Re: [PATCH v3 06/25] mbedtls: add digest shim layer for MbedTLS

31 May 2024

On Tue, May 28, 2024 at 07:09:17AM -0700, Raymond Mao wrote:
...
Implement digest shim layer on top of MbedTLS crypto library.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2

Split the shim layer into separated files and use the original head
files instead of creating new ones.

Changes in v3

Refactored sha1_hmac and removed non-watchdog md5 function.

include/u-boot/sha1.h |   4 ++
 lib/mbedtls/Makefile  |   7 +++
 lib/mbedtls/md5.c     |  59 ++++++++++++++++++++++
 lib/mbedtls/sha1.c    | 111 ++++++++++++++++++++++++++++++++++++++++++
 lib/mbedtls/sha256.c  |  65 +++++++++++++++++++++++++
 lib/mbedtls/sha512.c  |  96 ++++++++++++++++++++++++++++++++++++
 6 files changed, 342 insertions(+)
 create mode 100644 lib/mbedtls/md5.c
 create mode 100644 lib/mbedtls/sha1.c
 create mode 100644 lib/mbedtls/sha256.c
 create mode 100644 lib/mbedtls/sha512.c

diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h
index ee46fe947a0..6120284ad4f 100644
--- a/include/u-boot/sha1.h
+++ b/include/u-boot/sha1.h
@@ -37,6 +37,10 @@ extern "C" {
 #define SHA1_SUM_LEN	20
 #define SHA1_DER_LEN	15
+#define K_IPAD_VAL 0x36
+#define K_OPAD_VAL 0x5C
+#define K_PAD_LEN 64



extern const uint8_t sha1_der_prefix[];
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
index 85f0a3cfd07..b8eda9638f4 100644
--- a/lib/mbedtls/Makefile
+++ b/lib/mbedtls/Makefile
@@ -14,6 +14,13 @@ ccflags-y += \
   -I$(src)/external/mbedtls/library \
   # This line is intentionally left blank
+# shim layer for hash
+obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_mbedtls.o
+hash_mbedtls-$(CONFIG_$(SPL_)MD5) += md5.o
+hash_mbedtls-$(CONFIG_$(SPL_)SHA1) += sha1.o
+hash_mbedtls-$(CONFIG_$(SPL_)SHA256) += sha256.o
+hash_mbedtls-$(CONFIG_$(SPL_)SHA512) += sha512.o



obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o
 mbedtls_lib_crypto-y := \
   $(MBEDTLS_LIB_DIR)/aes.o \
diff --git a/lib/mbedtls/md5.c b/lib/mbedtls/md5.c
new file mode 100644
index 00000000000..aa8c159f66f
--- /dev/null
+++ b/lib/mbedtls/md5.c
@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*


Hash shim layer on MbedTLS Crypto library







Copyright (c) 2023 Linaro Limited



Author: Raymond Mao raymond.mao@linaro.org


*/

+#include "compiler.h"



+#ifndef USE_HOSTCC
+#include <watchdog.h>
+#endif /* USE_HOSTCC */
+#include <u-boot/md5.h>



+void MD5Init(MD5Context *ctx)
+{

mbedtls_md5_init(ctx);
mbedtls_md5_starts(ctx);

+}



+void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len)
+{

mbedtls_md5_update(ctx, buf, len);

+}



+void MD5Final(unsigned char digest[16], MD5Context *ctx)
+{

mbedtls_md5_finish(ctx, digest);
mbedtls_md5_free(ctx);

+}



+void md5_wd(const unsigned char *input, unsigned int len,

   unsigned char output[16], unsigned int chunk_sz)



+{

MD5Context context;

+#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)

const unsigned char *end, *curr;
int chunk;

+#endif


MD5Init(&context);


+#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
IS_ENABLED() etc instead of ifdefs please throughout  the file
...

curr = input;
end = input + len;
while (curr < end) {
chunk = end - curr;


if (chunk > chunk_sz)


	chunk = chunk_sz;


MD5Update(&context, curr, chunk);


curr += chunk;


schedule();


}
const unsigned char *end, *curr;
int chunk;

+#endif


sha1_starts(&ctx);


[...]
Thanks
/Ilias

    

Re: [PATCH v3 06/25] mbedtls: add digest shim layer for MbedTLS

Ilias Apalodimas

Signed-off-by: Raymond Mao raymond.mao@linaro.org