cr50: SHA1 and SHA256 implementation with hardware support

This change includes hardware and software support for SHA1/256 on
CR50. When running in the RO image, only hardware sha256 support is
included. When running in the RW image, the code auto-selects between
the software and hardware implementation. Software implementation path
is taken if the hardware is currently in use by some other context.

Refactor the CR50 loader to use this abstraction.

The existing software implementation for SHA1 and SHA256 is used for
the software path.

CQ-DEPEND=CL:*239385
BRANCH=none
TEST=EC shell boots fine (implies that SHA256 works)
BUG=chrome-os-partner:43025

Change-Id: I7bcefc12fcef869dac2e48793bd0cb5ce8e80d5b
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/313011

4 files changed, 13 insertions, 109 deletions

diff --git a/chip/g/loader/hw_sha256.c b/chip/g/loader/hw_sha256.c
deleted file mode 100644
index fb930f7d17..0000000000
--- a/chip/g/loader/hw_sha256.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/* Copyright 2015 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#include "debug_printf.h"
-#include "registers.h"
-#include "setup.h"
-
-static void _sha_write(const void *data, size_t n)
-{
-	const uint8_t *bp = (const uint8_t *)data;
-	const uint32_t *wp;
-
-	while (n && ((uint32_t)bp & 3)) {  /* Feed unaligned start bytes. */
-		*((uint8_t *)GREG32_ADDR(KEYMGR, SHA_INPUT_FIFO)) = *bp++;
-		n -= 1;
-	}
-
-	wp = (uint32_t *)bp;
-	while (n >= 32) { /* Feed groups of aligned words. */
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		n -= 32;
-	}
-
-	while (n >= 4) {  /* Feed individual aligned words. */
-		GREG32(KEYMGR, SHA_INPUT_FIFO) = *wp++;
-		n -= 4;
-	}
-
-	bp = (uint8_t *)wp;
-	while (n) {  /* Feed remaing bytes. */
-		*((uint8_t *)GREG32_ADDR(KEYMGR, SHA_INPUT_FIFO))  = *bp++;
-		n -= 1;
-	}
-}
-
-static void _sha_wait(uint32_t *digest)
-{
-	int i;
-
-	/*
-	 * Wait for result. TODO: what harm does glitching do? Read out
-	 * non-digest? Old digest?
-	 */
-	while (!GREG32(KEYMGR, SHA_ITOP))
-		;
-
-	/* Read out final digest. */
-	for (i = 0; i < 8; ++i)
-		*digest++ = GREG32_ADDR(KEYMGR, SHA_STS_H0)[i];
-
-	GREG32(KEYMGR, SHA_ITOP) = 0;  /* Clear status. */
-}
-
-void hwSHA256(const void *data, size_t n, uint32_t *digest)
-{
-	GREG32(KEYMGR, SHA_ITOP) = 0;  /* Clear status. */
-
-	GREG32(KEYMGR, SHA_CFG_MSGLEN_LO) =  n;
-	GREG32(KEYMGR, SHA_CFG_MSGLEN_HI) = 0;
-
-	GWRITE_FIELD(KEYMGR, SHA_CFG_EN, INT_EN_DONE, 1);
-	GWRITE_FIELD(KEYMGR, SHA_TRIG, TRIG_GO, 1);
-
-	_sha_write(data, n);
-	_sha_wait(digest);
-}
diff --git a/chip/g/loader/hw_sha256.h b/chip/g/loader/hw_sha256.h
deleted file mode 100644
index b52af6f857..0000000000
--- a/chip/g/loader/hw_sha256.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/* Copyright 2015 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#ifndef __EC_CHIP_G_LOADER_HW_SHA256_H
-#define __EC_CHIP_G_LOADER_HW_SHA256_H
-
-#include <inttypes.h>
-#include <stddef.h>
-
-#define SHA256_DIGEST_BYTES 32
-#define SHA256_DIGEST_WORDS (SHA256_DIGEST_BYTES / sizeof(uint32_t))
-
-typedef struct {
-	uint32_t digest[SHA256_DIGEST_WORDS];
-} hwSHA256_CTX;
-
-void hwSHA256_init(hwSHA256_CTX *ctx);
-void hwSHA256_update(hwSHA256_CTX *ctx, const void *data, size_t len);
-const uint8_t *hwSHA256_final(hwSHA256_CTX *ctx);
-
-void hwSHA256(const void *data, size_t len, uint32_t *digest);
-
-#endif  /* __EC_CHIP_G_LOADER_HW_SHA256_H */
diff --git a/chip/g/loader/launch.c b/chip/g/loader/launch.c
index 5ef3ba8c62..3e41756ae9 100644
--- a/chip/g/loader/launch.c
+++ b/chip/g/loader/launch.c
@@ -3,8 +3,8 @@
  * found in the LICENSE file.
  */
 
+#include "dcrypto.h"
 #include "debug_printf.h"
-#include "hw_sha256.h"
 #include "key_ladder.h"
 #include "registers.h"
 #include "rom_flash.h"
@@ -76,9 +76,9 @@ void tryLaunch(uint32_t adr, size_t max_size)
 		hdr->rx_max - hdr->rx_base - 1;
 	GWRITE_FIELD(GLOBALSEC, CPU0_I_STAGING_REGION1_CTRL, EN, 1);
 	GWRITE_FIELD(GLOBALSEC, CPU0_I_STAGING_REGION1_CTRL, RD_EN, 1);
-	hwSHA256(&hdr->tag,
-		 hdr->image_size - offsetof(SignedHeader, tag),
-		 hashes.img_hash);
+	DCRYPTO_SHA256_hash((uint8_t *) &hdr->tag,
+			hdr->image_size - offsetof(SignedHeader, tag),
+			(uint8_t *) hashes.img_hash);
 
 	VERBOSE("img_hash  : %.32h\n", hashes.img_hash);
 
@@ -102,7 +102,8 @@ void tryLaunch(uint32_t adr, size_t max_size)
 		}
 	}
 
-	hwSHA256(fuses, sizeof(fuses), hashes.fuses_hash);
+	DCRYPTO_SHA256_hash((uint8_t *) fuses, sizeof(fuses),
+			(uint8_t *) hashes.fuses_hash);
 
 	VERBOSE("fuses_hash: %.32h\n", hashes.fuses_hash);
 
@@ -120,11 +121,13 @@ void tryLaunch(uint32_t adr, size_t max_size)
 		}
 	}
 
-	hwSHA256(info, sizeof(info), hashes.info_hash);
+	DCRYPTO_SHA256_hash((uint8_t *) info, sizeof(info),
+			(uint8_t *) hashes.info_hash);
 	VERBOSE("info_hash : %.32h\n", hashes.info_hash);
 
 	/* Hash our set of hashes to get final hash. */
-	hwSHA256(&hashes, sizeof(hashes), hash);
+	DCRYPTO_SHA256_hash((uint8_t *) &hashes, sizeof(hashes),
+			(uint8_t *) hash);
 
 	/*
 	 * Write measured hash to unlock register to try and unlock execution.
diff --git a/chip/g/loader/verify.c b/chip/g/loader/verify.c
index d852f16c9a..6700ca8ca3 100644
--- a/chip/g/loader/verify.c
+++ b/chip/g/loader/verify.c
@@ -2,8 +2,9 @@
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
+
+#include "dcrypto.h"
 #include "debug_printf.h"
-#include "hw_sha256.h"
 #include "registers.h"
 #include "setup.h"
 #include "trng.h"
@@ -181,7 +182,7 @@ void LOADERKEY_verify(uint32_t keyid, const uint32_t *signature,
 	VERBOSE("\nsig^ %.384h\n\n", buf);
 
 	/* Hash resulting buffer. */
-	hwSHA256(buf, RSA_NUM_BYTES, hash);
+	DCRYPTO_SHA256_hash((uint8_t *) buf, RSA_NUM_BYTES, (uint8_t *) hash);
 
 	VERBOSE("hash %.32h\n", hash);