Commit graph

28 commits

Author SHA1 Message Date
Breno Lima
d7af2baa49 crypto/fsl: Fix HW accelerated hash commands
The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc7 ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-01-23 11:21:20 -08:00
Tom Rini
78eda89e9a hash: Compile only hardware or software versions of SHA algorithms
Commit 089df18bfe ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default.  But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K.  Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options.  Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>
2017-08-20 09:53:13 -04:00
Simon Glass
00caae6d47 env: Rename getenv/_f() to env_get()
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
2017-08-16 08:30:24 -04:00
Simon Glass
382bee57f1 env: Rename setenv() to env_set()
We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
2017-08-16 08:22:18 -04:00
Daniel Thompson
221a949eb6 Kconfig: Finish migration of hashing commands
Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way.  As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
        migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-05-31 19:38:14 -04:00
Simon Glass
d70f919e49 Kconfig: Add CONFIG_HASH to enable hashing API
At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2017-05-22 12:38:22 -04:00
Masahiro Yamada
1221ce459d treewide: replace #include <asm/errno.h> with <linux/errno.h>
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content.  (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-23 17:55:42 -04:00
Tom Rini
48ad68deb8 hash.c: Conditionally compile hash_command, static hash_show
The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h).  We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set.  Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>
2016-01-13 21:05:08 -05:00
Stefan Roese
8f0b1e24e2 autoboot.c: Add feature to stop autobooting via SHA256 encrypted password
This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
     CONFIG_AUTOBOOT_KEYED
     CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-06-08 17:32:40 -04:00
Joe Hershberger
0eb25b6196 common: Make sure arch-specific map_sysmem() is defined
In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-04-18 11:11:09 -06:00
gaurav rana
94e3c8c4fd crypto/fsl - Add progressive hashing support using hardware acceleration.
Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-25 13:20:02 -08:00
Ruchika Gupta
2dd9002719 Use hash.c in mkimage
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:59 -07:00
Ruchika Gupta
46fe2c0444 hash: Add function to find hash_algo struct with progressive hash
The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:59 -07:00
Nikolay Dimitrov
3ef46a998a Fix hash verification
Fix issue in parse_verify_sum() which swaps handling of env-var and *address.
Move hash_command() argc check earlier.
Cosmetic change on do_hash() variable declaration.
Improved help message for "hash" command.

Signed-off-by: Nikolay Dimitrov <picmaster@mail.bg>
Reviewed-by: Simon Glass <sjg@chromium.org>
2014-12-29 16:31:24 -05:00
Jeroen Hofstee
2b9912e6a7 includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19 11:19:04 -04:00
Simon Glass
04819a4ff1 hash: Use uint8_t in preference to u8
This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:55 -04:00
Jeroen Hofstee
8b9cc866c1 common: hash: zero end the string instead of the pointer
if algo->digest_size is zero nothing is set in the str_output
buffer. An attempt is made to zero end the buffer, but the
pointer to the buffer is set to zero instead. I am unaware if
it causes any actual problems, but solves the following warning:

common/hash.c:217:13: warning: expression which evaluates to zero treated as
a null pointer constant of type 'char *' [-Wnon-literal-null-conversion]
                str_ptr = '\0';
                          ^~~~

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-11 16:27:05 -04:00
Simon Glass
31890ae299 hash: Export the function to show a hash
This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Hung-ying Tyan
bf007ebb6f gen: Add progressive hash API
Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:36 -04:00
Tom Rini
4b756b013a hash.c: Correct non-hash subcommand crc32 addr-save support
In the case of not having CONFIG_CMD_HASH but having CONFIG_CMD_CRC32
enabled (and not CONFIG_CRC32_VERIFY), we end up in this part of the
code path on hash_command().  However, we will only have exactly 3 args
here, and 3 > 3 is false, and we will not try and store the hash at the
address given as arg #3.  The next problem however is that we've been
moving argv around so the third value is now in argv[0] not argv[3].

Confirmed on AM335x Beaglebone White.

Signed-off-by: Tom Rini <trini@ti.com>
2013-11-25 10:41:51 -05:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
6f907b422e hash: Add a way to calculate a hash for any algortihm
Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.

Once we have md5 supported within hashing, we can use this function in
the FIT image code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:24 -04:00
Akshay Saraswat
1f9c92808a gen: Add sha h/w acceleration to hash
Adding H/W acceleration support to hash which can be used
to test SHA 256 hash algorithm.

Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com>
Signed-off-by: Akshay Saraswat <akshay.s@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>
2013-03-29 20:10:42 +09:00
Simon Glass
218da0f35f hash: Use lower case for hash algorithm names
Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28 19:49:13 -08:00
Simon Glass
bd091b67d0 sandbox: Allow hash functions to work correctly
Use map_sysmem() so that hashing is possible on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28 19:49:13 -08:00
Simon Glass
d20a40de9d Roll crc32 into hash infrastructure
Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28 19:09:23 -08:00
Simon Glass
d5b76673a5 hash: Add a flag to support saving hashes in the environment
Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28 19:09:23 -08:00
Simon Glass
460408ef9a Add generic hash API
We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.

Signed-off-by: Simon Glass <sjg@chromium.org>
2012-12-11 13:17:34 -07:00