u-boot.git/lib/rsa, branch master Unnamed repository; edit this file 'description' to name the repository. lib/rsa: Use EVP_PKEY instead of RSA 2021-04-14T21:45:04+00:00 Chan, Donald hoiho@lab126.com 2021-04-01T22:42:36+00:00 fbc777429fa35312a9ea5f106692172d3153e659 Most modern OpenSSL engines have methods overridden at the EVP level rather than at RSA level, to make these engines work properly with mkimage, the RSA signing code needs to switch to using EVP_* APIs as much as possible. Signed-off-by: Donald Chan <hoiho@lab126.com> [trini: Rebase on top of keyfile changes] Signed-off-by: Tom Rini <trini@konsulko.com> 
Most modern OpenSSL engines have methods overridden at the EVP level rather
than at RSA level, to make these engines work properly with mkimage, the RSA
signing code needs to switch to using EVP_* APIs as much as possible.

Signed-off-by: Donald Chan <hoiho@lab126.com>
[trini: Rebase on top of keyfile changes]
Signed-off-by: Tom Rini <trini@konsulko.com>
lib/rsa: Use the 'keyfile' argument from mkimage 2021-04-14T19:23:01+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:18+00:00 824ee745fbcaa73ad74a30f992aaf2e732a5a325 Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the RSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the RSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib/rsa: Make fdt_add_bignum() available outside of RSA code 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:11+00:00 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 fdt_add_bignum() is useful for algorithms other than just RSA. To allow its use for ECDSA, move it to a common file under lib/. The new file is suffixed with '-libcrypto' because it has a direct dependency on openssl. This is due to the use of the "BIGNUM *" type. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Rename rsa-checksum.c to hash-checksum.c 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:10+00:00 0bcb28dfb946b32ed7550fc4c24c5dcea6718554 rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: rsa: Add debug message on algo mismatch 2021-02-24T21:51:48+00:00 Sean Anderson sean.anderson@seco.com 2021-02-16T16:40:15+00:00 8f684bc12034721585f6412e39155898c8db3d65 Currently we fail silently if there is an algorithm mismatch. To help distinguish this failure condition. Signed-off-by: Sean Anderson <sean.anderson@seco.com> 
Currently we fail silently if there is an algorithm mismatch. To help
distinguish this failure condition.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
lib: rsa: rsa-verify: don't look for keys in the FIT image 2021-01-27T22:03:16+00:00 Philippe Reynes philippe.reynes@softathome.com 2021-01-12T18:18:54+00:00 040fad3791fe05b985516a68c9437847173da56a In the function rsa_verify_hash, if the "main" key doesn't work, u-boot try others keys. But it searches those keys in the FIT image instead of the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
xilinx: zynq: Change types from u32 to uint32_t 2020-10-27T07:13:33+00:00 Michal Simek michal.simek@xilinx.com 2020-10-22T08:59:08+00:00 c2a2c83278666cacb85761b8db55a3de8031c459 Change parameter type to avoid compilation error: In file included from ./tools/../lib/rsa/rsa-verify.c:23:0, from tools/lib/rsa/rsa-verify.c:1: include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’? int zynq_pow_mod(u32 *keyptr, u32 *inout); ^~~ __u32 include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’? int zynq_pow_mod(u32 *keyptr, u32 *inout); ^~~ __u32 Fixes: 37e3a36a5475 ("xilinx: zynq: Add support to secure images") Signed-off-by: Michal Simek <michal.simek@xilinx.com> 
Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
                 from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                  ^~~
                  __u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                               ^~~
                               __u32

Fixes: 37e3a36a5475 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
lib: rsa: superfluous initialization in rsa_verify() 2020-10-13T01:30:38+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-10-08T18:53:13+00:00 ec71cc34c1cef173d9f656d5cc9a2e698fae28fb Remove initialization of ret with unused value. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> 
Remove initialization of ret with unused value.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: fix retrieving public exponent on big-endian systems 2020-10-13T01:30:38+00:00 Rasmus Villemoes rasmus.villemoes@prevas.dk 2020-10-06T10:09:45+00:00 3f8808ebaa901ce18a7dfb3432e68e9c3a79f244 Commit fdf0819afb (rsa: fix alignment issue when getting public exponent) changed the logic to avoid doing an 8-byte access to a possibly-not-8-byte-aligned address. However, using rsa_convert_big_endian is wrong: That function converts an array of big-endian (32-bit) words with the most significant word first (aka a BE byte array) to an array of cpu-endian words with the least significant word first. While the exponent is indeed _stored_ as a big-endian 64-bit word (two BE words with MSW first), we want to extract it as a cpu-endian 64 bit word. On a little-endian host, swapping the words and byte-swapping each 32-bit word works, because that's the same as byte-swapping the whole 64 bit word. But on a big-endian host, the fdt32_to_cpu are no-ops, but rsa_convert_big_endian() still does the word-swapping, breaking verified boot. To fix that, while still ensuring we don't do unaligned accesses, add a little helper that first memcpy's the bytes to a local fdt64_t, then applies fdt64_to_cpu(). [The name is chosen based on the [bl]eXX_to_cpup in linux/byteorder/generic.h]. Fixes: fdf0819afb ("rsa: fix alignment issue when getting public exponent") Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: Simon Glass <sjg@chromium.org> 
Commit fdf0819afb (rsa: fix alignment issue when getting public
exponent) changed the logic to avoid doing an 8-byte access to a
possibly-not-8-byte-aligned address.

However, using rsa_convert_big_endian is wrong: That function converts
an array of big-endian (32-bit) words with the most significant word
first (aka a BE byte array) to an array of cpu-endian words with the
least significant word first. While the exponent is indeed _stored_ as
a big-endian 64-bit word (two BE words with MSW first), we want to
extract it as a cpu-endian 64 bit word. On a little-endian host,
swapping the words and byte-swapping each 32-bit word works, because
that's the same as byte-swapping the whole 64 bit word. But on a
big-endian host, the fdt32_to_cpu are no-ops, but
rsa_convert_big_endian() still does the word-swapping, breaking
verified boot.

To fix that, while still ensuring we don't do unaligned accesses, add
a little helper that first memcpy's the bytes to a local fdt64_t, then
applies fdt64_to_cpu(). [The name is chosen based on the
[bl]eXX_to_cpup in linux/byteorder/generic.h].

Fixes: fdf0819afb ("rsa: fix alignment issue when getting public exponent")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: rsa: check algo match in rsa_verify_with_keynode 2020-10-13T01:30:38+00:00 Matthieu CASTET castet.matthieu@free.fr 2020-09-23T17:11:44+00:00 167fb1f8dc4bb2b99228c4582a462484ad41fa34 The algo name should match between the FIT's signature node and the U-Boot's control FDT. If we do not check it, U-Boot's control FDT can expect sha512 hash but nothing will prevent to accept image with sha1 hash if the signature is correct. Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr> 
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.

If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.

Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>