m460_crypto_hash.c
Go to the documentation of this file.
1 /**
2  * @file m460_crypto_hash.c
3  * @brief M460 hash hardware accelerator
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "m460.h"
36 #include "core/crypto.h"
37 #include "hardware/m460/m460_crypto.h"
38 #include "hardware/m460/m460_crypto_hash.h"
39 #include "hash/hash_algorithms.h"
40 #include "xof/keccak.h"
41 #include "debug.h"
42 
43 //Check crypto library configuration
44 #if (M460_CRYPTO_HASH_SUPPORT == ENABLED)
45 
46 
47 /**
48  * @brief Update hash value
49  * @param[in] opmode Hash algorithm
50  * @param[in] data Pointer to the input buffer
51  * @param[in] length Length of the input buffer
52  * @param[in,out] h Intermediate hash value
53  * @param[in] hLen Length of the intermediate hash value, in words
54  **/
55 
56 void hashProcessData(uint32_t opmode, const uint8_t *data,
57  size_t length, uint32_t *h, size_t hLen)
58 {
59  uint_t i;
60 
61  //Acquire exclusive access to the CRYPTO module
62  osAcquireMutex(&m460CryptoMutex);
63 
64  //Reset CRYPTO controller
65  SYS->IPRST0 |= SYS_IPRST0_CRPTRST_Msk;
66  SYS->IPRST0 &= ~SYS_IPRST0_CRPTRST_Msk;
67 
68  //Select the relevant hash algorithm
69  CRPT->HMAC_CTL = CRPT_HMAC_CTL_INSWAP_Msk | CRPT_HMAC_CTL_OUTSWAP_Msk |
70  CRPT_HMAC_CTL_DMACSCAD_Msk | opmode;
71 
72  //SHA-1, SHA-224 or SHA-256 algorithm?
73  if(opmode == CRPT_HMAC_CTL_OPMODE_SHA1 || opmode == CRPT_HMAC_CTL_OPMODE_SHA224 ||
74  opmode == CRPT_HMAC_CTL_OPMODE_SHA256)
75  {
76  //Restore initial hash value
77  for(i = 0; i < hLen; i++)
78  {
79  CRPT->HMAC_FDBCK[2 * i] = h[i];
80  }
81  }
82  else
83  {
84  //Restore initial hash value
85  for(i = 0; i < hLen; i++)
86  {
87  CRPT->HMAC_FDBCK[i] = h[i];
88  }
89  }
90 
91  //Start SHA engine
92  CRPT->HMAC_CTL |= CRPT_HMAC_CTL_START_Msk;
93 
94  //Process input data
95  for(i = 0; i < length; i += 4)
96  {
97  //Wait for the DATINREQ bit to be set
98  while((CRPT->HMAC_STS & CRPT_HMAC_STS_DATINREQ_Msk) == 0)
99  {
100  }
101 
102  //Write one word of data
103  CRPT->HMAC_DATIN = __UNALIGNED_UINT32_READ(data + i);
104  }
105 
106  //Wait for the processing to complete
107  while((CRPT->HMAC_STS & CRPT_HMAC_STS_DATINREQ_Msk) == 0)
108  {
109  }
110 
111  //SHA-1, SHA-224 or SHA-256 algorithm?
112  if(opmode == CRPT_HMAC_CTL_OPMODE_SHA1 || opmode == CRPT_HMAC_CTL_OPMODE_SHA224 ||
113  opmode == CRPT_HMAC_CTL_OPMODE_SHA256)
114  {
115  //Save intermediate hash value
116  for(i = 0; i < hLen; i++)
117  {
118  h[i] = CRPT->HMAC_FDBCK[2 * i];
119  }
120  }
121  else
122  {
123  //Save intermediate hash value
124  for(i = 0; i < hLen; i++)
125  {
126  h[i] = CRPT->HMAC_FDBCK[i];
127  }
128  }
129 
130  //Stop SHA engine
131  CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
132 
133  //Release exclusive access to the CRYPTO module
134  osReleaseMutex(&m460CryptoMutex);
135 }
136 
137 
138 #if (SHA1_SUPPORT == ENABLED)
139 
140 /**
141  * @brief Update the SHA-1 context with a portion of the message being hashed
142  * @param[in] context Pointer to the SHA-1 context
143  * @param[in] data Pointer to the buffer being hashed
144  * @param[in] length Length of the buffer
145  **/
146 
147 void sha1Update(Sha1Context *context, const void *data, size_t length)
148 {
149  size_t n;
150 
151  //Process the incoming data
152  while(length > 0)
153  {
154  //Check whether some data is pending in the buffer
155  if(context->size == 0 && length >= 64)
156  {
157  //The length must be a multiple of 64 bytes
158  n = length - (length % 64);
159 
160  //Update hash value
161  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA1, data, n, context->h,
162  SHA1_DIGEST_SIZE / 4);
163 
164  //Update the SHA-1 context
165  context->totalSize += n;
166  //Advance the data pointer
167  data = (uint8_t *) data + n;
168  //Remaining bytes to process
169  length -= n;
170  }
171  else
172  {
173  //The buffer can hold at most 64 bytes
174  n = MIN(length, 64 - context->size);
175 
176  //Copy the data to the buffer
177  osMemcpy(context->buffer + context->size, data, n);
178 
179  //Update the SHA-1 context
180  context->size += n;
181  context->totalSize += n;
182  //Advance the data pointer
183  data = (uint8_t *) data + n;
184  //Remaining bytes to process
185  length -= n;
186 
187  //Check whether the buffer is full
188  if(context->size == 64)
189  {
190  //Update hash value
191  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA1, context->buffer,
192  context->size, context->h, SHA1_DIGEST_SIZE / 4);
193 
194  //Empty the buffer
195  context->size = 0;
196  }
197  }
198  }
199 }
200 
201 
202 /**
203  * @brief Process message in 16-word blocks
204  * @param[in] context Pointer to the SHA-1 context
205  **/
206 
207 void sha1ProcessBlock(Sha1Context *context)
208 {
209  //Update hash value
210  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA1, context->buffer, 64,
211  context->h, SHA1_DIGEST_SIZE / 4);
212 }
213 
214 #endif
215 #if (SHA256_SUPPORT == ENABLED)
216 
217 /**
218  * @brief Update the SHA-256 context with a portion of the message being hashed
219  * @param[in] context Pointer to the SHA-256 context
220  * @param[in] data Pointer to the buffer being hashed
221  * @param[in] length Length of the buffer
222  **/
223 
224 void sha256Update(Sha256Context *context, const void *data, size_t length)
225 {
226  size_t n;
227 
228  //Process the incoming data
229  while(length > 0)
230  {
231  //Check whether some data is pending in the buffer
232  if(context->size == 0 && length >= 64)
233  {
234  //The length must be a multiple of 64 bytes
235  n = length - (length % 64);
236 
237  //Update hash value
238  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA256, data, n, context->h,
239  SHA256_DIGEST_SIZE / 4);
240 
241  //Update the SHA-256 context
242  context->totalSize += n;
243  //Advance the data pointer
244  data = (uint8_t *) data + n;
245  //Remaining bytes to process
246  length -= n;
247  }
248  else
249  {
250  //The buffer can hold at most 64 bytes
251  n = MIN(length, 64 - context->size);
252 
253  //Copy the data to the buffer
254  osMemcpy(context->buffer + context->size, data, n);
255 
256  //Update the SHA-256 context
257  context->size += n;
258  context->totalSize += n;
259  //Advance the data pointer
260  data = (uint8_t *) data + n;
261  //Remaining bytes to process
262  length -= n;
263 
264  //Check whether the buffer is full
265  if(context->size == 64)
266  {
267  //Update hash value
268  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA256, context->buffer,
269  context->size, context->h, SHA256_DIGEST_SIZE / 4);
270 
271  //Empty the buffer
272  context->size = 0;
273  }
274  }
275  }
276 }
277 
278 
279 /**
280  * @brief Process message in 16-word blocks
281  * @param[in] context Pointer to the SHA-256 context
282  **/
283 
284 void sha256ProcessBlock(Sha256Context *context)
285 {
286  //Update hash value
287  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA256, context->buffer, 64,
288  context->h, SHA256_DIGEST_SIZE / 4);
289 }
290 
291 #endif
292 #if (SHA512_SUPPORT == ENABLED)
293 
294 /**
295  * @brief Update the SHA-512 context with a portion of the message being hashed
296  * @param[in] context Pointer to the SHA-512 context
297  * @param[in] data Pointer to the buffer being hashed
298  * @param[in] length Length of the buffer
299  **/
300 
301 void sha512Update(Sha512Context *context, const void *data, size_t length)
302 {
303  size_t n;
304 
305  //Process the incoming data
306  while(length > 0)
307  {
308  //Check whether some data is pending in the buffer
309  if(context->size == 0 && length >= 128)
310  {
311  //The length must be a multiple of 128 bytes
312  n = length - (length % 128);
313 
314  //Update hash value
315  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA512, data, n,
316  (uint32_t *) context->h, SHA512_DIGEST_SIZE / 4);
317 
318  //Update the SHA-512 context
319  context->totalSize += n;
320  //Advance the data pointer
321  data = (uint8_t *) data + n;
322  //Remaining bytes to process
323  length -= n;
324  }
325  else
326  {
327  //The buffer can hold at most 128 bytes
328  n = MIN(length, 128 - context->size);
329 
330  //Copy the data to the buffer
331  osMemcpy(context->buffer + context->size, data, n);
332 
333  //Update the SHA-512 context
334  context->size += n;
335  context->totalSize += n;
336  //Advance the data pointer
337  data = (uint8_t *) data + n;
338  //Remaining bytes to process
339  length -= n;
340 
341  //Check whether the buffer is full
342  if(context->size == 128)
343  {
344  //Update hash value
345  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA512, context->buffer,
346  context->size, (uint32_t *) context->h, SHA512_DIGEST_SIZE / 4);
347 
348  //Empty the buffer
349  context->size = 0;
350  }
351  }
352  }
353 }
354 
355 
356 /**
357  * @brief Process message in 16-word blocks
358  * @param[in] context Pointer to the SHA-512 context
359  **/
360 
361 void sha512ProcessBlock(Sha512Context *context)
362 {
363  //Update hash value
364  hashProcessData(CRPT_HMAC_CTL_OPMODE_SHA512, context->buffer, 128,
365  (uint32_t *) context->h, SHA512_DIGEST_SIZE / 4);
366 }
367 
368 #endif
369 #if (KECCAK_SUPPORT == ENABLED)
370 
371 /**
372  * @brief Update state array
373  * @param[in] data Pointer to the input buffer
374  * @param[in] length Length of the input buffer
375  * @param[in] blockSize Block size
376  * @param[in,out] a State array
377  **/
378 
379 void keccakProcessData(const uint8_t *data, size_t length, size_t blockSize,
380  uint32_t *a)
381 {
382  uint_t i;
383  uint32_t opmode;
384 
385  //Check block size
386  if(blockSize == 72)
387  {
388  opmode = CRPT_HMAC_CTL_OPMODE_SHA3_512;
389  }
390  else if(blockSize == 104)
391  {
392  opmode = CRPT_HMAC_CTL_OPMODE_SHA3_384;
393  }
394  else if(blockSize == 136)
395  {
396  opmode = CRPT_HMAC_CTL_OPMODE_SHA3_256;
397  }
398  else
399  {
400  opmode = CRPT_HMAC_CTL_OPMODE_SHA3_224;
401  }
402 
403  //Acquire exclusive access to the CRYPTO module
404  osAcquireMutex(&m460CryptoMutex);
405 
406  //Reset CRYPTO controller
407  SYS->IPRST0 |= SYS_IPRST0_CRPTRST_Msk;
408  SYS->IPRST0 &= ~SYS_IPRST0_CRPTRST_Msk;
409 
410  //Select the relevant hash algorithm
411  CRPT->HMAC_CTL = CRPT_HMAC_CTL_INSWAP_Msk | CRPT_HMAC_CTL_OUTSWAP_Msk |
412  CRPT_HMAC_CTL_SHA3EN_Msk | CRPT_HMAC_CTL_DMACSCAD_Msk | opmode;
413 
414  //Restore state array
415  for(i = 0; i < 16; i++)
416  {
417  CRPT->HMAC_FDBCK[i] = reverseInt32(a[49 - i]);
418  }
419 
420  for(i = 0; i < 34; i++)
421  {
422  CRPT->HMAC_FDBCK[54 + i] = reverseInt32(a[33 - i]);
423  }
424 
425  //Start SHA engine
426  CRPT->HMAC_CTL |= CRPT_HMAC_CTL_START_Msk;
427 
428  //Valid buffer?
429  if(data != NULL)
430  {
431  //Process input data
432  for(i = 0; i < length; i += 4)
433  {
434  //Wait for the DATINREQ bit to be set
435  while((CRPT->HMAC_STS & CRPT_HMAC_STS_DATINREQ_Msk) == 0)
436  {
437  }
438 
439  //Write one word of data
440  CRPT->HMAC_DATIN = __UNALIGNED_UINT32_READ(data + i);
441  }
442  }
443  else
444  {
445  //Process input data
446  for(i = 0; i < length; i += 4)
447  {
448  //Wait for the DATINREQ bit to be set
449  while((CRPT->HMAC_STS & CRPT_HMAC_STS_DATINREQ_Msk) == 0)
450  {
451  }
452 
453  //Write one word of data
454  CRPT->HMAC_DATIN = 0;
455  }
456  }
457 
458  //Wait for the processing to complete
459  while((CRPT->HMAC_STS & CRPT_HMAC_STS_DATINREQ_Msk) == 0)
460  {
461  }
462 
463  //Save state array
464  for(i = 0; i < 34; i++)
465  {
466  a[i] = reverseInt32(CRPT->HMAC_FDBCK[87 - i]);
467  }
468 
469  for(i = 0; i < 16; i++)
470  {
471  a[34 + i] = reverseInt32(CRPT->HMAC_FDBCK[15 - i]);
472  }
473 
474  //Stop SHA engine
475  CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
476 
477  //Release exclusive access to the CRYPTO module
478  osReleaseMutex(&m460CryptoMutex);
479 }
480 
481 
482 /**
483  * @brief Absorb data
484  * @param[in] context Pointer to the Keccak context
485  * @param[in] input Pointer to the buffer being hashed
486  * @param[in] length Length of the buffer
487  **/
488 
489 void keccakAbsorb(KeccakContext *context, const void *input, size_t length)
490 {
491  size_t n;
492 
493  //Process the incoming data
494  while(length > 0)
495  {
496  //Check whether some data is pending in the buffer
497  if(context->length == 0 && length >= context->blockSize)
498  {
499  //The length must be a multiple of the block size
500  n = length - (length % context->blockSize);
501 
502  //Absorb the current block
503  keccakProcessData(input, n, context->blockSize,
504  (uint32_t *) context->a);
505 
506  //Advance the data pointer
507  input = (uint8_t *) input + n;
508  //Remaining bytes to process
509  length -= n;
510  }
511  else
512  {
513  //The buffer can hold at most one block
514  n = MIN(length, context->blockSize - context->length);
515 
516  //Copy the data to the buffer
517  osMemcpy(context->buffer + context->length, input, n);
518  //Update the length of the buffer
519  context->length += n;
520 
521  //Advance the data pointer
522  input = (uint8_t *) input + n;
523  //Remaining bytes to process
524  length -= n;
525 
526  //Check whether the buffer is full
527  if(context->length == context->blockSize)
528  {
529  //Absorb the current block
530  keccakProcessData(context->buffer, context->length,
531  context->blockSize, (uint32_t *) context->a);
532 
533  //Empty the buffer
534  context->length = 0;
535  }
536  }
537  }
538 }
539 
540 
541 /**
542  * @brief Block permutation
543  * @param[in] context Pointer to the Keccak context
544  **/
545 
546 void keccakPermutBlock(KeccakContext *context)
547 {
548  //Perform block permutation
549  keccakProcessData(NULL, context->blockSize, context->blockSize,
550  (uint32_t *) context->a);
551 }
552 
553 #endif
554 #endif
hashProcessData
void hashProcessData(uint32_t opmode, const uint8_t *data, size_t length, uint32_t *h, size_t hLen)
Update hash value.
Definition: m460_crypto_hash.c:56
KeccakContext::a
keccak_lane_t a[5][5]
Definition: keccak.h:117
CRPT_HMAC_CTL_OPMODE_SHA3_512
#define CRPT_HMAC_CTL_OPMODE_SHA3_512
Definition: m2354_crypto_hash.h:52
a
uint8_t a
Definition: ndp.h:411
Sha256Context
SHA-256 algorithm context.
Definition: sha256.h:62
sha256ProcessBlock
void sha256ProcessBlock(Sha256Context *context)
Process message in 16-word blocks.
Definition: m460_crypto_hash.c:284
CRPT_HMAC_CTL_OPMODE_SHA256
#define CRPT_HMAC_CTL_OPMODE_SHA256
Definition: m2354_crypto_hash.h:46
data
uint8_t data[]
Definition: ethernet.h:222
KeccakContext
Keccak context.
Definition: keccak.h:116
Sha256Context::size
size_t size
Definition: sha256.h:69
Sha256Context::h
uint32_t h[8]
Definition: sha256.h:63
sha512ProcessBlock
void sha512ProcessBlock(Sha512Context *context)
Process message in 16-word blocks.
Definition: m460_crypto_hash.c:361
Sha1Context::totalSize
uint64_t totalSize
Definition: sha1.h:70
keccakPermutBlock
void keccakPermutBlock(KeccakContext *context)
Block permutation.
Definition: m460_crypto_hash.c:546
Sha512Context::size
size_t size
Definition: sha512.h:69
sha1Update
void sha1Update(Sha1Context *context, const void *data, size_t length)
Update the SHA-1 context with a portion of the message being hashed.
Definition: m460_crypto_hash.c:147
KeccakContext::buffer
uint8_t buffer[24 *KECCAK_W_BYTES]
Definition: keccak.h:118
h
uint8_t h
Definition: ndp.h:302
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
m460_crypto_hash.h
M460 hash hardware accelerator.
CRPT_HMAC_CTL_OPMODE_SHA3_256
#define CRPT_HMAC_CTL_OPMODE_SHA3_256
Definition: m2354_crypto_hash.h:50
keccakProcessData
void keccakProcessData(const uint8_t *data, size_t length, size_t blockSize, uint32_t *a)
Update state array.
Definition: m460_crypto_hash.c:379
Sha512Context
SHA-512 algorithm context.
Definition: sha512.h:62
Sha1Context::h
uint32_t h[5]
Definition: sha1.h:63
crypto.h
General definitions for cryptographic algorithms.
Sha512Context::buffer
uint8_t buffer[128]
Definition: sha512.h:67
length
uint8_t length
Definition: tcp.h:375
Sha256Context::buffer
uint8_t buffer[64]
Definition: sha256.h:67
MIN
#define MIN(a, b)
Definition: os_port.h:63
hash_algorithms.h
Collection of hash algorithms.
CRPT_HMAC_CTL_OPMODE_SHA512
#define CRPT_HMAC_CTL_OPMODE_SHA512
Definition: m2354_crypto_hash.h:48
SHA1_DIGEST_SIZE
#define SHA1_DIGEST_SIZE
Definition: sha1.h:45
keccak.h
Keccak sponge function.
keccakAbsorb
void keccakAbsorb(KeccakContext *context, const void *input, size_t length)
Absorb data.
Definition: m460_crypto_hash.c:489
Sha512Context::h
uint64_t h[8]
Definition: sha512.h:63
n
uint8_t n
Definition: dhcpv6_common.h:416
KeccakContext::blockSize
uint_t blockSize
Definition: keccak.h:119
CRPT_HMAC_CTL_OPMODE_SHA1
#define CRPT_HMAC_CTL_OPMODE_SHA1
Definition: m2354_crypto_hash.h:45
osAcquireMutex
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
Definition: os_port_chibios.c:396
KeccakContext::length
size_t length
Definition: keccak.h:120
osReleaseMutex
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
Definition: os_port_chibios.c:408
sha1ProcessBlock
void sha1ProcessBlock(Sha1Context *context)
Process message in 16-word blocks.
Definition: m460_crypto_hash.c:207
CRPT_HMAC_CTL_OPMODE_SHA3_384
#define CRPT_HMAC_CTL_OPMODE_SHA3_384
Definition: m2354_crypto_hash.h:53
m460_crypto.h
M460 hardware cryptographic accelerator.
Sha1Context::size
size_t size
Definition: sha1.h:69
CRPT_HMAC_CTL_OPMODE_SHA224
#define CRPT_HMAC_CTL_OPMODE_SHA224
Definition: m2354_crypto_hash.h:47
CRPT_HMAC_CTL_OPMODE_SHA3_224
#define CRPT_HMAC_CTL_OPMODE_SHA3_224
Definition: m2354_crypto_hash.h:51
Sha1Context
SHA-1 algorithm context.
Definition: sha1.h:62
reverseInt32
uint32_t reverseInt32(uint32_t value)
Reverse bit order in a 32-bit word.
Definition: cpu_endian.c:123
Sha1Context::buffer
uint8_t buffer[64]
Definition: sha1.h:67
Sha512Context::totalSize
uint64_t totalSize
Definition: sha512.h:70
Sha256Context::totalSize
uint64_t totalSize
Definition: sha256.h:70
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE
Definition: sha256.h:45
m460CryptoMutex
OsMutex m460CryptoMutex
Definition: m460_crypto.c:42
SHA512_DIGEST_SIZE
#define SHA512_DIGEST_SIZE
Definition: sha512.h:45
debug.h
Debugging facilities.
sha512Update
void sha512Update(Sha512Context *context, const void *data, size_t length)
Update the SHA-512 context with a portion of the message being hashed.
Definition: m460_crypto_hash.c:301
sha256Update
void sha256Update(Sha256Context *context, const void *data, size_t length)
Update the SHA-256 context with a portion of the message being hashed.
Definition: m460_crypto_hash.c:224