#
1e94b46f |
|
14-Sep-2023 |
Simon Glass <sjg@chromium.org> |
common: Drop linux/printk.h from common header This old patch was marked as deferred. Bring it back to life, to continue towards the removal of common.h Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
e146a2c1 |
|
15-Mar-2022 |
Dhananjay Phadke <dphadke@linux.microsoft.com> |
lib/crypto: support sha384/sha512 in x509/pkcs7 Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, (not set by ported linux code, but needed by __UBOOT__ part). EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for correctness if certificates contain sha384WithRSAEncryption or sha512WithRSAEncryption OIDs. Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
0bcb28df |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
lib: Rename rsa-checksum.c to hash-checksum.c rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
4366a244 |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
crypto: Fix the logic to calculate hash with authattributes set RFC 2315 Section 9.3 describes the message digesting process. The digest calculated depends on whether the authenticated attributes are present. In case of a scenario where the authenticated attributes are present, the message digest that gets signed and is part of the pkcs7 message is computed from the auth attributes rather than the contents field. Check if the auth attributes are present, and if set, use the auth attributes to compute the hash that would be compared with the encrypted hash on the pkcs7 message. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
5ee81c6e |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: export and enhance pkcs7_verify_one() The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
05329fa4 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: add pkcs7_digest() This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
063499e3 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: import pkcs7_verify.c from linux The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
e146a2c1 |
|
15-Mar-2022 |
Dhananjay Phadke <dphadke@linux.microsoft.com> |
lib/crypto: support sha384/sha512 in x509/pkcs7 Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, (not set by ported linux code, but needed by __UBOOT__ part). EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for correctness if certificates contain sha384WithRSAEncryption or sha512WithRSAEncryption OIDs. Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
0bcb28df |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
lib: Rename rsa-checksum.c to hash-checksum.c rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
4366a244 |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
crypto: Fix the logic to calculate hash with authattributes set RFC 2315 Section 9.3 describes the message digesting process. The digest calculated depends on whether the authenticated attributes are present. In case of a scenario where the authenticated attributes are present, the message digest that gets signed and is part of the pkcs7 message is computed from the auth attributes rather than the contents field. Check if the auth attributes are present, and if set, use the auth attributes to compute the hash that would be compared with the encrypted hash on the pkcs7 message. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
5ee81c6e |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: export and enhance pkcs7_verify_one() The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
05329fa4 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: add pkcs7_digest() This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
063499e3 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: import pkcs7_verify.c from linux The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
0bcb28df |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
lib: Rename rsa-checksum.c to hash-checksum.c rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
4366a244 |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
crypto: Fix the logic to calculate hash with authattributes set RFC 2315 Section 9.3 describes the message digesting process. The digest calculated depends on whether the authenticated attributes are present. In case of a scenario where the authenticated attributes are present, the message digest that gets signed and is part of the pkcs7 message is computed from the auth attributes rather than the contents field. Check if the auth attributes are present, and if set, use the auth attributes to compute the hash that would be compared with the encrypted hash on the pkcs7 message. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
5ee81c6e |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: export and enhance pkcs7_verify_one() The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
05329fa4 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: add pkcs7_digest() This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
063499e3 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: import pkcs7_verify.c from linux The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
4366a244 |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
crypto: Fix the logic to calculate hash with authattributes set RFC 2315 Section 9.3 describes the message digesting process. The digest calculated depends on whether the authenticated attributes are present. In case of a scenario where the authenticated attributes are present, the message digest that gets signed and is part of the pkcs7 message is computed from the auth attributes rather than the contents field. Check if the auth attributes are present, and if set, use the auth attributes to compute the hash that would be compared with the encrypted hash on the pkcs7 message. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
5ee81c6e |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: export and enhance pkcs7_verify_one() The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
05329fa4 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: add pkcs7_digest() This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
063499e3 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: import pkcs7_verify.c from linux The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
5ee81c6e |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: export and enhance pkcs7_verify_one() The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
05329fa4 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: add pkcs7_digest() This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |
#
063499e3 |
|
21-Jul-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
lib: crypto: import pkcs7_verify.c from linux The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> |