diff options
author | Reuben Dowle <reubendowle0@gmail.com> | 2020-04-16 17:36:52 +1200 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2020-06-12 13:14:07 -0400 |
commit | d16b38f42704fe3cc94fbee1601be96045013151 (patch) | |
tree | abd95e88387701d92c5319565ed4a6aaf9c02a1b /common | |
parent | f191f3a1027ede56e2501920e3e8a8acd7033e77 (diff) |
Add support for SHA384 and SHA512
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
Diffstat (limited to 'common')
-rw-r--r-- | common/hash.c | 85 | ||||
-rw-r--r-- | common/image-fit.c | 9 | ||||
-rw-r--r-- | common/image-sig.c | 26 | ||||
-rw-r--r-- | common/spl/Kconfig | 32 |
4 files changed, 142 insertions, 10 deletions
diff --git a/common/hash.c b/common/hash.c index 8c00659d25..5c75848b7d 100644 --- a/common/hash.c +++ b/common/hash.c @@ -31,6 +31,7 @@ #include <u-boot/crc.h> #include <u-boot/sha1.h> #include <u-boot/sha256.h> +#include <u-boot/sha512.h> #include <u-boot/md5.h> #if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC) @@ -95,6 +96,65 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void } #endif +#if defined(CONFIG_SHA384) +static int hash_init_sha384(struct hash_algo *algo, void **ctxp) +{ + sha512_context *ctx = malloc(sizeof(sha512_context)); + sha384_starts(ctx); + *ctxp = ctx; + return 0; +} + +static int hash_update_sha384(struct hash_algo *algo, void *ctx, + const void *buf, unsigned int size, int is_last) +{ + sha384_update((sha512_context *)ctx, buf, size); + return 0; +} + +static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void + *dest_buf, int size) +{ + if (size < algo->digest_size) + return -1; + + sha384_finish((sha512_context *)ctx, dest_buf); + free(ctx); + return 0; +} +#endif + +#if defined(CONFIG_SHA512) +static int hash_init_sha512(struct hash_algo *algo, void **ctxp) +{ + sha512_context *ctx = malloc(sizeof(sha512_context)); + sha512_starts(ctx); + *ctxp = ctx; + return 0; +} + +static int hash_update_sha512(struct hash_algo *algo, void *ctx, + const void *buf, unsigned int size, int is_last) +{ + sha512_update((sha512_context *)ctx, buf, size); + return 0; +} + +static int hash_finish_sha512(struct hash_algo *algo, void *ctx, void + *dest_buf, int size) +{ + if (size < algo->digest_size) + return -1; + + printf("hello world\n"); + + sha512_finish((sha512_context *)ctx, dest_buf); + free(ctx); + return 0; +} +#endif + + static int hash_init_crc16_ccitt(struct hash_algo *algo, void **ctxp) { uint16_t *ctx = malloc(sizeof(uint16_t)); @@ -196,6 +256,28 @@ static struct hash_algo hash_algo[] = { #endif }, #endif +#ifdef CONFIG_SHA384 + { + .name = "sha384", + .digest_size = SHA384_SUM_LEN, + .chunk_size = CHUNKSZ_SHA384, + .hash_func_ws = sha384_csum_wd, + .hash_init = hash_init_sha384, + .hash_update = hash_update_sha384, + .hash_finish = hash_finish_sha384, + }, +#endif +#ifdef CONFIG_SHA512 + { + .name = "sha512", + .digest_size = SHA512_SUM_LEN, + .chunk_size = CHUNKSZ_SHA512, + .hash_func_ws = sha512_csum_wd, + .hash_init = hash_init_sha512, + .hash_update = hash_update_sha512, + .hash_finish = hash_finish_sha512, + }, +#endif { .name = "crc16-ccitt", .digest_size = 2, @@ -218,7 +300,8 @@ static struct hash_algo hash_algo[] = { /* Try to minimize code size for boards that don't want much hashing */ #if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \ - defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) + defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \ + defined(CONFIG_SHA384) || defined(CONFIG_SHA512) #define multi_hash() 1 #else #define multi_hash() 0 diff --git a/common/image-fit.c b/common/image-fit.c index 1ece100a21..d54eff9033 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -32,6 +32,7 @@ DECLARE_GLOBAL_DATA_PTR; #include <u-boot/md5.h> #include <u-boot/sha1.h> #include <u-boot/sha256.h> +#include <u-boot/sha512.h> /*****************************************************************************/ /* New uImage format routines */ @@ -1206,6 +1207,14 @@ int calculate_hash(const void *data, int data_len, const char *algo, sha256_csum_wd((unsigned char *)data, data_len, (unsigned char *)value, CHUNKSZ_SHA256); *value_len = SHA256_SUM_LEN; + } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) { + sha384_csum_wd((unsigned char *)data, data_len, + (unsigned char *)value, CHUNKSZ_SHA384); + *value_len = SHA384_SUM_LEN; + } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) { + sha512_csum_wd((unsigned char *)data, data_len, + (unsigned char *)value, CHUNKSZ_SHA512); + *value_len = SHA512_SUM_LEN; } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); *value_len = 16; diff --git a/common/image-sig.c b/common/image-sig.c index 498969d641..f3c209ae8b 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -40,7 +40,31 @@ struct checksum_algo checksum_algos[] = { .calculate_sign = EVP_sha256, #endif .calculate = hash_calculate, - } + }, +#ifdef CONFIG_SHA384 + { + .name = "sha384", + .checksum_len = SHA384_SUM_LEN, + .der_len = SHA384_DER_LEN, + .der_prefix = sha384_der_prefix, +#if IMAGE_ENABLE_SIGN + .calculate_sign = EVP_sha384, +#endif + .calculate = hash_calculate, + }, +#endif +#ifdef CONFIG_SHA512 + { + .name = "sha512", + .checksum_len = SHA512_SUM_LEN, + .der_len = SHA512_DER_LEN, + .der_prefix = sha512_der_prefix, +#if IMAGE_ENABLE_SIGN + .calculate_sign = EVP_sha512, +#endif + .calculate = hash_calculate, + }, +#endif }; diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 8ece9057b1..3eae65ebc1 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -412,7 +412,7 @@ config SPL_MD5_SUPPORT secure as it is possible (with a brute-force attack) to adjust the image while still retaining the same MD5 hash value. For secure applications where images may be changed maliciously, you should - consider SHA1 or SHA256. + consider SHA256 or SHA384. config SPL_SHA1_SUPPORT bool "Support SHA1" @@ -424,7 +424,7 @@ config SPL_SHA1_SUPPORT image contents have not been corrupted or maliciously altered. While SHA1 is fairly secure it is coming to the end of its life due to the expanding computing power available to brute-force - attacks. For more security, consider SHA256. + attacks. For more security, consider SHA256 or SHA384. config SPL_SHA256_SUPPORT bool "Support SHA256" @@ -433,12 +433,28 @@ config SPL_SHA256_SUPPORT help Enable this to support SHA256 in FIT images within SPL. A SHA256 checksum is a 256-bit (32-byte) hash value used to check that the - image contents have not been corrupted. SHA256 is recommended for - use in secure applications since (as at 2016) there is no known - feasible attack that could produce a 'collision' with differing - input data. Use this for the highest security. Note that only the - SHA256 variant is supported: SHA512 and others are not currently - supported in U-Boot. + image contents have not been corrupted. + +config SPL_SHA384_SUPPORT + bool "Support SHA384" + depends on SPL_FIT + select SHA384 + select SHA512_ALGO + help + Enable this to support SHA384 in FIT images within SPL. A SHA384 + checksum is a 384-bit (48-byte) hash value used to check that the + image contents have not been corrupted. Use this for the highest + security. + +config SPL_SHA512_SUPPORT + bool "Support SHA512" + depends on SPL_FIT + select SHA512 + select SHA512_ALGO + help + Enable this to support SHA512 in FIT images within SPL. A SHA512 + checksum is a 512-bit (64-byte) hash value used to check that the + image contents have not been corrupted. config SPL_FIT_IMAGE_TINY bool "Remove functionality from SPL FIT loading to reduce size" |