aboutsummaryrefslogtreecommitdiff
path: root/include/hash.h
AgeCommit message (Collapse)Author
2021-10-08hash: Use Kconfig to enable hashing in host tools and SPLSimon Glass
At present when building host tools, we force CONFIG_SHAxxx to be enabled regardless of the board Kconfig setting. This is done in the image.h header file. For SPL we currently just assume the algorithm is desired if U-Boot proper enables it. Clean this up by adding new Kconfig options to enable hashing on the host, relying on CONFIG_IS_ENABLED() to deal with the different builds. Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the current settings. This allows us to drop the image.h code and the I_WANT_MD5 hack. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2020-06-12Add support for SHA384 and SHA512Reuben Dowle
The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
2020-05-18command: Remove the cmd_tbl_t typedefSimon Glass
We should not use typedefs in U-Boot. They cannot be used as forward declarations which means that header files must include the full header to access them. Drop the typedef and rename the struct to remove the _s suffix which is now not useful. This requires quite a few header-file additions. Signed-off-by: Simon Glass <sjg@chromium.org>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2017-05-31Kconfig: Finish migration of hashing commandsDaniel Thompson
Currently these (board agnostic) commands cannot be selected using menuconfig and friends. Fix this the obvious way. As part of this, don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v' and "we have a hashing command" as this makes the Kconfig logic odd. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> [trini: Re-apply, add imply for a few cases, run moveconfig.py, also migrate CRC32_VERIFY] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-01-13hash.c: Conditionally compile hash_command, static hash_showTom Rini
The function hash_show is now only called by hash_command, so mark it as static (and drop from hash.h). We only call hash_command when any of CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since hash.c is linked in unconditionally we must take extra care with functions that bring in read-only strings as these will not be discarded. Signed-off-by: Tom Rini <trini@konsulko.com>
2015-06-08autoboot.c: Add feature to stop autobooting via SHA256 encrypted passwordStefan Roese
This patch adds the feature to only stop the autobooting, and therefor boot into the U-Boot prompt, when the input string / password matches a values that is encypted via a SHA256 hash and saved in the environment. This feature is enabled by defined these config options: CONFIG_AUTOBOOT_KEYED CONFIG_AUTOBOOT_STOP_STR_SHA256 Signed-off-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2015-01-29Use hash.c in mkimageRuchika Gupta
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29hash: Add function to find hash_algo struct with progressive hashRuchika Gupta
The hash_algo structure has some implementations in which progressive hash API's are not defined. These are basically the hardware based implementations of SHA. An API is added to find the algo which has progressive hash API's defined. This can then be integrated with RSA checksum library which uses Progressive Hash API's. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
2014-06-19hash: Use uint8_t in preference to u8Simon Glass
This type is more readily available on the host compiler, so use it instead. Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11hash: Export the function to show a hashSimon Glass
This function is useful for displaying a hash value, so export it. Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-05Prevent a buffer overflow in mkimage when signing with SHA256Michael van der Westhuizen
Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Acked-by: Simon Glass <sjg@chromium.org> [trini: Rework a bit so move the exportable parts of hash.h outside of !USE_HOSTCC and only need that as a new include to image.h] Signed-off-by: Tom Rini <trini@ti.com>
2014-03-21gen: Add progressive hash APIHung-ying Tyan
Add hash_init(), hash_update() and hash_finish() to the hash_algo struct. Add hash_lookup_algo() to look up the struct given an algorithm name. Signed-off-by: Hung-ying Tyan <tyanh@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org>
2013-07-24Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
2013-05-14hash: Add a way to calculate a hash for any algortihmSimon Glass
Rather than needing to call one of many hashing algorithms in U-Boot, provide a function hash_block() which handles this, and can support all available hash algorithms. Once we have md5 supported within hashing, we can use this function in the FIT image code. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28hash: Use lower case for hash algorithm namesSimon Glass
Rather than use strcasecmp() in the hash algorithm search, require the caller to do this first. Most of U-Boot can use lower case anyway, and the hash command can convert to lower case before calling hash_command(). This saves needing strcasecmp() for boards that use hashing but not the hash command. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28Roll crc32 into hash infrastructureSimon Glass
Add the CRC32 algorithm to the list of available hashes, and make the crc32 command use hash_command(). Add a new crc32_wd_buf() to make this possible, which puts its result in a buffer rather than returning it as a 32-bit value. Note: For some boards the hash command is not enabled, neither are sha1, sha256 or the verify option. In this case the full hash implementation adds about 500 bytes of overhead. So as a special case, we use #ifdef to select very simple bahaviour in that case. The justification for this is that it is currently a very common case (virtually all boards enable crc32 but only some enable more advanced features). Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28hash: Add a flag to support saving hashes in the environmentSimon Glass
Some hashing commands permit saving the hash in an environment variable, and verifying a hash from there. But the crc32 command does not support this. In order to permit crc32 to use the generic hashing infrastructure, add a flag to select which behaviour to use. Signed-off-by: Simon Glass <sjg@chromium.org>
2012-12-11Add generic hash APISimon Glass
We have a SHA1 command and want to add a SHA256 command also. Instead of duplicating the code, create a generic hash API which can process commands for different algorithms. Signed-off-by: Simon Glass <sjg@chromium.org>