summaryrefslogtreecommitdiff
path: root/lib/rsa
Commit message (Collapse)AuthorAgeLines
* rsa: Fix two errors in the implementationSimon Glass2014-08-09-2/+3
| | | | | | | | | 1. Failure to set the return code correctly 2. Failure to detect the loop end condition when the value is equal to the modulus. Reported-by: Jeroen Hofstee <jeroen@myspectrum.nl> Signed-off-by: Simon Glass <sjg@chromium.org>
* Implement generalised RSA public exponents for verified bootMichael van der Westhuizen2014-08-09-8/+145
| | | | | | | | | | | | | | | | | | | | | | | | Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
* includes: move openssl headers to include/u-bootJeroen Hofstee2014-06-19-6/+6
| | | | | | | | | | | | commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
* mkimage: Automatically expand FDT in more casesSimon Glass2014-06-19-9/+18
| | | | | | | The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org>
* fdt: Update functions which write to an FDT to return -ENOSPCSimon Glass2014-06-11-9/+19
| | | | | | | | | | When writing values into an FDT it is possible that there will be insufficient space. If the caller gets a useful error then it can potentially deal with the situation. Adjust these functions to return -ENOSPC when the FDT is full. Signed-off-by: Simon Glass <sjg@chromium.org>
* tools, fit_check_sign: verify a signed fit imageHeiko Schocher2014-03-21-8/+22
| | | | | | | | add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
* rsa: add sha256,rsa4096 algorithmHeiko Schocher2014-03-21-16/+69
| | | | | | | | Add support for sha256,rsa4096 signatures in u-boot. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> Cc: andreas@oetken.name
* rsa: add sha256-rsa2048 algorithmHeiko Schocher2014-03-21-64/+129
| | | | | | | | | | | | | | | | | | | | | based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
* lib: descend into sub directories only when it is necessaryMasahiro Yamada2013-11-17-3/+1
| | | | Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
* lib: convert makefiles to Kbuild styleMasahiro Yamada2013-10-31-21/+1
| | | | Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
* Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk2013-07-24-45/+3
| | | | | | Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
* lib/rsa/rsa-sig.c: compile on OS XAndreas Bießmann2013-07-03-1/+0
| | | | | | | | | | | | | Interfaces exposed by error.h seems not to be used in rsa-sig.c, remove it. This also fixes an compile error on OS X: ---8<--- u-boot/lib/rsa/rsa-sign.c:23:19: error: error.h: No such file or directory --->8--- Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Acked-by: Jeroen Hofstee <jeroen@myspectrum.nl> Tested-by: Lubomir Popov <lpopov@mm-sol.com>
* image: Add RSA support for image signingSimon Glass2013-06-26-0/+893
RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org>