From a3a1b708ee192d02603f615d08bfa934ed9464ea Mon Sep 17 00:00:00 2001
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Date: Tue, 6 Aug 2019 07:11:00 +0200
Subject: pbl: add sha256 and piggy verification to PBL

Extract the necessary functions from sha256 into a PBL headder and add a
verification function to the PBL. The function will be called before the
individual architectures decompress functions is run.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 pbl/Kconfig  |  4 ++++
 pbl/decomp.c | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

(limited to 'pbl')

diff --git a/pbl/Kconfig b/pbl/Kconfig
index f2250dd73b..7e6077f96d 100644
--- a/pbl/Kconfig
+++ b/pbl/Kconfig
@@ -44,6 +44,10 @@ config PBL_RELOCATABLE
 	  This option only inflluences the PBL image. See RELOCATABLE to also make
 	  the real image relocatable.
 
+config PBL_VERIFY_PIGGY
+	depends on ARM
+	bool
+
 config IMAGE_COMPRESSION
 	bool
 	depends on HAVE_IMAGE_COMPRESSION
diff --git a/pbl/decomp.c b/pbl/decomp.c
index 72a162309a..ef713a6c74 100644
--- a/pbl/decomp.c
+++ b/pbl/decomp.c
@@ -6,6 +6,10 @@
  */
 
 #include <common.h>
+#include <crypto/sha.h>
+#include <crypto/pbl-sha.h>
+#include <digest.h>
+#include <asm/sections.h>
 #include <pbl.h>
 #include <debug_ll.h>
 
@@ -54,3 +58,38 @@ void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len
 			NULL, NULL,
 			dest, NULL, errorfn);
 }
+
+int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
+		       unsigned int hash_len)
+{
+	struct sha256_state sha_state = { 0 };
+	struct digest d = { .ctx = &sha_state };
+	char computed_hash[SHA256_DIGEST_SIZE];
+	int i;
+	char *char_hash = hash;
+
+	if (hash_len != SHA256_DIGEST_SIZE)
+		return -1;
+
+	sha256_init(&d);
+	sha256_update(&d, compressed_start, len);
+	sha256_final(&d, computed_hash);
+	if (IS_ENABLED(CONFIG_DEBUG_LL)) {
+		putc_ll('C');
+		putc_ll('H');
+		putc_ll('\n');
+		for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
+			puthex_ll(computed_hash[i]);
+			putc_ll('\n');
+		}
+		putc_ll('I');
+		putc_ll('H');
+		putc_ll('\n');
+		for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
+			puthex_ll(char_hash[i]);
+			putc_ll('\n');
+		}
+	}
+
+	return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE);
+}
-- 
cgit v1.2.3