u-boot.git/include/u-boot, branch master Unnamed repository; edit this file 'description' to name the repository. lib: Add support for ECDSA image signing 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:12+00:00 ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib/rsa: Make fdt_add_bignum() available outside of RSA code 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:11+00:00 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 fdt_add_bignum() is useful for algorithms other than just RSA. To allow its use for ECDSA, move it to a common file under lib/. The new file is suffixed with '-libcrypto' because it has a direct dependency on openssl. This is due to the use of the "BIGNUM *" type. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Rename rsa-checksum.c to hash-checksum.c 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:10+00:00 0bcb28dfb946b32ed7550fc4c24c5dcea6718554 rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: rsa: struct udevice build warning 2021-02-24T21:51:48+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-02-17T11:54:31+00:00 bc18f31e4a3f13e09b6e9d04b282c2579b519ebf Avoid build warnings observed with gcc 10.2 In file included from lib/rsa/rsa-keyprop.c:16: include/u-boot/rsa-mod-exp.h:65:24: warning: ‘struct udevice’ declared inside parameter list will not be visible outside of this definition or declaration 65 | int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, | uint32_t sig_len, | ^~~~~~~ include/u-boot/rsa-mod-exp.h:96:24: warning: ‘struct udevice’ declared inside parameter list will not be visible outside of this definition or declaration 96 | int (*mod_exp)(struct udevice *dev, const uint8_t *sig, | by defining struct udevice. Fixes: 401d1c4f5d2d ("common: Drop asm/global_data.h from common header") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> 
Avoid build warnings observed with gcc 10.2

In file included from lib/rsa/rsa-keyprop.c:16:
include/u-boot/rsa-mod-exp.h:65:24: warning:
‘struct udevice’ declared inside parameter list will not be visible
outside of this definition or declaration
   65 | int rsa_mod_exp(struct udevice *dev, const uint8_t *sig,
      | uint32_t sig_len,
      |                        ^~~~~~~
include/u-boot/rsa-mod-exp.h:96:24: warning:
‘struct udevice’ declared inside parameter list will not be visible
outside of this definition or declaration
   96 |  int (*mod_exp)(struct udevice *dev, const uint8_t *sig,
      |

by defining struct udevice.

Fixes: 401d1c4f5d2d ("common: Drop asm/global_data.h from common header")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
xilinx: zynq: Change types from u32 to uint32_t 2020-10-27T07:13:33+00:00 Michal Simek michal.simek@xilinx.com 2020-10-22T08:59:08+00:00 c2a2c83278666cacb85761b8db55a3de8031c459 Change parameter type to avoid compilation error: In file included from ./tools/../lib/rsa/rsa-verify.c:23:0, from tools/lib/rsa/rsa-verify.c:1: include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’? int zynq_pow_mod(u32 *keyptr, u32 *inout); ^~~ __u32 include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’? int zynq_pow_mod(u32 *keyptr, u32 *inout); ^~~ __u32 Fixes: 37e3a36a5475 ("xilinx: zynq: Add support to secure images") Signed-off-by: Michal Simek <michal.simek@xilinx.com> 
Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
                 from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                  ^~~
                  __u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                               ^~~
                               __u32

Fixes: 37e3a36a5475 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
fit: cipher: aes: allow to store the IV in the FIT image 2020-10-13T01:30:37+00:00 Philippe Reynes philippe.reynes@softathome.com 2020-09-17T13:01:46+00:00 a6982a6f768bdcf4bd0848ff4dbe68c2fd6599fb Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
include/u-boot, lib/zlib: add sources for zlib decompression 2020-08-08T02:31:32+00:00 Joao Marcos Costa joaomarcos.costa@bootlin.com 2020-07-30T13:33:49+00:00 81014f73f0906a70bd710ed8d7e8559e1fd8f400 Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on this function to decompress data from a raw disk image. The actual support for zlib into SquashFS sources will be added in a follow-up commit. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> 
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
lib: rsa: export rsa_verify_with_pkey() 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-06-16T05:26:48+00:00 491bfe86062464b892386e8c8dfe0069975ecedc This function will be used to implement public_key_verify_signature() in a later patch. rsa_verify() is not suitable here because calculation of message digest is not necessary. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib: rsa: function to verify a signature against a hash 2020-07-08T21:21:46+00:00 Heiko Stuebner heiko.stuebner@theobroma-systems.com 2020-05-22T14:20:33+00:00 c89b41b4db4a746647c4f0e6d33c6f4edfe96e38 rsa_verify() expects a memory region and wants to do the hashing itself, but there may be cases where the hashing is done via other means, like hashing a squashfs rootfs. So add rsa_verify_hash() to allow verifiying a signature against an existing hash. As this entails the same verification routines we can just move the relevant code over from rsa_verify() and also call rsa_verify_hash() from there. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> 
rsa_verify() expects a memory region and wants to do the hashing itself,
but there may be cases where the hashing is done via other means,
like hashing a squashfs rootfs.

So add rsa_verify_hash() to allow verifiying a signature against
an existing hash. As this entails the same verification routines
we can just move the relevant code over from rsa_verify() and also
call rsa_verify_hash() from there.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Add support for SHA384 and SHA512 2020-06-12T17:14:07+00:00 Reuben Dowle reubendowle0@gmail.com 2020-04-16T05:36:52+00:00 d16b38f42704fe3cc94fbee1601be96045013151 The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com> 
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>