Merge branch '2021-09-08-fix-FIT-hash-algos-in-SPL'

- Merge some fixes to how we enable hash algorithms for FIT images in
  SPL.  This fixes a few cases where we should have had some options
  enabled, but did not.  This also removes otherwise unused options in a
  few other cases.

arch/arm/mach-socfpga/Kconfig

@@ -11,7 +11,7 @@ config SOCFPGA_SECURE_VAB_AUTH
 	depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_N5X
 	select FIT_IMAGE_POST_PROCESS
 	select SHA384
-	select SHA512_ALGO
+	select SHA512
 	select SPL_FIT_IMAGE_POST_PROCESS
 	help
 	 All images loaded from FIT will be authenticated by Secure Device

board/freescale/common/Kconfig

@@ -4,6 +4,7 @@ config CHAIN_OF_TRUST
 	imply CMD_HASH if ARM
 	select FSL_CAAM
 	select SPL_BOARD_INIT if (ARM && SPL)
+	select SPL_HASH if (ARM && SPL)
 	select SHA_HW_ACCEL
 	select SHA_PROG_HW_ACCEL
 	select ENV_IS_NOWHERE

cmd/mvebu/Kconfig

@@ -4,6 +4,7 @@ depends on ARCH_MVEBU
 config CMD_MVEBU_BUBT
 	bool "bubt"
 	default n
+	select SHA256 if ARMADA_3700
 	help
 	  bubt - Burn a u-boot image to flash
 	  For details about bubt command please see the documentation

common/Kconfig.boot

@@ -11,8 +11,10 @@ config ANDROID_BOOT_IMAGE
 
 config FIT
 	bool "Support Flattened Image Tree"
+	select HASH
 	select MD5
 	select SHA1
+	imply SHA256
 	help
 	  This option allows you to boot the new uImage structure,
 	  Flattened Image Tree.  FIT is formally a FDT, which can include
@@ -35,34 +37,6 @@ config FIT_EXTERNAL_OFFSET
 	  could be put in the hole between data payload and fit image
 	  header, such as CSF data on i.MX platform.
 
-config FIT_SHA256
-	bool "Support SHA256 checksum of FIT image contents"
-	default y
-	select SHA256
-	help
-	  Enable this to support SHA256 checksum of FIT image contents. A
-	  SHA256 checksum is a 256-bit (32-byte) hash value used to check that
-	  the image contents have not been corrupted.
-
-config FIT_SHA384
-	bool "Support SHA384 checksum of FIT image contents"
-	default n
-	select SHA384
-	help
-	  Enable this to support SHA384 checksum of FIT image contents. A
-	  SHA384 checksum is a 384-bit (48-byte) hash value used to check that
-	  the image contents have not been corrupted. Use this for the highest
-	  security.
-
-config FIT_SHA512
-	bool "Support SHA512 checksum of FIT image contents"
-	default n
-	select SHA512
-	help
-	  Enable this to support SHA512 checksum of FIT image contents. A
-	  SHA512 checksum is a 512-bit (64-byte) hash value used to check that
-	  the image contents have not been corrupted.
-
 config FIT_FULL_CHECK
 	bool "Do a full check of the FIT before using it"
 	default y
@@ -161,6 +135,7 @@ if SPL
 config SPL_FIT
 	bool "Support Flattened Image Tree within SPL"
 	depends on SPL
+	select SPL_HASH
 	select SPL_OF_LIBFDT
 
 config SPL_FIT_PRINT
@@ -185,7 +160,7 @@ config SPL_FIT_SIGNATURE
 	select FIT_SIGNATURE
 	select SPL_FIT
 	select SPL_CRYPTO
-	select SPL_HASH_SUPPORT
+	select SPL_HASH
 	imply SPL_RSA
 	imply SPL_RSA_VERIFY
 	select SPL_IMAGE_SIGN_INFO

common/Makefile

@@ -8,7 +8,6 @@ ifndef CONFIG_SPL_BUILD
 obj-y += init/
 obj-y += main.o
 obj-y += exports.o
-obj-$(CONFIG_HASH) += hash.o
 obj-$(CONFIG_HUSH_PARSER) += cli_hush.o
 obj-$(CONFIG_AUTOBOOT) += autoboot.o
 
@@ -66,8 +65,6 @@ ifdef CONFIG_SPL_BUILD
 ifdef CONFIG_SPL_DFU
 obj-$(CONFIG_DFU_OVER_USB) += dfu.o
 endif
-obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
-obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o
 obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o
 obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += fdt_support.o
@@ -105,6 +102,7 @@ endif
 endif
 
 obj-y += image.o
+obj-$(CONFIG_$(SPL_TPL_)HASH) += hash.o
 obj-$(CONFIG_ANDROID_AB) += android_ab.o
 obj-$(CONFIG_ANDROID_BOOT_IMAGE) += image-android.o image-android-dt.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o

common/hash.c

@@ -207,12 +207,25 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf,
 	return 0;
 }
 
+#ifdef USE_HOSTCC
+# define I_WANT_MD5	1
+#else
+# define I_WANT_MD5	CONFIG_IS_ENABLED(MD5)
+#endif
 /*
  * These are the hash algorithms we support.  If we have hardware acceleration
  * is enable we will use that, otherwise a software version of the algorithm.
  * Note that algorithm names must be in lower case.
  */
 static struct hash_algo hash_algo[] = {
+#if I_WANT_MD5
+	{
+		.name		= "md5",
+		.digest_size	= MD5_SUM_LEN,
+		.chunk_size	= CHUNKSZ_MD5,
+		.hash_func_ws	= md5_wd,
+	},
+#endif
 #ifdef CONFIG_SHA1
 	{
 		.name 		= "sha1",

common/image-fit.c

@@ -1193,6 +1193,12 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
 	return 0;
 }
 
+static void crc32_uimage_fixup(void *value)
+{
+	/* TODO: In C, this type punning is undefined behavior: */
+	*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
+}
+
 /**
  * calculate_hash - calculate and return hash for provided input data
  * @data: pointer to the input data
@@ -1211,37 +1217,24 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
  *     0, on success
  *    -1, when algo is unsupported
  */
-int calculate_hash(const void *data, int data_len, const char *algo,
+int calculate_hash(const void *data, int data_len, const char *name,
 			uint8_t *value, int *value_len)
 {
-	if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
-		*((uint32_t *)value) = crc32_wd(0, data, data_len,
-							CHUNKSZ_CRC32);
-		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
-		*value_len = 4;
-	} else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
-		sha1_csum_wd((unsigned char *)data, data_len,
-			     (unsigned char *)value, CHUNKSZ_SHA1);
-		*value_len = 20;
-	} else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
-		sha256_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA256);
-		*value_len = SHA256_SUM_LEN;
-	} else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
-		sha384_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA384);
-		*value_len = SHA384_SUM_LEN;
-	} else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
-		sha512_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA512);
-		*value_len = SHA512_SUM_LEN;
-	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
-		md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
-		*value_len = 16;
-	} else {
+	struct hash_algo *algo;
+	int ret;
+
+	ret = hash_lookup_algo(name, &algo);
+	if (ret < 0) {
 		debug("Unsupported hash alogrithm\n");
 		return -1;
 	}
+
+	algo->hash_func_ws(data, data_len, value, algo->chunk_size);
+	*value_len = algo->digest_size;
+
+	if (!strcmp(name, "crc32"))
+		crc32_uimage_fixup(value);
+
 	return 0;
 }
 

common/spl/Kconfig

@@ -439,48 +439,6 @@ config SPL_MD5
 	  applications where images may be changed maliciously, you should
 	  consider SHA256 or SHA384.
 
-config SPL_FIT_SHA1
-	bool "Support SHA1"
-	depends on SPL_FIT
-	select SHA1
-	help
-	  Enable this to support SHA1 in FIT images within SPL. A SHA1
-	  checksum is a 160-bit (20-byte) hash value used to check that the
-	  image contents have not been corrupted or maliciously altered.
-	  While SHA1 is fairly secure it is coming to the end of its life
-	  due to the expanding computing power available to brute-force
-	  attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
-	bool "Support SHA256"
-	depends on SPL_FIT
-	select SHA256
-	help
-	  Enable this to support SHA256 in FIT images within SPL. A SHA256
-	  checksum is a 256-bit (32-byte) hash value used to check that the
-	  image contents have not been corrupted.
-
-config SPL_FIT_SHA384
-	bool "Support SHA384"
-	depends on SPL_FIT
-	select SHA384
-	select SHA512_ALGO
-	help
-	  Enable this to support SHA384 in FIT images within SPL. A SHA384
-	  checksum is a 384-bit (48-byte) hash value used to check that the
-	  image contents have not been corrupted. Use this for the highest
-	  security.
-
-config SPL_FIT_SHA512
-	bool "Support SHA512"
-	depends on SPL_FIT
-	select SHA512
-	select SHA512_ALGO
-	help
-	  Enable this to support SHA512 in FIT images within SPL. A SHA512
-	  checksum is a 512-bit (64-byte) hash value used to check that the
-	  image contents have not been corrupted.
-
 config SPL_FIT_IMAGE_TINY
 	bool "Remove functionality from SPL FIT loading to reduce size"
 	depends on SPL_FIT
@@ -519,27 +477,6 @@ config SPL_CRYPTO
 	  this option to build the drivers in drivers/crypto as part of an
 	  SPL build.
 
-config SPL_HASH_SUPPORT
-	bool "Support hashing drivers"
-	select SHA1
-	select SHA256
-	help
-	  Enable hashing drivers in SPL. These drivers can be used to
-	  accelerate secure boot processing in secure applications. Enable
-	  this option to build system-specific drivers for hash acceleration
-	  as part of an SPL build.
-
-config TPL_HASH_SUPPORT
-	bool "Support hashing drivers in TPL"
-	depends on TPL
-	select SHA1
-	select SHA256
-	help
-	  Enable hashing drivers in SPL. These drivers can be used to
-	  accelerate secure boot processing in secure applications. Enable
-	  this option to build system-specific drivers for hash acceleration
-	  as part of an SPL build.
-
 config SPL_DMA
 	bool "Support DMA drivers"
 	help
@@ -1235,7 +1172,7 @@ config SPL_USB_ETHER
 
 config SPL_DFU
 	bool "Support DFU (Device Firmware Upgrade)"
-	select SPL_HASH_SUPPORT
+	select SPL_HASH
 	select SPL_DFU_NO_RESET
 	depends on SPL_RAM_SUPPORT
 	help

configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig

@@ -31,7 +31,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xe8
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_I2C=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y

configs/ls1043ardb_nand_SECURE_BOOT_defconfig

@@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
 CONFIG_SPL_NAND_SUPPORT=y

configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig

@@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
 CONFIG_SPL_WATCHDOG=y

configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig

@@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_I2C=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y

configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig

@@ -33,7 +33,6 @@ CONFIG_MISC_INIT_R=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x8b0
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_I2C=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y

configs/mt8516_pumpkin_defconfig

@@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000
 # CONFIG_PSCI_RESET is not set
 CONFIG_DEBUG_UART=y
 CONFIG_FIT=y
-# CONFIG_FIT_SHA256 is not set
+# CONFIG_SHA256 is not set
 # CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
 CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
 # CONFIG_DISPLAY_BOARDINFO is not set

drivers/crypto/fsl/Kconfig

@@ -1,6 +1,8 @@
 config FSL_CAAM
 	bool "Freescale Crypto Driver Support"
 	select SHA_HW_ACCEL
+	# hw_sha1() under drivers/crypto, and needed with SHA_HW_ACCEL
+	imply SPL_CRYPTO if (ARM && SPL)
 	imply CMD_HASH
 	help
 	  Enables the Freescale's Cryptographic Accelerator and Assurance

include/configs/xilinx_zynqmp.h

@@ -258,7 +258,7 @@
 
 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_DFU)
 # define CONFIG_SPL_ENV_SUPPORT
-# define CONFIG_SPL_HASH_SUPPORT
+# define CONFIG_SPL_HASH
 # define CONFIG_ENV_MAX_ENTRIES	10
 #endif
 

include/image.h

@@ -31,9 +31,7 @@ struct fdt_region;
 #define IMAGE_ENABLE_OF_LIBFDT	1
 #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
 #define CONFIG_FIT_RSASSA_PSS 1
-#define CONFIG_FIT_SHA256
-#define CONFIG_FIT_SHA384
-#define CONFIG_FIT_SHA512
+#define CONFIG_MD5
 #define CONFIG_SHA1
 #define CONFIG_SHA256
 #define CONFIG_SHA384
@@ -62,26 +60,6 @@ struct fdt_region;
 #include <hash.h>
 #include <linux/libfdt.h>
 #include <fdt_support.h>
-# ifdef CONFIG_SPL_BUILD
-#  ifdef CONFIG_SPL_CRC32
-#   define IMAGE_ENABLE_CRC32	1
-#  endif
-#  ifdef CONFIG_SPL_MD5
-#   define IMAGE_ENABLE_MD5	1
-#  endif
-# else
-#  define IMAGE_ENABLE_CRC32	1
-#  define IMAGE_ENABLE_MD5	1
-# endif
-
-#ifndef IMAGE_ENABLE_CRC32
-#define IMAGE_ENABLE_CRC32	0
-#endif
-
-#ifndef IMAGE_ENABLE_MD5
-#define IMAGE_ENABLE_MD5	0
-#endif
-
 #endif /* IMAGE_ENABLE_FIT */
 
 #ifdef CONFIG_SYS_BOOT_GET_CMDLINE

include/u-boot/md5.h

@@ -8,6 +8,8 @@
 
 #include "compiler.h"
 
+#define MD5_SUM_LEN	16
+
 struct MD5Context {
 	__u32 buf[4];
 	__u32 bits[2];
@@ -28,7 +30,7 @@ void md5 (unsigned char *input, int len, unsigned char output[16]);
  * 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the
  * watchdog every 'chunk_sz' bytes of input processed.
  */
-void md5_wd (unsigned char *input, int len, unsigned char output[16],
-		unsigned int chunk_sz);
+void md5_wd(const unsigned char *input, unsigned int len,
+	     unsigned char output[16], unsigned int chunk_sz);
 
 #endif /* _MD5_H */

lib/Kconfig

@@ -375,14 +375,9 @@ config SHA256
 	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
 	  (digest).
 
-config SHA512_ALGO
-	bool "Enable SHA512 algorithm"
-	help
-	  This option enables support of internal SHA512 algorithm.
 
 config SHA512
 	bool "Enable SHA512 support"
-	depends on SHA512_ALGO
 	help
 	  This option enables support of hashing using SHA512 algorithm.
 	  The hash is calculated in software.
@@ -391,10 +386,11 @@ config SHA512
 
 config SHA384
 	bool "Enable SHA384 support"
-	depends on SHA512_ALGO
+	select SHA512
 	help
 	  This option enables support of hashing using SHA384 algorithm.
-	  The hash is calculated in software.
+	  The hash is calculated in software. This is also selects SHA512,
+	  because these implementations share the bulk of the code..
 	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
 	  (digest).
 
@@ -409,7 +405,7 @@ if SHA_HW_ACCEL
 
 config SHA512_HW_ACCEL
 	bool "Enable hardware acceleration for SHA512"
-	depends on SHA512_ALGO
+	depends on SHA512
 	help
 	  This option enables hardware acceleration for the SHA384 and SHA512
 	  hashing algorithms. This affects the 'hash' command and also the

lib/Makefile

@@ -65,7 +65,7 @@ obj-$(CONFIG_$(SPL_)RSA) += rsa/
 obj-$(CONFIG_HASH) += hash-checksum.o
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
-obj-$(CONFIG_SHA512_ALGO) += sha512.o
+obj-$(CONFIG_SHA512) += sha512.o
 obj-$(CONFIG_CRYPT_PW) += crypt/
 
 obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
@@ -87,7 +87,7 @@ endif
 
 ifdef CONFIG_SPL_BUILD
 obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o
-obj-$(CONFIG_$(SPL_TPL_)HASH_SUPPORT) += crc16.o
+obj-$(CONFIG_$(SPL_TPL_)HASH) += crc16.o
 obj-y += net_utils.o
 endif
 obj-$(CONFIG_ADDR_MAP) += addr_map.o

lib/crypt/Kconfig

@@ -20,7 +20,7 @@ config CRYPT_PW_SHA256
 config CRYPT_PW_SHA512
 	bool "Provide sha512crypt"
 	select SHA512
-	select SHA512_ALGO
+	select SHA512
 	help
 	  Enables support for the sha512crypt password-hashing algorithm.
 	  The prefix is "$6$".

lib/efi_loader/Kconfig

@@ -323,7 +323,7 @@ config EFI_TCG2_PROTOCOL
 	depends on TPM_V2
 	select SHA1
 	select SHA256
-	select SHA512_ALGO
+	select SHA512
 	select SHA384
 	select SHA512
 	select HASH

lib/md5.c

@@ -284,12 +284,12 @@ md5 (unsigned char *input, int len, unsigned char output[16])
  * watchdog every 'chunk_sz' bytes of input processed.
  */
 void
-md5_wd (unsigned char *input, int len, unsigned char output[16],
+md5_wd(const unsigned char *input, unsigned int len, unsigned char output[16],
 	unsigned int chunk_sz)
 {
 	struct MD5Context context;
 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
-	unsigned char *end, *curr;
+	const unsigned char *end, *curr;
 	int chunk;
 #endif
 

lib/sha512.c

@@ -320,7 +320,6 @@ void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
 
 #endif
 
-#if defined(CONFIG_SHA512)
 void sha512_starts(sha512_context * ctx)
 {
 	ctx->state[0] = SHA512_H0;
@@ -381,4 +380,3 @@ void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
 
 	sha512_finish(&ctx, output);
 }
-#endif