[coreboot-gerrit] Change in coreboot[master]: vendorcode/eltan/security: use custom hash for little endian only

30 Oct 2019

Wim Vervoorn has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/36482 )
Change subject: vendorcode/eltan/security: use custom hash for little endian only
......................................................................
vendorcode/eltan/security: use custom hash for little endian only
Only use the custom hash routine when we need little endian.
Rename the function as well as it is little endian only now.
BUG=N/A
TEST=tested on fbg1701 board.
Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12
Signed-off-by: Wim Vervoorn wvervoorn@eltan.com
---
M src/vendorcode/eltan/security/include/cb_sha.h
M src/vendorcode/eltan/security/lib/cb_sha.c
M src/vendorcode/eltan/security/mboot/mboot.c
M src/vendorcode/eltan/security/verified_boot/vboot_check.c
4 files changed, 17 insertions(+), 47 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/36482/1

diff --git a/src/vendorcode/eltan/security/include/cb_sha.h b/src/vendorcode/eltan/security/include/cb_sha.h
index 4d087f4..822be69 100644
--- a/src/vendorcode/eltan/security/include/cb_sha.h
+++ b/src/vendorcode/eltan/security/include/cb_sha.h
@@ -20,14 +20,7 @@
 #include <vb21_common.h>
 #include <vb2_api.h>
-/* Supported Algorithm types for hash */
-enum endian_algorithm {
-	NO_ENDIAN_ALGORITHM = 0,
-	BIG_ENDIAN_ALGORITHM = 1,
-	LITTLE_ENDIAN_ALGORITHM = 2,
-};
+vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
+			  uint8_t *digest);
-int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
-		  uint8_t *digest, enum endian_algorithm endian);
-
-#endif
\ No newline at end of file
+#endif
diff --git a/src/vendorcode/eltan/security/lib/cb_sha.c b/src/vendorcode/eltan/security/lib/cb_sha.c
index 47cd10a..def14bf 100644
--- a/src/vendorcode/eltan/security/lib/cb_sha.c
+++ b/src/vendorcode/eltan/security/lib/cb_sha.c
@@ -15,42 +15,24 @@
#include <cb_sha.h>
-int cb_sha_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
-		  uint8_t *digest, enum endian_algorithm endian)
+vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data, uint32_t len,
+			  uint8_t *digest)
 {
    int i;
    int rv;
-	uint32_t digest_size;
-	uint8_t *result_ptr;
+	uint32_t digest_size = vb2_digest_size(hash_alg);
    uint8_t result[VB2_MAX_DIGEST_SIZE];
-	switch (hash_alg) {
-	case VB2_HASH_SHA1:
-	        digest_size = VB2_SHA1_DIGEST_SIZE;
-		break;
-	case VB2_HASH_SHA256:
-	        digest_size = VB2_SHA256_DIGEST_SIZE;
-		break;
-	case VB2_HASH_SHA512:
-	        digest_size = VB2_SHA512_DIGEST_SIZE;
-		break;
-	default:
+	if ( !digest_size )
    	return VB2_ERROR_SHA_INIT_ALGORITHM;
-	}
-	result_ptr = result;
-	rv = vb2_digest_buffer(data, len, hash_alg, result_ptr, digest_size);
-	if (rv || (endian == NO_ENDIAN_ALGORITHM))
+	rv = vb2_digest_buffer(data, len, hash_alg, (uint8_t *)&result, digest_size);
+	if (rv)
    	return rv;
for (i = 0; i < digest_size; ++i) {
-		if (endian == BIG_ENDIAN_ALGORITHM) {
-			/* use big endian */
-			digest[i] = *result_ptr++;
-		} else {
-			/* use little endian */
-			digest[digest_size - i - 1] = *result_ptr++;
-		}
+		/* use little endian */
+		digest[digest_size - i - 1] = result[i];
    }
    return rv;
 }
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c
index 5774429..bae377a 100644
--- a/src/vendorcode/eltan/security/mboot/mboot.c
+++ b/src/vendorcode/eltan/security/mboot/mboot.c
@@ -159,11 +159,8 @@
    			memcpy(digest->digest.sha1, (void *)hashData,
    				VB2_SHA1_DIGEST_SIZE);
    		} else {
-				status = cb_sha_endian(VB2_HASH_SHA1, hashData,
-						       hashDataLen,
-						       digest->digest.sha1,
-						       NO_ENDIAN_ALGORITHM);
-				if ( status )
+				if (cb_sha_little_endian(VB2_HASH_SHA1, hashData,
+						       hashDataLen, digest->digest.sha1))
    				return TPM_E_IOERROR;
    		}
@@ -186,11 +183,9 @@
    			memcpy(digest->digest.sha256,
    				(void *)hashData, hashDataLen);
    		} else {
-				status = cb_sha_endian(VB2_HASH_SHA256, hashData,
-						       hashDataLen,
-						       digest->digest.sha256,
-						       LITTLE_ENDIAN_ALGORITHM);
-				if (status)
+
+				if (cb_sha_little_endian(VB2_HASH_SHA256, hashData,
+						       hashDataLen, digest->digest.sha256))
    				return TPM_E_IOERROR;
    		}
    		digest->hashAlg = TPM_ALG_SHA256;
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 07c6902..0171761 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -185,7 +185,7 @@
    	else
    		hash_algorithm = VB2_HASH_SHA256;
-		status = cb_sha_endian(hash_algorithm, (const uint8_t *)start, size, digest);
+		status = cb_sha_little_endian(hash_algorithm, (const uint8_t *)start, size, digest);
    	if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)(
    	    (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC +
    	    sizeof(digest) * hash_index), digest, sizeof(digest))) || status) {
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/36482
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12
Gerrit-Change-Number: 36482
Gerrit-PatchSet: 1
Gerrit-Owner: Wim Vervoorn
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: vendorcode/eltan/security: use custom hash for little endian only