Skip to content

Commit d2a56c5

Browse files
Flavio Ceolinnashif
Flavio Ceolin
authored and
nashif
committed
drivers: crypto: Add multipart hash support
Add a new API to support multipart hash calculation. The API allows split the data input to be split in small chunks. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
1 parent 72bc514 commit d2a56c5

File tree

3 files changed

+66
-24
lines changed

3 files changed

+66
-24
lines changed

drivers/crypto/crypto_mtls_shim.c

Lines changed: 40 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -462,55 +462,72 @@ static int mtls_session_free(const struct device *dev, struct cipher_ctx *ctx)
462462
return 0;
463463
}
464464

465-
static int mtls_sha256_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
465+
static int mtls_sha256_compute(struct hash_ctx *ctx, struct hash_pkt *pkt,
466+
bool finish)
466467
{
467468
int ret;
468469
mbedtls_sha256_context *sha256_ctx = MTLS_GET_CTX(ctx, sha256);
469470

470471

471-
ret = mbedtls_sha256_starts(sha256_ctx,
472-
MTLS_GET_ALGO(ctx) == CRYPTO_HASH_ALGO_SHA224);
473-
if (ret != 0) {
474-
LOG_ERR("Could not compute the hash");
475-
return -EINVAL;
472+
if (!ctx->started) {
473+
ret = mbedtls_sha256_starts(sha256_ctx,
474+
MTLS_GET_ALGO(ctx) == CRYPTO_HASH_ALGO_SHA224);
475+
if (ret != 0) {
476+
LOG_ERR("Could not compute the hash");
477+
return -EINVAL;
478+
}
479+
ctx->started = true;
476480
}
477481

478482
ret = mbedtls_sha256_update(sha256_ctx, pkt->in_buf, pkt->in_len);
479483
if (ret != 0) {
480-
LOG_ERR("Could not compute the hash");
484+
LOG_ERR("Could not update the hash");
485+
ctx->started = false;
481486
return -EINVAL;
482487
}
483488

484-
ret = mbedtls_sha256_finish(sha256_ctx, pkt->out_buf);
485-
if (ret != 0) {
486-
LOG_ERR("Could not compute the hash");
487-
return -EINVAL;
489+
if (finish) {
490+
ctx->started = false;
491+
ret = mbedtls_sha256_finish(sha256_ctx, pkt->out_buf);
492+
if (ret != 0) {
493+
LOG_ERR("Could not compute the hash");
494+
return -EINVAL;
495+
}
488496
}
489497

490498
return 0;
491499
}
492500

493-
static int mtls_sha512_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
501+
static int mtls_sha512_compute(struct hash_ctx *ctx, struct hash_pkt *pkt,
502+
bool finish)
494503
{
495504
int ret;
496505
mbedtls_sha512_context *sha512_ctx = MTLS_GET_CTX(ctx, sha512);
497506

498-
ret = mbedtls_sha512_starts(sha512_ctx,
499-
MTLS_GET_ALGO(ctx) == CRYPTO_HASH_ALGO_SHA384);
500-
if (ret != 0) {
501-
LOG_ERR("Could not compute the hash");
502-
return -EINVAL;
507+
if (!ctx->started) {
508+
ret = mbedtls_sha512_starts(sha512_ctx,
509+
MTLS_GET_ALGO(ctx) == CRYPTO_HASH_ALGO_SHA384);
510+
if (ret != 0) {
511+
LOG_ERR("Could not compute the hash");
512+
return -EINVAL;
513+
}
514+
ctx->started = true;
503515
}
516+
504517
ret = mbedtls_sha512_update(sha512_ctx, pkt->in_buf, pkt->in_len);
505518
if (ret != 0) {
506-
LOG_ERR("Could not compute the hash");
519+
LOG_ERR("Could not update the hash");
520+
ctx->started = false;
507521
return -EINVAL;
508522
}
509523

510-
ret = mbedtls_sha512_finish(sha512_ctx, pkt->out_buf);
511-
if (ret != 0) {
512-
LOG_ERR("Could not compute the hash");
513-
return -EINVAL;
524+
if (finish) {
525+
ctx->started = false;
526+
ret = mbedtls_sha512_finish(sha512_ctx, pkt->out_buf);
527+
if (ret != 0) {
528+
LOG_ERR("Could not compute the hash");
529+
return -EINVAL;
530+
}
514531
}
515532

516533
return 0;
@@ -543,6 +560,7 @@ static int mtls_hash_session_setup(const struct device *dev,
543560

544561
mtls_sessions[ctx_idx].algo = algo;
545562
ctx->drv_sessn_state = &mtls_sessions[ctx_idx];
563+
ctx->started = false;
546564

547565
if ((algo == CRYPTO_HASH_ALGO_SHA224) ||
548566
(algo == CRYPTO_HASH_ALGO_SHA256)) {

include/crypto/crypto.h

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -465,9 +465,27 @@ static inline int hash_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
465465
{
466466
pkt->ctx = ctx;
467467

468-
return ctx->hash_hndlr(ctx, pkt);
468+
return ctx->hash_hndlr(ctx, pkt, true);
469469
}
470470

471+
/**
472+
* @brief Perform a cryptographic multipart hash operation.
473+
*
474+
* This function can be called zero or more times, passing a slice of the
475+
* the data. The hash is calculated using all the given pieces.
476+
* To calculate the hash call @c hash_compute().
477+
*
478+
* @param ctx Pointer to the hash context of this op.
479+
* @param pkt Structure holding the input.
480+
481+
* @return 0 on success, negative errno code on fail.
482+
*/
483+
static inline int hash_update(struct hash_ctx *ctx, struct hash_pkt *pkt)
484+
{
485+
pkt->ctx = ctx;
486+
487+
return ctx->hash_hndlr(ctx, pkt, false);
488+
}
471489

472490
/**
473491
* @}

include/crypto/hash.h

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,8 @@ struct hash_ctx;
3535
struct hash_pkt;
3636

3737

38-
typedef int (*hash_op_t)(struct hash_ctx *ctx, struct hash_pkt *pkt);
38+
typedef int (*hash_op_t)(struct hash_ctx *ctx, struct hash_pkt *pkt,
39+
bool finish);
3940

4041
/**
4142
* Structure encoding session parameters.
@@ -63,6 +64,11 @@ struct hash_ctx {
6364
*/
6465
hash_op_t hash_hndlr;
6566

67+
/**
68+
* If it has started a multipart hash operation.
69+
*/
70+
bool started;
71+
6672
/** How certain fields are to be interpreted for this session.
6773
* (A bitmask of CAP_* below.)
6874
* To be populated by the app before calling hash_begin_session().

0 commit comments

Comments
 (0)