[PATCH v3 07/25] hash: integrate hash on mbedtls

Raymond Mao Tue, 28 May 2024 07:12:59 -0700

Integrate common/hash.c on the hash shim layer so that hash APIs
from mbedtls can be leveraged by boot/image and efi_loader.


Signed-off-by: Raymond Mao <raymond....@linaro.org>
---
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.

 common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 143 insertions(+)

diff --git a/common/hash.c b/common/hash.c
index 3d6b84de473..1c8e7731afe 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -36,6 +36,141 @@
 #include <u-boot/sha512.h>
 #include <u-boot/md5.h>
 
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp)
+{
+       int ret;
+       mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));
+
+       if (!ctx)
+               return -ENOMEM;
+
+       mbedtls_sha1_init(ctx);
+       ret = mbedtls_sha1_starts(ctx);
+       if (!ret) {
+               *ctxp = ctx;
+       } else {
+               mbedtls_sha1_free(ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int hash_update_sha1(struct hash_algo *algo, void *ctx, const void *buf,
+                           unsigned int size, int is_last)
+{
+       return mbedtls_sha1_update((mbedtls_sha1_context *)ctx, buf, size);
+}
+
+static int
+hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, int size)
+{
+       int ret;
+
+       if (size < algo->digest_size)
+               return -1;
+
+       ret = mbedtls_sha1_finish((mbedtls_sha1_context *)ctx, dest_buf);
+       if (!ret) {
+               mbedtls_sha1_free((mbedtls_sha1_context *)ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int hash_init_sha256(struct hash_algo *algo, void **ctxp)
+{
+       int ret;
+       int is224 = algo->digest_size == SHA224_SUM_LEN ? 1 : 0;
+       mbedtls_sha256_context *ctx = malloc(sizeof(mbedtls_sha256_context));
+
+       if (!ctx)
+               return -ENOMEM;
+
+       mbedtls_sha256_init(ctx);
+       ret = mbedtls_sha256_starts(ctx, is224);
+       if (!ret) {
+               *ctxp = ctx;
+       } else {
+               mbedtls_sha256_free(ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int hash_update_sha256(struct hash_algo *algo, void *ctx, const void 
*buf,
+                             uint size, int is_last)
+{
+       return mbedtls_sha256_update((mbedtls_sha256_context *)ctx, buf, size);
+}
+
+static int
+hash_finish_sha256(struct hash_algo *algo, void *ctx, void *dest_buf, int size)
+{
+       int ret;
+
+       if (size < algo->digest_size)
+               return -1;
+
+       ret = mbedtls_sha256_finish((mbedtls_sha256_context *)ctx, dest_buf);
+       if (!ret) {
+               mbedtls_sha256_free((mbedtls_sha256_context *)ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
+{
+       int ret;
+       int is384 = algo->digest_size == SHA384_SUM_LEN ? 1 : 0;
+       mbedtls_sha512_context *ctx = malloc(sizeof(mbedtls_sha512_context));
+
+       if (!ctx)
+               return -ENOMEM;
+
+       mbedtls_sha512_init(ctx);
+       ret = mbedtls_sha512_starts(ctx, is384);
+       if (!ret) {
+               *ctxp = ctx;
+       } else {
+               mbedtls_sha512_free(ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int hash_update_sha512(struct hash_algo *algo, void *ctx, const void 
*buf,
+                             uint size, int is_last)
+{
+       return mbedtls_sha512_update((mbedtls_sha512_context *)ctx, buf, size);
+}
+
+static int
+hash_finish_sha512(struct hash_algo *algo, void *ctx, void *dest_buf, int size)
+{
+       int ret;
+
+       if (size < algo->digest_size)
+               return -1;
+
+       ret = mbedtls_sha512_finish((mbedtls_sha512_context *)ctx, dest_buf);
+       if (!ret) {
+               mbedtls_sha512_free((mbedtls_sha512_context *)ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+#else /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
+
 static int __maybe_unused hash_init_sha1(struct hash_algo *algo, void **ctxp)
 {
        sha1_context *ctx = malloc(sizeof(sha1_context));
@@ -144,6 +279,8 @@ static int __maybe_unused hash_finish_sha512(struct 
hash_algo *algo, void *ctx,
        return 0;
 }
 
+#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
+
 static int hash_init_crc16_ccitt(struct hash_algo *algo, void **ctxp)
 {
        uint16_t *ctx = malloc(sizeof(uint16_t));
@@ -268,10 +405,16 @@ static struct hash_algo hash_algo[] = {
                .hash_init      = hw_sha_init,
                .hash_update    = hw_sha_update,
                .hash_finish    = hw_sha_finish,
+#else
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+               .hash_init      = hash_init_sha512,
+               .hash_update    = hash_update_sha512,
+               .hash_finish    = hash_finish_sha512,
 #else
                .hash_init      = hash_init_sha384,
                .hash_update    = hash_update_sha384,
                .hash_finish    = hash_finish_sha384,
+#endif
 #endif
        },
 #endif
-- 
2.25.1

[PATCH v3 07/25] hash: integrate hash on mbedtls

Reply via email to