summaryrefslogtreecommitdiff
path: root/lib/rsa
AgeCommit message (Collapse)Author
2014-08-09rsa: Fix two errors in the implementationSimon Glass
1. Failure to set the return code correctly 2. Failure to detect the loop end condition when the value is equal to the modulus. Reported-by: Jeroen Hofstee <jeroen@myspectrum.nl> Signed-off-by: Simon Glass <sjg@chromium.org>
2014-08-09Implement generalised RSA public exponents for verified bootMichael van der Westhuizen
Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
2014-06-19includes: move openssl headers to include/u-bootJeroen Hofstee
commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19mkimage: Automatically expand FDT in more casesSimon Glass
The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11fdt: Update functions which write to an FDT to return -ENOSPCSimon Glass
When writing values into an FDT it is possible that there will be insufficient space. If the caller gets a useful error then it can potentially deal with the situation. Adjust these functions to return -ENOSPC when the FDT is full. Signed-off-by: Simon Glass <sjg@chromium.org>
2014-03-21tools, fit_check_sign: verify a signed fit imageHeiko Schocher
add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
2014-03-21rsa: add sha256,rsa4096 algorithmHeiko Schocher
Add support for sha256,rsa4096 signatures in u-boot. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> Cc: andreas@oetken.name
2014-03-21rsa: add sha256-rsa2048 algorithmHeiko Schocher
based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
2013-11-17lib: descend into sub directories only when it is necessaryMasahiro Yamada
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2013-10-31lib: convert makefiles to Kbuild styleMasahiro Yamada
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2013-07-24Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
2013-07-03lib/rsa/rsa-sig.c: compile on OS XAndreas Bießmann
Interfaces exposed by error.h seems not to be used in rsa-sig.c, remove it. This also fixes an compile error on OS X: ---8<--- u-boot/lib/rsa/rsa-sign.c:23:19: error: error.h: No such file or directory --->8--- Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Acked-by: Jeroen Hofstee <jeroen@myspectrum.nl> Tested-by: Lubomir Popov <lpopov@mm-sol.com>
2013-06-26image: Add RSA support for image signingSimon Glass
RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org>