CR50: add support for SHA-384 & 512

This change adds the plumbing for SHA-384 & 512. The actual hash implementation is software only, and a part of the third_party/cryptoc library. BRANCH=none BUG=none CQ-DEPEND=CL:418263 TEST=TCG tests pass Change-Id: Iba7e6d420fd7fa0bce4ad9061e00f9275ecf4d72 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/417888 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org>
2026-01-11 18:35:28 +00:00 · 2016-12-08 14:31:45 -08:00
parent 995c6b6985
commit 0bb18fbaac
7 changed files with 68 additions and 20 deletions
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -64,13 +64,13 @@ CPPFLAGS += -I$(abspath .)
 CPPFLAGS += -I$(abspath $(BDIR))
 CPPFLAGS += -I$(abspath ./test)

-# Make sure the context of the software sha256 implementation fits. If it ever
+# Make sure the context of the software sha512 implementation fits. If it ever
 # increases, a compile time assert will fire in tpm2/hash.c.
-CFLAGS += -DUSER_MIN_HASH_STATE_SIZE=112
+CFLAGS += -DUSER_MIN_HASH_STATE_SIZE=208
 # Configure TPM2 headers accordingly.
 CFLAGS += -DEMBEDDED_MODE=1
 # Configure cryptoc headers to handle unaligned accesses.
-CFLAGS += -DSUPPORT_UNALIGNED=1
+CFLAGS += -DSUPPORT_UNALIGNED=1 -DSHA512_SUPPORT=1

 # Add dependencies on that library
 $(out)/RW/ec.RW.elf $(out)/RW/ec.RW_B.elf: LDFLAGS_EXTRA += -L$(out)/tpm2 -ltpm2
--- a/board/cr50/tpm2/hash.c
+++ b/board/cr50/tpm2/hash.c
@@ -71,14 +71,12 @@ uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in,
 	case TPM_ALG_SHA256:
 		DCRYPTO_SHA256_hash(in, in_len, digest);
 		break;
-/* TODO: add support for SHA384 and SHA512
- *
- *	case TPM_ALG_SHA384:
- *		DCRYPTO_SHA384_hash(in, in_len, p);
- *		break;
- *	case TPM_ALG_SHA512:
- *		DCRYPTO_SHA512_hash(in, in_len, p);
- *		break; */
+	case TPM_ALG_SHA384:
+		DCRYPTO_SHA384_hash(in, in_len, digest);
+		break;
+	case TPM_ALG_SHA512:
+		DCRYPTO_SHA512_hash(in, in_len, digest);
+		break;
 	default:
 		FAIL(FATAL_ERROR_INTERNAL);
 		break;
@@ -106,13 +104,13 @@ uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence,
 		DCRYPTO_SHA256_init(ctx, sequence);
 		result = HASH_size(ctx);
 		break;
-/* TODO: add support for SHA384 and SHA512
- *	case TPM_ALG_SHA384:
- *		DCRYPTO_SHA384_init(in, in_len, p);
- *		break;
- *	case TPM_ALG_SHA512:
- *		DCRYPTO_SHA512_init(in, in_len, p);
- *		break; */
+
+	case TPM_ALG_SHA384:
+		DCRYPTO_SHA384_init(ctx);
+		break;
+	case TPM_ALG_SHA512:
+		DCRYPTO_SHA512_init(ctx);
+		break;
 	default:
 		result = 0;
 		break;
--- a/chip/g/build.mk
+++ b/chip/g/build.mk
@@ -41,6 +41,8 @@ chip-$(CONFIG_DCRYPTO)+= dcrypto/p256_ecies.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/rsa.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/sha1.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/sha256.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/sha384.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/sha512.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/x509.o

 chip-$(CONFIG_SPI_MASTER)+=spi_master.o
@@ -137,7 +139,7 @@ $(out)/RW/ec.RW.elf $(out)/RW/ec.RW_B.elf: $(out)/cryptoc/libcryptoc.a
 .PHONY: $(out)/cryptoc/libcryptoc.a
 $(out)/cryptoc/libcryptoc.a:
 	$(MAKE) obj=$(realpath $(out))/cryptoc SUPPORT_UNALIGNED=1 \
-		-C $(CRYPTOCLIB)
+		SHA512_SUPPORT=1 -C $(CRYPTOCLIB)
 endif   # end CONFIG_DCRYPTO

 endif   # CHIP_MK_INCLUDED_ONCE is nonempty
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -60,10 +60,16 @@ int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits,
 */
 void DCRYPTO_SHA1_init(SHA_CTX *ctx, uint32_t sw_required);
 void DCRYPTO_SHA256_init(LITE_SHA256_CTX *ctx, uint32_t sw_required);
+void DCRYPTO_SHA384_init(LITE_SHA384_CTX *ctx);
+void DCRYPTO_SHA512_init(LITE_SHA512_CTX *ctx);
 const uint8_t *DCRYPTO_SHA1_hash(const void *data, uint32_t n,
 				uint8_t *digest);
 const uint8_t *DCRYPTO_SHA256_hash(const void *data, uint32_t n,
-				uint8_t *digest);
+				   uint8_t *digest);
+const uint8_t *DCRYPTO_SHA384_hash(const void *data, uint32_t n,
+				   uint8_t *digest);
+const uint8_t *DCRYPTO_SHA512_hash(const void *data, uint32_t n,
+				   uint8_t *digest);

 /*
 *  HMAC.
--- a/chip/g/dcrypto/internal.h
+++ b/chip/g/dcrypto/internal.h
@@ -15,6 +15,8 @@
 #include "cryptoc/p256.h"
 #include "cryptoc/sha.h"
 #include "cryptoc/sha256.h"
+#include "cryptoc/sha384.h"
+#include "cryptoc/sha512.h"

 /*
 * SHA.
--- a/chip/g/dcrypto/sha384.c
+++ b/chip/g/dcrypto/sha384.c
@@ -0,0 +1,20 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "dcrypto.h"
+#include "internal.h"
+
+#include "cryptoc/sha384.h"
+
+void DCRYPTO_SHA384_init(LITE_SHA512_CTX *ctx)
+{
+	SHA384_init(ctx);
+}
+
+const uint8_t *DCRYPTO_SHA384_hash(const void *data, uint32_t n,
+				uint8_t *digest)
+{
+	return SHA384_hash(data, n, digest);
+}
--- a/chip/g/dcrypto/sha512.c
+++ b/chip/g/dcrypto/sha512.c
@@ -0,0 +1,20 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "dcrypto.h"
+#include "internal.h"
+
+#include "cryptoc/sha512.h"
+
+void DCRYPTO_SHA512_init(LITE_SHA512_CTX *ctx)
+{
+	SHA512_init(ctx);
+}
+
+const uint8_t *DCRYPTO_SHA512_hash(const void *data, uint32_t n,
+				uint8_t *digest)
+{
+	return SHA512_hash(data, n, digest);
+}