Merge branch 'next-dev' into thunder-boot

Change-Id: I83b054613effee1a89bdcbffbc68ebf37abe7a2b

arch/arm/mach-rockchip/make_fit_optee.sh

@@ -25,10 +25,8 @@ EOF
 
 OUTDIR=$PWD
 DARM_BASE=`sed -n "/CONFIG_SYS_SDRAM_BASE=/s/CONFIG_SYS_SDRAM_BASE=//p" ${OUTDIR}/include/autoconf.mk|tr -d '\r'`
-UBOOT_OFFSET=`sed -n "/CONFIG_SYS_TEXT_BASE=/s/CONFIG_SYS_TEXT_BASE=//p" ${OUTDIR}/include/autoconf.mk|tr -d '\r'`
+UBOOT_BASE=`sed -n "/CONFIG_SYS_TEXT_BASE=/s/CONFIG_SYS_TEXT_BASE=//p" ${OUTDIR}/include/autoconf.mk|tr -d '\r'`
-UBOOT_BASE=$((DARM_BASE+UBOOT_OFFSET))
+echo "			load = <"$UBOOT_BASE">;"
-UBOOT_BASE=$(echo "obase=16;${UBOOT_BASE}"|bc)
-echo "			load = <0x"$UBOOT_BASE">;"
 cat << EOF
 			hash@1 {
 				algo = "sha256";

common/board_r.c

@@ -512,6 +512,9 @@ static int initr_env_nowhere(void)
 #else
 	const char env_minimum[] = {
 		ENV_MEM_LAYOUT_SETTINGS
+#ifdef ENV_MEM_LAYOUT_SETTINGS1
+		ENV_MEM_LAYOUT_SETTINGS1
+#endif
 #ifdef RKIMG_DET_BOOTDEV
 		RKIMG_DET_BOOTDEV
 #endif

common/image-fit.c

@@ -20,6 +20,8 @@
 #include <mapmem.h>
 #include <asm/io.h>
 #include <malloc.h>
+#include <crypto.h>
+
 DECLARE_GLOBAL_DATA_PTR;
 #endif /* !USE_HOSTCC*/
 
@@ -1086,8 +1088,9 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
  *     0, on success
  *    -1, when algo is unsupported
  */
-int calculate_hash(const void *data, int data_len, const char *algo,
+int calculate_hash_software(const void *data, int data_len,
-			uint8_t *value, int *value_len)
+			    const char *algo, uint8_t *value,
+			    int *value_len)
 {
 	if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
 		*((uint32_t *)value) = crc32_wd(0, data, data_len,
@@ -1112,6 +1115,63 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 	return 0;
 }
 
+#ifdef USE_HOSTCC
+int calculate_hash(const void *data, int data_len, const char *algo,
+		   uint8_t *value, int *value_len)
+{
+	return calculate_hash_software(data, data_len, algo, value, value_len);
+}
+#else
+#if CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
+static int crypto_csum(u32 cap, const char *data, int len, u8 *output)
+{
+	struct udevice *dev;
+	sha_context csha_ctx;
+
+	dev = crypto_get_device(cap);
+	if (!dev) {
+		printf("Can't find expected crypto device\n");
+		return -ENODEV;
+	}
+
+	csha_ctx.algo = cap;
+	csha_ctx.length = len;
+
+	return crypto_sha_csum(dev, &csha_ctx, (char *)data, len, output);
+}
+
+int calculate_hash(const void *data, int data_len, const char *algo,
+		   uint8_t *value, int *value_len)
+{
+	if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
+		*((uint32_t *)value) = crc32_wd(0, data, data_len,
+							CHUNKSZ_CRC32);
+		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
+		*value_len = 4;
+	} else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
+		crypto_csum(CRYPTO_SHA1, data, data_len, value);
+		*value_len = 20;
+	} else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
+		crypto_csum(CRYPTO_SHA256, data, data_len, value);
+		*value_len = SHA256_SUM_LEN;
+	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
+		crypto_csum(CRYPTO_MD5, data, data_len, value);
+		*value_len = 16;
+	} else {
+		debug("Unsupported hash alogrithm\n");
+		return -1;
+	}
+	return 0;
+}
+#else
+int calculate_hash(const void *data, int data_len, const char *algo,
+		   uint8_t *value, int *value_len)
+{
+	return calculate_hash_software(data, data_len, algo, value, value_len);
+}
+#endif
+#endif
+
 static int fit_image_check_hash(const void *fit, int noffset, const void *data,
 				size_t size, char **err_msgp)
 {

drivers/crypto/crypto-uclass.c

@@ -5,6 +5,35 @@
 
 #include <crypto.h>
 
+static const u8 null_hash_sha1_value[] = {
+	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+	0xaf, 0xd8, 0x07, 0x09
+};
+
+static const u8 null_hash_md5_value[] = {
+	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
+};
+
+static const u8 null_hash_sha256_value[] = {
+	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+
+static const u8 null_hash_sha512_value[] = {
+	0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+	0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+	0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+	0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+	0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+	0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+	0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+	0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e
+};
+
 u32 crypto_algo_nbits(u32 algo)
 {
 	switch (algo) {
@@ -64,6 +93,9 @@ int crypto_sha_init(struct udevice *dev, sha_context *ctx)
 {
 	const struct dm_crypto_ops *ops = device_get_ops(dev);
 
+	if (ctx && !ctx->length)
+		return 0;
+
 	if (!ops || !ops->sha_init)
 		return -ENOSYS;
 
@@ -74,6 +106,9 @@ int crypto_sha_update(struct udevice *dev, u32 *input, u32 len)
 {
 	const struct dm_crypto_ops *ops = device_get_ops(dev);
 
+	if (!len)
+		return 0;
+
 	if (!ops || !ops->sha_update)
 		return -ENOSYS;
 
@@ -83,6 +118,35 @@ int crypto_sha_update(struct udevice *dev, u32 *input, u32 len)
 int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output)
 {
 	const struct dm_crypto_ops *ops = device_get_ops(dev);
+	const u8 *null_hash = NULL;
+	u32 hash_size = 0;
+
+	if (ctx && !ctx->length && output) {
+		switch (ctx->algo) {
+		case CRYPTO_MD5:
+			null_hash = null_hash_md5_value;
+			hash_size = sizeof(null_hash_md5_value);
+			break;
+		case CRYPTO_SHA1:
+			null_hash = null_hash_sha1_value;
+			hash_size = sizeof(null_hash_sha1_value);
+			break;
+		case CRYPTO_SHA256:
+			null_hash = null_hash_sha256_value;
+			hash_size = sizeof(null_hash_sha256_value);
+			break;
+		case CRYPTO_SHA512:
+			null_hash = null_hash_sha512_value;
+			hash_size = sizeof(null_hash_sha512_value);
+			break;
+		default:
+			return -EINVAL;
+		}
+
+		memcpy(output, null_hash, hash_size);
+
+		return 0;
+	}
 
 	if (!ops || !ops->sha_final)
 		return -ENOSYS;

drivers/crypto/rockchip/crypto_v2.c

@@ -48,35 +48,6 @@ typedef u32 paddr_t;
 #define virt_to_phys(addr)		(((unsigned long)addr) & 0xffffffff)
 #define phys_to_virt(addr, area)	((unsigned long)addr)
 
-static const u8 null_hash_sha1_value[] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-	0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 null_hash_md5_value[] = {
-	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
-};
-
-static const u8 null_hash_sha256_value[] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
-static const u8 null_hash_sha512_value[] = {
-	0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
-	0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
-	0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
-	0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
-	0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
-	0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
-	0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
-	0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e
-};
-
 fdt_addr_t crypto_base;
 
 static void word2byte(u32 word, u8 *ch, u32 endian)
@@ -175,22 +146,18 @@ int rk_hash_init(void *hw_ctx, u32 algo, u32 length)
 	case CRYPTO_MD5:
 		reg_ctrl |= CRYPTO_MODE_MD5;
 		tmp_ctx->digest_size = 16;
-		tmp_ctx->null_hash = null_hash_md5_value;
 		break;
 	case CRYPTO_SHA1:
 		reg_ctrl |= CRYPTO_MODE_SHA1;
 		tmp_ctx->digest_size = 20;
-		tmp_ctx->null_hash = null_hash_sha1_value;
 		break;
 	case CRYPTO_SHA256:
 		reg_ctrl |= CRYPTO_MODE_SHA256;
 		tmp_ctx->digest_size = 32;
-		tmp_ctx->null_hash = null_hash_sha256_value;
 		break;
 	case CRYPTO_SHA512:
 		reg_ctrl |= CRYPTO_MODE_SHA512;
 		tmp_ctx->digest_size = 64;
-		tmp_ctx->null_hash = null_hash_sha512_value;
 		break;
 
 	default:

drivers/crypto/rockchip/crypto_v2_pka.c

@@ -1052,7 +1052,7 @@ int rk_exptmod_np(void *m, void *e, void *n, void *np, void *d)
 	if (m_np->d)
 		error = rk_calcNp_and_initmodop((m_n)->d, /*in N*/
 						exact_size,	/*in N size*/
-						np,	/*out NP*/
+						m_np->d,	/*out NP*/
 						RK_PKA_SET_NP, /*in set NP*/
 						2,	/*in *r_t0*/
 						3,	/*in r_t1*/

include/rockchip/crypto_v2.h

@@ -581,7 +581,6 @@ struct crypto_lli_desc {
 
 struct rk_hash_ctx {
 	struct crypto_lli_desc data_lli;/* lli desc */
-	const	u8 *null_hash;		/* when length is zero */
 	void	*cache;			/* virt addr for hash src data*/
 	u32	cache_size;		/* data in cached size */
 	u32	left_len;		/* left data to calc */

lib/rsa/rsa-sign.c

@@ -388,7 +388,7 @@ static void rsa_engine_remove(ENGINE *e)
  * key to sign current fit image. Then we replace the signature in fit image
  * with a valid one.
  */
-static void gen_data2sign(const struct image_region region[], int region_count)
+static int gen_data2sign(const struct image_region region[], int region_count)
 {
 	char *file = "data2sign.bin";
 	FILE *fd;
@@ -405,6 +405,8 @@ static void gen_data2sign(const struct image_region region[], int region_count)
 		fwrite(region[i].data, region[i].size, 1, fd);
 
 	fclose(fd);
+
+	return 0;
 }
 
 static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,