From patchwork Tue Dec 30 09:30:16 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ruchika Gupta <ruchika.gupta@freescale.com>
X-Patchwork-Id: 424595
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id 8C08814009B
	for <incoming@patchwork.ozlabs.org>;
	Tue, 30 Dec 2014 20:33:39 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 508754B632;
	Tue, 30 Dec 2014 10:33:38 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id IvbzhqNjqWNU; Tue, 30 Dec 2014 10:33:38 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id C7C3A4B622;
	Tue, 30 Dec 2014 10:33:37 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 73CFB4B679
	for <u-boot@lists.denx.de>; Tue, 30 Dec 2014 10:32:47 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Uw247ZG6xMDi for <u-boot@lists.denx.de>;
	Tue, 30 Dec 2014 10:32:47 +0100 (CET)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from na01-bn1-obe.outbound.protection.outlook.com
	(mail-bn1on0148.outbound.protection.outlook.com [157.56.110.148])
	by theia.denx.de (Postfix) with ESMTPS id 485314B64D
	for <u-boot@lists.denx.de>; Tue, 30 Dec 2014 10:32:19 +0100 (CET)
Received: from BN3PR0301CA0042.namprd03.prod.outlook.com (25.160.180.180) by
	BY1PR0301MB1288.namprd03.prod.outlook.com (25.161.206.146) with
	Microsoft
	SMTP Server (TLS) id 15.1.49.12; Tue, 30 Dec 2014 09:32:16 +0000
Received: from BN1BFFO11FD014.protection.gbl (2a01:111:f400:7c10::1:133) by
	BN3PR0301CA0042.outlook.office365.com (2a01:111:e400:4000::52) with
	Microsoft SMTP Server (TLS) id 15.1.49.12 via Frontend Transport;
	Tue, 30 Dec 2014 09:32:15 +0000
Received: from az84smr01.freescale.net (192.88.158.2) by
	BN1BFFO11FD014.mail.protection.outlook.com (10.58.144.77) with
	Microsoft SMTP Server (TLS) id 15.1.49.13 via Frontend Transport;
	Tue, 30 Dec 2014 09:32:15 +0000
Received: from perf-idc04.ap.freescale.net (perf-idc04.ap.freescale.net
	[10.232.14.49])
	by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id
	sBU9Vbql028596; Tue, 30 Dec 2014 02:32:12 -0700
From: Ruchika Gupta <ruchika.gupta@freescale.com>
To: <u-boot@lists.denx.de>, <yorksun@freescale.com>
Date: Tue, 30 Dec 2014 15:00:16 +0530
Message-ID: <1419931816-19485-9-git-send-email-ruchika.gupta@freescale.com>
X-Mailer: git-send-email 1.8.1.4
In-Reply-To: <1419931816-19485-1-git-send-email-ruchika.gupta@freescale.com>
References: <1419931816-19485-1-git-send-email-ruchika.gupta@freescale.com>
X-EOPAttributedMessage: 0
Received-SPF: Fail (protection.outlook.com: domain of freescale.com does not
	designate 192.88.158.2 as permitted sender)
	receiver=protection.outlook.com;
	client-ip=192.88.158.2; helo=az84smr01.freescale.net;
Authentication-Results: spf=fail (sender IP is 192.88.158.2)
	smtp.mailfrom=ruchika.gupta@freescale.com;
X-Forefront-Antispam-Report: CIP:192.88.158.2; CTRY:US; IPV:NLI; EFV:NLI;
	SFV:NSPM;
	SFS:(10019020)(6009001)(339900001)(199003)(189002)(64706001)(47776003)(68736005)(77096005)(77156002)(92566001)(62966003)(31966008)(2950100001)(105606002)(50466002)(20776003)(84676001)(50986999)(76176999)(33646002)(19580405001)(229853001)(6806004)(97736003)(87936001)(21056001)(85426001)(50226001)(19580395003)(69596002)(99396003)(81156004)(4396001)(89996001)(575784001)(106466001)(36756003)(86362001)(107046002)(120916001)(104016003)(48376002)(46102003);
	DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1288;
	H:az84smr01.freescale.net; FPR:; SPF:Fail; MLV:sfv;
	PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
MIME-Version: 1.0
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1288;
X-Forefront-PRVS: 04410E544A
X-OriginatorOrg: freescale.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Dec 2014 09:32:15.1547
	(UTC)
X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d;
	Ip=[192.88.158.2]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0301MB1288
Cc: Ruchika Gupta <ruchika.gupta@freescale.com>
Subject: [U-Boot] [PATCH 9/9] [v4] rsa: Use checksum algorithms from struct
	hash_algo
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de

Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
---
Changes in v4:
No changes in this patch. Still under discussion

Changes in v3:
Modified rsa-verify to check for return from checksum function

Changes in v2:
Added generic function hash_calculate. Pass an additional
argument as name of algorithm. 

 common/image-sig.c            |  6 ++---
 include/image.h               |  5 ++--
 include/u-boot/rsa-checksum.h | 17 ++++++++++----
 lib/rsa/rsa-checksum.c        | 53 +++++++++++++++++++++++++++++++++++++++----
 lib/rsa/rsa-verify.c          |  7 +++++-
 5 files changed, 74 insertions(+), 14 deletions(-)

diff --git a/common/image-sig.c b/common/image-sig.c
index 8601eda..2c9f0cd 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -38,7 +38,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
 		EVP_sha1,
 #endif
-		sha1_calculate,
+		hash_calculate,
 		padding_sha1_rsa2048,
 	},
 	{
@@ -48,7 +48,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
-		sha256_calculate,
+		hash_calculate,
 		padding_sha256_rsa2048,
 	},
 	{
@@ -58,7 +58,7 @@ struct checksum_algo checksum_algos[] = {
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
-		sha256_calculate,
+		hash_calculate,
 		padding_sha256_rsa4096,
 	}
 
diff --git a/include/image.h b/include/image.h
index af30d60..ec55f23 100644
--- a/include/image.h
+++ b/include/image.h
@@ -926,8 +926,9 @@ struct checksum_algo {
 #if IMAGE_ENABLE_SIGN
 	const EVP_MD *(*calculate_sign)(void);
 #endif
-	void (*calculate)(const struct image_region region[],
-			  int region_count, uint8_t *checksum);
+	int (*calculate)(const char *name,
+			 const struct image_region region[],
+			 int region_count, uint8_t *checksum);
 	const uint8_t *rsa_padding;
 };
 
diff --git a/include/u-boot/rsa-checksum.h b/include/u-boot/rsa-checksum.h
index c996fb3..3c69d85 100644
--- a/include/u-boot/rsa-checksum.h
+++ b/include/u-boot/rsa-checksum.h
@@ -16,9 +16,18 @@ extern const uint8_t padding_sha256_rsa4096[];
 extern const uint8_t padding_sha256_rsa2048[];
 extern const uint8_t padding_sha1_rsa2048[];
 
-void sha256_calculate(const struct image_region region[], int region_count,
-		      uint8_t *checksum);
-void sha1_calculate(const struct image_region region[], int region_count,
-		    uint8_t *checksum);
+/**
+ * hash_calculate() - Calculate hash over the data
+ *
+ * @name:  Name of algorithm to be used for hash calculation
+ * @region: Array having info of regions over which hash needs to be calculated
+ * @region_count: Number of regions in the region array
+ * @checksum: Buffer contanining the output hash
+ *
+ * @return 0 if OK, < 0 if error
+ */
+int hash_calculate(const char *name,
+		   const struct image_region region[], int region_count,
+		   uint8_t *checksum);
 
 #endif
diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
index 8d8b59f..7f1909a 100644
--- a/lib/rsa/rsa-checksum.c
+++ b/lib/rsa/rsa-checksum.c
@@ -10,12 +10,13 @@
 #include <asm/byteorder.h>
 #include <asm/errno.h>
 #include <asm/unaligned.h>
+#include <hash.h>
 #else
 #include "fdt_host.h"
-#endif
-#include <u-boot/rsa.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#endif
+#include <u-boot/rsa.h>
 
 /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
 
@@ -136,7 +137,33 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
 	0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
 };
 
-void sha1_calculate(const struct image_region region[], int region_count,
+#ifndef USE_HOSTCC
+int hash_calculate(const char *name,
+		    const struct image_region region[],
+		    int region_count, uint8_t *checksum)
+{
+	struct hash_algo *algo;
+	int ret = 0;
+	void *ctx;
+	uint32_t i;
+	i = 0;
+
+	ret = hash_progressive_lookup_algo(name, &algo);
+	if (ret)
+		return ret;
+
+	algo->hash_init(algo, &ctx);
+	for (i = 0; i < region_count - 1; i++)
+		algo->hash_update(algo, ctx, region[i].data, region[i].size, 0);
+
+	algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
+	algo->hash_finish(algo, ctx, checksum, algo->digest_size);
+
+	return 0;
+}
+
+#else
+int sha1_calculate(const struct image_region region[], int region_count,
 		    uint8_t *checksum)
 {
 	sha1_context ctx;
@@ -147,9 +174,11 @@ void sha1_calculate(const struct image_region region[], int region_count,
 	for (i = 0; i < region_count; i++)
 		sha1_update(&ctx, region[i].data, region[i].size);
 	sha1_finish(&ctx, checksum);
+
+	return 0;
 }
 
-void sha256_calculate(const struct image_region region[], int region_count,
+int sha256_calculate(const struct image_region region[], int region_count,
 		      uint8_t *checksum)
 {
 	sha256_context ctx;
@@ -160,4 +189,20 @@ void sha256_calculate(const struct image_region region[], int region_count,
 	for (i = 0; i < region_count; i++)
 		sha256_update(&ctx, region[i].data, region[i].size);
 	sha256_finish(&ctx, checksum);
+
+	return 0;
 }
+
+int hash_calculate(const char *name,
+		   const struct image_region region[], int region_count,
+		   uint8_t *checksum)
+{
+	if (!strcmp(name, "sha1"))
+		sha1_calculate(region, region_count, checksum);
+
+	if (!strcmp(name, "sha256"))
+		sha256_calculate(region, region_count, checksum);
+
+	return 0;
+}
+#endif
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index af915d3..cf5acdf 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -201,7 +201,12 @@ int rsa_verify(struct image_sign_info *info,
 	}
 
 	/* Calculate checksum with checksum-algorithm */
-	info->algo->checksum->calculate(region, region_count, hash);
+	ret = info->algo->checksum->calculate(info->algo->checksum->name,
+					region, region_count, hash);
+	if (ret < 0) {
+		debug("%s: Error in checksum calculation\n", __func__);
+		return -EINVAL;
+	}
 
 	/* See if we must use a particular key */
 	if (info->required_keynode != -1) {