includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
This commit is contained in:
Jeroen Hofstee
24
include/u-boot/rsa-checksum.h
Normal file
24
include/u-boot/rsa-checksum.h
Normal file
@@ -0,0 +1,24 @@
|
||||
/*
|
||||
* Copyright (c) 2013, Andreas Oetken.
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0+
|
||||
*/
|
||||
|
||||
#ifndef _RSA_CHECKSUM_H
|
||||
#define _RSA_CHECKSUM_H
|
||||
|
||||
#include <errno.h>
|
||||
#include <image.h>
|
||||
#include <u-boot/sha1.h>
|
||||
#include <u-boot/sha256.h>
|
||||
|
||||
extern const uint8_t padding_sha256_rsa4096[];
|
||||
extern const uint8_t padding_sha256_rsa2048[];
|
||||
extern const uint8_t padding_sha1_rsa2048[];
|
||||
|
||||
void sha256_calculate(const struct image_region region[], int region_count,
|
||||
uint8_t *checksum);
|
||||
void sha1_calculate(const struct image_region region[], int region_count,
|
||||
uint8_t *checksum);
|
||||
|
||||
#endif
|
||||
117
include/u-boot/rsa.h
Normal file
117
include/u-boot/rsa.h
Normal file
@@ -0,0 +1,117 @@
|
||||
/*
|
||||
* Copyright (c) 2013, Google Inc.
|
||||
*
|
||||
* (C) Copyright 2008 Semihalf
|
||||
*
|
||||
* (C) Copyright 2000-2006
|
||||
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0+
|
||||
*/
|
||||
|
||||
#ifndef _RSA_H
|
||||
#define _RSA_H
|
||||
|
||||
#include <errno.h>
|
||||
#include <image.h>
|
||||
|
||||
/**
|
||||
* struct rsa_public_key - holder for a public key
|
||||
*
|
||||
* An RSA public key consists of a modulus (typically called N), the inverse
|
||||
* and R^2, where R is 2^(# key bits).
|
||||
*/
|
||||
|
||||
struct rsa_public_key {
|
||||
uint len; /* len of modulus[] in number of uint32_t */
|
||||
uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */
|
||||
uint32_t *modulus; /* modulus as little endian array */
|
||||
uint32_t *rr; /* R^2 as little endian array */
|
||||
};
|
||||
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
/**
|
||||
* sign() - calculate and return signature for given input data
|
||||
*
|
||||
* @info: Specifies key and FIT information
|
||||
* @data: Pointer to the input data
|
||||
* @data_len: Data length
|
||||
* @sigp: Set to an allocated buffer holding the signature
|
||||
* @sig_len: Set to length of the calculated hash
|
||||
*
|
||||
* This computes input data signature according to selected algorithm.
|
||||
* Resulting signature value is placed in an allocated buffer, the
|
||||
* pointer is returned as *sigp. The length of the calculated
|
||||
* signature is returned via the sig_len pointer argument. The caller
|
||||
* should free *sigp.
|
||||
*
|
||||
* @return: 0, on success, -ve on error
|
||||
*/
|
||||
int rsa_sign(struct image_sign_info *info,
|
||||
const struct image_region region[],
|
||||
int region_count, uint8_t **sigp, uint *sig_len);
|
||||
|
||||
/**
|
||||
* add_verify_data() - Add verification information to FDT
|
||||
*
|
||||
* Add public key information to the FDT node, suitable for
|
||||
* verification at run-time. The information added depends on the
|
||||
* algorithm being used.
|
||||
*
|
||||
* @info: Specifies key and FIT information
|
||||
* @keydest: Destination FDT blob for public key data
|
||||
* @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
|
||||
other -ve value on error
|
||||
*/
|
||||
int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
|
||||
#else
|
||||
static inline int rsa_sign(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t **sigp, uint *sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
static inline int rsa_add_verify_data(struct image_sign_info *info,
|
||||
void *keydest)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if IMAGE_ENABLE_VERIFY
|
||||
/**
|
||||
* rsa_verify() - Verify a signature against some data
|
||||
*
|
||||
* Verify a RSA PKCS1.5 signature against an expected hash.
|
||||
*
|
||||
* @info: Specifies key and FIT information
|
||||
* @data: Pointer to the input data
|
||||
* @data_len: Data length
|
||||
* @sig: Signature
|
||||
* @sig_len: Number of bytes in signature
|
||||
* @return 0 if verified, -ve on error
|
||||
*/
|
||||
int rsa_verify(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t *sig, uint sig_len);
|
||||
#else
|
||||
static inline int rsa_verify(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t *sig, uint sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
#endif
|
||||
|
||||
#define RSA2048_BYTES (2048 / 8)
|
||||
#define RSA4096_BYTES (4096 / 8)
|
||||
|
||||
/* This is the minimum/maximum key size we support, in bits */
|
||||
#define RSA_MIN_KEY_BITS 2048
|
||||
#define RSA_MAX_KEY_BITS 4096
|
||||
|
||||
/* This is the maximum signature length that we support, in bits */
|
||||
#define RSA_MAX_SIG_BITS 4096
|
||||
|
||||
#endif
|
||||
118
include/u-boot/sha1.h
Normal file
118
include/u-boot/sha1.h
Normal file
@@ -0,0 +1,118 @@
|
||||
/**
|
||||
* \file sha1.h
|
||||
* based from http://xyssl.org/code/source/sha1/
|
||||
* FIPS-180-1 compliant SHA-1 implementation
|
||||
*
|
||||
* Copyright (C) 2003-2006 Christophe Devine
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License, version 2.1 as published by the Free Software Foundation.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
||||
* MA 02110-1301 USA
|
||||
*/
|
||||
/*
|
||||
* The SHA-1 standard was published by NIST in 1993.
|
||||
*
|
||||
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
||||
*/
|
||||
#ifndef _SHA1_H
|
||||
#define _SHA1_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define SHA1_SUM_POS -0x20
|
||||
#define SHA1_SUM_LEN 20
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned long total[2]; /*!< number of bytes processed */
|
||||
unsigned long state[5]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
}
|
||||
sha1_context;
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context setup
|
||||
*
|
||||
* \param ctx SHA-1 context to be initialized
|
||||
*/
|
||||
void sha1_starts( sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process buffer
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void sha1_update(sha1_context *ctx, const unsigned char *input,
|
||||
unsigned int ilen);
|
||||
|
||||
/**
|
||||
* \brief SHA-1 final digest
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param output SHA-1 checksum result
|
||||
*/
|
||||
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-1 checksum result
|
||||
*/
|
||||
void sha1_csum(const unsigned char *input, unsigned int ilen,
|
||||
unsigned char *output);
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer ), with watchdog triggering
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-1 checksum result
|
||||
* \param chunk_sz watchdog triggering period (in bytes of input processed)
|
||||
*/
|
||||
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
|
||||
unsigned char *output, unsigned int chunk_sz);
|
||||
|
||||
/**
|
||||
* \brief Output = HMAC-SHA-1( input buffer, hmac key )
|
||||
*
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output HMAC-SHA-1 result
|
||||
*/
|
||||
void sha1_hmac(const unsigned char *key, int keylen,
|
||||
const unsigned char *input, unsigned int ilen,
|
||||
unsigned char *output);
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int sha1_self_test( void );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* sha1.h */
|
||||
22
include/u-boot/sha256.h
Normal file
22
include/u-boot/sha256.h
Normal file
@@ -0,0 +1,22 @@
|
||||
#ifndef _SHA256_H
|
||||
#define _SHA256_H
|
||||
|
||||
#define SHA256_SUM_LEN 32
|
||||
|
||||
/* Reset watchdog each time we process this many bytes */
|
||||
#define CHUNKSZ_SHA256 (64 * 1024)
|
||||
|
||||
typedef struct {
|
||||
uint32_t total[2];
|
||||
uint32_t state[8];
|
||||
uint8_t buffer[64];
|
||||
} sha256_context;
|
||||
|
||||
void sha256_starts(sha256_context * ctx);
|
||||
void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length);
|
||||
void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]);
|
||||
|
||||
void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
|
||||
unsigned char *output, unsigned int chunk_sz);
|
||||
|
||||
#endif /* _SHA256_H */
|
||||
Reference in New Issue
Block a user