cr50: provide public crypto API for HMAC/HASH with error reporting.

To implement FIPS mode for Cr50 we should be able to block access to
crypto functions if errors are detected. Historically all HASH/HMAC
functions were declared as void with no return type.

1) Split existing functions into public part (data structs, update and
   final parts) and internal part - unchecked init functions.
2) Introduced new functions to start SHA / HMAC operation which returns
   status code and block access to crypto in case of FIPS errors.
3) Dcrypto hash algorithms codes updated to match TPM_ALG_ID to simplify
   adaptation layer and move checks inside Dcrypto module.
4) Updated all uses of API outside FIPS module to check return code and
   act accordingly.
5) As a side effect RSA can now support SHA384 & SHA512 for signing,
   board/host mock ups simplified.

BUG=b:197893750
TEST=make buildall -j; make BOARD=cr50 CRYPTO_TEST=1;

test/tpm_test/tpm_test.py
TCG tests
------------------------------ Test Result Summary ---------------------
  Test executed on:		Tue Sep 28 15:23:35 2021
  Performed Tests:		248
  Passed Tests:			248
  Failed Tests:			0
  Errors:			0
  Warnings:			0
========================================================================

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibbc38703496f417cba693c37d39a82a662c3f7ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3192137
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

3 files changed, 22 insertions, 2 deletions

diff --git a/chip/host/build.mk b/chip/host/build.mk
index 6cdd9807d4..4355a47673 100644
--- a/chip/host/build.mk
+++ b/chip/host/build.mk
@@ -34,8 +34,12 @@ chip-$(CONFIG_DCRYPTO)+= dcrypto/sha256.o
 
 # Object files that can be shared with the Cr50 dcrypto implementation
 chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/hmac_sw.o
+chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/hash_api.o
 chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/sha1.o
 chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/sha256.o
+ifeq ($(CONFIG_UPTO_SHA512),y)
+chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/sha512.o
+endif
 chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/hmac_drbg.o
 chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/p256.o
 chip-$(CONFIG_DCRYPTO)+= ../../board/cr50/dcrypto/compare.o
diff --git a/chip/host/dcrypto/app_cipher.c b/chip/host/dcrypto/app_cipher.c
index a3ce4e3184..6ce25b6199 100644
--- a/chip/host/dcrypto/app_cipher.c
+++ b/chip/host/dcrypto/app_cipher.c
@@ -15,7 +15,7 @@ void app_compute_hash(const void *p_buf, size_t num_bytes, void *p_hash,
 	 * Use the built in dcrypto engine to generate the sha1 hash of the
 	 * buffer.
 	 */
-	SHA256_hw_hash(p_buf, num_bytes, &digest);
+	DCRYPTO_SHA256_hash(p_buf, num_bytes, digest.b8);
 
 	memcpy(p_hash, digest.b8, MIN(hash_len, sizeof(digest)));
 
@@ -46,3 +46,8 @@ int crypto_enabled(void)
 {
 	return 1;
 }
+
+bool fips_crypto_allowed(void)
+{
+	return true;
+}
diff --git a/chip/host/dcrypto/sha256.c b/chip/host/dcrypto/sha256.c
index 1c9fda27c2..ec2638ffc3 100644
--- a/chip/host/dcrypto/sha256.c
+++ b/chip/host/dcrypto/sha256.c
@@ -3,7 +3,18 @@
  * found in the LICENSE file.
  */
 
-#include "dcrypto.h"
+#include "internal.h"
+
+void SHA1_hw_init(struct sha1_ctx *ctx)
+{
+	SHA1_sw_init(ctx);
+}
+
+const struct sha1_digest *SHA1_hw_hash(const void *data, size_t n,
+					   struct sha1_digest *digest)
+{
+	return SHA1_sw_hash(data, n, digest);
+}
 
 void SHA256_hw_init(struct sha256_ctx *ctx)
 {