[v5,04/29] spl: cypto: Bring back SPL_ versions of SHA

Message ID	20210926014342.127913-4-sjg@chromium.org
State	Accepted
Commit	603d15a572d5b1e2894db87b86d85a092dacdfd1
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Simon Glass <sjg@chromium.org> To: U-Boot Mailing List <u-boot@lists.denx.de> Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>, Andre Przywara <andre.przywara@arm.com>, Rasmus Villemoes <rasmus.villemoes@prevas.dk>, Robert Marko <robert.marko@sartura.hr>, Masahiro Yamada <masahiroy@kernel.org>, Tom Rini <trini@konsulko.com>, Simon Glass <sjg@chromium.org> Subject: [PATCH v5 04/29] spl: cypto: Bring back SPL_ versions of SHA Date: Sat, 25 Sep 2021 19:43:17 -0600 Message-Id: <20210926014342.127913-4-sjg@chromium.org> In-Reply-To: <20210926014342.127913-1-sjg@chromium.org> References: <20210926014342.127913-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	image: Reduce #ifdefs and ad-hoc defines in image code (Part B) \| expand [v5,00/29] image: Reduce #ifdefs and ad-hoc defines in image code (Part B) [v5,01/29] compiler: Rename host_build() to tools_build() [v5,02/29] kconfig: Add tools support to CONFIG_IS_ENABLED() [v5,03/29] image: Add Kconfig options for FIT in the tools build [v5,04/29] spl: cypto: Bring back SPL_ versions of SHA [v5,05/29] hash: Use Kconfig to enable hashing in host tools and SPL [v5,06/29] hash: Drop some #ifdefs in hash.c [v5,07/29] image: Drop IMAGE_ENABLE_FIT [v5,08/29] image: Drop IMAGE_ENABLE_OF_LIBFDT [v5,09/29] image: Use Kconfig to enable CONFIG_FIT_VERBOSE on host [v5,10/29] image: Use Kconfig to enable FIT_RSASSA_PSS on host [v5,11/29] image: Use the correct checks for CRC32 [v5,12/29] image: Drop IMAGE_BOOT_GET_CMDLINE [v5,13/29] image: Drop IMAGE_OF_BOARD_SETUP [v5,14/29] image: Drop IMAGE_OF_SYSTEM_SETUP [v5,15/29] image: Drop IMAGE_ENABLE_IGNORE [v5,16/29] efi: Correct dependency on FIT_SIGNATURE [v5,19/29] image: Tidy up fit_unsupported_reset() [v5,20/29] image: Drop unnecessary #ifdefs from image.h [v5,21/29] image: Drop #ifdefs for fit_print_contents() [v5,22/29] image: Drop most #ifdefs in image-board.c [v5,23/29] image: Reduce variable scope in boot_get_ramdisk() [v5,24/29] image: Split up boot_get_ramdisk() [v5,25/29] image: Remove #ifdefs from select_ramdisk() [v5,26/29] image: Remove some #ifdefs from image-fit and image-fit-sig [v5,27/29] image: Reduce variable scope in boot_get_fdt() [v5,28/29] image: Split up boot_get_fdt()

Message ID

20210926014342.127913-4-sjg@chromium.org

State

Accepted

Commit

603d15a572d5b1e2894db87b86d85a092dacdfd1

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256
 header.s=google header.b=X+w+COh1;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4HH7qF548Mz9t6S
	for <incoming@patchwork.ozlabs.org>; Sun, 26 Sep 2021 11:44:25 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id AB75F835DE;
	Sun, 26 Sep 2021 03:44:16 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=chromium.org header.i=@chromium.org
 header.b="X+w+COh1";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id F2996835B6; Sun, 26 Sep 2021 03:44:03 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-oo1-xc34.google.com (mail-oo1-xc34.google.com
 [IPv6:2607:f8b0:4864:20::c34])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 0AAFA835A4
 for <u-boot@lists.denx.de>; Sun, 26 Sep 2021 03:43:55 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=sjg@chromium.org
Received: by mail-oo1-xc34.google.com with SMTP id
 v17-20020a4ae051000000b002b5a56e3da3so230115oos.2
 for <u-boot@lists.denx.de>; Sat, 25 Sep 2021 18:43:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;
 s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=H7QDYblTWdk7smXg54bMoFslfxSrJmaor+8hhTXYgBc=;
 b=X+w+COh1/vHdJB3A5WtsmJs7c3ZtxPQqBOCRx4yQi0jHLhj+esSDJ2TAvj4QnoMUam
 oDlNhv99rmH000iCkrWhnxQCPYQwbBaDpRY0GDzpCjqI7aie2GMBJZFi9ComG6oC2dVd
 UxTqp9S1Le4zblcPqBisf+ZxHs29OKcSYr3oY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=H7QDYblTWdk7smXg54bMoFslfxSrJmaor+8hhTXYgBc=;
 b=1DZrn74aN0yWlblsGfgwJvRsQcEbBnxgZNPVM9S3iJpbYvgQRLsxNxHwfEmgjGCWrl
 LS9P1IRfzgNloUdItNHcrRQkWI9UuwJMnNnrkBP1/ZCvbq6TKNspDNHICEOZJwfRzk/D
 JnqtsqnjndyoI7HEmaJyK4M1YuGCDSP3NMRJheSEYKlC3IpzYr2UtzackW/HkhVxRsca
 mITa06qb1orN+zybWCS3YwkwQl9ZczSw34huuCvVKzCHgJ/4RNnblQK6rVRfvWQ1e+Ce
 oFidQv03WE7JpCWWUBL+escDGIZpxG/CBldb45fb06amlOpljSAUfH3mXhErWdvOrWFr
 7dWg==
X-Gm-Message-State: AOAM5318BYmsZ33+RlBY7uX2FvycubrB26bg0ZfFlXIGNLjVKTV5cy6Y
 PGFKsLf51yH1ddL854zV+Y0iZZg5dSHudQ==
X-Google-Smtp-Source: 
 ABdhPJwmRuBEdSdQ78CxJ4RtshwxNdF4yc+PV0QnL3W2BY+Vyc9g0MGmiF8MPyfcfoLHgyTmVdLuaw==
X-Received: by 2002:a4a:e214:: with SMTP id b20mr12061529oot.1.1632620633513;
 Sat, 25 Sep 2021 18:43:53 -0700 (PDT)
Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net.
 [67.190.101.114])
 by smtp.gmail.com with ESMTPSA id c18sm330378otr.72.2021.09.25.18.43.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 25 Sep 2021 18:43:53 -0700 (PDT)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>,
 Andre Przywara <andre.przywara@arm.com>,
 Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
 Robert Marko <robert.marko@sartura.hr>,
 Masahiro Yamada <masahiroy@kernel.org>, Tom Rini <trini@konsulko.com>,
 Simon Glass <sjg@chromium.org>
Subject: [PATCH v5 04/29] spl: cypto: Bring back SPL_ versions of SHA
Date: Sat, 25 Sep 2021 19:43:17 -0600
Message-Id: <20210926014342.127913-4-sjg@chromium.org>
X-Mailer: git-send-email 2.33.0.685.g46640cef36-goog
In-Reply-To: <20210926014342.127913-1-sjg@chromium.org>
References: <20210926014342.127913-1-sjg@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Series

image: Reduce #ifdefs and ad-hoc defines in image code (Part B) | expand

Commit Message

Simon Glass Sept. 26, 2021, 1:43 a.m. UTC

Unfortunately these were removed by mistake. This means that adding hash
support to SPL brings in all software algorithms, with a substantial
increase in code size.

The origin of the problem was renaming them to SPL_FIT_xxx and then these
were removed altogether in a later commit.

Add them back. This aligns with CONFIG_MD5, for example, which has an SPL
variant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f5bc9c25f31 ("image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx")
Fixes: eb5171ddec9 ("common: Remove unused CONFIG_FIT_SHAxxx selectors")
---
For now this has no effect but the next patch updates hash.c to deal with
this condition for both SPL and tools.

Changes in v5:
- Add new patch to bring back SPL_ versions of SHA

 lib/Kconfig | 43 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

Comments

Alex G. Oct. 5, 2021, 6:19 p.m. UTC | #1

On 9/25/21 8:43 PM, Simon Glass wrote:
> Unfortunately these were removed by mistake. This means that adding hash
> support to SPL brings in all software algorithms, with a substantial
> increase in code size.
> 
> The origin of the problem was renaming them to SPL_FIT_xxx and then these
> were removed altogether in a later commit.
> 
> Add them back. This aligns with CONFIG_MD5, for example, which has an SPL
> variant.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Fixes: f5bc9c25f31 ("image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx")
> Fixes: eb5171ddec9 ("common: Remove unused CONFIG_FIT_SHAxxx selectors")

Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

I don't think these ever worked as intended. I had issues disabling SHA1 
in SPL before either of the suspect patches were merged.

> ---
> For now this has no effect but the next patch updates hash.c to deal with
> this condition for both SPL and tools.
> 
> Changes in v5:
> - Add new patch to bring back SPL_ versions of SHA
> 
>   lib/Kconfig | 43 ++++++++++++++++++++++++++++++++++++++++++-
>   1 file changed, 42 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 034af724b5d..7899e756f99 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -373,7 +373,6 @@ config SHA256
>   	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
>   	  (digest).
>   
> -
>   config SHA512
>   	bool "Enable SHA512 support"
>   	help
> @@ -399,6 +398,48 @@ config SHA_HW_ACCEL
>   	  hashing algorithms. This affects the 'hash' command and also the
>   	  hash_lookup_algo() function.
>   
> +if SPL
> +
> +config SPL_SHA1
> +	bool "Enable SHA1 support in SPL"
> +	default y if SHA1
> +	help
> +	  This option enables support of hashing using SHA1 algorithm.
> +	  The hash is calculated in software.
> +	  The SHA1 algorithm produces a 160-bit (20-byte) hash value
> +	  (digest).
> +
> +config SPL_SHA256
> +	bool "Enable SHA256 support in SPL"
> +	default y if SHA256
> +	help
> +	  This option enables support of hashing using SHA256 algorithm.
> +	  The hash is calculated in software.
> +	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
> +	  (digest).
> +
> +config SPL_SHA512
> +	bool "Enable SHA512 support in SPL"
> +	default y if SHA512
> +	help
> +	  This option enables support of hashing using SHA512 algorithm.
> +	  The hash is calculated in software.
> +	  The SHA512 algorithm produces a 512-bit (64-byte) hash value
> +	  (digest).
> +
> +config SPL_SHA384
> +	bool "Enable SHA384 support in SPL"
> +	default y if SHA384
> +	select SPL_SHA512
> +	help
> +	  This option enables support of hashing using SHA384 algorithm.
> +	  The hash is calculated in software. This is also selects SHA512,
> +	  because these implementations share the bulk of the code..
> +	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
> +	  (digest).
> +
> +endif
> +
>   if SHA_HW_ACCEL
>   
>   config SHA512_HW_ACCEL
>

Tom Rini Oct. 9, 2021, 1:39 a.m. UTC | #2

On Sat, Sep 25, 2021 at 07:43:17PM -0600, Simon Glass wrote:

> Unfortunately these were removed by mistake. This means that adding hash
> support to SPL brings in all software algorithms, with a substantial
> increase in code size.
> 
> The origin of the problem was renaming them to SPL_FIT_xxx and then these
> were removed altogether in a later commit.
> 
> Add them back. This aligns with CONFIG_MD5, for example, which has an SPL
> variant.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Fixes: f5bc9c25f31 ("image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx")
> Fixes: eb5171ddec9 ("common: Remove unused CONFIG_FIT_SHAxxx selectors")
> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

Applied to u-boot/master, thanks!

diff --git a/lib/Kconfig b/lib/Kconfig
index 034af724b5d..7899e756f99 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -373,7 +373,6 @@  config SHA256
 	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
 	  (digest).
 
-
 config SHA512
 	bool "Enable SHA512 support"
 	help
@@ -399,6 +398,48 @@  config SHA_HW_ACCEL
 	  hashing algorithms. This affects the 'hash' command and also the
 	  hash_lookup_algo() function.
 
+if SPL
+
+config SPL_SHA1
+	bool "Enable SHA1 support in SPL"
+	default y if SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm.
+	  The hash is calculated in software.
+	  The SHA1 algorithm produces a 160-bit (20-byte) hash value
+	  (digest).
+
+config SPL_SHA256
+	bool "Enable SHA256 support in SPL"
+	default y if SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm.
+	  The hash is calculated in software.
+	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
+	  (digest).
+
+config SPL_SHA512
+	bool "Enable SHA512 support in SPL"
+	default y if SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm.
+	  The hash is calculated in software.
+	  The SHA512 algorithm produces a 512-bit (64-byte) hash value
+	  (digest).
+
+config SPL_SHA384
+	bool "Enable SHA384 support in SPL"
+	default y if SHA384
+	select SPL_SHA512
+	help
+	  This option enables support of hashing using SHA384 algorithm.
+	  The hash is calculated in software. This is also selects SHA512,
+	  because these implementations share the bulk of the code..
+	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
+	  (digest).
+
+endif
+
 if SHA_HW_ACCEL
 
 config SHA512_HW_ACCEL

[v5,04/29] spl: cypto: Bring back SPL_ versions of SHA

Commit Message

Comments

Patch