u-boot-toradex.git/include/crypto, branch master U-Boot bootloader for Apalis and Colibri modules mbedtls: access mbedtls private members in mscode and pkcs7 parser 2025-02-27T18:11:02+00:00 Raymond Mao raymond.mao@linaro.org 2025-02-03T22:08:13+00:00 f13cd90762247661f9bd508303d830055e135ec0 U-Boot requires to access x509_internal.h, mbedtls_sha256_context and mbedtls_sha1_context in the porting layer, and this requires to enable MBEDTLS_ALLOW_PRIVATE_ACCESS. Enable it to mscode and pkcs7_parser to fix a mbedtls internal building error when X509 is selected. Moreover, Move it to a separate file to avoid enabling it in multiple places. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
U-Boot requires to access x509_internal.h, mbedtls_sha256_context and
mbedtls_sha1_context in the porting layer, and this requires to
enable MBEDTLS_ALLOW_PRIVATE_ACCESS.

Enable it to mscode and pkcs7_parser to fix a mbedtls internal building
error when X509 is selected.

Moreover, Move it to a separate file to avoid enabling it in multiple
places.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lib/crypto: Adapt mscode_parser to MbedTLS 2024-10-14T23:58:49+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:35+00:00 513a15db0dba24bc5e5dad971a2be1a4831a0037 Previous patch has introduced MbedTLS porting layer for mscode parser, here to adjust the header and makefiles accordingly. Adding _LEGACY Kconfig for legacy mscode implementation. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> 
Previous patch has introduced MbedTLS porting layer for mscode parser,
here to adjust the header and makefiles accordingly.
Adding _LEGACY Kconfig for legacy mscode implementation.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
lib/crypto: Adapt PKCS7 parser to MbedTLS 2024-10-14T23:58:47+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:33+00:00 c47bbf9a57c77023d45016b329419e9ca4877dc3 Previous patch has introduced MbedTLS porting layer for PKCS7 parser, here to adjust the header and makefiles accordingly. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> 
Previous patch has introduced MbedTLS porting layer for PKCS7 parser,
here to adjust the header and makefiles accordingly.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
lib/crypto: Adapt x509_cert_parser to MbedTLS 2024-10-14T23:58:46+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:31+00:00 3741abfe86c677ed6ea05571bbab34cc25886848 Previous patch has introduced MbedTLS porting layer for x509 cert parser, here to adjust the header and makefiles accordingly. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> 
Previous patch has introduced MbedTLS porting layer for x509 cert parser,
here to adjust the header and makefiles accordingly.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
lib/crypto: Adapt public_key header with MbedTLS 2024-10-14T23:58:44+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:29+00:00 f7586471e79e2c263cc687147cf47cb462518e0e Previous patch has introduced MbedTLS porting layer for public key, here to adjust the header and makefiles accordingly. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Previous patch has introduced MbedTLS porting layer for public key,
here to adjust the header and makefiles accordingly.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
common: Drop linux/printk.h from common header 2023-09-24T13:54:57+00:00 Simon Glass sjg@chromium.org 2023-09-15T00:21:46+00:00 1e94b46f73cedcebbff73799203f3266c5b28d90 This old patch was marked as deferred. Bring it back to life, to continue towards the removal of common.h Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass <sjg@chromium.org> 
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h

Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
lib: crypto: add mscode_parser 2022-07-05T12:37:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-07-05T05:48:11+00:00 b124efc09fc5f62cc2e17d956ba3c5c9168738e8 In MS authenticode, pkcs7 should have data in its contentInfo field. This data is tagged with SpcIndirectData type and, for a signed PE image, provides a image's message digest as SpcPeImageData. This parser is used in image authentication to parse the field and retrieve a message digest. Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*. Checkpatch.pl generates tones of warnings, but those are not fixed for the sake of maintainability (importing from another source). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.

This parser is used in image authentication to parse the field and
retrieve a message digest.

Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
dm: crypto: Define UCLASS API for ECDSA signature verification 2021-08-16T08:49:35+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-07-29T16:47:15+00:00 1d54af1392513c09927b97981356acadfa626d63 Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com> 
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
lib: crypto: export and enhance pkcs7_verify_one() 2020-07-22T10:37:17+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:21+00:00 5ee81c6e3f9f6f851c69b1e3d2661d96671d1dd1 The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: add public_key_verify_signature() 2020-07-22T10:33:55+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:17+00:00 b2a1049b5c364961726add2796b6028b27008ca4 This function will be called from x509_check_for_self_signed() and pkcs7_verify_one(), which will be imported from linux in a later patch. While it does exist in linux code and has a similar functionality of rsa_verify(), it calls further linux-specific interfaces inside. That could lead to more files being imported from linux. So simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>