The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.
Signed-off-by: Tom Rini <trini@konsulko.com>
This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.
This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash. This is exposed by vboot_test.sh.
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
!USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>
Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.
Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.
Once we have md5 supported within hashing, we can use this function in
the FIT image code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.
Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).
Signed-off-by: Simon Glass <sjg@chromium.org>
Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.
Signed-off-by: Simon Glass <sjg@chromium.org>
We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.
Signed-off-by: Simon Glass <sjg@chromium.org>