vendorcode/eltan/security: Use custom hash for little endian only
Only use the custom hash routine when we need little endian. Rename the function as well as it is little endian only now. BUG=N/A TEST=tested on fbg1701 board. Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36482 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
This commit is contained in:
parent
adf344013d
commit
944fdc4771
|
@ -20,14 +20,7 @@
|
|||
#include <vb21_common.h>
|
||||
#include <vb2_api.h>
|
||||
|
||||
/* Supported Algorithm types for hash */
|
||||
enum endian_algorithm {
|
||||
NO_ENDIAN_ALGORITHM = 0,
|
||||
BIG_ENDIAN_ALGORITHM = 1,
|
||||
LITTLE_ENDIAN_ALGORITHM = 2,
|
||||
};
|
||||
|
||||
int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
|
||||
uint8_t *digest, enum endian_algorithm endian);
|
||||
vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
|
||||
uint32_t len, uint8_t *digest);
|
||||
|
||||
#endif
|
|
@ -15,42 +15,24 @@
|
|||
|
||||
#include <cb_sha.h>
|
||||
|
||||
int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
|
||||
uint8_t *digest, enum endian_algorithm endian)
|
||||
vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
|
||||
uint32_t len, uint8_t *digest)
|
||||
{
|
||||
int i;
|
||||
int rv;
|
||||
uint32_t digest_size;
|
||||
uint8_t *result_ptr;
|
||||
uint32_t digest_size = vb2_digest_size(hash_alg);
|
||||
uint8_t result[VB2_MAX_DIGEST_SIZE];
|
||||
|
||||
switch (hash_alg) {
|
||||
case VB2_HASH_SHA1:
|
||||
digest_size = VB2_SHA1_DIGEST_SIZE;
|
||||
break;
|
||||
case VB2_HASH_SHA256:
|
||||
digest_size = VB2_SHA256_DIGEST_SIZE;
|
||||
break;
|
||||
case VB2_HASH_SHA512:
|
||||
digest_size = VB2_SHA512_DIGEST_SIZE;
|
||||
break;
|
||||
default:
|
||||
if (!digest_size)
|
||||
return VB2_ERROR_SHA_INIT_ALGORITHM;
|
||||
}
|
||||
|
||||
result_ptr = result;
|
||||
rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size);
|
||||
if (rv || (endian == NO_ENDIAN_ALGORITHM))
|
||||
rv = vb2_digest_buffer(data, len, hash_alg, (uint8_t *)&result, digest_size);
|
||||
if (rv)
|
||||
return rv;
|
||||
|
||||
for (i = 0; i < digest_size; ++i) {
|
||||
if (endian == BIG_ENDIAN_ALGORITHM) {
|
||||
/* use big endian */
|
||||
digest[i] = *result_ptr++;
|
||||
} else {
|
||||
/* use little endian */
|
||||
digest[digest_size - i - 1] = *result_ptr++;
|
||||
}
|
||||
/* use little endian */
|
||||
digest[digest_size - i - 1] = result[i];
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -159,11 +159,8 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr,
|
|||
memcpy(digest->digest.sha1, (void *)hashData,
|
||||
VB2_SHA1_DIGEST_SIZE);
|
||||
} else {
|
||||
status = cb_sha_endian(VB2_HASH_SHA1, hashData,
|
||||
hashDataLen,
|
||||
digest->digest.sha1,
|
||||
NO_ENDIAN_ALGORITHM);
|
||||
if ( status )
|
||||
if (cb_sha_little_endian(VB2_HASH_SHA1, hashData,
|
||||
hashDataLen, digest->digest.sha1))
|
||||
return TPM_E_IOERROR;
|
||||
}
|
||||
|
||||
|
@ -186,11 +183,9 @@ int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr,
|
|||
memcpy(digest->digest.sha256,
|
||||
(void *)hashData, hashDataLen);
|
||||
} else {
|
||||
status = cb_sha_endian(VB2_HASH_SHA256, hashData,
|
||||
hashDataLen,
|
||||
digest->digest.sha256,
|
||||
LITTLE_ENDIAN_ALGORITHM);
|
||||
if (status)
|
||||
|
||||
if (cb_sha_little_endian(VB2_HASH_SHA256, hashData,
|
||||
hashDataLen, digest->digest.sha256))
|
||||
return TPM_E_IOERROR;
|
||||
}
|
||||
digest->hashAlg = TPM_ALG_SHA256;
|
||||
|
|
|
@ -74,7 +74,8 @@ int verified_boot_check_manifest(void)
|
|||
vb2_sig_hdr->sig_size = vb2_rsa_sig_size(VB2_SIG_RSA2048);
|
||||
vb2_sig_hdr->hash_alg = HASH_ALG;
|
||||
vb2_sig_hdr->data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE;
|
||||
memcpy(&sig_buffer[sizeof(struct vb21_signature)], (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size);
|
||||
memcpy(&sig_buffer[sizeof(struct vb21_signature)],
|
||||
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size);
|
||||
|
||||
if (vb21_verify_data(&sig_buffer[sizeof(struct vb21_signature)], vb2_sig_hdr->data_size,
|
||||
(struct vb21_signature *)&sig_buffer, &key, &wb)) {
|
||||
|
@ -185,7 +186,7 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
|
|||
else
|
||||
hash_algorithm = VB2_HASH_SHA256;
|
||||
|
||||
status = cb_sha_endian(hash_algorithm, (const uint8_t *)start, size, digest);
|
||||
status = cb_sha_little_endian(hash_algorithm, (const uint8_t *)start, size, digest);
|
||||
if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)(
|
||||
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC +
|
||||
sizeof(digest) * hash_index), digest, sizeof(digest))) || status) {
|
||||
|
@ -203,7 +204,8 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
|
|||
printk(BIOS_DEBUG, "%s: measuring %s\n", __func__, name);
|
||||
if (measure_item(pcr, digest, sizeof(digest),
|
||||
(int8_t *)name, 0))
|
||||
printk(BIOS_DEBUG, "%s: measuring failed!\n", __func__);
|
||||
printk(BIOS_DEBUG, "%s: measuring failed!\n",
|
||||
__func__);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue