| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
Add pr_fmt to print more context and use pr_debug consistently.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Currently there is no way to iterate over all available RSA keys.
This patch collects all keys on a list so we can add an iterator
in the next step.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
The config_filename macro has been dropped from mainline in
b8c96a6b466c ("certs: simplify $(srctree)/ handling and remove
config_filename macro"). Adopt the mechanism it has been replaced with
for barebox.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The symbols were renamed to a nicer and consistent naming scheme, but I
missed to adapt a few usages.
This was done using:
perl -p -i -e 's/\bCONFIG_(?:DIGEST_)?(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|HMAC)\b/CONFIG_HAVE_DIGEST_$1/;' crypto/hmac.c crypto/sha2.c crypto/sha4.c
Now there don't seem to be any old names left:
Reported-by: Renaud Barbier <Renaud.Barbier@ametek.com>
Fixes: 03fb5524b064 ("crypto: consistently name the algo digest symbols HAVE_DIGEST_...")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.barebox.org/20220322090007.233155-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
The better naming prevents confusion (for me at least) because
MACHINE_ID depends on a symbol that cannot be enabled manually.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.barebox.org/20220209095924.x7p4wo47thxbeih5@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Record GPL-2.0-only as license for all files lacking an explicit license
statement.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220103120539.1730644-12-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Makes the files not appear when searching for files that lack
SPDX-License-Identifier.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220103120539.1730644-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To verify only Kconfig/Makefile is touched:
git show --numstat --format=oneline HEAD | grep -v 'Kconfig\|Makefile'
will print only arch/powerpc/Kbuild.
To verify nothing unexpected is added:
git show -U0 | grep '^-[^-]\|^+[^+]' | sort -u
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220103120539.1730644-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
This implementation is a straight copy of the tableless
implementation inside Linux' lib/crc32.c
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20211209105832.3518384-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
When verifying a digest it is important not to leak timing information
through memcmp(). Use crypto_memneq() instead.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds crypto_memneq() from Linux for the same reason it is present
in Linux. From the commit message adding it:
When comparing MAC hashes, AEAD authentication tags, or other hash
values in the context of authentication or integrity checking, it
is important not to leak timing information to a potential attacker,
i.e. when communication happens over a network.
Bytewise memory comparisons (such as memcmp) are usually optimized so
that they return a nonzero value as soon as a mismatch is found. E.g,
on x86_64/i5 for 512 bytes this can be ~50 cyc for a full mismatch
and up to ~850 cyc for a full match (cold). This early-return behavior
can leak timing information as a side channel, allowing an attacker to
iteratively guess the correct result.
This patch adds a new method crypto_memneq ("memory not equal to each
other") to the crypto API that compares memory areas of the same length
in roughly "constant time" (cache misses could change the timing, but
since they don't reveal information about the content of the strings
being compared, they are effectively benign). Iow, best and worst case
behaviour take the same amount of time to complete (in contrast to
memcmp).
Note that crypto_memneq (unlike memcmp) can only be used to test for
equality or inequality, NOT for lexicographical order. This, however,
is not an issue for its use-cases within the crypto API.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The arguments after the format string are of type uint32_t and size_t.
Use the correct format specifiers.
Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/
|
|
|
|
|
|
|
|
| |
Some automatic variables are currently cleared as they may contain
"sensitive info". Any proper compiler would optimize away these
dead stores anyway, so just drop them.
Reported-by: clang-analyzer-10
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
digest_file_window() first tries to memmap the file before it falls back
to reading it. This is quite unnecessary, we can just always read.
Moreover, memmapping a file has problems with the current code. A
"md5sum foo" result in the filesize argument being MAX_LFS_FILESIZE.
This is fine for files where the file is just read up to the end in
this case, but for memmapped buffers this results in digesting
MAX_LFS_FILESIZE bytes which is wrong. This problem is not apparent
at the moment as there are only a few files which are memmappable,
and on these (/dev/mem, /dev/ram0) digest commands are normally
called with an explicit size argument. This changes once ramfs starts
supporting memmap, so better drop memmapping in the digest code now.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
The CREDITS file was removed from barebox in 2015 by commit 6570288f2d97
("Remove the CREDITS file"). Remove references to it from several files.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
pbkdf2 needs HMAC support, select it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far we relied on the U-Boot mkimage tool to generate us device tree
snippets containing rsa public keys which we then compiled into barebox.
Make this easier and allow to directly specify a filename or PKCS#11 URI
in Kconfig. With this we no longer need the U-Boot mkimage tool here and
no more external steps to prepare device tree snippets.
With this rsa public keys can be directly compiled as C structs into
barebox which is much more direct than putting it into the device tree.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
Until now rsa_of_read_key() took a pointer to a key and filled the
struct rsa_public_key members with allocated values. So far we have
never freed these values. Change rsa_of_read_key() to always return
a fully allocated key and provide rsa_key_free() to free it. Let the
FIT image code free the key after usage.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Extract the necessary functions from sha256 into a PBL headder and add a
verification function to the PBL. The function will be called before the
individual architectures decompress functions is run.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
When digesting a file we always try toread PAGE_SIZE bytes. When we get a
short read because we reached the file end then the code works
correctly. If instead we only want to digest a part of the file then
we must make sure to only read up to 'size' bytes.
Fixes: b77582effd ("crypto: digest: Split memory vs. file code into separate functions")
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Many files in the tree implement functions, but do not include the
header files which provide the prototypes for these functions. This
means conflicting prototypes remain undetected. Add the missing
includes.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
Enable crc_itu_t() for PBL. For the PBL use the slower-but-smaller
variant without table.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Our cyc_crc16() function is the same function as crc_itu_t() in the
Linux kernel. Import and use crc_itu_t() from the Kernel for
consistency.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Strictly speaking, stat() doesn't return a detailed error code as its
return value and it can and should be obtained via 'errno'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Strictly speaking, lseek() doesn't return a detailed error code as its
return value and it can and should be obtained via 'errno'. In this
case this change also allows us to avoid potential problems from
downconverting 'loff_t' to 'int'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Strictly speaking, open() doesn't return a detailed error code as its
return value and it can and should be obtained via 'errno'.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
On 32-bit systems "ulong" will limit digest_file_window()'s maximum
size to 4 GiB. Convert "start" and "size" to "loff_t" in order to be
able to handle maximum file size supported by the rest of the system.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of trying to fit two rather different cases into a single
loop, split digesting memory and digesting files into separate
subroutines. While duplicating some of the code shared by both of the
while() loops this makes the body of the loop easier to follow as well
as gets rid of poorly named "flags" variable.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two different cases that are handled in digest_file_window:
a) the file to digest is memmappable (e.g. /dev/mem)
b) it isn't (e.g. files in /)
In both cases a file is digested in hunks of (up to) 4096 bytes. After
each hunk in b) the buffer that is fed to digest_update() is then
overwritten using read() to get the next hunk to digest. In case a)
however it was forgotten to step forward in the buffer and instead the
same data was handed to digest_update() again and again.
So to fix that increase buffer by the number of bytes already digested
for case a) which is characterized by flags == 0.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Digests have dependencies and are needed for state which initializes
at device_initcall level. To make sure the digests are available
for state register them earlier, at coredevice_initcall level.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
To be able to change secrets add a function to forget secrets.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In barebox we have an option for dynamic formation of the CRC32
table (DYNAMIC_CRC_TABLE), but the source code declares a static
array which is simply filled with data, the resulting code becomes
even more than without DYNAMIC_CRC_TABLE option, due to the BSS usage.
CONFIG_DYNAMIC_CRC_TABLE=n
text data bss dec hex filename
1884 0 0 1884 75c crc32.o
CONFIG_DYNAMIC_CRC_TABLE=y
text data bss dec hex filename
1066 4 1024 2094 82e crc32.o
This patch provides dynamic buffer allocation for the CRC table,
which saves about 1 Kbyte, as it should be.
CONFIG_DYNAMIC_CRC_TABLE=y
text data bss dec hex filename
1062 0 4 1066 42a crc32.o
Signed-off-by: Alexander Shiyan <shc_work@mail.ru>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
CRC32 digest can be used to check CRC32 hashes in FIT images etc.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| | |
Signed-off-by: Du Huanpeng <u74147@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our asprintf and vasprintf have different prototypes than the glibc
functions. This causes trouble when we want to share barebox code
with userspace code. Change the prototypes for (v)asprintf to match
the glibc prototypes. Since the current (v)asprintf are convenient
to use change the existing functions to b(v)asprintf.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/
|
|
|
|
|
| |
We have a crc.h, so move our crc function prototypes there to further
cleanup common.h.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the ability to control barebox over serial lines. The regular
console is designed for human input and is unsuitable for controlling
barebox from scripts since characters can be lost on both ends, the data
stream contains escape sequences and the prompt cannot be easily matched
upon.
This approach is based on the RATP protocol. RATP packages start with a
binary 0x01 which does not occur in normal console data. Whenever a
0x01 character is detected in the console barebox goes into RATP mode.
The RATP packets contain a simple structure with a command/respone
type and data for that type. Currently defined types are:
BB_RATP_TYPE_COMMAND (host->barebox):
Execute a command in the shell
BB_RATP_TYPE_COMMAND_RETURN (barebox->host)
Sends return value of the command back to the host, also means
barebox is ready for the next command
BB_RATP_TYPE_CONSOLEMSG (barebox->host)
Console message from barebox
Planned but not yet implemented are:
BB_RATP_TYPE_PING (host->barebox)
BB_RATP_TYPE_PONG (barebox->host)
For testing purposes
BB_RATP_TYPE_GETENV (host->barebox)
BB_RATP_TYPE_GETENV_RETURN (barebox->host)
Get values of environment variables
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Tested-by: Andrey Smirnov <andrew.smirnov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Taken from U-Boot and adopted to barebox with little changes.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
|
|/
|
|
|
|
|
|
|
|
|
| |
In barebox the function digest_alloc() allocates a digest based on a string.
When a subsystem already uses an integer value to identify a digest it makes no
sense to create a string and pass it to digest_alloc(), where it is parsed
again. This patch adds the possibility to get a digest by an enum.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds a simple keystore to barebox. The keystore implements a simple
key-value store to hold arbitrary values.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|