rsa: Use checksum algorithms from struct hash_algo
authorRuchika Gupta <ruchika.gupta@freescale.com>
Fri, 23 Jan 2015 10:31:59 +0000 (16:01 +0530)
committerSimon Glass <sjg@chromium.org>
Fri, 30 Jan 2015 00:09:59 +0000 (17:09 -0700)
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)

Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54

common/image-sig.c
include/configs/ti_am335x_common.h
include/image.h
include/u-boot/rsa-checksum.h
lib/rsa/rsa-checksum.c
lib/rsa/rsa-verify.c

index 8601edaca35f41d0c996e15fb7f447179a8255b3..2c9f0cdf7ae3996b5c57bbe74b9ff7ee5cea58d7 100644 (file)
@@ -38,7 +38,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
                EVP_sha1,
 #endif
-               sha1_calculate,
+               hash_calculate,
                padding_sha1_rsa2048,
        },
        {
@@ -48,7 +48,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
                EVP_sha256,
 #endif
-               sha256_calculate,
+               hash_calculate,
                padding_sha256_rsa2048,
        },
        {
@@ -58,7 +58,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
                EVP_sha256,
 #endif
-               sha256_calculate,
+               hash_calculate,
                padding_sha256_rsa4096,
        }
 
index 5ed86d9365cd08aee392bbe77e7c7bf84e5c9ad6..598526bf95feb0709fdef7ad179838b0aabdf2a7 100644 (file)
@@ -20,7 +20,9 @@
 #define CONFIG_SPL_AM33XX_ENABLE_RTC32K_OSC
 
 #ifndef CONFIG_SPL_BUILD
+#ifndef CONFIG_DM
 # define CONFIG_DM
+#endif
 # define CONFIG_CMD_DM
 # define CONFIG_DM_GPIO
 # define CONFIG_DM_SERIAL
index ee3afe35670a9b460921ba0b2f5218df5a76b0c0..dcbc72fc1e23ede7be23addbb32dda2c8cee8803 100644 (file)
@@ -927,8 +927,9 @@ struct checksum_algo {
 #if IMAGE_ENABLE_SIGN
        const EVP_MD *(*calculate_sign)(void);
 #endif
-       void (*calculate)(const struct image_region region[],
-                         int region_count, uint8_t *checksum);
+       int (*calculate)(const char *name,
+                        const struct image_region region[],
+                        int region_count, uint8_t *checksum);
        const uint8_t *rsa_padding;
 };
 
index c996fb3e4c10eaf7c73451bbc8e7cf420b96d3d3..3c69d85ecbac7956a525b2e188943b46193259a3 100644 (file)
@@ -16,9 +16,18 @@ extern const uint8_t padding_sha256_rsa4096[];
 extern const uint8_t padding_sha256_rsa2048[];
 extern const uint8_t padding_sha1_rsa2048[];
 
-void sha256_calculate(const struct image_region region[], int region_count,
-                     uint8_t *checksum);
-void sha1_calculate(const struct image_region region[], int region_count,
-                   uint8_t *checksum);
+/**
+ * hash_calculate() - Calculate hash over the data
+ *
+ * @name:  Name of algorithm to be used for hash calculation
+ * @region: Array having info of regions over which hash needs to be calculated
+ * @region_count: Number of regions in the region array
+ * @checksum: Buffer contanining the output hash
+ *
+ * @return 0 if OK, < 0 if error
+ */
+int hash_calculate(const char *name,
+                  const struct image_region region[], int region_count,
+                  uint8_t *checksum);
 
 #endif
index 8d8b59f779a2bd7d5d9eeb413706c86b5307d9ff..68d9d651b02860ab6cf422be4be62565834370c6 100644 (file)
 #include <asm/byteorder.h>
 #include <asm/errno.h>
 #include <asm/unaligned.h>
+#include <hash.h>
 #else
 #include "fdt_host.h"
-#endif
-#include <u-boot/rsa.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#endif
+#include <u-boot/rsa.h>
 
 /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
 
@@ -136,28 +137,37 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
        0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
 };
 
-void sha1_calculate(const struct image_region region[], int region_count,
-                   uint8_t *checksum)
+int hash_calculate(const char *name,
+                   const struct image_region region[],
+                   int region_count, uint8_t *checksum)
 {
-       sha1_context ctx;
+       struct hash_algo *algo;
+       int ret = 0;
+       void *ctx;
        uint32_t i;
        i = 0;
 
-       sha1_starts(&ctx);
-       for (i = 0; i < region_count; i++)
-               sha1_update(&ctx, region[i].data, region[i].size);
-       sha1_finish(&ctx, checksum);
-}
+       ret = hash_progressive_lookup_algo(name, &algo);
+       if (ret)
+               return ret;
 
-void sha256_calculate(const struct image_region region[], int region_count,
-                     uint8_t *checksum)
-{
-       sha256_context ctx;
-       uint32_t i;
-       i = 0;
+       ret = algo->hash_init(algo, &ctx);
+       if (ret)
+               return ret;
+
+       for (i = 0; i < region_count - 1; i++) {
+               ret = algo->hash_update(algo, ctx, region[i].data,
+                                       region[i].size, 0);
+               if (ret)
+                       return ret;
+       }
+
+       ret = algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
+       if (ret)
+               return ret;
+       ret = algo->hash_finish(algo, ctx, checksum, algo->digest_size);
+       if (ret)
+               return ret;
 
-       sha256_starts(&ctx);
-       for (i = 0; i < region_count; i++)
-               sha256_update(&ctx, region[i].data, region[i].size);
-       sha256_finish(&ctx, checksum);
+       return 0;
 }
index da45daffd3b434c685a8f4b8aad7050800b9be01..60126d22884b6e29dd18887ee7fbad90869ed049 100644 (file)
@@ -184,7 +184,12 @@ int rsa_verify(struct image_sign_info *info,
        }
 
        /* Calculate checksum with checksum-algorithm */
-       info->algo->checksum->calculate(region, region_count, hash);
+       ret = info->algo->checksum->calculate(info->algo->checksum->name,
+                                       region, region_count, hash);
+       if (ret < 0) {
+               debug("%s: Error in checksum calculation\n", __func__);
+               return -EINVAL;
+       }
 
        /* See if we must use a particular key */
        if (info->required_keynode != -1) {