From ac76a8fe0f7501d8e04dedb6519f7f1c7603e520 Mon Sep 17 00:00:00 2001
From: makejian <makejian@xiaomi.com>
Date: Tue, 8 Aug 2023 14:02:52 +0800
Subject: [PATCH] crypto: export SHA224/SHA384 via /dev/crypto

(1)add sha224 algorithm in sha2.c
(2)export sha224/sha384
Signed-off-by: makejian <makejian@xiaomi.com>
---
 crypto/cryptodev.c         |  6 ++++
 crypto/cryptosoft.c        | 12 ++++++++
 crypto/sha2.c              | 63 ++++++++++++++++++++++++++++++++++++--
 crypto/xform.c             | 25 +++++++++++++++
 include/crypto/cryptodev.h | 10 +++---
 include/crypto/sha2.h      |  7 +++++
 include/crypto/xform.h     |  2 ++
 7 files changed, 119 insertions(+), 6 deletions(-)

diff --git a/crypto/cryptodev.c b/crypto/cryptodev.c
index d00dac39c3..7340aba8f3 100644
--- a/crypto/cryptodev.c
+++ b/crypto/cryptodev.c
@@ -276,9 +276,15 @@ static int cryptof_ioctl(FAR struct file *filep,
             case CRYPTO_SHA1:
               thash = &auth_hash_sha1;
               break;
+            case CRYPTO_SHA2_224:
+              thash = &auth_hash_sha2_224;
+              break;
             case CRYPTO_SHA2_256:
               thash = &auth_hash_sha2_256;
               break;
+            case CRYPTO_SHA2_384:
+              thash = &auth_hash_sha2_384;
+              break;
             case CRYPTO_SHA2_512:
               thash = &auth_hash_sha2_512;
               break;
diff --git a/crypto/cryptosoft.c b/crypto/cryptosoft.c
index 4f6953523a..7b1372df4d 100644
--- a/crypto/cryptosoft.c
+++ b/crypto/cryptosoft.c
@@ -761,9 +761,15 @@ int swcr_newsession(FAR uint32_t *sid, FAR struct cryptoini *cri)
           case CRYPTO_SHA1:
             axf = &auth_hash_sha1;
             goto auth3common;
+          case CRYPTO_SHA2_224:
+            axf = &auth_hash_sha2_224;
+            goto auth3common;
           case CRYPTO_SHA2_256:
             axf = &auth_hash_sha2_256;
             goto auth3common;
+          case CRYPTO_SHA2_384:
+            axf = &auth_hash_sha2_384;
+            goto auth3common;
           case CRYPTO_SHA2_512:
             axf = &auth_hash_sha2_512;
 
@@ -903,7 +909,9 @@ int swcr_freesession(uint64_t tid)
           case CRYPTO_CHACHA20_POLY1305_MAC:
           case CRYPTO_MD5:
           case CRYPTO_SHA1:
+          case CRYPTO_SHA2_224:
           case CRYPTO_SHA2_256:
+          case CRYPTO_SHA2_384:
           case CRYPTO_SHA2_512:
             axf = swd->sw_axf;
 
@@ -1011,7 +1019,9 @@ int swcr_process(struct cryptop *crp)
 
           case CRYPTO_MD5:
           case CRYPTO_SHA1:
+          case CRYPTO_SHA2_224:
           case CRYPTO_SHA2_256:
+          case CRYPTO_SHA2_384:
           case CRYPTO_SHA2_512:
             if ((crp->crp_etype = swcr_hash(crp, crd, sw,
                 crp->crp_buf)) != 0)
@@ -1083,7 +1093,9 @@ void swcr_init(void)
   algs[CRYPTO_CHACHA20_POLY1305_MAC] = CRYPTO_ALG_FLAG_SUPPORTED;
   algs[CRYPTO_MD5] = CRYPTO_ALG_FLAG_SUPPORTED;
   algs[CRYPTO_SHA1] = CRYPTO_ALG_FLAG_SUPPORTED;
+  algs[CRYPTO_SHA2_224] = CRYPTO_ALG_FLAG_SUPPORTED;
   algs[CRYPTO_SHA2_256] = CRYPTO_ALG_FLAG_SUPPORTED;
+  algs[CRYPTO_SHA2_384] = CRYPTO_ALG_FLAG_SUPPORTED;
   algs[CRYPTO_SHA2_512] = CRYPTO_ALG_FLAG_SUPPORTED;
   algs[CRYPTO_ESN] = CRYPTO_ALG_FLAG_SUPPORTED;
 
diff --git a/crypto/sha2.c b/crypto/sha2.c
index 76af7d18ee..9e8bd745c9 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -211,6 +211,20 @@ const static uint32_t sha256_initial_hash_value[8] =
   0x5be0cd19ul
 };
 
+/* Initial hash value H for SHA-224: */
+
+const static uint32_t sha224_initial_hash_value[8] =
+{
+  0xc1059ed8ul,
+  0x367cd507ul,
+  0x3070dd17ul,
+  0xf70e5939ul,
+  0xffc00b31ul,
+  0x68581511ul,
+  0x64f98fa7ul,
+  0xbefa4fa4ul
+};
+
 /* Hash constant words K for SHA-384 and SHA-512: */
 
 const static uint64_t K512[80] =
@@ -576,7 +590,7 @@ void sha256update(FAR SHA2_CTX *context,
   usedspace = freespace = 0;
 }
 
-void sha256final(FAR uint8_t *digest, FAR SHA2_CTX *context)
+void sha256last(FAR SHA2_CTX *context)
 {
   unsigned int usedspace;
 
@@ -638,6 +652,11 @@ void sha256final(FAR uint8_t *digest, FAR SHA2_CTX *context)
   /* Final transform: */
 
   sha256transform(context->state.st32, context->buffer);
+}
+
+void sha256final(FAR uint8_t *digest, FAR SHA2_CTX *context)
+{
+  sha256last(context);
 
 #if BYTE_ORDER == LITTLE_ENDIAN
     {
@@ -657,7 +676,47 @@ void sha256final(FAR uint8_t *digest, FAR SHA2_CTX *context)
   /* Clean up state data: */
 
   explicit_bzero(context, sizeof(*context));
-  usedspace = 0;
+}
+
+/* SHA-224: */
+
+void sha224init(FAR SHA2_CTX *context)
+{
+  memcpy(context->state.st32,
+         sha224_initial_hash_value,
+         SHA256_DIGEST_LENGTH);
+
+  memset(context->buffer, 0, SHA224_BLOCK_LENGTH);
+  context->bitcount[0] = 0;
+}
+
+void sha224update(FAR SHA2_CTX *context, FAR const void *data, size_t len)
+{
+  sha256update(context, data, len);
+}
+
+void sha224final(FAR uint8_t *digest, FAR SHA2_CTX *context)
+{
+  sha256last(context);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+    {
+      /* Convert TO host byte order */
+
+      int j;
+
+      for (j = 0; j < 8; j++)
+        {
+          context->state.st32[j] = swap32(context->state.st32[j]);
+        }
+    }
+#endif
+
+  memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
+
+  /* Clean up state data: */
+
+  explicit_bzero(context, sizeof(*context));
 }
 
 /* SHA-512: */
diff --git a/crypto/xform.c b/crypto/xform.c
index 30d158fe03..774c069d0c 100644
--- a/crypto/xform.c
+++ b/crypto/xform.c
@@ -113,6 +113,7 @@ void aes_gcm_reinit(caddr_t, FAR uint8_t *);
 int md5update_int(FAR void *, FAR const uint8_t *, uint16_t);
 int sha1update_int(FAR void *, FAR const uint8_t *, uint16_t);
 int rmd160update_int(FAR void *, FAR const uint8_t *, uint16_t);
+int sha224update_int(FAR void *, FAR const uint8_t *, uint16_t);
 int sha256update_int(FAR void *, FAR const uint8_t *, uint16_t);
 int sha384update_int(FAR void *, FAR const uint8_t *, uint16_t);
 int sha512update_int(FAR void *, FAR const uint8_t *, uint16_t);
@@ -351,6 +352,15 @@ const struct auth_hash auth_hash_sha1 =
   (void (*) (FAR uint8_t *, FAR void *)) sha1final
 };
 
+const struct auth_hash auth_hash_sha2_224 =
+{
+  CRYPTO_SHA2_224, "SHA2-224",
+  0, 28, 16, sizeof(SHA2_CTX), SHA224_BLOCK_LENGTH,
+  (void (*)(FAR void *)) sha224init, NULL, NULL,
+  sha224update_int,
+  (void (*)(FAR uint8_t *, FAR void *)) sha224final
+};
+
 const struct auth_hash auth_hash_sha2_256 =
 {
   CRYPTO_SHA2_256, "SHA2-256",
@@ -360,6 +370,15 @@ const struct auth_hash auth_hash_sha2_256 =
   (void (*)(FAR uint8_t *, FAR void *)) sha256final
 };
 
+const struct auth_hash auth_hash_sha2_384 =
+{
+  CRYPTO_SHA2_384, "SHA2-384",
+  0, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN,
+  (void (*)(FAR void *)) sha384init, NULL, NULL,
+  sha384update_int,
+  (void (*)(FAR uint8_t *, FAR void *)) sha384final
+};
+
 const struct auth_hash auth_hash_sha2_512 =
 {
   CRYPTO_SHA2_512, "SHA2-512",
@@ -639,6 +658,12 @@ int sha1update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
   return 0;
 }
 
+int sha224update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
+{
+  sha224update(ctx, buf, len);
+  return 0;
+}
+
 int sha256update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
   sha256update(ctx, buf, len);
diff --git a/include/crypto/cryptodev.h b/include/crypto/cryptodev.h
index a0894b10b1..76a2736536 100644
--- a/include/crypto/cryptodev.h
+++ b/include/crypto/cryptodev.h
@@ -115,10 +115,12 @@
 #define CRYPTO_CHACHA20_POLY1305_MAC 22
 #define CRYPTO_MD5              23
 #define CRYPTO_SHA1             24
-#define CRYPTO_SHA2_256         25
-#define CRYPTO_SHA2_512         26
-#define CRYPTO_ESN              27 /* Support for Extended Sequence Numbers */
-#define CRYPTO_ALGORITHM_MAX    27 /* Keep updated */
+#define CRYPTO_SHA2_224         25
+#define CRYPTO_SHA2_256         26
+#define CRYPTO_SHA2_384         27
+#define CRYPTO_SHA2_512         28
+#define CRYPTO_ESN              29 /* Support for Extended Sequence Numbers */
+#define CRYPTO_ALGORITHM_MAX    29 /* Keep updated */
 
 /* Algorithm flags */
 
diff --git a/include/crypto/sha2.h b/include/crypto/sha2.h
index b5e3a5a59b..270216114c 100644
--- a/include/crypto/sha2.h
+++ b/include/crypto/sha2.h
@@ -46,6 +46,9 @@
 
 /* SHA-256/384/512 Various Length Definitions */
 
+#define SHA224_BLOCK_LENGTH         64
+#define SHA224_DIGEST_LENGTH        28
+#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1)
 #define SHA256_BLOCK_LENGTH         64
 #define SHA256_DIGEST_LENGTH        32
 #define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
@@ -69,6 +72,10 @@ typedef struct _SHA2_CTX
   uint8_t buffer[SHA512_BLOCK_LENGTH];
 } SHA2_CTX;
 
+void sha224init(FAR SHA2_CTX *);
+void sha224update(FAR SHA2_CTX *, FAR const void *, size_t);
+void sha224final(FAR uint8_t *, FAR SHA2_CTX *);
+
 void sha256init(FAR SHA2_CTX *);
 void sha256update(FAR SHA2_CTX *, FAR const void *, size_t);
 void sha256final(FAR uint8_t *, FAR SHA2_CTX *);
diff --git a/include/crypto/xform.h b/include/crypto/xform.h
index a380680807..28f71d5d4c 100644
--- a/include/crypto/xform.h
+++ b/include/crypto/xform.h
@@ -118,7 +118,9 @@ extern const struct auth_hash auth_hash_gmac_aes_256;
 extern const struct auth_hash auth_hash_chacha20_poly1305;
 extern const struct auth_hash auth_hash_md5;
 extern const struct auth_hash auth_hash_sha1;
+extern const struct auth_hash auth_hash_sha2_224;
 extern const struct auth_hash auth_hash_sha2_256;
+extern const struct auth_hash auth_hash_sha2_384;
 extern const struct auth_hash auth_hash_sha2_512;
 
 #endif /* __INCLUDE_CRYPTO_XFORM_H */