From e60e449931201eaf9a1883dfddef1c5cb6bf161d Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:18 -0500 Subject: lib: Drop SHA512_ALGO in lieu of SHA512 SHA512_ALGO was used as a "either SHA512 or SHA384", although the implementations of these two algorithms share a majority of code. From a Kconfig interface perspective, it makes sense to present two distinct options. This requires #ifdefing out the SHA512 implementation from sha512.c. The latter doesn't make any sense. It's reasonable to say in Kconfig that SHA384 depends on SHA512, and seems to be the more polite way to handle the selection. Thus, automatically select SHA512 when SHA384 is enabled. Signed-off-by: Alexandru Gagniuc --- lib/Kconfig | 12 ++++-------- lib/Makefile | 2 +- lib/crypt/Kconfig | 2 +- lib/efi_loader/Kconfig | 2 +- lib/sha512.c | 2 -- 5 files changed, 7 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index c535147aeaa..48565a4169d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -375,14 +375,9 @@ config SHA256 The SHA256 algorithm produces a 256-bit (32-byte) hash value (digest). -config SHA512_ALGO - bool "Enable SHA512 algorithm" - help - This option enables support of internal SHA512 algorithm. config SHA512 bool "Enable SHA512 support" - depends on SHA512_ALGO help This option enables support of hashing using SHA512 algorithm. The hash is calculated in software. @@ -391,10 +386,11 @@ config SHA512 config SHA384 bool "Enable SHA384 support" - depends on SHA512_ALGO + select SHA512 help This option enables support of hashing using SHA384 algorithm. - The hash is calculated in software. + The hash is calculated in software. This is also selects SHA512, + because these implementations share the bulk of the code.. The SHA384 algorithm produces a 384-bit (48-byte) hash value (digest). @@ -409,7 +405,7 @@ if SHA_HW_ACCEL config SHA512_HW_ACCEL bool "Enable hardware acceleration for SHA512" - depends on SHA512_ALGO + depends on SHA512 help This option enables hardware acceleration for the SHA384 and SHA512 hashing algorithms. This affects the 'hash' command and also the diff --git a/lib/Makefile b/lib/Makefile index 8ba745faa08..6aa48ca3d50 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -65,7 +65,7 @@ obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_HASH) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o -obj-$(CONFIG_SHA512_ALGO) += sha512.o +obj-$(CONFIG_SHA512) += sha512.o obj-$(CONFIG_CRYPT_PW) += crypt/ obj-$(CONFIG_$(SPL_)ZLIB) += zlib/ diff --git a/lib/crypt/Kconfig b/lib/crypt/Kconfig index 5495ae8d4cd..6a500296422 100644 --- a/lib/crypt/Kconfig +++ b/lib/crypt/Kconfig @@ -20,7 +20,7 @@ config CRYPT_PW_SHA256 config CRYPT_PW_SHA512 bool "Provide sha512crypt" select SHA512 - select SHA512_ALGO + select SHA512 help Enables support for the sha512crypt password-hashing algorithm. The prefix is "$6$". diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index dacc3b58810..08463251cdf 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -323,7 +323,7 @@ config EFI_TCG2_PROTOCOL depends on TPM_V2 select SHA1 select SHA256 - select SHA512_ALGO + select SHA512 select SHA384 select SHA512 select HASH diff --git a/lib/sha512.c b/lib/sha512.c index 35f31e3dc5f..a421f249ba2 100644 --- a/lib/sha512.c +++ b/lib/sha512.c @@ -320,7 +320,6 @@ void sha384_csum_wd(const unsigned char *input, unsigned int ilen, #endif -#if defined(CONFIG_SHA512) void sha512_starts(sha512_context * ctx) { ctx->state[0] = SHA512_H0; @@ -381,4 +380,3 @@ void sha512_csum_wd(const unsigned char *input, unsigned int ilen, sha512_finish(&ctx, output); } -#endif -- cgit v1.3.1 From 0721209699c5092b4d364c3b57256840d3a7dcbc Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:19 -0500 Subject: common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for CHAIN_OF_TRUST to select SPL_HASH now. Signed-off-by: Alexandru Gagniuc [trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks] Signed-off-by: Tom Rini --- board/freescale/common/Kconfig | 1 + common/Kconfig.boot | 2 +- common/Makefile | 4 +--- common/spl/Kconfig | 23 +--------------------- .../ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 - configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 1 - configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 - configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 1 - .../ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 1 - include/configs/xilinx_zynqmp.h | 2 +- lib/Makefile | 2 +- 11 files changed, 6 insertions(+), 33 deletions(-) (limited to 'lib') diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index ab9c14ae885..35a6115e5e4 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -4,6 +4,7 @@ config CHAIN_OF_TRUST imply CMD_HASH if ARM select FSL_CAAM select SPL_BOARD_INIT if (ARM && SPL) + select SPL_HASH if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL select ENV_IS_NOWHERE diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 8736e6af476..1f365d4a810 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -158,7 +158,7 @@ config SPL_FIT_SIGNATURE select FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO - select SPL_HASH_SUPPORT + select SPL_HASH imply SPL_RSA imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO diff --git a/common/Makefile b/common/Makefile index 9063ed93910..ae0430c35fe 100644 --- a/common/Makefile +++ b/common/Makefile @@ -8,7 +8,6 @@ ifndef CONFIG_SPL_BUILD obj-y += init/ obj-y += main.o obj-y += exports.o -obj-$(CONFIG_HASH) += hash.o obj-$(CONFIG_HUSH_PARSER) += cli_hush.o obj-$(CONFIG_AUTOBOOT) += autoboot.o @@ -66,8 +65,6 @@ ifdef CONFIG_SPL_BUILD ifdef CONFIG_SPL_DFU obj-$(CONFIG_DFU_OVER_USB) += dfu.o endif -obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o -obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += fdt_support.o @@ -105,6 +102,7 @@ endif endif obj-y += image.o +obj-$(CONFIG_$(SPL_TPL_)HASH) += hash.o obj-$(CONFIG_ANDROID_AB) += android_ab.o obj-$(CONFIG_ANDROID_BOOT_IMAGE) += image-android.o image-android-dt.o obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o diff --git a/common/spl/Kconfig b/common/spl/Kconfig index d69d1fa5f78..29a46c47877 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -477,27 +477,6 @@ config SPL_CRYPTO this option to build the drivers in drivers/crypto as part of an SPL build. -config SPL_HASH_SUPPORT - bool "Support hashing drivers" - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - -config TPL_HASH_SUPPORT - bool "Support hashing drivers in TPL" - depends on TPL - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - config SPL_DMA bool "Support DMA drivers" help @@ -1193,7 +1172,7 @@ config SPL_USB_ETHER config SPL_DFU bool "Support DFU (Device Firmware Upgrade)" - select SPL_HASH_SUPPORT + select SPL_HASH select SPL_DFU_NO_RESET depends on SPL_RAM_SUPPORT help diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig index 78196e6485d..f9d551c6a89 100644 --- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig @@ -31,7 +31,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xe8 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig index 3736445d47c..2733ca83587 100644 --- a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig @@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y CONFIG_SPL_NAND_SUPPORT=y diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig index b879a0c3614..392ef1cbd55 100644 --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig @@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y CONFIG_SPL_WATCHDOG=y diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig index c46d0dbedd3..3d5783aa260 100644 --- a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig @@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig index 96d44799fa8..0d94027ccb9 100644 --- a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig +++ b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig @@ -33,7 +33,6 @@ CONFIG_MISC_INIT_R=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x8b0 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/include/configs/xilinx_zynqmp.h b/include/configs/xilinx_zynqmp.h index 262154cdffd..42758ba7589 100644 --- a/include/configs/xilinx_zynqmp.h +++ b/include/configs/xilinx_zynqmp.h @@ -258,7 +258,7 @@ #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_DFU) # define CONFIG_SPL_ENV_SUPPORT -# define CONFIG_SPL_HASH_SUPPORT +# define CONFIG_SPL_HASH # define CONFIG_ENV_MAX_ENTRIES 10 #endif diff --git a/lib/Makefile b/lib/Makefile index 6aa48ca3d50..93be86c34a0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -87,7 +87,7 @@ endif ifdef CONFIG_SPL_BUILD obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o -obj-$(CONFIG_$(SPL_TPL_)HASH_SUPPORT) += crc16.o +obj-$(CONFIG_$(SPL_TPL_)HASH) += crc16.o obj-y += net_utils.o endif obj-$(CONFIG_ADDR_MAP) += addr_map.o -- cgit v1.3.1 From fe54aeaa4acbb41880b05acef9ef949e62d299dd Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:20 -0500 Subject: common: Move MD5 hash to hash_algo[] array. MD5 is being called directly in some places, but it is not available via hash_lookup_algo("md5"). This is inconsistent with other hasing routines. To resolve this, add an "md5" entry to hash_algos[]. The #ifdef clause looks funnier than those for other entries. This is because both MD5 and SPL_MD5 configs exist, whereas the other hashes do not have "SPL_" entries. The long term plan is to get rid of the ifdefs, so those should not be expected to survive much longer. The md5 entry does not have .hash_init/update/finish members. That's okay because hash_progressive_lookup_algo() will catch that, and return -EPROTONOSUPPORT, while hash_lookup_algo() will return the correct pointer. Signed-off-by: Alexandru Gagniuc [trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check] Signed-off-by: Tom Rini --- common/hash.c | 13 +++++++++++++ include/image.h | 1 + include/u-boot/md5.h | 6 ++++-- lib/md5.c | 4 ++-- 4 files changed, 20 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/common/hash.c b/common/hash.c index dca23635abe..6277fe65b3e 100644 --- a/common/hash.c +++ b/common/hash.c @@ -207,12 +207,25 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, return 0; } +#ifdef USE_HOSTCC +# define I_WANT_MD5 1 +#else +# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5) +#endif /* * These are the hash algorithms we support. If we have hardware acceleration * is enable we will use that, otherwise a software version of the algorithm. * Note that algorithm names must be in lower case. */ static struct hash_algo hash_algo[] = { +#if I_WANT_MD5 + { + .name = "md5", + .digest_size = MD5_SUM_LEN, + .chunk_size = CHUNKSZ_MD5, + .hash_func_ws = md5_wd, + }, +#endif #ifdef CONFIG_SHA1 { .name = "sha1", diff --git a/include/image.h b/include/image.h index 489b220eba4..e4b9cd0df2d 100644 --- a/include/image.h +++ b/include/image.h @@ -31,6 +31,7 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 +#define CONFIG_MD5 #define CONFIG_SHA1 #define CONFIG_SHA256 #define CONFIG_SHA384 diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h index e09c16a6e3f..6d48592aa64 100644 --- a/include/u-boot/md5.h +++ b/include/u-boot/md5.h @@ -8,6 +8,8 @@ #include "compiler.h" +#define MD5_SUM_LEN 16 + struct MD5Context { __u32 buf[4]; __u32 bits[2]; @@ -28,7 +30,7 @@ void md5 (unsigned char *input, int len, unsigned char output[16]); * 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the * watchdog every 'chunk_sz' bytes of input processed. */ -void md5_wd (unsigned char *input, int len, unsigned char output[16], - unsigned int chunk_sz); +void md5_wd(const unsigned char *input, unsigned int len, + unsigned char output[16], unsigned int chunk_sz); #endif /* _MD5_H */ diff --git a/lib/md5.c b/lib/md5.c index 2ae4a06319c..e2ba622ea4e 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -284,12 +284,12 @@ md5 (unsigned char *input, int len, unsigned char output[16]) * watchdog every 'chunk_sz' bytes of input processed. */ void -md5_wd (unsigned char *input, int len, unsigned char output[16], +md5_wd(const unsigned char *input, unsigned int len, unsigned char output[16], unsigned int chunk_sz) { struct MD5Context context; #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG) - unsigned char *end, *curr; + const unsigned char *end, *curr; int chunk; #endif -- cgit v1.3.1