12 May, 2017
1 commit
-
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
21 Mar, 2017
1 commit
-
The CAAM in IMX parts doesn't support public key hardware acceleration
(PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX
(assuming you have the clocks enabled first) you will get back an
"Invalid KEY Command" error since PKHA isn't a valid key destination for
these parts.Signed-off-by: George McCollister
Reviewed-by: Tom Rini
15 Jan, 2017
1 commit
-
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.Signed-off-by: George McCollister
22 Nov, 2016
4 commits
-
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass -
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass -
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass -
checksum_algo's pad_len field isn't actually used to store the length of
the padding but the total length of the RSA key (msg_len + pad_len)Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass
24 Sep, 2016
1 commit
-
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap )Replace all include directives for with .
Signed-off-by: Masahiro Yamada
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini
26 Jul, 2016
1 commit
-
[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236ebd and
2b9ec76 into this commit - trini]- Added an additional NULL check, as suggested by Simon Glass to
fit_image_process_sig
- Re-formatted the comment blocksSigned-off-by: Mario Six
Reviewed-by: Simon Glass
[For merging the chnages from v2 back onto v1]
Signed-off-by: Tom Rini
23 Jul, 2016
1 commit
-
When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.Unfortunately, if large keys are used (such as 4096 bit RSA keys), this
process fails sometimes, and mkimage needs to be called repeatedly to
integrate the keys into the DTB.This is because fit_add_file_data actually returns the wrong error
code, and the loop terminates prematurely, instead of trying again with
a larger size value.This patch corrects the return value by fixing the return value of
fdt_add_bignum, fixes a case where an error is masked by a unconditional
setting of a return value variable, and also removes a error message,
which is misleading, since we actually allow the function to fail. A
(hopefully helpful) comment is also added to explain the lack of error
message.This is probably related to 1152a05 ("tools: Correct error handling in
fit_image_process_hash()") and the corresponding error reported here:https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html
Signed-off-by: Mario Six
13 Jun, 2016
1 commit
-
This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256In this example, SHA256 is the only selected hashing algorithm.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=ySigned-off-by: Teddy Reed
Acked-by: Simon Glass
Acked-by: Andreas Dannenberg
Acked-by: Sumit Garg
15 Mar, 2016
1 commit
-
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.Move these options to Kconfig and tidy up board configuration:
CONFIG_FIT
CONFIG_OF_BOARD_SETUP
CONFIG_OF_SYSTEM_SETUP
CONFIG_FIT_SIGNATURE
CONFIG_FIT_BEST_MATCH
CONFIG_FIT_VERBOSE
CONFIG_OF_STDOUT_VIA_ALIAS
CONFIG_RSAUnfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.Note: Masahiro's moveconfig.py script is amazing.
Signed-off-by: Simon Glass
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini
06 Mar, 2015
1 commit
-
Remove dependency of rsa_mod_exp from CONFIG_FIT_SIGNATURE.
As rsa modular exponentiation is an independent module
and can be invoked independently.Signed-off-by: Gaurav Rana
Acked-by: Simon Glass
Reviewed-by: York Sun
30 Jan, 2015
4 commits
-
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.Signed-off-by: Ruchika Gupta
CC: Simon Glass
Acked-by: Simon Glass
Signed-off-by: Simon Glass
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
-
Kconfig option added for devices which support RSA Verification.
1. RSA_SOFTWARE_EXP
Enables driver for supporting RSA Modular Exponentiation in Software
2. RSA_FREESCALE_EXP
Enables driver for supporting RSA Modular Exponentiation using Freescale specific
driverThe above drivers use RSA uclass
Signed-off-by: Ruchika Gupta
CC: Simon Glass
Acked-by: Simon Glass
Signed-off-by: Simon Glass
(Removed duplicate line in Kconfig comment)Change-Id: I7663c4d5350e2bfc3dfa2696f70ef777d6ccc6f6
-
Modify rsa_verify to use the rsa driver of DM library .The tools
will continue to use the same RSA sw library.CONFIG_RSA is now dependent on CONFIG_DM. All configurations which
enable FIT based signatures have been modified to enable CONFIG_DM
by default.Signed-off-by: Ruchika Gupta
CC: Simon Glass
Acked-by: Simon Glass -
Public exponentiation which is required in rsa verify functionality is
tightly integrated with verification code in rsa_verify.c. The patch
splits the file into twp separating the modular exponentiation.1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop structure.
The keyprop structure can then be converted to implementation specific
format.
(struct rsa_pub_key for sw implementation)
- The parsed device tree node is then passed to a generic rsa_mod_exp
function.2. rsa-mod-exp.c
Move the software specific functions related to modular exponentiation
from rsa-verify.c to this file.Signed-off-by: Ruchika Gupta
CC: Simon Glass
Acked-by: Simon Glass
09 Aug, 2014
2 commits
-
1. Failure to set the return code correctly
2. Failure to detect the loop end condition when the value is equal to
the modulus.Reported-by: Jeroen Hofstee
Signed-off-by: Simon Glass -
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.Parameterise vboot_test.sh to test different public exponents.
Mathematics and other hard work by Andrew Bott.
Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.Signed-off-by: Andrew Bott
Signed-off-by: Andrew Wishart
Signed-off-by: Neil Piercy
Signed-off-by: Michael van der Westhuizen
Cc: Simon Glass
19 Jun, 2014
2 commits
-
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.cc: Simon Glass
Signed-off-by: Jeroen Hofstee -
The original code did not cover every case and there was a missing negative
sign in one case. Expand the coverage and fix the bug.Signed-off-by: Simon Glass
12 Jun, 2014
1 commit
-
When writing values into an FDT it is possible that there will be
insufficient space. If the caller gets a useful error then it can
potentially deal with the situation.Adjust these functions to return -ENOSPC when the FDT is full.
Signed-off-by: Simon Glass
22 Mar, 2014
3 commits
-
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.Signed-off-by: Heiko Schocher
Cc: Simon Glass -
Add support for sha256,rsa4096 signatures in u-boot.
Signed-off-by: Heiko Schocher
Acked-by: Simon Glass
Cc: andreas@oetken.name -
based on patch from andreas@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current headSigned-off-by: Heiko Schocher
Cc: andreas@oetken.name
Cc: Simon Glass
18 Nov, 2013
1 commit
-
Signed-off-by: Masahiro Yamada
01 Nov, 2013
1 commit
-
Signed-off-by: Masahiro Yamada
24 Jul, 2013
1 commit
-
Signed-off-by: Wolfgang Denk
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini
03 Jul, 2013
1 commit
-
Interfaces exposed by error.h seems not to be used in rsa-sig.c, remove it.
This also fixes an compile error on OS X:---88---
Signed-off-by: Andreas Bießmann
Acked-by: Jeroen Hofstee
Tested-by: Lubomir Popov
26 Jun, 2013
1 commit
-
RSA provides a public key encryption facility which is ideal for image
signing and verification.Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.Signed-off-by: Simon Glass