Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-22 12:54:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

lib: Adapt digest header files to MbedTLS

Browse source 
Adapt digest header files to support both original libs and MbedTLS
by switching on/off MBEDTLS_LIB_CRYPTO.
Introduce <alg>_LEGACY kconfig for legacy hash implementations.
sha256.o should depend on SHA256 kconfig only but not SUPPORT_EMMC_RPMB,
SHA256 should be selected when SUPPORT_EMMC_RPMB is enabled instead.

`IS_ENABLED` or `CONFIG_IS_ENABLED` is not applicable here, since
including <linux/kconfig.h> causes undefined reference on schedule()
with sandbox build, as <linux/kconfig.h> includes <generated/autoconf.h>
which enables `CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule()
are defined in sandbox build,
Thus we use `#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` instead.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
Raymond Mao 2024-10-03 14:50:16 -07:00 committed by Tom Rini
parent 13de848338
commit 5d1d98399f
7 changed files with 154 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
drivers/mmc/Kconfig
View file

@ -130,6 +130,7 @@ config MMC_HW_PARTITIONING
config SUPPORT_EMMC_RPMB config SUPPORT_EMMC_RPMB
bool "Support eMMC replay protected memory block (RPMB)" bool "Support eMMC replay protected memory block (RPMB)"
imply CMD_MMC_RPMB imply CMD_MMC_RPMB
select SHA256
help help
Enable support for reading, writing and programming the Enable support for reading, writing and programming the
key for the Replay Protection Memory Block partition in eMMC. key for the Replay Protection Memory Block partition in eMMC.

7
include/u-boot/md5.h
View file

@ -6,10 +6,16 @@
#ifndef _MD5_H #ifndef _MD5_H
#define _MD5_H #define _MD5_H
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
#include <mbedtls/md5.h>
#endif
#include "compiler.h" #include "compiler.h"
#define MD5_SUM_LEN 16 #define MD5_SUM_LEN 16
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
typedef mbedtls_md5_context MD5Context;
#else
typedef struct MD5Context { typedef struct MD5Context {
__u32 buf[4]; __u32 buf[4];
__u32 bits[2]; __u32 bits[2];
@ -18,6 +24,7 @@ typedef struct MD5Context {
__u32 in32[16]; __u32 in32[16];
}; };
} MD5Context; } MD5Context;
#endif
void MD5Init(MD5Context *ctx); void MD5Init(MD5Context *ctx);
void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len); void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len);

21
include/u-boot/sha1.h
View file

@ -16,6 +16,21 @@
#include <linux/types.h> #include <linux/types.h>
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
/*
* FIXME:
* MbedTLS define the members of "mbedtls_sha256_context" as private,
* but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue.
* MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
* access.
* Directly including <external/mbedtls/library/common.h> is not allowed,
* since this will include <malloc.h> and break the sandbox test.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/sha1.h>
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -26,6 +41,9 @@ extern "C" {
extern const uint8_t sha1_der_prefix[]; extern const uint8_t sha1_der_prefix[];
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
typedef mbedtls_sha1_context sha1_context;
#else
/** /**
* \brief SHA-1 context structure * \brief SHA-1 context structure
*/ */
@ -36,13 +54,14 @@ typedef struct
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
} }
sha1_context; sha1_context;
#endif
/** /**
* \brief SHA-1 context setup * \brief SHA-1 context setup
* *
* \param ctx SHA-1 context to be initialized * \param ctx SHA-1 context to be initialized
*/ */
void sha1_starts( sha1_context *ctx ); void sha1_starts(sha1_context *ctx);
/** /**
* \brief SHA-1 process buffer * \brief SHA-1 process buffer

20
include/u-boot/sha256.h
View file

@ -3,6 +3,22 @@
#include <linux/types.h> #include <linux/types.h>
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
/*
* FIXME:
* MbedTLS define the members of "mbedtls_sha256_context" as private,
* but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue.
* MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
* access.
* Directly including <external/mbedtls/library/common.h> is not allowed,
* since this will include <malloc.h> and break the sandbox test.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/sha256.h>
#endif
#define SHA224_SUM_LEN 28
#define SHA256_SUM_LEN 32 #define SHA256_SUM_LEN 32
#define SHA256_DER_LEN 19 #define SHA256_DER_LEN 19
@ -11,11 +27,15 @@ extern const uint8_t sha256_der_prefix[];
/* Reset watchdog each time we process this many bytes */ /* Reset watchdog each time we process this many bytes */
#define CHUNKSZ_SHA256 (64 * 1024) #define CHUNKSZ_SHA256 (64 * 1024)
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
typedef mbedtls_sha256_context sha256_context;
#else
typedef struct { typedef struct {
uint32_t total[2]; uint32_t total[2];
uint32_t state[8]; uint32_t state[8];
uint8_t buffer[64]; uint8_t buffer[64];
} sha256_context; } sha256_context;
#endif
void sha256_starts(sha256_context * ctx); void sha256_starts(sha256_context * ctx);
void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length); void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length);

9
include/u-boot/sha512.h
View file

@ -3,6 +3,10 @@
#include <linux/types.h> #include <linux/types.h>
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
#include <mbedtls/sha512.h>
#endif
#define SHA384_SUM_LEN 48 #define SHA384_SUM_LEN 48
#define SHA384_DER_LEN 19 #define SHA384_DER_LEN 19
#define SHA512_SUM_LEN 64 #define SHA512_SUM_LEN 64
@ -12,11 +16,16 @@
#define CHUNKSZ_SHA384 (16 * 1024) #define CHUNKSZ_SHA384 (16 * 1024)
#define CHUNKSZ_SHA512 (16 * 1024) #define CHUNKSZ_SHA512 (16 * 1024)
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
typedef mbedtls_sha512_context sha384_context;
typedef mbedtls_sha512_context sha512_context;
#else
typedef struct { typedef struct {
uint64_t state[SHA512_SUM_LEN / 8]; uint64_t state[SHA512_SUM_LEN / 8];
uint64_t count[2]; uint64_t count[2];
uint8_t buf[SHA512_BLOCK_SIZE]; uint8_t buf[SHA512_BLOCK_SIZE];
} sha512_context; } sha512_context;
#endif
extern const uint8_t sha512_der_prefix[]; extern const uint8_t sha512_der_prefix[];

11
lib/Makefile
View file

@ -50,7 +50,6 @@ obj-$(CONFIG_XXHASH) += xxhash.o
obj-y += net_utils.o obj-y += net_utils.o
obj-$(CONFIG_PHYSMEM) += physmem.o obj-$(CONFIG_PHYSMEM) += physmem.o
obj-y += rc4.o obj-y += rc4.o
obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
obj-$(CONFIG_RBTREE) += rbtree.o obj-$(CONFIG_RBTREE) += rbtree.o
obj-$(CONFIG_BITREVERSE) += bitrev.o obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-y += list_sort.o obj-y += list_sort.o
@ -71,14 +70,16 @@ obj-$(CONFIG_$(SPL_TPL_)CRC16) += crc16.o
obj-y += crypto/ obj-y += crypto/
obj-$(CONFIG_$(SPL_TPL_)ACPI) += acpi/ obj-$(CONFIG_$(SPL_TPL_)ACPI) += acpi/
obj-$(CONFIG_$(SPL_)MD5) += md5.o
obj-$(CONFIG_ECDSA) += ecdsa/ obj-$(CONFIG_ECDSA) += ecdsa/
obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_$(SPL_)RSA) += rsa/
obj-$(CONFIG_HASH) += hash-checksum.o obj-$(CONFIG_HASH) += hash-checksum.o
obj-$(CONFIG_BLAKE2) += blake2/blake2b.o obj-$(CONFIG_BLAKE2) += blake2/blake2b.o
obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
obj-$(CONFIG_$(SPL_)SHA256) += sha256.o obj-$(CONFIG_$(SPL_)MD5_LEGACY) += md5.o
obj-$(CONFIG_$(SPL_)SHA512) += sha512.o obj-$(CONFIG_$(SPL_)SHA1_LEGACY) += sha1.o
obj-$(CONFIG_$(SPL_)SHA256_LEGACY) += sha256.o
obj-$(CONFIG_$(SPL_)SHA512_LEGACY) += sha512.o
obj-$(CONFIG_CRYPT_PW) += crypt/ obj-$(CONFIG_CRYPT_PW) += crypt/
obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o

91
lib/mbedtls/Kconfig
View file

@ -20,9 +20,100 @@ if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT
config LEGACY_CRYPTO_BASIC config LEGACY_CRYPTO_BASIC
bool "legacy basic crypto libraries" bool "legacy basic crypto libraries"
select MD5_LEGACY if MD5
select SHA1_LEGACY if SHA1
select SHA256_LEGACY if SHA256
select SHA512_LEGACY if SHA512
select SHA384_LEGACY if SHA384
select SPL_MD5_LEGACY if SPL_MD5
select SPL_SHA1_LEGACY if SPL_SHA1
select SPL_SHA256_LEGACY if SPL_SHA256
select SPL_SHA512_LEGACY if SPL_SHA512
select SPL_SHA384_LEGACY if SPL_SHA384
help help
Enable legacy basic crypto libraries. Enable legacy basic crypto libraries.
if LEGACY_CRYPTO_BASIC
config SHA1_LEGACY
bool "Enable SHA1 support with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SHA1
help
This option enables support of hashing using SHA1 algorithm
with legacy crypto library.
config SHA256_LEGACY
bool "Enable SHA256 support with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SHA256
help
This option enables support of hashing using SHA256 algorithm
with legacy crypto library.
config SHA512_LEGACY
bool "Enable SHA512 support with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SHA512
default y if TI_SECURE_DEVICE && FIT_SIGNATURE
help
This option enables support of hashing using SHA512 algorithm
with legacy crypto library.
config SHA384_LEGACY
bool "Enable SHA384 support with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SHA384
select SHA512_LEGACY
help
This option enables support of hashing using SHA384 algorithm
with legacy crypto library.
config MD5_LEGACY
bool "Enable MD5 support with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && MD5
help
This option enables support of hashing using MD5 algorithm
with legacy crypto library.
if SPL
config SPL_SHA1_LEGACY
bool "Enable SHA1 support in SPL with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
help
This option enables support of hashing using SHA1 algorithm
with legacy crypto library.
config SPL_SHA256_LEGACY
bool "Enable SHA256 support in SPL with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
help
This option enables support of hashing using SHA256 algorithm
with legacy crypto library.
config SPL_SHA512_LEGACY
bool "Enable SHA512 support in SPL with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
help
This option enables support of hashing using SHA512 algorithm
with legacy crypto library.
config SPL_SHA384_LEGACY
bool "Enable SHA384 support in SPL with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
select SPL_SHA512_LEGACY
help
This option enables support of hashing using SHA384 algorithm
with legacy crypto library.
config SPL_MD5_LEGACY
bool "Enable MD5 support in SPL with legacy crypto library"
depends on LEGACY_CRYPTO_BASIC && SPL_MD5
help
This option enables support of hashing using MD5 algorithm
with legacy crypto library.
endif # SPL
endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT config LEGACY_CRYPTO_CERT
bool "legacy certificate libraries" bool "legacy certificate libraries"
help help