/* Copyright (c) 2010-2013, The Linux Foundation. All rights reserved. * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of The Linux Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include "crypto_hash.h" static crypto_SHA256_ctx g_sha256_ctx; static crypto_SHA1_ctx g_sha1_ctx; static unsigned char crypto_init_done = FALSE; extern void ce_clock_init(void); __WEAK void crypto_eng_cleanup() { } /* * Top level function which calculates SHAx digest with given data and size. * Digest varies based on the authentication algorithm. * It works on contiguous data and does single pass calculation. */ void hash_find(unsigned char *addr, unsigned int size, unsigned char *digest, unsigned char auth_alg) { crypto_result_type ret_val = CRYPTO_SHA_ERR_NONE; crypto_engine_type platform_ce_type = board_ce_type(); if (auth_alg == 1) { if(platform_ce_type == CRYPTO_ENGINE_TYPE_SW) /* Hardware CE is not present , use software hashing */ digest = SHA1(addr, size, digest); else if (platform_ce_type == CRYPTO_ENGINE_TYPE_HW) ret_val = crypto_sha1(addr, size, digest); else ret_val = CRYPTO_SHA_ERR_FAIL; } else if (auth_alg == 2) { if(platform_ce_type == CRYPTO_ENGINE_TYPE_SW) /* Hardware CE is not present , use software hashing */ digest = SHA256(addr, size, digest); else if (platform_ce_type == CRYPTO_ENGINE_TYPE_HW) ret_val = crypto_sha256(addr, size, digest); else ret_val = CRYPTO_SHA_ERR_FAIL; } if (ret_val != CRYPTO_SHA_ERR_NONE) { dprintf(CRITICAL, "crypto_sha256 returns error %d\n", ret_val); } crypto_eng_cleanup(); } /* * Function to reset and init crypto engine. It resets the engine for the * first time. Used for multiple SHA operations. */ static void crypto_init(void) { if (crypto_init_done != TRUE) { ce_clock_init(); crypto_eng_reset(); crypto_init_done = TRUE; } crypto_eng_init(); } /* * Function to initialize SHA256 context */ static crypto_result_type crypto_sha256_init(crypto_SHA256_ctx * ctx_ptr) { unsigned int i; /* Standard initialization vector for SHA256 */ unsigned int sha256_init_vector[] = { 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 }; if (ctx_ptr == NULL) { return CRYPTO_SHA_ERR_INVALID_PARAM; } ctx_ptr->auth_bytecnt[0] = 0; ctx_ptr->auth_bytecnt[1] = 0; memset(ctx_ptr->saved_buff, 0, CRYPTO_SHA_BLOCK_SIZE); for (i = 0; i < SHA256_INIT_VECTOR_SIZE; i++) { ctx_ptr->auth_iv[i] = sha256_init_vector[i]; } ctx_ptr->saved_buff_indx = 0; return CRYPTO_SHA_ERR_NONE; } /* * Function to initialize SHA1 context */ static crypto_result_type crypto_sha1_init(crypto_SHA1_ctx * ctx_ptr) { unsigned int i; /* Standard initialization vector for SHA1 */ unsigned int sha1_init_vector[] = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }; if (ctx_ptr == NULL) { return CRYPTO_SHA_ERR_INVALID_PARAM; } ctx_ptr->auth_bytecnt[0] = 0; ctx_ptr->auth_bytecnt[1] = 0; memset(ctx_ptr->saved_buff, 0, CRYPTO_SHA_BLOCK_SIZE); for (i = 0; i < SHA1_INIT_VECTOR_SIZE; i++) { ctx_ptr->auth_iv[i] = sha1_init_vector[i]; } ctx_ptr->saved_buff_indx = 0; return CRYPTO_SHA_ERR_NONE; } /* * Function to calculate SHA256 digest of given data buffer. * It works on contiguous data and gives digest in single pass. */ static crypto_result_type crypto_sha256(unsigned char *buff_ptr, unsigned int buff_size, unsigned char *digest_ptr) { crypto_result_type ret_val = CRYPTO_SHA_ERR_NONE; if ((!buff_size) || (buff_ptr == NULL) || (digest_ptr == NULL)) { return CRYPTO_SHA_ERR_INVALID_PARAM; } /* Initialize crypto engine hardware for a new SHA256 operation */ crypto_init(); /* Now do SHA256 hashing */ ret_val = do_sha(buff_ptr, buff_size, digest_ptr, CRYPTO_AUTH_ALG_SHA256); if (ret_val != CRYPTO_SHA_ERR_NONE) { dprintf(CRITICAL, "crypto_sha256 returns error %d\n", ret_val); } return ret_val; } /* * Function to calculate SHA1 digest of given data buffer. * It works on contiguous data and gives digest in single pass. */ static crypto_result_type crypto_sha1(unsigned char *buff_ptr, unsigned int buff_size, unsigned char *digest_ptr) { crypto_result_type ret_val = CRYPTO_SHA_ERR_NONE; if ((!buff_size) || (buff_ptr == NULL) || (digest_ptr == NULL)) { return CRYPTO_SHA_ERR_INVALID_PARAM; } /* Initialize crypto engine hardware for a new SHA1 operation */ crypto_init(); /* Now do SHA1 hashing */ ret_val = do_sha(buff_ptr, buff_size, digest_ptr, CRYPTO_AUTH_ALG_SHA1); if (ret_val != CRYPTO_SHA_ERR_NONE) { dprintf(CRITICAL, "crypto_sha256 returns error %d\n", ret_val); } return ret_val; } /* * Common function to calculate SHA1 and SHA256 digest based on auth algorithm. */ static crypto_result_type do_sha(unsigned char *buff_ptr, unsigned int buff_size, unsigned char *digest_ptr, crypto_auth_alg_type auth_alg) { void *ctx_ptr = NULL; crypto_result_type ret_val = CRYPTO_SHA_ERR_NONE; /* Initialize SHA context based on algorithm */ if (auth_alg == CRYPTO_AUTH_ALG_SHA1) { crypto_sha1_init(&g_sha1_ctx); ctx_ptr = (void *)&g_sha1_ctx; } else if (auth_alg == CRYPTO_AUTH_ALG_SHA256) { crypto_sha256_init(&g_sha256_ctx); ctx_ptr = (void *)&g_sha256_ctx; } ret_val = do_sha_update(ctx_ptr, buff_ptr, buff_size, auth_alg, TRUE, TRUE); if (ret_val != CRYPTO_SHA_ERR_NONE) { dprintf(CRITICAL, "do_sha_update returns error %d\n", ret_val); return ret_val; } /* Copy the digest value from context pointer to digest pointer */ if (auth_alg == CRYPTO_AUTH_ALG_SHA1) { memcpy(digest_ptr, (unsigned char *)(((crypto_SHA1_ctx *) ctx_ptr)-> auth_iv), 20); } else if (auth_alg == CRYPTO_AUTH_ALG_SHA256) { memcpy(digest_ptr, (unsigned char *)(((crypto_SHA256_ctx *) ctx_ptr)-> auth_iv), 32); } return CRYPTO_SHA_ERR_NONE; } /* * Common function to calculate SHA1 and SHA256 digest based on auth algorithm. * Calls crypto engine APIs to setup SHAx registers, send the data and gets * the digest. */ static crypto_result_type do_sha_update(void *ctx_ptr, unsigned char *buff_ptr, unsigned int buff_size, crypto_auth_alg_type auth_alg, bool first, bool last) { unsigned int ret_val = CRYPTO_ERR_NONE; unsigned int bytes_to_write = 0; unsigned int bytes_remaining = 0; unsigned int tmp_bytes = 0; unsigned int bytes_written = 0; unsigned int tmp_buff_size = 0; unsigned char *tmp_buff_ptr = NULL; unsigned char tmp_saved_buff_indx = 0; bool tmp_first; bool tmp_last; /* Type casting to SHA1 context as offset is similar for SHA256 context */ crypto_SHA1_ctx *sha1_ctx = (crypto_SHA1_ctx *) ctx_ptr; bytes_to_write = calc_num_bytes_to_send(ctx_ptr, buff_size, last); bytes_remaining = buff_size + sha1_ctx->saved_buff_indx - bytes_to_write; tmp_first = first; tmp_saved_buff_indx = sha1_ctx->saved_buff_indx; do { if ((bytes_to_write - bytes_written) > crypto_get_max_auth_blk_size()) { /* Write CRYPTO_MAX_AUTH_BLOCK_SIZE bytes at a time to the CE */ tmp_bytes = crypto_get_max_auth_blk_size(); tmp_last = FALSE; if (sha1_ctx->saved_buff_indx != 0) { tmp_buff_ptr = buff_ptr; tmp_buff_size = tmp_bytes - sha1_ctx->saved_buff_indx; } else { tmp_buff_ptr = buff_ptr + bytes_written - tmp_saved_buff_indx; tmp_buff_size = tmp_bytes; } } else { /* Since bytes_to_write are less than CRYPTO_MAX_AUTH_BLOCK_SIZE write all remaining bytes now */ if (sha1_ctx->saved_buff_indx != 0) { tmp_buff_ptr = buff_ptr; tmp_buff_size = bytes_to_write - bytes_written - sha1_ctx->saved_buff_indx; } else { tmp_buff_ptr = buff_ptr + bytes_written - tmp_saved_buff_indx; tmp_buff_size = bytes_to_write - bytes_written - tmp_saved_buff_indx; } tmp_bytes = (bytes_to_write - bytes_written); tmp_last = last; } /* Set SHAx context in the crypto engine */ crypto_set_sha_ctx(ctx_ptr, tmp_bytes, auth_alg, tmp_first, tmp_last); /* Send data to the crypto engine */ crypto_send_data(ctx_ptr, tmp_buff_ptr, tmp_buff_size, tmp_bytes, &ret_val); if (ret_val != CRYPTO_ERR_NONE) { dprintf(CRITICAL, "do_sha_update returns error from crypto_send_data\n"); return CRYPTO_SHA_ERR_FAIL; } /* Get the SHAx digest from the crypto engine */ crypto_get_digest((unsigned char *)(sha1_ctx->auth_iv), &ret_val, auth_alg, tmp_last); if (ret_val != CRYPTO_ERR_NONE) { dprintf(CRITICAL, "do_sha_update returns error from crypto_get_digest\n"); return CRYPTO_SHA_ERR_FAIL; } if (!tmp_last) { crypto_get_ctx(ctx_ptr); } bytes_written += tmp_bytes; sha1_ctx->saved_buff_indx = 0; if (bytes_written != bytes_to_write) { tmp_first = FALSE; } } while ((bytes_to_write - bytes_written) != 0); /* If there are bytes remaining, copy it to saved_buff */ if (bytes_remaining) { memcpy(sha1_ctx->saved_buff, (buff_ptr + buff_size - bytes_remaining), bytes_remaining); sha1_ctx->saved_buff_indx = bytes_remaining; } else { sha1_ctx->saved_buff_indx = 0; } return CRYPTO_SHA_ERR_NONE; } /* * Function to calculate the number of bytes to be sent to crypto engine. */ static unsigned int calc_num_bytes_to_send(void *ctx_ptr, unsigned int buff_size, bool last) { unsigned int bytes_to_write = 0; crypto_SHA1_ctx *sha1_ctx = (crypto_SHA1_ctx *) ctx_ptr; if (last) { bytes_to_write = buff_size + sha1_ctx->saved_buff_indx; } else { bytes_to_write = ((buff_size + sha1_ctx->saved_buff_indx) / CRYPTO_SHA_BLOCK_SIZE) * CRYPTO_SHA_BLOCK_SIZE; } return bytes_to_write; }