From 0bb18fbaac32344a424d09642bd5dd3089a0292e Mon Sep 17 00:00:00 2001
From: nagendra modadugu <ngm@google.com>
Date: Thu, 8 Dec 2016 14:31:45 -0800
Subject: [PATCH] CR50: add support for SHA-384 & 512

This change adds the plumbing for SHA-384 & 512.
The actual hash implementation is software only,
and a part of the third_party/cryptoc library.

BRANCH=none
BUG=none
CQ-DEPEND=CL:418263
TEST=TCG tests pass

Change-Id: Iba7e6d420fd7fa0bce4ad9061e00f9275ecf4d72
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/417888
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
---
 board/cr50/build.mk       |  6 +++---
 board/cr50/tpm2/hash.c    | 28 +++++++++++++---------------
 chip/g/build.mk           |  4 +++-
 chip/g/dcrypto/dcrypto.h  |  8 +++++++-
 chip/g/dcrypto/internal.h |  2 ++
 chip/g/dcrypto/sha384.c   | 20 ++++++++++++++++++++
 chip/g/dcrypto/sha512.c   | 20 ++++++++++++++++++++
 7 files changed, 68 insertions(+), 20 deletions(-)
 create mode 100644 chip/g/dcrypto/sha384.c
 create mode 100644 chip/g/dcrypto/sha512.c

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index 48fb0c2a92..d2194c39e4 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -64,13 +64,13 @@ CPPFLAGS += -I$(abspath .)
 CPPFLAGS += -I$(abspath $(BDIR))
 CPPFLAGS += -I$(abspath ./test)
 
-# Make sure the context of the software sha256 implementation fits. If it ever
+# Make sure the context of the software sha512 implementation fits. If it ever
 # increases, a compile time assert will fire in tpm2/hash.c.
-CFLAGS += -DUSER_MIN_HASH_STATE_SIZE=112
+CFLAGS += -DUSER_MIN_HASH_STATE_SIZE=208
 # Configure TPM2 headers accordingly.
 CFLAGS += -DEMBEDDED_MODE=1
 # Configure cryptoc headers to handle unaligned accesses.
-CFLAGS += -DSUPPORT_UNALIGNED=1
+CFLAGS += -DSUPPORT_UNALIGNED=1 -DSHA512_SUPPORT=1
 
 # Add dependencies on that library
 $(out)/RW/ec.RW.elf $(out)/RW/ec.RW_B.elf: LDFLAGS_EXTRA += -L$(out)/tpm2 -ltpm2
diff --git a/board/cr50/tpm2/hash.c b/board/cr50/tpm2/hash.c
index a11fb9e450..8cd0dca41b 100644
--- a/board/cr50/tpm2/hash.c
+++ b/board/cr50/tpm2/hash.c
@@ -71,14 +71,12 @@ uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in,
 	case TPM_ALG_SHA256:
 		DCRYPTO_SHA256_hash(in, in_len, digest);
 		break;
-/* TODO: add support for SHA384 and SHA512
- *
- *	case TPM_ALG_SHA384:
- *		DCRYPTO_SHA384_hash(in, in_len, p);
- *		break;
- *	case TPM_ALG_SHA512:
- *		DCRYPTO_SHA512_hash(in, in_len, p);
- *		break; */
+	case TPM_ALG_SHA384:
+		DCRYPTO_SHA384_hash(in, in_len, digest);
+		break;
+	case TPM_ALG_SHA512:
+		DCRYPTO_SHA512_hash(in, in_len, digest);
+		break;
 	default:
 		FAIL(FATAL_ERROR_INTERNAL);
 		break;
@@ -106,13 +104,13 @@ uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence,
 		DCRYPTO_SHA256_init(ctx, sequence);
 		result = HASH_size(ctx);
 		break;
-/* TODO: add support for SHA384 and SHA512
- *	case TPM_ALG_SHA384:
- *		DCRYPTO_SHA384_init(in, in_len, p);
- *		break;
- *	case TPM_ALG_SHA512:
- *		DCRYPTO_SHA512_init(in, in_len, p);
- *		break; */
+
+	case TPM_ALG_SHA384:
+		DCRYPTO_SHA384_init(ctx);
+		break;
+	case TPM_ALG_SHA512:
+		DCRYPTO_SHA512_init(ctx);
+		break;
 	default:
 		result = 0;
 		break;
diff --git a/chip/g/build.mk b/chip/g/build.mk
index 692139847e..0505cf84b1 100644
--- a/chip/g/build.mk
+++ b/chip/g/build.mk
@@ -41,6 +41,8 @@ chip-$(CONFIG_DCRYPTO)+= dcrypto/p256_ecies.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/rsa.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/sha1.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/sha256.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/sha384.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/sha512.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/x509.o
 
 chip-$(CONFIG_SPI_MASTER)+=spi_master.o
@@ -137,7 +139,7 @@ $(out)/RW/ec.RW.elf $(out)/RW/ec.RW_B.elf: $(out)/cryptoc/libcryptoc.a
 .PHONY: $(out)/cryptoc/libcryptoc.a
 $(out)/cryptoc/libcryptoc.a:
 	$(MAKE) obj=$(realpath $(out))/cryptoc SUPPORT_UNALIGNED=1 \
-		-C $(CRYPTOCLIB)
+		SHA512_SUPPORT=1 -C $(CRYPTOCLIB)
 endif   # end CONFIG_DCRYPTO
 
 endif   # CHIP_MK_INCLUDED_ONCE is nonempty
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h
index 20f642f721..4cbb6dfd07 100644
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -60,10 +60,16 @@ int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits,
  */
 void DCRYPTO_SHA1_init(SHA_CTX *ctx, uint32_t sw_required);
 void DCRYPTO_SHA256_init(LITE_SHA256_CTX *ctx, uint32_t sw_required);
+void DCRYPTO_SHA384_init(LITE_SHA384_CTX *ctx);
+void DCRYPTO_SHA512_init(LITE_SHA512_CTX *ctx);
 const uint8_t *DCRYPTO_SHA1_hash(const void *data, uint32_t n,
 				uint8_t *digest);
 const uint8_t *DCRYPTO_SHA256_hash(const void *data, uint32_t n,
-				uint8_t *digest);
+				   uint8_t *digest);
+const uint8_t *DCRYPTO_SHA384_hash(const void *data, uint32_t n,
+				   uint8_t *digest);
+const uint8_t *DCRYPTO_SHA512_hash(const void *data, uint32_t n,
+				   uint8_t *digest);
 
 /*
  *  HMAC.
diff --git a/chip/g/dcrypto/internal.h b/chip/g/dcrypto/internal.h
index 7be2140ac4..c90d39e0f0 100644
--- a/chip/g/dcrypto/internal.h
+++ b/chip/g/dcrypto/internal.h
@@ -15,6 +15,8 @@
 #include "cryptoc/p256.h"
 #include "cryptoc/sha.h"
 #include "cryptoc/sha256.h"
+#include "cryptoc/sha384.h"
+#include "cryptoc/sha512.h"
 
 /*
  * SHA.
diff --git a/chip/g/dcrypto/sha384.c b/chip/g/dcrypto/sha384.c
new file mode 100644
index 0000000000..6f3c6ca096
--- /dev/null
+++ b/chip/g/dcrypto/sha384.c
@@ -0,0 +1,20 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "dcrypto.h"
+#include "internal.h"
+
+#include "cryptoc/sha384.h"
+
+void DCRYPTO_SHA384_init(LITE_SHA512_CTX *ctx)
+{
+	SHA384_init(ctx);
+}
+
+const uint8_t *DCRYPTO_SHA384_hash(const void *data, uint32_t n,
+				uint8_t *digest)
+{
+	return SHA384_hash(data, n, digest);
+}
diff --git a/chip/g/dcrypto/sha512.c b/chip/g/dcrypto/sha512.c
new file mode 100644
index 0000000000..1446970174
--- /dev/null
+++ b/chip/g/dcrypto/sha512.c
@@ -0,0 +1,20 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "dcrypto.h"
+#include "internal.h"
+
+#include "cryptoc/sha512.h"
+
+void DCRYPTO_SHA512_init(LITE_SHA512_CTX *ctx)
+{
+	SHA512_init(ctx);
+}
+
+const uint8_t *DCRYPTO_SHA512_hash(const void *data, uint32_t n,
+				uint8_t *digest)
+{
+	return SHA512_hash(data, n, digest);
+}