osd-contiki/cpu/cc2538/dev/sha256.c

/*
 * Original file:
 * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
 * All rights reserved.
 *
 * Port to Contiki:
 * Copyright (c) 2013, ADVANSEE - http://www.advansee.com/
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */
/**
 * \addtogroup cc2538-sha256
 * @{
 *
 * \file
 * Implementation of the cc2538 SHA-256 driver
 */
#include "contiki.h"
#include "sys/cc.h"
#include "dev/rom-util.h"
#include "dev/aes.h"
#include "dev/sha256.h"
#include "reg.h"

#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
#define BLOCK_SIZE      64
#define OUTPUT_LEN      32
/*---------------------------------------------------------------------------*/
/** \brief Starts a new hash session in hardware
 * \param state Hash state
 * \param data Pointer to input message
 * \param hash Destination of the hash (32 bytes)
 * \return \c CRYPTO_SUCCESS if successful, or CRYPTO/SHA256 error code
 */
static uint8_t
new_hash(sha256_state_t *state, const void *data, void *hash)
{
  /* Workaround for AES registers not retained after PM2 */
  REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
  REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
                         AES_CTRL_INT_EN_RESULT_AV;

  /* Configure master control module and enable DMA path to the SHA-256 engine
   * + Digest readout */
  REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_TAG | AES_CTRL_ALG_SEL_HASH;

  /* Clear any outstanding events */
  REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_RESULT_AV;

  /* Configure hash engine
   * Indicate start of a new hash session and SHA-256 */
  REG(AES_HASH_MODE_IN) = AES_HASH_MODE_IN_SHA256_MODE |
                          AES_HASH_MODE_IN_NEW_HASH;

  /* If the final digest is required (pad the input DMA data), write the
   * following register */
  if(state->final_digest) {
    /* Write length of the message (lo) */
    REG(AES_HASH_LENGTH_IN_L) = (uint32_t)state->length;
    /* Write length of the message (hi) */
    REG(AES_HASH_LENGTH_IN_H) = (uint32_t)(state->length >> 32);
    /* Pad the DMA-ed data */
    REG(AES_HASH_IO_BUF_CTRL) = AES_HASH_IO_BUF_CTRL_PAD_DMA_MESSAGE;
  }

  /* Enable DMA channel 0 for message data */
  REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
  /* Base address of the data in ext. memory */
  REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)data;
  if(state->final_digest) {
    /* Input data length in bytes, equal to the message */
    REG(AES_DMAC_CH0_DMALENGTH) = state->curlen;
  } else {
    REG(AES_DMAC_CH0_DMALENGTH) = BLOCK_SIZE;
  }

  /* Enable DMA channel 1 for result digest */
  REG(AES_DMAC_CH1_CTRL) = AES_DMAC_CH_CTRL_EN;
  /* Base address of the digest buffer */
  REG(AES_DMAC_CH1_EXTADDR) = (uint32_t)hash;
  /* Length of the result digest */
  REG(AES_DMAC_CH1_DMALENGTH) = OUTPUT_LEN;

  /* Wait for completion of the operation */
  while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_RESULT_AV));

  if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
    /* Clear the DMA error */
    REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
    /* Disable master control / DMA clock */
    REG(AES_CTRL_ALG_SEL) = 0x00000000;
    return CRYPTO_DMA_BUS_ERROR;
  }

  /* Clear the interrupt */
  REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
                          AES_CTRL_INT_CLR_RESULT_AV;
  /* Disable master control / DMA clock */
  REG(AES_CTRL_ALG_SEL) = 0x00000000;
  /* Clear mode */
  REG(AES_AES_CTRL) = 0x00000000;

  return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
/** \brief Resumes an already started hash session in hardware
 * \param state Hash state
 * \param data Pointer to the input message
 * \param hash Pointer to the destination of the hash (32 bytes)
 * \return \c CRYPTO_SUCCESS if successful, or CRYPTO/SHA256 error code
 */
static uint8_t
resume_hash(sha256_state_t *state, const void *data, void *hash)
{
  /* Workaround for AES registers not retained after PM2 */
  REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
  REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
                         AES_CTRL_INT_EN_RESULT_AV;

  /* Configure master control module and enable the DMA path to the SHA-256
   * engine */
  REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_HASH;

  /* Clear any outstanding events */
  REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_RESULT_AV;

  /* Configure hash engine
   * Indicate the start of a resumed hash session and SHA-256 */
  REG(AES_HASH_MODE_IN) = AES_HASH_MODE_IN_SHA256_MODE;

  /* If the final digest is required (pad the input DMA data) */
  if(state->final_digest) {
    /* Write length of the message (lo) */
    REG(AES_HASH_LENGTH_IN_L) = (uint32_t)state->length;
    /* Write length of the message (hi) */
    REG(AES_HASH_LENGTH_IN_H) = (uint32_t)(state->length >> 32);
  }

  /* Write the initial digest */
  REG(AES_HASH_DIGEST_A) = (uint32_t)state->state[0];
  REG(AES_HASH_DIGEST_B) = (uint32_t)state->state[1];
  REG(AES_HASH_DIGEST_C) = (uint32_t)state->state[2];
  REG(AES_HASH_DIGEST_D) = (uint32_t)state->state[3];
  REG(AES_HASH_DIGEST_E) = (uint32_t)state->state[4];
  REG(AES_HASH_DIGEST_F) = (uint32_t)state->state[5];
  REG(AES_HASH_DIGEST_G) = (uint32_t)state->state[6];
  REG(AES_HASH_DIGEST_H) = (uint32_t)state->state[7];

  /* If final digest, pad the DMA-ed data */
  if(state->final_digest) {
    REG(AES_HASH_IO_BUF_CTRL) = AES_HASH_IO_BUF_CTRL_PAD_DMA_MESSAGE;
  }

  /* Enable DMA channel 0 for message data */
  REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
  /* Base address of the data in ext. memory */
  REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)data;
  /* Input data length in bytes, equal to the message */
  if(state->final_digest) {
    REG(AES_DMAC_CH0_DMALENGTH) = state->curlen;
  } else {
    REG(AES_DMAC_CH0_DMALENGTH) = BLOCK_SIZE;
  }

  /* Wait for completion of the operation */
  while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_RESULT_AV));

  /* Check for any DMA Bus errors */
  if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
    /* Clear the DMA error */
    REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
    /* Disable master control / DMA clock */
    REG(AES_CTRL_ALG_SEL) = 0x00000000;
    return CRYPTO_DMA_BUS_ERROR;
  }

  /* Read digest */
  ((uint32_t *)hash)[0] = REG(AES_HASH_DIGEST_A);
  ((uint32_t *)hash)[1] = REG(AES_HASH_DIGEST_B);
  ((uint32_t *)hash)[2] = REG(AES_HASH_DIGEST_C);
  ((uint32_t *)hash)[3] = REG(AES_HASH_DIGEST_D);
  ((uint32_t *)hash)[4] = REG(AES_HASH_DIGEST_E);
  ((uint32_t *)hash)[5] = REG(AES_HASH_DIGEST_F);
  ((uint32_t *)hash)[6] = REG(AES_HASH_DIGEST_G);
  ((uint32_t *)hash)[7] = REG(AES_HASH_DIGEST_H);

  /* Acknowledge reading of the digest */
  REG(AES_HASH_IO_BUF_CTRL) = AES_HASH_IO_BUF_CTRL_OUTPUT_FULL;

  /* Clear the interrupt */
  REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
                          AES_CTRL_INT_CLR_RESULT_AV;
  /* Disable master control / DMA clock */
  REG(AES_CTRL_ALG_SEL) = 0x00000000;
  /* Clear mode */
  REG(AES_AES_CTRL) = 0x00000000;

  return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
uint8_t
sha256_init(sha256_state_t *state)
{
  if(state == NULL) {
    return CRYPTO_NULL_ERROR;
  }

  state->curlen = 0;
  state->length = 0;
  state->new_digest = true;
  state->final_digest = false;
  return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
uint8_t
sha256_process(sha256_state_t *state, const void *data, uint32_t len)
{
  uint32_t n;
  uint8_t ret;

  if(state == NULL || data == NULL) {
    return CRYPTO_NULL_ERROR;
  }

  if(state->curlen > sizeof(state->buf)) {
    return CRYPTO_INVALID_PARAM;
  }

  if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
    return CRYPTO_RESOURCE_IN_USE;
  }

  if(len > 0 && state->new_digest) {
    if(state->curlen == 0 && len > BLOCK_SIZE) {
      rom_util_memcpy(state->buf, data, BLOCK_SIZE);
      ret = new_hash(state, state->buf, state->state);
      if(ret != CRYPTO_SUCCESS) {
        return ret;
      }
      state->new_digest = false;
      state->length += BLOCK_SIZE << 3;
      data += BLOCK_SIZE;
      len -= BLOCK_SIZE;
    } else {
      n = MIN(len, BLOCK_SIZE - state->curlen);
      rom_util_memcpy(&state->buf[state->curlen], data, n);
      state->curlen += n;
      data += n;
      len -= n;
      if(state->curlen == BLOCK_SIZE && len > 0) {
        ret = new_hash(state, state->buf, state->state);
        if(ret != CRYPTO_SUCCESS) {
          return ret;
        }
        state->new_digest = false;
        state->length += BLOCK_SIZE << 3;
        state->curlen = 0;
      }
    }
  }

  while(len > 0 && !state->new_digest) {
    if(state->curlen == 0 && len > BLOCK_SIZE) {
      rom_util_memcpy(state->buf, data, BLOCK_SIZE);
      ret = resume_hash(state, state->buf, state->state);
      if(ret != CRYPTO_SUCCESS) {
        return ret;
      }
      state->length += BLOCK_SIZE << 3;
      data += BLOCK_SIZE;
      len -= BLOCK_SIZE;
    } else {
      n = MIN(len, BLOCK_SIZE - state->curlen);
      rom_util_memcpy(&state->buf[state->curlen], data, n);
      state->curlen += n;
      data += n;
      len -= n;
      if(state->curlen == BLOCK_SIZE && len > 0) {
        ret = resume_hash(state, state->buf, state->state);
        if(ret != CRYPTO_SUCCESS) {
          return ret;
        }
        state->length += BLOCK_SIZE << 3;
        state->curlen = 0;
      }
    }
  }

  return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
uint8_t
sha256_done(sha256_state_t *state, void *hash)
{
  uint8_t ret;

  if(state == NULL || hash == NULL) {
    return CRYPTO_NULL_ERROR;
  }

  if(state->curlen > sizeof(state->buf)) {
    return CRYPTO_INVALID_PARAM;
  }

  if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
    return CRYPTO_RESOURCE_IN_USE;
  }

  /* Increase the length of the message */
  state->length += state->curlen << 3;
  state->final_digest = true;
  if(state->new_digest) {
    ret = new_hash(state, state->buf, hash);
    if(ret != CRYPTO_SUCCESS) {
      return ret;
    }
  } else {
    ret = resume_hash(state, state->buf, hash);
    if(ret != CRYPTO_SUCCESS) {
      return ret;
    }
  }
  state->new_digest = false;
  state->final_digest = false;

  return CRYPTO_SUCCESS;
}

/** @} */