diff options
| author | Randall Spangler <rspangler@chromium.org> | 2012-10-25 13:40:42 -0700 |
|---|---|---|
| committer | Gerrit <chrome-bot@google.com> | 2012-10-25 17:03:44 -0700 |
| commit | 00b344ddbb570a5dae9b27f8441202dcecba9a4a (patch) | |
| tree | eee0a8d12ca3b062c7d60b12ddd84cbc06559528 | |
| parent | f48f9a6228c32c3435eaa113ed34268503c69a4f (diff) | |
| download | chrome-ec-00b344ddbb570a5dae9b27f8441202dcecba9a4a.tar.gz | |
Clean up vboot hash support
This copies the parts of sha256.c that we need from vboot_reference,
and removes the explicit dependency on vboot_reference. That
dependency was a good idea when we were doing full verified boot in
the EC, but is now overkill and makes it harder for others to reuse
the EC code. This also lets us call EC functions directly instead of
needing vboot_stub.cc; that reduces code size by ~100 bytes.
BUG=chrome-os-partner:15579
BRANCH=none
TEST=vboot_hash ro, then compare with result of sha256sum build/link/ec.RO.flat
Change-Id: I0f236174291df3e7f3c75e960fe9ab32af305a61
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/36589
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | Makefile.rules | 6 | ||||
| -rw-r--r-- | common/build.mk | 21 | ||||
| -rw-r--r-- | common/sha256.c | 222 | ||||
| -rw-r--r-- | common/vboot_hash.c | 4 | ||||
| -rw-r--r-- | common/vboot_stub.c | 20 | ||||
| -rw-r--r-- | include/sha256.h | 29 |
7 files changed, 254 insertions, 49 deletions
@@ -51,7 +51,6 @@ all-y+=$(call objs_from_dir,board/$(BOARD),board) all-y+=$(call objs_from_dir,private,private) all-y+=$(call objs_from_dir,common,common) all-y+=$(call objs_from_dir,test,$(PROJECT)) -all-y+=$(call objs_from_dir,vboot,vboot) dirs=core/$(CORE) chip/$(CHIP) board/$(BOARD) private common test util include Makefile.rules diff --git a/Makefile.rules b/Makefile.rules index 98adb101a7..50709aa64c 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -41,12 +41,6 @@ cmd_c_to_host = $(HOSTCC) $(HOST_CFLAGS) -MMD -MF $@.d $(filter %.c, $^) -o $@ cmd_qemu = ./util/run_qemu_test --image=build/$(BOARD)/$*/$*.bin test/$*.py \ $(silent) cmd_version = ./util/getversion.sh > $@ -cmd_sign = vbutil_ec --sign $(out)/$*.bin.tmp \ - --version 1 \ - --keyblock $(VBOOT_DEVKEYS)/ec.keyblock \ - --signprivate $(VBOOT_DEVKEYS)/ec_data_key.vbprivk \ - --signpubkey $(VBOOT_DEVKEYS)/ec_root_key.vbpubk \ - $(silent) cmd_mv_from_tmp = mv $(out)/$*.bin.tmp $(out)/$*.bin cmd_extractrw-y = cd $(out) && \ dump_fmap -x $(PROJECT).bin.tmp RW_SECTION_A $(silent) && \ diff --git a/common/build.mk b/common/build.mk index bac305d331..6de477c458 100644 --- a/common/build.mk +++ b/common/build.mk @@ -30,26 +30,7 @@ common-$(CONFIG_TASK_POWERSTATE)+=charge_state.o battery_precharge.o common-$(CONFIG_TASK_PWM)+=pwm_commands.o common-$(CONFIG_TASK_TEMPSENSOR)+=temp_sensor.o temp_sensor_commands.o common-$(CONFIG_TASK_THERMAL)+=thermal.o thermal_commands.o +common-$(CONFIG_TASK_VBOOTHASH)+=sha256.o vboot_hash.o common-$(CONFIG_TASK_X86POWER)+=x86_power.o common-$(CONFIG_TMP006)+=tmp006.o common-$(CONFIG_USB_CHARGE)+=usb_charge.o - -# verified boot stuff -VBOOT_SOURCE?=/usr/src/vboot -VBOOT_DEVKEYS?=/usr/share/vboot/devkeys - -CFLAGS_$(CONFIG_TASK_VBOOTHASH)+= -DCHROMEOS_ENVIRONMENT -DCHROMEOS_EC -# CFLAGS_$(CONFIG_TASK_VBOOTHASH)+= -DVBOOT_DEBUG - -common-$(CONFIG_TASK_VBOOTHASH)+=vboot_stub.o vboot_hash.o - -includes-$(CONFIG_TASK_VBOOTHASH)+= \ - $(VBOOT_SOURCE)/include \ - $(VBOOT_SOURCE)/lib/include \ - $(VBOOT_SOURCE)/lib/cryptolib/include - -dirs-$(CONFIG_TASK_VBOOTHASH)+=vboot/lib vboot/lib/cryptolib - -vboot-$(CONFIG_TASK_VBOOTHASH)+= \ - lib/cryptolib/padding.o \ - lib/cryptolib/sha256.o diff --git a/common/sha256.c b/common/sha256.c new file mode 100644 index 0000000000..b5e276fcf6 --- /dev/null +++ b/common/sha256.c @@ -0,0 +1,222 @@ +/* SHA-256 and SHA-512 implementation based on code by Oliver Gay + * <olivier.gay@a3.epfl.ch> under a BSD-style license. See below. + */ + +/* + * FIPS 180-2 SHA-224/256/384/512 implementation + * Last update: 02/02/2007 + * Issue date: 04/30/2005 + * + * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "sha256.h" +#include "util.h" + +#define SHFR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) +#define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) +#define CH(x, y, z) ((x & y) ^ (~x & z)) +#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) + +#define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3)) +#define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10)) + +#define UNPACK32(x, str) \ + { \ + *((str) + 3) = (uint8_t) ((x)); \ + *((str) + 2) = (uint8_t) ((x) >> 8); \ + *((str) + 1) = (uint8_t) ((x) >> 16); \ + *((str) + 0) = (uint8_t) ((x) >> 24); \ + } + +#define PACK32(str, x) \ + { \ + *(x) = ((uint32_t) *((str) + 3)) \ + | ((uint32_t) *((str) + 2) << 8) \ + | ((uint32_t) *((str) + 1) << 16) \ + | ((uint32_t) *((str) + 0) << 24); \ + } + +/* Macros used for loops unrolling */ + +#define SHA256_SCR(i) \ + { \ + w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \ + + SHA256_F3(w[i - 15]) + w[i - 16]; \ + } + +#define SHA256_EXP(a, b, c, d, e, f, g, h, j) \ + { \ + t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \ + + sha256_k[j] + w[j]; \ + t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \ + wv[d] += t1; \ + wv[h] = t1 + t2; \ + } + +static const uint32_t sha256_h0[8] = { + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; + +static const uint32_t sha256_k[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; + +#define SHA256_DIGESTINFO_LEN 19 + +static const uint8_t SHA256_digestinfo[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20 +}; + +void SHA256_init(struct sha256_ctx *ctx) +{ + int i; + + for (i = 0; i < 8; i++) + ctx->h[i] = sha256_h0[i]; + + ctx->len = 0; + ctx->tot_len = 0; +} + +static void SHA256_transform(struct sha256_ctx *ctx, const uint8_t *message, + unsigned int block_nb) +{ + /* Note: this function requires a considerable amount of stack */ + uint32_t w[64]; + uint32_t wv[8]; + uint32_t t1, t2; + const unsigned char *sub_block; + int i, j; + + for (i = 0; i < (int) block_nb; i++) { + sub_block = message + (i << 6); + + for (j = 0; j < 16; j++) + PACK32(&sub_block[j << 2], &w[j]); + + for (j = 16; j < 64; j++) + SHA256_SCR(j); + + for (j = 0; j < 8; j++) + wv[j] = ctx->h[j]; + + for (j = 0; j < 64; j++) { + t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + + sha256_k[j] + w[j]; + t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]); + wv[7] = wv[6]; + wv[6] = wv[5]; + wv[5] = wv[4]; + wv[4] = wv[3] + t1; + wv[3] = wv[2]; + wv[2] = wv[1]; + wv[1] = wv[0]; + wv[0] = t1 + t2; + } + + for (j = 0; j < 8; j++) + ctx->h[j] += wv[j]; + } +} + +void SHA256_update(struct sha256_ctx *ctx, const uint8_t *data, uint32_t len) +{ + unsigned int block_nb; + unsigned int new_len, rem_len, tmp_len; + const uint8_t *shifted_data; + + tmp_len = SHA256_BLOCK_SIZE - ctx->len; + rem_len = len < tmp_len ? len : tmp_len; + + memcpy(&ctx->block[ctx->len], data, rem_len); + + if (ctx->len + len < SHA256_BLOCK_SIZE) { + ctx->len += len; + return; + } + + new_len = len - rem_len; + block_nb = new_len / SHA256_BLOCK_SIZE; + + shifted_data = data + rem_len; + + SHA256_transform(ctx, ctx->block, 1); + SHA256_transform(ctx, shifted_data, block_nb); + + rem_len = new_len % SHA256_BLOCK_SIZE; + + memcpy(ctx->block, &shifted_data[block_nb << 6], rem_len); + + ctx->len = rem_len; + ctx->tot_len += (block_nb + 1) << 6; +} + +uint8_t *SHA256_final(struct sha256_ctx *ctx) +{ + unsigned int block_nb; + unsigned int pm_len; + unsigned int len_b; + int i; + + block_nb = (1 + ((SHA256_BLOCK_SIZE - 9) + < (ctx->len % SHA256_BLOCK_SIZE))); + + len_b = (ctx->tot_len + ctx->len) << 3; + pm_len = block_nb << 6; + + memset(ctx->block + ctx->len, 0, pm_len - ctx->len); + ctx->block[ctx->len] = 0x80; + UNPACK32(len_b, ctx->block + pm_len - 4); + + SHA256_transform(ctx, ctx->block, block_nb); + + for (i = 0 ; i < 8; i++) + UNPACK32(ctx->h[i], &ctx->buf[i << 2]); + + return ctx->buf; +} diff --git a/common/vboot_hash.c b/common/vboot_hash.c index ed011aee05..8174455fa5 100644 --- a/common/vboot_hash.c +++ b/common/vboot_hash.c @@ -7,9 +7,9 @@ #include "common.h" #include "console.h" -#include "cryptolib.h" #include "hooks.h" #include "host_command.h" +#include "sha256.h" #include "system.h" #include "task.h" #include "timer.h" @@ -37,7 +37,7 @@ static const uint8_t *hash; /* Hash, or NULL if not valid */ static int want_abort; static int in_progress; -static SHA256_CTX ctx; +static struct sha256_ctx ctx; /* * Start computing a hash of <size> bytes of data at flash offset <offset>. diff --git a/common/vboot_stub.c b/common/vboot_stub.c deleted file mode 100644 index be25031171..0000000000 --- a/common/vboot_stub.c +++ /dev/null @@ -1,20 +0,0 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -/* Functions needed by vboot library */ - -#define _STUB_IMPLEMENTATION_ -#include "util.h" -#include "utility.h" - -void *Memcpy(void *dest, const void *src, uint64_t n) -{ - return memcpy(dest, src, (size_t)n); -} - -void *Memset(void *d, const uint8_t c, uint64_t n) -{ - return memset(d, c, n); -} diff --git a/include/sha256.h b/include/sha256.h new file mode 100644 index 0000000000..714d87351c --- /dev/null +++ b/include/sha256.h @@ -0,0 +1,29 @@ +/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* SHA-256 functions */ + +#ifndef _CROS_EC_SHA256_H +#define _CROS_EC_SHA256_H + +#include "common.h" + +#define SHA256_DIGEST_SIZE 32 +#define SHA256_BLOCK_SIZE 64 + +/* SHA256 context */ +struct sha256_ctx { + uint32_t h[8]; + uint32_t tot_len; + uint32_t len; + uint8_t block[2 * SHA256_BLOCK_SIZE]; + uint8_t buf[SHA256_DIGEST_SIZE]; /* Used to store the final digest. */ +}; + +void SHA256_init(struct sha256_ctx *ctx); +void SHA256_update(struct sha256_ctx *ctx, const uint8_t *data, uint32_t len); +uint8_t *SHA256_final(struct sha256_ctx *ctx); + +#endif /* _CROS_EC_SHA256_H */ |