2018-05-07 05:58:06 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0+
|
2013-06-14 06:10:00 +08:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2013, Google Inc.
|
|
|
|
*/
|
|
|
|
|
2020-05-11 01:40:05 +08:00
|
|
|
#include <log.h>
|
2013-06-14 06:10:01 +08:00
|
|
|
#include <malloc.h>
|
2020-10-31 11:38:53 +08:00
|
|
|
#include <asm/global_data.h>
|
2013-06-14 06:10:01 +08:00
|
|
|
DECLARE_GLOBAL_DATA_PTR;
|
2013-06-14 06:10:00 +08:00
|
|
|
#include <image.h>
|
2021-09-25 21:03:19 +08:00
|
|
|
#include <relocate.h>
|
2021-02-20 02:45:12 +08:00
|
|
|
#include <u-boot/ecdsa.h>
|
2014-06-13 04:27:12 +08:00
|
|
|
#include <u-boot/rsa.h>
|
2021-02-20 02:45:10 +08:00
|
|
|
#include <u-boot/hash-checksum.h>
|
2013-06-14 06:10:00 +08:00
|
|
|
|
2013-06-14 06:10:09 +08:00
|
|
|
#define IMAGE_MAX_HASHED_NODES 100
|
|
|
|
|
2014-03-03 19:19:26 +08:00
|
|
|
struct checksum_algo checksum_algos[] = {
|
2024-02-16 01:12:18 +08:00
|
|
|
#if CONFIG_IS_ENABLED(SHA1)
|
2014-03-03 19:19:26 +08:00
|
|
|
{
|
2017-10-23 09:03:40 +08:00
|
|
|
.name = "sha1",
|
|
|
|
.checksum_len = SHA1_SUM_LEN,
|
|
|
|
.der_len = SHA1_DER_LEN,
|
|
|
|
.der_prefix = sha1_der_prefix,
|
|
|
|
.calculate = hash_calculate,
|
2014-03-03 19:19:26 +08:00
|
|
|
},
|
2024-02-16 01:12:18 +08:00
|
|
|
#endif
|
|
|
|
#if CONFIG_IS_ENABLED(SHA256)
|
2014-03-03 19:19:26 +08:00
|
|
|
{
|
2017-10-23 09:03:40 +08:00
|
|
|
.name = "sha256",
|
|
|
|
.checksum_len = SHA256_SUM_LEN,
|
|
|
|
.der_len = SHA256_DER_LEN,
|
|
|
|
.der_prefix = sha256_der_prefix,
|
|
|
|
.calculate = hash_calculate,
|
2020-04-16 13:36:52 +08:00
|
|
|
},
|
2024-02-16 01:12:18 +08:00
|
|
|
#endif
|
|
|
|
#if CONFIG_IS_ENABLED(SHA384)
|
2020-04-16 13:36:52 +08:00
|
|
|
{
|
|
|
|
.name = "sha384",
|
|
|
|
.checksum_len = SHA384_SUM_LEN,
|
|
|
|
.der_len = SHA384_DER_LEN,
|
|
|
|
.der_prefix = sha384_der_prefix,
|
|
|
|
.calculate = hash_calculate,
|
|
|
|
},
|
|
|
|
#endif
|
2024-02-16 01:12:18 +08:00
|
|
|
#if CONFIG_IS_ENABLED(SHA512)
|
2020-04-16 13:36:52 +08:00
|
|
|
{
|
|
|
|
.name = "sha512",
|
|
|
|
.checksum_len = SHA512_SUM_LEN,
|
|
|
|
.der_len = SHA512_DER_LEN,
|
|
|
|
.der_prefix = sha512_der_prefix,
|
|
|
|
.calculate = hash_calculate,
|
|
|
|
},
|
|
|
|
#endif
|
2016-11-09 02:53:41 +08:00
|
|
|
|
|
|
|
};
|
|
|
|
|
2016-11-09 02:53:41 +08:00
|
|
|
struct checksum_algo *image_get_checksum_algo(const char *full_name)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
const char *name;
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
|
|
|
|
name = checksum_algos[i].name;
|
|
|
|
/* Make sure names match and next char is a comma */
|
|
|
|
if (!strncmp(name, full_name, strlen(name)) &&
|
|
|
|
full_name[strlen(name)] == ',')
|
|
|
|
return &checksum_algos[i];
|
2013-06-14 06:10:02 +08:00
|
|
|
}
|
2014-03-03 19:19:27 +08:00
|
|
|
|
2016-11-09 02:53:41 +08:00
|
|
|
return NULL;
|
|
|
|
}
|
2013-06-14 06:10:00 +08:00
|
|
|
|
2016-11-09 02:53:41 +08:00
|
|
|
struct crypto_algo *image_get_crypto_algo(const char *full_name)
|
2013-06-14 06:10:00 +08:00
|
|
|
{
|
2021-07-15 06:05:39 +08:00
|
|
|
struct crypto_algo *crypto, *end;
|
2016-11-09 02:53:41 +08:00
|
|
|
const char *name;
|
|
|
|
|
|
|
|
/* Move name to after the comma */
|
|
|
|
name = strchr(full_name, ',');
|
|
|
|
if (!name)
|
|
|
|
return NULL;
|
|
|
|
name += 1;
|
2013-06-14 06:10:00 +08:00
|
|
|
|
2021-07-15 06:05:39 +08:00
|
|
|
crypto = ll_entry_start(struct crypto_algo, cryptos);
|
|
|
|
end = ll_entry_end(struct crypto_algo, cryptos);
|
|
|
|
for (; crypto < end; crypto++) {
|
|
|
|
if (!strcmp(crypto->name, name))
|
|
|
|
return crypto;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Not found */
|
2013-06-14 06:10:00 +08:00
|
|
|
return NULL;
|
|
|
|
}
|
2013-06-14 06:10:01 +08:00
|
|
|
|
2018-11-14 20:51:00 +08:00
|
|
|
struct padding_algo *image_get_padding_algo(const char *name)
|
|
|
|
{
|
image: rsa: Move padding_algos to linker lists
We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")
The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.
To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4ce ("image: rsa: Move verification algorithm to a linker list")
One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:
Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part of the macro, it would not be obvious that it
behaves differently on host code and target code. Having the #ifndef
outside the macro makes this obvious.
Also, the #ifdef is not always necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-08-19 06:49:02 +08:00
|
|
|
struct padding_algo *padding, *end;
|
2018-11-14 20:51:00 +08:00
|
|
|
|
|
|
|
if (!name)
|
|
|
|
return NULL;
|
|
|
|
|
image: rsa: Move padding_algos to linker lists
We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")
The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.
To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4ce ("image: rsa: Move verification algorithm to a linker list")
One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:
Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part of the macro, it would not be obvious that it
behaves differently on host code and target code. Having the #ifndef
outside the macro makes this obvious.
Also, the #ifdef is not always necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-08-19 06:49:02 +08:00
|
|
|
padding = ll_entry_start(struct padding_algo, paddings);
|
|
|
|
end = ll_entry_end(struct padding_algo, paddings);
|
|
|
|
for (; padding < end; padding++) {
|
|
|
|
if (!strcmp(padding->name, name))
|
|
|
|
return padding;
|
2018-11-14 20:51:00 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|