| Message ID | 1542372182-26682-1-git-send-email-sumit.garg@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2,1/2] libtomcrypt: Import SHA512/256 approved hash algorithm | expand |
On Fri, Nov 16, 2018 at 06:13:01PM +0530, Sumit Garg wrote: No description, no motivation, no version control information (what version of TomCrypt did you copy these from). > Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > --- > core/crypto.mk | 1 + > core/include/crypto/crypto.h | 11 ++ > core/lib/libtomcrypt/include/tomcrypt_custom.h | 3 + > core/lib/libtomcrypt/include/tomcrypt_hash.h | 11 ++ > core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c | 158 ++++++++++++++++++++++ > core/lib/libtomcrypt/src/hashes/sha2/sub.mk | 1 + > core/lib/libtomcrypt/src/tee_ltc_provider.c | 17 +++ > 7 files changed, 202 insertions(+) > create mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c > > diff --git a/core/crypto.mk b/core/crypto.mk > index b0a50d5..2fcde13 100644 > --- a/core/crypto.mk > +++ b/core/crypto.mk > @@ -26,6 +26,7 @@ CFG_CRYPTO_SHA224 ?= y > CFG_CRYPTO_SHA256 ?= y > CFG_CRYPTO_SHA384 ?= y > CFG_CRYPTO_SHA512 ?= y > +CFG_CRYPTO_SHA512_256 ?= y > > # Asymmetric ciphers > CFG_CRYPTO_DSA ?= y > diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h > index 2018d3c..54a5f74 100644 > --- a/core/include/crypto/crypto.h > +++ b/core/include/crypto/crypto.h > @@ -256,6 +256,17 @@ TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, > TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, > size_t data_size); > > +/* > + * Computes a SHA-512/256 hash, vetted conditioner as per NIST.SP.800-90B. > + * It doesn't require crypto_init() to be called in advance and has as few > + * dependencies as possible. > + * > + * This function could be used inside interrupt context where the crypto > + * library can't be used due to mutex handling. > + */ > +TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, > + size_t data_size); > + > #define CRYPTO_RNG_SRC_IS_QUICK(sid) (!!((sid) & 1)) > > /* > diff --git a/core/lib/libtomcrypt/include/tomcrypt_custom.h b/core/lib/libtomcrypt/include/tomcrypt_custom.h > index 2fbb7a1..030f86c 100644 > --- a/core/lib/libtomcrypt/include/tomcrypt_custom.h > +++ b/core/lib/libtomcrypt/include/tomcrypt_custom.h > @@ -200,6 +200,9 @@ > #ifdef CFG_CRYPTO_SHA512 > #define LTC_SHA512 > #endif > +#ifdef CFG_CRYPTO_SHA512_256 > +#define LTC_SHA512_256 > +#endif > > #define LTC_NO_MACS > > diff --git a/core/lib/libtomcrypt/include/tomcrypt_hash.h b/core/lib/libtomcrypt/include/tomcrypt_hash.h > index 8f67ad2..6678acc 100644 > --- a/core/lib/libtomcrypt/include/tomcrypt_hash.h > +++ b/core/lib/libtomcrypt/include/tomcrypt_hash.h > @@ -255,6 +255,17 @@ int sha384_test(void); > extern const struct ltc_hash_descriptor sha384_desc; > #endif > > +#ifdef LTC_SHA512_256 > +#ifndef LTC_SHA512 > + #error LTC_SHA512 is required for LTC_SHA512_256 > +#endif > +int sha512_256_init(hash_state * md); > +#define sha512_256_process sha512_process > +int sha512_256_done(hash_state * md, unsigned char *hash); > +int sha512_256_test(void); > +extern const struct ltc_hash_descriptor sha512_256_desc; > +#endif > + > #if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE) > int sha256_init(hash_state * md); > int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); > diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c > new file mode 100644 > index 0000000..066f141 > --- /dev/null > +++ b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c > @@ -0,0 +1,158 @@ > +// SPDX-License-Identifier: BSD-2-Clause > +/* > + * Copyright (c) 2001-2007, Tom St Denis > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions are met: > + * > + * 1. Redistributions of source code must retain the above copyright notice, > + * this list of conditions and the following disclaimer. > + * > + * 2. Redistributions in binary form must reproduce the above copyright notice, > + * this list of conditions and the following disclaimer in the documentation > + * and/or other materials provided with the distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" > + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE > + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > + > +/* LibTomCrypt, modular cryptographic library -- Tom St Denis > + * > + * LibTomCrypt is a library that provides various cryptographic > + * algorithms in a highly modular and flexible manner. > + * > + * The library is free for all purposes without any express > + * guarantee it works. > + */ > +/** > + @param sha512_256.c > + SHA512/256 hash included in sha512.c > +*/ > + > +#include "tomcrypt.h" > + > +#if defined(LTC_SHA512_256) && defined(LTC_SHA512) > + > +const struct ltc_hash_descriptor sha512_256_desc = > +{ > + "sha512-256", > + 16, > + 32, > + 128, > + > + /* OID */ > + { 2, 16, 840, 1, 101, 3, 4, 2, 6, }, > + 9, > + > + &sha512_256_init, > + &sha512_process, > + &sha512_256_done, > + &sha512_256_test, > + NULL > +}; > + > +/** > + Initialize the hash state > + @param md The hash state you wish to initialize > + @return CRYPT_OK if successful > +*/ > +int sha512_256_init(hash_state * md) > +{ > + LTC_ARGCHK(md != NULL); > + > + md->sha512.curlen = 0; > + md->sha512.length = 0; > + md->sha512.state[0] = CONST64(0x22312194FC2BF72C); > + md->sha512.state[1] = CONST64(0x9F555FA3C84C64C2); > + md->sha512.state[2] = CONST64(0x2393B86B6F53B151); > + md->sha512.state[3] = CONST64(0x963877195940EABD); > + md->sha512.state[4] = CONST64(0x96283EE2A88EFFE3); > + md->sha512.state[5] = CONST64(0xBE5E1E2553863992); > + md->sha512.state[6] = CONST64(0x2B0199FC2C85B8AA); > + md->sha512.state[7] = CONST64(0x0EB72DDC81C52CA2); > + return CRYPT_OK; > +} > + > +/** > + Terminate the hash to get the digest > + @param md The hash state > + @param out [out] The destination of the hash (48 bytes) > + @return CRYPT_OK if successful > +*/ > +int sha512_256_done(hash_state * md, unsigned char *out) > +{ > + unsigned char buf[64]; > + > + LTC_ARGCHK(md != NULL); > + LTC_ARGCHK(out != NULL); > + > + if (md->sha512.curlen >= sizeof(md->sha512.buf)) { > + return CRYPT_INVALID_ARG; > + } > + > + sha512_done(md, buf); > + XMEMCPY(out, buf, 32); > +#ifdef LTC_CLEAN_STACK > + zeromem(buf, sizeof(buf)); > +#endif > + return CRYPT_OK; > +} > + > +/** > + Self-test the hash > + @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled > +*/ > +int sha512_256_test(void) > +{ > + #ifndef LTC_TEST > + return CRYPT_NOP; > + #else > + static const struct { > + const char *msg; > + unsigned char hash[32]; > + } tests[] = { > + { "abc", > + { 0x53, 0x04, 0x8E, 0x26, 0x81, 0x94, 0x1E, 0xF9, > + 0x9B, 0x2E, 0x29, 0xB7, 0x6B, 0x4C, 0x7D, 0xAB, > + 0xE4, 0xC2, 0xD0, 0xC6, 0x34, 0xFC, 0x6D, 0x46, > + 0xE0, 0xE2, 0xF1, 0x31, 0x07, 0xE7, 0xAF, 0x23 } > + }, > + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", > + { 0x39, 0x28, 0xE1, 0x84, 0xFB, 0x86, 0x90, 0xF8, > + 0x40, 0xDA, 0x39, 0x88, 0x12, 0x1D, 0x31, 0xBE, > + 0x65, 0xCB, 0x9D, 0x3E, 0xF8, 0x3E, 0xE6, 0x14, > + 0x6F, 0xEA, 0xC8, 0x61, 0xE1, 0x9B, 0x56, 0x3A } > + }, > + }; > + > + int i; > + unsigned char tmp[32]; > + hash_state md; > + > + for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { > + sha512_256_init(&md); > + sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); > + sha512_256_done(&md, tmp); > + if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) { > + return CRYPT_FAIL_TESTVECTOR; > + } > + } > + return CRYPT_OK; > + #endif > +} > + > +#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ > + > +/* ref: $Format:%D$ */ > +/* git commit: $Format:%H$ */ > +/* commit time: $Format:%ai$ */ > diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk > index e6ff9bf..aa88b46 100644 > --- a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk > +++ b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk > @@ -15,3 +15,4 @@ endif > > srcs-$(CFG_CRYPTO_SHA384) += sha384.c > srcs-$(CFG_CRYPTO_SHA512) += sha512.c > +srcs-$(CFG_CRYPTO_SHA512_256) += sha512_256.c > diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c > index 0c35a34..2f849fd 100644 > --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c > +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c > @@ -2825,6 +2825,23 @@ TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, > } > #endif > > +#if defined(CFG_CRYPTO_SHA512_256) > +TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, > + size_t data_size) > +{ > + hash_state hs; > + > + if (sha512_256_init(&hs) != CRYPT_OK) > + return TEE_ERROR_GENERIC; > + if (sha512_256_process(&hs, data, data_size) != CRYPT_OK) > + return TEE_ERROR_GENERIC; > + if (sha512_256_done(&hs, digest) != CRYPT_OK) > + return TEE_ERROR_GENERIC; > + > + return TEE_SUCCESS; > +} > +#endif > + > TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, > void *enc_key, unsigned int *rounds) > { > -- > 2.7.4 >
On Fri, 16 Nov 2018 at 19:57, Daniel Thompson <daniel.thompson@linaro.org> wrote: > > On Fri, Nov 16, 2018 at 06:13:01PM +0530, Sumit Garg wrote: > > No description, no motivation, no version control information (what > version of TomCrypt did you copy these from). > Sure, will add this info in commit message. BTW, I have used following version of TomCrypt: URL: https://github.com/libtom/libtomcrypt.git, Release Tag: v1.18.0. -Sumit > > > Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > --- > > core/crypto.mk | 1 + > > core/include/crypto/crypto.h | 11 ++ > > core/lib/libtomcrypt/include/tomcrypt_custom.h | 3 + > > core/lib/libtomcrypt/include/tomcrypt_hash.h | 11 ++ > > core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c | 158 ++++++++++++++++++++++ > > core/lib/libtomcrypt/src/hashes/sha2/sub.mk | 1 + > > core/lib/libtomcrypt/src/tee_ltc_provider.c | 17 +++ > > 7 files changed, 202 insertions(+) > > create mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c > > > > diff --git a/core/crypto.mk b/core/crypto.mk > > index b0a50d5..2fcde13 100644 > > --- a/core/crypto.mk > > +++ b/core/crypto.mk > > @@ -26,6 +26,7 @@ CFG_CRYPTO_SHA224 ?= y > > CFG_CRYPTO_SHA256 ?= y > > CFG_CRYPTO_SHA384 ?= y > > CFG_CRYPTO_SHA512 ?= y > > +CFG_CRYPTO_SHA512_256 ?= y > > > > # Asymmetric ciphers > > CFG_CRYPTO_DSA ?= y > > diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h > > index 2018d3c..54a5f74 100644 > > --- a/core/include/crypto/crypto.h > > +++ b/core/include/crypto/crypto.h > > @@ -256,6 +256,17 @@ TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, > > TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, > > size_t data_size); > > > > +/* > > + * Computes a SHA-512/256 hash, vetted conditioner as per NIST.SP.800-90B. > > + * It doesn't require crypto_init() to be called in advance and has as few > > + * dependencies as possible. > > + * > > + * This function could be used inside interrupt context where the crypto > > + * library can't be used due to mutex handling. > > + */ > > +TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, > > + size_t data_size); > > + > > #define CRYPTO_RNG_SRC_IS_QUICK(sid) (!!((sid) & 1)) > > > > /* > > diff --git a/core/lib/libtomcrypt/include/tomcrypt_custom.h b/core/lib/libtomcrypt/include/tomcrypt_custom.h > > index 2fbb7a1..030f86c 100644 > > --- a/core/lib/libtomcrypt/include/tomcrypt_custom.h > > +++ b/core/lib/libtomcrypt/include/tomcrypt_custom.h > > @@ -200,6 +200,9 @@ > > #ifdef CFG_CRYPTO_SHA512 > > #define LTC_SHA512 > > #endif > > +#ifdef CFG_CRYPTO_SHA512_256 > > +#define LTC_SHA512_256 > > +#endif > > > > #define LTC_NO_MACS > > > > diff --git a/core/lib/libtomcrypt/include/tomcrypt_hash.h b/core/lib/libtomcrypt/include/tomcrypt_hash.h > > index 8f67ad2..6678acc 100644 > > --- a/core/lib/libtomcrypt/include/tomcrypt_hash.h > > +++ b/core/lib/libtomcrypt/include/tomcrypt_hash.h > > @@ -255,6 +255,17 @@ int sha384_test(void); > > extern const struct ltc_hash_descriptor sha384_desc; > > #endif > > > > +#ifdef LTC_SHA512_256 > > +#ifndef LTC_SHA512 > > + #error LTC_SHA512 is required for LTC_SHA512_256 > > +#endif > > +int sha512_256_init(hash_state * md); > > +#define sha512_256_process sha512_process > > +int sha512_256_done(hash_state * md, unsigned char *hash); > > +int sha512_256_test(void); > > +extern const struct ltc_hash_descriptor sha512_256_desc; > > +#endif > > + > > #if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE) > > int sha256_init(hash_state * md); > > int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); > > diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c > > new file mode 100644 > > index 0000000..066f141 > > --- /dev/null > > +++ b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c > > @@ -0,0 +1,158 @@ > > +// SPDX-License-Identifier: BSD-2-Clause > > +/* > > + * Copyright (c) 2001-2007, Tom St Denis > > + * All rights reserved. > > + * > > + * Redistribution and use in source and binary forms, with or without > > + * modification, are permitted provided that the following conditions are met: > > + * > > + * 1. Redistributions of source code must retain the above copyright notice, > > + * this list of conditions and the following disclaimer. > > + * > > + * 2. Redistributions in binary form must reproduce the above copyright notice, > > + * this list of conditions and the following disclaimer in the documentation > > + * and/or other materials provided with the distribution. > > + * > > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" > > + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > > + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE > > + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS > > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN > > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > > + * POSSIBILITY OF SUCH DAMAGE. > > + */ > > + > > +/* LibTomCrypt, modular cryptographic library -- Tom St Denis > > + * > > + * LibTomCrypt is a library that provides various cryptographic > > + * algorithms in a highly modular and flexible manner. > > + * > > + * The library is free for all purposes without any express > > + * guarantee it works. > > + */ > > +/** > > + @param sha512_256.c > > + SHA512/256 hash included in sha512.c > > +*/ > > + > > +#include "tomcrypt.h" > > + > > +#if defined(LTC_SHA512_256) && defined(LTC_SHA512) > > + > > +const struct ltc_hash_descriptor sha512_256_desc = > > +{ > > + "sha512-256", > > + 16, > > + 32, > > + 128, > > + > > + /* OID */ > > + { 2, 16, 840, 1, 101, 3, 4, 2, 6, }, > > + 9, > > + > > + &sha512_256_init, > > + &sha512_process, > > + &sha512_256_done, > > + &sha512_256_test, > > + NULL > > +}; > > + > > +/** > > + Initialize the hash state > > + @param md The hash state you wish to initialize > > + @return CRYPT_OK if successful > > +*/ > > +int sha512_256_init(hash_state * md) > > +{ > > + LTC_ARGCHK(md != NULL); > > + > > + md->sha512.curlen = 0; > > + md->sha512.length = 0; > > + md->sha512.state[0] = CONST64(0x22312194FC2BF72C); > > + md->sha512.state[1] = CONST64(0x9F555FA3C84C64C2); > > + md->sha512.state[2] = CONST64(0x2393B86B6F53B151); > > + md->sha512.state[3] = CONST64(0x963877195940EABD); > > + md->sha512.state[4] = CONST64(0x96283EE2A88EFFE3); > > + md->sha512.state[5] = CONST64(0xBE5E1E2553863992); > > + md->sha512.state[6] = CONST64(0x2B0199FC2C85B8AA); > > + md->sha512.state[7] = CONST64(0x0EB72DDC81C52CA2); > > + return CRYPT_OK; > > +} > > + > > +/** > > + Terminate the hash to get the digest > > + @param md The hash state > > + @param out [out] The destination of the hash (48 bytes) > > + @return CRYPT_OK if successful > > +*/ > > +int sha512_256_done(hash_state * md, unsigned char *out) > > +{ > > + unsigned char buf[64]; > > + > > + LTC_ARGCHK(md != NULL); > > + LTC_ARGCHK(out != NULL); > > + > > + if (md->sha512.curlen >= sizeof(md->sha512.buf)) { > > + return CRYPT_INVALID_ARG; > > + } > > + > > + sha512_done(md, buf); > > + XMEMCPY(out, buf, 32); > > +#ifdef LTC_CLEAN_STACK > > + zeromem(buf, sizeof(buf)); > > +#endif > > + return CRYPT_OK; > > +} > > + > > +/** > > + Self-test the hash > > + @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled > > +*/ > > +int sha512_256_test(void) > > +{ > > + #ifndef LTC_TEST > > + return CRYPT_NOP; > > + #else > > + static const struct { > > + const char *msg; > > + unsigned char hash[32]; > > + } tests[] = { > > + { "abc", > > + { 0x53, 0x04, 0x8E, 0x26, 0x81, 0x94, 0x1E, 0xF9, > > + 0x9B, 0x2E, 0x29, 0xB7, 0x6B, 0x4C, 0x7D, 0xAB, > > + 0xE4, 0xC2, 0xD0, 0xC6, 0x34, 0xFC, 0x6D, 0x46, > > + 0xE0, 0xE2, 0xF1, 0x31, 0x07, 0xE7, 0xAF, 0x23 } > > + }, > > + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", > > + { 0x39, 0x28, 0xE1, 0x84, 0xFB, 0x86, 0x90, 0xF8, > > + 0x40, 0xDA, 0x39, 0x88, 0x12, 0x1D, 0x31, 0xBE, > > + 0x65, 0xCB, 0x9D, 0x3E, 0xF8, 0x3E, 0xE6, 0x14, > > + 0x6F, 0xEA, 0xC8, 0x61, 0xE1, 0x9B, 0x56, 0x3A } > > + }, > > + }; > > + > > + int i; > > + unsigned char tmp[32]; > > + hash_state md; > > + > > + for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { > > + sha512_256_init(&md); > > + sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); > > + sha512_256_done(&md, tmp); > > + if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) { > > + return CRYPT_FAIL_TESTVECTOR; > > + } > > + } > > + return CRYPT_OK; > > + #endif > > +} > > + > > +#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ > > + > > +/* ref: $Format:%D$ */ > > +/* git commit: $Format:%H$ */ > > +/* commit time: $Format:%ai$ */ > > diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk > > index e6ff9bf..aa88b46 100644 > > --- a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk > > +++ b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk > > @@ -15,3 +15,4 @@ endif > > > > srcs-$(CFG_CRYPTO_SHA384) += sha384.c > > srcs-$(CFG_CRYPTO_SHA512) += sha512.c > > +srcs-$(CFG_CRYPTO_SHA512_256) += sha512_256.c > > diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c > > index 0c35a34..2f849fd 100644 > > --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c > > +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c > > @@ -2825,6 +2825,23 @@ TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, > > } > > #endif > > > > +#if defined(CFG_CRYPTO_SHA512_256) > > +TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, > > + size_t data_size) > > +{ > > + hash_state hs; > > + > > + if (sha512_256_init(&hs) != CRYPT_OK) > > + return TEE_ERROR_GENERIC; > > + if (sha512_256_process(&hs, data, data_size) != CRYPT_OK) > > + return TEE_ERROR_GENERIC; > > + if (sha512_256_done(&hs, digest) != CRYPT_OK) > > + return TEE_ERROR_GENERIC; > > + > > + return TEE_SUCCESS; > > +} > > +#endif > > + > > TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, > > void *enc_key, unsigned int *rounds) > > { > > -- > > 2.7.4 > >
diff --git a/core/crypto.mk b/core/crypto.mk index b0a50d5..2fcde13 100644 --- a/core/crypto.mk +++ b/core/crypto.mk @@ -26,6 +26,7 @@ CFG_CRYPTO_SHA224 ?= y CFG_CRYPTO_SHA256 ?= y CFG_CRYPTO_SHA384 ?= y CFG_CRYPTO_SHA512 ?= y +CFG_CRYPTO_SHA512_256 ?= y # Asymmetric ciphers CFG_CRYPTO_DSA ?= y diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h index 2018d3c..54a5f74 100644 --- a/core/include/crypto/crypto.h +++ b/core/include/crypto/crypto.h @@ -256,6 +256,17 @@ TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, size_t data_size); +/* + * Computes a SHA-512/256 hash, vetted conditioner as per NIST.SP.800-90B. + * It doesn't require crypto_init() to be called in advance and has as few + * dependencies as possible. + * + * This function could be used inside interrupt context where the crypto + * library can't be used due to mutex handling. + */ +TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, + size_t data_size); + #define CRYPTO_RNG_SRC_IS_QUICK(sid) (!!((sid) & 1)) /* diff --git a/core/lib/libtomcrypt/include/tomcrypt_custom.h b/core/lib/libtomcrypt/include/tomcrypt_custom.h index 2fbb7a1..030f86c 100644 --- a/core/lib/libtomcrypt/include/tomcrypt_custom.h +++ b/core/lib/libtomcrypt/include/tomcrypt_custom.h @@ -200,6 +200,9 @@ #ifdef CFG_CRYPTO_SHA512 #define LTC_SHA512 #endif +#ifdef CFG_CRYPTO_SHA512_256 +#define LTC_SHA512_256 +#endif #define LTC_NO_MACS diff --git a/core/lib/libtomcrypt/include/tomcrypt_hash.h b/core/lib/libtomcrypt/include/tomcrypt_hash.h index 8f67ad2..6678acc 100644 --- a/core/lib/libtomcrypt/include/tomcrypt_hash.h +++ b/core/lib/libtomcrypt/include/tomcrypt_hash.h @@ -255,6 +255,17 @@ int sha384_test(void); extern const struct ltc_hash_descriptor sha384_desc; #endif +#ifdef LTC_SHA512_256 +#ifndef LTC_SHA512 + #error LTC_SHA512 is required for LTC_SHA512_256 +#endif +int sha512_256_init(hash_state * md); +#define sha512_256_process sha512_process +int sha512_256_done(hash_state * md, unsigned char *hash); +int sha512_256_test(void); +extern const struct ltc_hash_descriptor sha512_256_desc; +#endif + #if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE) int sha256_init(hash_state * md); int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c new file mode 100644 index 0000000..066f141 --- /dev/null +++ b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c @@ -0,0 +1,158 @@ +// SPDX-License-Identifier: BSD-2-Clause +/* + * Copyright (c) 2001-2007, Tom St Denis + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +/** + @param sha512_256.c + SHA512/256 hash included in sha512.c +*/ + +#include "tomcrypt.h" + +#if defined(LTC_SHA512_256) && defined(LTC_SHA512) + +const struct ltc_hash_descriptor sha512_256_desc = +{ + "sha512-256", + 16, + 32, + 128, + + /* OID */ + { 2, 16, 840, 1, 101, 3, 4, 2, 6, }, + 9, + + &sha512_256_init, + &sha512_process, + &sha512_256_done, + &sha512_256_test, + NULL +}; + +/** + Initialize the hash state + @param md The hash state you wish to initialize + @return CRYPT_OK if successful +*/ +int sha512_256_init(hash_state * md) +{ + LTC_ARGCHK(md != NULL); + + md->sha512.curlen = 0; + md->sha512.length = 0; + md->sha512.state[0] = CONST64(0x22312194FC2BF72C); + md->sha512.state[1] = CONST64(0x9F555FA3C84C64C2); + md->sha512.state[2] = CONST64(0x2393B86B6F53B151); + md->sha512.state[3] = CONST64(0x963877195940EABD); + md->sha512.state[4] = CONST64(0x96283EE2A88EFFE3); + md->sha512.state[5] = CONST64(0xBE5E1E2553863992); + md->sha512.state[6] = CONST64(0x2B0199FC2C85B8AA); + md->sha512.state[7] = CONST64(0x0EB72DDC81C52CA2); + return CRYPT_OK; +} + +/** + Terminate the hash to get the digest + @param md The hash state + @param out [out] The destination of the hash (48 bytes) + @return CRYPT_OK if successful +*/ +int sha512_256_done(hash_state * md, unsigned char *out) +{ + unsigned char buf[64]; + + LTC_ARGCHK(md != NULL); + LTC_ARGCHK(out != NULL); + + if (md->sha512.curlen >= sizeof(md->sha512.buf)) { + return CRYPT_INVALID_ARG; + } + + sha512_done(md, buf); + XMEMCPY(out, buf, 32); +#ifdef LTC_CLEAN_STACK + zeromem(buf, sizeof(buf)); +#endif + return CRYPT_OK; +} + +/** + Self-test the hash + @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled +*/ +int sha512_256_test(void) +{ + #ifndef LTC_TEST + return CRYPT_NOP; + #else + static const struct { + const char *msg; + unsigned char hash[32]; + } tests[] = { + { "abc", + { 0x53, 0x04, 0x8E, 0x26, 0x81, 0x94, 0x1E, 0xF9, + 0x9B, 0x2E, 0x29, 0xB7, 0x6B, 0x4C, 0x7D, 0xAB, + 0xE4, 0xC2, 0xD0, 0xC6, 0x34, 0xFC, 0x6D, 0x46, + 0xE0, 0xE2, 0xF1, 0x31, 0x07, 0xE7, 0xAF, 0x23 } + }, + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + { 0x39, 0x28, 0xE1, 0x84, 0xFB, 0x86, 0x90, 0xF8, + 0x40, 0xDA, 0x39, 0x88, 0x12, 0x1D, 0x31, 0xBE, + 0x65, 0xCB, 0x9D, 0x3E, 0xF8, 0x3E, 0xE6, 0x14, + 0x6F, 0xEA, 0xC8, 0x61, 0xE1, 0x9B, 0x56, 0x3A } + }, + }; + + int i; + unsigned char tmp[32]; + hash_state md; + + for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { + sha512_256_init(&md); + sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); + sha512_256_done(&md, tmp); + if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) { + return CRYPT_FAIL_TESTVECTOR; + } + } + return CRYPT_OK; + #endif +} + +#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk index e6ff9bf..aa88b46 100644 --- a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk +++ b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk @@ -15,3 +15,4 @@ endif srcs-$(CFG_CRYPTO_SHA384) += sha384.c srcs-$(CFG_CRYPTO_SHA512) += sha512.c +srcs-$(CFG_CRYPTO_SHA512_256) += sha512_256.c diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index 0c35a34..2f849fd 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -2825,6 +2825,23 @@ TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, } #endif +#if defined(CFG_CRYPTO_SHA512_256) +TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, + size_t data_size) +{ + hash_state hs; + + if (sha512_256_init(&hs) != CRYPT_OK) + return TEE_ERROR_GENERIC; + if (sha512_256_process(&hs, data, data_size) != CRYPT_OK) + return TEE_ERROR_GENERIC; + if (sha512_256_done(&hs, digest) != CRYPT_OK) + return TEE_ERROR_GENERIC; + + return TEE_SUCCESS; +} +#endif + TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, void *enc_key, unsigned int *rounds) {
Signed-off-by: Sumit Garg <sumit.garg@linaro.org> --- core/crypto.mk | 1 + core/include/crypto/crypto.h | 11 ++ core/lib/libtomcrypt/include/tomcrypt_custom.h | 3 + core/lib/libtomcrypt/include/tomcrypt_hash.h | 11 ++ core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c | 158 ++++++++++++++++++++++ core/lib/libtomcrypt/src/hashes/sha2/sub.mk | 1 + core/lib/libtomcrypt/src/tee_ltc_provider.c | 17 +++ 7 files changed, 202 insertions(+) create mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c -- 2.7.4