1404 lines
45 KiB
Diff
1404 lines
45 KiB
Diff
From 37c917d965c6dcbc3509b8776d79ad75a9102678 Mon Sep 17 00:00:00 2001
|
|
From: HC Yen <hc.yen@mediatek.com>
|
|
Date: Tue, 6 Dec 2016 16:38:46 +0800
|
|
Subject: [PATCH 1/3] rsa: add sha{256,384,512},rsa{2048,3072,4096} algorithms
|
|
|
|
Add support for "sha256,rsa3072", "sha384,rsa2048", "sha384,rsa3072",
|
|
"sha384,rsa4096", "sha512,rsa2048", "sha512,rsa3072", and
|
|
"sha512,rsa4096" signatures in u-boot.
|
|
---
|
|
common/hash.c | 71 +++++++
|
|
common/image-fit.c | 9 +
|
|
common/image-sig.c | 121 +++++++++++-
|
|
include/hash.h | 2 +-
|
|
include/image.h | 18 ++
|
|
include/u-boot/rsa-checksum.h | 12 +-
|
|
include/u-boot/rsa.h | 1 +
|
|
include/u-boot/sha4.h | 159 +++++++++++++++
|
|
lib/Kconfig | 16 ++
|
|
lib/Makefile | 2 +
|
|
lib/rsa/rsa-checksum.c | 312 +++++++++++++++++++++++++++++
|
|
lib/sha4.c | 447 ++++++++++++++++++++++++++++++++++++++++++
|
|
tools/Makefile | 1 +
|
|
13 files changed, 1167 insertions(+), 4 deletions(-)
|
|
create mode 100644 include/u-boot/sha4.h
|
|
create mode 100644 lib/sha4.c
|
|
|
|
diff --git a/common/hash.c b/common/hash.c
|
|
index b645298..d563292 100644
|
|
--- a/common/hash.c
|
|
+++ b/common/hash.c
|
|
@@ -28,6 +28,7 @@
|
|
#include <u-boot/crc.h>
|
|
#include <u-boot/sha1.h>
|
|
#include <u-boot/sha256.h>
|
|
+#include <u-boot/sha4.h>
|
|
#include <u-boot/md5.h>
|
|
|
|
#ifdef CONFIG_SHA1
|
|
@@ -84,6 +85,58 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void
|
|
free(ctx);
|
|
return 0;
|
|
}
|
|
+
|
|
+static int hash_init_sha384(struct hash_algo *algo, void **ctxp)
|
|
+{
|
|
+ sha4_context *ctx = malloc(sizeof(sha4_context));
|
|
+ sha4_starts(ctx, 1);
|
|
+ *ctxp = ctx;
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int hash_update_sha384(struct hash_algo *algo, void *ctx,
|
|
+ const void *buf, unsigned int size, int is_last)
|
|
+{
|
|
+ sha4_update((sha4_context *)ctx, (unsigned char *)buf, size);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void
|
|
+ *dest_buf, int size)
|
|
+{
|
|
+ if (size < algo->digest_size)
|
|
+ return -1;
|
|
+
|
|
+ sha4_finish((sha4_context *)ctx, dest_buf);
|
|
+ free(ctx);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
|
|
+{
|
|
+ sha4_context *ctx = malloc(sizeof(sha4_context));
|
|
+ sha4_starts(ctx, 0);
|
|
+ *ctxp = ctx;
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int hash_update_sha512(struct hash_algo *algo, void *ctx,
|
|
+ const void *buf, unsigned int size, int is_last)
|
|
+{
|
|
+ sha4_update((sha4_context *)ctx, (unsigned char *)buf, size);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int hash_finish_sha512(struct hash_algo *algo, void *ctx, void
|
|
+ *dest_buf, int size)
|
|
+{
|
|
+ if (size < algo->digest_size)
|
|
+ return -1;
|
|
+
|
|
+ sha4_finish((sha4_context *)ctx, dest_buf);
|
|
+ free(ctx);
|
|
+ return 0;
|
|
+}
|
|
#endif
|
|
|
|
static int hash_init_crc32(struct hash_algo *algo, void **ctxp)
|
|
@@ -166,6 +219,24 @@ static struct hash_algo hash_algo[] = {
|
|
hash_update_sha256,
|
|
hash_finish_sha256,
|
|
},
|
|
+ {
|
|
+ "sha384",
|
|
+ SHA384_SUM_LEN,
|
|
+ sha384_csum_wd,
|
|
+ CHUNKSZ_SHA384,
|
|
+ hash_init_sha384,
|
|
+ hash_update_sha384,
|
|
+ hash_finish_sha384,
|
|
+ },
|
|
+ {
|
|
+ "sha512",
|
|
+ SHA512_SUM_LEN,
|
|
+ sha512_csum_wd,
|
|
+ CHUNKSZ_SHA512,
|
|
+ hash_init_sha512,
|
|
+ hash_update_sha512,
|
|
+ hash_finish_sha512,
|
|
+ },
|
|
#endif
|
|
{
|
|
"crc32",
|
|
diff --git a/common/image-fit.c b/common/image-fit.c
|
|
index 77dc011..2d19e75 100644
|
|
--- a/common/image-fit.c
|
|
+++ b/common/image-fit.c
|
|
@@ -27,6 +27,7 @@ DECLARE_GLOBAL_DATA_PTR;
|
|
#include <u-boot/md5.h>
|
|
#include <u-boot/sha1.h>
|
|
#include <u-boot/sha256.h>
|
|
+#include <u-boot/sha4.h>
|
|
|
|
/*****************************************************************************/
|
|
/* New uImage format routines */
|
|
@@ -931,6 +932,14 @@ int calculate_hash(const void *data, int data_len, const char *algo,
|
|
sha256_csum_wd((unsigned char *)data, data_len,
|
|
(unsigned char *)value, CHUNKSZ_SHA256);
|
|
*value_len = SHA256_SUM_LEN;
|
|
+ } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
|
|
+ sha384_csum_wd((unsigned char *)data, data_len,
|
|
+ (unsigned char *)value, CHUNKSZ_SHA384);
|
|
+ *value_len = SHA384_SUM_LEN;
|
|
+ } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
|
|
+ sha512_csum_wd((unsigned char *)data, data_len,
|
|
+ (unsigned char *)value, CHUNKSZ_SHA512);
|
|
+ *value_len = SHA512_SUM_LEN;
|
|
} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
|
|
md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
|
|
*value_len = 16;
|
|
diff --git a/common/image-sig.c b/common/image-sig.c
|
|
index 28f7a20..57eab9f 100644
|
|
--- a/common/image-sig.c
|
|
+++ b/common/image-sig.c
|
|
@@ -54,12 +54,82 @@ struct checksum_algo checksum_algos[] = {
|
|
{
|
|
"sha256",
|
|
SHA256_SUM_LEN,
|
|
+ RSA3072_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha256,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha256_rsa3072,
|
|
+ },
|
|
+ {
|
|
+ "sha256",
|
|
+ SHA256_SUM_LEN,
|
|
RSA4096_BYTES,
|
|
#if IMAGE_ENABLE_SIGN
|
|
EVP_sha256,
|
|
#endif
|
|
hash_calculate,
|
|
padding_sha256_rsa4096,
|
|
+ },
|
|
+ {
|
|
+ "sha384",
|
|
+ SHA384_SUM_LEN,
|
|
+ RSA2048_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha384,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha384_rsa2048,
|
|
+ },
|
|
+ {
|
|
+ "sha384",
|
|
+ SHA384_SUM_LEN,
|
|
+ RSA3072_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha384,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha384_rsa3072,
|
|
+ },
|
|
+ {
|
|
+ "sha384",
|
|
+ SHA384_SUM_LEN,
|
|
+ RSA4096_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha384,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha384_rsa4096,
|
|
+ },
|
|
+ {
|
|
+ "sha512",
|
|
+ SHA512_SUM_LEN,
|
|
+ RSA2048_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha512,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha512_rsa2048,
|
|
+ },
|
|
+ {
|
|
+ "sha512",
|
|
+ SHA512_SUM_LEN,
|
|
+ RSA3072_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha512,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha512_rsa3072,
|
|
+ },
|
|
+ {
|
|
+ "sha512",
|
|
+ SHA512_SUM_LEN,
|
|
+ RSA4096_BYTES,
|
|
+#if IMAGE_ENABLE_SIGN
|
|
+ EVP_sha512,
|
|
+#endif
|
|
+ hash_calculate,
|
|
+ padding_sha512_rsa4096,
|
|
}
|
|
|
|
};
|
|
@@ -80,11 +150,60 @@ struct image_sig_algo image_sig_algos[] = {
|
|
&checksum_algos[1],
|
|
},
|
|
{
|
|
- "sha256,rsa4096",
|
|
+ "sha256,rsa3072",
|
|
rsa_sign,
|
|
rsa_add_verify_data,
|
|
rsa_verify,
|
|
&checksum_algos[2],
|
|
+ },
|
|
+ {
|
|
+ "sha256,rsa4096",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[3],
|
|
+ },
|
|
+ {
|
|
+ "sha384,rsa2048",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[4],
|
|
+ },
|
|
+ {
|
|
+ "sha384,rsa3072",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[5],
|
|
+ },
|
|
+ {
|
|
+ "sha384,rsa4096",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[6],
|
|
+ },
|
|
+ {
|
|
+ "sha512,rsa2048",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[7],
|
|
+ },
|
|
+ {
|
|
+ "sha512,rsa3072",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[8],
|
|
+ },
|
|
+ {
|
|
+ "sha512,rsa4096",
|
|
+ rsa_sign,
|
|
+ rsa_add_verify_data,
|
|
+ rsa_verify,
|
|
+ &checksum_algos[9],
|
|
}
|
|
|
|
};
|
|
diff --git a/include/hash.h b/include/hash.h
|
|
index d814337..59ba707 100644
|
|
--- a/include/hash.h
|
|
+++ b/include/hash.h
|
|
@@ -10,7 +10,7 @@
|
|
* Maximum digest size for all algorithms we support. Having this value
|
|
* avoids a malloc() or C99 local declaration in common/cmd_hash.c.
|
|
*/
|
|
-#define HASH_MAX_DIGEST_SIZE 32
|
|
+#define HASH_MAX_DIGEST_SIZE 64
|
|
|
|
enum {
|
|
HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */
|
|
diff --git a/include/image.h b/include/image.h
|
|
index 2b1296c..81735e8 100644
|
|
--- a/include/image.h
|
|
+++ b/include/image.h
|
|
@@ -65,15 +65,25 @@ struct lmb;
|
|
# ifdef CONFIG_SPL_SHA256_SUPPORT
|
|
# define IMAGE_ENABLE_SHA256 1
|
|
# endif
|
|
+# ifdef CONFIG_SPL_SHA384_SUPPORT
|
|
+# define IMAGE_ENABLE_SHA384 1
|
|
+# endif
|
|
+# ifdef CONFIG_SPL_SHA512_SUPPORT
|
|
+# define IMAGE_ENABLE_SHA512 1
|
|
+# endif
|
|
# else
|
|
# define CONFIG_CRC32 /* FIT images need CRC32 support */
|
|
# define CONFIG_MD5 /* and MD5 */
|
|
# define CONFIG_SHA1 /* and SHA1 */
|
|
# define CONFIG_SHA256 /* and SHA256 */
|
|
+# define CONFIG_SHA384 /* and SHA384 */
|
|
+# define CONFIG_SHA512 /* and SHA512 */
|
|
# define IMAGE_ENABLE_CRC32 1
|
|
# define IMAGE_ENABLE_MD5 1
|
|
# define IMAGE_ENABLE_SHA1 1
|
|
# define IMAGE_ENABLE_SHA256 1
|
|
+# define IMAGE_ENABLE_SHA384 1
|
|
+# define IMAGE_ENABLE_SHA512 1
|
|
# endif
|
|
|
|
#ifdef CONFIG_FIT_DISABLE_SHA256
|
|
@@ -97,6 +107,14 @@ struct lmb;
|
|
#define IMAGE_ENABLE_SHA256 0
|
|
#endif
|
|
|
|
+#ifndef IMAGE_ENABLE_SHA384
|
|
+#define IMAGE_ENABLE_SHA384 0
|
|
+#endif
|
|
+
|
|
+#ifndef IMAGE_ENABLE_SHA512
|
|
+#define IMAGE_ENABLE_SHA512 0
|
|
+#endif
|
|
+
|
|
#endif /* IMAGE_ENABLE_FIT */
|
|
|
|
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
|
|
diff --git a/include/u-boot/rsa-checksum.h b/include/u-boot/rsa-checksum.h
|
|
index 3c69d85..d8c584a 100644
|
|
--- a/include/u-boot/rsa-checksum.h
|
|
+++ b/include/u-boot/rsa-checksum.h
|
|
@@ -11,10 +11,18 @@
|
|
#include <image.h>
|
|
#include <u-boot/sha1.h>
|
|
#include <u-boot/sha256.h>
|
|
+#include <u-boot/sha4.h>
|
|
|
|
-extern const uint8_t padding_sha256_rsa4096[];
|
|
-extern const uint8_t padding_sha256_rsa2048[];
|
|
extern const uint8_t padding_sha1_rsa2048[];
|
|
+extern const uint8_t padding_sha256_rsa2048[];
|
|
+extern const uint8_t padding_sha256_rsa3072[];
|
|
+extern const uint8_t padding_sha256_rsa4096[];
|
|
+extern const uint8_t padding_sha384_rsa2048[];
|
|
+extern const uint8_t padding_sha384_rsa3072[];
|
|
+extern const uint8_t padding_sha384_rsa4096[];
|
|
+extern const uint8_t padding_sha512_rsa2048[];
|
|
+extern const uint8_t padding_sha512_rsa3072[];
|
|
+extern const uint8_t padding_sha512_rsa4096[];
|
|
|
|
/**
|
|
* hash_calculate() - Calculate hash over the data
|
|
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
|
|
index 0e96c38..3921250 100644
|
|
--- a/include/u-boot/rsa.h
|
|
+++ b/include/u-boot/rsa.h
|
|
@@ -108,6 +108,7 @@ static inline int rsa_verify(struct image_sign_info *info,
|
|
#endif
|
|
|
|
#define RSA2048_BYTES (2048 / 8)
|
|
+#define RSA3072_BYTES (3072 / 8)
|
|
#define RSA4096_BYTES (4096 / 8)
|
|
|
|
/* This is the minimum/maximum key size we support, in bits */
|
|
diff --git a/include/u-boot/sha4.h b/include/u-boot/sha4.h
|
|
new file mode 100644
|
|
index 0000000..e9e5865
|
|
--- /dev/null
|
|
+++ b/include/u-boot/sha4.h
|
|
@@ -0,0 +1,159 @@
|
|
+/**
|
|
+ * \file sha4.h
|
|
+ *
|
|
+ * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
|
|
+ *
|
|
+ * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
|
|
+ *
|
|
+ * All rights reserved.
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted provided that the following conditions
|
|
+ * are met:
|
|
+ *
|
|
+ * * Redistributions of source code must retain the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer.
|
|
+ * * Redistributions in binary form must reproduce the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer in the
|
|
+ * documentation and/or other materials provided with the distribution.
|
|
+ * * Neither the names of PolarSSL or XySSL nor the names of its contributors
|
|
+ * may be used to endorse or promote products derived from this software
|
|
+ * without specific prior written permission.
|
|
+ *
|
|
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
+ */
|
|
+#ifndef _SHA4_H
|
|
+#define _SHA4_H
|
|
+
|
|
+#define SHA384_SUM_LEN 48
|
|
+#define SHA512_SUM_LEN 64
|
|
+
|
|
+/* Reset watchdog each time we process this many bytes */
|
|
+#define CHUNKSZ_SHA384 (64 * 1024)
|
|
+#define CHUNKSZ_SHA512 (64 * 1024)
|
|
+
|
|
+#define UL64(x) x##ULL
|
|
+#define int64 long long
|
|
+
|
|
+/**
|
|
+ * \brief SHA-512 context structure
|
|
+ */
|
|
+typedef struct {
|
|
+ unsigned int64 total[2]; /*!< number of bytes processed */
|
|
+ unsigned int64 state[8]; /*!< intermediate digest state */
|
|
+ unsigned char buffer[128]; /*!< data block being processed */
|
|
+
|
|
+ unsigned char ipad[128]; /*!< HMAC: inner padding */
|
|
+ unsigned char opad[128]; /*!< HMAC: outer padding */
|
|
+ int is384; /*!< 0 => SHA-512, else SHA-384 */
|
|
+} sha4_context;
|
|
+
|
|
+#ifdef __cplusplus
|
|
+extern "C" {
|
|
+#endif
|
|
+
|
|
+ /**
|
|
+ * \brief SHA-512 context setup
|
|
+ *
|
|
+ * \param ctx context to be initialized
|
|
+ * \param is384 0 = use SHA512, 1 = use SHA384
|
|
+ */
|
|
+ void sha4_starts(sha4_context * ctx, int is384);
|
|
+
|
|
+ /**
|
|
+ * \brief SHA-512 process buffer
|
|
+ *
|
|
+ * \param ctx SHA-512 context
|
|
+ * \param input buffer holding the data
|
|
+ * \param ilen length of the input data
|
|
+ */
|
|
+ void sha4_update(sha4_context * ctx, unsigned char *input, int ilen);
|
|
+
|
|
+ /**
|
|
+ * \brief SHA-512 final digest
|
|
+ *
|
|
+ * \param ctx SHA-512 context
|
|
+ * \param output SHA-384/512 checksum result
|
|
+ */
|
|
+ void sha4_finish(sha4_context * ctx, unsigned char output[64]);
|
|
+
|
|
+ /**
|
|
+ * \brief Output = SHA-512( input buffer )
|
|
+ *
|
|
+ * \param input buffer holding the data
|
|
+ * \param ilen length of the input data
|
|
+ * \param output SHA-384/512 checksum result
|
|
+ * \param is384 0 = use SHA512, 1 = use SHA384
|
|
+ */
|
|
+ void sha4(unsigned char *input, int ilen,
|
|
+ unsigned char output[64], int is384);
|
|
+
|
|
+void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
|
|
+ unsigned char *output, unsigned int chunk_sz);
|
|
+void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
|
|
+ unsigned char *output, unsigned int chunk_sz);
|
|
+
|
|
+ /**
|
|
+ * \brief SHA-512 HMAC context setup
|
|
+ *
|
|
+ * \param ctx HMAC context to be initialized
|
|
+ * \param is384 0 = use SHA512, 1 = use SHA384
|
|
+ * \param key HMAC secret key
|
|
+ * \param keylen length of the HMAC key
|
|
+ */
|
|
+ void sha4_hmac_starts(sha4_context * ctx, unsigned char *key,
|
|
+ int keylen, int is384);
|
|
+
|
|
+ /**
|
|
+ * \brief SHA-512 HMAC process buffer
|
|
+ *
|
|
+ * \param ctx HMAC context
|
|
+ * \param input buffer holding the data
|
|
+ * \param ilen length of the input data
|
|
+ */
|
|
+ void sha4_hmac_update(sha4_context * ctx, unsigned char *input,
|
|
+ int ilen);
|
|
+
|
|
+ /**
|
|
+ * \brief SHA-512 HMAC final digest
|
|
+ *
|
|
+ * \param ctx HMAC context
|
|
+ * \param output SHA-384/512 HMAC checksum result
|
|
+ */
|
|
+ void sha4_hmac_finish(sha4_context * ctx, unsigned char output[64]);
|
|
+
|
|
+ /**
|
|
+ * \brief Output = HMAC-SHA-512( hmac key, input buffer )
|
|
+ *
|
|
+ * \param key HMAC secret key
|
|
+ * \param keylen length of the HMAC key
|
|
+ * \param input buffer holding the data
|
|
+ * \param ilen length of the input data
|
|
+ * \param output HMAC-SHA-384/512 result
|
|
+ * \param is384 0 = use SHA512, 1 = use SHA384
|
|
+ */
|
|
+ void sha4_hmac(unsigned char *key, int keylen,
|
|
+ unsigned char *input, int ilen,
|
|
+ unsigned char output[64], int is384);
|
|
+
|
|
+ /**
|
|
+ * \brief Checkup routine
|
|
+ *
|
|
+ * \return 0 if successful, or 1 if the test failed
|
|
+ */
|
|
+ int sha4_self_test(int verbose);
|
|
+
|
|
+#ifdef __cplusplus
|
|
+}
|
|
+#endif
|
|
+#endif /* sha4.h */
|
|
diff --git a/lib/Kconfig b/lib/Kconfig
|
|
index b16062f..1cba1b5 100644
|
|
--- a/lib/Kconfig
|
|
+++ b/lib/Kconfig
|
|
@@ -85,6 +85,22 @@ config SHA256
|
|
The SHA256 algorithm produces a 256-bit (32-byte) hash value
|
|
(digest).
|
|
|
|
+config SHA384
|
|
+ bool "Enable SHA384 support"
|
|
+ help
|
|
+ This option enables support of hashing using SHA384 algorithm.
|
|
+ The hash is calculated in software.
|
|
+ The SHA384 algorithm produces a 384-bit (48-byte) hash value
|
|
+ (digest).
|
|
+
|
|
+config SHA512
|
|
+ bool "Enable SHA512 support"
|
|
+ help
|
|
+ This option enables support of hashing using SHA512 algorithm.
|
|
+ The hash is calculated in software.
|
|
+ The SHA512 algorithm produces a 512-bit (64-byte) hash value
|
|
+ (digest).
|
|
+
|
|
config SHA_HW_ACCEL
|
|
bool "Enable hashing using hardware"
|
|
help
|
|
diff --git a/lib/Makefile b/lib/Makefile
|
|
index 23e9f1e..ba5ba04 100644
|
|
--- a/lib/Makefile
|
|
+++ b/lib/Makefile
|
|
@@ -47,6 +47,8 @@ endif
|
|
obj-$(CONFIG_$(SPL_)RSA) += rsa/
|
|
obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
|
|
obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
|
|
+obj-$(CONFIG_$(SPL_)SHA384) += sha4.o
|
|
+obj-$(CONFIG_$(SPL_)SHA512) += sha4.o
|
|
|
|
obj-$(CONFIG_SPL_SAVEENV) += qsort.o
|
|
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/
|
|
diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
|
|
index db183ff..74e289c 100644
|
|
--- a/lib/rsa/rsa-checksum.c
|
|
+++ b/lib/rsa/rsa-checksum.c
|
|
@@ -15,6 +15,7 @@
|
|
#include "fdt_host.h"
|
|
#include <u-boot/sha1.h>
|
|
#include <u-boot/sha256.h>
|
|
+#include <u-boot/sha4.h>
|
|
#endif
|
|
#include <u-boot/rsa.h>
|
|
|
|
@@ -74,6 +75,53 @@ const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = {
|
|
0x05, 0x00, 0x04, 0x14
|
|
};
|
|
|
|
+const uint8_t padding_sha256_rsa3072[RSA3072_BYTES - SHA256_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
|
|
+};
|
|
+
|
|
const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
|
|
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
@@ -137,6 +185,270 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
|
|
0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
|
|
};
|
|
|
|
+const uint8_t padding_sha384_rsa2048[RSA2048_BYTES - SHA384_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x41, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
|
|
+};
|
|
+
|
|
+const uint8_t padding_sha384_rsa3072[RSA3072_BYTES - SHA384_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x41, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
|
|
+};
|
|
+
|
|
+const uint8_t padding_sha384_rsa4096[RSA4096_BYTES - SHA384_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x41, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
|
|
+};
|
|
+
|
|
+const uint8_t padding_sha512_rsa2048[RSA2048_BYTES - SHA512_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x51, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
|
|
+};
|
|
+
|
|
+const uint8_t padding_sha512_rsa3072[RSA3072_BYTES - SHA512_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x51, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
|
|
+};
|
|
+
|
|
+const uint8_t padding_sha512_rsa4096[RSA4096_BYTES - SHA512_SUM_LEN] = {
|
|
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x51, 0x30,
|
|
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
|
+ 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
|
|
+};
|
|
+
|
|
int hash_calculate(const char *name,
|
|
const struct image_region region[],
|
|
int region_count, uint8_t *checksum)
|
|
diff --git a/lib/sha4.c b/lib/sha4.c
|
|
new file mode 100644
|
|
index 0000000..929d267
|
|
--- /dev/null
|
|
+++ b/lib/sha4.c
|
|
@@ -0,0 +1,447 @@
|
|
+/*
|
|
+ * FIPS-180-2 compliant SHA-384/512 implementation
|
|
+ *
|
|
+ * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
|
|
+ *
|
|
+ * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
|
|
+ *
|
|
+ * All rights reserved.
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted provided that the following conditions
|
|
+ * are met:
|
|
+ *
|
|
+ * * Redistributions of source code must retain the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer.
|
|
+ * * Redistributions in binary form must reproduce the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer in the
|
|
+ * documentation and/or other materials provided with the distribution.
|
|
+ * * Neither the names of PolarSSL or XySSL nor the names of its contributors
|
|
+ * may be used to endorse or promote products derived from this software
|
|
+ * without specific prior written permission.
|
|
+ *
|
|
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
+ */
|
|
+/*
|
|
+ * The SHA-512 Secure Hash Standard was published by NIST in 2002.
|
|
+ *
|
|
+ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
|
|
+ */
|
|
+
|
|
+#ifndef USE_HOSTCC
|
|
+#include <common.h>
|
|
+#include <linux/string.h>
|
|
+#else
|
|
+#include <string.h>
|
|
+#endif /* USE_HOSTCC */
|
|
+#include <watchdog.h>
|
|
+#include <u-boot/sha4.h>
|
|
+
|
|
+/*
|
|
+ * 64-bit integer manipulation macros (big endian)
|
|
+ */
|
|
+#ifndef GET_UINT64_BE
|
|
+#define GET_UINT64_BE(n,b,i) \
|
|
+ { \
|
|
+ (n) = ( (unsigned int64) (b)[(i) ] << 56 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 1] << 48 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 2] << 40 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 3] << 32 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 4] << 24 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 5] << 16 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 6] << 8 ) \
|
|
+ | ( (unsigned int64) (b)[(i) + 7] ); \
|
|
+ }
|
|
+#endif
|
|
+
|
|
+#ifndef PUT_UINT64_BE
|
|
+#define PUT_UINT64_BE(n,b,i) \
|
|
+ { \
|
|
+ (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
|
|
+ (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
|
|
+ (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
|
|
+ (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
|
|
+ (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
|
|
+ (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
|
|
+ (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
|
|
+ (b)[(i) + 7] = (unsigned char) ( (n) ); \
|
|
+ }
|
|
+#endif
|
|
+
|
|
+/*
|
|
+ * Round constants
|
|
+ */
|
|
+static const unsigned int64 K[80] = {
|
|
+ UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
|
|
+ UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
|
|
+ UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
|
|
+ UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
|
|
+ UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
|
|
+ UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
|
|
+ UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
|
|
+ UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
|
|
+ UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
|
|
+ UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
|
|
+ UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
|
|
+ UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
|
|
+ UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
|
|
+ UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
|
|
+ UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
|
|
+ UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
|
|
+ UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
|
|
+ UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
|
|
+ UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
|
|
+ UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
|
|
+ UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
|
|
+ UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
|
|
+ UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
|
|
+ UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
|
|
+ UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
|
|
+ UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
|
|
+ UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
|
|
+ UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
|
|
+ UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
|
|
+ UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
|
|
+ UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
|
|
+ UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
|
|
+ UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
|
|
+ UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
|
|
+ UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
|
|
+ UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
|
|
+ UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
|
|
+ UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
|
|
+ UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
|
|
+ UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
|
|
+};
|
|
+
|
|
+/*
|
|
+ * SHA-512 context setup
|
|
+ */
|
|
+void sha4_starts(sha4_context * ctx, int is384)
|
|
+{
|
|
+ ctx->total[0] = 0;
|
|
+ ctx->total[1] = 0;
|
|
+
|
|
+ if (is384 == 0) {
|
|
+ /* SHA-512 */
|
|
+ ctx->state[0] = UL64(0x6A09E667F3BCC908);
|
|
+ ctx->state[1] = UL64(0xBB67AE8584CAA73B);
|
|
+ ctx->state[2] = UL64(0x3C6EF372FE94F82B);
|
|
+ ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
|
|
+ ctx->state[4] = UL64(0x510E527FADE682D1);
|
|
+ ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
|
|
+ ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
|
|
+ ctx->state[7] = UL64(0x5BE0CD19137E2179);
|
|
+ } else {
|
|
+ /* SHA-384 */
|
|
+ ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
|
|
+ ctx->state[1] = UL64(0x629A292A367CD507);
|
|
+ ctx->state[2] = UL64(0x9159015A3070DD17);
|
|
+ ctx->state[3] = UL64(0x152FECD8F70E5939);
|
|
+ ctx->state[4] = UL64(0x67332667FFC00B31);
|
|
+ ctx->state[5] = UL64(0x8EB44A8768581511);
|
|
+ ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
|
|
+ ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
|
|
+ }
|
|
+
|
|
+ ctx->is384 = is384;
|
|
+}
|
|
+
|
|
+static void sha4_process(sha4_context * ctx, unsigned char data[128])
|
|
+{
|
|
+ int i;
|
|
+ unsigned int64 temp1, temp2, W[80];
|
|
+ unsigned int64 A, B, C, D, E, F, G, H;
|
|
+
|
|
+#define SHR(x,n) (x >> n)
|
|
+#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
|
|
+
|
|
+#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
|
|
+#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
|
|
+
|
|
+#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
|
|
+#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
|
|
+
|
|
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
|
|
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
|
|
+
|
|
+#define P(a,b,c,d,e,f,g,h,x,K) \
|
|
+ { \
|
|
+ temp1 = h + S3(e) + F1(e,f,g) + K + x; \
|
|
+ temp2 = S2(a) + F0(a,b,c); \
|
|
+ d += temp1; h = temp1 + temp2; \
|
|
+ }
|
|
+
|
|
+ for (i = 0; i < 16; i++) {
|
|
+ GET_UINT64_BE(W[i], data, i << 3);
|
|
+ }
|
|
+
|
|
+ for (; i < 80; i++) {
|
|
+ W[i] = S1(W[i - 2]) + W[i - 7] + S0(W[i - 15]) + W[i - 16];
|
|
+ }
|
|
+
|
|
+ A = ctx->state[0];
|
|
+ B = ctx->state[1];
|
|
+ C = ctx->state[2];
|
|
+ D = ctx->state[3];
|
|
+ E = ctx->state[4];
|
|
+ F = ctx->state[5];
|
|
+ G = ctx->state[6];
|
|
+ H = ctx->state[7];
|
|
+ i = 0;
|
|
+
|
|
+ do {
|
|
+ P(A, B, C, D, E, F, G, H, W[i], K[i]);
|
|
+ i++;
|
|
+ P(H, A, B, C, D, E, F, G, W[i], K[i]);
|
|
+ i++;
|
|
+ P(G, H, A, B, C, D, E, F, W[i], K[i]);
|
|
+ i++;
|
|
+ P(F, G, H, A, B, C, D, E, W[i], K[i]);
|
|
+ i++;
|
|
+ P(E, F, G, H, A, B, C, D, W[i], K[i]);
|
|
+ i++;
|
|
+ P(D, E, F, G, H, A, B, C, W[i], K[i]);
|
|
+ i++;
|
|
+ P(C, D, E, F, G, H, A, B, W[i], K[i]);
|
|
+ i++;
|
|
+ P(B, C, D, E, F, G, H, A, W[i], K[i]);
|
|
+ i++;
|
|
+ } while (i < 80);
|
|
+
|
|
+ ctx->state[0] += A;
|
|
+ ctx->state[1] += B;
|
|
+ ctx->state[2] += C;
|
|
+ ctx->state[3] += D;
|
|
+ ctx->state[4] += E;
|
|
+ ctx->state[5] += F;
|
|
+ ctx->state[6] += G;
|
|
+ ctx->state[7] += H;
|
|
+}
|
|
+
|
|
+/*
|
|
+ * SHA-512 process buffer
|
|
+ */
|
|
+void sha4_update(sha4_context * ctx, unsigned char *input, int ilen)
|
|
+{
|
|
+ int fill;
|
|
+ unsigned int64 left;
|
|
+
|
|
+ if (ilen <= 0)
|
|
+ return;
|
|
+
|
|
+ left = ctx->total[0] & 0x7F;
|
|
+ fill = (int)(128 - left);
|
|
+
|
|
+ ctx->total[0] += ilen;
|
|
+
|
|
+ if (ctx->total[0] < (unsigned int64)ilen)
|
|
+ ctx->total[1]++;
|
|
+
|
|
+ if (left && ilen >= fill) {
|
|
+ memcpy((void *)(ctx->buffer + left), (void *)input, fill);
|
|
+ sha4_process(ctx, ctx->buffer);
|
|
+ input += fill;
|
|
+ ilen -= fill;
|
|
+ left = 0;
|
|
+ }
|
|
+
|
|
+ while (ilen >= 128) {
|
|
+ sha4_process(ctx, input);
|
|
+ input += 128;
|
|
+ ilen -= 128;
|
|
+ }
|
|
+
|
|
+ if (ilen > 0) {
|
|
+ memcpy((void *)(ctx->buffer + left), (void *)input, ilen);
|
|
+ }
|
|
+}
|
|
+
|
|
+static const unsigned char sha4_padding[128] = {
|
|
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
|
+};
|
|
+
|
|
+/*
|
|
+ * SHA-512 final digest
|
|
+ */
|
|
+void sha4_finish(sha4_context * ctx, unsigned char output[64])
|
|
+{
|
|
+ int last, padn;
|
|
+ unsigned int64 high, low;
|
|
+ unsigned char msglen[16];
|
|
+
|
|
+ high = (ctx->total[0] >> 61)
|
|
+ | (ctx->total[1] << 3);
|
|
+ low = (ctx->total[0] << 3);
|
|
+
|
|
+ PUT_UINT64_BE(high, msglen, 0);
|
|
+ PUT_UINT64_BE(low, msglen, 8);
|
|
+
|
|
+ last = (int)(ctx->total[0] & 0x7F);
|
|
+ padn = (last < 112) ? (112 - last) : (240 - last);
|
|
+
|
|
+ sha4_update(ctx, (unsigned char *)sha4_padding, padn);
|
|
+ sha4_update(ctx, msglen, 16);
|
|
+
|
|
+ PUT_UINT64_BE(ctx->state[0], output, 0);
|
|
+ PUT_UINT64_BE(ctx->state[1], output, 8);
|
|
+ PUT_UINT64_BE(ctx->state[2], output, 16);
|
|
+ PUT_UINT64_BE(ctx->state[3], output, 24);
|
|
+ PUT_UINT64_BE(ctx->state[4], output, 32);
|
|
+ PUT_UINT64_BE(ctx->state[5], output, 40);
|
|
+
|
|
+ if (ctx->is384 == 0) {
|
|
+ PUT_UINT64_BE(ctx->state[6], output, 48);
|
|
+ PUT_UINT64_BE(ctx->state[7], output, 56);
|
|
+ }
|
|
+}
|
|
+
|
|
+/*
|
|
+ * output = SHA-512( input buffer )
|
|
+ */
|
|
+void sha4(unsigned char *input, int ilen, unsigned char output[64], int is384)
|
|
+{
|
|
+ sha4_context ctx;
|
|
+
|
|
+ sha4_starts(&ctx, is384);
|
|
+ sha4_update(&ctx, input, ilen);
|
|
+ sha4_finish(&ctx, output);
|
|
+
|
|
+ memset(&ctx, 0, sizeof(sha4_context));
|
|
+}
|
|
+
|
|
+/*
|
|
+ * Output = SHA-4( input buffer ). Trigger the watchdog every 'chunk_sz'
|
|
+ * bytes of input processed.
|
|
+ */
|
|
+static void sha4_csum_wd(const unsigned char *input, unsigned int ilen,
|
|
+ unsigned char *output, unsigned int chunk_sz, int is384)
|
|
+{
|
|
+ sha4_context ctx;
|
|
+#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
|
|
+ const unsigned char *end;
|
|
+ unsigned char *curr;
|
|
+ int chunk;
|
|
+#endif
|
|
+
|
|
+ sha4_starts(&ctx, is384);
|
|
+
|
|
+#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
|
|
+ curr = (unsigned char *)input;
|
|
+ end = input + ilen;
|
|
+ while (curr < end) {
|
|
+ chunk = end - curr;
|
|
+ if (chunk > chunk_sz)
|
|
+ chunk = chunk_sz;
|
|
+ sha4_update(&ctx, curr, chunk);
|
|
+ curr += chunk;
|
|
+ WATCHDOG_RESET();
|
|
+ }
|
|
+#else
|
|
+ sha4_update(&ctx, input, ilen);
|
|
+#endif
|
|
+
|
|
+ sha4_finish(&ctx, output);
|
|
+}
|
|
+
|
|
+void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
|
|
+ unsigned char *output, unsigned int chunk_sz)
|
|
+{
|
|
+ sha4_csum_wd(input, ilen, output, chunk_sz, 1);
|
|
+}
|
|
+
|
|
+void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
|
|
+ unsigned char *output, unsigned int chunk_sz)
|
|
+{
|
|
+ sha4_csum_wd(input, ilen, output, chunk_sz, 0);
|
|
+}
|
|
+
|
|
+/*
|
|
+ * SHA-512 HMAC context setup
|
|
+ */
|
|
+void sha4_hmac_starts(sha4_context * ctx, unsigned char *key, int keylen,
|
|
+ int is384)
|
|
+{
|
|
+ int i;
|
|
+ unsigned char sum[64];
|
|
+
|
|
+ if (keylen > 128) {
|
|
+ sha4(key, keylen, sum, is384);
|
|
+ keylen = (is384) ? 48 : 64;
|
|
+ key = sum;
|
|
+ }
|
|
+
|
|
+ memset(ctx->ipad, 0x36, 128);
|
|
+ memset(ctx->opad, 0x5C, 128);
|
|
+
|
|
+ for (i = 0; i < keylen; i++) {
|
|
+ ctx->ipad[i] = (unsigned char)(ctx->ipad[i] ^ key[i]);
|
|
+ ctx->opad[i] = (unsigned char)(ctx->opad[i] ^ key[i]);
|
|
+ }
|
|
+
|
|
+ sha4_starts(ctx, is384);
|
|
+ sha4_update(ctx, ctx->ipad, 128);
|
|
+
|
|
+ memset(sum, 0, sizeof(sum));
|
|
+}
|
|
+
|
|
+/*
|
|
+ * SHA-512 HMAC process buffer
|
|
+ */
|
|
+void sha4_hmac_update(sha4_context * ctx, unsigned char *input, int ilen)
|
|
+{
|
|
+ sha4_update(ctx, input, ilen);
|
|
+}
|
|
+
|
|
+/*
|
|
+ * SHA-512 HMAC final digest
|
|
+ */
|
|
+void sha4_hmac_finish(sha4_context * ctx, unsigned char output[64])
|
|
+{
|
|
+ int is384, hlen;
|
|
+ unsigned char tmpbuf[64];
|
|
+
|
|
+ is384 = ctx->is384;
|
|
+ hlen = (is384 == 0) ? 64 : 48;
|
|
+
|
|
+ sha4_finish(ctx, tmpbuf);
|
|
+ sha4_starts(ctx, is384);
|
|
+ sha4_update(ctx, ctx->opad, 128);
|
|
+ sha4_update(ctx, tmpbuf, hlen);
|
|
+ sha4_finish(ctx, output);
|
|
+
|
|
+ memset(tmpbuf, 0, sizeof(tmpbuf));
|
|
+}
|
|
+
|
|
+/*
|
|
+ * output = HMAC-SHA-512( hmac key, input buffer )
|
|
+ */
|
|
+void sha4_hmac(unsigned char *key, int keylen,
|
|
+ unsigned char *input, int ilen,
|
|
+ unsigned char output[64], int is384)
|
|
+{
|
|
+ sha4_context ctx;
|
|
+
|
|
+ sha4_hmac_starts(&ctx, key, keylen, is384);
|
|
+ sha4_hmac_update(&ctx, input, ilen);
|
|
+ sha4_hmac_finish(&ctx, output);
|
|
+
|
|
+ memset(&ctx, 0, sizeof(sha4_context));
|
|
+}
|
|
diff --git a/tools/Makefile b/tools/Makefile
|
|
index 9edb504..59f4911 100644
|
|
--- a/tools/Makefile
|
|
+++ b/tools/Makefile
|
|
@@ -95,6 +95,7 @@ dumpimage-mkimage-objs := aisimage.o \
|
|
socfpgaimage.o \
|
|
lib/sha1.o \
|
|
lib/sha256.o \
|
|
+ lib/sha4.o \
|
|
common/hash.o \
|
|
ublimage.o \
|
|
zynqimage.o \
|
|
--
|
|
1.9.1
|
|
|