Merge branch '2021-07-16-cleanup-image-support'

- A large rework of the logic around supporting various image
  types/formats and sharing between the host and target.

4 files changed, 32 insertions, 76 deletions

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 89a3161..ae3f2b6 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -35,7 +35,7 @@ config FIT_EXTERNAL_OFFSET
 	  could be put in the hole between data payload and fit image
 	  header, such as CSF data on i.MX platform.
 
-config FIT_ENABLE_SHA256_SUPPORT
+config FIT_SHA256
 	bool "Support SHA256 checksum of FIT image contents"
 	default y
 	select SHA256
@@ -44,7 +44,7 @@ config FIT_ENABLE_SHA256_SUPPORT
 	  SHA256 checksum is a 256-bit (32-byte) hash value used to check that
 	  the image contents have not been corrupted.
 
-config FIT_ENABLE_SHA384_SUPPORT
+config FIT_SHA384
 	bool "Support SHA384 checksum of FIT image contents"
 	default n
 	select SHA384
@@ -54,7 +54,7 @@ config FIT_ENABLE_SHA384_SUPPORT
 	  the image contents have not been corrupted. Use this for the highest
 	  security.
 
-config FIT_ENABLE_SHA512_SUPPORT
+config FIT_SHA512
 	bool "Support SHA512 checksum of FIT image contents"
 	default n
 	select SHA512
@@ -103,7 +103,7 @@ config FIT_SIGNATURE_MAX_SIZE
 	  device memory. Assure this size does not extend past expected storage
 	  space.
 
-config FIT_ENABLE_RSASSA_PSS_SUPPORT
+config FIT_RSASSA_PSS
 	bool "Support rsassa-pss signature scheme of FIT image contents"
 	depends on FIT_SIGNATURE
 	default n
diff --git a/common/image-fit.c b/common/image-fit.c
index e9b455d..8e23d51 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1219,19 +1219,19 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 							CHUNKSZ_CRC32);
 		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
 		*value_len = 4;
-	} else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
+	} else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
 		sha1_csum_wd((unsigned char *)data, data_len,
 			     (unsigned char *)value, CHUNKSZ_SHA1);
 		*value_len = 20;
-	} else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
+	} else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
 		sha256_csum_wd((unsigned char *)data, data_len,
 			       (unsigned char *)value, CHUNKSZ_SHA256);
 		*value_len = SHA256_SUM_LEN;
-	} else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
+	} else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
 		sha384_csum_wd((unsigned char *)data, data_len,
 			       (unsigned char *)value, CHUNKSZ_SHA384);
 		*value_len = SHA384_SUM_LEN;
-	} else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
+	} else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
 		sha512_csum_wd((unsigned char *)data, data_len,
 			       (unsigned char *)value, CHUNKSZ_SHA512);
 		*value_len = SHA512_SUM_LEN;
@@ -2027,7 +2027,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
 		 * fit_conf_get_node() will try to find default config node
 		 */
 		bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME);
-		if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) {
+		if (IS_ENABLED(CONFIG_FIT_BEST_MATCH) && !fit_uname_config) {
 			cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob());
 		} else {
 			cfg_noffset = fit_conf_get_node(fit,
diff --git a/common/image-sig.c b/common/image-sig.c
index 0f8e592..fb00355 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -3,18 +3,11 @@
  * Copyright (c) 2013, Google Inc.
  */
 
-#ifdef USE_HOSTCC
-#include "mkimage.h"
-#include <fdt_support.h>
-#include <time.h>
-#include <linux/libfdt.h>
-#else
 #include <common.h>
 #include <log.h>
 #include <malloc.h>
 #include <asm/global_data.h>
 DECLARE_GLOBAL_DATA_PTR;
-#endif /* !USE_HOSTCC*/
 #include <image.h>
 #include <u-boot/ecdsa.h>
 #include <u-boot/rsa.h>
@@ -28,9 +21,6 @@ struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA1_SUM_LEN,
 		.der_len = SHA1_DER_LEN,
 		.der_prefix = sha1_der_prefix,
-#if IMAGE_ENABLE_SIGN
-		.calculate_sign = EVP_sha1,
-#endif
 		.calculate = hash_calculate,
 	},
 	{
@@ -38,9 +28,6 @@ struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA256_SUM_LEN,
 		.der_len = SHA256_DER_LEN,
 		.der_prefix = sha256_der_prefix,
-#if IMAGE_ENABLE_SIGN
-		.calculate_sign = EVP_sha256,
-#endif
 		.calculate = hash_calculate,
 	},
 #ifdef CONFIG_SHA384
@@ -49,9 +36,6 @@ struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA384_SUM_LEN,
 		.der_len = SHA384_DER_LEN,
 		.der_prefix = sha384_der_prefix,
-#if IMAGE_ENABLE_SIGN
-		.calculate_sign = EVP_sha384,
-#endif
 		.calculate = hash_calculate,
 	},
 #endif
@@ -61,50 +45,23 @@ struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA512_SUM_LEN,
 		.der_len = SHA512_DER_LEN,
 		.der_prefix = sha512_der_prefix,
-#if IMAGE_ENABLE_SIGN
-		.calculate_sign = EVP_sha512,
-#endif
 		.calculate = hash_calculate,
 	},
 #endif
 
 };
 
-struct crypto_algo crypto_algos[] = {
-	{
-		.name = "rsa2048",
-		.key_len = RSA2048_BYTES,
-		.sign = rsa_sign,
-		.add_verify_data = rsa_add_verify_data,
-		.verify = rsa_verify,
-	},
-	{
-		.name = "rsa4096",
-		.key_len = RSA4096_BYTES,
-		.sign = rsa_sign,
-		.add_verify_data = rsa_add_verify_data,
-		.verify = rsa_verify,
-	},
-	{
-		.name = "ecdsa256",
-		.key_len = ECDSA256_BYTES,
-		.sign = ecdsa_sign,
-		.add_verify_data = ecdsa_add_verify_data,
-		.verify = ecdsa_verify,
-	},
-};
-
 struct padding_algo padding_algos[] = {
 	{
 		.name = "pkcs-1.5",
 		.verify = padding_pkcs_15_verify,
 	},
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+#ifdef CONFIG_FIT_RSASSA_PSS
 	{
 		.name = "pss",
 		.verify = padding_pss_verify,
 	}
-#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+#endif /* CONFIG_FIT_RSASSA_PSS */
 };
 
 struct checksum_algo *image_get_checksum_algo(const char *full_name)
@@ -112,16 +69,13 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name)
 	int i;
 	const char *name;
 
-#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC)
+#if defined(CONFIG_NEEDS_MANUAL_RELOC)
 	static bool done;
 
 	if (!done) {
 		done = true;
 		for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
 			checksum_algos[i].name += gd->reloc_off;
-#if IMAGE_ENABLE_SIGN
-			checksum_algos[i].calculate_sign += gd->reloc_off;
-#endif
 			checksum_algos[i].calculate += gd->reloc_off;
 		}
 	}
@@ -140,19 +94,18 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name)
 
 struct crypto_algo *image_get_crypto_algo(const char *full_name)
 {
-	int i;
+	struct crypto_algo *crypto, *end;
 	const char *name;
 
-#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC)
+#if defined(CONFIG_NEEDS_MANUAL_RELOC)
 	static bool done;
 
 	if (!done) {
-		done = true;
-		for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
-			crypto_algos[i].name += gd->reloc_off;
-			crypto_algos[i].sign += gd->reloc_off;
-			crypto_algos[i].add_verify_data += gd->reloc_off;
-			crypto_algos[i].verify += gd->reloc_off;
+		crypto = ll_entry_start(struct crypto_algo, cryptos);
+		end = ll_entry_end(struct crypto_algo, cryptos);
+		for (; crypto < end; crypto++) {
+			crypto->name += gd->reloc_off;
+			crypto->verify += gd->reloc_off;
 		}
 	}
 #endif
@@ -163,11 +116,14 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
 		return NULL;
 	name += 1;
 
-	for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
-		if (!strcmp(crypto_algos[i].name, name))
-			return &crypto_algos[i];
+	crypto = ll_entry_start(struct crypto_algo, cryptos);
+	end = ll_entry_end(struct crypto_algo, cryptos);
+	for (; crypto < end; crypto++) {
+		if (!strcmp(crypto->name, name))
+			return crypto;
 	}
 
+	/* Not found */
 	return NULL;
 }
 
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index fa80524..2df3e5d 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -204,7 +204,7 @@ config SPL_LEGACY_IMAGE_SUPPORT
 config SPL_LEGACY_IMAGE_CRC_CHECK
 	bool "Check CRC of Legacy images"
 	depends on SPL_LEGACY_IMAGE_SUPPORT
-	select SPL_CRC32_SUPPORT
+	select SPL_CRC32
 	help
 	  Enable this to check the CRC of Legacy images. While this increases
 	  reliability, it affects both code size and boot duration.
@@ -407,7 +407,7 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION
 	  the eMMC EXT_CSC_PART_CONFIG selection should be overridden in SPL
 	  by user defined partition number.
 
-config SPL_CRC32_SUPPORT
+config SPL_CRC32
 	bool "Support CRC32"
 	default y if SPL_LEGACY_IMAGE_SUPPORT
 	help
@@ -417,7 +417,7 @@ config SPL_CRC32_SUPPORT
 	  for detected accidental image corruption. For secure applications you
 	  should consider SHA1 or SHA256.
 
-config SPL_MD5_SUPPORT
+config SPL_MD5
 	bool "Support MD5"
 	depends on SPL_FIT
 	help
@@ -429,7 +429,7 @@ config SPL_MD5_SUPPORT
 	  applications where images may be changed maliciously, you should
 	  consider SHA256 or SHA384.
 
-config SPL_SHA1_SUPPORT
+config SPL_FIT_SHA1
 	bool "Support SHA1"
 	depends on SPL_FIT
 	select SHA1
@@ -441,7 +441,7 @@ config SPL_SHA1_SUPPORT
 	  due to the expanding computing power available to brute-force
 	  attacks. For more security, consider SHA256 or SHA384.
 
-config SPL_SHA256_SUPPORT
+config SPL_FIT_SHA256
 	bool "Support SHA256"
 	depends on SPL_FIT
 	select SHA256
@@ -450,7 +450,7 @@ config SPL_SHA256_SUPPORT
 	  checksum is a 256-bit (32-byte) hash value used to check that the
 	  image contents have not been corrupted.
 
-config SPL_SHA384_SUPPORT
+config SPL_FIT_SHA384
 	bool "Support SHA384"
 	depends on SPL_FIT
 	select SHA384
@@ -461,7 +461,7 @@ config SPL_SHA384_SUPPORT
 	  image contents have not been corrupted. Use this for the highest
 	  security.
 
-config SPL_SHA512_SUPPORT
+config SPL_FIT_SHA512
 	bool "Support SHA512"
 	depends on SPL_FIT
 	select SHA512