| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Link: https://lore.barebox.org/20231213140004.898488-1-s.hauer@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
We use crc_table[0] != 0 as indicator if we have already generated the
crc table. crc_table[0] will be generated as 0x0 though, so we end up
generating the crc table over and over again. Use crc_table[1] as
indicator instead.
Fixes: b00801710b ("crypto: crc32: allocate crc_table statically")
Link: https://lore.barebox.org/20231212075409.1500489-1-s.hauer@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JSON Web Token is a proposed Internet standard for creating tokens with
optional signature and/or optional encryption whose payload holds JSON that
asserts some number of claims. The tokens are signed either using a private
secret or a public/private key.
In the context of barebox, a JSON Web Token can be used as unlock token
for a system: By default, the system would be locked and only boot
signed payloads, but when a valid unlock token is provided, board code
can selectively allow access to disallowed features, such as booting
unsigned payloads or provide access to the console and shell.
This commit adds first support for JSON Web Tokens on top of the already
existing JSON support. RS256 is the only currently supported format, but
more may be added in future.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20231023143122.1760217-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
rsatoc is automatically built if CONFIG_CRYPTO_RSA_BUILTIN_KEYS=y.
For testing, it can be useful to build the tool standalone, so add an
option to do just that.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230921102310.1108543-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
| |
A crc32 implementation might be useful for PBL as well, so enable it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Generating the crc table on a not-so-powerfull i.MX6q SoC takes
around 100us. This is negligible and not worth bothering the user with
an extra Kconfig option. Just drop the option and make it the default.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
| |
Allocate crc_table statically. This makes the crc32 implementation
usable in PBL where we have no memory allocation function.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
| |
Make the code a bit more readable.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Using ulong just wastes space on 64-bit platforms, so use fixed size
32-bit integers instead.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230825181749.2861735-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
CONFIG_RSA_KEY and CONFIG_BOOTM_FITIMAGE_PUBKEY can both point at the
RSA public key, but with different formats. CONFIG_RSA_KEY is probably
easier to integrate, so reference it from CONFIG_BOOTM_FITIMAGE_PUBKEY
and be explicit about the different formatting.
Link: https://lore.barebox.org/20230727094748.1152484-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
| |
We have the %pOF format specifier for printing device nodes. Use it
where appropriate.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This imports the Linux v6.3 state of the ARMv8 Crypto Extensions (CE)
accelerated SHA1/SHA2 routines. This increases hashing rate a tenfold:
sha1-generic: digest(7 bytes) = 11750ns digest(4097 bytes) = 59125ns
sha224-generic: digest(7 bytes) = 12750ns digest(4097 bytes) = 95000ns
sha256-generic: digest(7 bytes) = 2250ns digest(4097 bytes) = 94875ns
sha1-ce: digest(7 bytes) = 2875ns digest(4097 bytes) = 8125ns
sha224-ce: digest(7 bytes) = 3125ns digest(4097 bytes) = 7750ns
sha256-ce: digest(7 bytes) = 750ns digest(4097 bytes) = 7625ns
This shaves 400ms of a FIT image boot that uses sha256 as digest for
the images referenced by the selected configuration:
barebox@imx8mn-old:/ time bootm -d kernel-a
Dryrun. Aborted.
time: 998ms
barebox@imx8mn-new:/ time bootm -d kernel-a
Dryrun. Aborted.
time: 601ms
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230526063746.1155297-8-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The digest command lists all registered digest implementations, but
there's no way to select a specific implementation when another higher
priority one exists for the same algorithm. Let's support this, by
having digest_algo_get_by_name fallback to look up by driver name if an
exact match couldn't be found by algo name.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230526063746.1155297-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There's no downside to always build the digest verification code in PBL
and export pbl_barebox_verify to access it. This allows board code to
use the function for verifying other firmware blobs and
CONFIG_PBL_VERIFY_PIGGY=y will remain to enable the verification at
barebox proper extraction time. Code not using it will have the function
sections garbage collected by the linker, so no functional change.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220818050447.2072932-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
These digest implementations are only built per arch/arm/Makefile when
!CONFIG_CPU_V8, so disallow selecting them when barebox is built
for 64-bit ARM.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220808062010.390394-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix warning fwterated by checkincludes.pl:
./net/nfs.c: libgen.h is included more than once.
./net/ifup.c: globalvar.h is included more than once.
./crypto/rsa.c: asm/types.h is included more than once.
./lib/decompress_unlz4.c: linux/decompress/mm.h is included more than once.
./scripts/stb_image.h: stdio.h is included more than once.
./scripts/kwbimage.c: unistd.h is included more than once.
./scripts/common.c: sys/types.h is included more than once.
./scripts/bareboximd.c: sys/types.h is included more than once.
./scripts/bareboximd.c: sys/mman.h is included more than once.
./fs/pstore/ram_core.c: linux/rslib.h is included more than once.
./fs/pstore/fs.c: fs.h is included more than once.
./fs/pstore/fs.c: linux/pstore.h is included more than once.
./fs/nfs.c: fs.h is included more than once.
./fs/uimagefs.c: fs.h is included more than once.
./fs/fs.c: command.h is included more than once.
./arch/sandbox/board/hostfile.c: linux/err.h is included more than once.
./arch/sandbox/board/devices.c: mach/linux.h is included more than once.
./arch/sandbox/os/common.c: signal.h is included more than once.
./arch/arm/boards/zii-imx51-rdu1/board.c: envfs.h is included more than once.
./arch/arm/boards/imx233-olinuxino/imx23-olinuxino.c: generated/mach-types.h is
./arch/arm/mach-stm32mp/ddrctrl.c: mach/stm32.h is included more than once.
./arch/arm/mach-imx/cpu_init.c: common.h is included more than once.
./arch/arm/mach-imx/imx8m.c: mach/imx8m-ccm-regs.h is included more than once.
./common/efi/payload/init.c: efi.h is included more than once.
./common/state/backend_format_raw.c: common.h is included more than once.
./common/state/backend_format_raw.c: crc.h is included more than once.
./common/hush.c: libbb.h is included more than once.
./drivers/spi/atmel-quadspi.c: linux/clk.h is included more than once.
./drivers/spi/atmel-quadspi.c: linux/err.h is included more than once.
./drivers/net/virtio.c: net.h is included more than once.
./drivers/net/phy/phy.c: linux/phy.h is included more than once.
./drivers/net/cpsw.c: net.h is included more than once.
./drivers/virtio/virtio_pci_common.h: linux/list.h is included more than once.
./drivers/usb/host/ohci-hcd.c: dma.h is included more than once.
./drivers/usb/gadget/fsl_udc.c: dma.h is included more than once.
./drivers/nvmem/eeprom_93xx46.c: spi/spi.h is included more than once.
./drivers/nvmem/eeprom_93xx46.c: of.h is included more than once.
./drivers/video/imx-ipu-v3/imx-ldb.c: linux/clk.h is included more than once.
./drivers/video/imx-ipu-v3/imx-hdmi.c: linux/clk.h is included more than once.
./drivers/video/omap.c: common.h is included more than once.
./drivers/mtd/nand/nand_s3c24xx.c: asm/sections.h is included more than once.
./drivers/clk/imx/clk-imx6sx.c: linux/clk.h is included more than once.
./drivers/clk/imx/clk-imx6sl.c: linux/clk.h is included more than once.
./commands/bootm.c: of.h is included more than once.
Signed-off-by: Alexander Shiyan <eagle.alexander923@gmail.com>
Link: https://lore.barebox.org/20220607051957.2497-1-eagle.alexander923@gmail.com
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CONFIG_CRYPTO_RSA_KEY allows referring to environment variables, e.g.
__ENV__FOO tells barebox' rsatoc to use the value of the environment
variable "FOO".
There is no point in creating a make dependency for such values.
Actually looking into the environment variable and deciding whether it is
a PKCS#11 URI or a file seems unnecessarily complex. Let's filter out
these special values and leave the error handling to rsatoc.
Fixes: a05ac5545c ("crypto: simplify $(srctree)/ handling and remove config_filename macro")
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Link: https://lore.barebox.org/20220624141632.380159-1-bst@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
| |
Add pr_fmt to print more context and use pr_debug consistently.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Currently there is no way to iterate over all available RSA keys.
This patch collects all keys on a list so we can add an iterator
in the next step.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
The config_filename macro has been dropped from mainline in
b8c96a6b466c ("certs: simplify $(srctree)/ handling and remove
config_filename macro"). Adopt the mechanism it has been replaced with
for barebox.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The symbols were renamed to a nicer and consistent naming scheme, but I
missed to adapt a few usages.
This was done using:
perl -p -i -e 's/\bCONFIG_(?:DIGEST_)?(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|HMAC)\b/CONFIG_HAVE_DIGEST_$1/;' crypto/hmac.c crypto/sha2.c crypto/sha4.c
Now there don't seem to be any old names left:
Reported-by: Renaud Barbier <Renaud.Barbier@ametek.com>
Fixes: 03fb5524b064 ("crypto: consistently name the algo digest symbols HAVE_DIGEST_...")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.barebox.org/20220322090007.233155-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
The better naming prevents confusion (for me at least) because
MACHINE_ID depends on a symbol that cannot be enabled manually.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.barebox.org/20220209095924.x7p4wo47thxbeih5@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Record GPL-2.0-only as license for all files lacking an explicit license
statement.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220103120539.1730644-12-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Makes the files not appear when searching for files that lack
SPDX-License-Identifier.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220103120539.1730644-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To verify only Kconfig/Makefile is touched:
git show --numstat --format=oneline HEAD | grep -v 'Kconfig\|Makefile'
will print only arch/powerpc/Kbuild.
To verify nothing unexpected is added:
git show -U0 | grep '^-[^-]\|^+[^+]' | sort -u
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220103120539.1730644-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
This implementation is a straight copy of the tableless
implementation inside Linux' lib/crc32.c
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20211209105832.3518384-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
| |
When verifying a digest it is important not to leak timing information
through memcmp(). Use crypto_memneq() instead.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds crypto_memneq() from Linux for the same reason it is present
in Linux. From the commit message adding it:
When comparing MAC hashes, AEAD authentication tags, or other hash
values in the context of authentication or integrity checking, it
is important not to leak timing information to a potential attacker,
i.e. when communication happens over a network.
Bytewise memory comparisons (such as memcmp) are usually optimized so
that they return a nonzero value as soon as a mismatch is found. E.g,
on x86_64/i5 for 512 bytes this can be ~50 cyc for a full mismatch
and up to ~850 cyc for a full match (cold). This early-return behavior
can leak timing information as a side channel, allowing an attacker to
iteratively guess the correct result.
This patch adds a new method crypto_memneq ("memory not equal to each
other") to the crypto API that compares memory areas of the same length
in roughly "constant time" (cache misses could change the timing, but
since they don't reveal information about the content of the strings
being compared, they are effectively benign). Iow, best and worst case
behaviour take the same amount of time to complete (in contrast to
memcmp).
Note that crypto_memneq (unlike memcmp) can only be used to test for
equality or inequality, NOT for lexicographical order. This, however,
is not an issue for its use-cases within the crypto API.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The arguments after the format string are of type uint32_t and size_t.
Use the correct format specifiers.
Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/
|
|
|
|
|
|
|
|
| |
Some automatic variables are currently cleared as they may contain
"sensitive info". Any proper compiler would optimize away these
dead stores anyway, so just drop them.
Reported-by: clang-analyzer-10
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
digest_file_window() first tries to memmap the file before it falls back
to reading it. This is quite unnecessary, we can just always read.
Moreover, memmapping a file has problems with the current code. A
"md5sum foo" result in the filesize argument being MAX_LFS_FILESIZE.
This is fine for files where the file is just read up to the end in
this case, but for memmapped buffers this results in digesting
MAX_LFS_FILESIZE bytes which is wrong. This problem is not apparent
at the moment as there are only a few files which are memmappable,
and on these (/dev/mem, /dev/ram0) digest commands are normally
called with an explicit size argument. This changes once ramfs starts
supporting memmap, so better drop memmapping in the digest code now.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
The CREDITS file was removed from barebox in 2015 by commit 6570288f2d97
("Remove the CREDITS file"). Remove references to it from several files.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
| |
pbkdf2 needs HMAC support, select it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
So far we relied on the U-Boot mkimage tool to generate us device tree
snippets containing rsa public keys which we then compiled into barebox.
Make this easier and allow to directly specify a filename or PKCS#11 URI
in Kconfig. With this we no longer need the U-Boot mkimage tool here and
no more external steps to prepare device tree snippets.
With this rsa public keys can be directly compiled as C structs into
barebox which is much more direct than putting it into the device tree.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
Until now rsa_of_read_key() took a pointer to a key and filled the
struct rsa_public_key members with allocated values. So far we have
never freed these values. Change rsa_of_read_key() to always return
a fully allocated key and provide rsa_key_free() to free it. Let the
FIT image code free the key after usage.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Extract the necessary functions from sha256 into a PBL headder and add a
verification function to the PBL. The function will be called before the
individual architectures decompress functions is run.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
When digesting a file we always try toread PAGE_SIZE bytes. When we get a
short read because we reached the file end then the code works
correctly. If instead we only want to digest a part of the file then
we must make sure to only read up to 'size' bytes.
Fixes: b77582effd ("crypto: digest: Split memory vs. file code into separate functions")
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Many files in the tree implement functions, but do not include the
header files which provide the prototypes for these functions. This
means conflicting prototypes remain undetected. Add the missing
includes.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
| |
Enable crc_itu_t() for PBL. For the PBL use the slower-but-smaller
variant without table.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Our cyc_crc16() function is the same function as crc_itu_t() in the
Linux kernel. Import and use crc_itu_t() from the Kernel for
consistency.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Strictly speaking, stat() doesn't return a detailed error code as its
return value and it can and should be obtained via 'errno'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Strictly speaking, lseek() doesn't return a detailed error code as its
return value and it can and should be obtained via 'errno'. In this
case this change also allows us to avoid potential problems from
downconverting 'loff_t' to 'int'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Strictly speaking, open() doesn't return a detailed error code as its
return value and it can and should be obtained via 'errno'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
On 32-bit systems "ulong" will limit digest_file_window()'s maximum
size to 4 GiB. Convert "start" and "size" to "loff_t" in order to be
able to handle maximum file size supported by the rest of the system.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of trying to fit two rather different cases into a single
loop, split digesting memory and digesting files into separate
subroutines. While duplicating some of the code shared by both of the
while() loops this makes the body of the loop easier to follow as well
as gets rid of poorly named "flags" variable.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
|
|
|
| |
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
