@@ -119,6 +119,7 @@ config MMC_HW_PARTITIONING
config SUPPORT_EMMC_RPMB
bool "Support eMMC replay protected memory block (RPMB)"
imply CMD_MMC_RPMB
+ select SHA256
help
Enable support for reading, writing and programming the
key for the Replay Protection Memory Block partition in eMMC.
@@ -6,10 +6,16 @@
#ifndef _MD5_H
#define _MD5_H
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+#include <mbedtls/md5.h>
+#endif
#include "compiler.h"
#define MD5_SUM_LEN 16
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_md5_context MD5Context;
+#else
typedef struct MD5Context {
__u32 buf[4];
__u32 bits[2];
@@ -18,6 +24,7 @@ typedef struct MD5Context {
__u32 in32[16];
};
} MD5Context;
+#endif
void MD5Init(MD5Context *ctx);
void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len);
@@ -16,6 +16,21 @@
#include <linux/types.h>
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+/*
+ * FIXME:
+ * MbedTLS define the members of "mbedtls_sha256_context" as private,
+ * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue.
+ * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
+ * access.
+ * Directly including <external/mbedtls/library/common.h> is not allowed,
+ * since this will include <malloc.h> and break the sandbox test.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include <mbedtls/sha1.h>
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -26,6 +41,9 @@ extern "C" {
extern const uint8_t sha1_der_prefix[];
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_sha1_context sha1_context;
+#else
/**
* \brief SHA-1 context structure
*/
@@ -36,13 +54,14 @@ typedef struct
unsigned char buffer[64]; /*!< data block being processed */
}
sha1_context;
+#endif
/**
* \brief SHA-1 context setup
*
* \param ctx SHA-1 context to be initialized
*/
-void sha1_starts( sha1_context *ctx );
+void sha1_starts(sha1_context *ctx);
/**
* \brief SHA-1 process buffer
@@ -3,6 +3,22 @@
#include <linux/types.h>
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+/*
+ * FIXME:
+ * MbedTLS define the members of "mbedtls_sha256_context" as private,
+ * but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue.
+ * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
+ * access.
+ * Directly including <external/mbedtls/library/common.h> is not allowed,
+ * since this will include <malloc.h> and break the sandbox test.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include <mbedtls/sha256.h>
+#endif
+
+#define SHA224_SUM_LEN 28
#define SHA256_SUM_LEN 32
#define SHA256_DER_LEN 19
@@ -11,11 +27,15 @@ extern const uint8_t sha256_der_prefix[];
/* Reset watchdog each time we process this many bytes */
#define CHUNKSZ_SHA256 (64 * 1024)
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_sha256_context sha256_context;
+#else
typedef struct {
uint32_t total[2];
uint32_t state[8];
uint8_t buffer[64];
} sha256_context;
+#endif
void sha256_starts(sha256_context * ctx);
void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length);
@@ -3,6 +3,10 @@
#include <linux/types.h>
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+#include <mbedtls/sha512.h>
+#endif
+
#define SHA384_SUM_LEN 48
#define SHA384_DER_LEN 19
#define SHA512_SUM_LEN 64
@@ -12,11 +16,16 @@
#define CHUNKSZ_SHA384 (16 * 1024)
#define CHUNKSZ_SHA512 (16 * 1024)
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_sha512_context sha384_context;
+typedef mbedtls_sha512_context sha512_context;
+#else
typedef struct {
uint64_t state[SHA512_SUM_LEN / 8];
uint64_t count[2];
uint8_t buf[SHA512_BLOCK_SIZE];
} sha512_context;
+#endif
extern const uint8_t sha512_der_prefix[];
@@ -50,7 +50,6 @@ obj-$(CONFIG_XXHASH) += xxhash.o
obj-y += net_utils.o
obj-$(CONFIG_PHYSMEM) += physmem.o
obj-y += rc4.o
-obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
obj-$(CONFIG_RBTREE) += rbtree.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-y += list_sort.o
@@ -71,14 +70,16 @@ obj-$(CONFIG_$(SPL_TPL_)CRC16) += crc16.o
obj-y += crypto/
obj-$(CONFIG_$(SPL_TPL_)ACPI) += acpi/
-obj-$(CONFIG_$(SPL_)MD5) += md5.o
obj-$(CONFIG_ECDSA) += ecdsa/
obj-$(CONFIG_$(SPL_)RSA) += rsa/
obj-$(CONFIG_HASH) += hash-checksum.o
obj-$(CONFIG_BLAKE2) += blake2/blake2b.o
-obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
-obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
-obj-$(CONFIG_$(SPL_)SHA512) += sha512.o
+
+obj-$(CONFIG_$(SPL_)MD5_LEGACY) += md5.o
+obj-$(CONFIG_$(SPL_)SHA1_LEGACY) += sha1.o
+obj-$(CONFIG_$(SPL_)SHA256_LEGACY) += sha256.o
+obj-$(CONFIG_$(SPL_)SHA512_LEGACY) += sha512.o
+
obj-$(CONFIG_CRYPT_PW) += crypt/
obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o
@@ -20,9 +20,100 @@ if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT
config LEGACY_CRYPTO_BASIC
bool "legacy basic crypto libraries"
+ select MD5_LEGACY if MD5
+ select SHA1_LEGACY if SHA1
+ select SHA256_LEGACY if SHA256
+ select SHA512_LEGACY if SHA512
+ select SHA384_LEGACY if SHA384
+ select SPL_MD5_LEGACY if SPL_MD5
+ select SPL_SHA1_LEGACY if SPL_SHA1
+ select SPL_SHA256_LEGACY if SPL_SHA256
+ select SPL_SHA512_LEGACY if SPL_SHA512
+ select SPL_SHA384_LEGACY if SPL_SHA384
help
Enable legacy basic crypto libraries.
+if LEGACY_CRYPTO_BASIC
+
+config SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library.
+
+config SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library.
+
+config SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SHA512
+ default y if TI_SECURE_DEVICE && FIT_SIGNATURE
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library.
+
+config SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SHA384
+ select SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library.
+
+config MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library.
+
+if SPL
+
+config SPL_SHA1_LEGACY
+ bool "Enable SHA1 support in SPL with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library.
+
+config SPL_SHA256_LEGACY
+ bool "Enable SHA256 support in SPL with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library.
+
+config SPL_SHA512_LEGACY
+ bool "Enable SHA512 support in SPL with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library.
+
+config SPL_SHA384_LEGACY
+ bool "Enable SHA384 support in SPL with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
+ select SPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library.
+
+config SPL_MD5_LEGACY
+ bool "Enable MD5 support in SPL with legacy crypto library"
+ depends on LEGACY_CRYPTO_BASIC && SPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library.
+
+endif # SPL
+
+endif # LEGACY_CRYPTO_BASIC
+
config LEGACY_CRYPTO_CERT
bool "legacy certificate libraries"
help