From patchwork Fri Nov 16 12:43:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sumit Garg <sumit.garg@linaro.org>
X-Patchwork-Id: 151335
Delivered-To: patches@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp379630ljp;
 Fri, 16 Nov 2018 04:43:26 -0800 (PST)
X-Received: by 2002:a17:902:6bc1:: with SMTP id
 m1-v6mr10867169plt.34.1542372206402; 
 Fri, 16 Nov 2018 04:43:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542372206; cv=none;
 d=google.com; s=arc-20160816;
 b=SITi9uLKzRzLfzXh217eY2JX2e0eCAIWAx0a8Ud6EwTReuX1xnaUkGrZ7D5y7lftoC
 e/R6Qz/xV0pG3qkc5kfVfA8l7Bn0no5NEATk+Xs1P/YsulHrRb+2nHlE7DmipIzSZP+t
 Ip7ULWdiJ3oW7T8gp6QJNS3yfLlC4WpKX7ts9yc3iWT+2UnjKGCbbgiqMzwhuJ1oQY7G
 06XRggmosUkCjjrqgblqAO6zuvOLY/clEiiqaHLjnc3nd3bWeyVXOxo5ZuflaQPTlkLY
 II8aGEOX1YdPf7gmp9IqmBup9uNeghdY3xGlUr36KwyxRvswWBG/NTgOajBbERxH/D3z
 aDgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=message-id:date:subject:cc:to:from:dkim-signature;
 bh=4nV/TVMkj+uSr8ULxZ4OHbKC5yUYAjYCeSYbSqaWPoQ=;
 b=fE2yR2WnIoOC9bX34RsHQeMnnQtmzbgGfDFJNKffWJGjAyBOqElCAzIqbwccgpMz1j
 fV+Bkj6wieNgj4FfhFHv1FsQBeVg4oCHT6ikEguuP9qooE4IU+cF+pdutk/4UiLVJokA
 gojJATozEJciHpZYgcra56lFyZX6hC4+DNHx6WHpM2u4v2JBVbRA1/3dr3LwczJqyhjk
 pNGW6YtD6C4RbPh6qBixjMUYG2JRFDRIjvr8CVGcY71Ie+l61W0QAWzaP3mRCN5EIEfr
 +PrVWiy3CZU25/nPL/3iCbiYpp8hgnV60RSsNhJPyNq4r31o5CsjSccj8R3niv8Qjfes
 sn+A==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=MWh2rhLB;
 spf=pass (google.com: domain of sumit.garg@linaro.org designates
 209.85.220.65 as permitted sender)
 smtp.mailfrom=sumit.garg@linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <sumit.garg@linaro.org>
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com.
 [209.85.220.65]) by mx.google.com with SMTPS id
 r78-v6sor1097150pfa.72.2018.11.16.04.43.26 for <patches@linaro.org>
 (Google Transport Security); Fri, 16 Nov 2018 04:43:26 -0800 (PST)
Received-SPF: pass (google.com: domain of sumit.garg@linaro.org designates
 209.85.220.65 as permitted sender) client-ip=209.85.220.65; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=MWh2rhLB;
 spf=pass (google.com: domain of sumit.garg@linaro.org designates
 209.85.220.65 as permitted sender)
 smtp.mailfrom=sumit.garg@linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=4nV/TVMkj+uSr8ULxZ4OHbKC5yUYAjYCeSYbSqaWPoQ=;
 b=MWh2rhLBTHaZB8o0dIj3EDFRGNKTpGI1VSQqESHAZCWzk55YTkYl9GM0ibZDbsx6/3
 pe9H8V8DLi07qiA+OQrrlDkF5PnbdAmQXolU7SjBQKC+Krwk2Wgr4JWFPUExr19CkwIf
 IEG73x3+bcf5Ooh8TlPQlwIbpXOXg3k3wUyWw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=4nV/TVMkj+uSr8ULxZ4OHbKC5yUYAjYCeSYbSqaWPoQ=;
 b=CiUQ8HyG2G8mbks3H5UiAqvzYvNsW/BSLeq96Mj+buoA0AVWn/wgIYVc5lOL0aThMr
 D84GhrjxeS4v9E+i0N2HG2Gr2kbMBVo8qi4G4UDtUgRG4OS+QqlVlG7yrOlctXewxySp
 NHzpFszf8ZmURthV/TlGoxB1JvKzZWc5kUEny7LPSaRGk/SoPZUWkjMvGITTpkecp+Ve
 T4I2ZSrg8CLWtes+eK9V1P9pk4ukN4AViKIM5HjLAxzuAYNRKXt6sSIJ2hiK+YIYyiJq
 ARJPOQmtQYTYRHQGOJdqFXTZGy5FSalqbxRLBeyKU1f5uQx9pOvjIzrJNrm5sB+ne8A2
 PeAA==
X-Gm-Message-State: AGRZ1gKDAIYTkvrjDMy0UekXVUm71qdxbf84vtonafshba+FuSk7oBX1
 D5bmePICLUlysk1jdmPzrbNXinNrnho9Qg==
X-Google-Smtp-Source: AJdET5e89Vu/uBh3fDBZC/QIP+wnZXona1kVSyUORbx7P5n8NJ2JZXCH1A+EjeUfYuQDTEqYtNEFzg==
X-Received: by 2002:a62:51c1:: with SMTP id
 f184-v6mr11019514pfb.101.1542372205803; 
 Fri, 16 Nov 2018 04:43:25 -0800 (PST)
Return-Path: <sumit.garg@linaro.org>
Received: from localhost.localdomain ([117.252.66.84])
 by smtp.gmail.com with ESMTPSA id
 i193sm39735672pgc.22.2018.11.16.04.43.23
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Fri, 16 Nov 2018 04:43:25 -0800 (PST)
From: Sumit Garg <sumit.garg@linaro.org>
To: daniel.thompson@linaro.org
Cc: patches@linaro.org,
	Sumit Garg <sumit.garg@linaro.org>
Subject: [PATCH v2 1/2] libtomcrypt: Import SHA512/256 approved hash algorithm
Date: Fri, 16 Nov 2018 18:13:01 +0530
Message-Id: <1542372182-26682-1-git-send-email-sumit.garg@linaro.org>
X-Mailer: git-send-email 2.7.4

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
---
 core/crypto.mk                                    |   1 +
 core/include/crypto/crypto.h                      |  11 ++
 core/lib/libtomcrypt/include/tomcrypt_custom.h    |   3 +
 core/lib/libtomcrypt/include/tomcrypt_hash.h      |  11 ++
 core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c | 158 ++++++++++++++++++++++
 core/lib/libtomcrypt/src/hashes/sha2/sub.mk       |   1 +
 core/lib/libtomcrypt/src/tee_ltc_provider.c       |  17 +++
 7 files changed, 202 insertions(+)
 create mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c

-- 
2.7.4

diff --git a/core/crypto.mk b/core/crypto.mk
index b0a50d5..2fcde13 100644
--- a/core/crypto.mk
+++ b/core/crypto.mk
@@ -26,6 +26,7 @@ CFG_CRYPTO_SHA224 ?= y
 CFG_CRYPTO_SHA256 ?= y
 CFG_CRYPTO_SHA384 ?= y
 CFG_CRYPTO_SHA512 ?= y
+CFG_CRYPTO_SHA512_256 ?= y
 
 # Asymmetric ciphers
 CFG_CRYPTO_DSA ?= y
diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h
index 2018d3c..54a5f74 100644
--- a/core/include/crypto/crypto.h
+++ b/core/include/crypto/crypto.h
@@ -256,6 +256,17 @@ TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key,
 TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data,
 		size_t data_size);
 
+/*
+ * Computes a SHA-512/256 hash, vetted conditioner as per NIST.SP.800-90B.
+ * It doesn't require crypto_init() to be called in advance and has as few
+ * dependencies as possible.
+ *
+ * This function could be used inside interrupt context where the crypto
+ * library can't be used due to mutex handling.
+ */
+TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data,
+		size_t data_size);
+
 #define CRYPTO_RNG_SRC_IS_QUICK(sid) (!!((sid) & 1))
 
 /*
diff --git a/core/lib/libtomcrypt/include/tomcrypt_custom.h b/core/lib/libtomcrypt/include/tomcrypt_custom.h
index 2fbb7a1..030f86c 100644
--- a/core/lib/libtomcrypt/include/tomcrypt_custom.h
+++ b/core/lib/libtomcrypt/include/tomcrypt_custom.h
@@ -200,6 +200,9 @@
 #ifdef CFG_CRYPTO_SHA512
 #define LTC_SHA512
 #endif
+#ifdef CFG_CRYPTO_SHA512_256
+#define LTC_SHA512_256
+#endif
 
 #define LTC_NO_MACS
 
diff --git a/core/lib/libtomcrypt/include/tomcrypt_hash.h b/core/lib/libtomcrypt/include/tomcrypt_hash.h
index 8f67ad2..6678acc 100644
--- a/core/lib/libtomcrypt/include/tomcrypt_hash.h
+++ b/core/lib/libtomcrypt/include/tomcrypt_hash.h
@@ -255,6 +255,17 @@ int sha384_test(void);
 extern const struct ltc_hash_descriptor sha384_desc;
 #endif
 
+#ifdef LTC_SHA512_256
+#ifndef LTC_SHA512
+   #error LTC_SHA512 is required for LTC_SHA512_256
+#endif
+int sha512_256_init(hash_state * md);
+#define sha512_256_process sha512_process
+int sha512_256_done(hash_state * md, unsigned char *hash);
+int sha512_256_test(void);
+extern const struct ltc_hash_descriptor sha512_256_desc;
+#endif
+
 #if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE)
 int sha256_init(hash_state * md);
 int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen);
diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c
new file mode 100644
index 0000000..066f141
--- /dev/null
+++ b/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c
@@ -0,0 +1,158 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2001-2007, Tom St Denis
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+/**
+   @param sha512_256.c
+   SHA512/256 hash included in sha512.c
+*/
+
+#include "tomcrypt.h"
+
+#if defined(LTC_SHA512_256) && defined(LTC_SHA512)
+
+const struct ltc_hash_descriptor sha512_256_desc =
+{
+    "sha512-256",
+    16,
+    32,
+    128,
+
+    /* OID */
+   { 2, 16, 840, 1, 101, 3, 4, 2, 6,  },
+   9,
+
+    &sha512_256_init,
+    &sha512_process,
+    &sha512_256_done,
+    &sha512_256_test,
+    NULL
+};
+
+/**
+   Initialize the hash state
+   @param md   The hash state you wish to initialize
+   @return CRYPT_OK if successful
+*/
+int sha512_256_init(hash_state * md)
+{
+    LTC_ARGCHK(md != NULL);
+
+    md->sha512.curlen = 0;
+    md->sha512.length = 0;
+    md->sha512.state[0] = CONST64(0x22312194FC2BF72C);
+    md->sha512.state[1] = CONST64(0x9F555FA3C84C64C2);
+    md->sha512.state[2] = CONST64(0x2393B86B6F53B151);
+    md->sha512.state[3] = CONST64(0x963877195940EABD);
+    md->sha512.state[4] = CONST64(0x96283EE2A88EFFE3);
+    md->sha512.state[5] = CONST64(0xBE5E1E2553863992);
+    md->sha512.state[6] = CONST64(0x2B0199FC2C85B8AA);
+    md->sha512.state[7] = CONST64(0x0EB72DDC81C52CA2);
+    return CRYPT_OK;
+}
+
+/**
+   Terminate the hash to get the digest
+   @param md  The hash state
+   @param out [out] The destination of the hash (48 bytes)
+   @return CRYPT_OK if successful
+*/
+int sha512_256_done(hash_state * md, unsigned char *out)
+{
+   unsigned char buf[64];
+
+   LTC_ARGCHK(md  != NULL);
+   LTC_ARGCHK(out != NULL);
+
+    if (md->sha512.curlen >= sizeof(md->sha512.buf)) {
+       return CRYPT_INVALID_ARG;
+    }
+
+   sha512_done(md, buf);
+   XMEMCPY(out, buf, 32);
+#ifdef LTC_CLEAN_STACK
+   zeromem(buf, sizeof(buf));
+#endif
+   return CRYPT_OK;
+}
+
+/**
+  Self-test the hash
+  @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
+*/
+int  sha512_256_test(void)
+{
+ #ifndef LTC_TEST
+    return CRYPT_NOP;
+ #else
+  static const struct {
+      const char *msg;
+      unsigned char hash[32];
+  } tests[] = {
+    { "abc",
+      { 0x53, 0x04, 0x8E, 0x26, 0x81, 0x94, 0x1E, 0xF9,
+        0x9B, 0x2E, 0x29, 0xB7, 0x6B, 0x4C, 0x7D, 0xAB,
+        0xE4, 0xC2, 0xD0, 0xC6, 0x34, 0xFC, 0x6D, 0x46,
+        0xE0, 0xE2, 0xF1, 0x31, 0x07, 0xE7, 0xAF, 0x23 }
+    },
+    { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+      { 0x39, 0x28, 0xE1, 0x84, 0xFB, 0x86, 0x90, 0xF8,
+        0x40, 0xDA, 0x39, 0x88, 0x12, 0x1D, 0x31, 0xBE,
+        0x65, 0xCB, 0x9D, 0x3E, 0xF8, 0x3E, 0xE6, 0x14,
+        0x6F, 0xEA, 0xC8, 0x61, 0xE1, 0x9B, 0x56, 0x3A }
+    },
+  };
+
+  int i;
+  unsigned char tmp[32];
+  hash_state md;
+
+  for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
+      sha512_256_init(&md);
+      sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha512_256_done(&md, tmp);
+      if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+  }
+  return CRYPT_OK;
+ #endif
+}
+
+#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
index e6ff9bf..aa88b46 100644
--- a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
+++ b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
@@ -15,3 +15,4 @@ endif
 
 srcs-$(CFG_CRYPTO_SHA384) += sha384.c
 srcs-$(CFG_CRYPTO_SHA512) += sha512.c
+srcs-$(CFG_CRYPTO_SHA512_256) += sha512_256.c
diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c
index 0c35a34..2f849fd 100644
--- a/core/lib/libtomcrypt/src/tee_ltc_provider.c
+++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c
@@ -2825,6 +2825,23 @@ TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data,
 }
 #endif
 
+#if defined(CFG_CRYPTO_SHA512_256)
+TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data,
+		size_t data_size)
+{
+	hash_state hs;
+
+	if (sha512_256_init(&hs) != CRYPT_OK)
+		return TEE_ERROR_GENERIC;
+	if (sha512_256_process(&hs, data, data_size) != CRYPT_OK)
+		return TEE_ERROR_GENERIC;
+	if (sha512_256_done(&hs, digest) != CRYPT_OK)
+		return TEE_ERROR_GENERIC;
+
+	return TEE_SUCCESS;
+}
+#endif
+
 TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len,
 				     void *enc_key, unsigned int *rounds)
 {