Handle context swapping + rename macro ST_SHA256_BLOCK_SIZE

adustm · adustm · commit 021b84a140da · 2017-06-16T10:47:31.000+02:00
Handle 64 bytes accumulation
diff --git a/TESTS/mbedtls/multi/main.cpp b/TESTS/mbedtls/multi/main.cpp
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2013-2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include <string.h>
+#include "mbed.h"
+#include "greentea-client/test_env.h"
+#include "unity/unity.h"
+#include "utest/utest.h"
+
+#include "mbedtls/sha256.h"
+
+
+using namespace utest::v1;
+
+#if defined(MBEDTLS_SHA256_C)
+/* Tests several call to mbedtls_sha256_update function that are not modulo 64 bytes */
+void test_case_sha256_split() {
+  const unsigned char test_buf[] = {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"};
+  // sha256_output_values for 3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+  const unsigned char test_sum[] =
+  { 0x50, 0xEA, 0x82, 0x5D, 0x96, 0x84, 0xF4, 0x22,
+    0x9C, 0xA2, 0x9F, 0x1F, 0xEC, 0x51, 0x15, 0x93,
+    0xE2, 0x81, 0xE4, 0x6A, 0x14, 0x0D, 0x81, 0xE0,
+    0x00, 0x5F, 0x8F, 0x68, 0x86, 0x69, 0xA0, 0x6C};
+  unsigned char outsum[32];
+  int i;
+
+  mbedtls_sha256_context ctx;
+  printf("test sha256\n");
+  mbedtls_sha256_init( &ctx );
+  mbedtls_sha256_starts( &ctx, 0);
+  #if 0
+    printf("test not splitted\n");
+    mbedtls_sha256_update( &ctx, test_buf, 168 );
+  #else
+    printf("test splitted into 3 pieces\n");
+    mbedtls_sha256_update( &ctx, test_buf, 2 );
+    mbedtls_sha256_update( &ctx, test_buf+2, 66 );
+    mbedtls_sha256_update( &ctx, test_buf+68, 100 );
+  #endif
+  
+    mbedtls_sha256_finish( &ctx, outsum );
+    mbedtls_sha256_free( &ctx );
+  
+    printf("\nreceived result : ");
+    for (i=0;i<32;i++) { printf("%02X",outsum[i]);}
+    printf("\nawaited result  : 50EA825D9684F4229CA29F1FEC511593E281E46A140D81E0005F8F688669A06C\n"); // for  abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+  
+    printf("\nend of test sha256\n");
+  TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum, test_sum,32);
+}
+
+/* Tests that treating 2 sha256 objects in // does not impact the result */
+void test_case_sha256_multi() {
+    const unsigned char test_buf[] = {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"};
+    // sha256_output_values for abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+    const unsigned char test_sum1[] =
+    { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
+      0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
+      0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
+      0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 };
+    // sha256_output_values for 3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+    const unsigned char test_sum2[] =
+    { 0x50, 0xEA, 0x82, 0x5D, 0x96, 0x84, 0xF4, 0x22,
+      0x9C, 0xA2, 0x9F, 0x1F, 0xEC, 0x51, 0x15, 0x93,
+      0xE2, 0x81, 0xE4, 0x6A, 0x14, 0x0D, 0x81, 0xE0,
+      0x00, 0x5F, 0x8F, 0x68, 0x86, 0x69, 0xA0, 0x6C};
+    unsigned char outsum1[32], outsum2[32];
+    int i;
+
+    mbedtls_sha256_context ctx1;
+    mbedtls_sha256_context ctx2;
+    printf("test sha256_multi\n");
+    //Init both contexts
+    mbedtls_sha256_init( &ctx1 );
+    mbedtls_sha256_init( &ctx2 );
+    //Start both contexts
+    mbedtls_sha256_starts( &ctx1, 0);
+    mbedtls_sha256_starts( &ctx2, 0);
+
+    printf("upd ctx1\n");
+    mbedtls_sha256_update( &ctx1, test_buf, 56 );
+    printf("upd ctx2\n");
+    mbedtls_sha256_update( &ctx2, test_buf, 66 );
+    printf("finish ctx1\n");
+    mbedtls_sha256_finish( &ctx1, outsum1 );
+    printf("upd ctx2\n");
+    mbedtls_sha256_update( &ctx2, test_buf+66, 46 );
+    printf("free ctx1\n");
+    mbedtls_sha256_free( &ctx1 );
+    printf("upd ctx2\n");
+    mbedtls_sha256_update( &ctx2, test_buf+112, 56 );
+    printf("finish ctx2\n");
+    mbedtls_sha256_finish( &ctx2, outsum2 );
+    printf("free ctx2\n");
+    mbedtls_sha256_free( &ctx2 );
+  
+    printf("\nreceived result ctx1 : ");
+    for (i=0;i<32;i++) { printf("%02X",outsum1[i]);}
+    printf("\nawaited result       : 248D6A61D20638B8E5C026930C3E6039A33CE45964FF216F6ECEDD19DB06C1\n"); // for  abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+    printf("\nreceived result ctx2 : ");
+    for (i=0;i<32;i++) { printf("%02X",outsum2[i]);}
+    printf("\nawaited result       : 50EA825D9684F4229CA29F1FEC511593E281E46A140D81E0005F8F688669A06C\n"); // for  3*abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+  
+    printf("\nend of test sha256\n");
+    TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum1, test_sum1,32);
+    TEST_ASSERT_EQUAL_UINT8_ARRAY(outsum2, test_sum2,32);
+}
+#endif //MBEDTLS_SHA256_C
+
+utest::v1::status_t greentea_failure_handler(const Case *const source, const failure_t reason) {
+    greentea_case_failure_abort_handler(source, reason);
+    return STATUS_CONTINUE;
+}
+
+Case cases[] = {
+#if defined(MBEDTLS_SHA256_C)
+    Case("Crypto: sha256_split", test_case_sha256_split, greentea_failure_handler),
+    Case("Crypto: sha256_multi", test_case_sha256_multi, greentea_failure_handler),
+#endif
+};
+
+utest::v1::status_t greentea_test_setup(const size_t number_of_cases) {
+    GREENTEA_SETUP(10, "default_auto");
+    return greentea_test_setup_handler(number_of_cases);
+}
+
+Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler);
+
+int main() {
+    Harness::run(specification);
+}
diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c
@@ -27,6 +27,28 @@ static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }
 
+static void st_sha256_restore_hw_context(mbedtls_sha256_context *ctx)
+{
+    uint32_t i;
+    /* allow multi-instance of HASH use: save context for HASH HW module CR */
+    HASH->STR = ctx->ctx_save_str;
+    HASH->CR = (ctx->ctx_save_cr|HASH_CR_INIT);
+    for (i=0;i<38;i++) {
+        HASH->CSR[i] = ctx->ctx_save_csr[i];
+    }
+}
+
+static void st_sha256_save_hw_context(mbedtls_sha256_context *ctx)
+{
+    uint32_t i;
+    /* allow multi-instance of HASH use: restore context for HASH HW module CR */
+    ctx->ctx_save_cr = HASH->CR;
+    ctx->ctx_save_str = HASH->STR;
+    for (i=0;i<38;i++) {
+        ctx->ctx_save_csr[i] = HASH->CSR[i];
+    }
+}
+
 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
 {
     mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
@@ -39,12 +61,6 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
 {
     if( ctx == NULL )
         return;
-    /* Force the HASH Periheral Clock Reset */
-    __HAL_RCC_HASH_FORCE_RESET();
-
-    /* Release the HASH Periheral Clock Reset */
-    __HAL_RCC_HASH_RELEASE_RESET();
-
     mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
 }
 
@@ -69,26 +85,31 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
         // error found to be returned
         return;
     }
+    st_sha256_save_hw_context(ctx);
 }
 
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] )
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[ST_SHA256_BLOCK_SIZE] )
 {
+    st_sha256_restore_hw_context(ctx);
     if (ctx->is224 == 0) {
-        if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE) != 0) {
-            // return 0; // Return error code
+        if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, ST_SHA256_BLOCK_SIZE) != 0) {
+            return; // Return error code
         }
     } else {
-        if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, MBEDTLS_SHA256_BLOCK_SIZE) != 0) {
-            // return 0; // Return error code
+        if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *) data, ST_SHA256_BLOCK_SIZE) != 0) {
+            return; // Return error code
         }
     }
-    // return 1;
+
+    st_sha256_save_hw_context(ctx);
 }
 
 void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen )
 {
     size_t currentlen = ilen;
-    // store mechanism to handle MBEDTLS_SHA256_BLOCK_SIZE bytes per MBEDTLS_SHA256_BLOCK_SIZE bytes
+    st_sha256_restore_hw_context(ctx);
+
+    // store mechanism to accumulate ST_SHA256_BLOCK_SIZE bytes (512 bits) in the HW
     if (currentlen == 0){ // only change HW status is size if 0
         if(ctx->hhash_sha256.Phase == HAL_HASH_PHASE_READY) {
             /* Select the SHA256 or SHA224 mode and reset the HASH processor core, so that the HASH will be ready to compute
@@ -100,60 +121,65 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in
             }
         }
         ctx->hhash_sha256.Phase = HAL_HASH_PHASE_PROCESS;
-    } else if (currentlen < (MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len)) {
+    } else if (currentlen < (ST_SHA256_BLOCK_SIZE - ctx->sbuf_len)) {
         // only buffurize
         memcpy(ctx->sbuf + ctx->sbuf_len, input, currentlen);
         ctx->sbuf_len += currentlen;
     } else {
         // fill buffer and process it
-        memcpy(ctx->sbuf + ctx->sbuf_len, input, (MBEDTLS_SHA256_BLOCK_SIZE-ctx->sbuf_len));
-        currentlen -= (MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len);
+        memcpy(ctx->sbuf + ctx->sbuf_len, input, (ST_SHA256_BLOCK_SIZE - ctx->sbuf_len));
+        currentlen -= (ST_SHA256_BLOCK_SIZE - ctx->sbuf_len);
         mbedtls_sha256_process(ctx, ctx->sbuf);
-        // now process every input as long as it is %4 bytes
-        size_t iter = currentlen / 4;
-        if (ctx->is224 == 0) {
-            if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len),  (iter * 4)) != 0) {
-                //return 1; // Return error code here
-            }
-        } else {
-            if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + MBEDTLS_SHA256_BLOCK_SIZE - ctx->sbuf_len),  (iter * 4)) != 0) {
-                //return 1; // Return error code here
+        // Process every input as long as it is %64 bytes, ie 512 bits
+        size_t iter = currentlen / ST_SHA256_BLOCK_SIZE;
+        if (iter !=0) {
+            if (ctx->is224 == 0) {
+                if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + ST_SHA256_BLOCK_SIZE - ctx->sbuf_len),  (iter * ST_SHA256_BLOCK_SIZE)) != 0) {
+                    return; // Return error code here
+                }
+            } else {
+                if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, (uint8_t *)(input + ST_SHA256_BLOCK_SIZE - ctx->sbuf_len),  (iter * ST_SHA256_BLOCK_SIZE)) != 0) {
+                    return; // Return error code here
+                }
             }
         }
-        // sbuf is now fully accumulated, now copy 1 / 2 or 3 remaining bytes
-        ctx->sbuf_len = currentlen % 4;
+        // sbuf is completely accumulated, now copy up to 63 remaining bytes
+        ctx->sbuf_len = currentlen % ST_SHA256_BLOCK_SIZE;
         if (ctx->sbuf_len !=0) {
-            memcpy(ctx->sbuf, input + iter, ctx->sbuf_len);
+            memcpy(ctx->sbuf, input + ilen - ctx->sbuf_len, ctx->sbuf_len);
         }
     }
+    st_sha256_save_hw_context(ctx);
 }
 
 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
 {
+    st_sha256_restore_hw_context(ctx);
     if (ctx->sbuf_len > 0) {
         if (ctx->is224 == 0) {
             if (HAL_HASHEx_SHA256_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) {
-                //return 1; // Return error code here
+                return; // Return error code here
             }
         } else {
             if (HAL_HASHEx_SHA224_Accumulate(&ctx->hhash_sha256, ctx->sbuf, ctx->sbuf_len) != 0) {
-                //return 1; // Return error code here
+                return; // Return error code here
             }
         }
     }
-    mbedtls_zeroize(ctx->sbuf, MBEDTLS_SHA256_BLOCK_SIZE);
+    mbedtls_zeroize(ctx->sbuf, ST_SHA256_BLOCK_SIZE);
     ctx->sbuf_len = 0;
     __HAL_HASH_START_DIGEST();
 
     if (ctx->is224 == 0) {
         if (HAL_HASHEx_SHA256_Finish(&ctx->hhash_sha256, output, 10) != 0) {
-            //return 1; // Return error code here
+            return; // Return error code here
         }
     } else {
         if (HAL_HASHEx_SHA224_Finish(&ctx->hhash_sha256, output, 10) != 0) {
-            //return 1; // Return error code here
+            return; // Return error code here
         }
     }
+    st_sha256_save_hw_context(ctx);
 }
 
 #endif /*MBEDTLS_SHA256_ALT*/
diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.h b/features/mbedtls/targets/TARGET_STM/sha256_alt.h
@@ -31,20 +31,23 @@
 extern "C" {
 #endif
 
-#define MBEDTLS_SHA256_BLOCK_SIZE ((size_t)(64)) // must be a multiple of 4
+#define ST_SHA256_BLOCK_SIZE ((size_t)(64)) // HW handles 512 bits, ie 64 bytes
 /**
  * \brief          SHA-256 context structure
- * \note     HAL_HASH_SHA256_Accumulate cannot handle less than 4 bytes, unless it is the last call to the  function
- *           A MBEDTLS_SHA256_BLOCK_SIZE bytes buffer is used to save values and handle the processing
- *           MBEDTLS_SHA256_BLOCK_SIZE bytes per MBEDTLS_SHA256_BLOCK_SIZE bytes
+ * \note     HAL_HASH_SHA256_Accumulate will accumulate 512 bits packets, unless it is the last call to the  function
+ *           A ST_SHA256_BLOCK_SIZE bytes buffer is used to save values and handle the processing
+ *           ST_SHA256_BLOCK_SIZE bytes per ST_SHA256_BLOCK_SIZE bytes
  *           If sha256_finish is called and sbuf_len>0, the remaining bytes are accumulated prior to the call to HAL_HASH_SHA256_Finish
  */
 typedef struct
 {
     int is224;                  /*!< 0 => SHA-256, else SHA-224 */  
     HASH_HandleTypeDef hhash_sha256;  
-    unsigned char sbuf[MBEDTLS_SHA256_BLOCK_SIZE]; /*!< MBEDTLS_SHA256_BLOCK_SIZE buffer to store values so that algorithm is caled once the buffer is filled */
+    unsigned char sbuf[ST_SHA256_BLOCK_SIZE]; /*!< ST_SHA256_BLOCK_SIZE buffer to store values so that algorithm is called once the buffer is filled */
     unsigned char sbuf_len; /*!< number of bytes to be processed in sbuf */
+    uint32_t ctx_save_cr;
+    uint32_t ctx_save_str;
+    uint32_t ctx_save_csr[38];
 }
 mbedtls_sha256_context;
 
@@ -98,7 +101,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in
 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
 
 /* Internal use */
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[MBEDTLS_SHA256_BLOCK_SIZE] );
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[ST_SHA256_BLOCK_SIZE] );
 
 #ifdef __cplusplus
 }
