[PATCH 0/9 v4] prepare for rsa support

[PATCH 0/9 v4] prepare for rsa support

[Jean-Christophe PLAGNIOL-VILLARD]

Hi,

	The following patch series prepare for the adding of the rsa digest
	support

	This will allow to verify a rsa signature of a file

	Introduction of a new command digest to handle the digest and check

	The next patch series will add RSA and keystore support

v2:

	- rebase on next
	- add pbkdf2 to password/login framework
	- command allow to have runtime output
	  used it in the new digest to print the supported algo

v3:
	add more fix to ensure all the digest_xx call return are checked

v4:
	- drop key params for digest_file_window/digest_file/digest_file_by_name
	- digest improve help

please pull
The following changes since commit bbba2d05585637d04657dce293c0cb0611dbfeea:

  Merge branch 'for-next/state' into next (2015-03-13 08:32:38 +0100)

are available in the git repository at:

  git://git.jcrosoft.org/barebox.git delivery/digest

for you to fetch changes up to 50b6b7d02eb109ba2807c2bb6e740fa01cdedc24:

  command: add generic digest command (2015-03-15 06:28:34 +0800)

----------------------------------------------------------------
Jean-Christophe PLAGNIOL-VILLARD (9):
      crypto: digest: digest_file_window: check every digest_xxx return
      crypto: digest: digest_file_window/digest_file/digest_file_by_name drop key params
      digest: add verify callback
      digest: add digest callback
      crypto: hmac: use digest_digest and check the return of every digest_xxx
      crypto: add pbkdf2 hmac key generator
      command: allow runtime usage
      command: rename digest.c to hashsum.c
      command: add generic digest command

 commands/Kconfig        |  26 ++++++++++++------
 commands/Makefile       |   3 ++-
 commands/digest.c       | 283 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------------------------------------------------------------
 commands/hashsum.c      | 187 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/internal.h     |   3 +++
 common/command.c        |   2 ++
 crypto/Kconfig          |   5 ++++
 crypto/Makefile         |   2 ++
 crypto/digest.c         |  81 +++++++++++++++++++++++++++++++++++++++++++++----------
 crypto/hmac.c           |  51 ++++++++++++++++++++++-------------
 crypto/internal.h       |   4 +++
 crypto/md5.c            |   2 ++
 crypto/pbkdf2.c         |  94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 crypto/sha1.c           |   2 ++
 crypto/sha2.c           |   3 +++
 crypto/sha4.c           |   3 +++
 include/command.h       |   3 +++
 include/crypto/pbkdf2.h |  23 ++++++++++++++++
 include/digest.h        |  25 +++++++++++++----
 19 files changed, 603 insertions(+), 199 deletions(-)
 create mode 100644 commands/hashsum.c
 create mode 100644 commands/internal.h
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 1/9] crypto: digest: digest_file_window: check every digest_xxx return

[Jean-Christophe PLAGNIOL-VILLARD]

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index c06089d..2228ec7 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -128,7 +128,9 @@ int digest_file_window(struct digest *d, const char *filename,
 	if (key)
 		digest_set_key(d, key, keylen);
 
-	digest_init(d);
+	ret = digest_init(d);
+	if (ret)
+		return ret;
 
 	fd = open(filename, O_RDONLY);
 	if (fd < 0) {
@@ -172,12 +174,14 @@ int digest_file_window(struct digest *d, const char *filename,
 			goto out_free;
 		}
 
-		digest_update(d, buf, now);
+		ret = digest_update(d, buf, now);
+		if (ret)
+			goto out_free;
 		size -= now;
 		len += now;
 	}
 
-	digest_final(d, hash);
+	ret = digest_final(d, hash);
 
 out_free:
 	if (flags)
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 2/9] crypto: digest: digest_file_window/digest_file/digest_file_by_name drop key params

[Jean-Christophe PLAGNIOL-VILLARD]

expect the key to be set before calling

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/digest.c | 10 ++++++++--
 crypto/digest.c   | 10 ++--------
 include/digest.h  |  3 ---
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/commands/digest.c b/commands/digest.c
index 701e6a1..fa692eb 100644
--- a/commands/digest.c
+++ b/commands/digest.c
@@ -52,11 +52,17 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 	if (key) {
 		char *tmp = asprintf("hmac(%s)", algorithm);
 		d = digest_alloc(tmp);
+		BUG_ON(!d);
+		ret = digest_sey_key(d, key, keylen);
 		free(tmp);
+		if (ret) {
+			perror("set_key");
+			goto err;
+		}
 	} else {
 		d = digest_alloc(algorithm);
+		BUG_ON(!d);
 	}
-	BUG_ON(!d);
 
 	if (argc < 1)
 		return COMMAND_ERROR_USAGE;
@@ -79,7 +85,6 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 		}
 
 		ret = digest_file_window(d, filename,
-					 key, keylen,
 					 hash, start, size);
 		if (ret < 0) {
 			ret = 1;
@@ -94,6 +99,7 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 		argv++;
 	}
 
+err:
 	free(hash);
 	digest_free(d);
 
diff --git a/crypto/digest.c b/crypto/digest.c
index 2228ec7..208a204 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -116,7 +116,6 @@ void digest_free(struct digest *d)
 EXPORT_SYMBOL_GPL(digest_free);
 
 int digest_file_window(struct digest *d, const char *filename,
-		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
 		       ulong start, ulong size)
 {
@@ -125,9 +124,6 @@ int digest_file_window(struct digest *d, const char *filename,
 	unsigned char *buf;
 	int flags = 0;
 
-	if (key)
-		digest_set_key(d, key, keylen);
-
 	ret = digest_init(d);
 	if (ret)
 		return ret;
@@ -194,7 +190,6 @@ out:
 EXPORT_SYMBOL_GPL(digest_file_window);
 
 int digest_file(struct digest *d, const char *filename,
-		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash)
 {
 	struct stat st;
@@ -205,12 +200,11 @@ int digest_file(struct digest *d, const char *filename,
 	if (ret < 0)
 		return ret;
 
-	return digest_file_window(d, filename, key, keylen, hash, 0, st.st_size);
+	return digest_file_window(d, filename, hash, 0, st.st_size);
 }
 EXPORT_SYMBOL_GPL(digest_file);
 
 int digest_file_by_name(const char *algo, const char *filename,
-		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash)
 {
 	struct digest *d;
@@ -220,7 +214,7 @@ int digest_file_by_name(const char *algo, const char *filename,
 	if (!d)
 		return -EIO;
 
-	ret = digest_file(d, filename, key, keylen, hash);
+	ret = digest_file(d, filename, hash);
 	digest_free(d);
 	return ret;
 }
diff --git a/include/digest.h b/include/digest.h
index b890a7a..1c742f6 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -54,14 +54,11 @@ struct digest *digest_alloc(const char *name);
 void digest_free(struct digest *d);
 
 int digest_file_window(struct digest *d, const char *filename,
-		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
 		       ulong start, ulong size);
 int digest_file(struct digest *d, const char *filename,
-		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash);
 int digest_file_by_name(const char *algo, const char *filename,
-		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash);
 
 static inline int digest_init(struct digest *d)
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 3/9] digest: add verify callback

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow to compare a md with the original one

When calling this do not call final

For RSA_SIGN verification final does not exist only verify
as final will be for signing

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 24 +++++++++++++++++++++++-
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  2 ++
 crypto/sha4.c     |  2 ++
 include/digest.h  |  6 ++++++
 8 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index 208a204..7869c04 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -26,6 +26,8 @@
 #include <module.h>
 #include <linux/err.h>
 
+#include "internal.h"
+
 static LIST_HEAD(digests);
 
 static struct digest_algo *digest_algo_get_by_name(const char *name);
@@ -37,9 +39,29 @@ static int dummy_init(struct digest *d)
 
 static void dummy_free(struct digest *d) {}
 
+int digest_generic_verify(struct digest *d, const unsigned char *md)
+{
+	int ret;
+	int len = digest_length(d);
+	unsigned char *tmp;
+
+	tmp = xmalloc(len);
+
+	ret = digest_final(d, tmp);
+	if (ret)
+		goto end;
+
+	ret = memcmp(md, tmp, len);
+	ret = ret ? -EINVAL : 0;
+end:
+	free(tmp);
+	return ret;
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
-	if (!d || !d->name || !d->update || !d->final || d->length < 1)
+	if (!d || !d->name || !d->update || !d->final || !d->verify ||
+	    d->length < 1)
 		return -EINVAL;
 
 	if (!d->init)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 1462730..f39e4c8 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.verify = digest_generic_verify,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
 	.ctx_length = sizeof(struct digest_hmac),
diff --git a/crypto/internal.h b/crypto/internal.h
index cc409d8..f482654 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -13,3 +13,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 	return 0;
 }
 #endif
+
+int digest_generic_verify(struct digest *d, const unsigned char *md);
diff --git a/crypto/md5.c b/crypto/md5.c
index fe17ff5..4847b38 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.verify = digest_generic_verify,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
 };
diff --git a/crypto/sha1.c b/crypto/sha1.c
index a244b5d..09dee87 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.verify = digest_generic_verify,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
 };
diff --git a/crypto/sha2.c b/crypto/sha2.c
index cb89c82..9bf6541 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -304,6 +304,7 @@ static struct digest_algo m224 = {
 	.init = digest_sha224_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verify,
 	.length = SHA224_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
@@ -335,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verify,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 1c768e7..5c3097d 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -309,6 +309,7 @@ static struct digest_algo m384 = {
 	.init = digest_sha384_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verify,
 	.length = SHA384_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
@@ -341,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verify,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
diff --git a/include/digest.h b/include/digest.h
index 1c742f6..5d1d80c 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -32,6 +32,7 @@ struct digest_algo {
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
+	int (*verify)(struct digest *d, const unsigned char *md);
 
 	unsigned int length;
 	unsigned int ctx_length;
@@ -77,6 +78,11 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_verify(struct digest *d, const unsigned char *md)
+{
+	return d->algo->verify(d, md);
+}
+
 static inline int digest_length(struct digest *d)
 {
 	return d->algo->length;
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 4/9] digest: add digest callback

[Jean-Christophe PLAGNIOL-VILLARD]

Combination of @init and @update and @final. This function
effectively behaves as the entire chain of operations, @init,
@update and @final issued in sequence. This is added for hardware
which cannot do even the @finup, but can only do the whole
transformation in one run.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 18 ++++++++++++++++++
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  1 +
 crypto/sha4.c     |  1 +
 include/digest.h  |  8 ++++++++
 8 files changed, 33 insertions(+)

diff --git a/crypto/digest.c b/crypto/digest.c
index 7869c04..7670ed0 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -58,6 +58,24 @@ end:
 	return ret;
 }
 
+int digest_generic_digest(struct digest *d, const void *data,
+			  unsigned int len, u8 *md)
+
+{
+	int ret;
+
+	if (!data || len == 0 || !md)
+		return -EINVAL;
+
+	ret = digest_init(d);
+	if (ret)
+		return ret;
+	ret = digest_update(d, data, len);
+	if (ret)
+		return ret;
+	return digest_final(d, md);
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
 	if (!d || !d->name || !d->update || !d->final || !d->verify ||
diff --git a/crypto/hmac.c b/crypto/hmac.c
index f39e4c8..b1c17af 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
diff --git a/crypto/internal.h b/crypto/internal.h
index f482654..c6f5908 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -15,3 +15,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 #endif
 
 int digest_generic_verify(struct digest *d, const unsigned char *md);
+int digest_generic_digest(struct digest *d, const void *data,
+			  unsigned int len, u8 *out);
diff --git a/crypto/md5.c b/crypto/md5.c
index 4847b38..b7ad6f2 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
diff --git a/crypto/sha1.c b/crypto/sha1.c
index 09dee87..b108f8a 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
diff --git a/crypto/sha2.c b/crypto/sha2.c
index 9bf6541..375a40e 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -336,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 5c3097d..1b91e7f 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -342,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
diff --git a/include/digest.h b/include/digest.h
index 5d1d80c..718793a 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -31,6 +31,8 @@ struct digest_algo {
 	int (*init)(struct digest *d);
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
+	int (*digest)(struct digest *d, const void *data,
+		      unsigned int len, u8 *out);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
 	int (*verify)(struct digest *d, const unsigned char *md);
 
@@ -78,6 +80,12 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_digest(struct digest *d, const void *data,
+		      unsigned int len, u8 *md)
+{
+	return d->algo->digest(d, data, len, md);
+}
+
 static inline int digest_verify(struct digest *d, const unsigned char *md)
 {
 	return d->algo->verify(d, md);
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 5/9] crypto: hmac: use digest_digest and check the return of every digest_xxx

[Jean-Christophe PLAGNIOL-VILLARD]

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/hmac.c | 49 +++++++++++++++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index b1c17af..c2195d9 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -62,15 +62,15 @@ static int digest_hmac_set_key(struct digest *d, const unsigned char *key,
 {
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
+	unsigned char *sum = NULL;
+	int ret;
 
 	free(dh->key);
 	if (len > hmac->pad_length) {
-		unsigned char *sum;
-
 		sum = xmalloc(digest_length(dh->d));
-		digest_init(dh->d);
-		digest_update(dh->d, dh->key, dh->keylen);
-		digest_final(dh->d, sum);
+		ret = digest_digest(dh->d, dh->key, dh->keylen, sum);
+		if (ret)
+			goto err;
 		dh->keylen = digest_length(dh->d);
 		dh->key = sum;
 	} else {
@@ -79,14 +79,17 @@ static int digest_hmac_set_key(struct digest *d, const unsigned char *key,
 		dh->keylen = len;
 	}
 
-	return 0;
+	ret = 0;
+err:
+	free(sum);
+	return ret;
 }
 
 static int digest_hmac_init(struct digest *d)
 {
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
-	int i;
+	int i, ret;
 	unsigned char *key = dh->key;
 	unsigned int keylen = dh->keylen;
 
@@ -98,10 +101,10 @@ static int digest_hmac_init(struct digest *d)
 		dh->opad[i] = (unsigned char)(dh->opad[i] ^ key[i]);
 	}
 
-	digest_init(dh->d);
-	digest_update(dh->d, dh->ipad, hmac->pad_length);
-
-	return 0;
+	ret = digest_init(dh->d);
+	if (ret)
+		return ret;
+	return digest_update(dh->d, dh->ipad, hmac->pad_length);
 }
 
 static int digest_hmac_update(struct digest *d, const void *data,
@@ -117,18 +120,28 @@ static int digest_hmac_final(struct digest *d, unsigned char *md)
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
 	unsigned char *tmp = NULL;
+	int ret;
 
 	tmp = xmalloc(digest_length(d));
 
-	digest_final(dh->d, tmp);
-	digest_init(dh->d);
-	digest_update(dh->d, dh->opad, hmac->pad_length);
-	digest_update(dh->d, tmp, digest_length(d));
-	digest_final(dh->d, md);
-
+	ret = digest_final(dh->d, tmp);
+	if (ret)
+		goto err;
+	ret = digest_init(dh->d);
+	if (ret)
+		goto err;
+	ret = digest_update(dh->d, dh->opad, hmac->pad_length);
+	if (ret)
+		goto err;
+	ret = digest_update(dh->d, tmp, digest_length(d));
+	if (ret)
+		goto err;
+	ret = digest_final(dh->d, md);
+
+err:
 	free(tmp);
 
-	return 0;
+	return ret;
 }
 
 struct digest_algo hmac_algo = {
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 6/9] crypto: add pbkdf2 hmac key generator

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow to generate a KEY + IV based on a password and salt for AES
encryption/decryption as example

or simply the key for hmac or rsa from text password

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/Kconfig          |  5 +++
 crypto/Makefile         |  2 ++
 crypto/pbkdf2.c         | 94 +++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/pbkdf2.h | 23 ++++++++++++
 4 files changed, 124 insertions(+)
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index e72b91e..b721e30 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -34,3 +34,8 @@ config DIGEST_HMAC
 	bool "HMAC"
 
 endif
+
+config CRYPTO_PBKDF2
+	select DIGEST
+	select SHA1
+	bool
diff --git a/crypto/Makefile b/crypto/Makefile
index ff5c289..0bb67d5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -9,3 +9,5 @@ obj-$(CONFIG_SHA224)	+= sha2.o
 obj-$(CONFIG_SHA256)	+= sha2.o
 obj-$(CONFIG_SHA384)	+= sha4.o
 obj-$(CONFIG_SHA512)	+= sha4.o
+
+obj-$(CONFIG_CRYPTO_PBKDF2)	+= pbkdf2.o
diff --git a/crypto/pbkdf2.c b/crypto/pbkdf2.c
new file mode 100644
index 0000000..c4ba7be
--- /dev/null
+++ b/crypto/pbkdf2.c
@@ -0,0 +1,94 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include <errno.h>
+#include <crypto/pbkdf2.h>
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key)
+{
+	int i, j, k;
+	unsigned char cnt[4];
+	uint32_t pass_len;
+	unsigned char *tmpdgt;
+	uint32_t d_len;
+	int ret;
+
+	if (!d)
+		return -EINVAL;
+
+	d_len = digest_length(d);
+	tmpdgt = malloc(d_len);
+	if (!tmpdgt)
+		return -ENOMEM;
+
+	i = 1;
+
+	ret = digest_set_key(d, pwd, pwd_len);
+	if (ret)
+		goto err;
+
+	while (key_len) {
+		pass_len = min(key_len, d_len);
+		cnt[0] = (i >> 24) & 0xff;
+		cnt[1] = (i >> 16) & 0xff;
+		cnt[2] = (i >> 8) & 0xff;
+		cnt[3] = i & 0xff;
+		ret = digest_init(d);
+		if (ret)
+			goto err;
+		ret = digest_update(d, salt, salt_len);
+		if (ret)
+			goto err;
+		ret = digest_update(d, cnt, 4);
+		if (ret)
+			goto err;
+		ret = digest_final(d, tmpdgt);
+		if (ret)
+			goto err;
+
+		memcpy(key, tmpdgt, pass_len);
+
+		for (j = 1; j < iteration; j++) {
+			ret = digest_digest(d, tmpdgt, d_len, tmpdgt);
+			if (ret)
+				goto err;
+
+			for(k = 0; k < pass_len; k++)
+				key[k] ^= tmpdgt[k];
+		}
+
+		key_len -= pass_len;
+		key += pass_len;
+		i++;
+	}
+
+	ret = 0;
+err:
+	free(tmpdgt);
+
+	return ret;;
+}
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iter,
+			   uint32_t key_len, unsigned char *key)
+{
+	int ret;
+	struct digest* d = digest_alloc("hmac(sha1)");
+
+	ret = pkcs5_pbkdf2_hmac(d, pwd, pwd_len, salt, salt_len, iter,
+				 key_len, key);
+
+	digest_free(d);
+	return ret;
+}
diff --git a/include/crypto/pbkdf2.h b/include/crypto/pbkdf2.h
new file mode 100644
index 0000000..fa66675
--- /dev/null
+++ b/include/crypto/pbkdf2.h
@@ -0,0 +1,23 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#ifndef __PBKDF2_H__
+#define __PBKDF2_H__
+
+#include <digest.h>
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iteration,
+			   uint32_t key_len, unsigned char *buf);
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key);
+
+#endif /* __PBKDF2_H__ */
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 7/9] command: allow runtime usage

[Jean-Christophe PLAGNIOL-VILLARD]

This will allow as example to list the currently supported digest.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 common/command.c  | 2 ++
 include/command.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/common/command.c b/common/command.c
index 61191c2..dc2cb88 100644
--- a/common/command.c
+++ b/common/command.c
@@ -47,6 +47,8 @@ void barebox_cmd_usage(struct command *cmdtp)
 		puts(cmdtp->help);
 		putchar('\n');
 	}
+	if (cmdtp->usage)
+		cmdtp->usage();
 #endif
 }
 EXPORT_SYMBOL(barebox_cmd_usage);
diff --git a/include/command.h b/include/command.h
index 5d5bf53..3aca1a9 100644
--- a/include/command.h
+++ b/include/command.h
@@ -54,6 +54,7 @@ struct command {
 	uint32_t	group;
 #ifdef	CONFIG_LONGHELP
 	const char	*help;		/* Help  message	(long)	*/
+	void		(*usage)(void);
 #endif
 }
 #ifdef __x86_64__
@@ -115,8 +116,10 @@ static const __maybe_unused char cmd_##_name##_help[] =
 
 #ifdef CONFIG_LONGHELP
 #define BAREBOX_CMD_HELP(text)	.help = text,
+#define BAREBOX_CMD_USAGE(fn)	.usage = fn,
 #else
 #define BAREBOX_CMD_HELP(text)
+#define BAREBOX_CMD_USAGE(fn)
 #endif
 
 #define BAREBOX_CMD_GROUP(grp)	.group = grp,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 8/9] command: rename digest.c to hashsum.c

[Jean-Christophe PLAGNIOL-VILLARD]

as I'll add a new generic command named digest

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig                 | 14 +++++++-------
 commands/Makefile                |  2 +-
 commands/{digest.c => hashsum.c} |  0
 3 files changed, 8 insertions(+), 8 deletions(-)
 rename commands/{digest.c => hashsum.c} (100%)

diff --git a/commands/Kconfig b/commands/Kconfig
index 286e9ce..7e3e8b7 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -12,7 +12,7 @@ config HAS_POWEROFF
 
 if COMMAND_SUPPORT
 
-config COMPILE_DIGEST
+config COMPILE_HASH
 	tristate
 	select DIGEST
 	help
@@ -917,7 +917,7 @@ config CMD_LS
 
 config CMD_MD5SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select MD5
 	prompt "md5sum"
 	help
@@ -982,7 +982,7 @@ config CMD_RMDIR
 
 config CMD_SHA1SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA1
 	prompt "sha1sum"
 	help
@@ -994,7 +994,7 @@ config CMD_SHA1SUM
 
 config CMD_SHA224SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA224
 	prompt "sha224sum"
 	help
@@ -1006,7 +1006,7 @@ config CMD_SHA224SUM
 
 config CMD_SHA256SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA256
 	prompt "sha256sum"
 	help
@@ -1018,7 +1018,7 @@ config CMD_SHA256SUM
 
 config CMD_SHA384SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA384
 	prompt "sha384sum"
 	help
@@ -1030,7 +1030,7 @@ config CMD_SHA384SUM
 
 config CMD_SHA512SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA512
 	prompt "sha512sum"
 	help
diff --git a/commands/Makefile b/commands/Makefile
index 7344e01..e42662f 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,5 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
-obj-$(CONFIG_COMPILE_DIGEST)	+= digest.o
+obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
 obj-$(CONFIG_CMD_UIMAGE)	+= uimage.o
diff --git a/commands/digest.c b/commands/hashsum.c
similarity index 100%
rename from commands/digest.c
rename to commands/hashsum.c
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 9/9] command: add generic digest command

[Jean-Christophe PLAGNIOL-VILLARD]

That can be used for digest calculation and verify

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig    |  12 +++-
 commands/Makefile   |   1 +
 commands/digest.c   | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/hashsum.c  |  76 ++++----------------
 commands/internal.h |   3 +
 crypto/digest.c     |  25 +++++--
 include/digest.h    |   8 ++-
 7 files changed, 260 insertions(+), 69 deletions(-)
 create mode 100644 commands/digest.c
 create mode 100644 commands/internal.h

diff --git a/commands/Kconfig b/commands/Kconfig
index 7e3e8b7..847ff76 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -14,7 +14,7 @@ if COMMAND_SUPPORT
 
 config COMPILE_HASH
 	tristate
-	select DIGEST
+	select CMD_DIGEST
 	help
 	  Turns on compilation of digest.c
 
@@ -842,6 +842,16 @@ config CMD_CMP
 
 	  Returns successfully if the two files are the same, return with an error if not
 
+config CMD_DIGEST
+	tristate
+	select DIGEST
+	prompt "digest"
+	help
+	  Usage: digest -a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA
+
+	  Calculate a digest over a FILE or a memory area with the possibility
+	  to checkit.
+
 config CMD_DIRNAME
 	tristate
 	prompt "dirname"
diff --git a/commands/Makefile b/commands/Makefile
index e42662f..b902f58 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,4 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
+obj-$(CONFIG_CMD_DIGEST)	+= digest.o
 obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
diff --git a/commands/digest.c b/commands/digest.c
new file mode 100644
index 0000000..fa47f24
--- /dev/null
+++ b/commands/digest.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright (c) 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * GPLv2 ONLY
+ */
+
+#include <common.h>
+#include <command.h>
+#include <fs.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <xfuncs.h>
+#include <malloc.h>
+#include <digest.h>
+#include <getopt.h>
+#include <libfile.h>
+
+#include "internal.h"
+
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[])
+{
+	int ret = COMMAND_ERROR_USAGE;
+	int i;
+	unsigned char *hash;
+
+	if (argc < 1)
+		goto err;
+
+	if (key) {
+		ret = digest_set_key(d, key, keylen);
+		if (ret) {
+			perror("set_key");
+			goto err;
+		}
+	}
+
+	hash = calloc(digest_length(d), sizeof(unsigned char));
+	if (!hash) {
+		perror("calloc");
+		goto err;
+	}
+
+	while (*argv) {
+		char *filename = "/dev/mem";
+		loff_t start = 0, size = ~0;
+
+		/* arguments are either file, file+area or area */
+		if (parse_area_spec(*argv, &start, &size)) {
+			filename = *argv;
+			if (argv[1] && !parse_area_spec(argv[1], &start, &size))
+				argv++;
+		}
+
+		ret = digest_file_window(d, filename,
+					 hash, sig, start, size);
+		if (ret < 0) {
+			ret = 1;
+		} else {
+			if (!sig) {
+				for (i = 0; i < digest_length(d); i++)
+					printf("%02x", hash[i]);
+
+				printf("  %s\t0x%08llx ... 0x%08llx\n",
+					filename, start, start + size);
+			}
+		}
+
+		argv++;
+	}
+
+	free(hash);
+err:
+	digest_free(d);
+
+	return ret;
+}
+
+static void prints_algo_help(void)
+{
+	puts("\navailable algo:\n");
+	digest_algo_prints("\t");
+}
+
+static int do_digest(int argc, char *argv[])
+{
+	struct digest *d;
+	unsigned char *tmp_key = NULL;
+	unsigned char *tmp_sig = NULL;
+	char *sig = NULL;
+	char *sigfile = NULL;
+	size_t siglen = 0;
+	char *key = NULL;
+	char *keyfile = NULL;
+	size_t keylen = 0;
+	size_t digestlen = 0;
+	char *algo = NULL;
+	int opt;
+	int ret = COMMAND_ERROR;
+
+	if (argc < 2)
+		return COMMAND_ERROR_USAGE;
+
+	while((opt = getopt(argc, argv, "a:k:K:s:S:")) > 0) {
+		switch(opt) {
+		case 'k':
+			key = optarg;
+			keylen = strlen(key);
+			break;
+		case 'K':
+			keyfile = optarg;
+			break;
+		case 'a':
+			algo = optarg;
+			break;
+		case 's':
+			sig = optarg;
+			siglen = strlen(sig);
+			break;
+		case 'S':
+			sigfile = optarg;
+			break;
+		}
+	}
+
+	if (!algo)
+		return COMMAND_ERROR_USAGE;
+
+	d = digest_alloc(algo);
+	if (!d) {
+		eprintf("algo '%s' not found\n", algo);
+		return COMMAND_ERROR_USAGE;
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (keyfile) {
+		tmp_key = key = read_file(keyfile, &keylen);
+		if (!key) {
+			eprintf("file '%s' not found\n", keyfile);
+			goto err;
+		}
+	}
+
+	ret = digest_set_key(d, key, keylen);
+	free(tmp_key);
+	if (ret)
+		goto err;
+
+	if (sigfile) {
+		sig = tmp_sig = read_file(sigfile, &siglen);
+		if (!tmp_sig) {
+			eprintf("file '%s' not found\n", sigfile);
+			goto err;
+		}
+	}
+
+	if (sig) {
+		digestlen = digest_length(d);
+		if (siglen == 2 * digestlen) {
+			if (!tmp_sig)
+				tmp_sig = xmalloc(digestlen);
+
+			ret = hex2bin(tmp_sig, sig, digestlen);
+			if (ret)
+				goto err;
+
+			sig = tmp_sig;
+		} else if (siglen != digestlen) {
+			eprintf("%s wrong size digest %ld expected %ld not found\n",
+				sigfile, siglen, digestlen);
+			goto err;
+		}
+	}
+
+	ret = __do_digest(d, NULL, 0, sig, argc, argv);
+	free(tmp_sig);
+	return ret;
+
+err:
+	digest_free(d);
+	return ret;
+}
+
+BAREBOX_CMD_HELP_START(digest)
+BAREBOX_CMD_HELP_TEXT("Calculate a digest over a FILE or a memory area.")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT ("-a <algo>\t",  "hash or signature algorithm to use")
+BAREBOX_CMD_HELP_OPT ("-k <key>\t",   "use supplied <key> (ASCII or hex) for MAC")
+BAREBOX_CMD_HELP_OPT ("-K <file>\t",  "use key from <file> (binary) for MAC")
+BAREBOX_CMD_HELP_OPT ("-v <hex>\t",   "verify data against supplied <hex> (hash, MAC or signature)")
+BAREBOX_CMD_HELP_OPT ("-V <file>\t",  "verify data against <file> (hash, MAC or signature)")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(digest)
+	.cmd		= do_digest,
+	BAREBOX_CMD_DESC("calculate digest")
+	BAREBOX_CMD_OPTS("-a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA")
+	BAREBOX_CMD_GROUP(CMD_GRP_FILE)
+	BAREBOX_CMD_HELP(cmd_digest_help)
+	BAREBOX_CMD_USAGE(prints_algo_help)
+BAREBOX_CMD_END
diff --git a/commands/hashsum.c b/commands/hashsum.c
index fa692eb..dc48af5 100644
--- a/commands/hashsum.c
+++ b/commands/hashsum.c
@@ -27,12 +27,11 @@
 #include <digest.h>
 #include <getopt.h>
 
-static int do_digest(char *algorithm, int argc, char *argv[])
+#include "internal.h"
+
+static int do_hash(char *algo, int argc, char *argv[])
 {
 	struct digest *d;
-	int ret = 0;
-	int i;
-	unsigned char *hash;
 	unsigned char *key = NULL;
 	size_t keylen = 0;
 	int opt;
@@ -46,71 +45,26 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 		}
 	}
 
-	argc -= optind;
-	argv += optind;
-
 	if (key) {
-		char *tmp = asprintf("hmac(%s)", algorithm);
+		char *tmp = asprintf("hmac(%s)", algo);
 		d = digest_alloc(tmp);
-		BUG_ON(!d);
-		ret = digest_sey_key(d, key, keylen);
 		free(tmp);
-		if (ret) {
-			perror("set_key");
-			goto err;
-		}
 	} else {
-		d = digest_alloc(algorithm);
-		BUG_ON(!d);
-	}
-
-	if (argc < 1)
-		return COMMAND_ERROR_USAGE;
-
-	hash = calloc(digest_length(d), sizeof(unsigned char));
-	if (!hash) {
-		perror("calloc");
-		return COMMAND_ERROR_USAGE;
-	}
-
-	while (*argv) {
-		char *filename = "/dev/mem";
-		loff_t start = 0, size = ~0;
-
-		/* arguments are either file, file+area or area */
-		if (parse_area_spec(*argv, &start, &size)) {
-			filename = *argv;
-			if (argv[0] && !parse_area_spec(argv[0], &start, &size))
-				argv++;
-		}
-
-		ret = digest_file_window(d, filename,
-					 hash, start, size);
-		if (ret < 0) {
-			ret = 1;
-		} else {
-			for (i = 0; i < digest_length(d); i++)
-				printf("%02x", hash[i]);
-
-			printf("  %s\t0x%08llx ... 0x%08llx\n",
-				filename, start, start + size);
-		}
-
-		argv++;
+		d = digest_alloc(algo);
 	}
+	BUG_ON(!d);
 
-err:
-	free(hash);
-	digest_free(d);
+	argc -= optind;
+	argv += optind;
 
-	return ret;
+	return __do_digest(d, key, keylen, NULL, argc, argv);
 }
 
 #ifdef CONFIG_CMD_MD5SUM
 
 static int do_md5(int argc, char *argv[])
 {
-	return do_digest("md5", argc, argv);
+	return do_hash("md5", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(md5sum)
@@ -131,7 +85,7 @@ BAREBOX_CMD_END
 
 static int do_sha1(int argc, char *argv[])
 {
-	return do_digest("sha1", argc, argv);
+	return do_hash("sha1", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha1sum)
@@ -152,7 +106,7 @@ BAREBOX_CMD_END
 
 static int do_sha224(int argc, char *argv[])
 {
-	return do_digest("sha224", argc, argv);
+	return do_hash("sha224", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha224sum)
@@ -173,7 +127,7 @@ BAREBOX_CMD_END
 
 static int do_sha256(int argc, char *argv[])
 {
-	return do_digest("sha256", argc, argv);
+	return do_hash("sha256", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha256sum)
@@ -194,7 +148,7 @@ BAREBOX_CMD_END
 
 static int do_sha384(int argc, char *argv[])
 {
-	return do_digest("sha384", argc, argv);
+	return do_hash("sha384", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha384sum)
@@ -215,7 +169,7 @@ BAREBOX_CMD_END
 
 static int do_sha512(int argc, char *argv[])
 {
-	return do_digest("sha512", argc, argv);
+	return do_hash("sha512", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha512sum)
diff --git a/commands/internal.h b/commands/internal.h
new file mode 100644
index 0000000..29cc656
--- /dev/null
+++ b/commands/internal.h
@@ -0,0 +1,3 @@
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[]);
diff --git a/crypto/digest.c b/crypto/digest.c
index 7670ed0..047131b 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -124,6 +124,15 @@ static struct digest_algo *digest_algo_get_by_name(const char *name)
 	return NULL;
 }
 
+void digest_algo_prints(const char *prefix)
+{
+	struct digest_algo* d;
+
+	list_for_each_entry(d, &digests, list) {
+		printf("%s%s\n", prefix, d->name);
+	}
+}
+
 struct digest *digest_alloc(const char *name)
 {
 	struct digest *d;
@@ -157,6 +166,7 @@ EXPORT_SYMBOL_GPL(digest_free);
 
 int digest_file_window(struct digest *d, const char *filename,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size)
 {
 	ulong len = 0;
@@ -217,7 +227,10 @@ int digest_file_window(struct digest *d, const char *filename,
 		len += now;
 	}
 
-	ret = digest_final(d, hash);
+	if (sig)
+		ret = digest_verify(d, sig);
+	else
+		ret = digest_final(d, hash);
 
 out_free:
 	if (flags)
@@ -230,7 +243,8 @@ out:
 EXPORT_SYMBOL_GPL(digest_file_window);
 
 int digest_file(struct digest *d, const char *filename,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct stat st;
 	int ret;
@@ -240,12 +254,13 @@ int digest_file(struct digest *d, const char *filename,
 	if (ret < 0)
 		return ret;
 
-	return digest_file_window(d, filename, hash, 0, st.st_size);
+	return digest_file_window(d, filename, hash, sig, 0, st.st_size);
 }
 EXPORT_SYMBOL_GPL(digest_file);
 
 int digest_file_by_name(const char *algo, const char *filename,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct digest *d;
 	int ret;
@@ -254,7 +269,7 @@ int digest_file_by_name(const char *algo, const char *filename,
 	if (!d)
 		return -EIO;
 
-	ret = digest_file(d, filename, hash);
+	ret = digest_file(d, filename, hash, sig);
 	digest_free(d);
 	return ret;
 }
diff --git a/include/digest.h b/include/digest.h
index 718793a..cb579ee 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -52,17 +52,21 @@ struct digest {
  */
 int digest_algo_register(struct digest_algo *d);
 void digest_algo_unregister(struct digest_algo *d);
+void digest_algo_prints(const char *prefix);
 
 struct digest *digest_alloc(const char *name);
 void digest_free(struct digest *d);
 
 int digest_file_window(struct digest *d, const char *filename,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size);
 int digest_file(struct digest *d, const char *filename,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 int digest_file_by_name(const char *algo, const char *filename,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 
 static inline int digest_init(struct digest *d)
 {
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 0/9 v4] prepare for rsa support

[Jan Lübbe]

On Di, 2015-03-17 at 12:49 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> 	The following patch series prepare for the adding of the rsa digest
> 	support
> 
> 	This will allow to verify a rsa signature of a file
> 
> 	Introduction of a new command digest to handle the digest and check
> 
> 	The next patch series will add RSA and keystore support

Thanks, this looks good to me now.

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 0/9 v4] prepare for rsa support

[Sascha Hauer]

On Tue, Mar 17, 2015 at 12:49:23PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> Hi,
> 
> 	The following patch series prepare for the adding of the rsa digest
> 	support
> 
> 	This will allow to verify a rsa signature of a file
> 
> 	Introduction of a new command digest to handle the digest and check
> 
> 	The next patch series will add RSA and keystore support
> 
> v2:
> 
> 	- rebase on next
> 	- add pbkdf2 to password/login framework
> 	- command allow to have runtime output
> 	  used it in the new digest to print the supported algo
> 
> v3:
> 	add more fix to ensure all the digest_xx call return are checked
> 
> v4:
> 	- drop key params for digest_file_window/digest_file/digest_file_by_name
> 	- digest improve help
> 
> please pull
> The following changes since commit bbba2d05585637d04657dce293c0cb0611dbfeea:
> 
>   Merge branch 'for-next/state' into next (2015-03-13 08:32:38 +0100)
> 
> are available in the git repository at:
> 
>   git://git.jcrosoft.org/barebox.git delivery/digest
> 
> for you to fetch changes up to 50b6b7d02eb109ba2807c2bb6e740fa01cdedc24:
> 
>   command: add generic digest command (2015-03-15 06:28:34 +0800)
> 
> ----------------------------------------------------------------
> Jean-Christophe PLAGNIOL-VILLARD (9):
>       crypto: digest: digest_file_window: check every digest_xxx return
>       crypto: digest: digest_file_window/digest_file/digest_file_by_name drop key params
>       digest: add verify callback
>       digest: add digest callback
>       crypto: hmac: use digest_digest and check the return of every digest_xxx
>       crypto: add pbkdf2 hmac key generator
>       command: allow runtime usage
>       command: rename digest.c to hashsum.c
>       command: add generic digest command

Applied, thanks

Sascha


-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox