Merge branch '2021-07-16-cleanup-image-support'

- A large rework of the logic around supporting various image
  types/formats and sharing between the host and target.

include/image.h

@@ -30,10 +30,10 @@ struct fdt_region;
 #define IMAGE_ENABLE_FIT	1
 #define IMAGE_ENABLE_OF_LIBFDT	1
 #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
-#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
-#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
-#define CONFIG_FIT_ENABLE_SHA384_SUPPORT
-#define CONFIG_FIT_ENABLE_SHA512_SUPPORT
+#define CONFIG_FIT_RSASSA_PSS 1
+#define CONFIG_FIT_SHA256
+#define CONFIG_FIT_SHA384
+#define CONFIG_FIT_SHA512
 #define CONFIG_SHA1
 #define CONFIG_SHA256
 #define CONFIG_SHA384
@@ -47,6 +47,7 @@ struct fdt_region;
 #include <lmb.h>
 #include <asm/u-boot.h>
 #include <command.h>
+#include <linker_lists.h>
 
 /* Take notice of the 'ignore' property for hashes */
 #define IMAGE_ENABLE_IGNORE	1
@@ -62,19 +63,15 @@ struct fdt_region;
 #include <linux/libfdt.h>
 #include <fdt_support.h>
 # ifdef CONFIG_SPL_BUILD
-#  ifdef CONFIG_SPL_CRC32_SUPPORT
+#  ifdef CONFIG_SPL_CRC32
 #   define IMAGE_ENABLE_CRC32	1
 #  endif
-#  ifdef CONFIG_SPL_MD5_SUPPORT
+#  ifdef CONFIG_SPL_MD5
 #   define IMAGE_ENABLE_MD5	1
 #  endif
-#  ifdef CONFIG_SPL_SHA1_SUPPORT
-#   define IMAGE_ENABLE_SHA1	1
-#  endif
 # else
 #  define IMAGE_ENABLE_CRC32	1
 #  define IMAGE_ENABLE_MD5	1
-#  define IMAGE_ENABLE_SHA1	1
 # endif
 
 #ifndef IMAGE_ENABLE_CRC32
@@ -85,31 +82,6 @@ struct fdt_region;
 #define IMAGE_ENABLE_MD5	0
 #endif
 
-#ifndef IMAGE_ENABLE_SHA1
-#define IMAGE_ENABLE_SHA1	0
-#endif
-
-#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
-	defined(CONFIG_SPL_SHA256_SUPPORT)
-#define IMAGE_ENABLE_SHA256	1
-#else
-#define IMAGE_ENABLE_SHA256	0
-#endif
-
-#if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \
-	defined(CONFIG_SPL_SHA384_SUPPORT)
-#define IMAGE_ENABLE_SHA384	1
-#else
-#define IMAGE_ENABLE_SHA384	0
-#endif
-
-#if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \
-	defined(CONFIG_SPL_SHA512_SUPPORT)
-#define IMAGE_ENABLE_SHA512	1
-#else
-#define IMAGE_ENABLE_SHA512	0
-#endif
-
 #endif /* IMAGE_ENABLE_FIT */
 
 #ifdef CONFIG_SYS_BOOT_GET_CMDLINE
@@ -1224,20 +1196,14 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 #if defined(USE_HOSTCC)
 # if defined(CONFIG_FIT_SIGNATURE)
 #  define IMAGE_ENABLE_SIGN	1
-#  define IMAGE_ENABLE_VERIFY	1
-#  define IMAGE_ENABLE_VERIFY_ECDSA	1
 #  define FIT_IMAGE_ENABLE_VERIFY	1
 #  include <openssl/evp.h>
 # else
 #  define IMAGE_ENABLE_SIGN	0
-#  define IMAGE_ENABLE_VERIFY	0
-# define IMAGE_ENABLE_VERIFY_ECDSA	0
 #  define FIT_IMAGE_ENABLE_VERIFY	0
 # endif
 #else
 # define IMAGE_ENABLE_SIGN	0
-# define IMAGE_ENABLE_VERIFY		CONFIG_IS_ENABLED(RSA_VERIFY)
-# define IMAGE_ENABLE_VERIFY_ECDSA	0
 # define FIT_IMAGE_ENABLE_VERIFY	CONFIG_IS_ENABLED(FIT_SIGNATURE)
 #endif
 
@@ -1250,11 +1216,6 @@ void image_set_host_blob(void *host_blob);
 # define gd_fdt_blob()		(gd->fdt_blob)
 #endif
 
-#ifdef CONFIG_FIT_BEST_MATCH
-#define IMAGE_ENABLE_BEST_MATCH	1
-#else
-#define IMAGE_ENABLE_BEST_MATCH	0
-#endif
 #endif /* IMAGE_ENABLE_FIT */
 
 /*
@@ -1293,7 +1254,7 @@ struct image_region {
 	int size;
 };
 
-#if IMAGE_ENABLE_VERIFY
+#if FIT_IMAGE_ENABLE_VERIFY
 # include <u-boot/hash-checksum.h>
 #endif
 struct checksum_algo {
@@ -1362,6 +1323,10 @@ struct crypto_algo {
 		      uint8_t *sig, uint sig_len);
 };
 
+/* Declare a new U-Boot crypto algorithm handler */
+#define U_BOOT_CRYPTO_ALGO(__name)						\
+ll_entry_declare(struct crypto_algo, __name, cryptos)
+
 struct padding_algo {
 	const char *name;
 	int (*verify)(struct image_sign_info *info,

include/u-boot/ecdsa.h

@@ -15,7 +15,6 @@
  * @see "struct crypto_algo"
  * @{
  */
-#if IMAGE_ENABLE_SIGN
 /**
  * sign() - calculate and return signature for given input data
  *
@@ -49,22 +48,7 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
  * other -ve value on error
  */
 int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
-#else
-static inline
-int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
-	       int region_count, uint8_t **sigp, uint *sig_len)
-{
-	return -ENXIO;
-}
 
-static inline
-int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest)
-{
-	return -ENXIO;
-}
-#endif
-
-#if IMAGE_ENABLE_VERIFY_ECDSA
 /**
  * verify() - Verify a signature against some data
  *
@@ -78,15 +62,6 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest)
 int ecdsa_verify(struct image_sign_info *info,
 		 const struct image_region region[], int region_count,
 		 uint8_t *sig, uint sig_len);
-#else
-static inline
-int ecdsa_verify(struct image_sign_info *info,
-		 const struct image_region region[], int region_count,
-		 uint8_t *sig, uint sig_len)
-{
-	return -ENXIO;
-}
-#endif
 /** @} */
 
 #define ECDSA256_BYTES	(256 / 8)

include/u-boot/rsa.h

@@ -31,7 +31,6 @@ struct rsa_public_key {
 
 struct image_sign_info;
 
-#if IMAGE_ENABLE_SIGN
 /**
  * sign() - calculate and return signature for given input data
  *
@@ -66,22 +65,7 @@ int rsa_sign(struct image_sign_info *info,
 		other -ve value on error
 */
 int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
-#else
-static inline int rsa_sign(struct image_sign_info *info,
-		const struct image_region region[], int region_count,
-		uint8_t **sigp, uint *sig_len)
-{
-	return -ENXIO;
-}
 
-static inline int rsa_add_verify_data(struct image_sign_info *info,
-				      void *keydest)
-{
-	return -ENXIO;
-}
-#endif
-
-#if IMAGE_ENABLE_VERIFY
 /**
  * rsa_verify_hash() - Verify a signature against a hash
  *
@@ -119,42 +103,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
 			   uint8_t *msg, int msg_len,
 			   const uint8_t *hash, int hash_len);
 
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+#ifdef CONFIG_FIT_RSASSA_PSS
 int padding_pss_verify(struct image_sign_info *info,
 		       uint8_t *msg, int msg_len,
 		       const uint8_t *hash, int hash_len);
-#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
-#else
-static inline int rsa_verify_hash(struct image_sign_info *info,
-				  const uint8_t *hash,
-				  uint8_t *sig, uint sig_len)
-{
-	return -ENXIO;
-}
-
-static inline int rsa_verify(struct image_sign_info *info,
-		const struct image_region region[], int region_count,
-		uint8_t *sig, uint sig_len)
-{
-	return -ENXIO;
-}
-
-static inline int padding_pkcs_15_verify(struct image_sign_info *info,
-					 uint8_t *msg, int msg_len,
-					 const uint8_t *hash, int hash_len)
-{
-	return -ENXIO;
-}
-
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
-static inline int padding_pss_verify(struct image_sign_info *info,
-				     uint8_t *msg, int msg_len,
-				     const uint8_t *hash, int hash_len)
-{
-	return -ENXIO;
-}
-#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
-#endif
+#endif /* CONFIG_FIT_RSASSA_PSS */
 
 #define RSA_DEFAULT_PADDING_NAME		"pkcs-1.5"