summaryrefslogtreecommitdiff
path: root/common/image-sig.c
AgeCommit message (Collapse)AuthorFilesLines
2019-06-21rsa: reject images with unknown paddingPatrick Doyle1-1/+1
Previously we would store NULL in info->padding and jump to an illegal instruction if an unknown value for "padding" was specified in the device tree. Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
2018-12-03rsa: add support of padding pssPhilippe Reynes1-0/+6
We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03rsa: add a structure for the paddingPhilippe Reynes1-0/+29
The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-11-16image-sig: Ensure that hashed-nodes is null-terminatedKonrad Beckmann1-0/+5
A specially crafted FIT image leads to memory corruption in the stack when using the verified boot feature. The function fit_config_check_sig has a logic error that makes it possible to write past the end of the stack allocated array node_inc. This could potentially be used to bypass the signature check when using verified boot. This change ensures that the number of strings is correct when counted. Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-10vboot: Do not use hashed-strings offsetTeddy Reed1-2/+5
The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-10vboot: Add FIT_SIGNATURE_MAX_SIZE protectionTeddy Reed1-0/+5
This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini1-2/+1
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-01-15fix incorrect usage of DT node unit address in commentsAndre Przywara1-1/+1
The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2017-11-06image-sig: use designated initializers for algorithmMasahiro Yamada1-22/+22
Designated initializers are more readable because we do not have to check the order in the struct definitions. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21image: Combine image_sig_algo with image_sign_infoAndrew Duda1-26/+31
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21image: Add crypto_algo struct for RSA infoAndrew Duda1-23/+23
Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21rsa: Verify RSA padding programaticallyAndrew Duda1-3/+6
Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-13libfdt: Sync fdt_for_each_subnode() with upstreamSimon Glass1-4/+4
The signature for this macro has changed. Bring in the upstream version and adjust U-Boot's usages to suit. Signed-off-by: Simon Glass <sjg@chromium.org> Update to drivers/power/pmic/palmas.c: Signed-off-by: Keerthy <j-keerthy@ti.com> Change-Id: I6cc9021339bfe686f9df21d61a1095ca2b3776e8
2015-02-16image: Convert to use fdt_for_each_subnode macroAxel Lin1-12/+4
Use fdt_for_each_subnode macro to simplify the code a bit. Signed-off-by: Axel Lin <axel.lin@ingics.com> Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29rsa: Use checksum algorithms from struct hash_algoRuchika Gupta1-3/+3
Currently the hash functions used in RSA are called directly from the sha1 and sha256 libraries. Change the RSA checksum library to use the progressive hash API's registered with struct hash_algo. This will allow the checksum library to use the hardware accelerated progressive hash API's once available. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM) Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
2014-06-19includes: move openssl headers to include/u-bootJeroen Hofstee1-2/+2
commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19Reverse the meaning of the fit_config_verify() return codeSimon Glass1-2/+2
It is more common to have 0 mean OK, and -ve mean error. Change this function to work the same way to avoid confusion. Signed-off-by: Simon Glass <sjg@chromium.org>
2014-03-21tools, fit_check_sign: verify a signed fit imageHeiko Schocher1-8/+10
add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
2014-03-21rsa: add sha256,rsa4096 algorithmHeiko Schocher1-0/+23
Add support for sha256,rsa4096 signatures in u-boot. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> Cc: andreas@oetken.name
2014-03-21rsa: add sha256-rsa2048 algorithmHeiko Schocher1-0/+38
based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
2013-07-24Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk1-14/+1
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
2013-06-26image: Add support for signing of FIT configurationsSimon Glass1-1/+230
While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26image: Add RSA support for image signingSimon Glass1-0/+7
RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26image: Support signing of imagesSimon Glass1-0/+144
Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26image: Add signing infrastructureSimon Glass1-0/+42
Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org>