diff options
author | Wim Vervoorn <wvervoorn@eltan.com> | 2019-10-30 16:46:41 +0100 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2019-11-04 11:30:17 +0000 |
commit | 944fdc477140d874c1c674954044c0c2b540abb2 (patch) | |
tree | ddce8d938bbd37ee409e8289c5b2144e492eed24 /src/vendorcode | |
parent | adf344013d30dc685bab3dbd148bdecb35e833b1 (diff) |
vendorcode/eltan/security: Use custom hash for little endian only
Only use the custom hash routine when we need little endian.
Rename the function as well as it is little endian only now.
BUG=N/A
TEST=tested on fbg1701 board.
Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Diffstat (limited to 'src/vendorcode')
-rw-r--r-- | src/vendorcode/eltan/security/include/cb_sha.h | 13 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/lib/cb_sha.c | 34 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/mboot/mboot.c | 15 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.c | 8 |
4 files changed, 21 insertions, 49 deletions
diff --git a/src/vendorcode/eltan/security/include/cb_sha.h b/src/vendorcode/eltan/security/include/cb_sha.h index 4d087f40c9..9a231d8a1e 100644 --- a/src/vendorcode/eltan/security/include/cb_sha.h +++ b/src/vendorcode/eltan/security/include/cb_sha.h @@ -20,14 +20,7 @@ #include <vb21_common.h> #include <vb2_api.h> -/* Supported Algorithm types for hash */ -enum endian_algorithm { - NO_ENDIAN_ALGORITHM = 0, - BIG_ENDIAN_ALGORITHM = 1, - LITTLE_ENDIAN_ALGORITHM = 2, -}; +vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, + uint32_t len, uint8_t *digest); -int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len, - uint8_t *digest, enum endian_algorithm endian); - -#endif
\ No newline at end of file +#endif diff --git a/src/vendorcode/eltan/security/lib/cb_sha.c b/src/vendorcode/eltan/security/lib/cb_sha.c index 47cd10a47c..20a84afacc 100644 --- a/src/vendorcode/eltan/security/lib/cb_sha.c +++ b/src/vendorcode/eltan/security/lib/cb_sha.c @@ -15,42 +15,24 @@ #include <cb_sha.h> -int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len, - uint8_t *digest, enum endian_algorithm endian) +vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, + uint32_t len, uint8_t *digest) { int i; int rv; - uint32_t digest_size; - uint8_t *result_ptr; + uint32_t digest_size = vb2_digest_size(hash_alg); uint8_t result[VB2_MAX_DIGEST_SIZE]; - switch (hash_alg) { - case VB2_HASH_SHA1: - digest_size = VB2_SHA1_DIGEST_SIZE; - break; - case VB2_HASH_SHA256: - digest_size = VB2_SHA256_DIGEST_SIZE; - break; - case VB2_HASH_SHA512: - digest_size = VB2_SHA512_DIGEST_SIZE; - break; - default: + if (!digest_size) return VB2_ERROR_SHA_INIT_ALGORITHM; - } - result_ptr = result; - rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size); - if (rv || (endian == NO_ENDIAN_ALGORITHM)) + rv = vb2_digest_buffer(data, len, hash_alg, (uint8_t *)&result, digest_size); + if (rv) return rv; for (i = 0; i < digest_size; ++i) { - if (endian == BIG_ENDIAN_ALGORITHM) { - /* use big endian */ - digest[i] = *result_ptr++; - } else { - /* use little endian */ - digest[digest_size - i - 1] = *result_ptr++; - } + /* use little endian */ + digest[digest_size - i - 1] = result[i]; } return rv; } diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c index 5774429329..bae377a4d4 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.c +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -159,11 +159,8 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr, memcpy(digest->digest.sha1, (void *)hashData, VB2_SHA1_DIGEST_SIZE); } else { - status = cb_sha_endian(VB2_HASH_SHA1, hashData, - hashDataLen, - digest->digest.sha1, - NO_ENDIAN_ALGORITHM); - if ( status ) + if (cb_sha_little_endian(VB2_HASH_SHA1, hashData, + hashDataLen, digest->digest.sha1)) return TPM_E_IOERROR; } @@ -186,11 +183,9 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr, memcpy(digest->digest.sha256, (void *)hashData, hashDataLen); } else { - status = cb_sha_endian(VB2_HASH_SHA256, hashData, - hashDataLen, - digest->digest.sha256, - LITTLE_ENDIAN_ALGORITHM); - if (status) + + if (cb_sha_little_endian(VB2_HASH_SHA256, hashData, + hashDataLen, digest->digest.sha256)) return TPM_E_IOERROR; } digest->hashAlg = TPM_ALG_SHA256; diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 07c69020c8..88519bdd78 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -74,7 +74,8 @@ int verified_boot_check_manifest(void) vb2_sig_hdr->sig_size = vb2_rsa_sig_size(VB2_SIG_RSA2048); vb2_sig_hdr->hash_alg = HASH_ALG; vb2_sig_hdr->data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE; - memcpy(&sig_buffer[sizeof(struct vb21_signature)], (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size); + memcpy(&sig_buffer[sizeof(struct vb21_signature)], + (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size); if (vb21_verify_data(&sig_buffer[sizeof(struct vb21_signature)], vb2_sig_hdr->data_size, (struct vb21_signature *)&sig_buffer, &key, &wb)) { @@ -185,7 +186,7 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz else hash_algorithm = VB2_HASH_SHA256; - status = cb_sha_endian(hash_algorithm, (const uint8_t *)start, size, digest); + status = cb_sha_little_endian(hash_algorithm, (const uint8_t *)start, size, digest); if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)( (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC + sizeof(digest) * hash_index), digest, sizeof(digest))) || status) { @@ -203,7 +204,8 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz printk(BIOS_DEBUG, "%s: measuring %s\n", __func__, name); if (measure_item(pcr, digest, sizeof(digest), (int8_t *)name, 0)) - printk(BIOS_DEBUG, "%s: measuring failed!\n", __func__); + printk(BIOS_DEBUG, "%s: measuring failed!\n", + __func__); } } #endif |