From patchwork Tue Jun  9 05:09:39 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: AKASHI Takahiro <takahiro.akashi@linaro.org>
X-Patchwork-Id: 1305565
X-Patchwork-Delegate: xypron.glpk@gmx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=kS5fzrOo;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49gysp5Wr4z9sRK
	for <incoming@patchwork.ozlabs.org>; Tue,  9 Jun 2020 15:12:14 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 93512819B8;
	Tue,  9 Jun 2020 07:11:00 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.b="kS5fzrOo";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id A0A0D819B8; Tue,  9 Jun 2020 07:10:56 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham
 autolearn_force=no version=3.4.2
Received: from mail-pg1-x544.google.com (mail-pg1-x544.google.com
 [IPv6:2607:f8b0:4864:20::544])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 49EAA81777
 for <u-boot@lists.denx.de>; Tue,  9 Jun 2020 07:10:51 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pg1-x544.google.com with SMTP id d10so9800098pgn.4
 for <u-boot@lists.denx.de>; Mon, 08 Jun 2020 22:10:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=OyxGH40phrwlX/Tv64sFWVAHSWRgiGeh3M0wSH3JFZY=;
 b=kS5fzrOoUZplRDg6yw2NtiXcSEWHdJXabSOMMmxYx2XJ8qh6GfiDHQ31c+r3gbgGXi
 DPsDu5y/m978iykSl9KLa77MPgYNGB5FORKHQxiMg6RPRFYNVOX0FD6LM4mO6NC+LBY0
 t2RHXkS2yxQKzVO9BA64DxICcouz9e7oWQ3EDUX9UT6huirkYgQYY3XC06p0MGKQaYCC
 PXX0+xTjizNi3VhiBZMf7KqQ4uO/stQAXk5VdXgPIvr3AaVEwcXo6QCEoEw/Nmjgd8+U
 4Eq4IABesny/TEhCn+Xnd/Y0c6e7Rr3VQ7OaKfVb93d+kiCbG2yDXnYXm7W00IuSDsiq
 fKlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=OyxGH40phrwlX/Tv64sFWVAHSWRgiGeh3M0wSH3JFZY=;
 b=O9Gx5Q6uU1iTpUh7MGRRJohYIrhUOig7PENkXZTvxQ8lRQVx/NQPMTjE7dRXIqEVcv
 zJgDzTVI3J1qST4BPA4B1kfwPIDVCbLzhULOlJUoq1Fflwe60D5itztoBqJRmb6xBJKp
 +4P5c6k5Sc3bfOwIXw7jT/97vtV7vVK5GVqtsS6+cGQ6hLYsA9C/DIj7O3Zjm+L2o7b6
 hs1Eg3aDgkLXqh6/f4lv6Kuz/3uQ2k9OVsJPdtQPbJmcSvdmem0oxECscCwhUot19HzC
 HQfd1tv8dUuT5b4/gNy4PgIYoTcnzO1U+HxrRMq5nlFITPfShAgYhpEj/LMmAGtP7xmN
 dUDA==
X-Gm-Message-State: AOAM531t3Cl9JIdpIIVbwCqCYBsyp3zvzezzpbTgpcYK/a1GXDG0Eqne
 zzFSF3B8C/6rfKH0DXTSVw2dng==
X-Google-Smtp-Source: 
 ABdhPJxqpSGwO+nc4db6rFSH/hWGi5k/Oy7I/T8FdfRijpOHXIeALVbWt2l+wdZp26Ph0iTGOBfLzw==
X-Received: by 2002:a63:5b63:: with SMTP id l35mr22597644pgm.34.1591679449769;
 Mon, 08 Jun 2020 22:10:49 -0700 (PDT)
Received: from localhost.localdomain (p6e421564.tkyea130.ap.so-net.ne.jp.
 [110.66.21.100])
 by smtp.gmail.com with ESMTPSA id p11sm8958611pfq.10.2020.06.08.22.10.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 08 Jun 2020 22:10:49 -0700 (PDT)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: xypron.glpk@gmx.de,
	agraf@csgraf.de
Cc: sughosh.ganu@linaro.org, mail@patrick-wildt.de, u-boot@lists.denx.de,
 AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH v2 09/17] efi_loader: signature: make efi_hash_regions more
 generic
Date: Tue,  9 Jun 2020 14:09:39 +0900
Message-Id: <20200609050947.17861-10-takahiro.akashi@linaro.org>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200609050947.17861-1-takahiro.akashi@linaro.org>
References: <20200609050947.17861-1-takahiro.akashi@linaro.org>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.30rc1
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de
X-Virus-Status: Clean

There are a couple of occurrences of hash calculations in which a new
efi_hash_regions will be commonly used.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 lib/efi_loader/efi_signature.c | 44 +++++++++++++---------------------
 1 file changed, 16 insertions(+), 28 deletions(-)

diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index f22dc151971f..03080bc0b11c 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -30,6 +30,7 @@ const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
 /**
  * efi_hash_regions - calculate a hash value
  * @regs:	List of regions
+ * @count:	Number of regions
  * @hash:	Pointer to a pointer to buffer holding a hash value
  * @size:	Size of buffer to be returned
  *
@@ -37,18 +38,20 @@ const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
  *
  * Return:	true on success, false on error
  */
-static bool efi_hash_regions(struct efi_image_regions *regs, void **hash,
-			     size_t *size)
+static bool efi_hash_regions(struct image_region *regs, int count,
+			     void **hash, size_t *size)
 {
-	*size = 0;
-	*hash = calloc(1, SHA256_SUM_LEN);
 	if (!*hash) {
-		EFI_PRINT("Out of memory\n");
-		return false;
+		*hash = calloc(1, SHA256_SUM_LEN);
+		if (!*hash) {
+			EFI_PRINT("Out of memory\n");
+			return false;
+		}
 	}
-	*size = SHA256_SUM_LEN;
+	if (size)
+		*size = SHA256_SUM_LEN;
 
-	hash_calculate("sha256", regs->reg, regs->num, *hash);
+	hash_calculate("sha256", regs, count, *hash);
 #ifdef DEBUG
 	EFI_PRINT("hash calculated:\n");
 	print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
@@ -73,26 +76,10 @@ static bool efi_hash_msg_content(struct pkcs7_message *msg, void **hash,
 {
 	struct image_region regtmp;
 
-	*size = 0;
-	*hash = calloc(1, SHA256_SUM_LEN);
-	if (!*hash) {
-		EFI_PRINT("Out of memory\n");
-		free(msg);
-		return false;
-	}
-	*size = SHA256_SUM_LEN;
-
 	regtmp.data = msg->data;
 	regtmp.size = msg->data_len;
 
-	hash_calculate("sha256", &regtmp, 1, *hash);
-#ifdef DEBUG
-	EFI_PRINT("hash calculated based on contentInfo:\n");
-	print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
-		       *hash, SHA256_SUM_LEN, false);
-#endif
-
-	return true;
+	return efi_hash_regions(&regtmp, 1, hash, size);
 }
 
 /**
@@ -170,9 +157,10 @@ static bool efi_signature_verify(struct efi_image_regions *regs,
 			       false);
 #endif
 		/* against contentInfo first */
+		hash = NULL;
 		if ((msg->data && efi_hash_msg_content(msg, &hash, &size)) ||
 				/* for signed image */
-		    efi_hash_regions(regs, &hash, &size)) {
+		    efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
 				/* for authenticated variable */
 			if (ps_info->msgdigest_len != size ||
 			    memcmp(hash, ps_info->msgdigest, size)) {
@@ -240,7 +228,7 @@ bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 		  regs, signed_info, siglist, valid_cert);
 
 	if (!signed_info) {
-		void *hash;
+		void *hash = NULL;
 		size_t size;
 
 		EFI_PRINT("%s: unsigned image\n", __func__);
@@ -254,7 +242,7 @@ bool efi_signature_verify_with_list(struct efi_image_regions *regs,
 			goto out;
 		}
 
-		if (!efi_hash_regions(regs, &hash, &size)) {
+		if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
 			EFI_PRINT("Digesting unsigned image failed\n");
 			goto out;
 		}