From mboxrd@z Thu Jan 1 00:00:00 1970 From: Heinrich Schuchardt Date: Sun, 19 Jul 2020 10:29:55 +0200 Subject: [PATCH v4 3/7] lib: crypto: import pkcs7_verify.c from linux In-Reply-To: <20200717071630.7363-4-takahiro.akashi@linaro.org> References: <20200717071630.7363-1-takahiro.akashi@linaro.org> <20200717071630.7363-4-takahiro.akashi@linaro.org> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 7/17/20 9:16 AM, AKASHI Takahiro wrote: > The file, pkcs7_verify.c, will now be imported from linux code > (crypto/asymmetric_keys/pkcs7_verify.c) > and modified to fit into U-Boot environment. > > In particular, pkcs7_verify_one() function will be used in a later patch > to rework signature verification logic aiming to support intermediate > certificates in "chain of trust." > > Signed-off-by: AKASHI Takahiro > --- > lib/crypto/Kconfig | 3 + > lib/crypto/Makefile | 1 + > lib/crypto/pkcs7_verify.c | 521 ++++++++++++++++++++++++++++++++++++++ > 3 files changed, 525 insertions(+) > create mode 100644 lib/crypto/pkcs7_verify.c > > diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig > index 2b221b915aa6..6369bafac07b 100644 > --- a/lib/crypto/Kconfig > +++ b/lib/crypto/Kconfig > @@ -49,4 +49,7 @@ config PKCS7_MESSAGE_PARSER > This option provides support for parsing PKCS#7 format messages for > signature data and provides the ability to verify the signature. > > +config PKCS7_VERIFY > + bool > + > endif # ASYMMETRIC_KEY_TYPE > diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile > index 8267fee0a7b8..f3a414525d2a 100644 > --- a/lib/crypto/Makefile > +++ b/lib/crypto/Makefile > @@ -44,6 +44,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o > pkcs7_message-y := \ > pkcs7.asn1.o \ > pkcs7_parser.o > +obj-$(CONFIG_PKCS7_VERIFY) += pkcs7_verify.o > > $(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h > $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h > diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c > new file mode 100644 > index 000000000000..a893fa3b586b > --- /dev/null > +++ b/lib/crypto/pkcs7_verify.c > @@ -0,0 +1,521 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* Verify the signature on a PKCS#7 message. > + * > + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. > + * Written by David Howells (dhowells at redhat.com) Please, state here from which Linux file and which version you have been copying, e.g. * Based on Linux v5.8-rc5 lib/crypto/pkcs7_verify.c Best regards Heinrich