From 2c21256b27d70b5950bd059330cdab027fb6ab7e Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:18 -0600 Subject: [PATCH] hash: Use Kconfig to enable hashing in host tools and SPL At present when building host tools, we force CONFIG_SHAxxx to be enabled regardless of the board Kconfig setting. This is done in the image.h header file. For SPL we currently just assume the algorithm is desired if U-Boot proper enables it. Clean this up by adding new Kconfig options to enable hashing on the host, relying on CONFIG_IS_ENABLED() to deal with the different builds. Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the current settings. This allows us to drop the image.h code and the I_WANT_MD5 hack. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- common/hash.c | 49 ++++++++++++++++++++----------------------- include/fdt_support.h | 2 +- include/hash.h | 6 +++++- include/image.h | 5 ----- lib/Kconfig | 18 ++++++++++++++++ tools/Kconfig | 25 ++++++++++++++++++++++ 6 files changed, 72 insertions(+), 33 deletions(-) diff --git a/common/hash.c b/common/hash.c index 3884298edf..2b8e7a4d5c 100644 --- a/common/hash.c +++ b/common/hash.c @@ -25,6 +25,7 @@ #else #include "mkimage.h" #include +#include #endif /* !USE_HOSTCC*/ #include @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR; static void reloc_update(void); -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha1(struct hash_algo *algo, void **ctxp) { sha1_context *ctx = malloc(sizeof(sha1_context)); @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, } #endif -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha256(struct hash_algo *algo, void **ctxp) { sha256_context *ctx = malloc(sizeof(sha256_context)); @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void } #endif -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha384(struct hash_algo *algo, void **ctxp) { sha512_context *ctx = malloc(sizeof(sha512_context)); @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void } #endif -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha512(struct hash_algo *algo, void **ctxp) { sha512_context *ctx = malloc(sizeof(sha512_context)); @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, return 0; } -#ifdef USE_HOSTCC -# define I_WANT_MD5 1 -#else -# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5) -#endif /* * These are the hash algorithms we support. If we have hardware acceleration * is enable we will use that, otherwise a software version of the algorithm. * Note that algorithm names must be in lower case. */ static struct hash_algo hash_algo[] = { -#if I_WANT_MD5 +#if CONFIG_IS_ENABLED(MD5) { .name = "md5", .digest_size = MD5_SUM_LEN, @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = { .hash_func_ws = md5_wd, }, #endif -#ifdef CONFIG_SHA1 +#if CONFIG_IS_ENABLED(SHA1) { .name = "sha1", .digest_size = SHA1_SUM_LEN, .chunk_size = CHUNKSZ_SHA1, -#ifdef CONFIG_SHA_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) .hash_func_ws = hw_sha1, #else .hash_func_ws = sha1_csum_wd, #endif -#ifdef CONFIG_SHA_PROG_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = { #endif }, #endif -#ifdef CONFIG_SHA256 +#if CONFIG_IS_ENABLED(SHA256) { .name = "sha256", .digest_size = SHA256_SUM_LEN, .chunk_size = CHUNKSZ_SHA256, -#ifdef CONFIG_SHA_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) .hash_func_ws = hw_sha256, #else .hash_func_ws = sha256_csum_wd, #endif -#ifdef CONFIG_SHA_PROG_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = { #endif }, #endif -#ifdef CONFIG_SHA384 +#if CONFIG_IS_ENABLED(SHA384) { .name = "sha384", .digest_size = SHA384_SUM_LEN, .chunk_size = CHUNKSZ_SHA384, -#ifdef CONFIG_SHA512_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) .hash_func_ws = hw_sha384, #else .hash_func_ws = sha384_csum_wd, #endif -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = { #endif }, #endif -#ifdef CONFIG_SHA512 +#if CONFIG_IS_ENABLED(SHA512) { .name = "sha512", .digest_size = SHA512_SUM_LEN, .chunk_size = CHUNKSZ_SHA512, -#ifdef CONFIG_SHA512_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) .hash_func_ws = hw_sha512, #else .hash_func_ws = sha512_csum_wd, #endif -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = { }; /* Try to minimize code size for boards that don't want much hashing */ -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \ - defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \ - defined(CONFIG_SHA384) || defined(CONFIG_SHA512) +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \ + CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \ + CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512) #define multi_hash() 1 #else #define multi_hash() 0 @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, return 0; } -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32) +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \ + defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)) /** * store_result: Store the resulting sum to an address or variable * diff --git a/include/fdt_support.h b/include/fdt_support.h index 72a5b90c97..88d129c803 100644 --- a/include/fdt_support.h +++ b/include/fdt_support.h @@ -7,7 +7,7 @@ #ifndef __FDT_SUPPORT_H #define __FDT_SUPPORT_H -#ifdef CONFIG_OF_LIBFDT +#if defined(CONFIG_OF_LIBFDT) && !defined(USE_HOSTCC) #include #include diff --git a/include/hash.h b/include/hash.h index 97bb3ed5d9..cfafbe7006 100644 --- a/include/hash.h +++ b/include/hash.h @@ -6,13 +6,17 @@ #ifndef _HASH_H #define _HASH_H +#ifdef USE_HOSTCC +#include +#endif + struct cmd_tbl; /* * Maximum digest size for all algorithms we support. Having this value * avoids a malloc() or C99 local declaration in common/cmd_hash.c. */ -#if defined(CONFIG_SHA384) || defined(CONFIG_SHA512) +#if CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512) #define HASH_MAX_DIGEST_SIZE 64 #else #define HASH_MAX_DIGEST_SIZE 32 diff --git a/include/image.h b/include/image.h index 73a763a693..03857f4b50 100644 --- a/include/image.h +++ b/include/image.h @@ -31,11 +31,6 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 -#define CONFIG_MD5 -#define CONFIG_SHA1 -#define CONFIG_SHA256 -#define CONFIG_SHA384 -#define CONFIG_SHA512 #define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" diff --git a/lib/Kconfig b/lib/Kconfig index 7899e756f9..64765acfa6 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -438,6 +438,24 @@ config SPL_SHA384 The SHA384 algorithm produces a 384-bit (48-byte) hash value (digest). +config SPL_SHA_HW_ACCEL + bool "Enable hardware acceleration for SHA hash functions" + default y if SHA_HW_ACCEL + help + This option enables hardware acceleration for the SHA1 and SHA256 + hashing algorithms. This affects the 'hash' command and also the + hash_lookup_algo() function. + +config SPL_SHA_PROG_HW_ACCEL + bool "Enable Progressive hashing support using hardware in SPL" + depends on SHA_PROG_HW_ACCEL + default y + help + This option enables hardware-acceleration for SHA progressive + hashing. + Data can be streamed in a block at a time and the hashing is + performed in hardware. + endif if SHA_HW_ACCEL diff --git a/tools/Kconfig b/tools/Kconfig index ea986ab047..6ffc2c0aa3 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE depends on TOOLS_FIT_SIGNATURE default 0x10000000 +config TOOLS_MD5 + def_bool y + help + Enable MD5 support in the tools builds + +config TOOLS_SHA1 + def_bool y + help + Enable SHA1 support in the tools builds + +config TOOLS_SHA256 + def_bool y + help + Enable SHA256 support in the tools builds + +config TOOLS_SHA384 + def_bool y + help + Enable SHA384 support in the tools builds + +config TOOLS_SHA512 + def_bool y + help + Enable SHA512 support in the tools builds + endmenu