vendorcode/eltan/security: Use custom hash for little endian only

Only use the custom hash routine when we need little endian.

Rename the function as well as it is little endian only now.

BUG=N/A
TEST=tested on fbg1701 board.

Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
This commit is contained in:
Wim Vervoorn 2019-10-30 16:46:41 +01:00 committed by Patrick Georgi
parent adf344013d
commit 944fdc4771
4 changed files with 21 additions and 49 deletions

View File

@ -20,14 +20,7 @@
#include <vb21_common.h>
#include <vb2_api.h>
/* Supported Algorithm types for hash */
enum endian_algorithm {
NO_ENDIAN_ALGORITHM = 0,
BIG_ENDIAN_ALGORITHM = 1,
LITTLE_ENDIAN_ALGORITHM = 2,
};
int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
uint8_t *digest, enum endian_algorithm endian);
vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
uint32_t len, uint8_t *digest);
#endif

View File

@ -15,42 +15,24 @@
#include <cb_sha.h>
int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
uint8_t *digest, enum endian_algorithm endian)
vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
uint32_t len, uint8_t *digest)
{
int i;
int rv;
uint32_t digest_size;
uint8_t *result_ptr;
uint32_t digest_size = vb2_digest_size(hash_alg);
uint8_t result[VB2_MAX_DIGEST_SIZE];
switch (hash_alg) {
case VB2_HASH_SHA1:
digest_size = VB2_SHA1_DIGEST_SIZE;
break;
case VB2_HASH_SHA256:
digest_size = VB2_SHA256_DIGEST_SIZE;
break;
case VB2_HASH_SHA512:
digest_size = VB2_SHA512_DIGEST_SIZE;
break;
default:
if (!digest_size)
return VB2_ERROR_SHA_INIT_ALGORITHM;
}
result_ptr = result;
rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size);
if (rv || (endian == NO_ENDIAN_ALGORITHM))
rv = vb2_digest_buffer(data, len, hash_alg, (uint8_t *)&result, digest_size);
if (rv)
return rv;
for (i = 0; i < digest_size; ++i) {
if (endian == BIG_ENDIAN_ALGORITHM) {
/* use big endian */
digest[i] = *result_ptr++;
} else {
/* use little endian */
digest[digest_size - i - 1] = *result_ptr++;
}
/* use little endian */
digest[digest_size - i - 1] = result[i];
}
return rv;
}

View File

@ -159,11 +159,8 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr,
memcpy(digest->digest.sha1, (void *)hashData,
VB2_SHA1_DIGEST_SIZE);
} else {
status = cb_sha_endian(VB2_HASH_SHA1, hashData,
hashDataLen,
digest->digest.sha1,
NO_ENDIAN_ALGORITHM);
if ( status )
if (cb_sha_little_endian(VB2_HASH_SHA1, hashData,
hashDataLen, digest->digest.sha1))
return TPM_E_IOERROR;
}
@ -186,11 +183,9 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr,
memcpy(digest->digest.sha256,
(void *)hashData, hashDataLen);
} else {
status = cb_sha_endian(VB2_HASH_SHA256, hashData,
hashDataLen,
digest->digest.sha256,
LITTLE_ENDIAN_ALGORITHM);
if (status)
if (cb_sha_little_endian(VB2_HASH_SHA256, hashData,
hashDataLen, digest->digest.sha256))
return TPM_E_IOERROR;
}
digest->hashAlg = TPM_ALG_SHA256;

View File

@ -74,7 +74,8 @@ int verified_boot_check_manifest(void)
vb2_sig_hdr->sig_size = vb2_rsa_sig_size(VB2_SIG_RSA2048);
vb2_sig_hdr->hash_alg = HASH_ALG;
vb2_sig_hdr->data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE;
memcpy(&sig_buffer[sizeof(struct vb21_signature)], (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size);
memcpy(&sig_buffer[sizeof(struct vb21_signature)],
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size);
if (vb21_verify_data(&sig_buffer[sizeof(struct vb21_signature)], vb2_sig_hdr->data_size,
(struct vb21_signature *)&sig_buffer, &key, &wb)) {
@ -185,7 +186,7 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
else
hash_algorithm = VB2_HASH_SHA256;
status = cb_sha_endian(hash_algorithm, (const uint8_t *)start, size, digest);
status = cb_sha_little_endian(hash_algorithm, (const uint8_t *)start, size, digest);
if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)(
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC +
sizeof(digest) * hash_index), digest, sizeof(digest))) || status) {
@ -203,7 +204,8 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
printk(BIOS_DEBUG, "%s: measuring %s\n", __func__, name);
if (measure_item(pcr, digest, sizeof(digest),
(int8_t *)name, 0))
printk(BIOS_DEBUG, "%s: measuring failed!\n", __func__);
printk(BIOS_DEBUG, "%s: measuring failed!\n",
__func__);
}
}
#endif