From 5b0bc491775b5fbdb7c2928102abff2e61be3376 Mon Sep 17 00:00:00 2001
From: Joseph Chen <chenjh@rock-chips.com>
Date: Sun, 8 Dec 2019 18:00:07 +0800
Subject: [PATCH] lib: avb: support crypto sha256/512

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: Ifbcc1940d9b494fc488c0b9e95f88d7c98604f62
---
 include/android_avb/avb_sha.h         | 12 +++++++++++
 lib/avb/libavb/avb_sha256.c           | 27 +++++++++++++++++++++++++
 lib/avb/libavb/avb_sha512.c           | 29 +++++++++++++++++++++++++++
 lib/avb/libavb/avb_slot_verify.c      | 12 +++++++++++
 lib/avb/libavb/avb_vbmeta_image.c     |  5 +++++
 lib/avb/libavb_atx/avb_atx_validate.c |  2 ++
 6 files changed, 87 insertions(+)

diff --git a/include/android_avb/avb_sha.h b/include/android_avb/avb_sha.h
index 0b0db8b8d9..7d8455929d 100644
--- a/include/android_avb/avb_sha.h
+++ b/include/android_avb/avb_sha.h
@@ -39,8 +39,12 @@
 extern "C" {
 #endif
 
+#ifdef CONFIG_DM_CRYPTO
+#include <crypto.h>
+#endif
 #include <android_avb/avb_crypto.h>
 #include <android_avb/avb_sysdeps.h>
+#include <dm/device.h>
 
 /* Block size in bytes of a SHA-256 digest. */
 #define AVB_SHA256_BLOCK_SIZE 64
@@ -56,6 +60,10 @@ typedef struct {
   size_t len;
   uint8_t block[2 * AVB_SHA256_BLOCK_SIZE];
   uint8_t buf[AVB_SHA256_DIGEST_SIZE]; /* Used for storing the final digest. */
+#ifdef CONFIG_DM_CRYPTO
+  struct udevice *crypto_dev;
+  sha_context crypto_ctx;
+#endif
 } AvbSHA256Ctx;
 
 /* Data structure used for SHA-512. */
@@ -65,6 +73,10 @@ typedef struct {
   size_t len;
   uint8_t block[2 * AVB_SHA512_BLOCK_SIZE];
   uint8_t buf[AVB_SHA512_DIGEST_SIZE]; /* Used for storing the final digest. */
+#ifdef CONFIG_DM_CRYPTO
+  struct udevice *crypto_dev;
+  sha_context crypto_ctx;
+#endif
 } AvbSHA512Ctx;
 
 /* Initializes the SHA-256 context. */
diff --git a/lib/avb/libavb/avb_sha256.c b/lib/avb/libavb/avb_sha256.c
index 6e1d58fe2a..de0306384b 100644
--- a/lib/avb/libavb/avb_sha256.c
+++ b/lib/avb/libavb/avb_sha256.c
@@ -36,7 +36,33 @@
  */
 
 #include <android_avb/avb_sha.h>
+#include <android_avb/avb_util.h>
 
+#ifdef CONFIG_DM_CRYPTO
+void avb_sha256_init(AvbSHA256Ctx* ctx) {
+  ctx->crypto_ctx.algo = CRYPTO_SHA256;
+  ctx->crypto_ctx.length = ctx->tot_len;
+  memset(ctx->buf, 0, sizeof(ctx->buf));
+
+  ctx->crypto_dev = crypto_get_device(ctx->crypto_ctx.algo);
+  if (!ctx->crypto_dev)
+    avb_error("Can't get sha256 crypto device\n");
+  else
+    crypto_sha_init(ctx->crypto_dev, &ctx->crypto_ctx);
+}
+
+void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) {
+  if (ctx->crypto_dev)
+    crypto_sha_update(ctx->crypto_dev, (u32 *)data, len);
+}
+
+uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) {
+  if (ctx->crypto_dev)
+    crypto_sha_final(ctx->crypto_dev, &ctx->crypto_ctx, ctx->buf);
+
+  return ctx->buf;
+}
+#else
 #define SHFR(x, n) (x >> n)
 #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
 #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
@@ -400,3 +426,4 @@ uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) {
 
   return ctx->buf;
 }
+#endif
diff --git a/lib/avb/libavb/avb_sha512.c b/lib/avb/libavb/avb_sha512.c
index 724781cc7f..d3e437b4a4 100644
--- a/lib/avb/libavb/avb_sha512.c
+++ b/lib/avb/libavb/avb_sha512.c
@@ -36,7 +36,35 @@
  */
 
 #include <android_avb/avb_sha.h>
+#include <android_avb/avb_util.h>
 
+/* Crypto-v1 is not support sha512 */
+#ifdef CONFIG_ROCKCHIP_CRYPTO_V2
+void avb_sha512_init(AvbSHA512Ctx* ctx) {
+  ctx->crypto_ctx.algo = CRYPTO_SHA512;
+  ctx->crypto_ctx.length = ctx->tot_len;
+  memset(ctx->buf, 0, sizeof(ctx->buf));
+
+  ctx->crypto_dev = crypto_get_device(ctx->crypto_ctx.algo);
+  if (!ctx->crypto_dev)
+    avb_error("Can't get sha512 crypto device\n");
+  else
+    crypto_sha_init(ctx->crypto_dev, &ctx->crypto_ctx);
+}
+
+void avb_sha512_update(AvbSHA512Ctx* ctx, const uint8_t* data, size_t len) {
+  if (ctx->crypto_dev)
+    crypto_sha_update(ctx->crypto_dev, (u32 *)data, len);
+}
+
+uint8_t* avb_sha512_final(AvbSHA512Ctx* ctx) {
+  if (ctx->crypto_dev)
+    crypto_sha_final(ctx->crypto_dev, &ctx->crypto_ctx, ctx->buf);
+
+  return ctx->buf;
+}
+
+#else
 #define SHFR(x, n) (x >> n)
 #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
 #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
@@ -386,3 +414,4 @@ uint8_t* avb_sha512_final(AvbSHA512Ctx* ctx) {
 
   return ctx->buf;
 }
+#endif
diff --git a/lib/avb/libavb/avb_slot_verify.c b/lib/avb/libavb/avb_slot_verify.c
index 384b10e54e..123701fc3b 100644
--- a/lib/avb/libavb/avb_slot_verify.c
+++ b/lib/avb/libavb/avb_slot_verify.c
@@ -401,12 +401,14 @@ static AvbSlotVerifyResult load_and_verify_hash_partition(
     image_size_to_hash = image_size;
   }
   if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) {
+    sha256_ctx.tot_len = hash_desc.salt_len + image_size_to_hash;
     avb_sha256_init(&sha256_ctx);
     avb_sha256_update(&sha256_ctx, desc_salt, hash_desc.salt_len);
     avb_sha256_update(&sha256_ctx, image_buf, image_size_to_hash);
     digest = avb_sha256_final(&sha256_ctx);
     digest_len = AVB_SHA256_DIGEST_SIZE;
   } else if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha512") == 0) {
+    sha512_ctx.tot_len = hash_desc.salt_len + image_size_to_hash;
     avb_sha512_init(&sha512_ctx);
     avb_sha512_update(&sha512_ctx, desc_salt, hash_desc.salt_len);
     avb_sha512_update(&sha512_ctx, image_buf, image_size_to_hash);
@@ -1716,6 +1718,11 @@ void avb_slot_verify_data_calculate_vbmeta_digest(AvbSlotVerifyData* data,
   switch (digest_type) {
     case AVB_DIGEST_TYPE_SHA256: {
       AvbSHA256Ctx ctx;
+
+      ctx.tot_len = 0;
+      for (n = 0; n < data->num_vbmeta_images; n++)
+        ctx.tot_len += data->vbmeta_images[n].vbmeta_size;
+
       avb_sha256_init(&ctx);
       for (n = 0; n < data->num_vbmeta_images; n++) {
         avb_sha256_update(&ctx,
@@ -1728,6 +1735,11 @@ void avb_slot_verify_data_calculate_vbmeta_digest(AvbSlotVerifyData* data,
 
     case AVB_DIGEST_TYPE_SHA512: {
       AvbSHA512Ctx ctx;
+
+      ctx.tot_len = 0;
+      for (n = 0; n < data->num_vbmeta_images; n++)
+        ctx.tot_len += data->vbmeta_images[n].vbmeta_size;
+
       avb_sha512_init(&ctx);
       for (n = 0; n < data->num_vbmeta_images; n++) {
         avb_sha512_update(&ctx,
diff --git a/lib/avb/libavb/avb_vbmeta_image.c b/lib/avb/libavb/avb_vbmeta_image.c
index cee7db3cf8..5d0179eced 100644
--- a/lib/avb/libavb/avb_vbmeta_image.c
+++ b/lib/avb/libavb/avb_vbmeta_image.c
@@ -178,6 +178,9 @@ AvbVBMetaVerifyResult avb_vbmeta_image_verify(
     case AVB_ALGORITHM_TYPE_SHA256_RSA2048:
     case AVB_ALGORITHM_TYPE_SHA256_RSA4096:
     case AVB_ALGORITHM_TYPE_SHA256_RSA8192:
+
+      sha256_ctx.tot_len = sizeof(AvbVBMetaImageHeader) +
+                                      h.auxiliary_data_block_size;
       avb_sha256_init(&sha256_ctx);
       avb_sha256_update(
           &sha256_ctx, header_block, sizeof(AvbVBMetaImageHeader));
@@ -189,6 +192,8 @@ AvbVBMetaVerifyResult avb_vbmeta_image_verify(
     case AVB_ALGORITHM_TYPE_SHA512_RSA2048:
     case AVB_ALGORITHM_TYPE_SHA512_RSA4096:
     case AVB_ALGORITHM_TYPE_SHA512_RSA8192:
+      sha512_ctx.tot_len = sizeof(AvbVBMetaImageHeader) +
+                                      h.auxiliary_data_block_size;
       avb_sha512_init(&sha512_ctx);
       avb_sha512_update(
           &sha512_ctx, header_block, sizeof(AvbVBMetaImageHeader));
diff --git a/lib/avb/libavb_atx/avb_atx_validate.c b/lib/avb/libavb_atx/avb_atx_validate.c
index 0bf6463f2a..2b21caa97e 100644
--- a/lib/avb/libavb_atx/avb_atx_validate.c
+++ b/lib/avb/libavb_atx/avb_atx_validate.c
@@ -45,6 +45,8 @@ static void sha256(const uint8_t* data,
                    uint32_t length,
                    uint8_t hash[AVB_SHA256_DIGEST_SIZE]) {
   AvbSHA256Ctx context;
+
+  context.tot_len = length;
   avb_sha256_init(&context);
   avb_sha256_update(&context, data, length);
   uint8_t* tmp = avb_sha256_final(&context);