u-boot.git/include/u-boot, branch v2021.10 Unnamed repository; edit this file 'description' to name the repository. common: Move MD5 hash to hash_algo[] array. 2021-09-08T20:11:46+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-09-03T00:54:20+00:00 fe54aeaa4acbb41880b05acef9ef949e62d299dd MD5 is being called directly in some places, but it is not available via hash_lookup_algo("md5"). This is inconsistent with other hasing routines. To resolve this, add an "md5" entry to hash_algos[]. The #ifdef clause looks funnier than those for other entries. This is because both MD5 and SPL_MD5 configs exist, whereas the other hashes do not have "SPL_" entries. The long term plan is to get rid of the ifdefs, so those should not be expected to survive much longer. The md5 entry does not have .hash_init/update/finish members. That's okay because hash_progressive_lookup_algo() will catch that, and return -EPROTONOSUPPORT, while hash_lookup_algo() will return the correct pointer. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check] Signed-off-by: Tom Rini <trini@konsulko.com> 
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
lib: rsa: Remove #ifdefs from rsa.h 2021-07-16T19:39:29+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-07-14T22:05:43+00:00 92c960bc1d4c8f702171fea0d87e86f317d4b597 It is no longer necessary to implement rsa_() functions as no-ops depending on config options. It is merely sufficient to provide the prototypes, as the rsa code is no longer linked when unused. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
It is no longer necessary to implement rsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the rsa code is no longer linked when unused.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: ecdsa: Remove #ifdefs from ecdsa.h 2021-07-16T19:39:29+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-07-14T22:05:42+00:00 820c4968c3f5a3440344ca5ec51ccfb9271d05ac It is no longer necessary to implement ecdsa_() functions as no-ops depending on config options. It is merely sufficient to provide the prototypes, as the ecdsa code is no longer linked when unused. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
It is no longer necessary to implement ecdsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the ecdsa code is no longer linked when unused.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 2021-07-16T16:58:55+00:00 Simon Glass sjg@chromium.org 2021-07-14T22:05:31+00:00 ad74aed11e1dfe39b7f32dd855859abaf51d33f0 Drop the ENABLE and SUPPORT parts of this, which are redundant. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> 
Drop the ENABLE and SUPPORT parts of this, which are redundant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
lib: Add support for ECDSA image signing 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:12+00:00 ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib/rsa: Make fdt_add_bignum() available outside of RSA code 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:11+00:00 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 fdt_add_bignum() is useful for algorithms other than just RSA. To allow its use for ECDSA, move it to a common file under lib/. The new file is suffixed with '-libcrypto' because it has a direct dependency on openssl. This is due to the use of the "BIGNUM *" type. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Rename rsa-checksum.c to hash-checksum.c 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:10+00:00 0bcb28dfb946b32ed7550fc4c24c5dcea6718554 rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: rsa: struct udevice build warning 2021-02-24T21:51:48+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-02-17T11:54:31+00:00 bc18f31e4a3f13e09b6e9d04b282c2579b519ebf Avoid build warnings observed with gcc 10.2 In file included from lib/rsa/rsa-keyprop.c:16: include/u-boot/rsa-mod-exp.h:65:24: warning: ‘struct udevice’ declared inside parameter list will not be visible outside of this definition or declaration 65 | int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, | uint32_t sig_len, | ^~~~~~~ include/u-boot/rsa-mod-exp.h:96:24: warning: ‘struct udevice’ declared inside parameter list will not be visible outside of this definition or declaration 96 | int (*mod_exp)(struct udevice *dev, const uint8_t *sig, | by defining struct udevice. Fixes: 401d1c4f5d2d ("common: Drop asm/global_data.h from common header") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> 
Avoid build warnings observed with gcc 10.2

In file included from lib/rsa/rsa-keyprop.c:16:
include/u-boot/rsa-mod-exp.h:65:24: warning:
‘struct udevice’ declared inside parameter list will not be visible
outside of this definition or declaration
   65 | int rsa_mod_exp(struct udevice *dev, const uint8_t *sig,
      | uint32_t sig_len,
      |                        ^~~~~~~
include/u-boot/rsa-mod-exp.h:96:24: warning:
‘struct udevice’ declared inside parameter list will not be visible
outside of this definition or declaration
   96 |  int (*mod_exp)(struct udevice *dev, const uint8_t *sig,
      |

by defining struct udevice.

Fixes: 401d1c4f5d2d ("common: Drop asm/global_data.h from common header")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
xilinx: zynq: Change types from u32 to uint32_t 2020-10-27T07:13:33+00:00 Michal Simek michal.simek@xilinx.com 2020-10-22T08:59:08+00:00 c2a2c83278666cacb85761b8db55a3de8031c459 Change parameter type to avoid compilation error: In file included from ./tools/../lib/rsa/rsa-verify.c:23:0, from tools/lib/rsa/rsa-verify.c:1: include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’? int zynq_pow_mod(u32 *keyptr, u32 *inout); ^~~ __u32 include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’? int zynq_pow_mod(u32 *keyptr, u32 *inout); ^~~ __u32 Fixes: 37e3a36a5475 ("xilinx: zynq: Add support to secure images") Signed-off-by: Michal Simek <michal.simek@xilinx.com> 
Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
                 from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                  ^~~
                  __u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                               ^~~
                               __u32

Fixes: 37e3a36a5475 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
fit: cipher: aes: allow to store the IV in the FIT image 2020-10-13T01:30:37+00:00 Philippe Reynes philippe.reynes@softathome.com 2020-09-17T13:01:46+00:00 a6982a6f768bdcf4bd0848ff4dbe68c2fd6599fb Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>