xref: /optee_os/lib/libmbedtls/core/hash.c (revision 8ad96da2551eb82819ac3492c26c616a2de1ffce) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (C) 2018, ARM Limited
4  * Copyright (C) 2019, Linaro Limited
5  */
6 
7 #include <assert.h>
8 #include <compiler.h>
9 #include <crypto/crypto_accel.h>
10 #include <crypto/crypto.h>
11 #include <crypto/crypto_impl.h>
12 #include <kernel/panic.h>
13 #include <mbedtls/md.h>
14 #include <mbedtls/platform_util.h>
15 #include <mbedtls/sha1.h>
16 #include <mbedtls/sha256.h>
17 #include <mbedtls/sha512.h>
18 #include <stdlib.h>
19 #include <string_ext.h>
20 #include <string.h>
21 #include <tee_api_types.h>
22 #include <utee_defines.h>
23 #include <util.h>
24 
25 struct mbed_hash_ctx {
26 	struct crypto_hash_ctx hash_ctx;
27 	mbedtls_md_context_t md_ctx;
28 };
29 
30 static const struct crypto_hash_ops mbed_hash_ops;
31 
32 static struct mbed_hash_ctx *to_hash_ctx(struct crypto_hash_ctx *ctx)
33 {
34 	assert(ctx && ctx->ops == &mbed_hash_ops);
35 
36 	return container_of(ctx, struct mbed_hash_ctx, hash_ctx);
37 }
38 
39 static TEE_Result mbed_hash_init(struct crypto_hash_ctx *ctx)
40 {
41 	if (mbedtls_md_starts(&to_hash_ctx(ctx)->md_ctx))
42 		return TEE_ERROR_BAD_STATE;
43 
44 	return TEE_SUCCESS;
45 }
46 
47 static TEE_Result mbed_hash_update(struct crypto_hash_ctx *ctx,
48 				   const uint8_t *data, size_t len)
49 {
50 	if (mbedtls_md_update(&to_hash_ctx(ctx)->md_ctx, data, len))
51 		return TEE_ERROR_BAD_STATE;
52 
53 	return TEE_SUCCESS;
54 }
55 
56 static TEE_Result mbed_hash_final(struct crypto_hash_ctx *ctx, uint8_t *digest,
57 				  size_t len)
58 {
59 	struct mbed_hash_ctx *hc = to_hash_ctx(ctx);
60 	size_t hash_size = mbedtls_md_get_size(hc->md_ctx.md_info);
61 	uint8_t block_digest[TEE_MAX_HASH_SIZE] = { 0 };
62 	uint8_t *tmp_digest = NULL;
63 
64 	if (len == 0)
65 		return TEE_ERROR_BAD_PARAMETERS;
66 
67 	if (hash_size > len) {
68 		if (hash_size > sizeof(block_digest))
69 			return TEE_ERROR_BAD_STATE;
70 		tmp_digest = block_digest; /* use a tempory buffer */
71 	} else {
72 		tmp_digest = digest;
73 	}
74 
75 	if (mbedtls_md_finish(&hc->md_ctx, tmp_digest))
76 		return TEE_ERROR_BAD_STATE;
77 
78 	if (hash_size > len)
79 		memcpy(digest, tmp_digest, len);
80 
81 	return TEE_SUCCESS;
82 }
83 
84 static void mbed_hash_free_ctx(struct crypto_hash_ctx *ctx)
85 {
86 	struct mbed_hash_ctx *hc = to_hash_ctx(ctx);
87 
88 	mbedtls_md_free(&hc->md_ctx);
89 	free(hc);
90 }
91 
92 static void mbed_hash_copy_state(struct crypto_hash_ctx *dst_ctx,
93 				 struct crypto_hash_ctx *src_ctx)
94 {
95 	struct mbed_hash_ctx *src = to_hash_ctx(src_ctx);
96 	struct mbed_hash_ctx *dst = to_hash_ctx(dst_ctx);
97 
98 	if (mbedtls_md_clone(&dst->md_ctx, &src->md_ctx))
99 		panic();
100 }
101 
102 static const struct crypto_hash_ops mbed_hash_ops = {
103 	.init = mbed_hash_init,
104 	.update = mbed_hash_update,
105 	.final = mbed_hash_final,
106 	.free_ctx = mbed_hash_free_ctx,
107 	.copy_state = mbed_hash_copy_state,
108 };
109 
110 static TEE_Result mbed_hash_alloc_ctx(struct crypto_hash_ctx **ctx_ret,
111 				      mbedtls_md_type_t md_type)
112 {
113 	int mbed_res = 0;
114 	struct mbed_hash_ctx *hc = NULL;
115 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
116 
117 	if (!md_info)
118 		return TEE_ERROR_NOT_SUPPORTED;
119 
120 	hc = calloc(1, sizeof(*hc));
121 	if (!hc)
122 		return TEE_ERROR_OUT_OF_MEMORY;
123 
124 	hc->hash_ctx.ops = &mbed_hash_ops;
125 	mbed_res = mbedtls_md_setup(&hc->md_ctx, md_info, 0);
126 	if (mbed_res) {
127 		free(hc);
128 		if (mbed_res == MBEDTLS_ERR_MD_ALLOC_FAILED)
129 			return TEE_ERROR_OUT_OF_MEMORY;
130 		return TEE_ERROR_NOT_SUPPORTED;
131 	}
132 
133 	*ctx_ret = &hc->hash_ctx;
134 
135 	return TEE_SUCCESS;
136 }
137 
138 #if defined(CFG_CRYPTO_MD5)
139 TEE_Result crypto_md5_alloc_ctx(struct crypto_hash_ctx **ctx)
140 {
141 	return mbed_hash_alloc_ctx(ctx, MBEDTLS_MD_MD5);
142 }
143 #endif
144 
145 #if defined(CFG_CRYPTO_SHA1)
146 TEE_Result crypto_sha1_alloc_ctx(struct crypto_hash_ctx **ctx)
147 {
148 	return mbed_hash_alloc_ctx(ctx, MBEDTLS_MD_SHA1);
149 }
150 #endif
151 
152 #if defined(CFG_CRYPTO_SHA224)
153 TEE_Result crypto_sha224_alloc_ctx(struct crypto_hash_ctx **ctx)
154 {
155 	return mbed_hash_alloc_ctx(ctx, MBEDTLS_MD_SHA224);
156 }
157 #endif
158 
159 #if defined(CFG_CRYPTO_SHA256)
160 TEE_Result crypto_sha256_alloc_ctx(struct crypto_hash_ctx **ctx)
161 {
162 	return mbed_hash_alloc_ctx(ctx, MBEDTLS_MD_SHA256);
163 }
164 #endif
165 
166 #if defined(CFG_CRYPTO_SHA384)
167 TEE_Result crypto_sha384_alloc_ctx(struct crypto_hash_ctx **ctx)
168 {
169 	return mbed_hash_alloc_ctx(ctx, MBEDTLS_MD_SHA384);
170 }
171 #endif
172 
173 #if defined(CFG_CRYPTO_SHA512)
174 TEE_Result crypto_sha512_alloc_ctx(struct crypto_hash_ctx **ctx)
175 {
176 	return mbed_hash_alloc_ctx(ctx, MBEDTLS_MD_SHA512);
177 }
178 #endif
179 
180 #if defined(CFG_CRYPTO_SHA256)
181 TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data,
182 			     size_t data_size)
183 {
184 	mbedtls_sha256_context hs;
185 	uint8_t digest[TEE_SHA256_HASH_SIZE] = { 0 };
186 
187 	memset(&hs, 0, sizeof(hs));
188 	mbedtls_sha256_init(&hs);
189 	mbedtls_sha256_starts(&hs, 0);
190 	mbedtls_sha256_update(&hs, data, data_size);
191 	mbedtls_sha256_finish(&hs, digest);
192 	mbedtls_sha256_free(&hs);
193 
194 	if (consttime_memcmp(digest, hash, sizeof(digest)))
195 		return TEE_ERROR_SECURITY;
196 	return TEE_SUCCESS;
197 }
198 #endif
199 
200 #if defined(MBEDTLS_SHA1_PROCESS_ALT)
201 int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
202 				  const unsigned char data[64])
203 {
204 	MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL,
205 				      MBEDTLS_ERR_SHA1_BAD_INPUT_DATA);
206 	MBEDTLS_INTERNAL_VALIDATE_RET((const unsigned char *)data != NULL,
207 				      MBEDTLS_ERR_SHA1_BAD_INPUT_DATA);
208 
209 	crypto_accel_sha1_compress(ctx->state, data, 1);
210 
211 	return 0;
212 }
213 #endif /*MBEDTLS_SHA1_PROCESS_ALT*/
214 
215 #if defined(MBEDTLS_SHA256_PROCESS_ALT)
216 int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
217 				    const unsigned char data[64])
218 {
219 	MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL,
220 				      MBEDTLS_ERR_SHA256_BAD_INPUT_DATA);
221 	MBEDTLS_INTERNAL_VALIDATE_RET((const unsigned char *)data != NULL,
222 				      MBEDTLS_ERR_SHA256_BAD_INPUT_DATA);
223 
224 	crypto_accel_sha256_compress(ctx->state, data, 1);
225 
226 	return 0;
227 }
228 #endif /*MBEDTLS_SHA256_PROCESS_ALT*/
229 
230 #if defined(MBEDTLS_SHA512_PROCESS_ALT)
231 int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
232 				    const unsigned char data[64])
233 {
234 	MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL,
235 				      MBEDTLS_ERR_SHA512_BAD_INPUT_DATA);
236 	MBEDTLS_INTERNAL_VALIDATE_RET((const unsigned char *)data != NULL,
237 				      MBEDTLS_ERR_SHA512_BAD_INPUT_DATA);
238 
239 	crypto_accel_sha512_compress(ctx->state, data, 1);
240 
241 	return 0;
242 }
243 #endif /*MBEDTLS_SHA512_PROCESS_ALT*/
244