};
diff --git a/tools/image-sig-host.c b/tools/image-sig-host.c
index 8ed6998..d0133ae 100644
--- a/tools/image-sig-host.c
+++ b/tools/image-sig-host.c
@@ -56,6 +56,13 @@ struct crypto_algo crypto_algos[] = {
 		.verify = rsa_verify,
 	},
 	{
+		.name = "rsa3072",
+		.key_len = RSA3072_BYTES,
+		.sign = rsa_sign,
+		.add_verify_data = rsa_add_verify_data,
+		.verify = rsa_verify,
+	},
+	{
 		.name = "rsa4096",
 		.key_len = RSA4096_BYTES,
 		.sign = rsa_sign,