On 7/17/20 9:16 AM, AKASHI Takahiro wrote:
The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c) and modified to fit into U-Boot environment.
In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust."
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
lib/crypto/Kconfig | 3 + lib/crypto/Makefile | 1 + lib/crypto/pkcs7_verify.c | 521 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 525 insertions(+) create mode 100644 lib/crypto/pkcs7_verify.c
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 2b221b915aa6..6369bafac07b 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -49,4 +49,7 @@ config PKCS7_MESSAGE_PARSER This option provides support for parsing PKCS#7 format messages for signature data and provides the ability to verify the signature.
+config PKCS7_VERIFY
- bool
endif # ASYMMETRIC_KEY_TYPE diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 8267fee0a7b8..f3a414525d2a 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -44,6 +44,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7.asn1.o \ pkcs7_parser.o +obj-$(CONFIG_PKCS7_VERIFY) += pkcs7_verify.o
$(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c new file mode 100644 index 000000000000..a893fa3b586b --- /dev/null +++ b/lib/crypto/pkcs7_verify.c @@ -0,0 +1,521 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* Verify the signature on a PKCS#7 message.
- Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- Written by David Howells (dhowells@redhat.com)
Please, state here from which Linux file and which version you have been copying, e.g.
* Based on Linux v5.8-rc5 lib/crypto/pkcs7_verify.c
Best regards
Heinrich