u-boot.git/lib/crypto, branch v2021.04 Unnamed repository; edit this file 'description' to name the repository. crypto: Fix the logic to calculate hash with authattributes set 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:57:01+00:00 4366a2440ae141c44d2041c92f3662016c6869e6 RFC 2315 Section 9.3 describes the message digesting process. The digest calculated depends on whether the authenticated attributes are present. In case of a scenario where the authenticated attributes are present, the message digest that gets signed and is part of the pkcs7 message is computed from the auth attributes rather than the contents field. Check if the auth attributes are present, and if set, use the auth attributes to compute the hash that would be compared with the encrypted hash on the pkcs7 message. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
RFC 2315 Section 9.3 describes the message digesting process. The
digest calculated depends on whether the authenticated attributes are
present. In case of a scenario where the authenticated attributes are
present, the message digest that gets signed and is part of the pkcs7
message is computed from the auth attributes rather than the contents
field.

Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
lib/crypto: simplify public_key_verify_signature 2020-08-08T17:03:12+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-08T16:57:47+00:00 9bdbc8ef983547e85704fe2f75431c88e1989e33 The variable region is filled but never used. Remove it. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The variable region is filled but never used. Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib: crypto: export and enhance pkcs7_verify_one() 2020-07-22T10:37:17+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:21+00:00 5ee81c6e3f9f6f851c69b1e3d2661d96671d1dd1 The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: add pkcs7_digest() 2020-07-22T10:36:29+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:20+00:00 05329fa4c0c7774d01945d94ad2e9079a338baa8 This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.

We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: import pkcs7_verify.c from linux 2020-07-22T10:35:45+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:19+00:00 063499e38e41bd23563fb6f98438ddd1ce0f7e6a The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.

In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: enable x509_check_for_self_signed() 2020-07-22T10:35:04+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:18+00:00 6244b3c7d947ca6465426f18922135595ce9cd44 When the file, x509_public_key.c, was imported from linux code in commit b4adf627d5b7 ("lib: crypto: add x509 parser"), x509_check_for_self_signed() was commented out for simplicity. Now it need be enabled in order to make pkcs7_verify_one(), which will be imported in a later patch, functional. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
When the file, x509_public_key.c, was imported from linux code in
    commit b4adf627d5b7 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.

Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: add public_key_verify_signature() 2020-07-22T10:33:55+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:17+00:00 b2a1049b5c364961726add2796b6028b27008ca4 This function will be called from x509_check_for_self_signed() and pkcs7_verify_one(), which will be imported from linux in a later patch. While it does exist in linux code and has a similar functionality of rsa_verify(), it calls further linux-specific interfaces inside. That could lead to more files being imported from linux. So simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
common: Drop linux/bug.h from common header 2020-05-19T01:19:23+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:08+00:00 eb41d8a1befc45a30ccdab68fa3e099528486ffe Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
common: Drop log.h from common header 2020-05-19T01:19:18+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:05+00:00 f7ae49fc4f363a803dab3be078e93ead8e75a8e9 Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
lib/crypto, efi_loader: move some headers to include/crypto 2020-05-04T10:26:11+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-21T00:38:17+00:00 e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular, secure boot. So move them to include/crypto to avoid relative paths. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Don't include include x509_parser.h twice. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>