u-boot.git/lib/crypto, branch v2023.01

Merge branch 'next'

2022-07-11T18:58:57+00:00

spl: Ensure all SPL symbols in Kconfig have some SPL dependency

2022-07-07T13:29:08+00:00

Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár 
Signed-off-by: Tom Rini

lib: crypto: add mscode_parser

2022-07-05T12:37:16+00:00

In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.

This parser is used in image authentication to parse the field and
retrieve a message digest.

Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).

Signed-off-by: AKASHI Takahiro

lib/crypto: support sha384/sha512 in x509/pkcs7

2022-04-11T15:39:19+00:00

Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).

EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.

Signed-off-by: Dhananjay Phadke 
Reviewed-by: Ilias Apalodimas

Make ASYMMETRIC_KEY_TYPE depend on FIT_SIGNATURE

2022-04-06T18:03:17+00:00

Add this dependency to avoid a build error if FIT_SIGNATURE is not
enabled.

Signed-off-by: Simon Glass

lib: crypto: allow to build crypyo in SPL

2022-03-31T18:12:01+00:00

This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER

Reviewed-by: Simon Glass 
Signed-off-by: Philippe Reynes

lib/crypto: Enable more algorithms in cert verification

2022-01-19T15:16:33+00:00

Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption.  But the limitation is artificial since U-Boot supports
a wider range of algorithms.

The internal image_get_[checksum|crypto]_algo() functions expect an
argument in the format of ,.  So let's remove the size
checking and create the needed string on the fly in order to support
more hash/signing combinations.

Signed-off-by: Ilias Apalodimas

lib: Rename rsa-checksum.c to hash-checksum.c

2021-04-14T19:06:08+00:00

rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc 
Reviewed-by: Simon Glass

crypto: Fix the logic to calculate hash with authattributes set

2020-12-31T13:41:31+00:00

RFC 2315 Section 9.3 describes the message digesting process. The
digest calculated depends on whether the authenticated attributes are
present. In case of a scenario where the authenticated attributes are
present, the message digest that gets signed and is part of the pkcs7
message is computed from the auth attributes rather than the contents
field.

Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.

Signed-off-by: Sughosh Ganu

lib/crypto: simplify public_key_verify_signature

2020-08-08T17:03:12+00:00

The variable region is filled but never used. Remove it.

Signed-off-by: Heinrich Schuchardt