Age | Commit message (Collapse) | Author |
|
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:
EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.
Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.
Move these options to Kconfig and tidy up board configuration:
CONFIG_FIT
CONFIG_OF_BOARD_SETUP
CONFIG_OF_SYSTEM_SETUP
CONFIG_FIT_SIGNATURE
CONFIG_FIT_BEST_MATCH
CONFIG_FIT_VERBOSE
CONFIG_OF_STDOUT_VIA_ALIAS
CONFIG_RSA
Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.
Note: Masahiro's moveconfig.py script is amazing.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
In a number of places we had wordings of the GPL (or LGPL in a few
cases) license text that were split in such a way that it wasn't caught
previously. Convert all of these to the correct SPDX-License-Identifier
tag.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
|
|
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)
Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
|
|
Add a new rsa uclass for performing modular exponentiation and implement
the software driver basing on this uclass.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
Public exponentiation which is required in rsa verify functionality is
tightly integrated with verification code in rsa_verify.c. The patch
splits the file into twp separating the modular exponentiation.
1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop structure.
The keyprop structure can then be converted to implementation specific
format.
(struct rsa_pub_key for sw implementation)
- The parsed device tree node is then passed to a generic rsa_mod_exp
function.
2. rsa-mod-exp.c
Move the software specific functions related to modular exponentiation
from rsa-verify.c to this file.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.
Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.
Parameterise vboot_test.sh to test different public exponents.
Mathematics and other hard work by Andrew Bott.
Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.
Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
|
|
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
|
|
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
|
|
Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.
Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
define Z_NULL to (void *)0 include/u-boot/zlib.h to get rid of most of
the NULL pointer warnings.
inflate.c:942:1: warning: non-ANSI definition of function 'inflateEnd'
inflate.c:9:1: warning: non-ANSI definition of function 'inflateReset'
inflate.c:12:17: warning: Using plain integer as NULL pointer
inflate.c:12:42: warning: Using plain integer as NULL pointer
inflate.c:15:17: warning: Using plain integer as NULL pointer
inflate.c:21:19: warning: Using plain integer as NULL pointer
inflate.c:35:1: warning: non-ANSI definition of function 'inflateInit2_'
inflate.c:38:20: warning: Using plain integer as NULL pointer
inflate.c:41:17: warning: Using plain integer as NULL pointer
inflate.c:42:17: warning: Using plain integer as NULL pointer
inflate.c:50:18: warning: Using plain integer as NULL pointer
inflate.c:65:23: warning: Using plain integer as NULL pointer
inflate.c:69:21: warning: Using plain integer as NULL pointer
inflate.c:78:1: warning: non-ANSI definition of function 'inflateInit_'
inflate.c:86:1: warning: non-ANSI definition of function 'fixedtables'
inflate.c:108:26: warning: Using plain integer as NULL pointer
inflate.c:109:1: warning: non-ANSI definition of function 'updatewindow'
inflate.c:112:30: warning: Using plain integer as NULL pointer
inflate.c:339:1: warning: non-ANSI definition of function 'inflate'
inflate.c:349:17: warning: Using plain integer as NULL pointer
inflate.c:349:42: warning: Using plain integer as NULL pointer
inflate.c:350:27: warning: Using plain integer as NULL pointer
inflate.c:369:42: warning: Using plain integer as NULL pointer
inflate.c:376:32: warning: Using plain integer as NULL pointer
inflate.c:401:54: warning: Using plain integer as NULL pointer
inflate.c:419:32: warning: Using plain integer as NULL pointer
inflate.c:426:32: warning: Using plain integer as NULL pointer
inflate.c:433:32: warning: Using plain integer as NULL pointer
inflate.c:444:36: warning: Using plain integer as NULL pointer
inflate.c:449:37: warning: Using plain integer as NULL pointer
inflate.c:450:38: warning: Using plain integer as NULL pointer
inflate.c:457:40: warning: Using plain integer as NULL pointer
inflate.c:458:47: warning: Using plain integer as NULL pointer
inflate.c:480:40: warning: Using plain integer as NULL pointer
inflate.c:481:50: warning: Using plain integer as NULL pointer
inflate.c:491:37: warning: Using plain integer as NULL pointer
inflate.c:492:37: warning: Using plain integer as NULL pointer
inflate.c:501:40: warning: Using plain integer as NULL pointer
inflate.c:502:53: warning: Using plain integer as NULL pointer
inflate.c:512:37: warning: Using plain integer as NULL pointer
inflate.c:513:40: warning: Using plain integer as NULL pointer
inflate.c:525:32: warning: Using plain integer as NULL pointer
inflate.c:529:52: warning: Using plain integer as NULL pointer
inflate.c:543:54: warning: Using plain integer as NULL pointer
inflate.c:932:17: warning: Using plain integer as NULL pointer
inflate.c:932:42: warning: Using plain integer as NULL pointer
inflate.c:935:26: warning: Using plain integer as NULL pointer
inflate.c:940:19: warning: Using plain integer as NULL pointer
adler32.c:58:5: warning: non-ANSI definition of function 'adler32'
adler32.c:81:16: warning: Using plain integer as NULL pointer
zutil.c:53:9: warning: non-ANSI definition of function 'zcalloc'
zutil.c:64:9: warning: non-ANSI definition of function 'zcfree'
inffast.c:70:1: warning: non-ANSI definition of function 'inflate_fast'
inftrees.c:33:1: warning: non-ANSI definition of function 'inflate_table'
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
|
|
Add a new config CONFIG_GZIP_ENABLED, if enabled, the uboot bin would
include zlib's deflate method which could be used for compressing.
Signed-off-by: Lei Wen <leiwen@marvell.com>
|
|
This allows us to add a proper zalloc() func (one that does a zeroing
alloc), and removes duplicate prototypes.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
md5.c: In function ‘MD5Final’:
md5.c:156:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
md5.c:157:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
|
|
Now that the other architecture-specific lib directories have been
moved out of the top-level directory there's not much reason to have the
'_generic' suffix on the common lib directory.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
|
|
uninitialized retval variable warning fixed
crc32 APIs moved to crc.h (newly added) and build warnings fixed
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
|
Start a common header file for common linker script code (such as
workarounds for older linkers) rather than doing this in the build system.
As fallout, we no longer execute the linker every time config.mk is
included by a build file (which can easily be 70+ times), but rather only
execute it once.
This also fixes a bug in the major version checking by creating a macro to
easily compare versions and keep people from making the same common
mistake (forgetting to check major and minor together).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
This patch updates zlib to the latest stable version.
Only relevant zlib parts were ported to u-boot tree, as already did for the
current zlib (0.95). New zlib guarantees a faster inflate performances
other then others improvements as explained at www.zlib.net.
It also includes Alessandro Rubini's patches to allow 0 as destination pointer
and to call watchdog reset if required by architecture.
Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com>
Reviewed-by: Angelo Castello <angelo.castello@st.com>
Reviewed-by: Alessandro Rubini <rubini-list@gnudd.com>
|
|
This reverts commit b201171f2b4d509f3ad510b214bee70ff902e3d6.
The commit caused problems for example when unpacking kernel images:
Uncompressing Kernel Image ... Error: inflate() returned -2
GUNZIP: uncompress, out-of-mem or overwrite error - must
RESET board to recover
Conflicts:
include/u-boot/zlib.h
lib_generic/zlib.c
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
|
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
|
This patch updates zlib to the latest stable version.
Only relevant zlib parts were ported to u-boot tree, as was done for
the previously used version of zlib (0.95). New zlib gives faster
inflate performance and other improvements, see www.zlib.net
Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com>
Reviewed-by: Angelo Castello <angelo.castello@st.com>
Edited commit message
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
|
Shove a lot of the HOSTCC and related #ifdef checking crap into the new
compiler.h header so that we can keep all other headers nice and clean.
Also introduce custom uswap functions so we don't have to rely on the non
standard implementations that a host may (or may not in the case of OS X)
provide. This allows mkimage to finally build cleanly on an OS X system.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Some systems have zlib.h installed in /usr/include/. This isn't the
desired file for u-boot code - we want the one in include/zlib.h.
This rename will avoid the conflict.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Implement watchodg-aware variants of hash calculation functions:
- crc32_wd()
- md5_wd()
- sha1_csum_wd()
The above functions calculate the hash of the input buffer in chunks,
triggering the watchdog after processing each chunk. The chunk size
is given as a function call parameter.
Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
|
|
Some systems have md5.h installed in /usr/include/. This isn't the
desired file (we want the one in include/md5.h). This will avoid the
conflict. This fixes the host tools building problem by creating a new
directory for U-Boot specific header files.
[Patch by Andy Fleming, modified to use separate directory by Wolfgang
Denk]
Signed-off-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Acked-by: Timur Tabi <timur@freescale.com>
|