u-boot.git/lib/rsa, branch v2019.01 Unnamed repository; edit this file 'description' to name the repository. rsa: add support of padding pss 2018-12-03T15:44:10+00:00 Philippe Reynes philippe.reynes@softathome.com 2018-11-14T12:51:01+00:00 061daa0b61f0fbeb214c566f3adb23da05545320 We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: add a structure for the padding 2018-12-03T15:44:10+00:00 Philippe Reynes philippe.reynes@softathome.com 2018-11-14T12:51:00+00:00 20031567e12bb312bff95b70767f6275e20f0346 The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: use new openssl API to create signature 2018-12-03T15:44:10+00:00 Philippe Reynes philippe.reynes@softathome.com 2018-11-14T12:50:59+00:00 3b5d6979fcb80ffae3b140be6edc04cbde1a0b72 Previous implementation of the rsa signature was using the openssl API EVP_Sign*, but the new openssl API EVP_DigestSign* is more flexible. So we move to this new API. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Previous implementation of the rsa signature was using
the openssl API EVP_Sign*, but the new openssl API
EVP_DigestSign* is more flexible. So we move to this
new API.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: Fix LibreSSL before v2.7.0 2018-08-13T18:03:57+00:00 Caliph Nomble nomble@palism.com 2018-07-26T02:13:03+00:00 7ac1a432a1373c887f6bf7b38ec238c641728479 Fix LibreSSL compilation for versions before v2.7.0. Signed-off-by: Caliph Nomble <nomble@palism.com> Reviewed-by: Jonathan Gray <jsg@jsg.id.au> 
Fix LibreSSL compilation for versions before v2.7.0.

Signed-off-by: Caliph Nomble <nomble@palism.com>
Reviewed-by: Jonathan Gray <jsg@jsg.id.au>
xilinx: zynq: Add support to secure images 2018-07-19T08:49:54+00:00 Siva Durga Prasad Paladugu siva.durga.paladugu@xilinx.com 2018-06-26T09:32:19+00:00 37e3a36a54755d15e36b52ee47caaf1cdfdc37aa This patch basically adds two new commands for loadig secure images. 1. zynq rsa adds support to load secure image which can be both authenticated or encrypted or both authenticated and encrypted image in xilinx bootimage(BOOT.bin) format. 2. zynq aes command adds support to decrypt and load encrypted image back to DDR as per destination address. The image has to be encrypted using xilinx bootgen tool and to get only the encrypted image from tool use -split option while invoking bootgen. Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com> 
This patch basically adds two new commands for loadig secure
images.
1. zynq rsa adds support to load secure image which can be both
   authenticated or encrypted or both authenticated and encrypted
   image in xilinx bootimage(BOOT.bin) format.
2. zynq aes command adds support to decrypt and load encrypted
   image back to DDR as per destination address. The image has
   to be encrypted using xilinx bootgen tool and to get only the
   encrypted image from tool use -split option while invoking
   bootgen.

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
rsa: Fix missing memory leak on error in fdt_add_bignum() 2018-06-19T11:31:44+00:00 Simon Glass sjg@chromium.org 2018-06-12T06:05:00+00:00 8a682e03d7d18b3d20810ea83fcec69f8d09c909 Thsi function can fail without freeing all its memory. Fix it. Reported-by: Coverity (CID: 131217) Signed-off-by: Simon Glass <sjg@chromium.org> 
Thsi function can fail without freeing all its memory. Fix it.

Reported-by: Coverity (CID: 131217)
Signed-off-by: Simon Glass <sjg@chromium.org>
SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07T13:34:12+00:00 Tom Rini trini@konsulko.com 2018-05-06T21:58:06+00:00 83d290c56fab2d38cd1ab4c4cc7099559c1d5046 When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
lib/rsa: Kconfig: Remove superfluous 'depends on RSA' 2018-04-28T14:42:35+00:00 Eugeniu Rosca roscaeugeniu@gmail.com 2018-04-21T12:00:10+00:00 39883af3f0a8e3e481752026fa7f3cfa2f506e4e RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP are wrapped inside: if RSA ... endif So, remove the redundant "depends on RSA" from their depends expression. In addition, move SPL_RSA into the same "if RSA ... endif" block, since its only direct dependeny is CONFIG_RSA. This tidies up and simplifies reading of lib/rsa/Kconfig. No functional change intended. Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP are wrapped inside:

if RSA
	...
endif

So, remove the redundant "depends on RSA" from their depends expression.
In addition, move SPL_RSA into the same "if RSA ... endif" block, since
its only direct dependeny is CONFIG_RSA. This tidies up and simplifies
reading of lib/rsa/Kconfig.

No functional change intended.

Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: Fix build with OpenSSL 1.1.x 2017-05-12T12:37:19+00:00 Jelle van der Waa jelle@vdwaa.nl 2017-05-08T19:31:19+00:00 c3b4328166b03d6749b86eb0fbb21a10e4395cfd The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be called to reinitialise an already created structure. 
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
Kconfig: Don't use RSA_FREESCALE_EXP on IMX 2017-03-20T22:04:42+00:00 George McCollister george.mccollister@gmail.com 2017-03-16T21:17:06+00:00 f4e9ff71356aceab5bd212e528c123353c531a48 The CAAM in IMX parts doesn't support public key hardware acceleration (PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX (assuming you have the clocks enabled first) you will get back an "Invalid KEY Command" error since PKHA isn't a valid key destination for these parts. Signed-off-by: George McCollister <george.mccollister@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> 
The CAAM in IMX parts doesn't support public key hardware acceleration
(PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX
(assuming you have the clocks enabled first) you will get back an
"Invalid KEY Command" error since PKHA isn't a valid key destination for
these parts.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>