rsa: Use checksum algorithms from struct hash_algo

Currently the hash functions used in RSA are called directly from the sha1 and sha256 libraries. Change the RSA checksum library to use the progressive hash API's registered with struct hash_algo. This will allow the checksum library to use the hardware accelerated progressive hash API's once available. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM) Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54

rsa: Use checksum algorithms from struct hash_algo
b37b46f0 · Ruchika Gupta · Simon Glass · 2dd90027 · b37b46f0 · b37b46f0
Commit b37b46f0 authored 10 years ago by Ruchika Gupta Committed by Simon Glass 10 years ago
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -38,7 +38,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
 		EVP_sha1,
 #endif
-		sha1_calculate,
+		hash_calculate,
 		padding_sha1_rsa2048,
 	},
 	{
@@ -48,7 +48,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
-		sha256_calculate,
+		hash_calculate,
 		padding_sha256_rsa2048,
 	},
 	{
@@ -58,7 +58,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
-		sha256_calculate,
+		hash_calculate,
 		padding_sha256_rsa4096,
 	}

--- a/include/configs/ti_am335x_common.h
+++ b/include/configs/ti_am335x_common.h
@@ -20,7 +20,9 @@
 #define CONFIG_SPL_AM33XX_ENABLE_RTC32K_OSC
 #ifndef CONFIG_SPL_BUILD
+#ifndef CONFIG_DM
 # define CONFIG_DM
+#endif
 # define CONFIG_CMD_DM
 # define CONFIG_DM_GPIO
 # define CONFIG_DM_SERIAL

--- a/include/image.h
+++ b/include/image.h
@@ -927,8 +927,9 @@ struct checksum_algo {
 #if IMAGE_ENABLE_SIGN
 	const EVP_MD *(*calculate_sign)(void);
 #endif
-	void (*calculate)(const struct image_region region[],
+	int (*calculate)(const char *name,
-			  int region_count, uint8_t *checksum);
+			 const struct image_region region[],
+			 int region_count, uint8_t *checksum);
 	const uint8_t *rsa_padding;
 };

--- a/include/u-boot/rsa-checksum.h
+++ b/include/u-boot/rsa-checksum.h
@@ -16,9 +16,18 @@ extern const uint8_t padding_sha256_rsa4096[];
 extern const uint8_t padding_sha256_rsa2048[];
 extern const uint8_t padding_sha1_rsa2048[];
-void sha256_calculate(const struct image_region region[], int region_count,
+/**
-		      uint8_t *checksum);
+ * hash_calculate() - Calculate hash over the data
-void sha1_calculate(const struct image_region region[], int region_count,
+ *
-		    uint8_t *checksum);
+ * @name:  Name of algorithm to be used for hash calculation
+ * @region: Array having info of regions over which hash needs to be calculated
+ * @region_count: Number of regions in the region array
+ * @checksum: Buffer contanining the output hash
+ *
+ * @return 0 if OK, < 0 if error
+ */
+int hash_calculate(const char *name,
+		   const struct image_region region[], int region_count,
+		   uint8_t *checksum);
 #endif
--- a/lib/rsa/rsa-checksum.c
+++ b/lib/rsa/rsa-checksum.c
@@ -10,12 +10,13 @@
 #include <asm/byteorder.h>
 #include <asm/errno.h>
 #include <asm/unaligned.h>
+#include <hash.h>
 #else
 #include "fdt_host.h"
-#endif
-#include <u-boot/rsa.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#endif
+#include <u-boot/rsa.h>
 /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
@@ -136,28 +137,37 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
 	0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
 };
-void sha1_calculate(const struct image_region region[], int region_count,
+int hash_calculate(const char *name,
-		    uint8_t *checksum)
+		    const struct image_region region[],
+		    int region_count, uint8_t *checksum)
 {
-	sha1_context ctx;
+	struct hash_algo *algo;
+	int ret = 0;
+	void *ctx;
 	uint32_t i;
 	i = 0;
-	sha1_starts(&ctx);
+	ret = hash_progressive_lookup_algo(name, &algo);
-	for (i = 0; i < region_count; i++)
+	if (ret)
-		sha1_update(&ctx, region[i].data, region[i].size);
+		return ret;
-	sha1_finish(&ctx, checksum);
-}
-void sha256_calculate(const struct image_region region[], int region_count,
+	ret = algo->hash_init(algo, &ctx);
-		      uint8_t *checksum)
+	if (ret)
-{
+		return ret;
-	sha256_context ctx;
-	uint32_t i;
+	for (i = 0; i < region_count - 1; i++) {
-	i = 0;
+		ret = algo->hash_update(algo, ctx, region[i].data,
+					region[i].size, 0);
+		if (ret)
+			return ret;
+	}
+	ret = algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
+	if (ret)
+		return ret;
+	ret = algo->hash_finish(algo, ctx, checksum, algo->digest_size);
+	if (ret)
+		return ret;
-	sha256_starts(&ctx);
+	return 0;
-	for (i = 0; i < region_count; i++)
-		sha256_update(&ctx, region[i].data, region[i].size);
-	sha256_finish(&ctx, checksum);
 }
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -184,7 +184,12 @@ int rsa_verify(struct image_sign_info *info,
 	}
 	/* Calculate checksum with checksum-algorithm */
-	info->algo->checksum->calculate(region, region_count, hash);
+	ret = info->algo->checksum->calculate(info->algo->checksum->name,
+					region, region_count, hash);
+	if (ret < 0) {
+		debug("%s: Error in checksum calculation\n", __func__);
+		return -EINVAL;
+	}
 	/* See if we must use a particular key */
 	if (info->required_keynode != -1) {