GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vendorcode/eltan/security: Use custom hash for little endian only 

Only use the custom hash routine when we need little endian.

Rename the function as well as it is little endian only now.

BUG=N/A
TEST=tested on fbg1701 board.

Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
This commit is contained in:
Wim Vervoorn 2019-10-30 16:46:41 +01:00 committed by Patrick Georgi
parent adf344013d
commit 944fdc4771
4 changed files with 21 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/vendorcode/eltan/security/include/cb_sha.h
View File

@ -20,14 +20,7 @@
#include <vb21_common.h> #include <vb21_common.h>
#include <vb2_api.h> #include <vb2_api.h>
/* Supported Algorithm types for hash */ vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
enum endian_algorithm { uint32_t len, uint8_t *digest);
NO_ENDIAN_ALGORITHM = 0,
BIG_ENDIAN_ALGORITHM = 1,
LITTLE_ENDIAN_ALGORITHM = 2,
};
int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len, #endif
uint8_t *digest, enum endian_algorithm endian);
#endif

34
src/vendorcode/eltan/security/lib/cb_sha.c
View File

@ -15,42 +15,24 @@
#include <cb_sha.h> #include <cb_sha.h>
int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len, vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
uint8_t *digest, enum endian_algorithm endian) uint32_t len, uint8_t *digest)
{ {
int i; int i;
int rv; int rv;
uint32_t digest_size; uint32_t digest_size = vb2_digest_size(hash_alg);
uint8_t *result_ptr;
uint8_t result[VB2_MAX_DIGEST_SIZE]; uint8_t result[VB2_MAX_DIGEST_SIZE];
switch (hash_alg) { if (!digest_size)
case VB2_HASH_SHA1:
digest_size = VB2_SHA1_DIGEST_SIZE;
break;
case VB2_HASH_SHA256:
digest_size = VB2_SHA256_DIGEST_SIZE;
break;
case VB2_HASH_SHA512:
digest_size = VB2_SHA512_DIGEST_SIZE;
break;
default:
return VB2_ERROR_SHA_INIT_ALGORITHM; return VB2_ERROR_SHA_INIT_ALGORITHM;
}
result_ptr = result; rv = vb2_digest_buffer(data, len, hash_alg, (uint8_t *)&result, digest_size);
rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size); if (rv)
if (rv || (endian == NO_ENDIAN_ALGORITHM))
return rv; return rv;
for (i = 0; i < digest_size; ++i) { for (i = 0; i < digest_size; ++i) {
if (endian == BIG_ENDIAN_ALGORITHM) { /* use little endian */
/* use big endian */ digest[digest_size - i - 1] = result[i];
digest[i] = *result_ptr++;
} else {
/* use little endian */
digest[digest_size - i - 1] = *result_ptr++;
}
} }
return rv; return rv;
} }

15
src/vendorcode/eltan/security/mboot/mboot.c
View File

@ -159,11 +159,8 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr,
memcpy(digest->digest.sha1, (void *)hashData, memcpy(digest->digest.sha1, (void *)hashData,
VB2_SHA1_DIGEST_SIZE); VB2_SHA1_DIGEST_SIZE);
} else { } else {
status = cb_sha_endian(VB2_HASH_SHA1, hashData, if (cb_sha_little_endian(VB2_HASH_SHA1, hashData,
hashDataLen, hashDataLen, digest->digest.sha1))
digest->digest.sha1,
NO_ENDIAN_ALGORITHM);
if ( status )
return TPM_E_IOERROR; return TPM_E_IOERROR;
} }
@ -186,11 +183,9 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr,
memcpy(digest->digest.sha256, memcpy(digest->digest.sha256,
(void *)hashData, hashDataLen); (void *)hashData, hashDataLen);
} else { } else {
status = cb_sha_endian(VB2_HASH_SHA256, hashData,
hashDataLen, if (cb_sha_little_endian(VB2_HASH_SHA256, hashData,
digest->digest.sha256, hashDataLen, digest->digest.sha256))
LITTLE_ENDIAN_ALGORITHM);
if (status)
return TPM_E_IOERROR; return TPM_E_IOERROR;
} }
digest->hashAlg = TPM_ALG_SHA256; digest->hashAlg = TPM_ALG_SHA256;

8
src/vendorcode/eltan/security/verified_boot/vboot_check.c
View File

@ -74,7 +74,8 @@ int verified_boot_check_manifest(void)
vb2_sig_hdr->sig_size = vb2_rsa_sig_size(VB2_SIG_RSA2048); vb2_sig_hdr->sig_size = vb2_rsa_sig_size(VB2_SIG_RSA2048);
vb2_sig_hdr->hash_alg = HASH_ALG; vb2_sig_hdr->hash_alg = HASH_ALG;
vb2_sig_hdr->data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE; vb2_sig_hdr->data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE;
memcpy(&sig_buffer[sizeof(struct vb21_signature)], (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size); memcpy(&sig_buffer[sizeof(struct vb21_signature)],
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size);
if (vb21_verify_data(&sig_buffer[sizeof(struct vb21_signature)], vb2_sig_hdr->data_size, if (vb21_verify_data(&sig_buffer[sizeof(struct vb21_signature)], vb2_sig_hdr->data_size,
(struct vb21_signature *)&sig_buffer, &key, &wb)) { (struct vb21_signature *)&sig_buffer, &key, &wb)) {
@ -185,7 +186,7 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
else else
hash_algorithm = VB2_HASH_SHA256; hash_algorithm = VB2_HASH_SHA256;
status = cb_sha_endian(hash_algorithm, (const uint8_t *)start, size, digest); status = cb_sha_little_endian(hash_algorithm, (const uint8_t *)start, size, digest);
if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)( if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)(
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC + (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC +
sizeof(digest) * hash_index), digest, sizeof(digest))) || status) { sizeof(digest) * hash_index), digest, sizeof(digest))) || status) {
@ -203,7 +204,8 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
printk(BIOS_DEBUG, "%s: measuring %s\n", __func__, name); printk(BIOS_DEBUG, "%s: measuring %s\n", __func__, name);
if (measure_item(pcr, digest, sizeof(digest), if (measure_item(pcr, digest, sizeof(digest),
(int8_t *)name, 0)) (int8_t *)name, 0))
printk(BIOS_DEBUG, "%s: measuring failed!\n", __func__); printk(BIOS_DEBUG, "%s: measuring failed!\n",
__func__);
} }
} }
#endif #endif