diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-01-22 21:25:42 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-01-25 22:12:28 -0800 |
| commit | 7d2e4fbf5ba0c27f5d84bfa321bd857dbd7c33ff (patch) | |
| tree | 6a8626fd1f271cf2bfaffc4d9e81a20ad20254e5 /common/nvmem.c | |
| parent | 09fca7bddbc4785c5f0d5f4590cdf9d09b3d5471 (diff) | |
| download | chrome-ec-7d2e4fbf5ba0c27f5d84bfa321bd857dbd7c33ff.tar.gz | |
g: common: introduce generic crypto API
On boards based on the g chip cryptographic functions come from
hardware, they should be implemented in chip/g as opposed to a
particular board.
The common modules (like nvmem) should be using some generic API,
which hopefully will be implemented by other chips, or could be
replaced by a purely software implementation where crypto hardware
support is not available.
Crypto API definition is being added in include/ and the g chip
implementation (a wrapper around dcrypto functions) is being added in
chip/g.
test/nvmem_vars.h needed to be edited to avoid conflict with
<string.h>.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=make buildall -j still passes. Booting reef with the new image
works fine too.
Change-Id: Ifef281215f89239966882ecbe3e90c8351b9b91a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/431313
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Diffstat (limited to 'common/nvmem.c')
| -rw-r--r-- | common/nvmem.c | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/common/nvmem.c b/common/nvmem.c index 3358ad5b3a..3251ed8e94 100644 --- a/common/nvmem.c +++ b/common/nvmem.c @@ -48,6 +48,18 @@ static int nvmem_error_state; /* Flag to track if an Nv write/move is not completed */ static int nvmem_write_error; +/* + * Given the nvmem tag address calculate the sha value of the nvmem buffer and + * save it in the provided space. The caller is expected to provide enough + * space to store CIPHER_SALT_SIZE bytes. + */ +static void nvmem_compute_sha(struct nvmem_tag *tag, void *sha_buf) +{ + app_compute_hash(&tag->generation, + NVMEM_PARTITION_SIZE - NVMEM_SHA_SIZE, + sha_buf, sizeof(tag->sha)); +} + static int nvmem_save(uint8_t tag_generation, size_t partition) { struct nvmem_tag *tag; @@ -67,11 +79,7 @@ static int nvmem_save(uint8_t tag_generation, size_t partition) tag->generation = tag_generation; /* Calculate sha of the whole thing. */ - nvmem_compute_sha(&tag->generation, - NVMEM_PARTITION_SIZE - - offsetof(struct nvmem_tag, generation), - tag->sha, - sizeof(tag->sha)); + nvmem_compute_sha(tag, tag->sha); /* Write partition */ if (flash_physical_write(nvmem_offset, @@ -90,9 +98,7 @@ static int nvmem_partition_sha_match(int index) struct nvmem_partition *p_part; p_part = (struct nvmem_partition *)nvmem_base_addr[index]; - nvmem_compute_sha(&p_part->tag.generation, - (NVMEM_PARTITION_SIZE - NVMEM_SHA_SIZE), - sha_comp, sizeof(sha_comp)); + nvmem_compute_sha(&p_part->tag, sha_comp); /* Check if computed value matches stored value. */ return !memcmp(p_part->tag.sha, sha_comp, NVMEM_SHA_SIZE); @@ -342,11 +348,8 @@ int nvmem_setup(uint8_t starting_generation) /* Commit function will increment generation number */ p_part->tag.generation = starting_generation + part - 1; /* Compute sha for the partition */ - nvmem_compute_sha(&cache.base_ptr[NVMEM_SHA_SIZE], - NVMEM_PARTITION_SIZE - - NVMEM_SHA_SIZE, - p_part->tag.sha, - NVMEM_SHA_SIZE); + nvmem_compute_sha(&p_part->tag, p_part->tag.sha); + /* Partition is now ready, write it to flash. */ ret = nvmem_commit(); if (ret != EC_SUCCESS) |