[PATCH v5 07/27] hash: integrate hash on mbedtls

Raymond Mao Wed, 31 Jul 2024 10:29:15 -0700

Integrate common/hash.c on the hash shim layer so that hash APIs
from mbedtls can be leveraged by boot/image and efi_loader.


Signed-off-by: Raymond Mao <raymond....@linaro.org>
---
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
Changes in v5
- Add __maybe_unused to solve linker errors in some platforms.
- replace malloc with calloc.

 common/hash.c | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 146 insertions(+)

diff --git a/common/hash.c b/common/hash.c
index ac63803fed9..d25fc4854c7 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -35,6 +35,144 @@
 #include <u-boot/sha512.h>
 #include <u-boot/md5.h>
 
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+
+static int __maybe_unused hash_init_sha1(struct hash_algo *algo, void **ctxp)
+{
+       int ret;
+       mbedtls_sha1_context *ctx = calloc(1, sizeof(*ctx));
+
+       if (!ctx)
+               return -ENOMEM;
+
+       mbedtls_sha1_init(ctx);
+       ret = mbedtls_sha1_starts(ctx);
+       if (!ret) {
+               *ctxp = ctx;
+       } else {
+               mbedtls_sha1_free(ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int __maybe_unused hash_update_sha1(struct hash_algo *algo, void *ctx,
+                                          const void *buf, unsigned int size,
+                                          int is_last)
+{
+       return mbedtls_sha1_update((mbedtls_sha1_context *)ctx, buf, size);
+}
+
+static int __maybe_unused
+hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, int size)
+{
+       int ret;
+
+       if (size < algo->digest_size)
+               return -1;
+
+       ret = mbedtls_sha1_finish((mbedtls_sha1_context *)ctx, dest_buf);
+       if (!ret) {
+               mbedtls_sha1_free((mbedtls_sha1_context *)ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int __maybe_unused hash_init_sha256(struct hash_algo *algo, void **ctxp)
+{
+       int ret;
+       int is224 = algo->digest_size == SHA224_SUM_LEN ? 1 : 0;
+       mbedtls_sha256_context *ctx = calloc(1, sizeof(*ctx));
+
+       if (!ctx)
+               return -ENOMEM;
+
+       mbedtls_sha256_init(ctx);
+       ret = mbedtls_sha256_starts(ctx, is224);
+       if (!ret) {
+               *ctxp = ctx;
+       } else {
+               mbedtls_sha256_free(ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int __maybe_unused hash_update_sha256(struct hash_algo *algo, void *ctx,
+                                            const void *buf, uint size,
+                                            int is_last)
+{
+       return mbedtls_sha256_update((mbedtls_sha256_context *)ctx, buf, size);
+}
+
+static int __maybe_unused
+hash_finish_sha256(struct hash_algo *algo, void *ctx, void *dest_buf, int size)
+{
+       int ret;
+
+       if (size < algo->digest_size)
+               return -1;
+
+       ret = mbedtls_sha256_finish((mbedtls_sha256_context *)ctx, dest_buf);
+       if (!ret) {
+               mbedtls_sha256_free((mbedtls_sha256_context *)ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int __maybe_unused hash_init_sha512(struct hash_algo *algo, void **ctxp)
+{
+       int ret;
+       int is384 = algo->digest_size == SHA384_SUM_LEN ? 1 : 0;
+       mbedtls_sha512_context *ctx = calloc(1, sizeof(*ctx));
+
+       if (!ctx)
+               return -ENOMEM;
+
+       mbedtls_sha512_init(ctx);
+       ret = mbedtls_sha512_starts(ctx, is384);
+       if (!ret) {
+               *ctxp = ctx;
+       } else {
+               mbedtls_sha512_free(ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+static int __maybe_unused hash_update_sha512(struct hash_algo *algo, void *ctx,
+                                            const void *buf, uint size,
+                                            int is_last)
+{
+       return mbedtls_sha512_update((mbedtls_sha512_context *)ctx, buf, size);
+}
+
+static int __maybe_unused
+hash_finish_sha512(struct hash_algo *algo, void *ctx, void *dest_buf, int size)
+{
+       int ret;
+
+       if (size < algo->digest_size)
+               return -1;
+
+       ret = mbedtls_sha512_finish((mbedtls_sha512_context *)ctx, dest_buf);
+       if (!ret) {
+               mbedtls_sha512_free((mbedtls_sha512_context *)ctx);
+               free(ctx);
+       }
+
+       return ret;
+}
+
+#else /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
+
 static int __maybe_unused hash_init_sha1(struct hash_algo *algo, void **ctxp)
 {
        sha1_context *ctx = malloc(sizeof(sha1_context));
@@ -143,6 +281,8 @@ static int __maybe_unused hash_finish_sha512(struct 
hash_algo *algo, void *ctx,
        return 0;
 }
 
+#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
+
 static int hash_init_crc16_ccitt(struct hash_algo *algo, void **ctxp)
 {
        uint16_t *ctx = malloc(sizeof(uint16_t));
@@ -267,10 +407,16 @@ static struct hash_algo hash_algo[] = {
                .hash_init      = hw_sha_init,
                .hash_update    = hw_sha_update,
                .hash_finish    = hw_sha_finish,
+#else
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+               .hash_init      = hash_init_sha512,
+               .hash_update    = hash_update_sha512,
+               .hash_finish    = hash_finish_sha512,
 #else
                .hash_init      = hash_init_sha384,
                .hash_update    = hash_update_sha384,
                .hash_finish    = hash_finish_sha384,
+#endif
 #endif
        },
 #endif
-- 
2.25.1

[PATCH v5 07/27] hash: integrate hash on mbedtls

Reply via email to