From f81fce91bf885293f1447c1197bb0c4143d8fced Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Tue, 5 May 2015 16:06:50 -0700
Subject: Make SHA library accessible to calling firmware

And add a vb2_digest_buffer() call which produces the hash of a buffer
all in a single function call.  That function actually already
existed, but was in a unit test file rather than in the library
itself.  It's a small function, so adding it won't increase the size
of the library significantly - or at all, on platforms which compile
with -ffunction-sections.

This allows coreboot to reuse this SHA library for hashing CBFS
entries and file data.  All it has to do is #define
NEED_VB2_SHA_LIBRARY and then #include "vb2_api.h".

BUG=chromium:482652
BRANCH=none
TEST=make -j runtests

Change-Id: Ice2d0929324b58b2665f3989b5b887225f6ef61e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/269523
Reviewed-by: Julius Werner <jwerner@chromium.org>
---
 firmware/2lib/2sha_utility.c | 30 ++++++++++++++++++++----------
 firmware/2lib/include/2sha.h | 22 +++++++++++++++++++++-
 firmware/include/vb2_api.h   |  9 +++++++++
 3 files changed, 50 insertions(+), 11 deletions(-)

(limited to 'firmware')

diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c
index 6f76b4e7..b75f0e58 100644
--- a/firmware/2lib/2sha_utility.c
+++ b/firmware/2lib/2sha_utility.c
@@ -7,7 +7,6 @@
 
 #include "2sysincludes.h"
 #include "2common.h"
-#include "2rsa.h"
 #include "2sha.h"
 
 #if VB2_SUPPORT_SHA1
@@ -43,15 +42,6 @@ static const uint8_t crypto_to_hash[] = {
 	CTH_SHA512,
 };
 
-/**
- * Convert vb2_crypto_algorithm to vb2_hash_algorithm.
- *
- * @param algorithm	Crypto algorithm (vb2_crypto_algorithm)
- *
- * @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if
- * the crypto algorithm or its corresponding hash algorithm is invalid or not
- * supported.
- */
 enum vb2_hash_algorithm vb2_crypto_to_hash(uint32_t algorithm)
 {
 	if (algorithm < ARRAY_SIZE(crypto_to_hash))
@@ -159,3 +149,23 @@ int vb2_digest_finalize(struct vb2_digest_context *dc,
 		return VB2_ERROR_SHA_FINALIZE_ALGORITHM;
 	}
 }
+
+int vb2_digest_buffer(const uint8_t *buf,
+		      uint32_t size,
+		      enum vb2_hash_algorithm hash_alg,
+		      uint8_t *digest,
+		      uint32_t digest_size)
+{
+	struct vb2_digest_context dc;
+	int rv;
+
+	rv = vb2_digest_init(&dc, hash_alg);
+	if (rv)
+		return rv;
+
+	rv = vb2_digest_extend(&dc, buf, size);
+	if (rv)
+		return rv;
+
+	return vb2_digest_finalize(&dc, digest, digest_size);
+}
diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h
index 221d1856..24590244 100644
--- a/firmware/2lib/include/2sha.h
+++ b/firmware/2lib/include/2sha.h
@@ -1,13 +1,17 @@
 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
+ *
+ * These APIs may be called by external firmware as well as vboot.  External
+ * firmware must NOT include this header file directly; instead, define
+ * NEED_VB2_SHA_LIBRARY and include vb2api.h.  This is permissible because the
+ * SHA library routines below don't interact with the rest of vboot.
  */
 
 #ifndef VBOOT_REFERENCE_2SHA_H_
 #define VBOOT_REFERENCE_2SHA_H_
 
 #include "2crypto.h"
-#include "2struct.h"
 
 /* Hash algorithms may be disabled individually to save code space */
 
@@ -174,4 +178,20 @@ int vb2_digest_finalize(struct vb2_digest_context *dc,
 			uint8_t *digest,
 			uint32_t digest_size);
 
+/**
+ * Calculate the digest of a buffer and store the result.
+ *
+ * @param buf		Data to hash
+ * @param size		Length of data in bytes
+ * @param hash_alg	Hash algorithm
+ * @param digest	Destination for digest
+ * @param digest_size	Length of digest buffer in bytes.
+ * @return VB2_SUCCESS, or non-zero on error.
+ */
+int vb2_digest_buffer(const uint8_t *buf,
+		      uint32_t size,
+		      enum vb2_hash_algorithm hash_alg,
+		      uint8_t *digest,
+		      uint32_t digest_size);
+
 #endif  /* VBOOT_REFERENCE_2SHA_H_ */
diff --git a/firmware/include/vb2_api.h b/firmware/include/vb2_api.h
index d8746d01..2f63cc16 100644
--- a/firmware/include/vb2_api.h
+++ b/firmware/include/vb2_api.h
@@ -6,6 +6,10 @@
 /* APIs between calling firmware and vboot_reference
  *
  * DO NOT INCLUDE THE HEADERS BELOW DIRECTLY!  ONLY INCLUDE THIS FILE!
+ *
+ * Using vb2api.h as the single point of contact between calling firmware and
+ * vboot allows subsequent refactoring of vboot (renaming of headers, etc.)
+ * without churning other projects' source code.
  */
 
 #ifndef VBOOT_VB2_API_H_
@@ -14,6 +18,11 @@
 /* Standard APIs */
 #include "../2lib/include/2api.h"
 
+/* SHA library */
+#ifdef NEED_VB2_SHA_LIBRARY
+#include "../2lib/include/2sha.h"
+#endif
+
 /*
  * Coreboot should not need access to vboot2 internals.  But right now it does.
  * At least this forces it to do so through a relatively narrow hole so vboot2
-- 
cgit v1.2.1