From 19e2adf98dad56ff7843879f5f18925973138d93 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 22 Mar 2017 19:36:38 +0200 Subject: [PATCH] HW Accelerated SHA1 and SHA256 Add Poritng for Sha1 and SHA256 over Cryptocell --- .../TARGET_CRYPTOCELL310/mbedtls_device.h | 2 +- .../targets/TARGET_CRYPTOCELL310/sha1_alt.c | 86 ++++++++++ .../targets/TARGET_CRYPTOCELL310/sha1_alt.h | 148 ++++++++++++++++++ .../targets/TARGET_CRYPTOCELL310/sha256_alt.c | 86 ++++++++++ .../targets/TARGET_CRYPTOCELL310/sha256_alt.h | 121 ++++++++++++++ 5 files changed, 442 insertions(+), 1 deletion(-) create mode 100644 features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.c create mode 100644 features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.h create mode 100644 features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.c create mode 100644 features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.h diff --git a/features/mbedtls/targets/TARGET_CRYPTOCELL310/mbedtls_device.h b/features/mbedtls/targets/TARGET_CRYPTOCELL310/mbedtls_device.h index c432e3afb9..4034356243 100644 --- a/features/mbedtls/targets/TARGET_CRYPTOCELL310/mbedtls_device.h +++ b/features/mbedtls/targets/TARGET_CRYPTOCELL310/mbedtls_device.h @@ -21,8 +21,8 @@ #ifndef __MBEDTLS_DEVICE__ #define __MBEDTLS_DEVICE__ -#define MBEDTLS_AES_ALT #define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT +#define MBEDTLS_AES_ALT #define MBEDTLS_SHA1_ALT #define MBEDTLS_SHA256_ALT #define MBEDTLS_CCM_ALT diff --git a/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.c b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.c new file mode 100644 index 0000000000..15caddac57 --- /dev/null +++ b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.c @@ -0,0 +1,86 @@ +/* + * sha1_alt.c + * + * Copyright (C) 2018, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/sha1.h" +#if defined(MBEDTLS_SHA1_ALT) +#include + +void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); + +} + +void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) +{ + if( ctx == NULL ) + return; + + CRYS_HASH_Free( &ctx->crys_hash_ctx ); + + memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); +} + +void mbedtls_sha1_clone( mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src ) +{ + memcpy( dst, src, sizeof( mbedtls_sha1_context ) ); +} + +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) +{ + if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA1_mode ) != CRYS_OK ) + return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED ); + return ( 0 ); +} + + +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) + return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, + unsigned char output[20] ) +{ + CRYSError_t CrysErr = CRYS_OK; + CRYS_HASH_Result_t crys_result = {0}; + CrysErr = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); + if( CrysErr == CRYS_OK ) + { + memcpy( output, crys_result, 20 ); + return ( 0 ); + } + else + return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED ); +} + +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)data, 64 ) != CRYS_OK ) + return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED ); + return ( 0 ); +} +#endif //MBEDTLS_SHA1_ALT diff --git a/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.h b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.h new file mode 100644 index 0000000000..d2c650651c --- /dev/null +++ b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.h @@ -0,0 +1,148 @@ +/* + * sha1_alt.h + * + * Copyright (C) 2018, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SHA1_ALT__ +#define __SHA1_ALT__ +#if defined(MBEDTLS_SHA1_ALT) +#include "crys_hash.h" +#ifdef __cplusplus +extern "C" { +#endif + + +/** + * \brief SHA-1 context structure + */ +typedef struct +{ + CRYS_HASHUserContext_t crys_hash_ctx; +} mbedtls_sha1_context; + +/** + * \brief This function initializes a SHA-1 context. + * + * \param ctx The SHA-1 context to initialize. + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); + +/** + * \brief This function clears a SHA-1 context. + * + * \param ctx The SHA-1 context to clear. + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); + +/** + * \brief This function clones the state of a SHA-1 context. + * + * \param dst The destination context. + * \param src The context to clone. + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void mbedtls_sha1_clone( mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src ); + +/** + * \brief This function starts a SHA-1 checksum calculation. + * + * \param ctx The context to initialize. + * + * \return \c 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); + +/** + * \brief This function feeds an input buffer into an ongoing SHA-1 + * checksum calculation. + * + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * + * \return \c 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ); + +/** + * \brief This function finishes the SHA-1 operation, and writes + * the result to the output buffer. + * + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. + * + * \return \c 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, + unsigned char output[20] ); + +/** + * \brief SHA-1 process data block (internal use only) + * + * \param ctx SHA-1 context + * \param data The data block being processed. + * + * \return \c 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); + +#ifdef __cplusplus +} +#endif + +#endif //MBEDTLS_SHA1_ALT +#endif //__SHA1_ALT__ + diff --git a/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.c b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.c new file mode 100644 index 0000000000..a2350162e8 --- /dev/null +++ b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.c @@ -0,0 +1,86 @@ +/* + * sha256_alt.c + * + * Copyright (C) 2018, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/sha256.h" +#if defined(MBEDTLS_SHA256_ALT) +#include + +void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); + +} + +void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) +{ + if( ctx == NULL ) + return; + CRYS_HASH_Free( &ctx->crys_hash_ctx ); + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); +} + +void mbedtls_sha256_clone( mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src ) +{ + memcpy( dst, src, sizeof( mbedtls_sha256_context ) ); +} + + +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +{ + if(CRYS_HASH_Init( &ctx->crys_hash_ctx, is224 ? + CRYS_HASH_SHA224_mode : CRYS_HASH_SHA256_mode ) != CRYS_OK ) + return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)data, 64 ) != CRYS_OK ) + return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) + return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, + unsigned char output[32] ) +{ + CRYSError_t CrysErr = CRYS_OK; + CRYS_HASH_Result_t crys_result = {0}; + CrysErr = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); + if( CrysErr == CRYS_OK ) + { + memcpy( output, crys_result, 32 ); + return ( 0 ); + } + else + return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED ); +} +#endif //MBEDTLS_SHA256_ALT + diff --git a/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.h b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.h new file mode 100644 index 0000000000..691d5bc622 --- /dev/null +++ b/features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.h @@ -0,0 +1,121 @@ +/* + * sha256_alt.h + * + * Copyright (C) 2018, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SHA256_ALT__ +#define __SHA256_ALT__ + +#if defined(MBEDTLS_SHA256_ALT) + +#include "crys_hash.h" +#ifdef __cplusplus +extern "C" { +#endif + + +/** + * \brief SHA-256 context structure + */ +typedef struct +{ + CRYS_HASHUserContext_t crys_hash_ctx; +} mbedtls_sha256_context; + + +/** + * \brief This function initializes a SHA-256 context. + * + * \param ctx The SHA-256 context to initialize. + */ +void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); + +/** + * \brief This function clears a SHA-256 context. + * + * \param ctx The SHA-256 context to clear. + */ +void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); + +/** + * \brief This function clones the state of a SHA-256 context. + * + * \param dst The destination context. + * \param src The context to clone. + */ +void mbedtls_sha256_clone( mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src ); + +/** + * \brief This function starts a SHA-224 or SHA-256 checksum + * calculation. + * + * \param ctx The context to initialize. + * \param is224 Determines which function to use. + *
  • 0: Use SHA-256.
  • + *
  • 1: Use SHA-224.
+ * + * \return \c 0 on success. + */ +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); + +/** + * \brief This function feeds an input buffer into an ongoing + * SHA-256 checksum calculation. + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + * + * \return \c 0 on success. + */ +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); + +/** + * \brief This function finishes the SHA-256 operation, and writes + * the result to the output buffer. + * + * \param ctx The SHA-256 context. + * \param output The SHA-224 or SHA-256 checksum result. + * + * \return \c 0 on success. + */ +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, + unsigned char output[32] ); + +/** + * \brief This function processes a single data block within + * the ongoing SHA-256 computation. This function is for + * internal use only. + * + * \param ctx The SHA-256 context. + * \param data The buffer holding one block of data. + * + * \return \c 0 on success. + */ +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); + +#ifdef __cplusplus +} +#endif + +#endif // MBEDTLS_SHA256_ALT__ +#endif //__SHA256_ALT__