Make SHA256 and SHA512 handle >UINT32_MAX data correctly (now with fix for ARM compilation)
Change-Id: Iaa0c5675c07e9b54b2a389c53ed503e7a21ba731
BUG=chrome-os-partner:2912
TEST=
1) emerge-x86-generic vboot_reference
2) emerge-arm-generic vboot_reference
3) emerge-arm-generic vboot_reference-firmware
4) emerge-tegra2 vboot_reference-firmware
5) make && make runtests
Review URL: http://codereview.chromium.org/6760017
diff --git a/firmware/arch/arm/include/biosincludes.h b/firmware/arch/arm/include/biosincludes.h
index b7feacb..2c08dee 100644
--- a/firmware/arch/arm/include/biosincludes.h
+++ b/firmware/arch/arm/include/biosincludes.h
@@ -34,6 +34,10 @@
#define UINT64_RSHIFT(v, shiftby) (((uint64_t)(v)) >> (shiftby))
#define UINT64_MULT32(v, multby) (((uint64_t)(v)) * ((uint32_t)(multby)))
+#ifndef UINT32_MAX
+#define UINT32_MAX (UINT32_C(0xffffffffU))
+#endif
+
#ifndef UINT64_MAX
#define UINT64_MAX (UINT64_C(0xffffffffffffffffULL))
#endif
diff --git a/firmware/lib/cryptolib/include/sha.h b/firmware/lib/cryptolib/include/sha.h
index 46e417d..8beb296 100644
--- a/firmware/lib/cryptolib/include/sha.h
+++ b/firmware/lib/cryptolib/include/sha.h
@@ -58,11 +58,11 @@
uint8_t* SHA1_final(SHA1_CTX* ctx);
void SHA256_init(SHA256_CTX* ctx);
-void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint64_t len);
+void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint32_t len);
uint8_t* SHA256_final(SHA256_CTX* ctx);
void SHA512_init(SHA512_CTX* ctx);
-void SHA512_update(SHA512_CTX* ctx, const uint8_t* data, uint64_t len);
+void SHA512_update(SHA512_CTX* ctx, const uint8_t* data, uint32_t len);
uint8_t* SHA512_final(SHA512_CTX* ctx);
/* Convenience function for SHA-1. Computes hash on [data] of length [len].
diff --git a/firmware/lib/cryptolib/sha2.c b/firmware/lib/cryptolib/sha2.c
index aa26917..d8dce06 100644
--- a/firmware/lib/cryptolib/sha2.c
+++ b/firmware/lib/cryptolib/sha2.c
@@ -332,22 +332,22 @@
-void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint64_t len) {
+void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, uint32_t len) {
unsigned int block_nb;
unsigned int new_len, rem_len, tmp_len;
const uint8_t *shifted_data;
tmp_len = SHA256_BLOCK_SIZE - ctx->len;
- rem_len = len < tmp_len ? (unsigned int)len : tmp_len;
+ rem_len = len < tmp_len ? len : tmp_len;
Memcpy(&ctx->block[ctx->len], data, rem_len);
if (ctx->len + len < SHA256_BLOCK_SIZE) {
- ctx->len += (uint32_t)len;
+ ctx->len += len;
return;
}
- new_len = (unsigned int)len - rem_len;
+ new_len = len - rem_len;
block_nb = new_len / SHA256_BLOCK_SIZE;
shifted_data = data + rem_len;
@@ -424,8 +424,7 @@
static void SHA512_transform(SHA512_CTX* ctx, const uint8_t* message,
- unsigned int block_nb)
-{
+ unsigned int block_nb) {
uint64_t w[80];
uint64_t wv[8];
uint64_t t1, t2;
@@ -520,22 +519,22 @@
void SHA512_update(SHA512_CTX* ctx, const uint8_t* data,
- uint64_t len) {
+ uint32_t len) {
unsigned int block_nb;
unsigned int new_len, rem_len, tmp_len;
const uint8_t* shifted_data;
tmp_len = SHA512_BLOCK_SIZE - ctx->len;
- rem_len = len < tmp_len ? (unsigned int)len : tmp_len;
+ rem_len = len < tmp_len ? len : tmp_len;
Memcpy(&ctx->block[ctx->len], data, rem_len);
if (ctx->len + len < SHA512_BLOCK_SIZE) {
- ctx->len += (uint32_t)len;
+ ctx->len += len;
return;
}
- new_len = (unsigned int)len - rem_len;
+ new_len = len - rem_len;
block_nb = new_len / SHA512_BLOCK_SIZE;
shifted_data = data + rem_len;
@@ -593,31 +592,60 @@
}
-
-/* Convenient functions. */
uint8_t* SHA256(const uint8_t* data, uint64_t len, uint8_t* digest) {
- const uint8_t* p;
+ const uint8_t* input_ptr;
+ const uint8_t* result;
+ uint64_t remaining_len;
int i;
SHA256_CTX ctx;
+
SHA256_init(&ctx);
- SHA256_update(&ctx, data, len);
- p = SHA256_final(&ctx);
+
+ input_ptr = data;
+ remaining_len = len;
+
+ /* Process data in at most UINT32_MAX byte chunks at a time. */
+ while (remaining_len) {
+ uint32_t block_size;
+ block_size = (uint32_t) ((remaining_len >= UINT32_MAX) ?
+ UINT32_MAX : remaining_len);
+ SHA256_update(&ctx, input_ptr, block_size);
+ remaining_len -= block_size;
+ input_ptr += block_size;
+ }
+
+ result = SHA256_final(&ctx);
for (i = 0; i < SHA256_DIGEST_SIZE; ++i) {
- digest[i] = *p++;
+ digest[i] = *result++;
}
return digest;
}
uint8_t* SHA512(const uint8_t* data, uint64_t len, uint8_t* digest) {
- const uint8_t* p;
+ const uint8_t* input_ptr;
+ const uint8_t* result;
+ uint64_t remaining_len;
int i;
SHA512_CTX ctx;
SHA512_init(&ctx);
- SHA512_update(&ctx, data, len);
- p = SHA512_final(&ctx);
+
+ input_ptr = data;
+ remaining_len = len;
+
+ /* Process data in at most UINT32_MAX byte chunks at a time. */
+ while (remaining_len) {
+ uint32_t block_size;
+ block_size = (uint32_t) ((remaining_len >= UINT32_MAX) ?
+ UINT32_MAX : remaining_len);
+ SHA512_update(&ctx, input_ptr, block_size);
+ remaining_len -= block_size;
+ input_ptr += block_size;
+ }
+
+ result = SHA512_final(&ctx);
for (i = 0; i < SHA512_DIGEST_SIZE; ++i) {
- digest[i] = *p++;
+ digest[i] = *result++;
}
return digest;
}
