diff options
| author | Rouven Czerwinski <r.czerwinski@pengutronix.de> | 2019-08-06 07:11:00 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-07 09:42:15 +0200 |
| commit | a3a1b708ee192d02603f615d08bfa934ed9464ea (patch) | |
| tree | 220176daae30d784f6b86f56d663e8fd70406b59 | |
| parent | 907a76d4eb2ad7e6850cc5fab1fa2cc8fb489aeb (diff) | |
| download | barebox-a3a1b708ee192d02603f615d08bfa934ed9464ea.tar.gz barebox-a3a1b708ee192d02603f615d08bfa934ed9464ea.tar.xz | |
pbl: add sha256 and piggy verification to PBL
Extract the necessary functions from sha256 into a PBL headder and add a
verification function to the PBL. The function will be called before the
individual architectures decompress functions is run.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
| -rw-r--r-- | crypto/Makefile | 2 | ||||
| -rw-r--r-- | crypto/sha2.c | 11 | ||||
| -rw-r--r-- | include/crypto/pbl-sha.h | 13 | ||||
| -rw-r--r-- | include/pbl.h | 2 | ||||
| -rw-r--r-- | pbl/Kconfig | 4 | ||||
| -rw-r--r-- | pbl/decomp.c | 39 |
6 files changed, 67 insertions, 4 deletions
diff --git a/crypto/Makefile b/crypto/Makefile index 3402f57255..d6fb74aad9 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -8,6 +8,8 @@ obj-$(CONFIG_DIGEST_MD5_GENERIC) += md5.o obj-$(CONFIG_DIGEST_SHA1_GENERIC) += sha1.o obj-$(CONFIG_DIGEST_SHA224_GENERIC) += sha2.o obj-$(CONFIG_DIGEST_SHA256_GENERIC) += sha2.o +pbl-$(CONFIG_PBL_VERIFY_PIGGY) += sha2.o +pbl-$(CONFIG_PBL_VERIFY_PIGGY) += digest.o obj-$(CONFIG_DIGEST_SHA384_GENERIC) += sha4.o obj-$(CONFIG_DIGEST_SHA512_GENERIC) += sha4.o diff --git a/crypto/sha2.c b/crypto/sha2.c index c62ddb8d25..3947a09f41 100644 --- a/crypto/sha2.c +++ b/crypto/sha2.c @@ -27,6 +27,7 @@ #include <crypto/sha.h> #include <crypto/internal.h> +#include <crypto/pbl-sha.h> static inline u32 Ch(u32 x, u32 y, u32 z) { @@ -232,7 +233,7 @@ static int sha224_init(struct digest *desc) return 0; } -static int sha256_init(struct digest *desc) +int sha256_init(struct digest *desc) { struct sha256_state *sctx = digest_ctx(desc); sctx->state[0] = SHA256_H0; @@ -248,7 +249,7 @@ static int sha256_init(struct digest *desc) return 0; } -static int sha256_update(struct digest *desc, const void *data, +int sha256_update(struct digest *desc, const void *data, unsigned long len) { struct sha256_state *sctx = digest_ctx(desc); @@ -280,7 +281,7 @@ static int sha256_update(struct digest *desc, const void *data, return 0; } -static int sha256_final(struct digest *desc, u8 *out) +int sha256_final(struct digest *desc, u8 *out) { struct sha256_state *sctx = digest_ctx(desc); __be32 *dst = (__be32 *)out; @@ -348,7 +349,7 @@ static int sha224_digest_register(void) } device_initcall(sha224_digest_register); -static struct digest_algo m256 = { +struct digest_algo m256 = { .base = { .name = "sha256", .driver_name = "sha256-generic", @@ -365,6 +366,7 @@ static struct digest_algo m256 = { .ctx_length = sizeof(struct sha256_state), }; +#ifndef __PBL__ static int sha256_digest_register(void) { if (!IS_ENABLED(CONFIG_SHA256)) @@ -373,3 +375,4 @@ static int sha256_digest_register(void) return digest_algo_register(&m256); } coredevice_initcall(sha256_digest_register); +#endif /* __PBL__ */ diff --git a/include/crypto/pbl-sha.h b/include/crypto/pbl-sha.h new file mode 100644 index 0000000000..7d323ab479 --- /dev/null +++ b/include/crypto/pbl-sha.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __PBL_SHA_H_ + +#define __PBL_SHA_H_ + +#include <digest.h> +#include <types.h> + +int sha256_init(struct digest *desc); +int sha256_update(struct digest *desc, const void *data, unsigned long len); +int sha256_final(struct digest *desc, u8 *out); + +#endif /* __PBL-SHA_H_ */ diff --git a/include/pbl.h b/include/pbl.h index 787bd8293f..1917a7633f 100644 --- a/include/pbl.h +++ b/include/pbl.h @@ -11,6 +11,8 @@ extern unsigned long free_mem_ptr; extern unsigned long free_mem_end_ptr; void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len); +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, + unsigned int hash_len); #ifdef __PBL__ #define IN_PBL 1 diff --git a/pbl/Kconfig b/pbl/Kconfig index f2250dd73b..7e6077f96d 100644 --- a/pbl/Kconfig +++ b/pbl/Kconfig @@ -44,6 +44,10 @@ config PBL_RELOCATABLE This option only inflluences the PBL image. See RELOCATABLE to also make the real image relocatable. +config PBL_VERIFY_PIGGY + depends on ARM + bool + config IMAGE_COMPRESSION bool depends on HAVE_IMAGE_COMPRESSION diff --git a/pbl/decomp.c b/pbl/decomp.c index 72a162309a..ef713a6c74 100644 --- a/pbl/decomp.c +++ b/pbl/decomp.c @@ -6,6 +6,10 @@ */ #include <common.h> +#include <crypto/sha.h> +#include <crypto/pbl-sha.h> +#include <digest.h> +#include <asm/sections.h> #include <pbl.h> #include <debug_ll.h> @@ -54,3 +58,38 @@ void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len NULL, NULL, dest, NULL, errorfn); } + +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash, + unsigned int hash_len) +{ + struct sha256_state sha_state = { 0 }; + struct digest d = { .ctx = &sha_state }; + char computed_hash[SHA256_DIGEST_SIZE]; + int i; + char *char_hash = hash; + + if (hash_len != SHA256_DIGEST_SIZE) + return -1; + + sha256_init(&d); + sha256_update(&d, compressed_start, len); + sha256_final(&d, computed_hash); + if (IS_ENABLED(CONFIG_DEBUG_LL)) { + putc_ll('C'); + putc_ll('H'); + putc_ll('\n'); + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { + puthex_ll(computed_hash[i]); + putc_ll('\n'); + } + putc_ll('I'); + putc_ll('H'); + putc_ll('\n'); + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { + puthex_ll(char_hash[i]); + putc_ll('\n'); + } + } + + return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE); +} |