Commit graph

9 commits

Author SHA1 Message Date
AKASHI Takahiro
b124efc09f lib: crypto: add mscode_parser
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.

This parser is used in image authentication to parse the field and
retrieve a message digest.

Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
Alexandru Gagniuc
1d54af1392 dm: crypto: Define UCLASS API for ECDSA signature verification
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
AKASHI Takahiro
5ee81c6e3f lib: crypto: export and enhance pkcs7_verify_one()
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:37:17 +02:00
AKASHI Takahiro
b2a1049b5c lib: crypto: add public_key_verify_signature()
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:33:55 +02:00
Heinrich Schuchardt
b9f217a4cb lib/crypto: use qualified path for x509_parser.h
Use the path relative to /include for x509_parser.h in pkcs7_parser.h.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
e3f5c9cb0f lib/crypto, efi_loader: move some headers to include/crypto
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
e85a787c7d lib: crypto: add pkcs7 message parser
Imported from linux kernel v5.3:
 pkcs7.asn1 without changes
 pkcs7.h with changes marked as __UBOOT__
 pkcs7_parser.h without changes
 pkcs7_parser.c with changes marked as __UBOOT__

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2019-12-06 16:44:20 -05:00
AKASHI Takahiro
9b933bf6f4 lib: crypto: add rsa public key parser
Imported from linux kernel v5.3:
rsapubkey.asn1 without changes
rsa.h without changes
rsa_helper.c with changes marked as __UBOOT__

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2019-12-06 16:44:20 -05:00
AKASHI Takahiro
c4e961ecec lib: crypto: add public key utility
Imported from linux kernel v5.3:
 asymmetric-type.h with changes marked as __UBOOT__
 asymmetric_type.c with changes marked as __UBOOT__
 public_key.h with changes marked as __UBOOT__
 public_key.c with changes marked as __UBOOT__

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2019-12-06 16:44:20 -05:00