[PATCH 0/7] prepare for rsa support

[PATCH 0/7] prepare for rsa support

[Jean-Christophe PLAGNIOL-VILLARD]

Hi,

	The following patch series prepare for the adding of the rsa digest
	support

	This will allow to verify a rsa signature of a file

	Introduction of a new command digest to handle the digest and check

	include also some fix

	The next patch series will add RSA and keystore support

The following changes since commit 01b0fd707ebede1303f7471adca41ebee06d2ac7:

  Merge branch 'for-next/state' into next (2015-03-12 08:29:17 +0100)

are available in the git repository at:

  git://git.jcrosoft.org/barebox.git delivery/digest

for you to fetch changes up to 1807649fab2109a962415e1ba5651d9d7c385e08:

  command: add generic digest command (2015-03-12 16:34:23 +0800)

----------------------------------------------------------------
Jean-Christophe PLAGNIOL-VILLARD (7):
      digest: fix and add missing copyright
      digest: hmac: fix set_key prototype
      crypto: add pbkdf2 hmac key generator
      digest: add verify callback
      digest: allow algo to specify their length at runtime
      command: rename digest.c to hashsum.c
      command: add generic digest command

 commands/Kconfig        |  26 +++++++++++-----
 commands/Makefile       |   3 +-
 commands/digest.c       | 270 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------------------------------------------------
 commands/hashsum.c      | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/internal.h     |   3 ++
 common/password.c       |  43 +-------------------------
 crypto/Kconfig          |   5 +++
 crypto/Makefile         |   2 ++
 crypto/digest.c         | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 crypto/hmac.c           |  10 +++++-
 crypto/internal.h       |   4 ++-
 crypto/md5.c            |   1 +
 crypto/pbkdf2.c         |  79 ++++++++++++++++++++++++++++++++++++++++++++++++
 crypto/sha1.c           |   1 +
 crypto/sha2.c           |   2 ++
 crypto/sha4.c           |   2 ++
 include/crypto/pbkdf2.h |  23 ++++++++++++++
 include/digest.h        |  22 ++++++++++++--
 18 files changed, 583 insertions(+), 213 deletions(-)
 create mode 100644 commands/hashsum.c
 create mode 100644 commands/internal.h
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 1/7] digest: fix and add missing copyright

[Jean-Christophe PLAGNIOL-VILLARD]

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/hmac.c     | 6 ++++++
 crypto/internal.h | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index b04dff1..8d07a61 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -1,3 +1,9 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * GPL v2 only
+ */
+
 #include <common.h>
 #include <digest.h>
 #include <malloc.h>
diff --git a/crypto/internal.h b/crypto/internal.h
index b6a8df0..cc409d8 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -1,5 +1,5 @@
 /*
- * (C) Copyright 215 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
  *
  * GPL v2 only
  */
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 2/7] digest: hmac: fix set_key prototype

[Jean-Christophe PLAGNIOL-VILLARD]

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/hmac.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index 8d07a61..1462730 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -57,7 +57,8 @@ static void digest_hmac_free(struct digest *d)
 	digest_free(dh->d);
 }
 
-static int digest_hmac_set_key(struct digest *d, unsigned char *key, unsigned int len)
+static int digest_hmac_set_key(struct digest *d, const unsigned char *key,
+				unsigned int len)
 {
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 3/7] crypto: add pbkdf2 hmac key generator

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow to generate a KEY + IV based on a password and salt for AES
encryption/decryption as example

or simply the key for hmac or rsa from text password

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/Kconfig          |  5 ++++
 crypto/Makefile         |  2 ++
 crypto/pbkdf2.c         | 79 +++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/pbkdf2.h | 23 ++++++++++++++
 4 files changed, 109 insertions(+)
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index e72b91e..b721e30 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -34,3 +34,8 @@ config DIGEST_HMAC
 	bool "HMAC"
 
 endif
+
+config CRYPTO_PBKDF2
+	select DIGEST
+	select SHA1
+	bool
diff --git a/crypto/Makefile b/crypto/Makefile
index ff5c289..0bb67d5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -9,3 +9,5 @@ obj-$(CONFIG_SHA224)	+= sha2.o
 obj-$(CONFIG_SHA256)	+= sha2.o
 obj-$(CONFIG_SHA384)	+= sha4.o
 obj-$(CONFIG_SHA512)	+= sha4.o
+
+obj-$(CONFIG_CRYPTO_PBKDF2)	+= pbkdf2.o
diff --git a/crypto/pbkdf2.c b/crypto/pbkdf2.c
new file mode 100644
index 0000000..7b94de9
--- /dev/null
+++ b/crypto/pbkdf2.c
@@ -0,0 +1,79 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include <errno.h>
+#include <crypto/pbkdf2.h>
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key)
+{
+	int i, j, k;
+	unsigned char cnt[4];
+	uint32_t pass_len;
+	unsigned char *tmpdgt;
+	uint32_t d_len;
+
+	if (!d)
+		return -EINVAL;
+
+	tmpdgt = malloc(digest_length(d));
+	if (!tmpdgt)
+		return -ENOMEM;
+
+	d_len = digest_length(d);
+	i = 1;
+
+	while (key_len) {
+		pass_len = min(key_len, d_len);
+		cnt[0] = (i >> 24) & 0xff;
+		cnt[1] = (i >> 16) & 0xff;
+		cnt[2] = (i >> 8) & 0xff;
+		cnt[3] = i & 0xff;
+		digest_hmac_init(d, pwd, pwd_len);
+		digest_hmac_update(d, salt, salt_len);
+		digest_hmac_update(d, cnt, 4);
+		digest_hmac_final(d, tmpdgt);
+
+		memcpy(key, tmpdgt, pass_len);
+
+		for (j = 1; j < iteration; j++) {
+			digest_hmac_init(d, pwd, pwd_len);
+			digest_hmac_update(d, tmpdgt, d_len);
+			digest_hmac_final(d, tmpdgt);
+
+			for(k = 0; k < pass_len; k++)
+				key[k] ^= tmpdgt[k];
+		}
+
+		key_len -= pass_len;
+		key += pass_len;
+		i++;
+	}
+
+	free(tmpdgt);
+
+	return 0;
+}
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iter,
+			   uint32_t key_len, unsigned char *key)
+{
+	int ret;
+	struct digest* d = digest_alloc("sha1");
+
+	ret = pkcs5_pbkdf2_hmac(d, pwd, pwd_len, salt, salt_len, iter,
+				 key_len, key);
+	
+	digest_free(d);
+	return ret;
+}
diff --git a/include/crypto/pbkdf2.h b/include/crypto/pbkdf2.h
new file mode 100644
index 0000000..fa66675
--- /dev/null
+++ b/include/crypto/pbkdf2.h
@@ -0,0 +1,23 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#ifndef __PBKDF2_H__
+#define __PBKDF2_H__
+
+#include <digest.h>
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iteration,
+			   uint32_t key_len, unsigned char *buf);
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key);
+
+#endif /* __PBKDF2_H__ */
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 4/7] digest: add verify callback

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow to compare a md with the original one

When calling this do not call final

For RSA_SIGN verification final does not exist only verify
as final will be for signing

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 23 ++++++++++++++++++++++-
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  2 ++
 crypto/sha4.c     |  2 ++
 include/digest.h  |  6 ++++++
 8 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index c06089d..98c3607 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -26,6 +26,8 @@
 #include <module.h>
 #include <linux/err.h>
 
+#include "internal.h"
+
 static LIST_HEAD(digests);
 
 static struct digest_algo *digest_algo_get_by_name(const char *name);
@@ -37,9 +39,28 @@ static int dummy_init(struct digest *d)
 
 static void dummy_free(struct digest *d) {}
 
+int digest_generic_verity(struct digest *d, const unsigned char *md)
+{
+	int ret;
+	int len = digest_length(d);
+	unsigned char *tmp;
+
+	tmp = xmalloc(sizeof(len));
+
+	ret = digest_final(d, tmp);
+	if (ret)
+		goto end;
+
+	ret = memcmp(md, tmp, len);
+end:
+	free(tmp);
+	return ret;
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
-	if (!d || !d->name || !d->update || !d->final || d->length < 1)
+	if (!d || !d->name || !d->update || !d->final || !d->verify ||
+	    d->length < 1)
 		return -EINVAL;
 
 	if (!d->init)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 1462730..1041352 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.verify = digest_generic_verity,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
 	.ctx_length = sizeof(struct digest_hmac),
diff --git a/crypto/internal.h b/crypto/internal.h
index cc409d8..82c5186 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -13,3 +13,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 	return 0;
 }
 #endif
+
+int digest_generic_verity(struct digest *d, const unsigned char *md);
diff --git a/crypto/md5.c b/crypto/md5.c
index fe17ff5..718f8f0 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.verify = digest_generic_verity,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
 };
diff --git a/crypto/sha1.c b/crypto/sha1.c
index a244b5d..38f0c42 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.verify = digest_generic_verity,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
 };
diff --git a/crypto/sha2.c b/crypto/sha2.c
index cb89c82..41e5720 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -304,6 +304,7 @@ static struct digest_algo m224 = {
 	.init = digest_sha224_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verity,
 	.length = SHA224_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
@@ -335,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verity,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 1c768e7..7c96ac3 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -309,6 +309,7 @@ static struct digest_algo m384 = {
 	.init = digest_sha384_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verity,
 	.length = SHA384_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
@@ -341,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verity,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
diff --git a/include/digest.h b/include/digest.h
index b890a7a..c675018 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -32,6 +32,7 @@ struct digest_algo {
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
+	int (*verify)(struct digest *d, const unsigned char *in);
 
 	unsigned int length;
 	unsigned int ctx_length;
@@ -80,6 +81,11 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_verify(struct digest *d, const unsigned char *md)
+{
+	return d->algo->verify(d, md);
+}
+
 static inline int digest_length(struct digest *d)
 {
 	return d->algo->length;
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 5/7] digest: allow algo to specify their length at runtime

[Jean-Christophe PLAGNIOL-VILLARD]

such as RSA as we load a DER key we will detect the key size
at runtime and so the algo length.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 include/digest.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/digest.h b/include/digest.h
index c675018..cadc2f6 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -43,6 +43,7 @@ struct digest_algo {
 struct digest {
 	struct digest_algo *algo;
 	void *ctx;
+	unsigned int length;
 };
 
 /*
@@ -88,7 +89,7 @@ static inline int digest_verify(struct digest *d, const unsigned char *md)
 
 static inline int digest_length(struct digest *d)
 {
-	return d->algo->length;
+	return d->length ? d->length : d->algo->length;
 }
 
 static inline int digest_set_key(struct digest *d, const unsigned char *key,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 6/7] command: rename digest.c to hashsum.c

[Jean-Christophe PLAGNIOL-VILLARD]

as I'll add a new generic command named digest

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig                 | 14 +++++++-------
 commands/Makefile                |  2 +-
 commands/{digest.c => hashsum.c} |  0
 3 files changed, 8 insertions(+), 8 deletions(-)
 rename commands/{digest.c => hashsum.c} (100%)

diff --git a/commands/Kconfig b/commands/Kconfig
index 286e9ce..7e3e8b7 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -12,7 +12,7 @@ config HAS_POWEROFF
 
 if COMMAND_SUPPORT
 
-config COMPILE_DIGEST
+config COMPILE_HASH
 	tristate
 	select DIGEST
 	help
@@ -917,7 +917,7 @@ config CMD_LS
 
 config CMD_MD5SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select MD5
 	prompt "md5sum"
 	help
@@ -982,7 +982,7 @@ config CMD_RMDIR
 
 config CMD_SHA1SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA1
 	prompt "sha1sum"
 	help
@@ -994,7 +994,7 @@ config CMD_SHA1SUM
 
 config CMD_SHA224SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA224
 	prompt "sha224sum"
 	help
@@ -1006,7 +1006,7 @@ config CMD_SHA224SUM
 
 config CMD_SHA256SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA256
 	prompt "sha256sum"
 	help
@@ -1018,7 +1018,7 @@ config CMD_SHA256SUM
 
 config CMD_SHA384SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA384
 	prompt "sha384sum"
 	help
@@ -1030,7 +1030,7 @@ config CMD_SHA384SUM
 
 config CMD_SHA512SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA512
 	prompt "sha512sum"
 	help
diff --git a/commands/Makefile b/commands/Makefile
index 7344e01..e42662f 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,5 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
-obj-$(CONFIG_COMPILE_DIGEST)	+= digest.o
+obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
 obj-$(CONFIG_CMD_UIMAGE)	+= uimage.o
diff --git a/commands/digest.c b/commands/hashsum.c
similarity index 100%
rename from commands/digest.c
rename to commands/hashsum.c
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 7/7] command: add generic digest command

[Jean-Christophe PLAGNIOL-VILLARD]

That can be used for digest calculation and verify

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig    |  12 +++-
 commands/Makefile   |   1 +
 commands/digest.c   | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/hashsum.c  |  68 ++++--------------
 commands/internal.h |   3 +
 common/password.c   |  43 +-----------
 crypto/digest.c     |  92 +++++++++++++++++++++++--
 include/digest.h    |  13 +++-
 8 files changed, 322 insertions(+), 105 deletions(-)
 create mode 100644 commands/digest.c
 create mode 100644 commands/internal.h

diff --git a/commands/Kconfig b/commands/Kconfig
index 7e3e8b7..847ff76 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -14,7 +14,7 @@ if COMMAND_SUPPORT
 
 config COMPILE_HASH
 	tristate
-	select DIGEST
+	select CMD_DIGEST
 	help
 	  Turns on compilation of digest.c
 
@@ -842,6 +842,16 @@ config CMD_CMP
 
 	  Returns successfully if the two files are the same, return with an error if not
 
+config CMD_DIGEST
+	tristate
+	select DIGEST
+	prompt "digest"
+	help
+	  Usage: digest -a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA
+
+	  Calculate a digest over a FILE or a memory area with the possibility
+	  to checkit.
+
 config CMD_DIRNAME
 	tristate
 	prompt "dirname"
diff --git a/commands/Makefile b/commands/Makefile
index e42662f..b902f58 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,4 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
+obj-$(CONFIG_CMD_DIGEST)	+= digest.o
 obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
diff --git a/commands/digest.c b/commands/digest.c
new file mode 100644
index 0000000..e9b4e66
--- /dev/null
+++ b/commands/digest.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * GPLv2 ONLY
+ */
+
+#include <common.h>
+#include <command.h>
+#include <fs.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <xfuncs.h>
+#include <malloc.h>
+#include <digest.h>
+#include <getopt.h>
+#include <libfile.h>
+
+#include "internal.h"
+
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[])
+{
+	int ret = 0;
+	int i;
+	unsigned char *hash;
+
+	if (argc < 1)
+		return COMMAND_ERROR_USAGE;
+
+	hash = calloc(digest_length(d), sizeof(unsigned char));
+	if (!hash) {
+		perror("calloc");
+		return COMMAND_ERROR_USAGE;
+	}
+
+	while (*argv) {
+		char *filename = "/dev/mem";
+		loff_t start = 0, size = ~0;
+
+		/* arguments are either file, file+area or area */
+		if (parse_area_spec(*argv, &start, &size)) {
+			filename = *argv;
+			if (argv[1] && !parse_area_spec(argv[1], &start, &size))
+				argv++;
+		}
+
+		ret = digest_file_window(d, filename,
+					 key, keylen,
+					 hash, sig, start, size);
+		if (ret < 0) {
+			ret = 1;
+		} else {
+			if (!sig) {
+				for (i = 0; i < digest_length(d); i++)
+					printf("%02x", hash[i]);
+
+				printf("  %s\t0x%08llx ... 0x%08llx\n",
+					filename, start, start + size);
+			}
+		}
+
+		argv++;
+	}
+
+	free(hash);
+	digest_free(d);
+
+	return ret;
+}
+
+static void __prints_algo(void)
+{
+	puts("available algo:\n\n");
+	digest_algo_prints("\t");
+}
+
+static int do_digest(int argc, char *argv[])
+{
+	struct digest *d;
+	unsigned char *tmp_key = NULL;
+	unsigned char *tmp_sig = NULL;
+	char *sig = NULL;
+	char *sigfile = NULL;
+	size_t siglen = 0;
+	char *key = NULL;
+	char *keyfile = NULL;
+	size_t keylen = 0;
+	size_t digestlen = 0;
+	char *algo = NULL;
+	int opt, ret;
+
+	if (argc < 2) {
+		__prints_algo();
+		return 0;
+	}
+
+	while((opt = getopt(argc, argv, "a:k:K:s:S:")) > 0) {
+		switch(opt) {
+		case 'k':
+			key = optarg;
+			keylen = strlen(key);
+			break;
+		case 'K':
+			keyfile = optarg;
+			break;
+		case 'a':
+			algo = optarg;
+			break;
+		case 's':
+			sig = optarg;
+			siglen = strlen(sig);
+			break;
+		case 'S':
+			sigfile = optarg;
+			break;
+		}
+	}
+
+	if (!algo)
+		return COMMAND_ERROR_USAGE;
+
+	d = digest_alloc(algo);
+	if (!d) {
+		eprintf("algo '%s' not found\n", algo);
+		__prints_algo();
+		return COMMAND_ERROR_USAGE;
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (keyfile) {
+		tmp_key = key = read_file(keyfile, &keylen);
+		if (!key) {
+			eprintf("file '%s' not found\n", keyfile);
+			goto err;
+		}
+	}
+
+	digest_set_key(d, key, keylen);
+	free(tmp_key);
+
+	if (sigfile) {
+		sig = tmp_sig = read_file(sigfile, &siglen);
+		if (!tmp_sig) {
+			eprintf("file '%s' not found\n", sigfile);
+			goto err;
+		}
+	}
+
+	if (sig) {
+		digestlen = digest_length(d);
+		if (siglen == 2 * digestlen) {
+			if (!tmp_sig)
+				tmp_sig = xmalloc(digestlen);
+
+			ret = base64_to_hex(sig, tmp_sig, digestlen);
+			if (ret)
+				goto err;
+
+			sig = tmp_sig;
+		} else if (siglen != digestlen) {
+			eprintf("%s wrong size digest %ld expected %ld not found\n",
+				sigfile, siglen, digestlen);
+			goto err;
+		}
+	}
+
+	ret = __do_digest(d, NULL, 0, sig, argc, argv);
+	free(tmp_sig);
+	return ret;
+
+err:
+	digest_free(d);
+	return COMMAND_ERROR;
+}
+
+BAREBOX_CMD_HELP_START(digest)
+BAREBOX_CMD_HELP_TEXT("Calculate a digest over a FILE or a memory area.")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT ("-a <algo>\t",  "digest to use")
+BAREBOX_CMD_HELP_OPT ("-k <key>\t",  "key as text")
+BAREBOX_CMD_HELP_OPT ("-K <file>\t",  "key file")
+BAREBOX_CMD_HELP_OPT ("-s <sig>\t",  "digest")
+BAREBOX_CMD_HELP_OPT ("-S <file>\t",  "digest flie")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(digest)
+	.cmd		= do_digest,
+	BAREBOX_CMD_DESC("calculate digest")
+	BAREBOX_CMD_OPTS("-a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA")
+	BAREBOX_CMD_GROUP(CMD_GRP_FILE)
+	BAREBOX_CMD_HELP(cmd_digest_help)
+BAREBOX_CMD_END
diff --git a/commands/hashsum.c b/commands/hashsum.c
index 701e6a1..dc48af5 100644
--- a/commands/hashsum.c
+++ b/commands/hashsum.c
@@ -27,12 +27,11 @@
 #include <digest.h>
 #include <getopt.h>
 
-static int do_digest(char *algorithm, int argc, char *argv[])
+#include "internal.h"
+
+static int do_hash(char *algo, int argc, char *argv[])
 {
 	struct digest *d;
-	int ret = 0;
-	int i;
-	unsigned char *hash;
 	unsigned char *key = NULL;
 	size_t keylen = 0;
 	int opt;
@@ -46,65 +45,26 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 		}
 	}
 
-	argc -= optind;
-	argv += optind;
-
 	if (key) {
-		char *tmp = asprintf("hmac(%s)", algorithm);
+		char *tmp = asprintf("hmac(%s)", algo);
 		d = digest_alloc(tmp);
 		free(tmp);
 	} else {
-		d = digest_alloc(algorithm);
+		d = digest_alloc(algo);
 	}
 	BUG_ON(!d);
 
-	if (argc < 1)
-		return COMMAND_ERROR_USAGE;
-
-	hash = calloc(digest_length(d), sizeof(unsigned char));
-	if (!hash) {
-		perror("calloc");
-		return COMMAND_ERROR_USAGE;
-	}
-
-	while (*argv) {
-		char *filename = "/dev/mem";
-		loff_t start = 0, size = ~0;
-
-		/* arguments are either file, file+area or area */
-		if (parse_area_spec(*argv, &start, &size)) {
-			filename = *argv;
-			if (argv[0] && !parse_area_spec(argv[0], &start, &size))
-				argv++;
-		}
-
-		ret = digest_file_window(d, filename,
-					 key, keylen,
-					 hash, start, size);
-		if (ret < 0) {
-			ret = 1;
-		} else {
-			for (i = 0; i < digest_length(d); i++)
-				printf("%02x", hash[i]);
-
-			printf("  %s\t0x%08llx ... 0x%08llx\n",
-				filename, start, start + size);
-		}
-
-		argv++;
-	}
-
-	free(hash);
-	digest_free(d);
+	argc -= optind;
+	argv += optind;
 
-	return ret;
+	return __do_digest(d, key, keylen, NULL, argc, argv);
 }
 
 #ifdef CONFIG_CMD_MD5SUM
 
 static int do_md5(int argc, char *argv[])
 {
-	return do_digest("md5", argc, argv);
+	return do_hash("md5", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(md5sum)
@@ -125,7 +85,7 @@ BAREBOX_CMD_END
 
 static int do_sha1(int argc, char *argv[])
 {
-	return do_digest("sha1", argc, argv);
+	return do_hash("sha1", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha1sum)
@@ -146,7 +106,7 @@ BAREBOX_CMD_END
 
 static int do_sha224(int argc, char *argv[])
 {
-	return do_digest("sha224", argc, argv);
+	return do_hash("sha224", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha224sum)
@@ -167,7 +127,7 @@ BAREBOX_CMD_END
 
 static int do_sha256(int argc, char *argv[])
 {
-	return do_digest("sha256", argc, argv);
+	return do_hash("sha256", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha256sum)
@@ -188,7 +148,7 @@ BAREBOX_CMD_END
 
 static int do_sha384(int argc, char *argv[])
 {
-	return do_digest("sha384", argc, argv);
+	return do_hash("sha384", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha384sum)
@@ -209,7 +169,7 @@ BAREBOX_CMD_END
 
 static int do_sha512(int argc, char *argv[])
 {
-	return do_digest("sha512", argc, argv);
+	return do_hash("sha512", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha512sum)
diff --git a/commands/internal.h b/commands/internal.h
new file mode 100644
index 0000000..29cc656
--- /dev/null
+++ b/commands/internal.h
@@ -0,0 +1,3 @@
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[]);
diff --git a/common/password.c b/common/password.c
index 6ecf717..22d9e58 100644
--- a/common/password.c
+++ b/common/password.c
@@ -127,26 +127,6 @@ int passwd_env_disable(void)
 }
 EXPORT_SYMBOL(passwd_env_disable);
 
-static unsigned char to_digit(unsigned char c)
-{
-	if (c >= '0' && c <= '9')
-		c -= '0';
-	else
-		c -= 'a' - 10;
-
-	return c;
-}
-
-static unsigned char to_hexa(unsigned char c)
-{
-	if (c < 10)
-		c += '0';
-	else
-		c += 'a' - 10;
-
-	return c;
-}
-
 int read_passwd(unsigned char *sum, size_t length)
 {
 	if (is_passwd_env_enable())
@@ -159,28 +139,7 @@ int read_passwd(unsigned char *sum, size_t length)
 
 int read_default_passwd(unsigned char *sum, size_t length)
 {
-	int i = 0;
-	int len = strlen(default_passwd);
-	unsigned char *buf = (unsigned char *)default_passwd;
-	unsigned char c;
-
-	if (!sum || length < 1)
-		return -EINVAL;
-
-	for (i = 0; i < len && length > 0; i++) {
-		c = buf[i];
-		i++;
-
-		*sum = to_digit(c) << 4;
-
-		c = buf[i];
-
-		*sum |= to_digit(c);
-		sum++;
-		length--;
-	}
-
-	return 0;
+	return base64_to_hex(sum, default_passwd, length);
 }
 EXPORT_SYMBOL(read_default_passwd);
 
diff --git a/crypto/digest.c b/crypto/digest.c
index 98c3607..67f04c6 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -45,7 +45,7 @@ int digest_generic_verity(struct digest *d, const unsigned char *md)
 	int len = digest_length(d);
 	unsigned char *tmp;
 
-	tmp = xmalloc(sizeof(len));
+	tmp = xmalloc(len);
 
 	ret = digest_final(d, tmp);
 	if (ret)
@@ -105,6 +105,15 @@ static struct digest_algo *digest_algo_get_by_name(const char *name)
 	return NULL;
 }
 
+void digest_algo_prints(const char *prefix)
+{
+	struct digest_algo* d;
+
+	list_for_each_entry(d, &digests, list) {
+		printf("%s%s\n", prefix, d->name);
+	}
+}
+
 struct digest *digest_alloc(const char *name)
 {
 	struct digest *d;
@@ -139,6 +148,7 @@ EXPORT_SYMBOL_GPL(digest_free);
 int digest_file_window(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size)
 {
 	ulong len = 0;
@@ -198,7 +208,10 @@ int digest_file_window(struct digest *d, const char *filename,
 		len += now;
 	}
 
-	digest_final(d, hash);
+	if (sig)
+		ret = digest_verify(d, sig);
+	else
+		digest_final(d, hash);
 
 out_free:
 	if (flags)
@@ -212,7 +225,8 @@ EXPORT_SYMBOL_GPL(digest_file_window);
 
 int digest_file(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct stat st;
 	int ret;
@@ -222,13 +236,14 @@ int digest_file(struct digest *d, const char *filename,
 	if (ret < 0)
 		return ret;
 
-	return digest_file_window(d, filename, key, keylen, hash, 0, st.st_size);
+	return digest_file_window(d, filename, key, keylen, hash, sig, 0, st.st_size);
 }
 EXPORT_SYMBOL_GPL(digest_file);
 
 int digest_file_by_name(const char *algo, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct digest *d;
 	int ret;
@@ -237,8 +252,73 @@ int digest_file_by_name(const char *algo, const char *filename,
 	if (!d)
 		return -EIO;
 
-	ret = digest_file(d, filename, key, keylen, hash);
+	ret = digest_file(d, filename, key, keylen, hash, sig);
 	digest_free(d);
 	return ret;
 }
 EXPORT_SYMBOL_GPL(digest_file_by_name);
+
+unsigned char to_digit(unsigned char c)
+{
+	if (c >= '0' && c <= '9')
+		c -= '0';
+	else
+		c -= 'a' - 10;
+
+	return c;
+}
+
+unsigned char to_hexa(unsigned char c)
+{
+	if (c < 10)
+		c += '0';
+	else
+		c += 'a' - 10;
+
+	return c;
+}
+
+int base64_to_hex(const unsigned char *sum, unsigned char *buf, size_t length)
+{
+	int i = 0;
+	int len = length * 2;
+	unsigned char c;
+
+	if (!sum || !buf || length < 1)
+		return -EINVAL;
+
+	for (i = 0; i < len && length > 0; i++) {
+		c = sum[i];
+		i++;
+
+		*buf = to_digit(c) << 4;
+
+		c = sum[i];
+
+		*buf |= to_digit(c);
+		buf++;
+		length--;
+	}
+
+	return 0;
+}
+
+int hex_to_base64(const unsigned char *sum, unsigned char *buf, size_t length)
+{
+	if (!sum || !buf || length < 1)
+		return -EINVAL;
+
+	do {
+		*buf = to_digit(*sum) << 4;
+
+		buf++;
+
+		*buf |= to_digit(*sum);
+
+		sum++;
+		buf++;
+		length--;
+	} while(length > 0);
+
+	return 0;
+}
diff --git a/include/digest.h b/include/digest.h
index cadc2f6..e7011bb 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -51,6 +51,7 @@ struct digest {
  */
 int digest_algo_register(struct digest_algo *d);
 void digest_algo_unregister(struct digest_algo *d);
+void digest_algo_prints(const char *prefix);
 
 struct digest *digest_alloc(const char *name);
 void digest_free(struct digest *d);
@@ -58,13 +59,21 @@ void digest_free(struct digest *d);
 int digest_file_window(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size);
 int digest_file(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 int digest_file_by_name(const char *algo, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
+
+int base64_to_hex(const unsigned char *sum, unsigned char *buf, size_t length);
+int hex_to_base64(const unsigned char *sum, unsigned char *buf, size_t length);
+unsigned char to_digit(unsigned char c);
+unsigned char to_hexa(unsigned char c);
 
 static inline int digest_init(struct digest *d)
 {
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 4/7] digest: add verify callback

[Jan Lübbe]

On Do, 2015-03-12 at 15:22 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> +int digest_generic_verity(struct digest *d, const unsigned char *md)
                     ^^^^^^ shouldn't this be "verify" for consistency?

> +       int (*verify)(struct digest *d, const unsigned char *in);
                                                              ^^
this is called "md" in the other prototypes
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 4/7] digest: add verify callback

[Sascha Hauer]

On Thu, Mar 12, 2015 at 03:22:23PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> this will allow to compare a md with the original one
> 
> When calling this do not call final
> 
> For RSA_SIGN verification final does not exist only verify
> as final will be for signing
> 
> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> ---
>  crypto/digest.c   | 23 ++++++++++++++++++++++-
>  crypto/hmac.c     |  1 +
>  crypto/internal.h |  2 ++
>  crypto/md5.c      |  1 +
>  crypto/sha1.c     |  1 +
>  crypto/sha2.c     |  2 ++
>  crypto/sha4.c     |  2 ++
>  include/digest.h  |  6 ++++++
>  8 files changed, 37 insertions(+), 1 deletion(-)
> 
> diff --git a/crypto/digest.c b/crypto/digest.c
> index c06089d..98c3607 100644
> --- a/crypto/digest.c
> +++ b/crypto/digest.c
> @@ -26,6 +26,8 @@
>  #include <module.h>
>  #include <linux/err.h>
>  
> +#include "internal.h"
> +
>  static LIST_HEAD(digests);
>  
>  static struct digest_algo *digest_algo_get_by_name(const char *name);
> @@ -37,9 +39,28 @@ static int dummy_init(struct digest *d)
>  
>  static void dummy_free(struct digest *d) {}
>  
> +int digest_generic_verity(struct digest *d, const unsigned char *md)

s/verity/verify/

> +{
> +	int ret;
> +	int len = digest_length(d);
> +	unsigned char *tmp;
> +
> +	tmp = xmalloc(sizeof(len));

sizeof(len) is not what you want.

> +
> +	ret = digest_final(d, tmp);
> +	if (ret)
> +		goto end;
> +
> +	ret = memcmp(md, tmp, len);

ret = ret ? -EINVAL : 0;

To consistently return an error code.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 4/7] digest: add verify callback

[Jean-Christophe PLAGNIOL-VILLARD]

> On Mar 13, 2015, at 1:41 AM, Sascha Hauer <s.hauer@pengutronix.de> wrote:
> 
> On Thu, Mar 12, 2015 at 03:22:23PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
>> this will allow to compare a md with the original one
>> 
>> When calling this do not call final
>> 
>> For RSA_SIGN verification final does not exist only verify
>> as final will be for signing
>> 
>> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
>> ---
>> crypto/digest.c   | 23 ++++++++++++++++++++++-
>> crypto/hmac.c     |  1 +
>> crypto/internal.h |  2 ++
>> crypto/md5.c      |  1 +
>> crypto/sha1.c     |  1 +
>> crypto/sha2.c     |  2 ++
>> crypto/sha4.c     |  2 ++
>> include/digest.h  |  6 ++++++
>> 8 files changed, 37 insertions(+), 1 deletion(-)
>> 
>> diff --git a/crypto/digest.c b/crypto/digest.c
>> index c06089d..98c3607 100644
>> --- a/crypto/digest.c
>> +++ b/crypto/digest.c
>> @@ -26,6 +26,8 @@
>> #include <module.h>
>> #include <linux/err.h>
>> 
>> +#include "internal.h"
>> +
>> static LIST_HEAD(digests);
>> 
>> static struct digest_algo *digest_algo_get_by_name(const char *name);
>> @@ -37,9 +39,28 @@ static int dummy_init(struct digest *d)
>> 
>> static void dummy_free(struct digest *d) {}
>> 
>> +int digest_generic_verity(struct digest *d, const unsigned char *md)
> 
> s/verity/verify/
> 

I already fix this wired that the pull is different from my local version
>> +{
>> +	int ret;
>> +	int len = digest_length(d);
>> +	unsigned char *tmp;
>> +
>> +	tmp = xmalloc(sizeof(len));
> 
> sizeof(len) is not what you want.
> 
ditto
>> +
>> +	ret = digest_final(d, tmp);
>> +	if (ret)
>> +		goto end;
>> +
>> +	ret = memcmp(md, tmp, len);
> 
> ret = ret ? -EINVAL : 0;
> 
> To consistently return an error code.
yeap

Best Regards,
J.
> 
> Sascha
> 
> -- 
> Pengutronix e.K.                           |                             |
> Industrial Linux Solutions                 | http://www.pengutronix.de/  |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 7/7] command: add generic digest command

[Sascha Hauer]

On Thu, Mar 12, 2015 at 03:22:26PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> That can be used for digest calculation and verify
> 
> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> ---
>  commands/Kconfig    |  12 +++-
>  commands/Makefile   |   1 +
>  commands/digest.c   | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>  commands/hashsum.c  |  68 ++++--------------
>  commands/internal.h |   3 +
>  common/password.c   |  43 +-----------
>  crypto/digest.c     |  92 +++++++++++++++++++++++--
>  include/digest.h    |  13 +++-
>  8 files changed, 322 insertions(+), 105 deletions(-)
>  create mode 100644 commands/digest.c
>  create mode 100644 commands/internal.h
> 
> diff --git a/commands/Kconfig b/commands/Kconfig
> index 7e3e8b7..847ff76 100644
> --- a/commands/Kconfig
> +++ b/commands/Kconfig
> @@ -14,7 +14,7 @@ if COMMAND_SUPPORT
>  
>  config COMPILE_HASH
>  	tristate
> -	select DIGEST
> +	select CMD_DIGEST
>  	help
>  	  Turns on compilation of digest.c
>  
> @@ -842,6 +842,16 @@ config CMD_CMP
>  
>  	  Returns successfully if the two files are the same, return with an error if not
>  
> +config CMD_DIGEST
> +	tristate
> +	select DIGEST
> +	prompt "digest"
> +	help
> +	  Usage: digest -a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA
> +
> +	  Calculate a digest over a FILE or a memory area with the possibility
> +	  to checkit.
> +
>  config CMD_DIRNAME
>  	tristate
>  	prompt "dirname"
> diff --git a/commands/Makefile b/commands/Makefile
> index e42662f..b902f58 100644
> --- a/commands/Makefile
> +++ b/commands/Makefile
> @@ -1,4 +1,5 @@
>  obj-$(CONFIG_STDDEV)		+= stddev.o
> +obj-$(CONFIG_CMD_DIGEST)	+= digest.o
>  obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
>  obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
>  obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
> diff --git a/commands/digest.c b/commands/digest.c
> new file mode 100644
> index 0000000..e9b4e66
> --- /dev/null
> +++ b/commands/digest.c
> @@ -0,0 +1,195 @@
> +/*
> + * Copyright (c) 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> + *
> + * GPLv2 ONLY
> + */
> +
> +#include <common.h>
> +#include <command.h>
> +#include <fs.h>
> +#include <fcntl.h>
> +#include <errno.h>
> +#include <xfuncs.h>
> +#include <malloc.h>
> +#include <digest.h>
> +#include <getopt.h>
> +#include <libfile.h>
> +
> +#include "internal.h"
> +
> +int __do_digest(struct digest *d, unsigned char *key, int keylen,
> +		       unsigned char *sig,
> +		       int argc, char *argv[])
> +{
> +	int ret = 0;
> +	int i;
> +	unsigned char *hash;
> +
> +	if (argc < 1)
> +		return COMMAND_ERROR_USAGE;
> +
> +	hash = calloc(digest_length(d), sizeof(unsigned char));
> +	if (!hash) {
> +		perror("calloc");
> +		return COMMAND_ERROR_USAGE;
> +	}
> +
> +	while (*argv) {
> +		char *filename = "/dev/mem";
> +		loff_t start = 0, size = ~0;
> +
> +		/* arguments are either file, file+area or area */
> +		if (parse_area_spec(*argv, &start, &size)) {
> +			filename = *argv;
> +			if (argv[1] && !parse_area_spec(argv[1], &start, &size))
> +				argv++;
> +		}
> +
> +		ret = digest_file_window(d, filename,
> +					 key, keylen,
> +					 hash, sig, start, size);
> +		if (ret < 0) {
> +			ret = 1;
> +		} else {
> +			if (!sig) {
> +				for (i = 0; i < digest_length(d); i++)
> +					printf("%02x", hash[i]);
> +
> +				printf("  %s\t0x%08llx ... 0x%08llx\n",
> +					filename, start, start + size);
> +			}
> +		}
> +
> +		argv++;
> +	}
> +
> +	free(hash);
> +	digest_free(d);
> +
> +	return ret;
> +}
> +
> +static void __prints_algo(void)
> +{
> +	puts("available algo:\n\n");
> +	digest_algo_prints("\t");
> +}
> +
> +static int do_digest(int argc, char *argv[])
> +{
> +	struct digest *d;
> +	unsigned char *tmp_key = NULL;
> +	unsigned char *tmp_sig = NULL;
> +	char *sig = NULL;
> +	char *sigfile = NULL;
> +	size_t siglen = 0;
> +	char *key = NULL;
> +	char *keyfile = NULL;
> +	size_t keylen = 0;
> +	size_t digestlen = 0;
> +	char *algo = NULL;
> +	int opt, ret;
> +
> +	if (argc < 2) {
> +		__prints_algo();
> +		return 0;
> +	}

This is an untuitive trigger to print the available algos. Can we add an
explicit option here?

> +
> +	while((opt = getopt(argc, argv, "a:k:K:s:S:")) > 0) {
> +		switch(opt) {
> +		case 'k':
> +			key = optarg;
> +			keylen = strlen(key);
> +			break;
> +		case 'K':
> +			keyfile = optarg;
> +			break;
> +		case 'a':
> +			algo = optarg;
> +			break;
> +		case 's':
> +			sig = optarg;
> +			siglen = strlen(sig);
> +			break;
> +		case 'S':
> +			sigfile = optarg;
> +			break;
> +		}
> +	}
> +
> +	if (!algo)
> +		return COMMAND_ERROR_USAGE;
> +
> +	d = digest_alloc(algo);
> +	if (!d) {
> +		eprintf("algo '%s' not found\n", algo);
> +		__prints_algo();
> +		return COMMAND_ERROR_USAGE;
> +	}
> +
> +	argc -= optind;
> +	argv += optind;
> +
> +	if (keyfile) {
> +		tmp_key = key = read_file(keyfile, &keylen);

Why two variables? Both tmp_key and key are never changed.

> +		if (!key) {
> +			eprintf("file '%s' not found\n", keyfile);
> +			goto err;
> +		}
> +	}
> +
> +	digest_set_key(d, key, keylen);

This can fail. You should check the error code.

> +unsigned char to_digit(unsigned char c)
> +{
> +	if (c >= '0' && c <= '9')
> +		c -= '0';
> +	else
> +		c -= 'a' - 10;
> +
> +	return c;
> +}
> +
> +unsigned char to_hexa(unsigned char c)
> +{
> +	if (c < 10)
> +		c += '0';
> +	else
> +		c += 'a' - 10;
> +
> +	return c;
> +}
> +
> +int base64_to_hex(const unsigned char *sum, unsigned char *buf, size_t length)
> +{

The ASCII input here contains hex digits, base64 is something different.
Also these functions are useful enough to be always available, not only
when digest is enabled.

I just sent a patch containing the kernels implementation of bin2hex and
hex2bin. Please base on this one.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 5/7] digest: allow algo to specify their length at runtime

[Sascha Hauer]

On Thu, Mar 12, 2015 at 03:22:24PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> such as RSA as we load a DER key we will detect the key size
> at runtime and so the algo length.
> 
> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> ---
>  include/digest.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Please keep this one back until it's actually used. I don't really like
having the length in two places, maybe we find a better solution then.

Sascha


-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 1/7] digest: fix and add missing copyright

[Sascha Hauer]

On Thu, Mar 12, 2015 at 03:22:20PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> ---
>  crypto/hmac.c     | 6 ++++++
>  crypto/internal.h | 2 +-
>  2 files changed, 7 insertions(+), 1 deletion(-)

Squashed this one and 2/7 into the initial hmac support, no need to
resend them.

Sascha


-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 7/7] command: add generic digest command

[Jean-Christophe PLAGNIOL-VILLARD]

> > +
> > +static int do_digest(int argc, char *argv[])
> > +{
> > +	struct digest *d;
> > +	unsigned char *tmp_key = NULL;
> > +	unsigned char *tmp_sig = NULL;
> > +	char *sig = NULL;
> > +	char *sigfile = NULL;
> > +	size_t siglen = 0;
> > +	char *key = NULL;
> > +	char *keyfile = NULL;
> > +	size_t keylen = 0;
> > +	size_t digestlen = 0;
> > +	char *algo = NULL;
> > +	int opt, ret;
> > +
> > +	if (argc < 2) {
> > +		__prints_algo();
> > +		return 0;
> > +	}
> 
> This is an untuitive trigger to print the available algos. Can we add an
> explicit option here?

I would have prefer via help cmd but not possible to have runtime help txt
> 
> > +
> > +	while((opt = getopt(argc, argv, "a:k:K:s:S:")) > 0) {
> > +		switch(opt) {
> > +		case 'k':
> > +			key = optarg;
> > +			keylen = strlen(key);
> > +			break;
> > +		case 'K':
> > +			keyfile = optarg;
> > +			break;
> > +		case 'a':
> > +			algo = optarg;
> > +			break;
> > +		case 's':
> > +			sig = optarg;
> > +			siglen = strlen(sig);
> > +			break;
> > +		case 'S':
> > +			sigfile = optarg;
> > +			break;
> > +		}
> > +	}
> > +
> > +	if (!algo)
> > +		return COMMAND_ERROR_USAGE;
> > +
> > +	d = digest_alloc(algo);
> > +	if (!d) {
> > +		eprintf("algo '%s' not found\n", algo);
> > +		__prints_algo();
> > +		return COMMAND_ERROR_USAGE;
> > +	}
> > +
> > +	argc -= optind;
> > +	argv += optind;
> > +
> > +	if (keyfile) {
> > +		tmp_key = key = read_file(keyfile, &keylen);
> 
> Why two variables? Both tmp_key and key are never changed.
'key' can be from optarg so we can not free it

otherwise if need to xstrdup it when parsing the getopt
> 
> > +		if (!key) {
> > +			eprintf("file '%s' not found\n", keyfile);
> > +			goto err;
> > +		}
> > +	}
> > +
> > +	digest_set_key(d, key, keylen);
> 
> This can fail. You should check the error code.
yeah
> 
> > +unsigned char to_digit(unsigned char c)
> > +{
> > +	if (c >= '0' && c <= '9')
> > +		c -= '0';
> > +	else
> > +		c -= 'a' - 10;
> > +
> > +	return c;
> > +}
> > +
> > +unsigned char to_hexa(unsigned char c)
> > +{
> > +	if (c < 10)
> > +		c += '0';
> > +	else
> > +		c += 'a' - 10;
> > +
> > +	return c;
> > +}
> > +
> > +int base64_to_hex(const unsigned char *sum, unsigned char *buf, size_t length)
> > +{
> 
> The ASCII input here contains hex digits, base64 is something different.
> Also these functions are useful enough to be always available, not only
> when digest is enabled.
> 
> I just sent a patch containing the kernels implementation of bin2hex and
> hex2bin. Please base on this one.

ok

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 1/1] command: allow runtime usage

[Jean-Christophe PLAGNIOL-VILLARD]

this will allow as example to list the current supported digest

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 common/command.c  | 2 ++
 include/command.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/common/command.c b/common/command.c
index 61191c2..dc2cb88 100644
--- a/common/command.c
+++ b/common/command.c
@@ -47,6 +47,8 @@ void barebox_cmd_usage(struct command *cmdtp)
 		puts(cmdtp->help);
 		putchar('\n');
 	}
+	if (cmdtp->usage)
+		cmdtp->usage();
 #endif
 }
 EXPORT_SYMBOL(barebox_cmd_usage);
diff --git a/include/command.h b/include/command.h
index 5d5bf53..3aca1a9 100644
--- a/include/command.h
+++ b/include/command.h
@@ -54,6 +54,7 @@ struct command {
 	uint32_t	group;
 #ifdef	CONFIG_LONGHELP
 	const char	*help;		/* Help  message	(long)	*/
+	void		(*usage)(void);
 #endif
 }
 #ifdef __x86_64__
@@ -115,8 +116,10 @@ static const __maybe_unused char cmd_##_name##_help[] =
 
 #ifdef CONFIG_LONGHELP
 #define BAREBOX_CMD_HELP(text)	.help = text,
+#define BAREBOX_CMD_USAGE(fn)	.usage = fn,
 #else
 #define BAREBOX_CMD_HELP(text)
+#define BAREBOX_CMD_USAGE(fn)
 #endif
 
 #define BAREBOX_CMD_GROUP(grp)	.group = grp,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH 1/1] command: allow runtime usage

[Robert Schwebel]

On Fri, Mar 13, 2015 at 09:42:22AM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> this will allow as example to list the current supported digest
  ^                                            ^                 ^
  T                                            ly                .

Maybe you mean "This will for example allow to list the currently
supported digest."?

> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> ---
>  common/command.c  | 2 ++
>  include/command.h | 3 +++
>  2 files changed, 5 insertions(+)
> 
> diff --git a/common/command.c b/common/command.c
> index 61191c2..dc2cb88 100644
> --- a/common/command.c
> +++ b/common/command.c
> @@ -47,6 +47,8 @@ void barebox_cmd_usage(struct command *cmdtp)
>  		puts(cmdtp->help);
>  		putchar('\n');
>  	}
> +	if (cmdtp->usage)
> +		cmdtp->usage();
>  #endif
>  }
>  EXPORT_SYMBOL(barebox_cmd_usage);
> diff --git a/include/command.h b/include/command.h
> index 5d5bf53..3aca1a9 100644
> --- a/include/command.h
> +++ b/include/command.h
> @@ -54,6 +54,7 @@ struct command {
>  	uint32_t	group;
>  #ifdef	CONFIG_LONGHELP
>  	const char	*help;		/* Help  message	(long)	*/
> +	void		(*usage)(void);
>  #endif
>  }
>  #ifdef __x86_64__
> @@ -115,8 +116,10 @@ static const __maybe_unused char cmd_##_name##_help[] =
>  
>  #ifdef CONFIG_LONGHELP
>  #define BAREBOX_CMD_HELP(text)	.help = text,
> +#define BAREBOX_CMD_USAGE(fn)	.usage = fn,
>  #else
>  #define BAREBOX_CMD_HELP(text)
> +#define BAREBOX_CMD_USAGE(fn)
>  #endif
>  
>  #define BAREBOX_CMD_GROUP(grp)	.group = grp,
> -- 
> 2.1.4
> 
> 
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox