summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrans Hendriks <fhendriks@eltan.com>2019-05-29 14:12:30 +0200
committerPatrick Georgi <pgeorgi@google.com>2019-07-10 10:13:42 +0000
commitbd4ad6e630fd3ae8f19022bceca9022c7441547c (patch)
treeeb720f91ff5e1a25159f3ca24228d1d39129f79f
parent6665da81ef289e9ba478e93b6c41928fa19f7d28 (diff)
downloadcoreboot-bd4ad6e630fd3ae8f19022bceca9022c7441547c.tar.xz
vendorcode/eltan/security/lib: Implement SHA endian function
digest from vb2_digest_bufer() does not contains the correct endian. Create cb_sha_endian() which can convert the calculated digest into big endian or little endian when required. BUG=N/A TEST=Created binary and verify logging on Facebok FBG-1701 Change-Id: If828bde54c79e836a5b05ff0447645d7e06e819a Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/30831 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
-rw-r--r--src/vendorcode/eltan/security/include/cb_sha.h33
-rw-r--r--src/vendorcode/eltan/security/lib/Makefile.inc59
-rw-r--r--src/vendorcode/eltan/security/lib/cb_sha.c56
3 files changed, 148 insertions, 0 deletions
diff --git a/src/vendorcode/eltan/security/include/cb_sha.h b/src/vendorcode/eltan/security/include/cb_sha.h
new file mode 100644
index 0000000000..4d087f40c9
--- /dev/null
+++ b/src/vendorcode/eltan/security/include/cb_sha.h
@@ -0,0 +1,33 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2018-2019, Eltan B.V.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef __SECURITY_CB_SHA_H__
+#define __SECURITY_CB_SHA_H__
+
+#include <2rsa.h>
+#include <vb21_common.h>
+#include <vb2_api.h>
+
+/* Supported Algorithm types for hash */
+enum endian_algorithm {
+ NO_ENDIAN_ALGORITHM = 0,
+ BIG_ENDIAN_ALGORITHM = 1,
+ LITTLE_ENDIAN_ALGORITHM = 2,
+};
+
+int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
+ uint8_t *digest, enum endian_algorithm endian);
+
+#endif \ No newline at end of file
diff --git a/src/vendorcode/eltan/security/lib/Makefile.inc b/src/vendorcode/eltan/security/lib/Makefile.inc
new file mode 100644
index 0000000000..5ef1bca65f
--- /dev/null
+++ b/src/vendorcode/eltan/security/lib/Makefile.inc
@@ -0,0 +1,59 @@
+#
+# This file is part of the coreboot project.
+#
+# Copyright (C) 2018-2019 Eltan B.V.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+
+# call with $1 = stage name to create rules for building the library
+# for the stage and adding it to the stage's set of object files.
+define vendor-security-lib
+VEN_SEC_LIB_$(1) = $(obj)/external/ven_sec_lib-$(1)/vboot_fw21.a
+VEN_SEC_CFLAGS_$(1) += $$(patsubst -I%,-I$(top)/%,\
+ $$(patsubst $(src)/%.h,$(top)/$(src)/%.h,\
+ $$(filter-out -I$(obj), $$(CPPFLAGS_$(1)))))
+VEN_SEC_CFLAGS_$(1) += $$(CFLAGS_$(1))
+VEN_SEC_CFLAGS_$(1) += $$($(1)-c-ccopts)
+VEN_SEC_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes
+
+$$(VEN_SEC_LIB_$(1)): $(obj)/config.h
+ printf " MAKE $(subst $(obj)/,,$(@))\n"
+ +FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \
+ CC="$$(CC_$(1))" \
+ CFLAGS="$$(VEN_SEC_CFLAGS_$(1))" VBOOT2="y" \
+ $(MAKE) -C $(VBOOT_SOURCE) \
+ BUILD=$$(abspath $$(dir $$(VEN_SEC_LIB_$(1)))) \
+ V=$(V) \
+ fwlib21
+endef # vendor-security-for-stage
+
+CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include
+CFLAGS_common += -I3rdparty/vboot/firmware/lib21/include
+
+ifneq ($(filter y,$(CONFIG_VENDORCODE_ELTAN_VBOOT) $(CONFIG_VENDORCODE_ELTAN_MBOOT)),)
+
+bootblock-$(CONFIG_C_ENVIRONMENT_BOOTBLOCK) += cb_sha.c
+$(eval $(call vendor-security-lib,bootblock))
+bootblock-srcs += $(obj)/external/ven_sec_lib-bootblock/vboot_fw21.a
+
+postcar-y += cb_sha.c
+$(eval $(call vendor-security-lib,postcar))
+postcar-srcs += $(obj)/external/ven_sec_lib-postcar/vboot_fw21.a
+
+ramstage-y += cb_sha.c
+$(eval $(call vendor-security-lib,ramstage))
+ramstage-srcs += $(obj)/external/ven_sec_lib-ramstage/vboot_fw21.a
+
+romstage-y += cb_sha.c
+$(eval $(call vendor-security-lib,romstage))
+romstage-srcs += $(obj)/external/ven_sec_lib-romstage/vboot_fw21.a
+
+endif \ No newline at end of file
diff --git a/src/vendorcode/eltan/security/lib/cb_sha.c b/src/vendorcode/eltan/security/lib/cb_sha.c
new file mode 100644
index 0000000000..47cd10a47c
--- /dev/null
+++ b/src/vendorcode/eltan/security/lib/cb_sha.c
@@ -0,0 +1,56 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2019 Eltan B.V.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <cb_sha.h>
+
+int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
+ uint8_t *digest, enum endian_algorithm endian)
+{
+ int i;
+ int rv;
+ uint32_t digest_size;
+ uint8_t *result_ptr;
+ uint8_t result[VB2_MAX_DIGEST_SIZE];
+
+ switch (hash_alg) {
+ case VB2_HASH_SHA1:
+ digest_size = VB2_SHA1_DIGEST_SIZE;
+ break;
+ case VB2_HASH_SHA256:
+ digest_size = VB2_SHA256_DIGEST_SIZE;
+ break;
+ case VB2_HASH_SHA512:
+ digest_size = VB2_SHA512_DIGEST_SIZE;
+ break;
+ default:
+ return VB2_ERROR_SHA_INIT_ALGORITHM;
+ }
+
+ result_ptr = result;
+ rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size);
+ if (rv || (endian == NO_ENDIAN_ALGORITHM))
+ return rv;
+
+ for (i = 0; i < digest_size; ++i) {
+ if (endian == BIG_ENDIAN_ALGORITHM) {
+ /* use big endian */
+ digest[i] = *result_ptr++;
+ } else {
+ /* use little endian */
+ digest[digest_size - i - 1] = *result_ptr++;
+ }
+ }
+ return rv;
+}