From 0003b8ada95068bef3522582fd7c211fb8b58e3c Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:29 -0500 Subject: image: Shorten FIT_ENABLE_SHAxxx_SUPPORT The ENABLE part of this name is redundant, since all boolean Kconfig options serve to enable something. The SUPPORT part is also redundant since Kconfigs can be assumed to enable support for something. Together they just serve to make these options overly long and inconsistent with other options. Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index 0c24bf6f35f..e54f12f4729 100644 --- a/include/image.h +++ b/include/image.h @@ -31,9 +31,9 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1 -#define CONFIG_FIT_ENABLE_SHA256_SUPPORT -#define CONFIG_FIT_ENABLE_SHA384_SUPPORT -#define CONFIG_FIT_ENABLE_SHA512_SUPPORT +#define CONFIG_FIT_SHA256 +#define CONFIG_FIT_SHA384 +#define CONFIG_FIT_SHA512 #define CONFIG_SHA1 #define CONFIG_SHA256 #define CONFIG_SHA384 @@ -89,21 +89,21 @@ struct fdt_region; #define IMAGE_ENABLE_SHA1 0 #endif -#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ +#if defined(CONFIG_FIT_SHA256) || \ defined(CONFIG_SPL_SHA256_SUPPORT) #define IMAGE_ENABLE_SHA256 1 #else #define IMAGE_ENABLE_SHA256 0 #endif -#if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \ +#if defined(CONFIG_FIT_SHA384) || \ defined(CONFIG_SPL_SHA384_SUPPORT) #define IMAGE_ENABLE_SHA384 1 #else #define IMAGE_ENABLE_SHA384 0 #endif -#if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \ +#if defined(CONFIG_FIT_SHA512) || \ defined(CONFIG_SPL_SHA512_SUPPORT) #define IMAGE_ENABLE_SHA512 1 #else -- cgit v1.2.3 From f5bc9c25f3159db2e420cdcff974980a5258a44f Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:30 -0500 Subject: image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx These option are named inconsistently with other SPL options, thus making them incompatible with the CONFIG_IS_ENABLED() macro. Rename them. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index e54f12f4729..bf92f6235de 100644 --- a/include/image.h +++ b/include/image.h @@ -68,7 +68,7 @@ struct fdt_region; # ifdef CONFIG_SPL_MD5_SUPPORT # define IMAGE_ENABLE_MD5 1 # endif -# ifdef CONFIG_SPL_SHA1_SUPPORT +# ifdef CONFIG_SPL_FIT_SHA1 # define IMAGE_ENABLE_SHA1 1 # endif # else @@ -90,21 +90,21 @@ struct fdt_region; #endif #if defined(CONFIG_FIT_SHA256) || \ - defined(CONFIG_SPL_SHA256_SUPPORT) + defined(CONFIG_SPL_FIT_SHA256) #define IMAGE_ENABLE_SHA256 1 #else #define IMAGE_ENABLE_SHA256 0 #endif #if defined(CONFIG_FIT_SHA384) || \ - defined(CONFIG_SPL_SHA384_SUPPORT) + defined(CONFIG_SPL_FIT_SHA384) #define IMAGE_ENABLE_SHA384 1 #else #define IMAGE_ENABLE_SHA384 0 #endif #if defined(CONFIG_FIT_SHA512) || \ - defined(CONFIG_SPL_SHA512_SUPPORT) + defined(CONFIG_SPL_FIT_SHA512) #define IMAGE_ENABLE_SHA512 1 #else #define IMAGE_ENABLE_SHA512 0 -- cgit v1.2.3 From ad74aed11e1dfe39b7f32dd855859abaf51d33f0 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:31 -0500 Subject: image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT Drop the ENABLE and SUPPORT parts of this, which are redundant. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 2 +- include/u-boot/rsa.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index bf92f6235de..b242007b9c1 100644 --- a/include/image.h +++ b/include/image.h @@ -30,7 +30,7 @@ struct fdt_region; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ -#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1 +#define CONFIG_FIT_RSASSA_PSS 1 #define CONFIG_FIT_SHA256 #define CONFIG_FIT_SHA384 #define CONFIG_FIT_SHA512 diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index bed1c097c2c..bc564d56fa3 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -119,11 +119,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT +#ifdef CONFIG_FIT_RSASSA_PSS int padding_pss_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ +#endif /* CONFIG_FIT_RSASSA_PSS */ #else static inline int rsa_verify_hash(struct image_sign_info *info, const uint8_t *hash, @@ -146,14 +146,14 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info, return -ENXIO; } -#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT +#ifdef CONFIG_FIT_RSASSA_PSS static inline int padding_pss_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len) { return -ENXIO; } -#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ +#endif /* CONFIG_FIT_RSASSA_PSS */ #endif #define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" -- cgit v1.2.3 From 1e52db6799172cdd1612e0394da050d29164a13f Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:32 -0500 Subject: Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32 Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this option. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index b242007b9c1..e2037d31597 100644 --- a/include/image.h +++ b/include/image.h @@ -62,7 +62,7 @@ struct fdt_region; #include #include # ifdef CONFIG_SPL_BUILD -# ifdef CONFIG_SPL_CRC32_SUPPORT +# ifdef CONFIG_SPL_CRC32 # define IMAGE_ENABLE_CRC32 1 # endif # ifdef CONFIG_SPL_MD5_SUPPORT -- cgit v1.2.3 From 4b00fd1a84c1ef15f640da1d7a1081d0dbfbfbfe Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:33 -0500 Subject: Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5 Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this option. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index e2037d31597..124448f9e4f 100644 --- a/include/image.h +++ b/include/image.h @@ -65,7 +65,7 @@ struct fdt_region; # ifdef CONFIG_SPL_CRC32 # define IMAGE_ENABLE_CRC32 1 # endif -# ifdef CONFIG_SPL_MD5_SUPPORT +# ifdef CONFIG_SPL_MD5 # define IMAGE_ENABLE_MD5 1 # endif # ifdef CONFIG_SPL_FIT_SHA1 -- cgit v1.2.3 From 0ad75696d078e56ca8e4d09a875de8107590ab8a Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:34 -0500 Subject: image: Drop IMAGE_ENABLE_SHA1 We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1) directly in the code shared with the host build, so we can drop the unnecessary indirection. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 8 -------- 1 file changed, 8 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index 124448f9e4f..bca9033e7f0 100644 --- a/include/image.h +++ b/include/image.h @@ -68,13 +68,9 @@ struct fdt_region; # ifdef CONFIG_SPL_MD5 # define IMAGE_ENABLE_MD5 1 # endif -# ifdef CONFIG_SPL_FIT_SHA1 -# define IMAGE_ENABLE_SHA1 1 -# endif # else # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 -# define IMAGE_ENABLE_SHA1 1 # endif #ifndef IMAGE_ENABLE_CRC32 @@ -85,10 +81,6 @@ struct fdt_region; #define IMAGE_ENABLE_MD5 0 #endif -#ifndef IMAGE_ENABLE_SHA1 -#define IMAGE_ENABLE_SHA1 0 -#endif - #if defined(CONFIG_FIT_SHA256) || \ defined(CONFIG_SPL_FIT_SHA256) #define IMAGE_ENABLE_SHA256 1 -- cgit v1.2.3 From 14f061dcb158a4ffbf09df10f2ac2d37c157437c Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:35 -0500 Subject: image: Drop IMAGE_ENABLE_SHAxxx We already have a host Kconfig for these SHA options. Use CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build, so we can drop the unnecessary indirections. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index bca9033e7f0..dbb9bd0174a 100644 --- a/include/image.h +++ b/include/image.h @@ -81,27 +81,6 @@ struct fdt_region; #define IMAGE_ENABLE_MD5 0 #endif -#if defined(CONFIG_FIT_SHA256) || \ - defined(CONFIG_SPL_FIT_SHA256) -#define IMAGE_ENABLE_SHA256 1 -#else -#define IMAGE_ENABLE_SHA256 0 -#endif - -#if defined(CONFIG_FIT_SHA384) || \ - defined(CONFIG_SPL_FIT_SHA384) -#define IMAGE_ENABLE_SHA384 1 -#else -#define IMAGE_ENABLE_SHA384 0 -#endif - -#if defined(CONFIG_FIT_SHA512) || \ - defined(CONFIG_SPL_FIT_SHA512) -#define IMAGE_ENABLE_SHA512 1 -#else -#define IMAGE_ENABLE_SHA512 0 -#endif - #endif /* IMAGE_ENABLE_FIT */ #ifdef CONFIG_SYS_BOOT_GET_CMDLINE -- cgit v1.2.3 From 70c1c8927e2c1fd97cd174d7924300d672e8313b Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 14 Jul 2021 17:05:36 -0500 Subject: image: Drop IMAGE_ENABLE_BEST_MATCH This is not needed with Kconfig, since we can use IS_ENABLED() easily enough. Drop it. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- include/image.h | 5 ----- 1 file changed, 5 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index dbb9bd0174a..8b420f2c02c 100644 --- a/include/image.h +++ b/include/image.h @@ -1221,11 +1221,6 @@ void image_set_host_blob(void *host_blob); # define gd_fdt_blob() (gd->fdt_blob) #endif -#ifdef CONFIG_FIT_BEST_MATCH -#define IMAGE_ENABLE_BEST_MATCH 1 -#else -#define IMAGE_ENABLE_BEST_MATCH 0 -#endif #endif /* IMAGE_ENABLE_FIT */ /* -- cgit v1.2.3 From 0980164b1306400e91e5ac389a514111ff74fc01 Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Wed, 14 Jul 2021 17:05:39 -0500 Subject: image: Add support for placing crypto_algo in linker lists The purpose of this change is to enable crypto algorithms to be placed in linker lists, rather than be declared as a static array. The goal is to remove the crypto_algos array in a subsequent patch. Create a new linker list named "cryptos", and search it when image_get_crypto_algo() is invoked. NOTE that adding support for manual relocation of crypto_algos within linker lists is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- include/image.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/image.h b/include/image.h index 8b420f2c02c..d4c453428c4 100644 --- a/include/image.h +++ b/include/image.h @@ -47,6 +47,7 @@ struct fdt_region; #include #include #include +#include /* Take notice of the 'ignore' property for hashes */ #define IMAGE_ENABLE_IGNORE 1 @@ -1328,6 +1329,10 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; +/* Declare a new U-Boot crypto algorithm handler */ +#define U_BOOT_CRYPTO_ALGO(__name) \ +ll_entry_declare(struct crypto_algo, __name, cryptos) + struct padding_algo { const char *name; int (*verify)(struct image_sign_info *info, -- cgit v1.2.3 From 820c4968c3f5a3440344ca5ec51ccfb9271d05ac Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Wed, 14 Jul 2021 17:05:42 -0500 Subject: lib: ecdsa: Remove #ifdefs from ecdsa.h It is no longer necessary to implement ecdsa_() functions as no-ops depending on config options. It is merely sufficient to provide the prototypes, as the ecdsa code is no longer linked when unused. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- include/u-boot/ecdsa.h | 25 ------------------------- 1 file changed, 25 deletions(-) (limited to 'include') diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h index 979690d9660..f6951c7346d 100644 --- a/include/u-boot/ecdsa.h +++ b/include/u-boot/ecdsa.h @@ -15,7 +15,6 @@ * @see "struct crypto_algo" * @{ */ -#if IMAGE_ENABLE_SIGN /** * sign() - calculate and return signature for given input data * @@ -49,22 +48,7 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[], * other -ve value on error */ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest); -#else -static inline -int ecdsa_sign(struct image_sign_info *info, const struct image_region region[], - int region_count, uint8_t **sigp, uint *sig_len) -{ - return -ENXIO; -} - -static inline -int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest) -{ - return -ENXIO; -} -#endif -#if IMAGE_ENABLE_VERIFY_ECDSA /** * verify() - Verify a signature against some data * @@ -78,15 +62,6 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest) int ecdsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); -#else -static inline -int ecdsa_verify(struct image_sign_info *info, - const struct image_region region[], int region_count, - uint8_t *sig, uint sig_len) -{ - return -ENXIO; -} -#endif /** @} */ #define ECDSA256_BYTES (256 / 8) -- cgit v1.2.3 From 92c960bc1d4c8f702171fea0d87e86f317d4b597 Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Wed, 14 Jul 2021 17:05:43 -0500 Subject: lib: rsa: Remove #ifdefs from rsa.h It is no longer necessary to implement rsa_() functions as no-ops depending on config options. It is merely sufficient to provide the prototypes, as the rsa code is no longer linked when unused. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- include/u-boot/rsa.h | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) (limited to 'include') diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index bc564d56fa3..89a9c4caa0a 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -31,7 +31,6 @@ struct rsa_public_key { struct image_sign_info; -#if IMAGE_ENABLE_SIGN /** * sign() - calculate and return signature for given input data * @@ -66,22 +65,7 @@ int rsa_sign(struct image_sign_info *info, other -ve value on error */ int rsa_add_verify_data(struct image_sign_info *info, void *keydest); -#else -static inline int rsa_sign(struct image_sign_info *info, - const struct image_region region[], int region_count, - uint8_t **sigp, uint *sig_len) -{ - return -ENXIO; -} - -static inline int rsa_add_verify_data(struct image_sign_info *info, - void *keydest) -{ - return -ENXIO; -} -#endif -#if IMAGE_ENABLE_VERIFY /** * rsa_verify_hash() - Verify a signature against a hash * @@ -124,37 +108,6 @@ int padding_pss_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); #endif /* CONFIG_FIT_RSASSA_PSS */ -#else -static inline int rsa_verify_hash(struct image_sign_info *info, - const uint8_t *hash, - uint8_t *sig, uint sig_len) -{ - return -ENXIO; -} - -static inline int rsa_verify(struct image_sign_info *info, - const struct image_region region[], int region_count, - uint8_t *sig, uint sig_len) -{ - return -ENXIO; -} - -static inline int padding_pkcs_15_verify(struct image_sign_info *info, - uint8_t *msg, int msg_len, - const uint8_t *hash, int hash_len) -{ - return -ENXIO; -} - -#ifdef CONFIG_FIT_RSASSA_PSS -static inline int padding_pss_verify(struct image_sign_info *info, - uint8_t *msg, int msg_len, - const uint8_t *hash, int hash_len) -{ - return -ENXIO; -} -#endif /* CONFIG_FIT_RSASSA_PSS */ -#endif #define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" -- cgit v1.2.3 From 8be1818a4f0c9ec14d04a244196c6e265fd973b7 Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Wed, 14 Jul 2021 17:05:44 -0500 Subject: image: Eliminate IMAGE_ENABLE_VERIFY macro This macro is no longer needed for code flow or #ifdefs. Remove it. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- include/image.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index d4c453428c4..64663c591b5 100644 --- a/include/image.h +++ b/include/image.h @@ -1196,19 +1196,16 @@ int calculate_hash(const void *data, int data_len, const char *algo, #if defined(USE_HOSTCC) # if defined(CONFIG_FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN 1 -# define IMAGE_ENABLE_VERIFY 1 # define IMAGE_ENABLE_VERIFY_ECDSA 1 # define FIT_IMAGE_ENABLE_VERIFY 1 # include # else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY 0 # define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY 0 # endif #else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY) # define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) #endif @@ -1260,7 +1257,7 @@ struct image_region { int size; }; -#if IMAGE_ENABLE_VERIFY +#if FIT_IMAGE_ENABLE_VERIFY # include #endif struct checksum_algo { -- cgit v1.2.3 From 8387dba471de8d8668123ca0e158ab3f4f4bf81e Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Wed, 14 Jul 2021 17:05:45 -0500 Subject: image: Eliminate IMAGE_ENABLE_VERIFY_ECDSA macro This macro is no longer needed for code flow or #ifdefs. Remove it. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- include/image.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index 64663c591b5..e20f0b69d58 100644 --- a/include/image.h +++ b/include/image.h @@ -1196,17 +1196,14 @@ int calculate_hash(const void *data, int data_len, const char *algo, #if defined(USE_HOSTCC) # if defined(CONFIG_FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN 1 -# define IMAGE_ENABLE_VERIFY_ECDSA 1 # define FIT_IMAGE_ENABLE_VERIFY 1 # include # else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY 0 # endif #else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) #endif -- cgit v1.2.3