From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Raymond Mao <raymond.mao@linaro.org>
Cc: u-boot@lists.denx.de, manish.pandey2@arm.com,
Tom Rini <trini@konsulko.com>, Stefan Bosch <stefan_b@posteo.net>,
Mario Six <mario.six@gdsys.cc>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Michal Simek <michal.simek@amd.com>,
Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>,
Simon Glass <sjg@chromium.org>,
Jiaxun Yang <jiaxun.yang@flygoat.com>,
Andrejs Cainikovs <andrejs.cainikovs@toradex.com>,
Marek Vasut <marek.vasut+renesas@mailbox.org>,
Sean Anderson <seanga2@gmail.com>,
Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
Andrew Davis <afd@ti.com>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Sumit Garg <sumit.garg@linaro.org>,
Jesse Taube <mr.bossman075@gmail.com>, Bryan Brattlof <bb@ti.com>,
"Leon M. Busch-George" <leon@georgemail.eu>,
Igor Opaniuk <igor.opaniuk@gmail.com>,
Bin Meng <bmeng.cn@gmail.com>,
Alper Nebi Yasak <alpernebiyasak@gmail.com>,
Mattijs Korpershoek <mkorpershoek@baylibre.com>,
AKASHI Takahiro <akashi.tkhro@gmail.com>,
Alexander Gendin <agendin@matrox.com>,
Jonathan Humphreys <j-humphreys@ti.com>,
Eddie James <eajames@linux.ibm.com>,
Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Subject: Re: [PATCH v6 06/28] mbedtls: add digest shim layer for MbedTLS
Date: Wed, 28 Aug 2024 13:37:01 +0300 [thread overview]
Message-ID: <Zs79zfxLrE1/7aaL@hades> (raw)
In-Reply-To: <20240816214436.1877263-7-raymond.mao@linaro.org>
Hi Raymond,
[...]
> --- a/lib/mbedtls/Makefile
> +++ b/lib/mbedtls/Makefile
> @@ -5,17 +5,23 @@
>
> MBEDTLS_LIB_DIR = external/mbedtls/library
>
> +# shim layer for hash
> +obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o
> +obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o
> +obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o
> +obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
> +
> # MbedTLS crypto library
> obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o
> mbedtls_lib_crypto-y := \
> $(MBEDTLS_LIB_DIR)/platform_util.o \
> $(MBEDTLS_LIB_DIR)/constant_time.o \
> $(MBEDTLS_LIB_DIR)/md.o
> -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5) += $(MBEDTLS_LIB_DIR)/md5.o
> -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1) += $(MBEDTLS_LIB_DIR)/sha1.o
> -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256) += \
> +mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o
> +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o
> +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
Why do we need to rename these here? Can't you add them with the _MBEDTLS
suffix on the patch that introduced them?
> $(MBEDTLS_LIB_DIR)/sha256.o
> -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512) += \
> +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
> $(MBEDTLS_LIB_DIR)/sha512.o
>
> # MbedTLS X509 library
> diff --git a/lib/mbedtls/md5.c b/lib/mbedtls/md5.c
> new file mode 100644
> index 00000000000..04388fce249
> --- /dev/null
> +++ b/lib/mbedtls/md5.c
> @@ -0,0 +1,57 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Hash shim layer on MbedTLS Crypto library
> + *
> + * Copyright (c) 2024 Linaro Limited
> + * Author: Raymond Mao <raymond.mao@linaro.org>
> + */
> +#include "compiler.h"
> +
> +#ifndef USE_HOSTCC
> +#include <watchdog.h>
> +#endif /* USE_HOSTCC */
> +#include <u-boot/md5.h>
> +
> +void MD5Init(MD5Context *ctx)
> +{
> + mbedtls_md5_init(ctx);
> + mbedtls_md5_starts(ctx);
> +}
> +
> +void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len)
> +{
> + mbedtls_md5_update(ctx, buf, len);
> +}
> +
> +void MD5Final(unsigned char digest[16], MD5Context *ctx)
> +{
> + mbedtls_md5_finish(ctx, digest);
> + mbedtls_md5_free(ctx);
> +}
> +
> +void md5_wd(const unsigned char *input, unsigned int len,
> + unsigned char output[16], unsigned int chunk_sz)
> +{
> + MD5Context context;
> +
> + MD5Init(&context);
> +
> + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {
> + const unsigned char *curr = input;
> + const unsigned char *end = input + len;
> + int chunk;
> +
> + while (curr < end) {
> + chunk = end - curr;
> + if (chunk > chunk_sz)
> + chunk = chunk_sz;
> + MD5Update(&context, curr, chunk);
> + curr += chunk;
> + schedule();
> + }
> + } else {
> + MD5Update(&context, input, len);
> + }
> +
> + MD5Final(output, &context);
> +}
> diff --git a/lib/mbedtls/sha1.c b/lib/mbedtls/sha1.c
> new file mode 100644
> index 00000000000..2aee5037795
> --- /dev/null
> +++ b/lib/mbedtls/sha1.c
> @@ -0,0 +1,99 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Hash shim layer on MbedTLS Crypto library
> + *
> + * Copyright (c) 2024 Linaro Limited
> + * Author: Raymond Mao <raymond.mao@linaro.org>
> + */
> +#ifndef USE_HOSTCC
> +#include <cyclic.h>
> +#endif /* USE_HOSTCC */
> +#include <string.h>
> +#include <u-boot/sha1.h>
> +
> +const u8 sha1_der_prefix[SHA1_DER_LEN] = {
> + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
> + 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
> +};
> +
> +void sha1_starts(sha1_context *ctx)
> +{
> + mbedtls_sha1_init(ctx);
> + mbedtls_sha1_starts(ctx);
> +}
> +
> +void sha1_update(sha1_context *ctx, const unsigned char *input,
> + unsigned int length)
> +{
> + mbedtls_sha1_update(ctx, input, length);
> +}
> +
> +void sha1_finish(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN])
> +{
> + mbedtls_sha1_finish(ctx, output);
> + mbedtls_sha1_free(ctx);
> +}
> +
> +void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
> + unsigned char *output, unsigned int chunk_sz)
> +{
> + sha1_context ctx;
> +
> + sha1_starts(&ctx);
> +
> + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {
> + const unsigned char *curr = input;
> + const unsigned char *end = input + ilen;
> + int chunk;
> +
> + while (curr < end) {
> + chunk = end - curr;
> + if (chunk > chunk_sz)
> + chunk = chunk_sz;
> + sha1_update(&ctx, curr, chunk);
> + curr += chunk;
> + schedule();
> + }
> + } else {
> + sha1_update(&ctx, input, ilen);
> + }
> +
> + sha1_finish(&ctx, output);
> +}
> +
> +void sha1_hmac(const unsigned char *key, int keylen,
> + const unsigned char *input, unsigned int ilen,
> + unsigned char *output)
> +{
> + int i;
> + sha1_context ctx;
> + unsigned char k_ipad[K_PAD_LEN];
> + unsigned char k_opad[K_PAD_LEN];
> + unsigned char tmpbuf[20];
> +
> + if (keylen > K_PAD_LEN)
> + return;
> +
> + memset(k_ipad, K_IPAD_VAL, sizeof(k_ipad));
> + memset(k_opad, K_OPAD_VAL, sizeof(k_opad));
> +
> + for (i = 0; i < keylen; i++) {
> + k_ipad[i] ^= key[i];
> + k_opad[i] ^= key[i];
> + }
> +
> + sha1_starts(&ctx);
> + sha1_update(&ctx, k_ipad, sizeof(k_ipad));
> + sha1_update(&ctx, input, ilen);
> + sha1_finish(&ctx, tmpbuf);
> +
> + sha1_starts(&ctx);
> + sha1_update(&ctx, k_opad, sizeof(k_opad));
> + sha1_update(&ctx, tmpbuf, sizeof(tmpbuf));
> + sha1_finish(&ctx, output);
> +
> + memset(k_ipad, 0, sizeof(k_ipad));
> + memset(k_opad, 0, sizeof(k_opad));
> + memset(tmpbuf, 0, sizeof(tmpbuf));
> + memset(&ctx, 0, sizeof(sha1_context));
> +}
> diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c
> new file mode 100644
> index 00000000000..24aa58fa674
> --- /dev/null
> +++ b/lib/mbedtls/sha256.c
> @@ -0,0 +1,62 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Hash shim layer on MbedTLS Crypto library
> + *
> + * Copyright (c) 2024 Linaro Limited
> + * Author: Raymond Mao <raymond.mao@linaro.org>
> + */
> +#ifndef USE_HOSTCC
> +#include <cyclic.h>
> +#endif /* USE_HOSTCC */
> +#include <u-boot/sha256.h>
> +
> +const u8 sha256_der_prefix[SHA256_DER_LEN] = {
> + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
> + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
> + 0x00, 0x04, 0x20
> +};
> +
> +void sha256_starts(sha256_context *ctx)
> +{
> + mbedtls_sha256_init(ctx);
> + mbedtls_sha256_starts(ctx, 0);
> +}
> +
> +void
> +sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length)
> +{
> + mbedtls_sha256_update(ctx, input, length);
> +}
> +
> +void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN])
> +{
> + mbedtls_sha256_finish(ctx, digest);
> + mbedtls_sha256_free(ctx);
Patch #7 treats this differently and looks at the mbedtls_sha256_finish()
result (for all hashing algos). I think this one is correct and the other
one needs fixing
> +}
> +
> +void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
> + unsigned char *output, unsigned int chunk_sz)
> +{
> + sha256_context ctx;
> +
> + sha256_starts(&ctx);
> +
> + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {
> + const unsigned char *curr = input;
> + const unsigned char *end = input + ilen;
> + int chunk;
> +
> + while (curr < end) {
[...]
Thanks
/Ilias
next prev parent reply other threads:[~2024-08-28 10:37 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-16 21:43 [PATCH v6 00/28] Integrate MbedTLS v3.6 LTS with U-Boot Raymond Mao
2024-08-16 21:43 ` [PATCH v6 01/28] CI: Exclude MbedTLS subtree for CONFIG checks Raymond Mao
2024-08-16 21:43 ` [PATCH v6 02/28] mbedtls: add mbedtls into the build system Raymond Mao
2024-08-28 8:30 ` Ilias Apalodimas
2024-08-16 21:43 ` [PATCH v6 03/28] lib: Adapt digest header files to MbedTLS Raymond Mao
2024-08-28 9:25 ` Ilias Apalodimas
2024-09-03 15:12 ` Raymond Mao
2024-08-16 21:43 ` [PATCH v6 04/28] md5: Remove md5 non-watchdog API Raymond Mao
2024-08-16 21:43 ` [PATCH v6 05/28] sha1: Remove sha1 " Raymond Mao
2024-08-16 21:43 ` [PATCH v6 06/28] mbedtls: add digest shim layer for MbedTLS Raymond Mao
2024-08-28 10:37 ` Ilias Apalodimas [this message]
2024-09-03 15:28 ` Raymond Mao
2024-09-06 7:56 ` Ilias Apalodimas
2024-08-16 21:43 ` [PATCH v6 07/28] hash: integrate hash on mbedtls Raymond Mao
2024-08-28 9:53 ` Ilias Apalodimas
2024-09-03 15:49 ` Raymond Mao
2024-08-29 15:01 ` Simon Glass
2024-08-30 9:36 ` Ilias Apalodimas
2024-09-01 20:09 ` Simon Glass
2024-09-13 15:04 ` Ilias Apalodimas
2024-09-16 15:42 ` Simon Glass
2024-09-17 13:01 ` Ilias Apalodimas
2024-09-19 14:10 ` Simon Glass
2024-09-16 16:45 ` Raymond Mao
2024-09-03 15:54 ` Raymond Mao
2024-09-06 7:36 ` Ilias Apalodimas
2024-09-06 14:00 ` Raymond Mao
2024-09-06 14:05 ` Ilias Apalodimas
2024-09-03 15:45 ` Raymond Mao
2024-08-16 21:43 ` [PATCH v6 08/28] mbedtls: Enable smaller implementation for SHA256/512 Raymond Mao
2024-08-19 21:03 ` Tom Rini
2024-08-16 21:43 ` [PATCH v6 09/28] mbedtls/external: support Microsoft Authentication Code Raymond Mao
2024-08-28 8:33 ` Ilias Apalodimas
2024-08-16 21:43 ` [PATCH v6 10/28] mbedtls/external: support PKCS9 Authenticate Attributes Raymond Mao
2024-08-28 8:53 ` Ilias Apalodimas
2024-08-16 21:44 ` [PATCH v6 11/28] mbedtls/external: support decoding multiple signer's cert Raymond Mao
2024-08-16 21:44 ` [PATCH v6 12/28] mbedtls/external: update MbedTLS PKCS7 test suites Raymond Mao
2024-08-28 8:33 ` Ilias Apalodimas
2024-08-16 21:44 ` [PATCH v6 13/28] public_key: move common functions to public key helper Raymond Mao
2024-08-16 21:44 ` [PATCH v6 14/28] x509: move common functions to x509 helper Raymond Mao
2024-08-16 21:44 ` [PATCH v6 15/28] pkcs7: move common functions to PKCS7 helper Raymond Mao
2024-08-16 21:44 ` [PATCH v6 16/28] mbedtls: add public key porting layer Raymond Mao
2024-08-28 10:27 ` Ilias Apalodimas
2024-08-16 21:44 ` [PATCH v6 17/28] lib/crypto: Adapt public_key header with MbedTLS Raymond Mao
2024-08-16 21:44 ` [PATCH v6 18/28] mbedtls: add X509 cert parser porting layer Raymond Mao
2024-08-16 21:44 ` [PATCH v6 19/28] lib/crypto: Adapt x509_cert_parser to MbedTLS Raymond Mao
2024-08-16 21:44 ` [PATCH v6 20/28] mbedtls: add PKCS7 parser porting layer Raymond Mao
2024-08-16 21:44 ` [PATCH v6 21/28] lib/crypto: Adapt PKCS7 parser to MbedTLS Raymond Mao
2024-08-16 21:44 ` [PATCH v6 22/28] mbedtls: add MSCode parser porting layer Raymond Mao
2024-08-28 10:16 ` Ilias Apalodimas
2024-08-28 10:16 ` Ilias Apalodimas
2024-08-16 21:44 ` [PATCH v6 23/28] lib/crypto: Adapt mscode_parser to MbedTLS Raymond Mao
2024-08-16 21:44 ` [PATCH v6 24/28] mbedtls: add RSA helper layer on MbedTLS Raymond Mao
2024-08-28 10:28 ` Ilias Apalodimas
2024-08-16 21:44 ` [PATCH v6 25/28] lib/rypto: Adapt rsa_helper to MbedTLS Raymond Mao
2024-08-16 21:44 ` [PATCH v6 26/28] asn1_decoder: add build options for ASN1 decoder Raymond Mao
2024-08-28 8:55 ` Ilias Apalodimas
2024-08-16 21:44 ` [PATCH v6 27/28] test: Remove ASN1 library test Raymond Mao
2024-08-16 21:44 ` [PATCH v6 28/28] configs: enable MbedTLS as default setting Raymond Mao
2024-08-28 8:54 ` Ilias Apalodimas
2024-08-17 15:58 ` [PATCH v6 00/28] Integrate MbedTLS v3.6 LTS with U-Boot Simon Glass
2024-09-03 14:59 ` Raymond Mao
2024-09-06 0:43 ` Simon Glass
2024-09-06 14:50 ` Raymond Mao
2024-09-06 15:27 ` Tom Rini
2024-09-06 17:20 ` Raymond Mao
2024-09-10 18:44 ` Simon Glass
2024-09-10 21:29 ` Raymond Mao
2024-09-04 12:48 ` Peter Robinson
2024-09-04 16:43 ` Tom Rini
2024-09-06 7:01 ` Ilias Apalodimas
2024-09-06 0:43 ` Simon Glass
2024-09-06 9:05 ` Peter Robinson
2024-08-19 21:04 ` Tom Rini
2024-09-03 15:03 ` Raymond Mao
2024-09-11 19:15 ` Raymond Mao
2024-08-20 0:28 ` Tom Rini
2024-08-20 0:29 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zs79zfxLrE1/7aaL@hades \
--to=ilias.apalodimas@linaro.org \
--cc=afd@ti.com \
--cc=agendin@matrox.com \
--cc=akashi.tkhro@gmail.com \
--cc=alpernebiyasak@gmail.com \
--cc=andrejs.cainikovs@toradex.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bb@ti.com \
--cc=bmeng.cn@gmail.com \
--cc=eajames@linux.ibm.com \
--cc=igor.opaniuk@gmail.com \
--cc=j-humphreys@ti.com \
--cc=jiaxun.yang@flygoat.com \
--cc=leon@georgemail.eu \
--cc=manish.pandey2@arm.com \
--cc=marek.vasut+renesas@mailbox.org \
--cc=mario.six@gdsys.cc \
--cc=michal.simek@amd.com \
--cc=mkorpershoek@baylibre.com \
--cc=mr.bossman075@gmail.com \
--cc=oleksandr.suvorov@foundries.io \
--cc=rasmus.villemoes@prevas.dk \
--cc=raymond.mao@linaro.org \
--cc=seanga2@gmail.com \
--cc=sjg@chromium.org \
--cc=stefan_b@posteo.net \
--cc=sumit.garg@linaro.org \
--cc=trini@konsulko.com \
--cc=tuomas.tynkkynen@iki.fi \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.