diff options
| author | Tom Rini <[email protected]> | 2021-07-17 11:39:50 -0400 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2021-07-17 11:39:50 -0400 |
| commit | f929ce50727bf1019323d6c199dfd3a5755c5474 (patch) | |
| tree | bdbcb31deae1864ac3772a7051c17ae9eade7cfa /include | |
| parent | d5dbc661c3041e910e161a95fca9e615d85730ac (diff) | |
| parent | cb9faa6f98ae56d70d59505dad290dd3d381cb7b (diff) | |
Merge branch '2021-07-16-cleanup-image-support'
- A large rework of the logic around supporting various image
types/formats and sharing between the host and target.
Diffstat (limited to 'include')
| -rw-r--r-- | include/image.h | 59 | ||||
| -rw-r--r-- | include/u-boot/ecdsa.h | 25 | ||||
| -rw-r--r-- | include/u-boot/rsa.h | 51 |
3 files changed, 14 insertions, 121 deletions
diff --git a/include/image.h b/include/image.h index 0c24bf6f35f..e20f0b69d58 100644 --- a/include/image.h +++ b/include/image.h @@ -30,10 +30,10 @@ struct fdt_region; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ -#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1 -#define CONFIG_FIT_ENABLE_SHA256_SUPPORT -#define CONFIG_FIT_ENABLE_SHA384_SUPPORT -#define CONFIG_FIT_ENABLE_SHA512_SUPPORT +#define CONFIG_FIT_RSASSA_PSS 1 +#define CONFIG_FIT_SHA256 +#define CONFIG_FIT_SHA384 +#define CONFIG_FIT_SHA512 #define CONFIG_SHA1 #define CONFIG_SHA256 #define CONFIG_SHA384 @@ -47,6 +47,7 @@ struct fdt_region; #include <lmb.h> #include <asm/u-boot.h> #include <command.h> +#include <linker_lists.h> /* Take notice of the 'ignore' property for hashes */ #define IMAGE_ENABLE_IGNORE 1 @@ -62,19 +63,15 @@ struct fdt_region; #include <linux/libfdt.h> #include <fdt_support.h> # ifdef CONFIG_SPL_BUILD -# ifdef CONFIG_SPL_CRC32_SUPPORT +# ifdef CONFIG_SPL_CRC32 # define IMAGE_ENABLE_CRC32 1 # endif -# ifdef CONFIG_SPL_MD5_SUPPORT +# ifdef CONFIG_SPL_MD5 # define IMAGE_ENABLE_MD5 1 # endif -# ifdef CONFIG_SPL_SHA1_SUPPORT -# define IMAGE_ENABLE_SHA1 1 -# endif # else # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 -# define IMAGE_ENABLE_SHA1 1 # endif #ifndef IMAGE_ENABLE_CRC32 @@ -85,31 +82,6 @@ struct fdt_region; #define IMAGE_ENABLE_MD5 0 #endif -#ifndef IMAGE_ENABLE_SHA1 -#define IMAGE_ENABLE_SHA1 0 -#endif - -#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ - defined(CONFIG_SPL_SHA256_SUPPORT) -#define IMAGE_ENABLE_SHA256 1 -#else -#define IMAGE_ENABLE_SHA256 0 -#endif - -#if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \ - defined(CONFIG_SPL_SHA384_SUPPORT) -#define IMAGE_ENABLE_SHA384 1 -#else -#define IMAGE_ENABLE_SHA384 0 -#endif - -#if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \ - defined(CONFIG_SPL_SHA512_SUPPORT) -#define IMAGE_ENABLE_SHA512 1 -#else -#define IMAGE_ENABLE_SHA512 0 -#endif - #endif /* IMAGE_ENABLE_FIT */ #ifdef CONFIG_SYS_BOOT_GET_CMDLINE @@ -1224,20 +1196,14 @@ int calculate_hash(const void *data, int data_len, const char *algo, #if defined(USE_HOSTCC) # if defined(CONFIG_FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN 1 -# define IMAGE_ENABLE_VERIFY 1 -# define IMAGE_ENABLE_VERIFY_ECDSA 1 # define FIT_IMAGE_ENABLE_VERIFY 1 # include <openssl/evp.h> # else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY 0 -# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY 0 # endif #else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY) -# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) #endif @@ -1250,11 +1216,6 @@ void image_set_host_blob(void *host_blob); # define gd_fdt_blob() (gd->fdt_blob) #endif -#ifdef CONFIG_FIT_BEST_MATCH -#define IMAGE_ENABLE_BEST_MATCH 1 -#else -#define IMAGE_ENABLE_BEST_MATCH 0 -#endif #endif /* IMAGE_ENABLE_FIT */ /* @@ -1293,7 +1254,7 @@ struct image_region { int size; }; -#if IMAGE_ENABLE_VERIFY +#if FIT_IMAGE_ENABLE_VERIFY # include <u-boot/hash-checksum.h> #endif struct checksum_algo { @@ -1362,6 +1323,10 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; +/* Declare a new U-Boot crypto algorithm handler */ +#define U_BOOT_CRYPTO_ALGO(__name) \ +ll_entry_declare(struct crypto_algo, __name, cryptos) + struct padding_algo { const char *name; int (*verify)(struct image_sign_info *info, diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h index 979690d9660..f6951c7346d 100644 --- a/include/u-boot/ecdsa.h +++ b/include/u-boot/ecdsa.h @@ -15,7 +15,6 @@ * @see "struct crypto_algo" * @{ */ -#if IMAGE_ENABLE_SIGN /** * sign() - calculate and return signature for given input data * @@ -49,22 +48,7 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[], * other -ve value on error */ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest); -#else -static inline -int ecdsa_sign(struct image_sign_info *info, const struct image_region region[], - int region_count, uint8_t **sigp, uint *sig_len) -{ - return -ENXIO; -} - -static inline -int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest) -{ - return -ENXIO; -} -#endif -#if IMAGE_ENABLE_VERIFY_ECDSA /** * verify() - Verify a signature against some data * @@ -78,15 +62,6 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest) int ecdsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); -#else -static inline -int ecdsa_verify(struct image_sign_info *info, - const struct image_region region[], int region_count, - uint8_t *sig, uint sig_len) -{ - return -ENXIO; -} -#endif /** @} */ #define ECDSA256_BYTES (256 / 8) diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index bed1c097c2c..89a9c4caa0a 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -31,7 +31,6 @@ struct rsa_public_key { struct image_sign_info; -#if IMAGE_ENABLE_SIGN /** * sign() - calculate and return signature for given input data * @@ -66,22 +65,7 @@ int rsa_sign(struct image_sign_info *info, other -ve value on error */ int rsa_add_verify_data(struct image_sign_info *info, void *keydest); -#else -static inline int rsa_sign(struct image_sign_info *info, - const struct image_region region[], int region_count, - uint8_t **sigp, uint *sig_len) -{ - return -ENXIO; -} - -static inline int rsa_add_verify_data(struct image_sign_info *info, - void *keydest) -{ - return -ENXIO; -} -#endif -#if IMAGE_ENABLE_VERIFY /** * rsa_verify_hash() - Verify a signature against a hash * @@ -119,42 +103,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT +#ifdef CONFIG_FIT_RSASSA_PSS int padding_pss_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ -#else -static inline int rsa_verify_hash(struct image_sign_info *info, - const uint8_t *hash, - uint8_t *sig, uint sig_len) -{ - return -ENXIO; -} - -static inline int rsa_verify(struct image_sign_info *info, - const struct image_region region[], int region_count, - uint8_t *sig, uint sig_len) -{ - return -ENXIO; -} - -static inline int padding_pkcs_15_verify(struct image_sign_info *info, - uint8_t *msg, int msg_len, - const uint8_t *hash, int hash_len) -{ - return -ENXIO; -} - -#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT -static inline int padding_pss_verify(struct image_sign_info *info, - uint8_t *msg, int msg_len, - const uint8_t *hash, int hash_len) -{ - return -ENXIO; -} -#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ -#endif +#endif /* CONFIG_FIT_RSASSA_PSS */ #define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" |