Re: [PATCH v3 06/25] mbedtls: add digest shim layer for MbedTLS

[Ilias Apalodimas <ilias.apalodimas@linaro.org>]

On Tue, May 28, 2024 at 07:09:17AM -0700, Raymond Mao wrote:
> Implement digest shim layer on top of MbedTLS crypto library.
>
> Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
> ---
> Changes in v2
> - Split the shim layer into separated files and use the original head
>   files instead of creating new ones.
> Changes in v3
> - Refactored sha1_hmac and removed non-watchdog md5 function.
>
>  include/u-boot/sha1.h |   4 ++
>  lib/mbedtls/Makefile  |   7 +++
>  lib/mbedtls/md5.c     |  59 ++++++++++++++++++++++
>  lib/mbedtls/sha1.c    | 111 ++++++++++++++++++++++++++++++++++++++++++
>  lib/mbedtls/sha256.c  |  65 +++++++++++++++++++++++++
>  lib/mbedtls/sha512.c  |  96 ++++++++++++++++++++++++++++++++++++
>  6 files changed, 342 insertions(+)
>  create mode 100644 lib/mbedtls/md5.c
>  create mode 100644 lib/mbedtls/sha1.c
>  create mode 100644 lib/mbedtls/sha256.c
>  create mode 100644 lib/mbedtls/sha512.c
>
> diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h
> index ee46fe947a0..6120284ad4f 100644
> --- a/include/u-boot/sha1.h
> +++ b/include/u-boot/sha1.h
> @@ -37,6 +37,10 @@ extern "C" {
>  #define SHA1_SUM_LEN	20
>  #define SHA1_DER_LEN	15
>
> +#define K_IPAD_VAL 0x36
> +#define K_OPAD_VAL 0x5C
> +#define K_PAD_LEN 64
> +
>  extern const uint8_t sha1_der_prefix[];
>
>  #if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
> diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
> index 85f0a3cfd07..b8eda9638f4 100644
> --- a/lib/mbedtls/Makefile
> +++ b/lib/mbedtls/Makefile
> @@ -14,6 +14,13 @@ ccflags-y += \
>  	-I$(src)/external/mbedtls/library \
>  	# This line is intentionally left blank
>
> +# shim layer for hash
> +obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_mbedtls.o
> +hash_mbedtls-$(CONFIG_$(SPL_)MD5) += md5.o
> +hash_mbedtls-$(CONFIG_$(SPL_)SHA1) += sha1.o
> +hash_mbedtls-$(CONFIG_$(SPL_)SHA256) += sha256.o
> +hash_mbedtls-$(CONFIG_$(SPL_)SHA512) += sha512.o
> +
>  obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o
>  mbedtls_lib_crypto-y := \
>  	$(MBEDTLS_LIB_DIR)/aes.o \
> diff --git a/lib/mbedtls/md5.c b/lib/mbedtls/md5.c
> new file mode 100644
> index 00000000000..aa8c159f66f
> --- /dev/null
> +++ b/lib/mbedtls/md5.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Hash shim layer on MbedTLS Crypto library
> + *
> + * Copyright (c) 2023 Linaro Limited
> + * Author: Raymond Mao <raymond.mao@linaro.org>
> + */
> +#include "compiler.h"
> +
> +#ifndef USE_HOSTCC
> +#include <watchdog.h>
> +#endif /* USE_HOSTCC */
> +#include <u-boot/md5.h>
> +
> +void MD5Init(MD5Context *ctx)
> +{
> +	mbedtls_md5_init(ctx);
> +	mbedtls_md5_starts(ctx);
> +}
> +
> +void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len)
> +{
> +	mbedtls_md5_update(ctx, buf, len);
> +}
> +
> +void MD5Final(unsigned char digest[16], MD5Context *ctx)
> +{
> +	mbedtls_md5_finish(ctx, digest);
> +	mbedtls_md5_free(ctx);
> +}
> +
> +void md5_wd(const unsigned char *input, unsigned int len,
> +	    unsigned char output[16], unsigned int chunk_sz)
> +{
> +	MD5Context context;
> +#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
> +	const unsigned char *end, *curr;
> +	int chunk;
> +#endif
> +
> +	MD5Init(&context);
> +
> +#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)

 IS_ENABLED() etc instead of ifdefs please throughout  the file

> +	curr = input;
> +	end = input + len;
> +	while (curr < end) {
> +		chunk = end - curr;
> +		if (chunk > chunk_sz)
> +			chunk = chunk_sz;
> +		MD5Update(&context, curr, chunk);
> +		curr += chunk;
> +		schedule();
> +	}
> +	const unsigned char *end, *curr;
> +	int chunk;
> +#endif
> +
> +	sha1_starts(&ctx);
> +
>
[...]

Thanks
/Ilias