[PATCH 0/8 v2] prepare for rsa support

[PATCH 0/8 v2] prepare for rsa support

[Jean-Christophe PLAGNIOL-VILLARD]

Hi,

	The following patch series prepare for the adding of the rsa digest
	support

	This will allow to verify a rsa signature of a file

	Introduction of a new command digest to handle the digest and check

	The next patch series will add RSA and keystore support

v2:

	- rebase on next
	- add pbkdf2 to password/login framework
	- command allow to have runtime output
	  used it in the new digest to print the supported algo


The following changes since commit bbba2d05585637d04657dce293c0cb0611dbfeea:

  Merge branch 'for-next/state' into next (2015-03-13 08:32:38 +0100)

are available in the git repository at:

  git://git.jcrosoft.org/barebox.git delivery/digest

for you to fetch changes up to dbce6c62a5ff7585150fdb8b044580a96751577c:

  digest: allow algo to specify their length at runtime (2015-03-14 09:56:36 +0800)

----------------------------------------------------------------
Jean-Christophe PLAGNIOL-VILLARD (8):
      digest: add verify callback
      command: rename digest.c to hashsum.c
      command: allow runtime usage
      command: add generic digest command
      digest: add digest callback
      crypto: add pbkdf2 hmac key generator
      password: add pbkdf2 support
      digest: allow algo to specify their length at runtime

 commands/Kconfig        |  26 +++++++++-----
 commands/Makefile       |   3 +-
 commands/digest.c       | 268 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------------------------------------------
 commands/hashsum.c      | 187 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/internal.h     |   3 ++
 common/Kconfig          |   4 +++
 common/command.c        |   2 ++
 common/password.c       |  79 +++++++++++++++++++++++++---------------
 crypto/Kconfig          |   5 +++
 crypto/Makefile         |   2 ++
 crypto/digest.c         |  67 ++++++++++++++++++++++++++++++----
 crypto/hmac.c           |   2 ++
 crypto/internal.h       |   4 +++
 crypto/md5.c            |   2 ++
 crypto/pbkdf2.c         |  94 ++++++++++++++++++++++++++++++++++++++++++++++++
 crypto/sha1.c           |   2 ++
 crypto/sha2.c           |   3 ++
 crypto/sha4.c           |   3 ++
 include/command.h       |   3 ++
 include/crypto/pbkdf2.h |  23 ++++++++++++
 include/digest.h        |  25 +++++++++++--
 21 files changed, 610 insertions(+), 197 deletions(-)
 create mode 100644 commands/hashsum.c
 create mode 100644 commands/internal.h
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 1/8] digest: add verify callback

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow to compare a md with the original one

When calling this do not call final

For RSA_SIGN verification final does not exist only verify
as final will be for signing

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 24 +++++++++++++++++++++++-
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  2 ++
 crypto/sha4.c     |  2 ++
 include/digest.h  |  6 ++++++
 8 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index c06089d..52e8796 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -26,6 +26,8 @@
 #include <module.h>
 #include <linux/err.h>
 
+#include "internal.h"
+
 static LIST_HEAD(digests);
 
 static struct digest_algo *digest_algo_get_by_name(const char *name);
@@ -37,9 +39,29 @@ static int dummy_init(struct digest *d)
 
 static void dummy_free(struct digest *d) {}
 
+int digest_generic_verify(struct digest *d, const unsigned char *md)
+{
+	int ret;
+	int len = digest_length(d);
+	unsigned char *tmp;
+
+	tmp = xmalloc(len);
+
+	ret = digest_final(d, tmp);
+	if (ret)
+		goto end;
+
+	ret = memcmp(md, tmp, len);
+	ret = ret ? -EINVAL : 0;
+end:
+	free(tmp);
+	return ret;
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
-	if (!d || !d->name || !d->update || !d->final || d->length < 1)
+	if (!d || !d->name || !d->update || !d->final || !d->verify ||
+	    d->length < 1)
 		return -EINVAL;
 
 	if (!d->init)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 1462730..f39e4c8 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.verify = digest_generic_verify,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
 	.ctx_length = sizeof(struct digest_hmac),
diff --git a/crypto/internal.h b/crypto/internal.h
index cc409d8..f482654 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -13,3 +13,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 	return 0;
 }
 #endif
+
+int digest_generic_verify(struct digest *d, const unsigned char *md);
diff --git a/crypto/md5.c b/crypto/md5.c
index fe17ff5..4847b38 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.verify = digest_generic_verify,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
 };
diff --git a/crypto/sha1.c b/crypto/sha1.c
index a244b5d..09dee87 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.verify = digest_generic_verify,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
 };
diff --git a/crypto/sha2.c b/crypto/sha2.c
index cb89c82..9bf6541 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -304,6 +304,7 @@ static struct digest_algo m224 = {
 	.init = digest_sha224_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verify,
 	.length = SHA224_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
@@ -335,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verify,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 1c768e7..5c3097d 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -309,6 +309,7 @@ static struct digest_algo m384 = {
 	.init = digest_sha384_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verify,
 	.length = SHA384_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
@@ -341,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verify,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
diff --git a/include/digest.h b/include/digest.h
index b890a7a..cba7814 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -32,6 +32,7 @@ struct digest_algo {
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
+	int (*verify)(struct digest *d, const unsigned char *md);
 
 	unsigned int length;
 	unsigned int ctx_length;
@@ -80,6 +81,11 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_verify(struct digest *d, const unsigned char *md)
+{
+	return d->algo->verify(d, md);
+}
+
 static inline int digest_length(struct digest *d)
 {
 	return d->algo->length;
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 2/8] command: rename digest.c to hashsum.c

[Jean-Christophe PLAGNIOL-VILLARD]

as I'll add a new generic command named digest

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig                 | 14 +++++++-------
 commands/Makefile                |  2 +-
 commands/{digest.c => hashsum.c} |  0
 3 files changed, 8 insertions(+), 8 deletions(-)
 rename commands/{digest.c => hashsum.c} (100%)

diff --git a/commands/Kconfig b/commands/Kconfig
index 286e9ce..7e3e8b7 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -12,7 +12,7 @@ config HAS_POWEROFF
 
 if COMMAND_SUPPORT
 
-config COMPILE_DIGEST
+config COMPILE_HASH
 	tristate
 	select DIGEST
 	help
@@ -917,7 +917,7 @@ config CMD_LS
 
 config CMD_MD5SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select MD5
 	prompt "md5sum"
 	help
@@ -982,7 +982,7 @@ config CMD_RMDIR
 
 config CMD_SHA1SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA1
 	prompt "sha1sum"
 	help
@@ -994,7 +994,7 @@ config CMD_SHA1SUM
 
 config CMD_SHA224SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA224
 	prompt "sha224sum"
 	help
@@ -1006,7 +1006,7 @@ config CMD_SHA224SUM
 
 config CMD_SHA256SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA256
 	prompt "sha256sum"
 	help
@@ -1018,7 +1018,7 @@ config CMD_SHA256SUM
 
 config CMD_SHA384SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA384
 	prompt "sha384sum"
 	help
@@ -1030,7 +1030,7 @@ config CMD_SHA384SUM
 
 config CMD_SHA512SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA512
 	prompt "sha512sum"
 	help
diff --git a/commands/Makefile b/commands/Makefile
index 7344e01..e42662f 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,5 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
-obj-$(CONFIG_COMPILE_DIGEST)	+= digest.o
+obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
 obj-$(CONFIG_CMD_UIMAGE)	+= uimage.o
diff --git a/commands/digest.c b/commands/hashsum.c
similarity index 100%
rename from commands/digest.c
rename to commands/hashsum.c
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 3/8] command: allow runtime usage

[Jean-Christophe PLAGNIOL-VILLARD]

This will allow as example to list the currently supported digest.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 common/command.c  | 2 ++
 include/command.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/common/command.c b/common/command.c
index 61191c2..dc2cb88 100644
--- a/common/command.c
+++ b/common/command.c
@@ -47,6 +47,8 @@ void barebox_cmd_usage(struct command *cmdtp)
 		puts(cmdtp->help);
 		putchar('\n');
 	}
+	if (cmdtp->usage)
+		cmdtp->usage();
 #endif
 }
 EXPORT_SYMBOL(barebox_cmd_usage);
diff --git a/include/command.h b/include/command.h
index 5d5bf53..3aca1a9 100644
--- a/include/command.h
+++ b/include/command.h
@@ -54,6 +54,7 @@ struct command {
 	uint32_t	group;
 #ifdef	CONFIG_LONGHELP
 	const char	*help;		/* Help  message	(long)	*/
+	void		(*usage)(void);
 #endif
 }
 #ifdef __x86_64__
@@ -115,8 +116,10 @@ static const __maybe_unused char cmd_##_name##_help[] =
 
 #ifdef CONFIG_LONGHELP
 #define BAREBOX_CMD_HELP(text)	.help = text,
+#define BAREBOX_CMD_USAGE(fn)	.usage = fn,
 #else
 #define BAREBOX_CMD_HELP(text)
+#define BAREBOX_CMD_USAGE(fn)
 #endif
 
 #define BAREBOX_CMD_GROUP(grp)	.group = grp,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 4/8] command: add generic digest command

[Jean-Christophe PLAGNIOL-VILLARD]

That can be used for digest calculation and verify

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig    |  12 +++-
 commands/Makefile   |   1 +
 commands/digest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/hashsum.c  |  68 ++++--------------
 commands/internal.h |   3 +
 crypto/digest.c     |  25 +++++--
 include/digest.h    |   8 ++-
 7 files changed, 248 insertions(+), 62 deletions(-)
 create mode 100644 commands/digest.c
 create mode 100644 commands/internal.h

diff --git a/commands/Kconfig b/commands/Kconfig
index 7e3e8b7..847ff76 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -14,7 +14,7 @@ if COMMAND_SUPPORT
 
 config COMPILE_HASH
 	tristate
-	select DIGEST
+	select CMD_DIGEST
 	help
 	  Turns on compilation of digest.c
 
@@ -842,6 +842,16 @@ config CMD_CMP
 
 	  Returns successfully if the two files are the same, return with an error if not
 
+config CMD_DIGEST
+	tristate
+	select DIGEST
+	prompt "digest"
+	help
+	  Usage: digest -a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA
+
+	  Calculate a digest over a FILE or a memory area with the possibility
+	  to checkit.
+
 config CMD_DIRNAME
 	tristate
 	prompt "dirname"
diff --git a/commands/Makefile b/commands/Makefile
index e42662f..b902f58 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,4 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
+obj-$(CONFIG_CMD_DIGEST)	+= digest.o
 obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
diff --git a/commands/digest.c b/commands/digest.c
new file mode 100644
index 0000000..fee4643
--- /dev/null
+++ b/commands/digest.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * GPLv2 ONLY
+ */
+
+#include <common.h>
+#include <command.h>
+#include <fs.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <xfuncs.h>
+#include <malloc.h>
+#include <digest.h>
+#include <getopt.h>
+#include <libfile.h>
+
+#include "internal.h"
+
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[])
+{
+	int ret = 0;
+	int i;
+	unsigned char *hash;
+
+	if (argc < 1)
+		return COMMAND_ERROR_USAGE;
+
+	hash = calloc(digest_length(d), sizeof(unsigned char));
+	if (!hash) {
+		perror("calloc");
+		return COMMAND_ERROR_USAGE;
+	}
+
+	while (*argv) {
+		char *filename = "/dev/mem";
+		loff_t start = 0, size = ~0;
+
+		/* arguments are either file, file+area or area */
+		if (parse_area_spec(*argv, &start, &size)) {
+			filename = *argv;
+			if (argv[1] && !parse_area_spec(argv[1], &start, &size))
+				argv++;
+		}
+
+		ret = digest_file_window(d, filename,
+					 key, keylen,
+					 hash, sig, start, size);
+		if (ret < 0) {
+			ret = 1;
+		} else {
+			if (!sig) {
+				for (i = 0; i < digest_length(d); i++)
+					printf("%02x", hash[i]);
+
+				printf("  %s\t0x%08llx ... 0x%08llx\n",
+					filename, start, start + size);
+			}
+		}
+
+		argv++;
+	}
+
+	free(hash);
+	digest_free(d);
+
+	return ret;
+}
+
+static void prints_algo_help(void)
+{
+	puts("\navailable algo:\n");
+	digest_algo_prints("\t");
+}
+
+static int do_digest(int argc, char *argv[])
+{
+	struct digest *d;
+	unsigned char *tmp_key = NULL;
+	unsigned char *tmp_sig = NULL;
+	char *sig = NULL;
+	char *sigfile = NULL;
+	size_t siglen = 0;
+	char *key = NULL;
+	char *keyfile = NULL;
+	size_t keylen = 0;
+	size_t digestlen = 0;
+	char *algo = NULL;
+	int opt, ret;
+
+	if (argc < 2)
+		return COMMAND_ERROR_USAGE;
+
+	while((opt = getopt(argc, argv, "a:k:K:s:S:")) > 0) {
+		switch(opt) {
+		case 'k':
+			key = optarg;
+			keylen = strlen(key);
+			break;
+		case 'K':
+			keyfile = optarg;
+			break;
+		case 'a':
+			algo = optarg;
+			break;
+		case 's':
+			sig = optarg;
+			siglen = strlen(sig);
+			break;
+		case 'S':
+			sigfile = optarg;
+			break;
+		}
+	}
+
+	if (!algo)
+		return COMMAND_ERROR_USAGE;
+
+	d = digest_alloc(algo);
+	if (!d) {
+		eprintf("algo '%s' not found\n", algo);
+		return COMMAND_ERROR_USAGE;
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (keyfile) {
+		tmp_key = key = read_file(keyfile, &keylen);
+		if (!key) {
+			eprintf("file '%s' not found\n", keyfile);
+			goto err;
+		}
+	}
+
+	digest_set_key(d, key, keylen);
+	free(tmp_key);
+
+	if (sigfile) {
+		sig = tmp_sig = read_file(sigfile, &siglen);
+		if (!tmp_sig) {
+			eprintf("file '%s' not found\n", sigfile);
+			goto err;
+		}
+	}
+
+	if (sig) {
+		digestlen = digest_length(d);
+		if (siglen == 2 * digestlen) {
+			if (!tmp_sig)
+				tmp_sig = xmalloc(digestlen);
+
+			ret = hex2bin(sig, tmp_sig, digestlen);
+			if (ret)
+				goto err;
+
+			sig = tmp_sig;
+		} else if (siglen != digestlen) {
+			eprintf("%s wrong size digest %ld expected %ld not found\n",
+				sigfile, siglen, digestlen);
+			goto err;
+		}
+	}
+
+	ret = __do_digest(d, NULL, 0, sig, argc, argv);
+	free(tmp_sig);
+	return ret;
+
+err:
+	digest_free(d);
+	return COMMAND_ERROR;
+}
+
+BAREBOX_CMD_HELP_START(digest)
+BAREBOX_CMD_HELP_TEXT("Calculate a digest over a FILE or a memory area.")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT ("-a <algo>\t",  "digest to use")
+BAREBOX_CMD_HELP_OPT ("-k <key>\t",  "key as text")
+BAREBOX_CMD_HELP_OPT ("-K <file>\t",  "key file")
+BAREBOX_CMD_HELP_OPT ("-s <sig>\t",  "digest")
+BAREBOX_CMD_HELP_OPT ("-S <file>\t",  "digest flie")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(digest)
+	.cmd		= do_digest,
+	BAREBOX_CMD_DESC("calculate digest")
+	BAREBOX_CMD_OPTS("-a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA")
+	BAREBOX_CMD_GROUP(CMD_GRP_FILE)
+	BAREBOX_CMD_HELP(cmd_digest_help)
+	BAREBOX_CMD_USAGE(prints_algo_help)
+BAREBOX_CMD_END
diff --git a/commands/hashsum.c b/commands/hashsum.c
index 701e6a1..dc48af5 100644
--- a/commands/hashsum.c
+++ b/commands/hashsum.c
@@ -27,12 +27,11 @@
 #include <digest.h>
 #include <getopt.h>
 
-static int do_digest(char *algorithm, int argc, char *argv[])
+#include "internal.h"
+
+static int do_hash(char *algo, int argc, char *argv[])
 {
 	struct digest *d;
-	int ret = 0;
-	int i;
-	unsigned char *hash;
 	unsigned char *key = NULL;
 	size_t keylen = 0;
 	int opt;
@@ -46,65 +45,26 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 		}
 	}
 
-	argc -= optind;
-	argv += optind;
-
 	if (key) {
-		char *tmp = asprintf("hmac(%s)", algorithm);
+		char *tmp = asprintf("hmac(%s)", algo);
 		d = digest_alloc(tmp);
 		free(tmp);
 	} else {
-		d = digest_alloc(algorithm);
+		d = digest_alloc(algo);
 	}
 	BUG_ON(!d);
 
-	if (argc < 1)
-		return COMMAND_ERROR_USAGE;
-
-	hash = calloc(digest_length(d), sizeof(unsigned char));
-	if (!hash) {
-		perror("calloc");
-		return COMMAND_ERROR_USAGE;
-	}
-
-	while (*argv) {
-		char *filename = "/dev/mem";
-		loff_t start = 0, size = ~0;
-
-		/* arguments are either file, file+area or area */
-		if (parse_area_spec(*argv, &start, &size)) {
-			filename = *argv;
-			if (argv[0] && !parse_area_spec(argv[0], &start, &size))
-				argv++;
-		}
-
-		ret = digest_file_window(d, filename,
-					 key, keylen,
-					 hash, start, size);
-		if (ret < 0) {
-			ret = 1;
-		} else {
-			for (i = 0; i < digest_length(d); i++)
-				printf("%02x", hash[i]);
-
-			printf("  %s\t0x%08llx ... 0x%08llx\n",
-				filename, start, start + size);
-		}
-
-		argv++;
-	}
-
-	free(hash);
-	digest_free(d);
+	argc -= optind;
+	argv += optind;
 
-	return ret;
+	return __do_digest(d, key, keylen, NULL, argc, argv);
 }
 
 #ifdef CONFIG_CMD_MD5SUM
 
 static int do_md5(int argc, char *argv[])
 {
-	return do_digest("md5", argc, argv);
+	return do_hash("md5", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(md5sum)
@@ -125,7 +85,7 @@ BAREBOX_CMD_END
 
 static int do_sha1(int argc, char *argv[])
 {
-	return do_digest("sha1", argc, argv);
+	return do_hash("sha1", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha1sum)
@@ -146,7 +106,7 @@ BAREBOX_CMD_END
 
 static int do_sha224(int argc, char *argv[])
 {
-	return do_digest("sha224", argc, argv);
+	return do_hash("sha224", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha224sum)
@@ -167,7 +127,7 @@ BAREBOX_CMD_END
 
 static int do_sha256(int argc, char *argv[])
 {
-	return do_digest("sha256", argc, argv);
+	return do_hash("sha256", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha256sum)
@@ -188,7 +148,7 @@ BAREBOX_CMD_END
 
 static int do_sha384(int argc, char *argv[])
 {
-	return do_digest("sha384", argc, argv);
+	return do_hash("sha384", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha384sum)
@@ -209,7 +169,7 @@ BAREBOX_CMD_END
 
 static int do_sha512(int argc, char *argv[])
 {
-	return do_digest("sha512", argc, argv);
+	return do_hash("sha512", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha512sum)
diff --git a/commands/internal.h b/commands/internal.h
new file mode 100644
index 0000000..29cc656
--- /dev/null
+++ b/commands/internal.h
@@ -0,0 +1,3 @@
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[]);
diff --git a/crypto/digest.c b/crypto/digest.c
index 52e8796..9fa5bba 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -106,6 +106,15 @@ static struct digest_algo *digest_algo_get_by_name(const char *name)
 	return NULL;
 }
 
+void digest_algo_prints(const char *prefix)
+{
+	struct digest_algo* d;
+
+	list_for_each_entry(d, &digests, list) {
+		printf("%s%s\n", prefix, d->name);
+	}
+}
+
 struct digest *digest_alloc(const char *name)
 {
 	struct digest *d;
@@ -140,6 +149,7 @@ EXPORT_SYMBOL_GPL(digest_free);
 int digest_file_window(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size)
 {
 	ulong len = 0;
@@ -199,7 +209,10 @@ int digest_file_window(struct digest *d, const char *filename,
 		len += now;
 	}
 
-	digest_final(d, hash);
+	if (sig)
+		ret = digest_verify(d, sig);
+	else
+		digest_final(d, hash);
 
 out_free:
 	if (flags)
@@ -213,7 +226,8 @@ EXPORT_SYMBOL_GPL(digest_file_window);
 
 int digest_file(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct stat st;
 	int ret;
@@ -223,13 +237,14 @@ int digest_file(struct digest *d, const char *filename,
 	if (ret < 0)
 		return ret;
 
-	return digest_file_window(d, filename, key, keylen, hash, 0, st.st_size);
+	return digest_file_window(d, filename, key, keylen, hash, sig, 0, st.st_size);
 }
 EXPORT_SYMBOL_GPL(digest_file);
 
 int digest_file_by_name(const char *algo, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct digest *d;
 	int ret;
@@ -238,7 +253,7 @@ int digest_file_by_name(const char *algo, const char *filename,
 	if (!d)
 		return -EIO;
 
-	ret = digest_file(d, filename, key, keylen, hash);
+	ret = digest_file(d, filename, key, keylen, hash, sig);
 	digest_free(d);
 	return ret;
 }
diff --git a/include/digest.h b/include/digest.h
index cba7814..ec904f0 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -50,6 +50,7 @@ struct digest {
  */
 int digest_algo_register(struct digest_algo *d);
 void digest_algo_unregister(struct digest_algo *d);
+void digest_algo_prints(const char *prefix);
 
 struct digest *digest_alloc(const char *name);
 void digest_free(struct digest *d);
@@ -57,13 +58,16 @@ void digest_free(struct digest *d);
 int digest_file_window(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size);
 int digest_file(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 int digest_file_by_name(const char *algo, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 
 static inline int digest_init(struct digest *d)
 {
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 5/8] digest: add digest callback

[Jean-Christophe PLAGNIOL-VILLARD]

Combination of @init and @update and @final. This function
effectively behaves as the entire chain of operations, @init,
@update and @final issued in sequence. This is added for hardware
which cannot do even the @finup, but can only do the whole
transformation in one run.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 18 ++++++++++++++++++
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  1 +
 crypto/sha4.c     |  1 +
 include/digest.h  |  8 ++++++++
 8 files changed, 33 insertions(+)

diff --git a/crypto/digest.c b/crypto/digest.c
index 9fa5bba..c261f7e 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -58,6 +58,24 @@ end:
 	return ret;
 }
 
+int digest_generic_digest(struct digest *d, const void *data,
+			  unsigned int len, u8 *md)
+
+{
+	int ret;
+
+	if (!data || len == 0 || !md)
+		return -EINVAL;
+
+	ret = digest_init(d);
+	if (ret)
+		return ret;
+	ret = digest_update(d, data, len);
+	if (ret)
+		return ret;
+	return digest_final(d, md);
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
 	if (!d || !d->name || !d->update || !d->final || !d->verify ||
diff --git a/crypto/hmac.c b/crypto/hmac.c
index f39e4c8..b1c17af 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
diff --git a/crypto/internal.h b/crypto/internal.h
index f482654..c6f5908 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -15,3 +15,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 #endif
 
 int digest_generic_verify(struct digest *d, const unsigned char *md);
+int digest_generic_digest(struct digest *d, const void *data,
+			  unsigned int len, u8 *out);
diff --git a/crypto/md5.c b/crypto/md5.c
index 4847b38..b7ad6f2 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
diff --git a/crypto/sha1.c b/crypto/sha1.c
index 09dee87..b108f8a 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
diff --git a/crypto/sha2.c b/crypto/sha2.c
index 9bf6541..375a40e 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -336,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 5c3097d..1b91e7f 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -342,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
diff --git a/include/digest.h b/include/digest.h
index ec904f0..8250ca7 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -31,6 +31,8 @@ struct digest_algo {
 	int (*init)(struct digest *d);
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
+	int (*digest)(struct digest *d, const void *data,
+		      unsigned int len, u8 *out);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
 	int (*verify)(struct digest *d, const unsigned char *md);
 
@@ -85,6 +87,12 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_digest(struct digest *d, const void *data,
+		      unsigned int len, u8 *md)
+{
+	return d->algo->digest(d, data, len, md);
+}
+
 static inline int digest_verify(struct digest *d, const unsigned char *md)
 {
 	return d->algo->verify(d, md);
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 6/8] crypto: add pbkdf2 hmac key generator

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow to generate a KEY + IV based on a password and salt for AES
encryption/decryption as example

or simply the key for hmac or rsa from text password

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/Kconfig          |  5 +++
 crypto/Makefile         |  2 ++
 crypto/pbkdf2.c         | 94 +++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/pbkdf2.h | 23 ++++++++++++
 4 files changed, 124 insertions(+)
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index e72b91e..b721e30 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -34,3 +34,8 @@ config DIGEST_HMAC
 	bool "HMAC"
 
 endif
+
+config CRYPTO_PBKDF2
+	select DIGEST
+	select SHA1
+	bool
diff --git a/crypto/Makefile b/crypto/Makefile
index ff5c289..0bb67d5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -9,3 +9,5 @@ obj-$(CONFIG_SHA224)	+= sha2.o
 obj-$(CONFIG_SHA256)	+= sha2.o
 obj-$(CONFIG_SHA384)	+= sha4.o
 obj-$(CONFIG_SHA512)	+= sha4.o
+
+obj-$(CONFIG_CRYPTO_PBKDF2)	+= pbkdf2.o
diff --git a/crypto/pbkdf2.c b/crypto/pbkdf2.c
new file mode 100644
index 0000000..c4ba7be
--- /dev/null
+++ b/crypto/pbkdf2.c
@@ -0,0 +1,94 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include <errno.h>
+#include <crypto/pbkdf2.h>
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key)
+{
+	int i, j, k;
+	unsigned char cnt[4];
+	uint32_t pass_len;
+	unsigned char *tmpdgt;
+	uint32_t d_len;
+	int ret;
+
+	if (!d)
+		return -EINVAL;
+
+	d_len = digest_length(d);
+	tmpdgt = malloc(d_len);
+	if (!tmpdgt)
+		return -ENOMEM;
+
+	i = 1;
+
+	ret = digest_set_key(d, pwd, pwd_len);
+	if (ret)
+		goto err;
+
+	while (key_len) {
+		pass_len = min(key_len, d_len);
+		cnt[0] = (i >> 24) & 0xff;
+		cnt[1] = (i >> 16) & 0xff;
+		cnt[2] = (i >> 8) & 0xff;
+		cnt[3] = i & 0xff;
+		ret = digest_init(d);
+		if (ret)
+			goto err;
+		ret = digest_update(d, salt, salt_len);
+		if (ret)
+			goto err;
+		ret = digest_update(d, cnt, 4);
+		if (ret)
+			goto err;
+		ret = digest_final(d, tmpdgt);
+		if (ret)
+			goto err;
+
+		memcpy(key, tmpdgt, pass_len);
+
+		for (j = 1; j < iteration; j++) {
+			ret = digest_digest(d, tmpdgt, d_len, tmpdgt);
+			if (ret)
+				goto err;
+
+			for(k = 0; k < pass_len; k++)
+				key[k] ^= tmpdgt[k];
+		}
+
+		key_len -= pass_len;
+		key += pass_len;
+		i++;
+	}
+
+	ret = 0;
+err:
+	free(tmpdgt);
+
+	return ret;;
+}
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iter,
+			   uint32_t key_len, unsigned char *key)
+{
+	int ret;
+	struct digest* d = digest_alloc("hmac(sha1)");
+
+	ret = pkcs5_pbkdf2_hmac(d, pwd, pwd_len, salt, salt_len, iter,
+				 key_len, key);
+
+	digest_free(d);
+	return ret;
+}
diff --git a/include/crypto/pbkdf2.h b/include/crypto/pbkdf2.h
new file mode 100644
index 0000000..fa66675
--- /dev/null
+++ b/include/crypto/pbkdf2.h
@@ -0,0 +1,23 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#ifndef __PBKDF2_H__
+#define __PBKDF2_H__
+
+#include <digest.h>
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iteration,
+			   uint32_t key_len, unsigned char *buf);
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key);
+
+#endif /* __PBKDF2_H__ */
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 7/8] password: add pbkdf2 support

[Jean-Christophe PLAGNIOL-VILLARD]

We will use "barebox_password" as salt and 10000 round to generate a
64 bytes key.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 common/Kconfig    |  4 +++
 common/password.c | 79 +++++++++++++++++++++++++++++++++++--------------------
 2 files changed, 55 insertions(+), 28 deletions(-)

diff --git a/common/Kconfig b/common/Kconfig
index 96ace6b..ad8a596 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -453,6 +453,10 @@ config PASSWD_SUM_SHA512
 	bool "SHA512"
 	select SHA512
 
+config PASSWD_CRYPTO_PBKDF2
+	bool "PBKDF2"
+	select CRYPTO_PBKDF2
+
 endchoice
 
 endif
diff --git a/common/password.c b/common/password.c
index 6ecf717..0e1db61 100644
--- a/common/password.c
+++ b/common/password.c
@@ -26,6 +26,7 @@
 #include <xfuncs.h>
 #include <clock.h>
 #include <generated/passwd.h>
+#include <crypto/pbkdf2.h>
 
 #if defined(CONFIG_PASSWD_SUM_MD5)
 #define PASSWD_SUM "md5"
@@ -35,8 +36,14 @@
 #define PASSWD_SUM "sha256"
 #elif defined(CONFIG_PASSWD_SUM_SHA512)
 #define PASSWD_SUM "sha512"
+#else
+#define PASSWD_SUM	NULL
 #endif
 
+#define PBKDF2_SALT	"barebox_password"
+#define PBKDF2_LENGTH	64
+#define PBKDF2_COUNT	10000
+
 int password(unsigned char *passwd, size_t length, int flags, int timeout)
 {
 	unsigned char *buf = passwd;
@@ -277,45 +284,50 @@ EXPORT_SYMBOL(write_env_passwd);
 
 static int __check_passwd(unsigned char* passwd, size_t length, int std)
 {
-	struct digest *d;
+	struct digest *d = NULL;
 	unsigned char *passwd1_sum;
 	unsigned char *passwd2_sum;
 	int ret = 0;
+	int hash_len;
 
-	d = digest_alloc(PASSWD_SUM);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		hash_len = PBKDF2_LENGTH;
+	} else {
+		d = digest_alloc(PASSWD_SUM);
 
-	passwd1_sum = calloc(digest_length(d), sizeof(unsigned char));
+		hash_len = digest_length(d);
+	}
 
+	passwd1_sum = calloc(hash_len * 2, sizeof(unsigned char));
 	if (!passwd1_sum)
 		return -ENOMEM;
 
-	passwd2_sum = calloc(digest_length(d), sizeof(unsigned char));
-
-	if (!passwd2_sum) {
-		ret = -ENOMEM;
-		goto err1;
-	}
+	passwd2_sum = passwd1_sum + hash_len;
 
-	digest_init(d);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		char *salt = PBKDF2_SALT;
 
-	digest_update(d, passwd, length);
+		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt, strlen(salt),
+					PBKDF2_COUNT, hash_len, passwd1_sum);
+	} else {
+		ret = digest_digest(d, passwd, length, passwd1_sum);
+	}
 
-	digest_final(d, passwd1_sum);
+	if (ret)
+		goto err;
 
 	if (std)
-		ret = read_env_passwd(passwd2_sum, digest_length(d));
+		ret = read_env_passwd(passwd2_sum, hash_len);
 	else
-		ret = read_default_passwd(passwd2_sum, digest_length(d));
+		ret = read_default_passwd(passwd2_sum, hash_len);
 
 	if (ret < 0)
-		goto err2;
+		goto err;
 
-	if (strncmp(passwd1_sum, passwd2_sum, digest_length(d)) == 0)
+	if (strncmp(passwd1_sum, passwd2_sum, hash_len) == 0)
 		ret = 1;
 
-err2:
-	free(passwd2_sum);
-err1:
+err:
 	free(passwd1_sum);
 	digest_free(d);
 
@@ -346,25 +358,36 @@ int check_passwd(unsigned char* passwd, size_t length)
 
 int set_env_passwd(unsigned char* passwd, size_t length)
 {
-	struct digest *d;
+	struct digest *d = NULL;
 	unsigned char *passwd_sum;
-	int ret;
+	int ret, hash_len;
 
-	d = digest_alloc(PASSWD_SUM);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		hash_len = PBKDF2_LENGTH;
+	} else {
+		d = digest_alloc(PASSWD_SUM);
 
-	passwd_sum = calloc(digest_length(d), sizeof(unsigned char));
+		hash_len = digest_length(d);
+	}
 
+	passwd_sum = calloc(hash_len, sizeof(unsigned char));
 	if (!passwd_sum)
 		return -ENOMEM;
 
-	digest_init(d);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		char *salt = PBKDF2_SALT;
 
-	digest_update(d, passwd, length);
-
-	digest_final(d, passwd_sum);
+		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt, strlen(salt),
+				       PBKDF2_COUNT, hash_len, passwd_sum);
+	} else {
+		ret = digest_digest(d, passwd, length, passwd_sum);
+	}
+	if (ret)
+		goto err;
 
-	ret = write_env_passwd(passwd_sum, digest_length(d));
+	ret = write_env_passwd(passwd_sum, hash_len);
 
+err:
 	free(passwd_sum);
 
 	return ret;
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 8/8] digest: allow algo to specify their length at runtime

[Jean-Christophe PLAGNIOL-VILLARD]

such as RSA as we load a DER key we will detect the key size
at runtime and so the algo length.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 include/digest.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/digest.h b/include/digest.h
index 8250ca7..41ad912 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -45,6 +45,7 @@ struct digest_algo {
 struct digest {
 	struct digest_algo *algo;
 	void *ctx;
+	unsigned int length;
 };
 
 /*
@@ -100,7 +101,7 @@ static inline int digest_verify(struct digest *d, const unsigned char *md)
 
 static inline int digest_length(struct digest *d)
 {
-	return d->algo->length;
+	return d->length ? d->length : d->algo->length;
 }
 
 static inline int digest_set_key(struct digest *d, const unsigned char *key,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox