vboot: add support for HW accel in kernel verification

Add support for using HW hashing acceleration in kernel verification.

BUG=b:162551138
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests

Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: Ia03ff7f49bd18393c0daeab72348414fa059e0cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639456
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

5 files changed, 117 insertions, 21 deletions

diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index a88bc2e0..8267f8ce 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -190,9 +190,9 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size,
 			    const struct vb2_workbuf *wb)
 {
 	struct vb2_workbuf wblocal = *wb;
-	struct vb2_digest_context *dc;
 	uint8_t *digest;
 	uint32_t digest_size;
+	vb2_error_t rv;
 
 	if (sig->data_size > size) {
 		VB2_DEBUG("Data buffer smaller than length of signed data.\n");
@@ -208,16 +208,26 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size,
 	if (!digest)
 		return VB2_ERROR_VDATA_WORKBUF_DIGEST;
 
-	/* Hashing requires temp space for the context */
-	dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc));
-	if (!dc)
-		return VB2_ERROR_VDATA_WORKBUF_HASHING;
-
-	VB2_TRY(vb2_digest_init(dc, key->hash_alg));
-	VB2_TRY(vb2_digest_extend(dc, data, sig->data_size));
-	VB2_TRY(vb2_digest_finalize(dc, digest, digest_size));
-
-	vb2_workbuf_free(&wblocal, sizeof(*dc));
+	if (key->allow_hwcrypto) {
+		rv = vb2ex_hwcrypto_digest_init(key->hash_alg, sig->data_size);
+		if (rv == VB2_SUCCESS) {
+			VB2_DEBUG("Using HW crypto engine for hash_alg %d\n", key->hash_alg);
+			VB2_TRY(vb2ex_hwcrypto_digest_extend(data, sig->data_size));
+			VB2_TRY(vb2ex_hwcrypto_digest_finalize(digest, digest_size));
+		} else if (rv == VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED) {
+			VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
+				  key->hash_alg);
+			VB2_TRY(vb2_digest_buffer(data, sig->data_size, key->hash_alg,
+						  digest, digest_size));
+		} else {
+			VB2_DEBUG("HW crypto init error : %d\n", rv);
+			return rv;
+		}
+	} else {
+		VB2_DEBUG("HW crypto forbidden by TPM flag, using SW\n");
+		VB2_TRY(vb2_digest_buffer(data, sig->data_size, key->hash_alg,
+					  digest, digest_size));
+	}
 
 	return vb2_verify_digest(key, sig, digest, &wblocal);
 }
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 495b360d..470f19e5 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -137,6 +137,9 @@ static vb2_error_t vb2_verify_kernel_vblock(
 		return VB2_ERROR_VBLOCK_KERNEL_SUBKEY;
 	}
 
+	if (vb2_hwcrypto_allowed(ctx))
+		kernel_subkey2.allow_hwcrypto = 1;
+
 	/* Verify the keyblock. */
 	int keyblock_valid = 1;  /* Assume valid */
 	struct vb2_keyblock *keyblock = get_keyblock(kbuf);
@@ -412,6 +415,9 @@ static vb2_error_t vb2_load_partition(
 		return VB2_ERROR_LOAD_PARTITION_DATA_KEY;
 	}
 
+	if (vb2_hwcrypto_allowed(ctx))
+		data_key.allow_hwcrypto = 1;
+
 	/* Verify kernel data */
 	if (VB2_SUCCESS != vb2_verify_data(kernbuf, kernbuf_size,
 					   &preamble->body_signature,
diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c
index b1666ab6..3f062892 100644
--- a/tests/vb2_common2_tests.c
+++ b/tests/vb2_common2_tests.c
@@ -20,25 +20,52 @@
 static const uint8_t test_data[] = "This is some test data to sign.";
 static const uint32_t test_size = sizeof(test_data);
 
-static enum {
+static enum hwcrypto_state {
 	HWCRYPTO_OK,
 	HWCRYPTO_NOTSUPPORTED,
 	HWCRYPTO_ERROR,
-} hwcrypto_state;
+	HWCRYPTO_ABORT,
+} hwcrypto_state_rsa, hwcrypto_state_digest;
 
-vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
-					     const uint8_t *sig, const uint8_t *digest)
+static vb2_error_t hwcrypto_mock(enum hwcrypto_state *state)
 {
-	switch (hwcrypto_state) {
+	switch (*state) {
 		case HWCRYPTO_OK:
 			return VB2_SUCCESS;
 		case HWCRYPTO_NOTSUPPORTED:
 			return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
 		case HWCRYPTO_ERROR:
-			return VB2_ERROR_RSA_VERIFY_DIGEST;
+			return VB2_ERROR_MOCK;
+		case HWCRYPTO_ABORT:
+			vb2ex_abort();
+			/* shouldn't reach here but added for compiler */
+			return VB2_ERROR_MOCK;
 	}
 }
 
+vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
+				       uint32_t data_size)
+{
+	return hwcrypto_mock(&hwcrypto_state_digest);
+}
+
+vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
+{
+	return hwcrypto_mock(&hwcrypto_state_digest);
+}
+
+vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
+					   uint32_t digest_size)
+{
+	return hwcrypto_mock(&hwcrypto_state_digest);
+}
+
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig, const uint8_t *digest)
+{
+	return hwcrypto_mock(&hwcrypto_state_rsa);
+}
+
 
 static void test_unpack_key(const struct vb2_packed_key *key1)
 {
@@ -109,6 +136,9 @@ static void test_verify_data(const struct vb2_packed_key *key1,
 	uint32_t sig_total_size = sig->sig_offset + sig->sig_size;
 	struct vb2_signature *sig2;
 
+	hwcrypto_state_rsa = HWCRYPTO_ABORT;
+	hwcrypto_state_digest = HWCRYPTO_ABORT;
+
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
 	/* Allocate signature copy for tests */
@@ -155,18 +185,57 @@ static void test_verify_data(const struct vb2_packed_key *key1,
 
 	pubk.allow_hwcrypto = 1;
 
-	hwcrypto_state = HWCRYPTO_OK;
+	hwcrypto_state_digest = HWCRYPTO_OK;
+	hwcrypto_state_rsa = HWCRYPTO_OK;
+	memcpy(sig2, sig, sig_total_size);
+	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
+	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto ok");
+
+	hwcrypto_state_rsa = HWCRYPTO_ERROR;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback ok");
+
+	memcpy(sig2, sig, sig_total_size);
+	sig2->sig_size -= 16;
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback error");
+
+	hwcrypto_state_digest = HWCRYPTO_ERROR;
+	hwcrypto_state_rsa = HWCRYPTO_OK;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state_rsa = HWCRYPTO_ERROR;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback error");
+
+	hwcrypto_state_digest = HWCRYPTO_NOTSUPPORTED;
+	hwcrypto_state_rsa = HWCRYPTO_OK;
 	memcpy(sig2, sig, sig_total_size);
 	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		0, "vb2_verify_data() hwcrypto ok");
 
-	hwcrypto_state = HWCRYPTO_ERROR;
+	hwcrypto_state_rsa = HWCRYPTO_ERROR;
 	memcpy(sig2, sig, sig_total_size);
 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		0, "vb2_verify_data() hwcrypto error");
 
-	hwcrypto_state = HWCRYPTO_NOTSUPPORTED;
+	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
 	memcpy(sig2, sig, sig_total_size);
 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		0, "vb2_verify_data() hwcrypto fallback ok");
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 87056ad2..e86837bc 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -175,7 +175,12 @@ static void ResetMocks(void)
 	fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp;
 	memcpy(&fwmp->dev_key_hash, mock_digest, sizeof(fwmp->dev_key_hash));
 
-	// TODO: more workbuf fields - flags, secdata_firmware, secdata_kernel
+	// TODO: more workbuf fields - flags, secdata_firmware
+
+	vb2api_secdata_kernel_create(ctx);
+	vb2_secdata_kernel_init(ctx);
+	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+			VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
 }
 
 /* Mocks */
diff --git a/tests/verify_kernel.c b/tests/verify_kernel.c
index 9aaad723..fe68a1b4 100644
--- a/tests/verify_kernel.c
+++ b/tests/verify_kernel.c
@@ -10,6 +10,7 @@
 #include "2common.h"
 #include "2misc.h"
 #include "2nvstorage.h"
+#include "2secdata.h"
 #include "host_common.h"
 #include "util_misc.h"
 #include "vboot_api.h"
@@ -124,6 +125,11 @@ int main(int argc, char *argv[])
 	 * dev mode.  So just use defaults for nv storage.
 	 */
 	vb2_nv_init(ctx);
+	/* We need to init kernel secdata for
+	 * VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED.
+	 */
+	vb2api_secdata_kernel_create(ctx);
+	vb2_secdata_kernel_init(ctx);
 
 	/* Try loading kernel */
 	rv = LoadKernel(ctx, &params);