diff options
| -rw-r--r-- | board/cr50/build.mk | 3 | ||||
| -rw-r--r-- | board/cr50/tpm2/hash.c | 7 | ||||
| -rw-r--r-- | chip/g/dcrypto/dcrypto.h | 11 | ||||
| -rw-r--r-- | chip/g/dcrypto/internal.h | 22 | ||||
| -rw-r--r-- | include/config.h | 4 |
5 files changed, 31 insertions, 16 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index aa84171346..a734411747 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -44,6 +44,9 @@ LDFLAGS_EXTRA += -L$(out)/tpm2 -ltpm2 # For the benefit of the tpm2 library. INCLUDE_ROOT := $(abspath ./include) CFLAGS += -I$(INCLUDE_ROOT) +# Make sure the context of the software sha256 implementation fits. If it ever +# increases, a compile time assert will fire in tpm2/hash.c. +CFLAGS += -DUSER_MIN_HASH_STATE_SIZE=210 # Add dependencies on that library $(out)/RO/ec.RO.elf: $(out)/tpm2/libtpm2.a diff --git a/board/cr50/tpm2/hash.c b/board/cr50/tpm2/hash.c index 8d3dc9a05d..157e8526ef 100644 --- a/board/cr50/tpm2/hash.c +++ b/board/cr50/tpm2/hash.c @@ -42,11 +42,11 @@ uint16_t _cpri__GetHashBlockSize(TPM_ALG_ID alg) return lookup_hash_info(alg)->blockSize; } +BUILD_ASSERT(sizeof(CPRI_HASH_STATE) == sizeof(EXPORT_HASH_STATE)); void _cpri__ImportExportHashState(CPRI_HASH_STATE *osslFmt, EXPORT_HASH_STATE *externalFmt, IMPORT_EXPORT direction) { - pAssert(sizeof(CPRI_HASH_STATE) == sizeof(EXPORT_HASH_STATE)); if (direction == IMPORT_STATE) memcpy(osslFmt, externalFmt, sizeof(CPRI_HASH_STATE)); else @@ -88,13 +88,14 @@ uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, return out_len; } +BUILD_ASSERT(sizeof(struct HASH_CTX) <= + sizeof(((CPRI_HASH_STATE *)0)->state)); uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence, - CPRI_HASH_STATE *state) + CPRI_HASH_STATE *state) { struct HASH_CTX *ctx = (struct HASH_CTX *) state->state; uint16_t result; - pAssert(sizeof(struct HASH_CTX) < sizeof(state->state)); switch (alg) { case TPM_ALG_SHA1: DCRYPTO_SHA1_init(ctx, sequence); diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index 7cafb224da..a39350fd13 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -26,17 +26,6 @@ enum encrypt_mode { ENCRYPT_MODE = 1 }; -#define SHA1_DIGEST_BYTES 20 -#define SHA256_DIGEST_BYTES 32 -#define SHA384_DIGEST_BYTES 48 -#define SHA512_DIGEST_BYTES 64 -#define SHA_DIGEST_MAX_BYTES SHA512_DIGEST_BYTES - -#define SHA1_DIGEST_WORDS (SHA1_DIGEST_BYTES / sizeof(uint32_t)) -#define SHA256_DIGEST_WORDS (SHA256_DIGEST_BYTES / sizeof(uint32_t)) -#define SHA384_DIGEST_WORDS (SHA384_DIGEST_BYTES / sizeof(uint32_t)) -#define SHA512_DIGEST_WORDS (SHA512_DIGEST_BYTES / sizeof(uint32_t)) - struct HASH_CTX; /* Forward declaration. */ typedef struct HASH_CTX SHA1_CTX; diff --git a/chip/g/dcrypto/internal.h b/chip/g/dcrypto/internal.h index 279b2798e7..3be8a406a7 100644 --- a/chip/g/dcrypto/internal.h +++ b/chip/g/dcrypto/internal.h @@ -26,10 +26,30 @@ struct HASH_VTAB { uint32_t size; }; +#define SHA1_DIGEST_BYTES 20 +#define SHA256_DIGEST_BYTES 32 +#define SHA384_DIGEST_BYTES 48 +#define SHA512_DIGEST_BYTES 64 + +#define SHA1_DIGEST_WORDS (SHA1_DIGEST_BYTES / sizeof(uint32_t)) +#define SHA256_DIGEST_WORDS (SHA256_DIGEST_BYTES / sizeof(uint32_t)) +#define SHA384_DIGEST_WORDS (SHA384_DIGEST_BYTES / sizeof(uint32_t)) +#define SHA512_DIGEST_WORDS (SHA512_DIGEST_BYTES / sizeof(uint32_t)) + +#if defined(CONFIG_SHA512) +#define SHA_DIGEST_MAX_BYTES SHA512_DIGEST_BYTES +#elif defined(CONFIG_SHA384) +#define SHA_DIGEST_MAX_BYTES SHA384_DIGEST_BYTES +#elif defined(CONFIG_SHA256) +#define SHA_DIGEST_MAX_BYTES SHA256_DIGEST_BYTES +#elif defined CONFIG_SHA1 +#define SHA_DIGEST_MAX_BYTES SHA1_DIGEST_BYTES +#endif + struct HASH_CTX { const struct HASH_VTAB *vtab; union { - uint8_t buf[64]; + uint8_t buf[SHA_DIGEST_MAX_BYTES]; struct sha1_ctx sw_sha1; struct sha256_ctx sw_sha256; } u; diff --git a/include/config.h b/include/config.h index 6a63cd6adb..40db719b68 100644 --- a/include/config.h +++ b/include/config.h @@ -1522,8 +1522,10 @@ /* Support computing SHA-1 hash */ #undef CONFIG_SHA1 -/* Support computing SHA-256 hash (without the VBOOT code) */ +/* Support computing of other hash sizes (without the VBOOT code) */ #undef CONFIG_SHA256 +#undef CONFIG_SHA384 +#undef CONFIG_SHA512 /* Emulate the CLZ (Count Leading Zeros) in software for CPU lacking support */ #undef CONFIG_SOFTWARE_CLZ |