From patchwork Mon Mar 22 13:33:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Alex G." X-Patchwork-Id: 1456561 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ZPtKGkw2; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4F3wSb130Gz9sWw for ; Tue, 23 Mar 2021 00:33:51 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CBBA9803AB; Mon, 22 Mar 2021 14:33:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ZPtKGkw2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AD4E980475; Mon, 22 Mar 2021 14:33:44 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oo1-xc35.google.com (mail-oo1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6341780200 for ; Mon, 22 Mar 2021 14:33:36 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-oo1-xc35.google.com with SMTP id c12-20020a4ae24c0000b02901bad05f40e4so4100633oot.4 for ; Mon, 22 Mar 2021 06:33:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5yubEt62ti7liHdTC+uuih3E6F+ndkWlXx/YgqTm0oI=; b=ZPtKGkw2uNRGuovWjRJh1cXiABeiaEv6C2KLwg6lfLIiqVNQ+oR9o13YpOz0KUn2Qy XcxzbZ+U7m3asUc6l4dOHgEgqsaGztQGF5t3l+ar48dON2nvUNrbYIDLX9QaBTtI9eLy kDj5tkxn5XF0D06pEoMgvYUsQGfsBpc4XJ8uZ1W2eMPU9vrSB34s3uRY+WejtazpD/eZ Vi5RqCb0HK8SoQVFnMmcb3nbZOTIoqWIhZCP9jW+dh6XzuHdEa3cQIsg0CVAIKLBEkiO pmkSicMI5s09IvWhVzRXJIsPu203JZKX04goUxmEOtTwnML8vt3PMlj6lyEiQ6ArOJFh WTEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5yubEt62ti7liHdTC+uuih3E6F+ndkWlXx/YgqTm0oI=; b=k89YSIAJoZffLrndSjae09KsLKBBqHgwW3vKtEjINjBA8dJscsJpBkm/xbFUQIkzCC 7Ihzp99dUvqmK+jDqDC2FfS8bqiGk+26ZHyUn9X8PLmDtK+XRJ1WQiKSnBo00hwNVX9T l02hCY66O9z14v73I7MmKrqbVaAm3jSFZ6VlxwDHxxDRpNX2uLVXfWVbM62M8ghSLQ+s wGywiaMpESXwAmmiAjM71BjxIAXK57AGSHHalszIQNLaTwzsFDRZRBiqcddzvgTlE5YM 2c558JgbfoW5GdeAzul/4PxY7Q2NU0CeXUgND24eFtqF8SPKzd5iQGC3DXnUIjiZkPs9 dKiQ== X-Gm-Message-State: AOAM5316LxkalUe0obr1SbfnbxwTXNK6iUoeK5z14D+Q3dyoKQUEpv36 eQeO1IOiAxtaPnqXevUT7kUdw+YMpsY= X-Google-Smtp-Source: ABdhPJxcTX+snZYksC7fedYK5bay//YaTuxAhWpQWLUJVSlYiF7zMfi0axHQwztUKS7hqL28YvAGiw== X-Received: by 2002:a05:6820:58:: with SMTP id v24mr11006680oob.55.1616420014492; Mon, 22 Mar 2021 06:33:34 -0700 (PDT) Received: from nuclearis2-1.lan (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id f192sm3164385oig.48.2021.03.22.06.33.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Mar 2021 06:33:34 -0700 (PDT) From: Alexandru Gagniuc To: u-boot@lists.denx.de, marex@denx.de Cc: Alexandru Gagniuc Subject: [PATCH] lib: Move selection of SPL hash algorithms from common/ Date: Mon, 22 Mar 2021 08:33:31 -0500 Message-Id: <20210322133331.1646575-1-mr.nuke.me@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean When God said, "May there be FIT signature verification in SPL", Chuck Norris said "SPL image too big". And then there was this patch. Enabling SPL_FIT_SIGNATURE increased the code size (armv7 platform) by about 16KiB, just enough to go over the SPL image limit. Of that: * .text.sha256_process 3.8 KiB * SHA1 implementation 4.4 KiB Although SHA1 wasn't required, it could not be disabled. The hash algorithms are implemented in lib/, as is their Kconfig selection for u-boot main. However, Kconfig selection for SPL is implemented in common/. To put it mildly, this is inconsistent. MD5 selection, on the other hand, does not have this problem. Moving the SPL hash switches to lib/ solves half the problem. They have to be renamed from SPL__SUPPORT to SPL_ to make them work elegantly with the CONFIG_IS_ENABLED() macro. The second half of the problem is not referencing the symbols when is disabled. Unfortunately, this requires some more The above #ifdef problem could be solved in several ways. One way could be to move the hash handlers to linker lists. This, however, won't work for userspace tools (mkimage), as they don't implement custom linker scripts. One could implement a _register() function for this case, and manually register all hashes. However, this is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc --- This is designed to apply on top of the following series: * [PATCH v6 00/11] Add support for ECDSA image signing common/hash.c | 4 ++-- common/image-sig.c | 8 +++++-- common/spl/Kconfig | 54 ---------------------------------------------- include/image.h | 12 +++++------ lib/Kconfig | 39 +++++++++++++++++++++++++++++++++ lib/Makefile | 6 +++--- 6 files changed, 56 insertions(+), 67 deletions(-) diff --git a/common/hash.c b/common/hash.c index fc64002f73..dbce70e89b 100644 --- a/common/hash.c +++ b/common/hash.c @@ -41,7 +41,7 @@ DECLARE_GLOBAL_DATA_PTR; static void reloc_update(void); -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if IMAGE_ENABLE_SHA1 && !defined(CONFIG_SHA_PROG_HW_ACCEL) static int hash_init_sha1(struct hash_algo *algo, void **ctxp) { sha1_context *ctx = malloc(sizeof(sha1_context)); @@ -213,7 +213,7 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, * Note that algorithm names must be in lower case. */ static struct hash_algo hash_algo[] = { -#ifdef CONFIG_SHA1 +#if IMAGE_ENABLE_SHA1 { .name = "sha1", .digest_size = SHA1_SUM_LEN, diff --git a/common/image-sig.c b/common/image-sig.c index 0f8e592aba..dbef978bef 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -23,6 +23,7 @@ DECLARE_GLOBAL_DATA_PTR; #define IMAGE_MAX_HASHED_NODES 100 struct checksum_algo checksum_algos[] = { +#if IMAGE_ENABLE_SHA1 { .name = "sha1", .checksum_len = SHA1_SUM_LEN, @@ -33,6 +34,8 @@ struct checksum_algo checksum_algos[] = { #endif .calculate = hash_calculate, }, +#endif +#if IMAGE_ENABLE_SHA256 { .name = "sha256", .checksum_len = SHA256_SUM_LEN, @@ -43,7 +46,8 @@ struct checksum_algo checksum_algos[] = { #endif .calculate = hash_calculate, }, -#ifdef CONFIG_SHA384 +#endif +#if IMAGE_ENABLE_SHA384 { .name = "sha384", .checksum_len = SHA384_SUM_LEN, @@ -55,7 +59,7 @@ struct checksum_algo checksum_algos[] = { .calculate = hash_calculate, }, #endif -#ifdef CONFIG_SHA512 +#if IMAGE_ENABLE_SHA512 { .name = "sha512", .checksum_len = SHA512_SUM_LEN, diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 774541c02b..85c542e0e0 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -412,60 +412,6 @@ config SPL_CRC32_SUPPORT for detected accidental image corruption. For secure applications you should consider SHA1 or SHA256. -config SPL_MD5_SUPPORT - bool "Support MD5" - depends on SPL_FIT - help - Enable this to support MD5 in FIT images within SPL. An MD5 - checksum is a 128-bit hash value used to check that the image - contents have not been corrupted. Note that MD5 is not considered - secure as it is possible (with a brute-force attack) to adjust the - image while still retaining the same MD5 hash value. For secure - applications where images may be changed maliciously, you should - consider SHA256 or SHA384. - -config SPL_SHA1_SUPPORT - bool "Support SHA1" - depends on SPL_FIT - select SHA1 - help - Enable this to support SHA1 in FIT images within SPL. A SHA1 - checksum is a 160-bit (20-byte) hash value used to check that the - image contents have not been corrupted or maliciously altered. - While SHA1 is fairly secure it is coming to the end of its life - due to the expanding computing power available to brute-force - attacks. For more security, consider SHA256 or SHA384. - -config SPL_SHA256_SUPPORT - bool "Support SHA256" - depends on SPL_FIT - select SHA256 - help - Enable this to support SHA256 in FIT images within SPL. A SHA256 - checksum is a 256-bit (32-byte) hash value used to check that the - image contents have not been corrupted. - -config SPL_SHA384_SUPPORT - bool "Support SHA384" - depends on SPL_FIT - select SHA384 - select SHA512_ALGO - help - Enable this to support SHA384 in FIT images within SPL. A SHA384 - checksum is a 384-bit (48-byte) hash value used to check that the - image contents have not been corrupted. Use this for the highest - security. - -config SPL_SHA512_SUPPORT - bool "Support SHA512" - depends on SPL_FIT - select SHA512 - select SHA512_ALGO - help - Enable this to support SHA512 in FIT images within SPL. A SHA512 - checksum is a 512-bit (64-byte) hash value used to check that the - image contents have not been corrupted. - config SPL_FIT_IMAGE_TINY bool "Remove functionality from SPL FIT loading to reduce size" depends on SPL_FIT diff --git a/include/image.h b/include/image.h index b5bcf08e61..f85e935f0c 100644 --- a/include/image.h +++ b/include/image.h @@ -62,13 +62,13 @@ struct fdt_region; #include #include # ifdef CONFIG_SPL_BUILD -# ifdef CONFIG_SPL_CRC32_SUPPORT +# ifdef CONFIG_SPL_CRC32 # define IMAGE_ENABLE_CRC32 1 # endif -# ifdef CONFIG_SPL_MD5_SUPPORT +# ifdef CONFIG_SPL_MD5 # define IMAGE_ENABLE_MD5 1 # endif -# ifdef CONFIG_SPL_SHA1_SUPPORT +# ifdef CONFIG_SPL_SHA1 # define IMAGE_ENABLE_SHA1 1 # endif # else @@ -90,21 +90,21 @@ struct fdt_region; #endif #if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ - defined(CONFIG_SPL_SHA256_SUPPORT) + defined(CONFIG_SPL_SHA256) #define IMAGE_ENABLE_SHA256 1 #else #define IMAGE_ENABLE_SHA256 0 #endif #if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \ - defined(CONFIG_SPL_SHA384_SUPPORT) + defined(CONFIG_SPL_SHA384) #define IMAGE_ENABLE_SHA384 1 #else #define IMAGE_ENABLE_SHA384 0 #endif #if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \ - defined(CONFIG_SPL_SHA512_SUPPORT) + defined(CONFIG_SPL_SHA512_ALGO) #define IMAGE_ENABLE_SHA512 1 #else #define IMAGE_ENABLE_SHA512 0 diff --git a/lib/Kconfig b/lib/Kconfig index 7288340614..8222120cf2 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -357,6 +357,18 @@ config SHA1 The SHA1 algorithm produces a 160-bit (20-byte) hash value (digest). + config SPL_SHA1 + bool "Support SHA1 in SPL" + default y if SHA1 + help + Enable this to support SHA1 in FIT images within SPL. A SHA1 + checksum is a 160-bit (20-byte) hash value used to check that the + image contents have not been corrupted or maliciously altered. + While SHA1 is fairly secure it is coming to the end of its life + due to the expanding computing power available to brute-force + attacks. For more security, consider SHA256 or SHA384. + + config SHA256 bool "Enable SHA256 support" help @@ -365,6 +377,14 @@ config SHA256 The SHA256 algorithm produces a 256-bit (32-byte) hash value (digest). +config SPL_SHA256 + bool "Support SHA256 in SPL" + default y if SHA256 + help + Enable this to support SHA256 in FIT images within SPL. A SHA256 + checksum is a 256-bit (32-byte) hash value used to check that the + image contents have not been corrupted. + config SHA512_ALGO bool "Enable SHA512 algorithm" help @@ -379,6 +399,15 @@ config SHA512 The SHA512 algorithm produces a 512-bit (64-byte) hash value (digest). +config SPL_SHA512_ALGO + bool "Support SHA512 in SPL" + default y if SHA512 + help + Enable this to support SHA512 in FIT images within SPL. A SHA512 + checksum is a 512-bit (64-byte) hash value used to check that the + image contents have not been corrupted. + + config SHA384 bool "Enable SHA384 support" depends on SHA512_ALGO @@ -388,6 +417,16 @@ config SHA384 The SHA384 algorithm produces a 384-bit (48-byte) hash value (digest). +config SPL_SHA384 + bool "Support SHA384 in SPL" + depends on SPL_SHA512_ALGO + default y if SHA384 + help + Enable this to support SHA384 in FIT images within SPL. A SHA384 + checksum is a 384-bit (48-byte) hash value used to check that the + image contents have not been corrupted. Use this for the highest + security. + config SHA_HW_ACCEL bool "Enable hashing using hardware" help diff --git a/lib/Makefile b/lib/Makefile index 1d4b7d3aad..382a537709 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,9 +61,9 @@ obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o -obj-$(CONFIG_SHA1) += sha1.o -obj-$(CONFIG_SHA256) += sha256.o -obj-$(CONFIG_SHA512_ALGO) += sha512.o +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o +obj-$(CONFIG_$(SPL_)SHA512_ALGO) += sha512.o obj-$(CONFIG_$(SPL_)ZLIB) += zlib/ obj-$(CONFIG_$(SPL_)ZSTD) += zstd/