From 0805876e0b2bf8f0a253993b512f1376b00500cf Mon Sep 17 00:00:00 2001 From: adustm Date: Thu, 9 Mar 2017 15:39:22 +0100 Subject: [PATCH 1/8] NUCLEO_F429ZI/mbedtls: add SHA256 hw_acceleration --- .../TARGET_NUCLEO_F439ZI/mbedtls_device.h | 1 + .../mbedtls/targets/TARGET_STM/sha256_alt.c | 104 ++++++++++++++ .../mbedtls/targets/TARGET_STM/sha256_alt.h | 127 ++++++++++++++++++ 3 files changed, 232 insertions(+) create mode 100644 features/mbedtls/targets/TARGET_STM/sha256_alt.c create mode 100644 features/mbedtls/targets/TARGET_STM/sha256_alt.h diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h index 9a06a1cba55..e8e4e13e8ff 100644 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h +++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h @@ -22,5 +22,6 @@ #define MBEDTLS_AES_ALT +#define MBEDTLS_SHA256_ALT #endif /* MBEDTLS_DEVICE_H */ diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c new file mode 100644 index 00000000000..db088f18ea9 --- /dev/null +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -0,0 +1,104 @@ +/* + * sha256_alt.c for SHA256 HASH + ******************************************************************************* + * Copyright (c) 2017, STMicroelectronics + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#include "mbedtls/sha256.h" + +#if defined(MBEDTLS_SHA256_ALT) + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); + + /* Enable HASH clock */ + __HAL_RCC_HASH_CLK_ENABLE(); +} + +void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) +{ + if( ctx == NULL ) + return; + + /* Force the HASH Periheral Clock Reset */ + __HAL_RCC_HASH_FORCE_RESET(); + + /* Release the HASH Periheral Clock Reset */ + __HAL_RCC_HASH_RELEASE_RESET(); + + mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); +} + +void mbedtls_sha256_clone( mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src ) +{ + *dst = *src; +} + +/* + * SHA-256 context setup + */ +void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) +{ + /* HASH IP initialization */ + HAL_HASH_DeInit(&ctx->hhash_sha256); + + /* HASH Configuration */ + ctx->hhash_sha256.Init.DataType = HASH_DATATYPE_8B; + HAL_HASH_Init(&ctx->hhash_sha256); + + ctx->is224 = is224; +} + +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) +{ + if (ctx->is224 == 0) + HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, 64); + else + HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, 64); +} + +/* + * SHA-256 process buffer + */ +void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) +{ + if (ctx->is224 == 0) + HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)input, ilen); + else + HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)input, ilen); +} + +/* + * SHA-256 final digest + */ +void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) +{ + __HAL_HASH_START_DIGEST(); + + if (ctx->is224 == 0) + HAL_HASHEx_SHA256_Finish(&ctx->hhash_sha256, output, 10); + else + HAL_HASHEx_SHA224_Finish(&ctx->hhash_sha256, output, 10); +} + +#endif /*MBEDTLS_SHA256_ALT*/ diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.h b/features/mbedtls/targets/TARGET_STM/sha256_alt.h new file mode 100644 index 00000000000..4e13c34b97f --- /dev/null +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.h @@ -0,0 +1,127 @@ +/* + * sha256_alt.h SHA-256 hash + ******************************************************************************* + * Copyright (C) 2017, STMicroelectronics + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#ifndef MBEDTLS_SHA256_ALT_H +#define MBEDTLS_SHA256_ALT_H + +#if defined (MBEDTLS_SHA256_ALT) +#include "mbedtls/platform.h" +#include "mbedtls/config.h" + +#include "cmsis.h" +#include +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-256 context structure + */ +typedef struct +{ + int is224; /*!< 0 => SHA-256, else SHA-224 */ + HASH_HandleTypeDef hhash_sha256; +} +mbedtls_sha256_context; + +/** + * \brief Initialize SHA-256 context + * + * \param ctx SHA-256 context to be initialized + */ +void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); + +/** + * \brief Clear SHA-256 context + * + * \param ctx SHA-256 context to be cleared + */ +void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); + +/** + * \brief Clone (the state of) a SHA-256 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void mbedtls_sha256_clone( mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src ); + +/** + * \brief SHA-256 context setup + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); + +/** + * \brief SHA-256 process buffer + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, + size_t ilen ); + +/** + * \brief SHA-256 final digest + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); + +/* Internal use */ +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Output = SHA-256( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void mbedtls_sha256( const unsigned char *input, size_t ilen, + unsigned char output[32], int is224 ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_sha256_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_SHA256_ALT */ + +#endif /* sha1_alt.h */ From 4976e2f3c74ee954b6d22530b8ca399694a479a3 Mon Sep 17 00:00:00 2001 From: adustm Date: Tue, 23 May 2017 11:37:27 +0200 Subject: [PATCH 2/8] Align SHA256 with MD5 and SHA1 implementation This will solve Size <4 issues --- .../mbedtls/targets/TARGET_STM/sha256_alt.c | 83 ++++++++++++++----- .../mbedtls/targets/TARGET_STM/sha256_alt.h | 48 ++++------- 2 files changed, 75 insertions(+), 56 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c index db088f18ea9..a9cf9fbccfb 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -20,6 +20,7 @@ #include "mbedtls/sha256.h" #if defined(MBEDTLS_SHA256_ALT) +#include "mbedtls/platform.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -28,7 +29,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); /* Enable HASH clock */ __HAL_RCC_HASH_CLK_ENABLE(); @@ -38,8 +39,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) { if( ctx == NULL ) return; - - /* Force the HASH Periheral Clock Reset */ + /* Force the HASH Periheral Clock Reset */ __HAL_RCC_HASH_FORCE_RESET(); /* Release the HASH Periheral Clock Reset */ @@ -54,45 +54,82 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, *dst = *src; } -/* - * SHA-256 context setup - */ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { /* HASH IP initialization */ - HAL_HASH_DeInit(&ctx->hhash_sha256); - - /* HASH Configuration */ - ctx->hhash_sha256.Init.DataType = HASH_DATATYPE_8B; - HAL_HASH_Init(&ctx->hhash_sha256); + if (HAL_HASH_DeInit(&ctx->hhash_sha256) == HAL_ERROR) { + // error found to be returned + return; + } ctx->is224 = is224; + /* HASH Configuration */ + ctx->hhash_sha256.Init.DataType = HASH_DATATYPE_8B; + if (HAL_HASH_Init(&ctx->hhash_sha256) == HAL_ERROR) { + // error found to be returned + return; + } } void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { - if (ctx->is224 == 0) + if (ctx->is224 == 0) { HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, 64); - else + } else { HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, 64); + } } -/* - * SHA-256 process buffer - */ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { - if (ctx->is224 == 0) - HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)input, ilen); - else - HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)input, ilen); + size_t currentlen = ilen; + // store mechanism to handle MBEDTLS_SHA256_BLOCK_SIZE bytes per MBEDTLS_SHA256_BLOCK_SIZE bytes + if (currentlen == 0){ // only change HW status is size if 0 + if(ctx->hhash_sha256.Phase == HAL_HASH_PHASE_READY) { + /* Select the SHA256 or SHA224 mode and reset the HASH processor core, so that the HASH will be ready to compute + the message digest of a new message */ + if (ctx->is224 == 0) { + HASH->CR |= HASH_ALGOSELECTION_SHA256 | HASH_CR_INIT; + } else { + HASH->CR |= HASH_ALGOSELECTION_SHA224 | HASH_CR_INIT; + } + } + ctx->hhash_sha256.Phase = HAL_HASH_PHASE_PROCESS; + } else if (currentlen < (MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len)) { + // only buffurize + memcpy(ctx->sbuf + ctx->sbuf_len, input, currentlen); + ctx->sbuf_len += currentlen; + } else { + // fill buffer and process it + memcpy(ctx->sbuf + ctx->sbuf_len, input, (MBEDTLS_SHA256_BLOCK_SIZE-ctx->sbuf_len)); + currentlen -= (MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len); + mbedtls_sha256_process(ctx, ctx->sbuf); + // now process every input as long as it is %4 bytes + size_t iter = currentlen / 4; + if (ctx->is224 == 0) { + HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)); + } else { + HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)); + } + // sbuf is now fully accumulated, now copy 1 / 2 or 3 remaining bytes + ctx->sbuf_len = currentlen % 4; + if (ctx->sbuf_len !=0) { + memcpy(ctx->sbuf, input + iter, ctx->sbuf_len); + } + } } -/* - * SHA-256 final digest - */ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { + if (ctx->sbuf_len > 0) { + if (ctx->is224 == 0) { + HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len); + } else { + HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len); + } + } + mbedtls_zeroize(ctx->sbuf, MBEDTLS_SHA256_BLOCK_SIZE); + ctx->sbuf_len = 0; __HAL_HASH_START_DIGEST(); if (ctx->is224 == 0) diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.h b/features/mbedtls/targets/TARGET_STM/sha256_alt.h index 4e13c34b97f..b6b6ae1b531 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.h +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.h @@ -1,7 +1,9 @@ -/* - * sha256_alt.h SHA-256 hash - ******************************************************************************* - * Copyright (C) 2017, STMicroelectronics +/** + * \file sha256_alt.h + * + * \brief SHA256 hw acceleration (hash function) + * + * Copyright (c) 2017, STMicroelectronics * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -21,22 +23,28 @@ #define MBEDTLS_SHA256_ALT_H #if defined (MBEDTLS_SHA256_ALT) -#include "mbedtls/platform.h" -#include "mbedtls/config.h" #include "cmsis.h" #include + #ifdef __cplusplus extern "C" { #endif +#define MBEDTLS_SHA256_BLOCK_SIZE ((size_t)(64)) // must be a multiple of 4 /** * \brief SHA-256 context structure + * \note HAL_HASH_SHA256_Accumulate cannot handle less than 4 bytes, unless it is the last call to the function + * A MBEDTLS_SHA256_BLOCK_SIZE bytes buffer is used to save values and handle the processing + * MBEDTLS_SHA256_BLOCK_SIZE bytes per MBEDTLS_SHA256_BLOCK_SIZE bytes + * If sha256_finish is called and sbuf_len>0, the remaining bytes are accumulated prior to the call to HAL_HASH_SHA256_Finish */ typedef struct { int is224; /*!< 0 => SHA-256, else SHA-224 */ HASH_HandleTypeDef hhash_sha256; + unsigned char sbuf[MBEDTLS_SHA256_BLOCK_SIZE]; /*!< MBEDTLS_SHA256_BLOCK_SIZE buffer to store values so that algorithm is caled once the buffer is filled */ + unsigned char sbuf_len; /*!< number of bytes to be processed in sbuf */ } mbedtls_sha256_context; @@ -96,32 +104,6 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da } #endif -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Output = SHA-256( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-224/256 checksum result - * \param is224 0 = use SHA256, 1 = use SHA224 - */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ); - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_sha256_self_test( int verbose ); - -#ifdef __cplusplus -} -#endif - #endif /* MBEDTLS_SHA256_ALT */ -#endif /* sha1_alt.h */ +#endif /* sha256_alt.h */ From b929b54b7cb96067ce8941be1e9475f94763ebed Mon Sep 17 00:00:00 2001 From: adustm Date: Tue, 23 May 2017 14:29:43 +0200 Subject: [PATCH 3/8] Replace 64 by MBEDTLS_SHA256_BLOCK_SIZE --- features/mbedtls/targets/TARGET_STM/sha256_alt.c | 6 +++--- features/mbedtls/targets/TARGET_STM/sha256_alt.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c index a9cf9fbccfb..100d21c6f23 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -71,12 +71,12 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) } } -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] ) { if (ctx->is224 == 0) { - HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, 64); + HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE); } else { - HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, 64); + HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE); } } diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.h b/features/mbedtls/targets/TARGET_STM/sha256_alt.h index b6b6ae1b531..46a9cdd2313 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.h +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.h @@ -98,7 +98,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); /* Internal use */ -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] ); #ifdef __cplusplus } From 80b58614a234841e4d281540ee095be5458591d7 Mon Sep 17 00:00:00 2001 From: adustm Date: Mon, 29 May 2017 16:16:52 +0200 Subject: [PATCH 4/8] SHA256: get ready to return error codes --- .../mbedtls/targets/TARGET_STM/sha256_alt.c | 38 ++++++++++++++----- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c index 100d21c6f23..a5363e1108f 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -74,10 +74,15 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] ) { if (ctx->is224 == 0) { - HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE); + if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE) != 0) { + // return 0; // Return error code + } } else { - HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE); + if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE) != 0) { + // return 0; // Return error code + } } + // return 1; } void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) @@ -107,9 +112,13 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in // now process every input as long as it is %4 bytes size_t iter = currentlen / 4; if (ctx->is224 == 0) { - HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)); + if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)) != 0) { + //return 1; // Return error code here + } } else { - HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)); + if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)) != 0) { + //return 1; // Return error code here + } } // sbuf is now fully accumulated, now copy 1 / 2 or 3 remaining bytes ctx->sbuf_len = currentlen % 4; @@ -123,19 +132,28 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 { if (ctx->sbuf_len > 0) { if (ctx->is224 == 0) { - HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len); + if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) { + //return 1; // Return error code here + } } else { - HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len); + if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) { + //return 1; // Return error code here + } } } mbedtls_zeroize(ctx->sbuf, MBEDTLS_SHA256_BLOCK_SIZE); ctx->sbuf_len = 0; __HAL_HASH_START_DIGEST(); - if (ctx->is224 == 0) - HAL_HASHEx_SHA256_Finish(&ctx->hhash_sha256, output, 10); - else - HAL_HASHEx_SHA224_Finish(&ctx->hhash_sha256, output, 10); + if (ctx->is224 == 0) { + if (HAL_HASHEx_SHA256_Finish(&ctx->hhash_sha256, output, 10) != 0) { + //return 1; // Return error code here + } + } else { + if (HAL_HASHEx_SHA224_Finish(&ctx->hhash_sha256, output, 10) != 0) { + //return 1; // Return error code here + } + } } #endif /*MBEDTLS_SHA256_ALT*/ From f1704733af0fc7d5e9b888f34a14eb43e15f4b0f Mon Sep 17 00:00:00 2001 From: adustm Date: Mon, 29 May 2017 17:21:53 +0200 Subject: [PATCH 5/8] Remove trailing whitespace --- features/mbedtls/targets/TARGET_STM/sha256_alt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c index a5363e1108f..fce41ac21ec 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -144,7 +144,7 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 mbedtls_zeroize(ctx->sbuf, MBEDTLS_SHA256_BLOCK_SIZE); ctx->sbuf_len = 0; __HAL_HASH_START_DIGEST(); - + if (ctx->is224 == 0) { if (HAL_HASHEx_SHA256_Finish(&ctx->hhash_sha256, output, 10) != 0) { //return 1; // Return error code here From 021b84a140da9aa03ff524eb27aaea5d8bcfd2cc Mon Sep 17 00:00:00 2001 From: adustm Date: Fri, 2 Jun 2017 14:42:39 +0200 Subject: [PATCH 6/8] Handle context swapping + rename macro ST_SHA256_BLOCK_SIZE Handle 64 bytes accumulation --- TESTS/mbedtls/multi/main.cpp | 146 ++++++++++++++++++ .../mbedtls/targets/TARGET_STM/sha256_alt.c | 92 +++++++---- .../mbedtls/targets/TARGET_STM/sha256_alt.h | 15 +- 3 files changed, 214 insertions(+), 39 deletions(-) create mode 100644 TESTS/mbedtls/multi/main.cpp diff --git a/TESTS/mbedtls/multi/main.cpp b/TESTS/mbedtls/multi/main.cpp new file mode 100644 index 00000000000..fcc0fe41d6a --- /dev/null +++ b/TESTS/mbedtls/multi/main.cpp @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2013-2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include "mbed.h" +#include "greentea-client/test_env.h" +#include "unity/unity.h" +#include "utest/utest.h" + +#include "mbedtls/sha256.h" + + +using namespace utest::v1; + +#if defined(MBEDTLS_SHA256_C) +/* Tests several call to mbedtls_sha256_update function that are not modulo 64 bytes */ +void test_case_sha256_split() { + const unsigned char test_buf[] = {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"}; + // sha256_output_values for 3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + const unsigned char test_sum[] = + { 0x50, 0xEA, 0x82, 0x5D, 0x96, 0x84, 0xF4, 0x22, + 0x9C, 0xA2, 0x9F, 0x1F, 0xEC, 0x51, 0x15, 0x93, + 0xE2, 0x81, 0xE4, 0x6A, 0x14, 0x0D, 0x81, 0xE0, + 0x00, 0x5F, 0x8F, 0x68, 0x86, 0x69, 0xA0, 0x6C}; + unsigned char outsum[32]; + int i; + + mbedtls_sha256_context ctx; + printf("test sha256\n"); + mbedtls_sha256_init( &ctx ); + mbedtls_sha256_starts( &ctx, 0); + #if 0 + printf("test not splitted\n"); + mbedtls_sha256_update( &ctx, test_buf, 168 ); + #else + printf("test splitted into 3 pieces\n"); + mbedtls_sha256_update( &ctx, test_buf, 2 ); + mbedtls_sha256_update( &ctx, test_buf+2, 66 ); + mbedtls_sha256_update( &ctx, test_buf+68, 100 ); + #endif + + mbedtls_sha256_finish( &ctx, outsum ); + mbedtls_sha256_free( &ctx ); + + printf("\nreceived result : "); + for (i=0;i<32;i++) { printf("%02X",outsum[i]);} + printf("\nawaited result : 50EA825D9684F4229CA29F1FEC511593E281E46A140D81E0005F8F688669A06C\n"); // for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + + printf("\nend of test sha256\n"); + TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum, test_sum,32); +} + +/* Tests that treating 2 sha256 objects in // does not impact the result */ +void test_case_sha256_multi() { + const unsigned char test_buf[] = {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"}; + // sha256_output_values for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + const unsigned char test_sum1[] = + { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, + 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, + 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, + 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 }; + // sha256_output_values for 3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + const unsigned char test_sum2[] = + { 0x50, 0xEA, 0x82, 0x5D, 0x96, 0x84, 0xF4, 0x22, + 0x9C, 0xA2, 0x9F, 0x1F, 0xEC, 0x51, 0x15, 0x93, + 0xE2, 0x81, 0xE4, 0x6A, 0x14, 0x0D, 0x81, 0xE0, + 0x00, 0x5F, 0x8F, 0x68, 0x86, 0x69, 0xA0, 0x6C}; + unsigned char outsum1[32], outsum2[32]; + int i; + + mbedtls_sha256_context ctx1; + mbedtls_sha256_context ctx2; + printf("test sha256_multi\n"); + //Init both contexts + mbedtls_sha256_init( &ctx1 ); + mbedtls_sha256_init( &ctx2 ); + //Start both contexts + mbedtls_sha256_starts( &ctx1, 0); + mbedtls_sha256_starts( &ctx2, 0); + + printf("upd ctx1\n"); + mbedtls_sha256_update( &ctx1, test_buf, 56 ); + printf("upd ctx2\n"); + mbedtls_sha256_update( &ctx2, test_buf, 66 ); + printf("finish ctx1\n"); + mbedtls_sha256_finish( &ctx1, outsum1 ); + printf("upd ctx2\n"); + mbedtls_sha256_update( &ctx2, test_buf+66, 46 ); + printf("free ctx1\n"); + mbedtls_sha256_free( &ctx1 ); + printf("upd ctx2\n"); + mbedtls_sha256_update( &ctx2, test_buf+112, 56 ); + printf("finish ctx2\n"); + mbedtls_sha256_finish( &ctx2, outsum2 ); + printf("free ctx2\n"); + mbedtls_sha256_free( &ctx2 ); + + printf("\nreceived result ctx1 : "); + for (i=0;i<32;i++) { printf("%02X",outsum1[i]);} + printf("\nawaited result : 248D6A61D20638B8E5C026930C3E6039A33CE45964FF216F6ECEDD19DB06C1\n"); // for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + printf("\nreceived result ctx2 : "); + for (i=0;i<32;i++) { printf("%02X",outsum2[i]);} + printf("\nawaited result : 50EA825D9684F4229CA29F1FEC511593E281E46A140D81E0005F8F688669A06C\n"); // for 3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + + printf("\nend of test sha256\n"); + TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum1, test_sum1,32); + TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum2, test_sum2,32); +} +#endif //MBEDTLS_SHA256_C + +utest::v1::status_t greentea_failure_handler(const Case *const source, const failure_t reason) { + greentea_case_failure_abort_handler(source, reason); + return STATUS_CONTINUE; +} + +Case cases[] = { +#if defined(MBEDTLS_SHA256_C) + Case("Crypto: sha256_split", test_case_sha256_split, greentea_failure_handler), + Case("Crypto: sha256_multi", test_case_sha256_multi, greentea_failure_handler), +#endif +}; + +utest::v1::status_t greentea_test_setup(const size_t number_of_cases) { + GREENTEA_SETUP(10, "default_auto"); + return greentea_test_setup_handler(number_of_cases); +} + +Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler); + +int main() { + Harness::run(specification); +} diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c index fce41ac21ec..08f81fb4d20 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -27,6 +27,28 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +static void st_sha256_restore_hw_context(mbedtls_sha256_context *ctx) +{ + uint32_t i; + /* allow multi-instance of HASH use: save context for HASH HW module CR */ + HASH->STR = ctx->ctx_save_str; + HASH->CR = (ctx->ctx_save_cr|HASH_CR_INIT); + for (i=0;i<38;i++) { + HASH->CSR[i] = ctx->ctx_save_csr[i]; + } +} + +static void st_sha256_save_hw_context(mbedtls_sha256_context *ctx) +{ + uint32_t i; + /* allow multi-instance of HASH use: restore context for HASH HW module CR */ + ctx->ctx_save_cr = HASH->CR; + ctx->ctx_save_str = HASH->STR; + for (i=0;i<38;i++) { + ctx->ctx_save_csr[i] = HASH->CSR[i]; + } +} + void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); @@ -39,12 +61,6 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) { if( ctx == NULL ) return; - /* Force the HASH Periheral Clock Reset */ - __HAL_RCC_HASH_FORCE_RESET(); - - /* Release the HASH Periheral Clock Reset */ - __HAL_RCC_HASH_RELEASE_RESET(); - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); } @@ -69,26 +85,31 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) // error found to be returned return; } + st_sha256_save_hw_context(ctx); } -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] ) +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[ST_SHA256_BLOCK_SIZE] ) { + st_sha256_restore_hw_context(ctx); if (ctx->is224 == 0) { - if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE) != 0) { - // return 0; // Return error code + if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, ST_SHA256_BLOCK_SIZE) != 0) { + return; // Return error code } } else { - if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE) != 0) { - // return 0; // Return error code + if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, ST_SHA256_BLOCK_SIZE) != 0) { + return; // Return error code } } - // return 1; + + st_sha256_save_hw_context(ctx); } void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { size_t currentlen = ilen; - // store mechanism to handle MBEDTLS_SHA256_BLOCK_SIZE bytes per MBEDTLS_SHA256_BLOCK_SIZE bytes + st_sha256_restore_hw_context(ctx); + + // store mechanism to accumulate ST_SHA256_BLOCK_SIZE bytes (512 bits) in the HW if (currentlen == 0){ // only change HW status is size if 0 if(ctx->hhash_sha256.Phase == HAL_HASH_PHASE_READY) { /* Select the SHA256 or SHA224 mode and reset the HASH processor core, so that the HASH will be ready to compute @@ -100,60 +121,65 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in } } ctx->hhash_sha256.Phase = HAL_HASH_PHASE_PROCESS; - } else if (currentlen < (MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len)) { + } else if (currentlen < (ST_SHA256_BLOCK_SIZE - ctx->sbuf_len)) { // only buffurize memcpy(ctx->sbuf + ctx->sbuf_len, input, currentlen); ctx->sbuf_len += currentlen; } else { // fill buffer and process it - memcpy(ctx->sbuf + ctx->sbuf_len, input, (MBEDTLS_SHA256_BLOCK_SIZE-ctx->sbuf_len)); - currentlen -= (MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len); + memcpy(ctx->sbuf + ctx->sbuf_len, input, (ST_SHA256_BLOCK_SIZE - ctx->sbuf_len)); + currentlen -= (ST_SHA256_BLOCK_SIZE - ctx->sbuf_len); mbedtls_sha256_process(ctx, ctx->sbuf); - // now process every input as long as it is %4 bytes - size_t iter = currentlen / 4; - if (ctx->is224 == 0) { - if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)) != 0) { - //return 1; // Return error code here - } - } else { - if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * 4)) != 0) { - //return 1; // Return error code here + // Process every input as long as it is %64 bytes, ie 512 bits + size_t iter = currentlen / ST_SHA256_BLOCK_SIZE; + if (iter !=0) { + if (ctx->is224 == 0) { + if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + ST_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * ST_SHA256_BLOCK_SIZE)) != 0) { + return; // Return error code here + } + } else { + if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + ST_SHA256_BLOCK_SIZE - ctx->sbuf_len), (iter * ST_SHA256_BLOCK_SIZE)) != 0) { + return; // Return error code here + } } } - // sbuf is now fully accumulated, now copy 1 / 2 or 3 remaining bytes - ctx->sbuf_len = currentlen % 4; + // sbuf is completely accumulated, now copy up to 63 remaining bytes + ctx->sbuf_len = currentlen % ST_SHA256_BLOCK_SIZE; if (ctx->sbuf_len !=0) { - memcpy(ctx->sbuf, input + iter, ctx->sbuf_len); + memcpy(ctx->sbuf, input + ilen - ctx->sbuf_len, ctx->sbuf_len); } } + st_sha256_save_hw_context(ctx); } void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { + st_sha256_restore_hw_context(ctx); if (ctx->sbuf_len > 0) { if (ctx->is224 == 0) { if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) { - //return 1; // Return error code here + return; // Return error code here } } else { if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) { - //return 1; // Return error code here + return; // Return error code here } } } - mbedtls_zeroize(ctx->sbuf, MBEDTLS_SHA256_BLOCK_SIZE); + mbedtls_zeroize(ctx->sbuf, ST_SHA256_BLOCK_SIZE); ctx->sbuf_len = 0; __HAL_HASH_START_DIGEST(); if (ctx->is224 == 0) { if (HAL_HASHEx_SHA256_Finish(&ctx->hhash_sha256, output, 10) != 0) { - //return 1; // Return error code here + return; // Return error code here } } else { if (HAL_HASHEx_SHA224_Finish(&ctx->hhash_sha256, output, 10) != 0) { - //return 1; // Return error code here + return; // Return error code here } } + st_sha256_save_hw_context(ctx); } #endif /*MBEDTLS_SHA256_ALT*/ diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.h b/features/mbedtls/targets/TARGET_STM/sha256_alt.h index 46a9cdd2313..04678706a29 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.h +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.h @@ -31,20 +31,23 @@ extern "C" { #endif -#define MBEDTLS_SHA256_BLOCK_SIZE ((size_t)(64)) // must be a multiple of 4 +#define ST_SHA256_BLOCK_SIZE ((size_t)(64)) // HW handles 512 bits, ie 64 bytes /** * \brief SHA-256 context structure - * \note HAL_HASH_SHA256_Accumulate cannot handle less than 4 bytes, unless it is the last call to the function - * A MBEDTLS_SHA256_BLOCK_SIZE bytes buffer is used to save values and handle the processing - * MBEDTLS_SHA256_BLOCK_SIZE bytes per MBEDTLS_SHA256_BLOCK_SIZE bytes + * \note HAL_HASH_SHA256_Accumulate will accumulate 512 bits packets, unless it is the last call to the function + * A ST_SHA256_BLOCK_SIZE bytes buffer is used to save values and handle the processing + * ST_SHA256_BLOCK_SIZE bytes per ST_SHA256_BLOCK_SIZE bytes * If sha256_finish is called and sbuf_len>0, the remaining bytes are accumulated prior to the call to HAL_HASH_SHA256_Finish */ typedef struct { int is224; /*!< 0 => SHA-256, else SHA-224 */ HASH_HandleTypeDef hhash_sha256; - unsigned char sbuf[MBEDTLS_SHA256_BLOCK_SIZE]; /*!< MBEDTLS_SHA256_BLOCK_SIZE buffer to store values so that algorithm is caled once the buffer is filled */ + unsigned char sbuf[ST_SHA256_BLOCK_SIZE]; /*!< ST_SHA256_BLOCK_SIZE buffer to store values so that algorithm is called once the buffer is filled */ unsigned char sbuf_len; /*!< number of bytes to be processed in sbuf */ + uint32_t ctx_save_cr; + uint32_t ctx_save_str; + uint32_t ctx_save_csr[38]; } mbedtls_sha256_context; @@ -98,7 +101,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); /* Internal use */ -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] ); +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[ST_SHA256_BLOCK_SIZE] ); #ifdef __cplusplus } From 8ea9ca0af96ffd25a470ab45c093f76ec7cb618f Mon Sep 17 00:00:00 2001 From: adustm Date: Tue, 6 Jun 2017 16:26:40 +0200 Subject: [PATCH 7/8] Add test of sha256_clone function --- TESTS/mbedtls/multi/main.cpp | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/TESTS/mbedtls/multi/main.cpp b/TESTS/mbedtls/multi/main.cpp index fcc0fe41d6a..ce823cadcd4 100644 --- a/TESTS/mbedtls/multi/main.cpp +++ b/TESTS/mbedtls/multi/main.cpp @@ -67,6 +67,8 @@ void test_case_sha256_split() { /* Tests that treating 2 sha256 objects in // does not impact the result */ void test_case_sha256_multi() { const unsigned char test_buf[] = {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"}; + const unsigned char test_buf2[] = {"abcdefghijklmnopqrstuvwxyz012345678901234567890123456789"}; + // sha256_output_values for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq const unsigned char test_sum1[] = { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, @@ -79,15 +81,23 @@ void test_case_sha256_multi() { 0x9C, 0xA2, 0x9F, 0x1F, 0xEC, 0x51, 0x15, 0x93, 0xE2, 0x81, 0xE4, 0x6A, 0x14, 0x0D, 0x81, 0xE0, 0x00, 0x5F, 0x8F, 0x68, 0x86, 0x69, 0xA0, 0x6C}; - unsigned char outsum1[32], outsum2[32]; + // sha256_output_values for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdefghijklmnopqrstuvwxyz012345678901234567890123456789 + const unsigned char test_sum3[] = + { 0x6D, 0x5D, 0xDB, 0x5F, 0x4A, 0x94, 0xAB, 0x7E, + 0x5C, 0xF7, 0x9A, 0xD8, 0x3F, 0x58, 0xD3, 0x97, + 0xFE, 0x79, 0xFB, 0x0D, 0x79, 0xB2, 0x0D, 0x22, + 0xFF, 0x95, 0x9F, 0x04, 0xA2, 0xE4, 0x6C, 0x68}; + unsigned char outsum1[32], outsum2[32], outsum3[32]; int i; mbedtls_sha256_context ctx1; mbedtls_sha256_context ctx2; + mbedtls_sha256_context ctx3; printf("test sha256_multi\n"); //Init both contexts - mbedtls_sha256_init( &ctx1 ); - mbedtls_sha256_init( &ctx2 ); + mbedtls_sha256_init( &ctx1); + mbedtls_sha256_init( &ctx2); + mbedtls_sha256_init( &ctx3); //Start both contexts mbedtls_sha256_starts( &ctx1, 0); mbedtls_sha256_starts( &ctx2, 0); @@ -100,25 +110,36 @@ void test_case_sha256_multi() { mbedtls_sha256_finish( &ctx1, outsum1 ); printf("upd ctx2\n"); mbedtls_sha256_update( &ctx2, test_buf+66, 46 ); + printf("clone ctx2 in ctx3\n"); + mbedtls_sha256_clone(&ctx3, (const mbedtls_sha256_context *)&ctx2); printf("free ctx1\n"); mbedtls_sha256_free( &ctx1 ); printf("upd ctx2\n"); mbedtls_sha256_update( &ctx2, test_buf+112, 56 ); + printf("upd ctx3 with different values than ctx2\n"); + mbedtls_sha256_update( &ctx3, test_buf2, 56 ); printf("finish ctx2\n"); mbedtls_sha256_finish( &ctx2, outsum2 ); + printf("finish ctx3\n"); + mbedtls_sha256_finish( &ctx3, outsum3 ); printf("free ctx2\n"); mbedtls_sha256_free( &ctx2 ); - + printf("free ctx3\n"); + mbedtls_sha256_free( &ctx3 ); + printf("\nreceived result ctx1 : "); for (i=0;i<32;i++) { printf("%02X",outsum1[i]);} printf("\nawaited result : 248D6A61D20638B8E5C026930C3E6039A33CE45964FF216F6ECEDD19DB06C1\n"); // for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq printf("\nreceived result ctx2 : "); for (i=0;i<32;i++) { printf("%02X",outsum2[i]);} printf("\nawaited result : 50EA825D9684F4229CA29F1FEC511593E281E46A140D81E0005F8F688669A06C\n"); // for 3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq - + printf("\nreceived result ctx3 : "); + for (i=0;i<32;i++) { printf("%02X",outsum3[i]);} + printf("\nawaited result : 6D5DDB5F4A94AB7E5CF79AD83F58D397FE79FB0D79B20D22FF959F04A2E46C68\n"); // for 2*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq+3*0123456789 printf("\nend of test sha256\n"); TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum1, test_sum1,32); TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum2, test_sum2,32); + TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum3, test_sum3,32); } #endif //MBEDTLS_SHA256_C From a27498c44ae5de0e13c018b6d1dff1fbf1eba330 Mon Sep 17 00:00:00 2001 From: adustm Date: Thu, 8 Jun 2017 18:00:49 +0200 Subject: [PATCH 8/8] Check HASH is not busy before save/resteore context --- .../mbedtls/targets/TARGET_STM/sha256_alt.c | 54 +++++++++++++++---- .../mbedtls/targets/TARGET_STM/sha256_alt.h | 3 +- 2 files changed, 45 insertions(+), 12 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c index 08f81fb4d20..a3354e9968a 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.c @@ -27,26 +27,44 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -static void st_sha256_restore_hw_context(mbedtls_sha256_context *ctx) +static int st_sha256_restore_hw_context(mbedtls_sha256_context *ctx) { uint32_t i; + uint32_t tickstart; /* allow multi-instance of HASH use: save context for HASH HW module CR */ + /* Check that there is no HASH activity on going */ + tickstart = HAL_GetTick(); + while ((HASH->SR & (HASH_FLAG_BUSY | HASH_FLAG_DMAS)) != 0) { + if ((HAL_GetTick() - tickstart) > ST_SHA256_TIMEOUT) { + return 0; // timeout: HASH processor is busy + } + } HASH->STR = ctx->ctx_save_str; - HASH->CR = (ctx->ctx_save_cr|HASH_CR_INIT); + HASH->CR = (ctx->ctx_save_cr | HASH_CR_INIT); for (i=0;i<38;i++) { HASH->CSR[i] = ctx->ctx_save_csr[i]; } + return 1; } -static void st_sha256_save_hw_context(mbedtls_sha256_context *ctx) +static int st_sha256_save_hw_context(mbedtls_sha256_context *ctx) { uint32_t i; + uint32_t tickstart; + /* Check that there is no HASH activity on going */ + tickstart = HAL_GetTick(); + while ((HASH->SR & (HASH_FLAG_BUSY | HASH_FLAG_DMAS)) != 0) { + if ((HAL_GetTick() - tickstart) > ST_SHA256_TIMEOUT) { + return 0; // timeout: HASH processor is busy + } + } /* allow multi-instance of HASH use: restore context for HASH HW module CR */ ctx->ctx_save_cr = HASH->CR; ctx->ctx_save_str = HASH->STR; for (i=0;i<38;i++) { ctx->ctx_save_csr[i] = HASH->CSR[i]; } + return 1; } void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) @@ -85,12 +103,16 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) // error found to be returned return; } - st_sha256_save_hw_context(ctx); + if (st_sha256_save_hw_context(ctx) != 1) { + return; // return HASH_BUSY timeout Error here + } } void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[ST_SHA256_BLOCK_SIZE] ) { - st_sha256_restore_hw_context(ctx); + if (st_sha256_restore_hw_context(ctx) != 1) { + return; // Return HASH_BUSY timout error here + } if (ctx->is224 == 0) { if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, ST_SHA256_BLOCK_SIZE) != 0) { return; // Return error code @@ -101,16 +123,20 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da } } - st_sha256_save_hw_context(ctx); + if (st_sha256_save_hw_context(ctx) != 1) { + return; // return HASH_BUSY timeout Error here + } } void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { size_t currentlen = ilen; - st_sha256_restore_hw_context(ctx); + if (st_sha256_restore_hw_context(ctx) != 1) { + return; // Return HASH_BUSY timout error here + } // store mechanism to accumulate ST_SHA256_BLOCK_SIZE bytes (512 bits) in the HW - if (currentlen == 0){ // only change HW status is size if 0 + if (currentlen == 0) { // only change HW status is size if 0 if(ctx->hhash_sha256.Phase == HAL_HASH_PHASE_READY) { /* Select the SHA256 or SHA224 mode and reset the HASH processor core, so that the HASH will be ready to compute the message digest of a new message */ @@ -149,12 +175,16 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in memcpy(ctx->sbuf, input + ilen - ctx->sbuf_len, ctx->sbuf_len); } } - st_sha256_save_hw_context(ctx); + if (st_sha256_save_hw_context(ctx) != 1) { + return; // return HASH_BUSY timeout Error here + } } void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - st_sha256_restore_hw_context(ctx); + if (st_sha256_restore_hw_context(ctx) != 1) { + return; // Return HASH_BUSY timout error here + } if (ctx->sbuf_len > 0) { if (ctx->is224 == 0) { if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) { @@ -179,7 +209,9 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 return; // Return error code here } } - st_sha256_save_hw_context(ctx); + if (st_sha256_save_hw_context(ctx) != 1) { + return; // return HASH_BUSY timeout Error here + } } #endif /*MBEDTLS_SHA256_ALT*/ diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.h b/features/mbedtls/targets/TARGET_STM/sha256_alt.h index 04678706a29..b2ae7a3c293 100644 --- a/features/mbedtls/targets/TARGET_STM/sha256_alt.h +++ b/features/mbedtls/targets/TARGET_STM/sha256_alt.h @@ -31,7 +31,8 @@ extern "C" { #endif -#define ST_SHA256_BLOCK_SIZE ((size_t)(64)) // HW handles 512 bits, ie 64 bytes +#define ST_SHA256_BLOCK_SIZE ((size_t) 64) // HW handles 512 bits, ie 64 bytes +#define ST_SHA256_TIMEOUT ((uint32_t) 3) /** * \brief SHA-256 context structure * \note HAL_HASH_SHA256_Accumulate will accumulate 512 bits packets, unless it is the last call to the function