| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds UBIFS authentication support. For now, we do not do
any authentication even on authenticated UBIFS images. Since
this behaviour is not what the user normally expects when mounting
authenticated images we only do this when the user explicitly allows
it in "global.ubifs.allow_authenticated_unauthenticated". If the
flag is false then we refuse mounting such an image and return -EPERM
instead.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
On 32-bit systems "ulong" will limit digest_file_window()'s maximum
size to 4 GiB. Convert "start" and "size" to "loff_t" in order to be
able to handle maximum file size supported by the rest of the system.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
enum hash_algo is exported from the Kernel, so sync it with the numbers
that are exported. Since we have barebox specific extensions to the
hash_algo list add a big comment and put the extenstions at the end.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
CRC32 digest can be used to check CRC32 hashes in FIT images etc.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
In barebox the function digest_alloc() allocates a digest based on a string.
When a subsystem already uses an integer value to identify a digest it makes no
sense to create a string and pass it to digest_alloc(), where it is parsed
again. This patch adds the possibility to get a digest by an enum.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
Cc: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
current implementation
$ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin
-rw-r--r-- 1 root root 211095 Mar 24 13:21 build/versatilpb/arch/arm/pbl/zbarebox.bin
linux generic implementation
$ ls -al build/versatilpb/arch/arm/pbl/zbarebox.bin
-rw-r--r-- 1 root root 210829 Mar 24 13:21 build/versatilpb/arch/arm/pbl/zbarebox.bin
on a compressed lzo barebox we will 266 bytes
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
This will allow to have hw driver or asm optimised driver.
Use a priority level to determine which one to use at runtime.
The generic one will be 0.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
such as RSA as we load a DER key we will detect the key size
at runtime and so the algo length.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
such as for hmac(xxx) you must provide a key
This will allow to enforce the correct parameter at digest command
<digest>sum is not impacted
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
That can be used for digest calculation and verify
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Combination of @init and @update and @final. This function
effectively behaves as the entire chain of operations, @init,
@update and @final issued in sequence. This is added for hardware
which cannot do even the @finup, but can only do the whole
transformation in one run.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
this will allow to compare a md with the original one
When calling this do not call final
For RSA_SIGN verification final does not exist only verify
as final will be for signing
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
params
expect the key to be set before calling
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
Most string arguments for keys and filenames can be const. Change
that.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pass the key via -h param
barebox@barebox sandbox:/ sha256sum -h test /dev/fd0
c297473e9bb221c5dc51d47ad75c76095f1bdc4ca9dff1d5931c2e22bf11a0de /dev/fd0 0x00000000 ... 0xffffffffffffffff
use the same idea as openssl command
$ openssl dgst -sha256 -hmac "test" TODO
HMAC-SHA256(TODO)= c297473e9bb221c5dc51d47ad75c76095f1bdc4ca9dff1d5931c2e22bf11a0de
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
the hmac algo will be registered as hmac(%s) such as hmac(sha256)
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
Now you need to call digest_alloc and when you finish to use it digest_free.
We need this for upcomming aes encryption support and secure boot
as we will need multiple instance of the same digest.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
This will allow to move from a one at a time digest to a multi-instance
with too much impact on the code using it
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
The FSF address has changed in the past. Instead of updating it
each time the address changes, just drop it completely treewide.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
rename it to digest_file_window
introduce digest_file to digest a file and digest_file_by_name
where we specify the algo by name
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
|