Merge pull request #5630 from adustm/fix5079_sha1_md5_sha256_hwcrypto

Fix #5079. Support of call to mbedtls_x_finish without calling mbedtls_x_update
2018-01-31 12:08:44 -06:00 · 2018-01-31 12:08:44 -06:00 · c06a42b05d
parent 195b3ea24b 88c3b3ee28
commit c06a42b05d
4 changed files with 52 additions and 54 deletions
--- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_STM32F439xI/mbedtls_device.h
+++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_STM32F439xI/mbedtls_device.h
@ -22,12 +22,10 @@

 #define MBEDTLS_AES_ALT

-/* FIXME: Don't enable SHA1, SHA256 and MD5 hardware acceleration until issue
- * #5079 is fixed. (https://github.com/ARMmbed/mbed-os/issues/5079) */
-/* #define MBEDTLS_SHA256_ALT */
+#define MBEDTLS_SHA256_ALT

-/* #define MBEDTLS_SHA1_ALT */
+#define MBEDTLS_SHA1_ALT

-/* #define MBEDTLS_MD5_ALT */
+#define MBEDTLS_MD5_ALT

 #endif /* MBEDTLS_DEVICE_H */
--- a/features/mbedtls/targets/TARGET_STM/md5_alt.c
+++ b/features/mbedtls/targets/TARGET_STM/md5_alt.c
@ -17,8 +17,8 @@
 *  limitations under the License.
 *
 */
-#if defined(MBEDTLS_MD5_C)
 #include "mbedtls/md5.h"
+#if defined(MBEDTLS_MD5_C)

 #if defined(MBEDTLS_MD5_ALT)
 #include "mbedtls/platform.h"
@ -127,18 +127,14 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[ST_
 void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
 {
    size_t currentlen = ilen;
+    /* If ilen = 0 : do nothing */
+    if (currentlen != 0) {
        if (st_md5_restore_hw_context(ctx) != 1) {
            return; // Return HASH_BUSY timout error here
        }
+
        // store mechanism to accumulate ST_MD5_BLOCK_SIZE bytes (512 bits) in the HW
-    if (currentlen == 0){ // only change HW status is size if 0
-        if(ctx->hhash_md5.Phase == HAL_HASH_PHASE_READY) {
-          /* Select the MD5 mode and reset the HASH processor core, so that the HASH will be ready to compute
-             the message digest of a new message */
-          HASH->CR |= HASH_ALGOSELECTION_MD5 | HASH_CR_INIT;
-        }
-        ctx->hhash_md5.Phase = HAL_HASH_PHASE_PROCESS;
-    } else if (currentlen < (ST_MD5_BLOCK_SIZE - ctx->sbuf_len)) {
+        if (currentlen < (ST_MD5_BLOCK_SIZE - ctx->sbuf_len)) {
            // only buffurize
            memcpy(ctx->sbuf+ctx->sbuf_len, input, currentlen);
            ctx->sbuf_len += currentlen;
@ -160,9 +156,11 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s
                memcpy(ctx->sbuf, input + ilen - ctx->sbuf_len, ctx->sbuf_len);
            }
        }
+
        if (st_md5_save_hw_context(ctx) != 1) {
            return; // return HASH_BUSY timeout Error here
        }
+    }
 }

 void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
@ -170,11 +168,12 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
    if (st_md5_restore_hw_context(ctx) != 1) {
        return; // Return HASH_BUSY timout error here
    }
-    if (ctx->sbuf_len > 0) {
+    /* Last accumulation for extra bytes in sbuf_len */
+    /* This sets HW flags in case mbedtls_md5_update has not been called yet */
    if (HAL_HASH_MD5_Accumulate(&ctx->hhash_md5, ctx->sbuf, ctx->sbuf_len) != 0) {
        return; // Return error code here
    }
-    }
+
    mbedtls_zeroize( ctx->sbuf, ST_MD5_BLOCK_SIZE);
    ctx->sbuf_len = 0;
    __HAL_HASH_START_DIGEST();
--- a/features/mbedtls/targets/TARGET_STM/sha1_alt.c
+++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.c
@ -169,11 +169,11 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
        return; // Return HASH_BUSY timout error here
    }

-    if (ctx->sbuf_len > 0) {
+    /* Last accumulation for extra bytes in sbuf_len */
+    /* This allows the HW flags to be in place in case mbedtls_sha256_update has not been called yet */
    if (HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, ctx->sbuf, ctx->sbuf_len) != 0) {
        return; // Return error code here
    }
-    }
    mbedtls_zeroize(ctx->sbuf, ST_SHA1_BLOCK_SIZE);
    ctx->sbuf_len = 0;
    __HAL_HASH_START_DIGEST();
--- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c
+++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c
@ -187,7 +187,8 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32
    if (st_sha256_restore_hw_context(ctx) != 1) {
        return; // Return HASH_BUSY timout error here
    }
-    if (ctx->sbuf_len > 0) {
+    /* Last accumulation for extra bytes in sbuf_len */
+    /* This allows the HW flags to be in place in case mbedtls_sha256_update has not been called yet */
    if (ctx->is224 == 0) {
        if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) {
            return; // Return error code here
@ -197,7 +198,7 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32
            return; // Return error code here
        }
    }
-    }
+
    mbedtls_zeroize(ctx->sbuf, ST_SHA256_BLOCK_SIZE);
    ctx->sbuf_len = 0;
    __HAL_HASH_START_DIGEST();