lib: Adapt digest header files to MbedTLS Adapt digest header files to support both original libs and MbedTLS by switching on/off MBEDTLS_LIB_CRYPTO. Introduce <alg>_LEGACY kconfig for legacy hash implementations. sha256.o should depend on SHA256 kconfig only but not SUPPORT_EMMC_RPMB, SHA256 should be selected when SUPPORT_EMMC_RPMB is enabled instead. `IS_ENABLED` or `CONFIG_IS_ENABLED` is not applicable here, since including <linux/kconfig.h> causes undefined reference on schedule() with sandbox build, as <linux/kconfig.h> includes <generated/autoconf.h> which enables `CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule() are defined in sandbox build, Thus we use `#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` instead. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

commit: a571b98c02f19503448010acfa65a62aa4fcecd9 [log] [tgz]
author: Raymond Mao <raymond.mao@linaro.org> Thu Oct 03 14:50:16 2024 -0700
committer: Tom Rini <trini@konsulko.com> Mon Oct 14 17:58:23 2024 -0600
tree: 66bc6e842f74acb2d05ba6220fe70825f3e77802
parent: 87010c36b02685b1db4fc197b7cc73a369db3edd [diff]
diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h
index c465925..69898fc 100644
--- a/include/u-boot/md5.h
+++ b/include/u-boot/md5.h

@@ -6,10 +6,16 @@
 #ifndef _MD5_H
 #define _MD5_H
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+#include <mbedtls/md5.h>
+#endif
 #include "compiler.h"
 
 #define MD5_SUM_LEN	16
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_md5_context MD5Context;
+#else
 typedef struct MD5Context {
 	__u32 buf[4];
 	__u32 bits[2];
@@ -18,6 +24,7 @@
 		__u32 in32[16];
 	};
 } MD5Context;
+#endif
 
 void MD5Init(MD5Context *ctx);
 void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len);

diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h
index c1e9f67..ab88134 100644
--- a/include/u-boot/sha1.h
+++ b/include/u-boot/sha1.h

@@ -16,6 +16,21 @@
 
 #include <linux/types.h>
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+/*
+ * FIXME:
+ * MbedTLS define the members of "mbedtls_sha256_context" as private,
+ * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue.
+ * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
+ * access.
+ * Directly including <external/mbedtls/library/common.h> is not allowed,
+ * since this will include <malloc.h> and break the sandbox test.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include <mbedtls/sha1.h>
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -26,6 +41,9 @@
 
 extern const uint8_t sha1_der_prefix[];
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_sha1_context sha1_context;
+#else
 /**
  * \brief	   SHA-1 context structure
  */
@@ -36,13 +54,14 @@
     unsigned char buffer[64];	/*!< data block being processed */
 }
 sha1_context;
+#endif
 
 /**
  * \brief	   SHA-1 context setup
  *
  * \param ctx	   SHA-1 context to be initialized
  */
-void sha1_starts( sha1_context *ctx );
+void sha1_starts(sha1_context *ctx);
 
 /**
  * \brief	   SHA-1 process buffer

diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
index a4fe176..b58d5b5 100644
--- a/include/u-boot/sha256.h
+++ b/include/u-boot/sha256.h

@@ -3,6 +3,22 @@
 
 #include <linux/types.h>
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+/*
+ * FIXME:
+ * MbedTLS define the members of "mbedtls_sha256_context" as private,
+ * but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue.
+ * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
+ * access.
+ * Directly including <external/mbedtls/library/common.h> is not allowed,
+ * since this will include <malloc.h> and break the sandbox test.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include <mbedtls/sha256.h>
+#endif
+
+#define SHA224_SUM_LEN	28
 #define SHA256_SUM_LEN	32
 #define SHA256_DER_LEN	19
 
@@ -11,11 +27,15 @@
 /* Reset watchdog each time we process this many bytes */
 #define CHUNKSZ_SHA256	(64 * 1024)
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_sha256_context sha256_context;
+#else
 typedef struct {
 	uint32_t total[2];
 	uint32_t state[8];
 	uint8_t buffer[64];
 } sha256_context;
+#endif
 
 void sha256_starts(sha256_context * ctx);
 void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length);

diff --git a/include/u-boot/sha512.h b/include/u-boot/sha512.h
index 83c2119..7e10f59 100644
--- a/include/u-boot/sha512.h
+++ b/include/u-boot/sha512.h

@@ -3,6 +3,10 @@
 
 #include <linux/types.h>
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+#include <mbedtls/sha512.h>
+#endif
+
 #define SHA384_SUM_LEN          48
 #define SHA384_DER_LEN          19
 #define SHA512_SUM_LEN          64
@@ -12,11 +16,16 @@
 #define CHUNKSZ_SHA384	(16 * 1024)
 #define CHUNKSZ_SHA512	(16 * 1024)
 
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
+typedef mbedtls_sha512_context sha384_context;
+typedef mbedtls_sha512_context sha512_context;
+#else
 typedef struct {
 	uint64_t state[SHA512_SUM_LEN / 8];
 	uint64_t count[2];
 	uint8_t buf[SHA512_BLOCK_SIZE];
 } sha512_context;
+#endif
 
 extern const uint8_t sha512_der_prefix[];
commit	a571b98c02f19503448010acfa65a62aa4fcecd9	[log] [tgz]
author	Raymond Mao <raymond.mao@linaro.org>	Thu Oct 03 14:50:16 2024 -0700
committer	Tom Rini <trini@konsulko.com>	Mon Oct 14 17:58:23 2024 -0600
tree	66bc6e842f74acb2d05ba6220fe70825f3e77802
parent	87010c36b02685b1db4fc197b7cc73a369db3edd [diff]