diff --git a/src/vendorcode/eltan/security/include/cb_sha.h b/src/vendorcode/eltan/security/include/cb_sha.h new file mode 100644 index 0000000000..4d087f40c9 --- /dev/null +++ b/src/vendorcode/eltan/security/include/cb_sha.h @@ -0,0 +1,33 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2018-2019, Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __SECURITY_CB_SHA_H__ +#define __SECURITY_CB_SHA_H__ + +#include <2rsa.h> +#include +#include + +/* Supported Algorithm types for hash */ +enum endian_algorithm { + NO_ENDIAN_ALGORITHM = 0, + BIG_ENDIAN_ALGORITHM = 1, + LITTLE_ENDIAN_ALGORITHM = 2, +}; + +int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len, + uint8_t *digest, enum endian_algorithm endian); + +#endif \ No newline at end of file diff --git a/src/vendorcode/eltan/security/lib/Makefile.inc b/src/vendorcode/eltan/security/lib/Makefile.inc new file mode 100644 index 0000000000..5ef1bca65f --- /dev/null +++ b/src/vendorcode/eltan/security/lib/Makefile.inc @@ -0,0 +1,59 @@ +# +# This file is part of the coreboot project. +# +# Copyright (C) 2018-2019 Eltan B.V. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# + +# call with $1 = stage name to create rules for building the library +# for the stage and adding it to the stage's set of object files. +define vendor-security-lib +VEN_SEC_LIB_$(1) = $(obj)/external/ven_sec_lib-$(1)/vboot_fw21.a +VEN_SEC_CFLAGS_$(1) += $$(patsubst -I%,-I$(top)/%,\ + $$(patsubst $(src)/%.h,$(top)/$(src)/%.h,\ + $$(filter-out -I$(obj), $$(CPPFLAGS_$(1))))) +VEN_SEC_CFLAGS_$(1) += $$(CFLAGS_$(1)) +VEN_SEC_CFLAGS_$(1) += $$($(1)-c-ccopts) +VEN_SEC_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes + +$$(VEN_SEC_LIB_$(1)): $(obj)/config.h + printf " MAKE $(subst $(obj)/,,$(@))\n" + +FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \ + CC="$$(CC_$(1))" \ + CFLAGS="$$(VEN_SEC_CFLAGS_$(1))" VBOOT2="y" \ + $(MAKE) -C $(VBOOT_SOURCE) \ + BUILD=$$(abspath $$(dir $$(VEN_SEC_LIB_$(1)))) \ + V=$(V) \ + fwlib21 +endef # vendor-security-for-stage + +CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include +CFLAGS_common += -I3rdparty/vboot/firmware/lib21/include + +ifneq ($(filter y,$(CONFIG_VENDORCODE_ELTAN_VBOOT) $(CONFIG_VENDORCODE_ELTAN_MBOOT)),) + +bootblock-$(CONFIG_C_ENVIRONMENT_BOOTBLOCK) += cb_sha.c +$(eval $(call vendor-security-lib,bootblock)) +bootblock-srcs += $(obj)/external/ven_sec_lib-bootblock/vboot_fw21.a + +postcar-y += cb_sha.c +$(eval $(call vendor-security-lib,postcar)) +postcar-srcs += $(obj)/external/ven_sec_lib-postcar/vboot_fw21.a + +ramstage-y += cb_sha.c +$(eval $(call vendor-security-lib,ramstage)) +ramstage-srcs += $(obj)/external/ven_sec_lib-ramstage/vboot_fw21.a + +romstage-y += cb_sha.c +$(eval $(call vendor-security-lib,romstage)) +romstage-srcs += $(obj)/external/ven_sec_lib-romstage/vboot_fw21.a + +endif \ No newline at end of file diff --git a/src/vendorcode/eltan/security/lib/cb_sha.c b/src/vendorcode/eltan/security/lib/cb_sha.c new file mode 100644 index 0000000000..47cd10a47c --- /dev/null +++ b/src/vendorcode/eltan/security/lib/cb_sha.c @@ -0,0 +1,56 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2019 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include + +int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len, + uint8_t *digest, enum endian_algorithm endian) +{ + int i; + int rv; + uint32_t digest_size; + uint8_t *result_ptr; + uint8_t result[VB2_MAX_DIGEST_SIZE]; + + switch (hash_alg) { + case VB2_HASH_SHA1: + digest_size = VB2_SHA1_DIGEST_SIZE; + break; + case VB2_HASH_SHA256: + digest_size = VB2_SHA256_DIGEST_SIZE; + break; + case VB2_HASH_SHA512: + digest_size = VB2_SHA512_DIGEST_SIZE; + break; + default: + return VB2_ERROR_SHA_INIT_ALGORITHM; + } + + result_ptr = result; + rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size); + if (rv || (endian == NO_ENDIAN_ALGORITHM)) + return rv; + + for (i = 0; i < digest_size; ++i) { + if (endian == BIG_ENDIAN_ALGORITHM) { + /* use big endian */ + digest[i] = *result_ptr++; + } else { + /* use little endian */ + digest[digest_size - i - 1] = *result_ptr++; + } + } + return rv; +}