summaryrefslogtreecommitdiff
path: root/include/u-boot
AgeCommit message (Collapse)Author
2016-11-21rsa: Verify RSA padding programaticallyAndrew Duda
Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-03-14Kconfig: Move CONFIG_FIT and related options to KconfigSimon Glass
There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-01-19Add more SPDX-License-Identifier tagsTom Rini
In a number of places we had wordings of the GPL (or LGPL in a few cases) license text that were split in such a way that it wasn't caught previously. Convert all of these to the correct SPDX-License-Identifier tag. Signed-off-by: Tom Rini <trini@konsulko.com>
2015-08-12Correct License and Copyright information on few filesRuchika Gupta
gpio.h - Added missing copyright in few files. rsa-mod-exp.h - Corrected copyright in the file. fsl_sec.h - Added missing license in files drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
2015-01-29rsa: Use checksum algorithms from struct hash_algoRuchika Gupta
Currently the hash functions used in RSA are called directly from the sha1 and sha256 libraries. Change the RSA checksum library to use the progressive hash API's registered with struct hash_algo. This will allow the checksum library to use the hardware accelerated progressive hash API's once available. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM) Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
2015-01-29DM: crypto/rsa_mod_exp: Add rsa Modular Exponentiation DM driverRuchika Gupta
Add a new rsa uclass for performing modular exponentiation and implement the software driver basing on this uclass. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29rsa: Split the rsa-verify to separate the modular exponentiationRuchika Gupta
Public exponentiation which is required in rsa verify functionality is tightly integrated with verification code in rsa_verify.c. The patch splits the file into twp separating the modular exponentiation. 1. rsa-verify.c - The file parses device tree keys node to fill a keyprop structure. The keyprop structure can then be converted to implementation specific format. (struct rsa_pub_key for sw implementation) - The parsed device tree node is then passed to a generic rsa_mod_exp function. 2. rsa-mod-exp.c Move the software specific functions related to modular exponentiation from rsa-verify.c to this file. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
2014-08-09Implement generalised RSA public exponents for verified bootMichael van der Westhuizen
Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
2014-06-19includes: move openssl headers to include/u-bootJeroen Hofstee
commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2013-07-24Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
2013-02-28Roll crc32 into hash infrastructureSimon Glass
Add the CRC32 algorithm to the list of available hashes, and make the crc32 command use hash_command(). Add a new crc32_wd_buf() to make this possible, which puts its result in a buffer rather than returning it as a 32-bit value. Note: For some boards the hash command is not enabled, neither are sha1, sha256 or the verify option. In this case the full hash implementation adds about 500 bytes of overhead. So as a special case, we use #ifdef to select very simple bahaviour in that case. The justification for this is that it is currently a very common case (virtually all boards enable crc32 but only some enable more advanced features). Signed-off-by: Simon Glass <sjg@chromium.org>
2012-11-04lib/zlib: sparse fixesKim Phillips
define Z_NULL to (void *)0 include/u-boot/zlib.h to get rid of most of the NULL pointer warnings. inflate.c:942:1: warning: non-ANSI definition of function 'inflateEnd' inflate.c:9:1: warning: non-ANSI definition of function 'inflateReset' inflate.c:12:17: warning: Using plain integer as NULL pointer inflate.c:12:42: warning: Using plain integer as NULL pointer inflate.c:15:17: warning: Using plain integer as NULL pointer inflate.c:21:19: warning: Using plain integer as NULL pointer inflate.c:35:1: warning: non-ANSI definition of function 'inflateInit2_' inflate.c:38:20: warning: Using plain integer as NULL pointer inflate.c:41:17: warning: Using plain integer as NULL pointer inflate.c:42:17: warning: Using plain integer as NULL pointer inflate.c:50:18: warning: Using plain integer as NULL pointer inflate.c:65:23: warning: Using plain integer as NULL pointer inflate.c:69:21: warning: Using plain integer as NULL pointer inflate.c:78:1: warning: non-ANSI definition of function 'inflateInit_' inflate.c:86:1: warning: non-ANSI definition of function 'fixedtables' inflate.c:108:26: warning: Using plain integer as NULL pointer inflate.c:109:1: warning: non-ANSI definition of function 'updatewindow' inflate.c:112:30: warning: Using plain integer as NULL pointer inflate.c:339:1: warning: non-ANSI definition of function 'inflate' inflate.c:349:17: warning: Using plain integer as NULL pointer inflate.c:349:42: warning: Using plain integer as NULL pointer inflate.c:350:27: warning: Using plain integer as NULL pointer inflate.c:369:42: warning: Using plain integer as NULL pointer inflate.c:376:32: warning: Using plain integer as NULL pointer inflate.c:401:54: warning: Using plain integer as NULL pointer inflate.c:419:32: warning: Using plain integer as NULL pointer inflate.c:426:32: warning: Using plain integer as NULL pointer inflate.c:433:32: warning: Using plain integer as NULL pointer inflate.c:444:36: warning: Using plain integer as NULL pointer inflate.c:449:37: warning: Using plain integer as NULL pointer inflate.c:450:38: warning: Using plain integer as NULL pointer inflate.c:457:40: warning: Using plain integer as NULL pointer inflate.c:458:47: warning: Using plain integer as NULL pointer inflate.c:480:40: warning: Using plain integer as NULL pointer inflate.c:481:50: warning: Using plain integer as NULL pointer inflate.c:491:37: warning: Using plain integer as NULL pointer inflate.c:492:37: warning: Using plain integer as NULL pointer inflate.c:501:40: warning: Using plain integer as NULL pointer inflate.c:502:53: warning: Using plain integer as NULL pointer inflate.c:512:37: warning: Using plain integer as NULL pointer inflate.c:513:40: warning: Using plain integer as NULL pointer inflate.c:525:32: warning: Using plain integer as NULL pointer inflate.c:529:52: warning: Using plain integer as NULL pointer inflate.c:543:54: warning: Using plain integer as NULL pointer inflate.c:932:17: warning: Using plain integer as NULL pointer inflate.c:932:42: warning: Using plain integer as NULL pointer inflate.c:935:26: warning: Using plain integer as NULL pointer inflate.c:940:19: warning: Using plain integer as NULL pointer adler32.c:58:5: warning: non-ANSI definition of function 'adler32' adler32.c:81:16: warning: Using plain integer as NULL pointer zutil.c:53:9: warning: non-ANSI definition of function 'zcalloc' zutil.c:64:9: warning: non-ANSI definition of function 'zcfree' inffast.c:70:1: warning: non-ANSI definition of function 'inflate_fast' inftrees.c:33:1: warning: non-ANSI definition of function 'inflate_table' Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
2012-09-29lib: zlib: include deflate into zlib buildLei Wen
Add a new config CONFIG_GZIP_ENABLED, if enabled, the uboot bin would include zlib's deflate method which could be used for compressing. Signed-off-by: Lei Wen <leiwen@marvell.com>
2012-04-30gunzip: rename z{alloc, free} to gz{alloc, free}Mike Frysinger
This allows us to add a proper zalloc() func (one that does a zeroing alloc), and removes duplicate prototypes. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-04-29GCC47: Fix warning in md5.cMarek Vasut
md5.c: In function ‘MD5Final’: md5.c:156:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] md5.c:157:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] Signed-off-by: Marek Vasut <marex@denx.de> Cc: Wolfgang Denk <wd@denx.de> Acked-by: Mike Frysinger <vapier@gentoo.org>
2010-04-13Rename lib_generic/ to lib/Peter Tyser
Now that the other architecture-specific lib directories have been moved out of the top-level directory there's not much reason to have the '_generic' suffix on the common lib directory. Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
2009-09-10tools: mkimage: Fixed build warningsPrafulla Wadaskar
uninitialized retval variable warning fixed crc32 APIs moved to crc.h (newly added) and build warnings fixed Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com> Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-08-23start a linker script helper fileMike Frysinger
Start a common header file for common linker script code (such as workarounds for older linkers) rather than doing this in the build system. As fallout, we no longer execute the linker every time config.mk is included by a build file (which can easily be 70+ times), but rather only execute it once. This also fixes a bug in the major version checking by creating a macro to easily compare versions and keep people from making the same common mistake (forgetting to check major and minor together). Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-08-11zlib: updated to v.1.2.3Giuseppe CONDORELLI
This patch updates zlib to the latest stable version. Only relevant zlib parts were ported to u-boot tree, as already did for the current zlib (0.95). New zlib guarantees a faster inflate performances other then others improvements as explained at www.zlib.net. It also includes Alessandro Rubini's patches to allow 0 as destination pointer and to call watchdog reset if required by architecture. Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com> Reviewed-by: Angelo Castello <angelo.castello@st.com> Reviewed-by: Alessandro Rubini <rubini-list@gnudd.com>
2009-07-24Revert "zlib: updated to v.1.2.3"Wolfgang Denk
This reverts commit b201171f2b4d509f3ad510b214bee70ff902e3d6. The commit caused problems for example when unpacking kernel images: Uncompressing Kernel Image ... Error: inflate() returned -2 GUNZIP: uncompress, out-of-mem or overwrite error - must RESET board to recover Conflicts: include/u-boot/zlib.h lib_generic/zlib.c Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-07-23Coding Style cleanup; update CHANGELOG.Wolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-07-23zlib: updated to v.1.2.3Giuseppe CONDORELLI
This patch updates zlib to the latest stable version. Only relevant zlib parts were ported to u-boot tree, as was done for the previously used version of zlib (0.95). New zlib gives faster inflate performance and other improvements, see www.zlib.net Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com> Reviewed-by: Angelo Castello <angelo.castello@st.com> Edited commit message Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-07-19compiler.h: unify system ifdef cruft hereMike Frysinger
Shove a lot of the HOSTCC and related #ifdef checking crap into the new compiler.h header so that we can keep all other headers nice and clean. Also introduce custom uswap functions so we don't have to rely on the non standard implementations that a host may (or may not in the case of OS X) provide. This allows mkimage to finally build cleanly on an OS X system. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-04-04rename include/zlib.h to include/u-boot/zlib.hJean-Christophe PLAGNIOL-VILLARD
Some systems have zlib.h installed in /usr/include/. This isn't the desired file for u-boot code - we want the one in include/zlib.h. This rename will avoid the conflict. Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2008-04-25Add support for calculating hashes with watchdog triggeringBartlomiej Sieka
Implement watchodg-aware variants of hash calculation functions: - crc32_wd() - md5_wd() - sha1_csum_wd() The above functions calculate the hash of the input buffer in chunks, triggering the watchdog after processing each chunk. The chunk size is given as a function call parameter. Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
2008-04-13Rename include/md5.h to include/u-boot/md5.hAndy Fleming
Some systems have md5.h installed in /usr/include/. This isn't the desired file (we want the one in include/md5.h). This will avoid the conflict. This fixes the host tools building problem by creating a new directory for U-Boot specific header files. [Patch by Andy Fleming, modified to use separate directory by Wolfgang Denk] Signed-off-by: Wolfgang Denk <wd@denx.de> Signed-off-by: Andy Fleming <afleming@freescale.com> Acked-by: Timur Tabi <timur@freescale.com>