firmware: 2sha: Integrate HW crypto directly into vb2_digest API

This patch moves the connection to the vb2ex_hwcrypto API further down
the stack, into the low-level vb2_digest and vb2_hash APIs. These
functions will now take an extra allow_hwcrypto argument that the caller
can use to deny or allow hwcrypto by policy. If allowed, the function
will try HW crypto first and fall back to the software implementation if
the selected algorithm is not supported. vb2_hwcrypto_allowed() is made
available to external callers as a vb2api function to make that decision
in most cases (for others, like userspace tools and testing, HW crypto
is generally not used anyway and they can just pass `false`).

Since vb2ex_hwcrypto_digest_init() takes a data_size argument for the
total amount of bytes expected, vb2_digest_init() will now also need to
take this extra argument. But since the total data size cannot always be
known in advance, callers are allowed to pass 0 to indicate that the
size is unknown. The software implementations work either way, and HW
crypto implementations will now need to check if data_size is 0 and
return HWCRYPTO_UNSUPPORTED if they cannot handle this case.

While we're touching everything anyway, let's take this opportunity to
retire the vb2_digest_buffer() API in favor of the newer and usually
more convenient vb2_hash_calculate(), so we can limit the amount of
separate APIs we have to support going forward.

BRANCH=none
BUG=b:240624460
TEST=runtests

Signed-off-by: Julius Werner <jwerner@chromium.org>
Cq-Depend: chromium:3854282
Change-Id: I34c3f54e31742619d422d1cd871bdb77ad0439b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3825558
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>

7 files changed, 36 insertions, 38 deletions

diff --git a/host/lib/file_keys.c b/host/lib/file_keys.c
index 7ae71802..4349dc9b 100644
--- a/host/lib/file_keys.c
+++ b/host/lib/file_keys.c
@@ -31,7 +31,7 @@ vb2_error_t DigestFile(char *input_file, enum vb2_hash_algorithm alg,
 		fprintf(stderr, "Couldn't open %s\n", input_file);
 		return VB2_ERROR_UNKNOWN;
 	}
-	vb2_digest_init(&ctx, alg);
+	vb2_digest_init(&ctx, false, alg, 0);
 	while ((len = read(input_fd, data, sizeof(data))) == sizeof(data))
 		vb2_digest_extend(&ctx, data, len);
 	if (len != -1)
diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c
index 5b71d29a..68e6991d 100644
--- a/host/lib/host_signature.c
+++ b/host/lib/host_signature.c
@@ -113,34 +113,33 @@ struct vb2_signature *vb2_external_signature(const uint8_t *data, uint32_t size,
 					     uint32_t key_algorithm,
 					     const char *external_signer)
 {
-	int vb2_alg = vb2_crypto_to_hash(key_algorithm);
-	uint8_t digest[VB2_MAX_DIGEST_SIZE];
-	int digest_size = vb2_digest_size(vb2_alg);
+	struct vb2_hash hash;
+
+	/* Calculate the digest */
+	if (VB2_SUCCESS != vb2_hash_calculate(false, data, size,
+					      vb2_crypto_to_hash(key_algorithm),
+					      &hash))
+		return NULL;
 
 	uint32_t digest_info_size = 0;
 	const uint8_t *digest_info = NULL;
-	if (VB2_SUCCESS != vb2_digest_info(vb2_alg,
+	if (VB2_SUCCESS != vb2_digest_info(hash.algo,
 					   &digest_info, &digest_info_size))
 		return NULL;
 
-
+	int digest_size = vb2_digest_size(hash.algo);
 	uint8_t *signature_digest;
 	uint64_t signature_digest_len = digest_size + digest_info_size;
 
 	int rv;
 
-	/* Calculate the digest */
-	if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
-					     digest, sizeof(digest)))
-		return NULL;
-
 	/* Prepend the digest info to the digest */
 	signature_digest = calloc(signature_digest_len, 1);
 	if (!signature_digest)
 		return NULL;
 
 	memcpy(signature_digest, digest_info, digest_info_size);
-	memcpy(signature_digest + digest_info_size, digest, digest_size);
+	memcpy(signature_digest + digest_info_size, hash.raw, digest_size);
 
 	/* Allocate output signature */
 	uint32_t sig_size =
diff --git a/host/lib/host_signature2.c b/host/lib/host_signature2.c
index b6cd6520..83b97984 100644
--- a/host/lib/host_signature2.c
+++ b/host/lib/host_signature2.c
@@ -65,17 +65,18 @@ vb2_error_t vb2_copy_signature(struct vb2_signature *dest,
 
 struct vb2_signature *vb2_sha512_signature(const uint8_t *data, uint32_t size)
 {
-	uint8_t digest[VB2_SHA512_DIGEST_SIZE];
-	if (VB2_SUCCESS != vb2_digest_buffer(data, size, VB2_HASH_SHA512,
-					     digest, sizeof(digest)))
+	struct vb2_hash hash;
+	if (VB2_SUCCESS != vb2_hash_calculate(false, data, size,
+					      VB2_HASH_SHA512, &hash))
 		return NULL;
 
 	struct vb2_signature *sig =
-		vb2_alloc_signature(VB2_SHA512_DIGEST_SIZE, size);
+		vb2_alloc_signature(sizeof(hash.sha512), size);
 	if (!sig)
 		return NULL;
 
-	memcpy(vb2_signature_data_mutable(sig), digest, VB2_SHA512_DIGEST_SIZE);
+	memcpy(vb2_signature_data_mutable(sig), hash.sha512,
+	       sizeof(hash.sha512));
 	return sig;
 }
 
@@ -83,7 +84,7 @@ struct vb2_signature *vb2_calculate_signature(
 		const uint8_t *data, uint32_t size,
 		const struct vb2_private_key *key)
 {
-	uint8_t digest[VB2_MAX_DIGEST_SIZE];
+	struct vb2_hash hash;
 	uint32_t digest_size = vb2_digest_size(key->hash_alg);
 
 	uint32_t digest_info_size = 0;
@@ -93,8 +94,8 @@ struct vb2_signature *vb2_calculate_signature(
 		return NULL;
 
 	/* Calculate the digest */
-	if (VB2_SUCCESS != vb2_digest_buffer(data, size, key->hash_alg,
-					     digest, digest_size))
+	if (VB2_SUCCESS != vb2_hash_calculate(false, data, size, key->hash_alg,
+					      &hash))
 		return NULL;
 
 	/* Prepend the digest info to the digest */
@@ -104,7 +105,7 @@ struct vb2_signature *vb2_calculate_signature(
 		return NULL;
 
 	memcpy(signature_digest, digest_info, digest_info_size);
-	memcpy(signature_digest + digest_info_size, digest, digest_size);
+	memcpy(signature_digest + digest_info_size, hash.raw, digest_size);
 
 	/* Allocate output signature */
 	struct vb2_signature *sig = (struct vb2_signature *)
diff --git a/host/lib/signature_digest.c b/host/lib/signature_digest.c
index f6be00a3..a0364702 100644
--- a/host/lib/signature_digest.c
+++ b/host/lib/signature_digest.c
@@ -38,8 +38,7 @@ uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len,
 {
 	uint8_t* info_digest  = NULL;
 
-	uint8_t digest[VB2_SHA512_DIGEST_SIZE];  /* Longest digest */
-	enum vb2_hash_algorithm hash_alg;
+	struct vb2_hash hash;
 
 	if (algorithm >= VB2_ALG_COUNT) {
 		fprintf(stderr,
@@ -47,11 +46,10 @@ uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len,
 		return NULL;
 	}
 
-	hash_alg = vb2_crypto_to_hash(algorithm);
-
-	if (VB2_SUCCESS == vb2_digest_buffer(buf, len, hash_alg,
-					     digest, sizeof(digest))) {
-		info_digest = PrependDigestInfo(hash_alg, digest);
+	if (VB2_SUCCESS == vb2_hash_calculate(false, buf, len,
+					      vb2_crypto_to_hash(algorithm),
+					      &hash)) {
+		info_digest = PrependDigestInfo(hash.algo, hash.raw);
 	}
 	return info_digest;
 }
diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c
index 26f7dac8..c92a2b0a 100644
--- a/host/lib/util_misc.c
+++ b/host/lib/util_misc.c
@@ -25,15 +25,15 @@ const char *packed_key_sha1_string(const struct vb2_packed_key *key)
 {
 	uint8_t *buf = ((uint8_t *)key) + key->key_offset;
 	uint32_t buflen = key->key_size;
-	uint8_t digest[VB2_SHA1_DIGEST_SIZE];
+	struct vb2_hash hash;
 	static char dest[VB2_SHA1_DIGEST_SIZE * 2 + 1];
 
-	vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest, sizeof(digest));
+	vb2_hash_calculate(false, buf, buflen, VB2_HASH_SHA1, &hash);
 
 	char *dnext = dest;
 	int i;
-	for (i = 0; i < sizeof(digest); i++)
-		dnext += sprintf(dnext, "%02x", digest[i]);
+	for (i = 0; i < sizeof(hash.sha1); i++)
+		dnext += sprintf(dnext, "%02x", hash.sha1[i]);
 
 	return dest;
 }
@@ -42,7 +42,7 @@ const char *private_key_sha1_string(const struct vb2_private_key *key)
 {
 	uint8_t *buf;
 	uint32_t buflen;
-	uint8_t digest[VB2_SHA1_DIGEST_SIZE];
+	struct vb2_hash hash;
 	static char dest[VB2_SHA1_DIGEST_SIZE * 2 + 1];
 
 	if (!key->rsa_private_key ||
@@ -50,12 +50,12 @@ const char *private_key_sha1_string(const struct vb2_private_key *key)
 		return "<error>";
 	}
 
-	vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest, sizeof(digest));
+	vb2_hash_calculate(false, buf, buflen, VB2_HASH_SHA1, &hash);
 
 	char *dnext = dest;
 	int i;
-	for (i = 0; i < sizeof(digest); i++)
-		dnext += sprintf(dnext, "%02x", digest[i]);
+	for (i = 0; i < sizeof(hash.sha1); i++)
+		dnext += sprintf(dnext, "%02x", hash.sha1[i]);
 
 	free(buf);
 	return dest;
diff --git a/host/lib21/host_common.c b/host/lib21/host_common.c
index 245b1885..d0268c23 100644
--- a/host/lib21/host_common.c
+++ b/host/lib21/host_common.c
@@ -285,7 +285,7 @@ vb2_error_t vb21_verify_data(const void *data, uint32_t size,
 	if (!dc)
 		return VB2_ERROR_VDATA_WORKBUF_HASHING;
 
-	rv = vb2_digest_init(dc, key->hash_alg);
+	rv = vb2_digest_init(dc, false, key->hash_alg, 0);
 	if (rv)
 		return rv;
 
diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c
index 77ee448a..cd49b3b2 100644
--- a/host/lib21/host_signature.c
+++ b/host/lib21/host_signature.c
@@ -125,7 +125,7 @@ vb2_error_t vb21_sign_data(struct vb21_signature **sig_ptr, const uint8_t *data,
 		memcpy(sig_digest, info, info_size);
 
 	/* Calculate hash digest */
-	if (vb2_digest_init(&dc, s.hash_alg)) {
+	if (vb2_digest_init(&dc, false, s.hash_alg, 0)) {
 		free(sig_digest);
 		return VB2_SIGN_DATA_DIGEST_INIT;
 	}