[PATCH 08/23] mbedtls: add hash shim layer

Raymond Mao raymond.mao at linaro.org
Tue Apr 16 21:00:04 CEST 2024


Create a hash shim layer on top of mbedtls crypto library.

Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
---
 include/mbedtls/md5.h    |  18 ++++++
 include/mbedtls/sha1.h   |  27 +++++++++
 include/mbedtls/sha256.h |  31 ++++++++++
 include/mbedtls/sha512.h |  39 +++++++++++++
 lib/mbedtls/Makefile     |   3 +
 lib/mbedtls/hash_shim.c  | 118 +++++++++++++++++++++++++++++++++++++++
 6 files changed, 236 insertions(+)
 create mode 100644 include/mbedtls/md5.h
 create mode 100644 include/mbedtls/sha1.h
 create mode 100644 include/mbedtls/sha256.h
 create mode 100644 include/mbedtls/sha512.h
 create mode 100644 lib/mbedtls/hash_shim.c

diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
new file mode 100644
index 0000000000..e5a205efda
--- /dev/null
+++ b/include/mbedtls/md5.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2023 Linaro Limited
+ * Author: Raymond Mao <raymond.mao at linaro.org>
+ */
+#include <external/mbedtls/include/mbedtls/md5.h>
+
+#ifndef _MBEDTLS_MD5_H
+#define _MBEDTLS_MD5_H
+
+#define MD5_SUM_LEN	16
+
+void
+md5_wd_mb(const unsigned char *input, unsigned int len,
+	  unsigned char output[16],
+	  unsigned int __always_unused chunk_sz);
+
+#endif /* _MBEDTLS_MD5_H */
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
new file mode 100644
index 0000000000..f7aff6f652
--- /dev/null
+++ b/include/mbedtls/sha1.h
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2023 Linaro Limited
+ * Author: Raymond Mao <raymond.mao at linaro.org>
+ */
+#include <external/mbedtls/include/mbedtls/sha1.h>
+
+#ifndef _MBEDTLS_SHA1_H
+#define _MBEDTLS_SHA1_H
+
+#define SHA1_SUM_LEN	20
+#define SHA1_DER_LEN	15
+
+#define CHUNKSZ_SHA1	(64 * 1024)
+
+extern const u8 sha1_der_prefix[];
+
+typedef mbedtls_sha1_context sha1_context;
+
+void sha1_starts_mb(sha1_context *ctx);
+void sha1_update_mb(sha1_context *ctx, const unsigned char *input,
+		    unsigned int length);
+void sha1_finish_mb(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN]);
+void sha1_csum_wd_mb(const unsigned char *input, unsigned int length,
+		     unsigned char *output, unsigned int chunk_sz);
+
+#endif /* _MBEDTLS_SHA1_H */
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
new file mode 100644
index 0000000000..804f2ce8ab
--- /dev/null
+++ b/include/mbedtls/sha256.h
@@ -0,0 +1,31 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2023 Linaro Limited
+ * Author: Raymond Mao <raymond.mao at linaro.org>
+ */
+#include <external/mbedtls/include/mbedtls/sha256.h>
+
+#ifndef _MBEDTLS_SHA256_H
+#define _MBEDTLS_SHA256_H
+
+#define SHA224_SUM_LEN	28
+#define SHA256_SUM_LEN	32
+
+#define SHA224_DER_LEN	19
+#define SHA256_DER_LEN	19
+
+#define CHUNKSZ_SHA224	(64 * 1024)
+#define CHUNKSZ_SHA256	(64 * 1024)
+
+extern const u8 sha256_der_prefix[];
+
+typedef mbedtls_sha256_context sha256_context;
+
+void sha256_starts_mb(sha256_context *ctx);
+void
+sha256_update_mb(sha256_context *ctx, const uint8_t *input, uint32_t length);
+void sha256_finish_mb(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]);
+void sha256_csum_wd_mb(const unsigned char *input, unsigned int length,
+		       unsigned char *output, unsigned int chunk_sz);
+
+#endif /* _MBEDTLS_SHA256_H */
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
new file mode 100644
index 0000000000..bc7f2faa0d
--- /dev/null
+++ b/include/mbedtls/sha512.h
@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2023 Linaro Limited
+ * Author: Raymond Mao <raymond.mao at linaro.org>
+ */
+#include <external/mbedtls/include/mbedtls/sha512.h>
+
+#ifndef _MBEDTLS_SHA512_H
+#define _MBEDTLS_SHA512_H
+
+#define SHA384_SUM_LEN	48
+#define SHA512_SUM_LEN	64
+
+#define SHA384_DER_LEN	19
+#define SHA512_DER_LEN	19
+
+#define CHUNKSZ_SHA384	(16 * 1024)
+#define CHUNKSZ_SHA512	(16 * 1024)
+
+extern const u8 sha384_der_prefix[];
+extern const u8 sha512_der_prefix[];
+
+typedef mbedtls_sha512_context sha384_context;
+typedef mbedtls_sha512_context sha512_context;
+
+void sha384_starts_mb(sha512_context *ctx);
+void
+sha384_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length);
+void sha384_finish_mb(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]);
+void sha384_csum_wd_mb(const unsigned char *input, unsigned int length,
+		       unsigned char *output, unsigned int chunk_sz);
+void sha512_starts_mb(sha512_context *ctx);
+void
+sha512_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length);
+void sha512_finish_mb(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]);
+void sha512_csum_wd_mb(const unsigned char *input, unsigned int length,
+		       unsigned char *output, unsigned int chunk_sz);
+
+#endif /* _MBEDTLS_SHA512_H */
diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
index 85f0a3cfd0..5d41ddbd8d 100644
--- a/lib/mbedtls/Makefile
+++ b/lib/mbedtls/Makefile
@@ -14,6 +14,9 @@ ccflags-y += \
 	-I$(src)/external/mbedtls/library \
 	# This line is intentionally left blank
 
+# shim layer for hash
+obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_shim.o
+
 obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o
 mbedtls_lib_crypto-y := \
 	$(MBEDTLS_LIB_DIR)/aes.o \
diff --git a/lib/mbedtls/hash_shim.c b/lib/mbedtls/hash_shim.c
new file mode 100644
index 0000000000..982718efed
--- /dev/null
+++ b/lib/mbedtls/hash_shim.c
@@ -0,0 +1,118 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Hash shim layer on MbedTLS Crypto library
+ *
+ * Copyright (c) 2023 Linaro Limited
+ * Author: Raymond Mao <raymond.mao at linaro.org>
+ */
+
+#include "common.h"
+#include <malloc.h>
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
+#include <mbedtls/md5.h>
+
+void sha1_starts_mb(sha1_context *ctx)
+{
+	mbedtls_sha1_init(ctx);
+	mbedtls_sha1_starts(ctx);
+}
+
+void sha1_update_mb(sha1_context *ctx, const unsigned char *input,
+		    unsigned int length)
+{
+	mbedtls_sha1_update(ctx, input, length);
+}
+
+void sha1_finish_mb(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN])
+{
+	mbedtls_sha1_finish(ctx, output);
+	mbedtls_sha1_free(ctx);
+}
+
+void sha1_csum_wd_mb(const unsigned char *input, unsigned int length,
+		     unsigned char *output, unsigned int chunk_sz)
+{
+	mbedtls_sha1(input, length, output);
+}
+
+void sha256_starts_mb(sha256_context *ctx)
+{
+	mbedtls_sha256_init(ctx);
+	mbedtls_sha256_starts(ctx, 0);
+}
+
+void
+sha256_update_mb(sha256_context *ctx, const uint8_t *input, uint32_t length)
+{
+	mbedtls_sha256_update(ctx, input, length);
+}
+
+void sha256_finish_mb(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN])
+{
+	mbedtls_sha256_finish(ctx, digest);
+	mbedtls_sha256_free(ctx);
+}
+
+void sha256_csum_wd_mb(const unsigned char *input, unsigned int length,
+		       unsigned char *output, unsigned int chunk_sz)
+{
+	mbedtls_sha256(input, length, output, 0);
+}
+
+void sha384_starts_mb(sha512_context *ctx)
+{
+	mbedtls_sha512_init(ctx);
+	mbedtls_sha512_starts(ctx, 1);
+}
+
+void
+sha384_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length)
+{
+	mbedtls_sha512_update(ctx, input, length);
+}
+
+void sha384_finish_mb(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
+{
+	mbedtls_sha512_finish(ctx, digest);
+	mbedtls_sha512_free(ctx);
+}
+
+void sha384_csum_wd_mb(const unsigned char *input, unsigned int length,
+		       unsigned char *output, unsigned int chunk_sz)
+{
+	mbedtls_sha512(input, length, output, 1);
+}
+
+void sha512_starts_mb(sha512_context *ctx)
+{
+	mbedtls_sha512_init(ctx);
+	mbedtls_sha512_starts(ctx, 0);
+}
+
+void
+sha512_update_mb(sha512_context *ctx, const uint8_t *input, uint32_t length)
+{
+	mbedtls_sha512_update(ctx, input, length);
+}
+
+void sha512_finish_mb(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN])
+{
+	mbedtls_sha512_finish(ctx, digest);
+	mbedtls_sha512_free(ctx);
+}
+
+void sha512_csum_wd_mb(const unsigned char *input, unsigned int length,
+		       unsigned char *output, unsigned int chunk_sz)
+{
+	mbedtls_sha512(input, length, output, 0);
+}
+
+void
+md5_wd_mb(const unsigned char *input, unsigned int len,
+	  unsigned char output[16], unsigned int __always_unused chunk_sz)
+{
+	mbedtls_md5(input, len, output);
+}
+
-- 
2.25.1



More information about the U-Boot mailing list