summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* pbl: add sha256 and piggy verification to PBLRouven Czerwinski2019-08-072-4/+9
| | | | | | | | | Extract the necessary functions from sha256 into a PBL headder and add a verification function to the PBL. The function will be called before the individual architectures decompress functions is run. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: fix digesting file windowsSascha Hauer2019-05-091-5/+6
| | | | | | | | | | | When digesting a file we always try toread PAGE_SIZE bytes. When we get a short read because we reached the file end then the code works correctly. If instead we only want to digest a part of the file then we must make sure to only read up to 'size' bytes. Fixes: b77582effd ("crypto: digest: Split memory vs. file code into separate functions") Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* treewide: Add missing includesSascha Hauer2019-03-181-0/+1
| | | | | | | | | Many files in the tree implement functions, but do not include the header files which provide the prototypes for these functions. This means conflicting prototypes remain undetected. Add the missing includes. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crc: Add PBL variant for crc_itu_t()Sascha Hauer2019-03-041-1/+1
| | | | | | | Enable crc_itu_t() for PBL. For the PBL use the slower-but-smaller variant without table. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crc: import crc_itu_t() from kernelSascha Hauer2019-03-044-106/+62
| | | | | | | | Our cyc_crc16() function is the same function as crc_itu_t() in the Linux kernel. Import and use crc_itu_t() from the Kernel for consistency. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Return -errno if stat() failsAndrey Smirnov2019-01-171-5/+2
| | | | | | | | | Strictly speaking, stat() doesn't return a detailed error code as its return value and it can and should be obtained via 'errno'. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Return -errno if lseek() failsAndrey Smirnov2019-01-171-2/+2
| | | | | | | | | | | Strictly speaking, lseek() doesn't return a detailed error code as its return value and it can and should be obtained via 'errno'. In this case this change also allows us to avoid potential problems from downconverting 'loff_t' to 'int'. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Return -errno if open() failsAndrey Smirnov2019-01-171-1/+1
| | | | | | | | | Strictly speaking, open() doesn't return a detailed error code as its return value and it can and should be obtained via 'errno'. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Reviewed-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Change the signature of digest_file_window()Andrey Smirnov2019-01-161-3/+3
| | | | | | | | | On 32-bit systems "ulong" will limit digest_file_window()'s maximum size to 4 GiB. Convert "start" and "size" to "loff_t" in order to be able to handle maximum file size supported by the rest of the system. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Split memory vs. file code into separate functionsAndrey Smirnov2019-01-161-48/+70
| | | | | | | | | | | Instead of trying to fit two rather different cases into a single loop, split digesting memory and digesting files into separate subroutines. While duplicating some of the code shared by both of the while() loops this makes the body of the loop easier to follow as well as gets rid of poorly named "flags" variable. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Replace 4096 with PAGE_SIZEAndrey Smirnov2019-01-161-2/+2
| | | | | Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Remove unused variableAndrey Smirnov2019-01-161-2/+0
| | | | | Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* treewide: Introduce MAP_FAILED and replace ad-hoc constants with itAndrey Smirnov2019-01-161-1/+1
| | | | | Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* rsa: Add missing newline to pr_err messagesSascha Hauer2018-01-301-4/+4
| | | | Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: Fix digesting over memory chunks > 4096 bytesUwe Kleine-König2017-07-101-0/+3
| | | | | | | | | | | | | | | | | | | There are two different cases that are handled in digest_file_window: a) the file to digest is memmappable (e.g. /dev/mem) b) it isn't (e.g. files in /) In both cases a file is digested in hunks of (up to) 4096 bytes. After each hunk in b) the buffer that is fed to digest_update() is then overwritten using read() to get the next hunk to digest. In case a) however it was forgotten to step forward in the buffer and instead the same data was handed to digest_update() again and again. So to fix that increase buffer by the number of bytes already digested for case a) which is characterized by flags == 0. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
* crypto: digest: initialize earlierSascha Hauer2017-03-314-4/+4
| | | | | | | | Digests have dependencies and are needed for state which initializes at device_initcall level. To make sure the digests are available for state register them earlier, at coredevice_initcall level. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* keystore: implement forgetting secretsSascha Hauer2017-03-311-15/+38
| | | | | | To be able to change secrets add a function to forget secrets. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: crc32: Optimize dynamic CRC table generationAlexander Shiyan2016-07-051-8/+7
| | | | | | | | | | | | | | | | | | | | | | In barebox we have an option for dynamic formation of the CRC32 table (DYNAMIC_CRC_TABLE), but the source code declares a static array which is simply filled with data, the resulting code becomes even more than without DYNAMIC_CRC_TABLE option, due to the BSS usage. CONFIG_DYNAMIC_CRC_TABLE=n text data bss dec hex filename 1884 0 0 1884 75c crc32.o CONFIG_DYNAMIC_CRC_TABLE=y text data bss dec hex filename 1066 4 1024 2094 82e crc32.o This patch provides dynamic buffer allocation for the CRC table, which saves about 1 Kbyte, as it should be. CONFIG_DYNAMIC_CRC_TABLE=y text data bss dec hex filename 1062 0 4 1066 42a crc32.o Signed-off-by: Alexander Shiyan <shc_work@mail.ru> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: add CRC32 digestYegor Yefremov2016-05-253-0/+95
| | | | | | | CRC32 digest can be used to check CRC32 hashes in FIT images etc. Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* Merge branch 'for-next/misc'Sascha Hauer2016-05-092-2/+2
|\
| * whole tree: remove trailing whitespacesDu Huanpeng2016-04-212-2/+2
| | | | | | | | | | Signed-off-by: Du Huanpeng <u74147@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* | string: Fix (v)asprintf prototypesSascha Hauer2016-04-151-2/+2
| | | | | | | | | | | | | | | | | | | | Our asprintf and vasprintf have different prototypes than the glibc functions. This causes trouble when we want to share barebox code with userspace code. Change the prototypes for (v)asprintf to match the glibc prototypes. Since the current (v)asprintf are convenient to use change the existing functions to b(v)asprintf. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* | include: move crc specific stuff to crc.hSascha Hauer2016-04-151-0/+1
|/ | | | | | | We have a crc.h, so move our crc function prototypes there to further cleanup common.h. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* Merge branch 'for-next/ratp'Sascha Hauer2016-02-081-0/+1
|\
| * barebox remote controlSascha Hauer2016-01-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the ability to control barebox over serial lines. The regular console is designed for human input and is unsuitable for controlling barebox from scripts since characters can be lost on both ends, the data stream contains escape sequences and the prompt cannot be easily matched upon. This approach is based on the RATP protocol. RATP packages start with a binary 0x01 which does not occur in normal console data. Whenever a 0x01 character is detected in the console barebox goes into RATP mode. The RATP packets contain a simple structure with a command/respone type and data for that type. Currently defined types are: BB_RATP_TYPE_COMMAND (host->barebox): Execute a command in the shell BB_RATP_TYPE_COMMAND_RETURN (barebox->host) Sends return value of the command back to the host, also means barebox is ready for the next command BB_RATP_TYPE_CONSOLEMSG (barebox->host) Console message from barebox Planned but not yet implemented are: BB_RATP_TYPE_PING (host->barebox) BB_RATP_TYPE_PONG (barebox->host) For testing purposes BB_RATP_TYPE_GETENV (host->barebox) BB_RATP_TYPE_GETENV_RETURN (barebox->host) Get values of environment variables Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Tested-by: Andrey Smirnov <andrew.smirnov@gmail.com>
* | crypto: add RSA supportSascha Hauer2016-01-263-0/+426
| | | | | | | | | | | | | | Taken from U-Boot and adopted to barebox with little changes. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
* | crypto: add digest_alloc_by_algo()Sascha Hauer2016-01-265-1/+48
|/ | | | | | | | | | | In barebox the function digest_alloc() allocates a digest based on a string. When a subsystem already uses an integer value to identify a digest it makes no sense to create a string and pass it to digest_alloc(), where it is parsed again. This patch adds the possibility to get a digest by an enum. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* Merge branch 'for-next/state'Sascha Hauer2015-12-083-0/+91
|\
| * crypto: add simple keystoreMarc Kleine-Budde2015-11-273-0/+87
| | | | | | | | | | | | | | | | This patch adds a simple keystore to barebox. The keystore implements a simple key-value store to hold arbitrary values. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
| * crypto: Kconfig: add submenu for crypto related config optionsMarc Kleine-Budde2015-11-271-0/+4
| | | | | | | | | | Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* | crypto: crc32: fix warnings: no previous prototype for 'crc32', ↵Sergey Koshechkin2015-11-181-3/+6
|/ | | | | | | 'crc32_no_comp', 'file_crc' Signed-off-by: Sergey Koshechkin <serge.koshechkin@gmail.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: fix selecting of digestsSascha Hauer2015-08-281-1/+1
| | | | | | | | | | | | | | | | | SHA1 is meant as a boolean option which is true when sha1 support is available. This works because the providers (DIGEST_SHA1_GENERIC and DIGEST_SHA1_ARM) have a 'select SHA1'. However, consumers like the sha1sum command do a 'select SHA1' to enable SHA1 support. This of course does not work; selecting SHA1 will not select any of the SHA1 providers. This is broken for all digest consumers. We have to explicitly select a digest provider, that is DIGEST_*_GENERIC to enable the corresponding digest. This means now we will always have the generic digest in the binary, even when an optimized one is enabled. There is no sane way in Kconfig to "select provider for feature xy", so let's live with the overhead in the binary. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crc16: Make buffer argument constSascha Hauer2015-06-081-1/+1
| | | | | | The buffer is not modified by crc16, so make the argument const. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: mark signature argument as constMarc Kleine-Budde2015-05-261-5/+5
| | | | | Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* arm: crypto: add sha256 assembly supportJean-Christophe PLAGNIOL-VILLARD2015-03-271-0/+9
| | | | | | | | | | | | | | | linux arm sha256 current $ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin -rw-r--r-- 1 root root 207786 Mar 24 13:23 build/versatilpb/arch/arm/pbl/zbarebox.bin linux arm v4 asm implementation for sha256 $ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin -rw-r--r-- 1 root root 205007 Mar 24 16:47 build/versatilpb/arch/arm/pbl/zbarebox.bin we win 2779 bytes and speed cf code Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* arm: crypto: add sha1 assembly supportJean-Christophe PLAGNIOL-VILLARD2015-03-271-0/+8
| | | | | | | | | | | | | | | | | | from Linux 3.9 linux generic implementation $ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin -rw-r--r-- 1 root root 210829 Mar 24 13:21 build/versatilpb/arch/arm/pbl/zbarebox.bin linux arm v4 asm implementation $ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin -rw-r--r-- 1 root root 207786 Mar 24 13:23 build/versatilpb/arch/arm/pbl/zbarebox.bin we win 3043 bytes and speed cf code Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: sha512: switch to linux implementationJean-Christophe PLAGNIOL-VILLARD2015-03-271-266/+198
| | | | | Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: sha256: switch to linux implementationJean-Christophe PLAGNIOL-VILLARD2015-03-271-272/+290
| | | | | Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: sha1: switch to linux implementationJean-Christophe PLAGNIOL-VILLARD2015-03-271-275/+247
| | | | | | | | | | | | | | | | | current implementation $ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin -rw-r--r-- 1 root root 211095 Mar 24 13:21 build/versatilpb/arch/arm/pbl/zbarebox.bin linux generic implementation $ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin -rw-r--r-- 1 root root 210829 Mar 24 13:21 build/versatilpb/arch/arm/pbl/zbarebox.bin on a compressed lzo barebox we will 266 bytes Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: hmac: move register to hmacJean-Christophe PLAGNIOL-VILLARD2015-03-275-57/+39
| | | | | | | | | | As we will use the best sha algo at runtime Add a new init level crypto_initcall to ensure that all the sha present before hmac Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: prepare to allow multiple digest driverJean-Christophe PLAGNIOL-VILLARD2015-03-279-62/+110
| | | | | | | | | | This will allow to have hw driver or asm optimised driver. Use a priority level to determine which one to use at runtime. The generic one will be 0. Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* digest: allow algo to specify their length at runtimeJean-Christophe PLAGNIOL-VILLARD2015-03-271-2/+1
| | | | | | | | such as RSA as we load a DER key we will detect the key size at runtime and so the algo length. Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: speficied when a digest need a key to be usedJean-Christophe PLAGNIOL-VILLARD2015-03-201-0/+1
| | | | | | | | | | | such as for hmac(xxx) you must provide a key This will allow to enforce the correct parameter at digest command <digest>sum is not impacted Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* command: add generic digest commandJean-Christophe PLAGNIOL-VILLARD2015-03-201-5/+20
| | | | | | | That can be used for digest calculation and verify Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: add pbkdf2 hmac key generatorJean-Christophe PLAGNIOL-VILLARD2015-03-193-0/+101
| | | | | | | | | | this will allow to generate a KEY + IV based on a password and salt for AES encryption/decryption as example or simply the key for hmac or rsa from text password Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: hmac: use digest_digest and check the return of every digest_xxxJean-Christophe PLAGNIOL-VILLARD2015-03-191-18/+31
| | | | | Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* digest: add digest callbackJean-Christophe PLAGNIOL-VILLARD2015-03-197-0/+25
| | | | | | | | | | | Combination of @init and @update and @final. This function effectively behaves as the entire chain of operations, @init, @update and @final issued in sequence. This is added for hardware which cannot do even the @finup, but can only do the whole transformation in one run. Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* digest: add verify callbackJean-Christophe PLAGNIOL-VILLARD2015-03-197-1/+32
| | | | | | | | | | | | this will allow to compare a md with the original one When calling this do not call final For RSA_SIGN verification final does not exist only verify as final will be for signing Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: digest_file_window/digest_file/digest_file_by_name drop key ↵Jean-Christophe PLAGNIOL-VILLARD2015-03-191-8/+2
| | | | | | | | | params expect the key to be set before calling Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
* crypto: digest: digest_file_window: check every digest_xxx returnJean-Christophe PLAGNIOL-VILLARD2015-03-181-3/+7
| | | | | Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>