rsa: Use checksum algorithms from struct hash_algo

Currently the hash functions used in RSA are called directly from the sha1 and sha256 libraries. Change the RSA checksum library to use the progressive hash API's registered with struct hash_algo. This will allow the checksum library to use the hardware accelerated progressive hash API's once available. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM) Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54

rsa: Use checksum algorithms from struct hash_algo
Currently the hash functions used in RSA are called directly from the sha1 and sha256 libraries. Change the RSA checksum library to use the progressive hash API's registered with struct hash_algo. This will allow the checksum library to use the hardware accelerated progressive hash API's once available. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM) Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
Ruchika Gupta · Simon Glass
1 parent 2dd9002719
Showing 6 changed files with 57 additions and 30 deletions Side-by-side Diff
common/image-sig.c
include/configs/ti_am335x_common.h
include/image.h
include/u-boot/rsa-checksum.h
lib/rsa/rsa-checksum.c
lib/rsa/rsa-verify.c
@@ -38,7 +38,7 @@
 #if IMAGE_ENABLE_SIGN
 		EVP_sha1,
 #endif
-		sha1_calculate,
+		hash_calculate,
 		padding_sha1_rsa2048,
 	},
 	{
@@ -48,7 +48,7 @@
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
-		sha256_calculate,
+		hash_calculate,
 		padding_sha256_rsa2048,
 	},
 	{
@@ -58,7 +58,7 @@
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
-		sha256_calculate,
+		hash_calculate,
 		padding_sha256_rsa4096,
 	}
  
@@ -20,7 +20,9 @@
 #define CONFIG_SPL_AM33XX_ENABLE_RTC32K_OSC
  
 #ifndef CONFIG_SPL_BUILD
+#ifndef CONFIG_DM
 # define CONFIG_DM
+#endif
 # define CONFIG_CMD_DM
 # define CONFIG_DM_GPIO
 # define CONFIG_DM_SERIAL
@@ -927,8 +927,9 @@
 #if IMAGE_ENABLE_SIGN
 	const EVP_MD *(*calculate_sign)(void);
 #endif
-	void (*calculate)(const struct image_region region[],
-			  int region_count, uint8_t *checksum);
+	int (*calculate)(const char *name,
+			 const struct image_region region[],
+			 int region_count, uint8_t *checksum);
 	const uint8_t *rsa_padding;
 };
  
@@ -16,10 +16,19 @@
 extern const uint8_t padding_sha256_rsa2048[];
 extern const uint8_t padding_sha1_rsa2048[];
  
-void sha256_calculate(const struct image_region region[], int region_count,
-		      uint8_t *checksum);
-void sha1_calculate(const struct image_region region[], int region_count,
-		    uint8_t *checksum);
+/**
+ * hash_calculate() - Calculate hash over the data
+ *
+ * @name:  Name of algorithm to be used for hash calculation
+ * @region: Array having info of regions over which hash needs to be calculated
+ * @region_count: Number of regions in the region array
+ * @checksum: Buffer contanining the output hash
+ *
+ * @return 0 if OK, < 0 if error
+ */
+int hash_calculate(const char *name,
+		   const struct image_region region[], int region_count,
+		   uint8_t *checksum);
  
 #endif
@@ -10,12 +10,13 @@
 #include <asm/byteorder.h>
 #include <asm/errno.h>
 #include <asm/unaligned.h>
+#include <hash.h>
 #else
 #include "fdt_host.h"
-#endif
-#include <u-boot/rsa.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#endif
+#include <u-boot/rsa.h>
  
 /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
  
  
  
  
  
@@ -136,29 +137,38 @@
 	0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
 };
  
-void sha1_calculate(const struct image_region region[], int region_count,
-		    uint8_t *checksum)
+int hash_calculate(const char *name,
+		    const struct image_region region[],
+		    int region_count, uint8_t *checksum)
 {
-	sha1_context ctx;
+	struct hash_algo *algo;
+	int ret = 0;
+	void *ctx;
 	uint32_t i;
 	i = 0;
  
-	sha1_starts(&ctx);
-	for (i = 0; i < region_count; i++)
-		sha1_update(&ctx, region[i].data, region[i].size);
-	sha1_finish(&ctx, checksum);
-}
+	ret = hash_progressive_lookup_algo(name, &algo);
+	if (ret)
+		return ret;
  
-void sha256_calculate(const struct image_region region[], int region_count,
-		      uint8_t *checksum)
-{
-	sha256_context ctx;
-	uint32_t i;
-	i = 0;
+	ret = algo->hash_init(algo, &ctx);
+	if (ret)
+		return ret;
  
-	sha256_starts(&ctx);
-	for (i = 0; i < region_count; i++)
-		sha256_update(&ctx, region[i].data, region[i].size);
-	sha256_finish(&ctx, checksum);
+	for (i = 0; i < region_count - 1; i++) {
+		ret = algo->hash_update(algo, ctx, region[i].data,
+					region[i].size, 0);
+		if (ret)
+			return ret;
+	}
+
+	ret = algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
+	if (ret)
+		return ret;
+	ret = algo->hash_finish(algo, ctx, checksum, algo->digest_size);
+	if (ret)
+		return ret;
+
+	return 0;
 }
@@ -184,7 +184,12 @@
 	}
  
 	/* Calculate checksum with checksum-algorithm */
-	info->algo->checksum->calculate(region, region_count, hash);
+	ret = info->algo->checksum->calculate(info->algo->checksum->name,
+					region, region_count, hash);
+	if (ret < 0) {
+		debug("%s: Error in checksum calculation\n", __func__);
+		return -EINVAL;
+	}
  
 	/* See if we must use a particular key */
 	if (info->required_keynode != -1) {
...	...	@@ -38,7 +38,7 @@
38	38	#if IMAGE_ENABLE_SIGN
39	39	EVP_sha1,
40	40	#endif
41		- sha1_calculate,
	41	+ hash_calculate,
42	42	padding_sha1_rsa2048,
43	43	},
44	44	{
...	...	@@ -48,7 +48,7 @@
48	48	#if IMAGE_ENABLE_SIGN
49	49	EVP_sha256,
50	50	#endif
51		- sha256_calculate,
	51	+ hash_calculate,
52	52	padding_sha256_rsa2048,
53	53	},
54	54	{
...	...	@@ -58,7 +58,7 @@
58	58	#if IMAGE_ENABLE_SIGN
59	59	EVP_sha256,
60	60	#endif
61		- sha256_calculate,
	61	+ hash_calculate,
62	62	padding_sha256_rsa4096,
63	63	}
64	64
...	...	@@ -20,7 +20,9 @@
20	20	#define CONFIG_SPL_AM33XX_ENABLE_RTC32K_OSC
21	21
22	22	#ifndef CONFIG_SPL_BUILD
	23	+#ifndef CONFIG_DM
23	24	# define CONFIG_DM
	25	+#endif
24	26	# define CONFIG_CMD_DM
25	27	# define CONFIG_DM_GPIO
26	28	# define CONFIG_DM_SERIAL
...	...	@@ -927,8 +927,9 @@
927	927	#if IMAGE_ENABLE_SIGN
928	928	const EVP_MD (calculate_sign)(void);
929	929	#endif
930		- void (*calculate)(const struct image_region region[],
931		- int region_count, uint8_t *checksum);
	930	+ int (calculate)(const char name,
	931	+ const struct image_region region[],
	932	+ int region_count, uint8_t *checksum);
932	933	const uint8_t *rsa_padding;
933	934	};
934	935
...	...	@@ -16,10 +16,19 @@
16	16	extern const uint8_t padding_sha256_rsa2048[];
17	17	extern const uint8_t padding_sha1_rsa2048[];
18	18
19		-void sha256_calculate(const struct image_region region[], int region_count,
20		- uint8_t *checksum);
21		-void sha1_calculate(const struct image_region region[], int region_count,
22		- uint8_t *checksum);
	19	+/**
	20	+ * hash_calculate() - Calculate hash over the data
	21	+ *
	22	+ * @name: Name of algorithm to be used for hash calculation
	23	+ * @region: Array having info of regions over which hash needs to be calculated
	24	+ * @region_count: Number of regions in the region array
	25	+ * @checksum: Buffer contanining the output hash
	26	+ *
	27	+ * @return 0 if OK, < 0 if error
	28	+ */
	29	+int hash_calculate(const char *name,
	30	+ const struct image_region region[], int region_count,
	31	+ uint8_t *checksum);
23	32
24	33	#endif
...	...	@@ -10,12 +10,13 @@
10	10	#include <asm/byteorder.h>
11	11	#include <asm/errno.h>
12	12	#include <asm/unaligned.h>
	13	+#include <hash.h>
13	14	#else
14	15	#include "fdt_host.h"
15		-#endif
16		-#include <u-boot/rsa.h>
17	16	#include <u-boot/sha1.h>
18	17	#include <u-boot/sha256.h>
	18	+#endif
	19	+#include <u-boot/rsa.h>
19	20
20	21	/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
21	22
22	23
23	24
24	25
25	26
...	...	@@ -136,29 +137,38 @@
136	137	0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
137	138	};
138	139
139		-void sha1_calculate(const struct image_region region[], int region_count,
140		- uint8_t *checksum)
	140	+int hash_calculate(const char *name,
	141	+ const struct image_region region[],
	142	+ int region_count, uint8_t *checksum)
141	143	{
142		- sha1_context ctx;
	144	+ struct hash_algo *algo;
	145	+ int ret = 0;
	146	+ void *ctx;
143	147	uint32_t i;
144	148	i = 0;
145	149
146		- sha1_starts(&ctx);
147		- for (i = 0; i < region_count; i++)
148		- sha1_update(&ctx, region[i].data, region[i].size);
149		- sha1_finish(&ctx, checksum);
150		-}
	150	+ ret = hash_progressive_lookup_algo(name, &algo);
	151	+ if (ret)
	152	+ return ret;
151	153
152		-void sha256_calculate(const struct image_region region[], int region_count,
153		- uint8_t *checksum)
154		-{
155		- sha256_context ctx;
156		- uint32_t i;
157		- i = 0;
	154	+ ret = algo->hash_init(algo, &ctx);
	155	+ if (ret)
	156	+ return ret;
158	157
159		- sha256_starts(&ctx);
160		- for (i = 0; i < region_count; i++)
161		- sha256_update(&ctx, region[i].data, region[i].size);
162		- sha256_finish(&ctx, checksum);
	158	+ for (i = 0; i < region_count - 1; i++) {
	159	+ ret = algo->hash_update(algo, ctx, region[i].data,
	160	+ region[i].size, 0);
	161	+ if (ret)
	162	+ return ret;
	163	+ }
	164	+
	165	+ ret = algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
	166	+ if (ret)
	167	+ return ret;
	168	+ ret = algo->hash_finish(algo, ctx, checksum, algo->digest_size);
	169	+ if (ret)
	170	+ return ret;
	171	+
	172	+ return 0;
163	173	}
...	...	@@ -184,7 +184,12 @@
184	184	}
185	185
186	186	/* Calculate checksum with checksum-algorithm */
187		- info->algo->checksum->calculate(region, region_count, hash);
	187	+ ret = info->algo->checksum->calculate(info->algo->checksum->name,
	188	+ region, region_count, hash);
	189	+ if (ret < 0) {
	190	+ debug("%s: Error in checksum calculation\n", __func__);
	191	+ return -EINVAL;
	192	+ }
188	193
189	194	/* See if we must use a particular key */
190	195	if (info->required_keynode != -1) {