HW Accelerated SHA1 and SHA256

Add Poritng for Sha1 and SHA256 over Cryptocell

Author: Ron Eldor

features/mbedtls/targets/TARGET_CRYPTOCELL310/mbedtls_device.h

@@ -21,8 +21,8 @@
 #ifndef __MBEDTLS_DEVICE__
 #define __MBEDTLS_DEVICE__
 
-#define MBEDTLS_AES_ALT
 #define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+#define MBEDTLS_AES_ALT
 #define MBEDTLS_SHA1_ALT
 #define MBEDTLS_SHA256_ALT
 #define MBEDTLS_CCM_ALT

features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.c

@@ -0,0 +1,86 @@
+/*
+ *  sha1_alt.c
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include "mbedtls/sha1.h"
+#if defined(MBEDTLS_SHA1_ALT)
+#include <string.h>
+
+void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
+
+}
+
+void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    CRYS_HASH_Free( &ctx->crys_hash_ctx );
+
+    memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
+}
+
+void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
+                         const mbedtls_sha1_context *src )
+{
+    memcpy( dst, src, sizeof( mbedtls_sha1_context ) );
+}
+
+int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
+{
+    if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA1_mode ) != CRYS_OK )
+            return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED );
+    return ( 0 );
+}
+
+
+int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
+                             const unsigned char *input,
+                             size_t ilen )
+{
+    if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK )
+        return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED );
+    return ( 0 );
+}
+
+int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
+                             unsigned char output[20] )
+{
+    CRYSError_t CrysErr = CRYS_OK;
+    CRYS_HASH_Result_t crys_result = {0};
+    CrysErr = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result );
+    if( CrysErr == CRYS_OK )
+    {
+        memcpy( output, crys_result, 20 );
+        return ( 0 );
+    }
+    else
+        return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED );
+}
+
+int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
+                                   const unsigned char data[64] )
+{
+    if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)data, 64 ) != CRYS_OK )
+        return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED );
+    return ( 0 );
+}
+#endif //MBEDTLS_SHA1_ALT

features/mbedtls/targets/TARGET_CRYPTOCELL310/sha1_alt.h

@@ -0,0 +1,148 @@
+/*
+ *  sha1_alt.h
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#ifndef __SHA1_ALT__
+#define __SHA1_ALT__
+#if defined(MBEDTLS_SHA1_ALT)
+#include "crys_hash.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/**
+ * \brief          SHA-1 context structure
+ */
+typedef struct
+{
+    CRYS_HASHUserContext_t crys_hash_ctx;
+} mbedtls_sha1_context;
+
+/**
+ * \brief          This function initializes a SHA-1 context.
+ *
+ * \param ctx      The SHA-1 context to initialize.
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          This function clears a SHA-1 context.
+ *
+ * \param ctx      The SHA-1 context to clear.
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          This function clones the state of a SHA-1 context.
+ *
+ * \param dst      The destination context.
+ * \param src      The context to clone.
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
+                         const mbedtls_sha1_context *src );
+
+/**
+ * \brief          This function starts a SHA-1 checksum calculation.
+ *
+ * \param ctx      The context to initialize.
+ *
+ * \return         \c 0 if successful
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          This function feeds an input buffer into an ongoing SHA-1
+ *                 checksum calculation.
+ *
+ * \param ctx      The SHA-1 context.
+ * \param input    The buffer holding the input data.
+ * \param ilen     The length of the input data.
+ *
+ * \return         \c 0 if successful
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
+                             const unsigned char *input,
+                             size_t ilen );
+
+/**
+ * \brief          This function finishes the SHA-1 operation, and writes
+ *                 the result to the output buffer.
+ *
+ * \param ctx      The SHA-1 context.
+ * \param output   The SHA-1 checksum result.
+ *
+ * \return         \c 0 if successful
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
+                             unsigned char output[20] );
+
+/**
+ * \brief          SHA-1 process data block (internal use only)
+ *
+ * \param ctx      SHA-1 context
+ * \param data     The data block being processed.
+ *
+ * \return         \c 0 if successful
+ *
+ * \warning        SHA-1 is considered a weak message digest and its use
+ *                 constitutes a security risk. We recommend considering
+ *                 stronger message digests instead.
+ *
+ */
+int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
+                                   const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //MBEDTLS_SHA1_ALT
+#endif //__SHA1_ALT__
+

features/mbedtls/targets/TARGET_CRYPTOCELL310/sha256_alt.c

@@ -0,0 +1,86 @@
+/*
+ *  sha256_alt.c
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include "mbedtls/sha256.h"
+#if defined(MBEDTLS_SHA256_ALT)
+#include <string.h>
+
+void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
+
+}
+
+void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+    CRYS_HASH_Free( &ctx->crys_hash_ctx );
+    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
+}
+
+void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
+                           const mbedtls_sha256_context *src )
+{
+    memcpy( dst, src, sizeof( mbedtls_sha256_context ) );
+}
+
+
+int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
+{
+    if(CRYS_HASH_Init( &ctx->crys_hash_ctx, is224 ?
+                    CRYS_HASH_SHA224_mode : CRYS_HASH_SHA256_mode ) != CRYS_OK )
+        return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED );
+    return ( 0 );
+}
+
+int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
+                                     const unsigned char data[64] )
+{
+    if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)data, 64 ) != CRYS_OK )
+        return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED );
+    return ( 0 );
+}
+
+int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
+                               const unsigned char *input,
+                               size_t ilen )
+{
+    if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK )
+        return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED );
+    return ( 0 );
+}
+
+int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
+                               unsigned char output[32] )
+{
+    CRYSError_t CrysErr = CRYS_OK;
+    CRYS_HASH_Result_t crys_result = {0};
+    CrysErr = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result );
+    if( CrysErr == CRYS_OK )
+    {
+        memcpy( output, crys_result, 32 );
+        return ( 0 );
+    }
+    else
+        return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED );
+}
+#endif //MBEDTLS_SHA256_ALT
+