Merge branch 'fix/sha512_block_mode' into 'master'

mbedtls: fix sha-512 block mode build error See merge request espressif/esp-idf!23569
cablelabs · May 8, 2023 · 17451f1 · 17451f1
2 parents 9652d8e + 9a87b26
commit 17451f1
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 55 deletions.
diff --git a/components/mbedtls/port/include/sha/sha_block.h b/components/mbedtls/port/include/sha/sha_block.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -108,6 +108,21 @@ void esp_sha_acquire_hardware(void);
 void esp_sha_release_hardware(void);
 
 
+/**
+ * @brief Sets the initial hash value for SHA512/t.
+ *
+ * @note Is generated according to the algorithm described in the TRM,
+ * chapter SHA-Accelerator
+ *
+ * @note The engine must be locked until the value is used for an operation
+ * or read out. Else you risk another operation overwriting it.
+ *
+ * @param t
+ *
+ * @return 0 if successful
+ */
+int esp_sha_512_t_init_hash(uint16_t t);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/components/mbedtls/port/sha/block/esp_sha512.c b/components/mbedtls/port/sha/block/esp_sha512.c
@@ -125,9 +125,7 @@ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
     return 0;
 }
 
-static int esp_internal_sha512_block_process(mbedtls_sha512_context *ctx,
-        const uint8_t *data, size_t len,
-        uint8_t *buf, size_t buf_len)
+static void esp_internal_sha512_block_process(mbedtls_sha512_context *ctx, const uint8_t *data)
 {
     esp_sha_block(ctx->mode, data, ctx->first_block);
 
@@ -150,9 +148,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned
 int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
                                size_t ilen )
 {
-    int ret;
     size_t fill;
-    unsigned int left, len, local_len = 0;
+    unsigned int left, local_len = 0;
 
     if ( ilen == 0 ) {
         return 0;
@@ -177,7 +174,7 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *inp
     }
 
 
-    if ( len || local_len) {
+    if ( (ilen >= 128) || local_len) {
 
         esp_sha_acquire_hardware();
 
@@ -197,14 +194,14 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *inp
 
         /* First process buffered block, if any */
         if ( local_len ) {
-            esp_internal_sha256_block_process(ctx, ctx->buffer);
+            esp_internal_sha512_block_process(ctx, ctx->buffer);
         }
 
         while ( ilen >= 128 ) {
-            esp_internal_sha256_block_process(ctx, input);
+            esp_internal_sha512_block_process(ctx, input);
 
-            input += 64;
-            ilen  -= 64;
+            input += 128;
+            ilen  -= 128;
         }
         esp_sha_read_digest_state(ctx->mode, ctx->state);
 

diff --git a/components/mbedtls/port/sha/block/sha.c b/components/mbedtls/port/sha/block/sha.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */

diff --git a/components/mbedtls/port/sha/dma/sha.c b/components/mbedtls/port/sha/dma/sha.c
@@ -138,48 +138,6 @@ void esp_sha_release_hardware()
     SHA_RELEASE();
 }
 
-#if SOC_SHA_SUPPORT_SHA512_T
-/* The initial hash value for SHA512/t is generated according to the
-   algorithm described in the TRM, chapter SHA-Accelerator
-*/
-int esp_sha_512_t_init_hash(uint16_t t)
-{
-    uint32_t t_string = 0;
-    uint8_t t0, t1, t2, t_len;
-
-    if (t == 384) {
-        ESP_LOGE(TAG, "Invalid t for SHA512/t, t = %u,cannot be 384", t);
-        return -1;
-    }
-
-    if (t <= 9) {
-        t_string = (uint32_t)((1 << 23) | ((0x30 + t) << 24));
-        t_len = 0x48;
-    } else if (t <= 99) {
-        t0 = t % 10;
-        t1 = (t / 10) % 10;
-        t_string = (uint32_t)((1 << 15) | ((0x30 + t0) << 16) |
-                              (((0x30 + t1) << 24)));
-        t_len = 0x50;
-    } else if (t <= 512) {
-        t0 = t % 10;
-        t1 = (t / 10) % 10;
-        t2 = t / 100;
-        t_string = (uint32_t)((1 << 7) | ((0x30 + t0) << 8) |
-                              (((0x30 + t1) << 16) + ((0x30 + t2) << 24)));
-        t_len = 0x58;
-    } else {
-        ESP_LOGE(TAG, "Invalid t for SHA512/t, t = %u, must equal or less than 512", t);
-        return -1;
-    }
-
-    sha_hal_sha512_init_hash(t_string, t_len);
-
-    return 0;
-}
-
-#endif //SOC_SHA_SUPPORT_SHA512_T
-
 
 /* Hash the input block by block, using non-DMA mode */
 static void esp_sha_block_mode(esp_sha_type sha_type, const uint8_t *input, uint32_t ilen,

diff --git a/components/mbedtls/port/sha/esp_sha.c b/components/mbedtls/port/sha/esp_sha.c
@@ -1,12 +1,13 @@
 /*
- * SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2018-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 
 #include <string.h>
 #include <stdio.h>
 #include <assert.h>
+#include "hal/sha_hal.h"
 #include "hal/sha_types.h"
 #include "soc/soc_caps.h"
 #include "esp_log.h"
@@ -97,3 +98,47 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
     ESP_LOGE(TAG, "SHA type %d not supported", (int)sha_type);
     abort();
 }
+
+
+#if SOC_SHA_SUPPORT_SHA512_T
+
+/* The initial hash value for SHA512/t is generated according to the
+   algorithm described in the TRM, chapter SHA-Accelerator
+*/
+int esp_sha_512_t_init_hash(uint16_t t)
+{
+    uint32_t t_string = 0;
+    uint8_t t0, t1, t2, t_len;
+
+    if (t == 384) {
+        ESP_LOGE(TAG, "Invalid t for SHA512/t, t = %u,cannot be 384", t);
+        return -1;
+    }
+
+    if (t <= 9) {
+        t_string = (uint32_t)((1 << 23) | ((0x30 + t) << 24));
+        t_len = 0x48;
+    } else if (t <= 99) {
+        t0 = t % 10;
+        t1 = (t / 10) % 10;
+        t_string = (uint32_t)((1 << 15) | ((0x30 + t0) << 16) |
+                              (((0x30 + t1) << 24)));
+        t_len = 0x50;
+    } else if (t <= 512) {
+        t0 = t % 10;
+        t1 = (t / 10) % 10;
+        t2 = t / 100;
+        t_string = (uint32_t)((1 << 7) | ((0x30 + t0) << 8) |
+                              (((0x30 + t1) << 16) + ((0x30 + t2) << 24)));
+        t_len = 0x58;
+    } else {
+        ESP_LOGE(TAG, "Invalid t for SHA512/t, t = %u, must equal or less than 512", t);
+        return -1;
+    }
+
+    sha_hal_sha512_init_hash(t_string, t_len);
+
+    return 0;
+}
+
+#endif //SOC_SHA_SUPPORT_SHA512_T