diff options
-rw-r--r-- | firmware/2lib/2sha_utility.c | 30 | ||||
-rw-r--r-- | firmware/2lib/include/2sha.h | 22 | ||||
-rw-r--r-- | firmware/include/vb2_api.h | 9 | ||||
-rw-r--r-- | tests/vb2_sha_tests.c | 78 |
4 files changed, 83 insertions, 56 deletions
diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 6f76b4e7..b75f0e58 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -7,7 +7,6 @@ #include "2sysincludes.h" #include "2common.h" -#include "2rsa.h" #include "2sha.h" #if VB2_SUPPORT_SHA1 @@ -43,15 +42,6 @@ static const uint8_t crypto_to_hash[] = { CTH_SHA512, }; -/** - * Convert vb2_crypto_algorithm to vb2_hash_algorithm. - * - * @param algorithm Crypto algorithm (vb2_crypto_algorithm) - * - * @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if - * the crypto algorithm or its corresponding hash algorithm is invalid or not - * supported. - */ enum vb2_hash_algorithm vb2_crypto_to_hash(uint32_t algorithm) { if (algorithm < ARRAY_SIZE(crypto_to_hash)) @@ -159,3 +149,23 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, return VB2_ERROR_SHA_FINALIZE_ALGORITHM; } } + +int vb2_digest_buffer(const uint8_t *buf, + uint32_t size, + enum vb2_hash_algorithm hash_alg, + uint8_t *digest, + uint32_t digest_size) +{ + struct vb2_digest_context dc; + int rv; + + rv = vb2_digest_init(&dc, hash_alg); + if (rv) + return rv; + + rv = vb2_digest_extend(&dc, buf, size); + if (rv) + return rv; + + return vb2_digest_finalize(&dc, digest, digest_size); +} diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h index 221d1856..24590244 100644 --- a/firmware/2lib/include/2sha.h +++ b/firmware/2lib/include/2sha.h @@ -1,13 +1,17 @@ /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. + * + * These APIs may be called by external firmware as well as vboot. External + * firmware must NOT include this header file directly; instead, define + * NEED_VB2_SHA_LIBRARY and include vb2api.h. This is permissible because the + * SHA library routines below don't interact with the rest of vboot. */ #ifndef VBOOT_REFERENCE_2SHA_H_ #define VBOOT_REFERENCE_2SHA_H_ #include "2crypto.h" -#include "2struct.h" /* Hash algorithms may be disabled individually to save code space */ @@ -174,4 +178,20 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, uint8_t *digest, uint32_t digest_size); +/** + * Calculate the digest of a buffer and store the result. + * + * @param buf Data to hash + * @param size Length of data in bytes + * @param hash_alg Hash algorithm + * @param digest Destination for digest + * @param digest_size Length of digest buffer in bytes. + * @return VB2_SUCCESS, or non-zero on error. + */ +int vb2_digest_buffer(const uint8_t *buf, + uint32_t size, + enum vb2_hash_algorithm hash_alg, + uint8_t *digest, + uint32_t digest_size); + #endif /* VBOOT_REFERENCE_2SHA_H_ */ diff --git a/firmware/include/vb2_api.h b/firmware/include/vb2_api.h index d8746d01..2f63cc16 100644 --- a/firmware/include/vb2_api.h +++ b/firmware/include/vb2_api.h @@ -6,6 +6,10 @@ /* APIs between calling firmware and vboot_reference * * DO NOT INCLUDE THE HEADERS BELOW DIRECTLY! ONLY INCLUDE THIS FILE! + * + * Using vb2api.h as the single point of contact between calling firmware and + * vboot allows subsequent refactoring of vboot (renaming of headers, etc.) + * without churning other projects' source code. */ #ifndef VBOOT_VB2_API_H_ @@ -14,6 +18,11 @@ /* Standard APIs */ #include "../2lib/include/2api.h" +/* SHA library */ +#ifdef NEED_VB2_SHA_LIBRARY +#include "../2lib/include/2sha.h" +#endif + /* * Coreboot should not need access to vboot2 internals. But right now it does. * At least this forces it to do so through a relatively narrow hole so vboot2 diff --git a/tests/vb2_sha_tests.c b/tests/vb2_sha_tests.c index 501f90ee..0919ff9c 100644 --- a/tests/vb2_sha_tests.c +++ b/tests/vb2_sha_tests.c @@ -13,26 +13,6 @@ #include "sha_test_vectors.h" #include "test_common.h" -static int vb2_digest(const uint8_t *buf, - uint32_t size, - enum vb2_hash_algorithm hash_alg, - uint8_t *digest, - uint32_t digest_size) -{ - struct vb2_digest_context dc; - int rv; - - rv = vb2_digest_init(&dc, hash_alg); - if (rv) - return rv; - - rv = vb2_digest_extend(&dc, buf, size); - if (rv) - return rv; - - return vb2_digest_finalize(&dc, digest, digest_size); -} - void sha1_tests(void) { uint8_t digest[VB2_SHA1_DIGEST_SIZE]; @@ -44,17 +24,20 @@ void sha1_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_SUCC(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_HASH_SHA1, digest, sizeof(digest)), - "vb2_digest() SHA1"); + TEST_SUCC(vb2_digest_buffer(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_HASH_SHA1, + digest, sizeof(digest)), + "vb2_digest_buffer() SHA1"); TEST_EQ(memcmp(digest, sha1_results[i], sizeof(digest)), 0, "SHA1 digest"); } - TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_HASH_SHA1, digest, sizeof(digest) - 1), - VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); + TEST_EQ(vb2_digest_buffer(test_inputs[0], + strlen((char *)test_inputs[0]), + VB2_HASH_SHA1, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, + "vb2_digest_buffer() too small"); } void sha256_tests(void) @@ -68,17 +51,20 @@ void sha256_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_SUCC(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_HASH_SHA256, digest, sizeof(digest)), - "vb2_digest() SHA256"); + TEST_SUCC(vb2_digest_buffer(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_HASH_SHA256, + digest, sizeof(digest)), + "vb2_digest_buffer() SHA256"); TEST_EQ(memcmp(digest, sha256_results[i], sizeof(digest)), 0, "SHA-256 digest"); } - TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_HASH_SHA256, digest, sizeof(digest) - 1), - VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); + TEST_EQ(vb2_digest_buffer(test_inputs[0], + strlen((char *)test_inputs[0]), + VB2_HASH_SHA256, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, + "vb2_digest_buffer() too small"); } void sha512_tests(void) @@ -92,18 +78,20 @@ void sha512_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_SUCC(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_HASH_SHA512, digest, - sizeof(digest)), - "vb2_digest() SHA512"); + TEST_SUCC(vb2_digest_buffer(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_HASH_SHA512, + digest, sizeof(digest)), + "vb2_digest_buffer() SHA512"); TEST_EQ(memcmp(digest, sha512_results[i], sizeof(digest)), 0, "SHA-512 digest"); } - TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_HASH_SHA512, digest, sizeof(digest) - 1), - VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); + TEST_EQ(vb2_digest_buffer(test_inputs[0], + strlen((char *)test_inputs[0]), + VB2_HASH_SHA512, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, + "vb2_digest_buffer() too small"); } void misc_tests(void) @@ -126,10 +114,10 @@ void misc_tests(void) TEST_EQ(vb2_digest_size(VB2_HASH_INVALID), 0, "digest size invalid alg"); - TEST_EQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg), - VB2_HASH_INVALID, digest, sizeof(digest)), + TEST_EQ(vb2_digest_buffer((uint8_t *)oneblock_msg, strlen(oneblock_msg), + VB2_HASH_INVALID, digest, sizeof(digest)), VB2_ERROR_SHA_INIT_ALGORITHM, - "vb2_digest() invalid alg"); + "vb2_digest_buffer() invalid alg"); /* Test bad algorithm inside extend and finalize */ vb2_digest_init(&dc, VB2_HASH_SHA256); |