Create a hash shim layer on top of mbedtls crypto library. Signed-off-by: Raymond Mao <raymond....@linaro.org> --- include/mbedtls/md5.h | 18 ++++++ include/mbedtls/sha1.h | 27 +++++++++ include/mbedtls/sha256.h | 31 ++++++++++ include/mbedtls/sha512.h | 39 +++++++++++++ lib/mbedtls/Makefile | 3 + lib/mbedtls/hash_shim.c | 118 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 236 insertions(+) create mode 100644 include/mbedtls/md5.h create mode 100644 include/mbedtls/sha1.h create mode 100644 include/mbedtls/sha256.h create mode 100644 include/mbedtls/sha512.h create mode 100644 lib/mbedtls/hash_shim.c
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h new file mode 100644 index 0000000000..e5a205efda --- /dev/null +++ b/include/mbedtls/md5.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao <raymond....@linaro.org> + */ +#include <external/mbedtls/include/mbedtls/md5.h> + +#ifndef _MBEDTLS_MD5_H +#define _MBEDTLS_MD5_H + +#define MD5_SUM_LEN 16 + +void +md5_wd_mb(const unsigned char *input, unsigned int len, + unsigned char output[16], + unsigned int __always_unused chunk_sz); + +#endif /* _MBEDTLS_MD5_H */ diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h new file mode 100644 index 0000000000..f7aff6f652 --- /dev/null +++ b/include/mbedtls/sha1.h @@ -0,0 +1,27 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao <raymond....@linaro.org> + */ +#include <external/mbedtls/include/mbedtls/sha1.h> + +#ifndef _MBEDTLS_SHA1_H +#define _MBEDTLS_SHA1_H + +#define SHA1_SUM_LEN 20 +#define SHA1_DER_LEN 15 + +#define CHUNKSZ_SHA1 (64 * 1024) + +extern const u8 sha1_der_prefix[]; + +typedef mbedtls_sha1_context sha1_context; + +void sha1_starts_mb(sha1_context *ctx); +void sha1_update_mb(sha1_context *ctx, const unsigned char *input, + unsigned int length); +void sha1_finish_mb(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN]); +void sha1_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz); + +#endif /* _MBEDTLS_SHA1_H */ diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h new file mode 100644 index 0000000000..804f2ce8ab --- /dev/null +++ b/include/mbedtls/sha256.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao <raymond....@linaro.org> + */ +#include <external/mbedtls/include/mbedtls/sha256.h> + +#ifndef _MBEDTLS_SHA256_H +#define _MBEDTLS_SHA256_H + +#define SHA224_SUM_LEN 28 +#define SHA256_SUM_LEN 32 + +#define SHA224_DER_LEN 19 +#define SHA256_DER_LEN 19 + +#define CHUNKSZ_SHA224 (64 * 1024) +#define CHUNKSZ_SHA256 (64 * 1024) + +extern const u8 sha256_der_prefix[]; + +typedef mbedtls_sha256_context sha256_context; + +void sha256_starts_mb(sha256_context *ctx); +void +sha256_update_mb(sha256_context *ctx, const uint8_t *input, uint32_t length); +void sha256_finish_mb(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]); +void sha256_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz); + +#endif /* _MBEDTLS_SHA256_H */ diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h new file mode 100644 index 0000000000..bc7f2faa0d --- /dev/null +++ b/include/mbedtls/sha512.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao <raymond....@linaro.org> + */ +#include <external/mbedtls/include/mbedtls/sha512.h> + +#ifndef _MBEDTLS_SHA512_H +#define _MBEDTLS_SHA512_H + +#define SHA384_SUM_LEN 48 +#define SHA512_SUM_LEN 64 + +#define SHA384_DER_LEN 19 +#define SHA512_DER_LEN 19 + +#define CHUNKSZ_SHA384 (16 * 1024) +#define CHUNKSZ_SHA512 (16 * 1024) + +extern const u8 sha384_der_prefix[]; +extern const u8 sha512_der_prefix[]; + +typedef mbedtls_sha512_context sha384_context; +typedef mbedtls_sha512_context sha512_context; + +void sha384_starts_mb(sha512_context *ctx); +void +sha384_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length); +void sha384_finish_mb(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]); +void sha384_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz); +void sha512_starts_mb(sha512_context *ctx); +void +sha512_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length); +void sha512_finish_mb(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]); +void sha512_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz); + +#endif /* _MBEDTLS_SHA512_H */ diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 85f0a3cfd0..5d41ddbd8d 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -14,6 +14,9 @@ ccflags-y += \ -I$(src)/external/mbedtls/library \ # This line is intentionally left blank +# shim layer for hash +obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_shim.o + obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y := \ $(MBEDTLS_LIB_DIR)/aes.o \ diff --git a/lib/mbedtls/hash_shim.c b/lib/mbedtls/hash_shim.c new file mode 100644 index 0000000000..982718efed --- /dev/null +++ b/lib/mbedtls/hash_shim.c @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Hash shim layer on MbedTLS Crypto library + * + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao <raymond....@linaro.org> + */ + +#include "common.h" +#include <malloc.h> +#include <mbedtls/sha1.h> +#include <mbedtls/sha256.h> +#include <mbedtls/sha512.h> +#include <mbedtls/md5.h> + +void sha1_starts_mb(sha1_context *ctx) +{ + mbedtls_sha1_init(ctx); + mbedtls_sha1_starts(ctx); +} + +void sha1_update_mb(sha1_context *ctx, const unsigned char *input, + unsigned int length) +{ + mbedtls_sha1_update(ctx, input, length); +} + +void sha1_finish_mb(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN]) +{ + mbedtls_sha1_finish(ctx, output); + mbedtls_sha1_free(ctx); +} + +void sha1_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz) +{ + mbedtls_sha1(input, length, output); +} + +void sha256_starts_mb(sha256_context *ctx) +{ + mbedtls_sha256_init(ctx); + mbedtls_sha256_starts(ctx, 0); +} + +void +sha256_update_mb(sha256_context *ctx, const uint8_t *input, uint32_t length) +{ + mbedtls_sha256_update(ctx, input, length); +} + +void sha256_finish_mb(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]) +{ + mbedtls_sha256_finish(ctx, digest); + mbedtls_sha256_free(ctx); +} + +void sha256_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz) +{ + mbedtls_sha256(input, length, output, 0); +} + +void sha384_starts_mb(sha512_context *ctx) +{ + mbedtls_sha512_init(ctx); + mbedtls_sha512_starts(ctx, 1); +} + +void +sha384_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length) +{ + mbedtls_sha512_update(ctx, input, length); +} + +void sha384_finish_mb(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]) +{ + mbedtls_sha512_finish(ctx, digest); + mbedtls_sha512_free(ctx); +} + +void sha384_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz) +{ + mbedtls_sha512(input, length, output, 1); +} + +void sha512_starts_mb(sha512_context *ctx) +{ + mbedtls_sha512_init(ctx); + mbedtls_sha512_starts(ctx, 0); +} + +void +sha512_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length) +{ + mbedtls_sha512_update(ctx, input, length); +} + +void sha512_finish_mb(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]) +{ + mbedtls_sha512_finish(ctx, digest); + mbedtls_sha512_free(ctx); +} + +void sha512_csum_wd_mb(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz) +{ + mbedtls_sha512(input, length, output, 0); +} + +void +md5_wd_mb(const unsigned char *input, unsigned int len, + unsigned char output[16], unsigned int __always_unused chunk_sz) +{ + mbedtls_md5(input, len, output); +} + -- 2.25.1