feat(mbedtls): Make mbedtls SHA1 support configurable

This commit is contained in:
harshal.patil
2025-03-18 13:42:23 +05:30
parent 9d45436a5f
commit 96f48cd1cf
8 changed files with 107 additions and 69 deletions

View File

@ -698,6 +698,21 @@ menu "mbedTLS"
Standard ECDSA is "fragile" in the sense that lack of entropy when signing Standard ECDSA is "fragile" in the sense that lack of entropy when signing
may result in a compromise of the long-term signing key. may result in a compromise of the long-term signing key.
config MBEDTLS_SHA1_C
bool "Enable the SHA-1 cryptographic hash algorithm"
default y
help
Enabling MBEDTLS_SHA1_C adds support for SHA-1.
SHA-1 is considered a weak message digest and its use constitutes
a security risk.
Disabling this configuration option could impact TLS 1.2 / Wi-Fi Enterprise compatibility
with certain older certificates that rely on SHA-1 for digital signatures.
Before proceeding, ensure that all your certificates are using stronger hash algorithms,
such as SHA-256 (part of the SHA-2 family).
If you're using older certificates or if you're unsure about the impact on your product,
please consider testing the changes in a controlled environment for individual features
like OTA updates, cloud connectivity, secure local control, etc.
config MBEDTLS_SHA512_C config MBEDTLS_SHA512_C
bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms" bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms"
default y default y

View File

@ -2504,8 +2504,11 @@
* on it, and considering stronger message digests instead. * on it, and considering stronger message digests instead.
* *
*/ */
#if CONFIG_MBEDTLS_SHA1_C
#define MBEDTLS_SHA1_C #define MBEDTLS_SHA1_C
#else
#undef MBEDTLS_SHA1_C
#endif
/** /**
* \def MBEDTLS_SHA224_C * \def MBEDTLS_SHA224_C
* *

View File

@ -15,7 +15,7 @@
#include <mbedtls/build_info.h> #include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) #if defined(MBEDTLS_SHA1_ALT)
#include "mbedtls/sha1.h" #include "mbedtls/sha1.h"
@ -217,4 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
return ret; return ret;
} }
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ #endif /* MBEDTLS_SHA1_ALT */

View File

@ -15,7 +15,7 @@
#include <mbedtls/build_info.h> #include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) #if defined(MBEDTLS_SHA1_ALT)
#include "mbedtls/sha1.h" #include "mbedtls/sha1.h"
@ -217,4 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
return ret; return ret;
} }
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ #endif /* MBEDTLS_SHA1_ALT */

View File

@ -17,7 +17,7 @@
#include <mbedtls/build_info.h> #include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) #if defined(MBEDTLS_SHA1_ALT)
#include "mbedtls/sha1.h" #include "mbedtls/sha1.h"
@ -420,4 +420,4 @@ out:
return ret; return ret;
} }
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ #endif /* MBEDTLS_SHA1_ALT */

View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -27,9 +27,13 @@
TEST_CASE("mbedtls SHA self-tests", "[mbedtls]") TEST_CASE("mbedtls SHA self-tests", "[mbedtls]")
{ {
start_apb_access_loop(); start_apb_access_loop();
#if CONFIG_MBEDTLS_SHA1_C
TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha1_self_test(1), "SHA1 self-tests should pass."); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha1_self_test(1), "SHA1 self-tests should pass.");
#endif
TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha256_self_test(1), "SHA256 self-tests should pass."); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha256_self_test(1), "SHA256 self-tests should pass.");
#if CONFIG_MBEDTLS_SHA512_C
TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass."); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass.");
#endif
verify_apb_access_loop(); verify_apb_access_loop();
} }
@ -158,17 +162,19 @@ TEST_CASE("mbedtls SHA multithreading", "[mbedtls]")
void tskRunSHASelftests(void *param) void tskRunSHASelftests(void *param)
{ {
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
#if CONFIG_MBEDTLS_SHA1_C
if (mbedtls_sha1_self_test(1)) { if (mbedtls_sha1_self_test(1)) {
printf("SHA1 self-tests failed.\n"); printf("SHA1 self-tests failed.\n");
while (1) {} while (1) {}
} }
#endif
if (mbedtls_sha256_self_test(1)) { if (mbedtls_sha256_self_test(1)) {
printf("SHA256 self-tests failed.\n"); printf("SHA256 self-tests failed.\n");
while (1) {} while (1) {}
} }
#if SOC_SHA_SUPPORT_SHA512 #if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
if (mbedtls_sha512_self_test(1)) { if (mbedtls_sha512_self_test(1)) {
printf("SHA512 self-tests failed.\n"); printf("SHA512 self-tests failed.\n");
while (1) {} while (1) {}
@ -178,7 +184,7 @@ void tskRunSHASelftests(void *param)
printf("SHA512 self-tests failed.\n"); printf("SHA512 self-tests failed.\n");
while (1) {} while (1) {}
} }
#endif //SOC_SHA_SUPPORT_SHA512 #endif //SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
} }
xSemaphoreGive(done_sem); xSemaphoreGive(done_sem);
vTaskDelete(NULL); vTaskDelete(NULL);

View File

@ -3,7 +3,7 @@
* Focus on testing functionality where we use ESP32 hardware * Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features * accelerated crypto features
* *
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -88,25 +88,33 @@ static const char *rsa3072_cert = "-----BEGIN CERTIFICATE-----\n"\
/* Root cert from openssl s_client -connect google.com:443 -showcerts /* Root cert from openssl s_client -connect google.com:443 -showcerts
*/ */
static const char *rsa2048_cert = "-----BEGIN CERTIFICATE-----\n"\ static const char *rsa2048_cert = "-----BEGIN CERTIFICATE-----\n"\
"MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"\ "MIIFCzCCAvOgAwIBAgIQf/AFoHxM3tEArZ1mpRB7mDANBgkqhkiG9w0BAQsFADBH\n"\
"MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"\ "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n"\
"aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"\ "QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIw\n"\
"WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"\ "MTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNl\n"\
"AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"\ "cnZpY2VzMQwwCgYDVQQDEwNXUjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"\
"CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"\ "AoIBAQCp/5x/RR5wqFOfytnlDd5GV1d9vI+aWqxG8YSau5HbyfsvAfuSCQAWXqAc\n"\
"OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"\ "+MGr+XgvSszYhaLYWTwO0xj7sfUkDSbutltkdnwUxy96zqhMt/TZCPzfhyM1IKji\n"\
"T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"\ "aeKMTj+xWfpgoh6zySBTGYLKNlNtYE3pAJH8do1cCA8Kwtzxc2vFE24KT3rC8gIc\n"\
"JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"\ "LrRjg9ox9i11MLL7q8Ju26nADrn5Z9TDJVd06wW06Y613ijNzHoU5HEDy01hLmFX\n"\
"Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"\ "xRmpC5iEGuh5KdmyjS//V2pm4M6rlagplmNwEmceOuHbsCFx13ye/aoXbv4r+zgX\n"\
"PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"\ "FNFmp6+atXDMyGOBOozAKql2N87jAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgGG\n"\
"aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"\ "MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/\n"\
"TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"\ "AgEAMB0GA1UdDgQWBBTeGx7teRXUPjckwyG77DQ5bUKyMDAfBgNVHSMEGDAWgBTk\n"\
"LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"\ "rysmcRorSCeFL1JmLO/wiRNxPjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAKG\n"\
"BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"\ "GGh0dHA6Ly9pLnBraS5nb29nL3IxLmNydDArBgNVHR8EJDAiMCCgHqAchhpodHRw\n"\
"dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"\ "Oi8vYy5wa2kuZ29vZy9yL3IxLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATANBgkq\n"\
"AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"\ "hkiG9w0BAQsFAAOCAgEARXWL5R87RBOWGqtY8TXJbz3S0DNKhjO6V1FP7sQ02hYS\n"\
"NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"\ "TL8Tnw3UVOlIecAwPJQl8hr0ujKUtjNyC4XuCRElNJThb0Lbgpt7fyqaqf9/qdLe\n"\
"b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"\ "SiDLs/sDA7j4BwXaWZIvGEaYzq9yviQmsR4ATb0IrZNBRAq7x9UBhb+TV+PfdBJT\n"\
"DhEl05vc3ssnbrPCuTNiOcLgNeFbpwkuGcuRKnZc8d/KI4RApW//mkHgte8y0YWu\n"\
"ryUJ8GLFbsLIbjL9uNrizkqRSvOFVU6xddZIMy9vhNkSXJ/UcZhjJY1pXAprffJB\n"\
"vei7j+Qi151lRehMCofa6WBmiA4fx+FOVsV2/7R6V2nyAiIJJkEd2nSi5SnzxJrl\n"\
"Xdaqev3htytmOPvoKWa676ATL/hzfvDaQBEcXd2Ppvy+275W+DKcH0FBbX62xevG\n"\
"iza3F4ydzxl6NJ8hk8R+dDXSqv1MbRT1ybB5W0k8878XSOjvmiYTDIfyc9acxVJr\n"\
"Y/cykHipa+te1pOhv7wYPYtZ9orGBV5SGOJm4NrB3K1aJar0RfzxC3ikr7Dyc6Qw\n"\
"qDTBU39CluVIQeuQRgwG3MuSxl7zRERDRilGoKb8uY45JzmxWuKxrfwT/478JuHU\n"\
"/oTxUFqOl2stKnn7QGTq8z29W+GgBLCXSBxC9epaHM0myFH/FJlniXJfHeytWt0=\n"\
"-----END CERTIFICATE-----\n"; "-----END CERTIFICATE-----\n";
@ -211,38 +219,38 @@ static const uint8_t pki_rsa3072_output[] = {
}; };
static const uint8_t pki_rsa2048_output[] = { static const uint8_t pki_rsa2048_output[] = {
0x47, 0x0b, 0xe5, 0x8a, 0xcd, 0x2f, 0x78, 0x07, 0x3c, 0xd6, 0xc2, 0xbf, 0x01, 0x4a, 0x00, 0x95,
0x69, 0x69, 0x70, 0xff, 0x81, 0xdf, 0x96, 0xf0, 0x2c, 0x32, 0x11, 0xc0, 0xc9, 0x7e, 0x8f, 0x0a,
0xed, 0x82, 0x3a, 0x3d, 0x46, 0xab, 0xe9, 0xc3, 0x15, 0xee, 0xfb, 0x34, 0x1d, 0xaa, 0xae, 0x15,
0xb5, 0xd9, 0xca, 0xa2, 0x05, 0xa9, 0xf6, 0x6e, 0x11, 0x6d, 0x99, 0x2b, 0x09, 0xeb, 0x3f, 0x89,
0xad, 0x6c, 0xe0, 0xd1, 0xa2, 0xb4, 0xf2, 0x78, 0x46, 0x98, 0x08, 0x2f, 0x10, 0x13, 0xa1, 0x17,
0x4a, 0x93, 0xfc, 0x45, 0xe1, 0x9b, 0xdd, 0x62, 0xc7, 0xec, 0x67, 0x3a, 0x34, 0x4f, 0x40, 0xcd,
0xf9, 0x66, 0x2a, 0x14, 0x38, 0x12, 0xb6, 0x50, 0xe2, 0xc0, 0xbe, 0x99, 0xc7, 0xe7, 0xff, 0xea,
0x0b, 0xe3, 0x53, 0x9c, 0x12, 0x56, 0xf1, 0xb7, 0xd0, 0x82, 0xd2, 0x62, 0x73, 0xde, 0x56, 0xe8,
0x83, 0xd5, 0xf3, 0x24, 0x81, 0xcc, 0x5a, 0xeb, 0xb6, 0xa7, 0xe7, 0xe1, 0x64, 0x90, 0x00, 0x56,
0xec, 0xac, 0x68, 0xa8, 0x0c, 0xd7, 0x84, 0x7a, 0x1d, 0x2c, 0x1c, 0xc5, 0xec, 0x7f, 0xb1, 0x87,
0xbb, 0x77, 0x7b, 0xd5, 0x5b, 0xcf, 0x7b, 0x25, 0x59, 0xb1, 0xd6, 0x44, 0x0f, 0x67, 0x35, 0xb4,
0xd0, 0x75, 0x80, 0x21, 0x12, 0x97, 0x6b, 0xe1, 0x91, 0x49, 0xed, 0x10, 0x4c, 0xef, 0xe5, 0xc8,
0xb6, 0x51, 0x12, 0x52, 0x6e, 0x01, 0x92, 0xb7, 0xea, 0x0d, 0xbd, 0xaf, 0xb9, 0xad, 0x12, 0x41,
0xcc, 0x70, 0x4b, 0x46, 0x11, 0x98, 0x5a, 0x84, 0xaa, 0xf4, 0x68, 0x54, 0x08, 0xec, 0x70, 0x8c,
0x1c, 0x90, 0x45, 0x0f, 0x15, 0x77, 0xdb, 0x79, 0xac, 0x6b, 0x57, 0xcf, 0x0a, 0x0c, 0x08, 0x34,
0xe8, 0xff, 0x1f, 0xaa, 0x58, 0x95, 0xce, 0x3c, 0x28, 0x29, 0x27, 0xa4, 0x71, 0x80, 0x43, 0x59,
0x65, 0x0c, 0x66, 0x29, 0xe1, 0x9c, 0x41, 0xbb, 0xd9, 0x35, 0x88, 0x28, 0x1d, 0xfa, 0x0b, 0x72,
0xde, 0x65, 0xb8, 0x29, 0x36, 0x94, 0xbd, 0x87, 0xa0, 0xe1, 0x03, 0x65, 0x7a, 0xf8, 0x1c, 0x76,
0x93, 0x39, 0xc5, 0xeb, 0x49, 0x21, 0xc1, 0xeb, 0x9a, 0xad, 0x21, 0x23, 0x11, 0x2f, 0x45, 0x40,
0x48, 0xbd, 0x19, 0x13, 0x4d, 0x40, 0x90, 0x88, 0x72, 0x05, 0x69, 0x1b, 0x2a, 0x74, 0x9f, 0x95,
0xc6, 0x12, 0xd9, 0xf7, 0xdd, 0xc8, 0x4f, 0x89, 0x44, 0x60, 0x05, 0x6a, 0x17, 0x80, 0x4a, 0xa0,
0xc0, 0x91, 0xf8, 0xeb, 0xcf, 0xe3, 0x12, 0x17, 0xed, 0x23, 0xa6, 0xef, 0x79, 0x5d, 0x83, 0xd8,
0x88, 0x9c, 0x88, 0xf4, 0xf5, 0xae, 0xf4, 0x15, 0x8d, 0xd8, 0xe1, 0x4c, 0x5e, 0xf8, 0xfa, 0x11,
0xfe, 0x17, 0xf6, 0xa4, 0x74, 0x49, 0x02, 0x05, 0x57, 0xbe, 0xca, 0x22, 0x93, 0x5b, 0xe6, 0x8b,
0x11, 0x3b, 0x92, 0x25, 0x39, 0x2c, 0x4b, 0x08, 0xe1, 0x31, 0xde, 0x70, 0x80, 0x4a, 0xa2, 0xd3,
0x19, 0x76, 0x13, 0x8d, 0xf9, 0xda, 0xae, 0xdf, 0x91, 0xe8, 0xde, 0x88, 0xa2, 0x98, 0x73, 0x49,
0x30, 0xda, 0xcc, 0xbb, 0x3f, 0xb9, 0xb0, 0xd6, 0x0d, 0x26, 0xe1, 0x42, 0xd7, 0xb9, 0x5e, 0xf6,
0x5c, 0x78, 0x4b, 0x2b, 0x35, 0x51, 0x17, 0x48, 0x05, 0x09, 0x27, 0xc6, 0x8c, 0xc2, 0xb1, 0x53,
0xf5, 0xd4, 0x39, 0x7e, 0x05, 0x83, 0x68, 0x86, 0x5f, 0x19, 0xaf, 0x2b, 0xfe, 0xac, 0x6a, 0x27,
0x44, 0x5f, 0x56, 0x1d, 0x2c, 0x53, 0xd3, 0x64, 0xde, 0x89, 0xbc, 0x72, 0x3e, 0xd5, 0x9f, 0x36,
0x3a, 0xb2, 0x0c, 0x4a, 0x85, 0xd6, 0x5b, 0x7e, 0xc2, 0x91, 0x68, 0x30, 0xe7, 0x76, 0x96, 0x56,
0xf9, 0xe9, 0x50, 0x29, 0x5d, 0x4f, 0xcc, 0xc9, 0x8f, 0x01, 0xc4, 0x5b, 0xb7, 0xb3, 0x90, 0x7f,
}; };
#ifdef CONFIG_MBEDTLS_HARDWARE_MPI #ifdef CONFIG_MBEDTLS_HARDWARE_MPI
@ -573,7 +581,7 @@ TEST_CASE("mbedtls RSA Generate Key", "[mbedtls][timeout=60]")
const int exponent = 65537; const int exponent = 65537;
#if CONFIG_MBEDTLS_MPI_USE_INTERRUPT && CONFIG_ESP_TASK_WDT_EN && !CONFIG_ESP_TASK_WDT_INIT #if CONFIG_MBEDTLS_MPI_USE_INTERRUPT && CONFIG_ESP_TASK_WDT_EN && !CONFIG_ESP_TASK_WDT_INIT
/* Check that generating keys doesnt starve the watchdog if interrupt-based driver is used */ /* Check that generating keys doesn't starve the watchdog if interrupt-based driver is used */
esp_task_wdt_config_t twdt_config = { esp_task_wdt_config_t twdt_config = {
.timeout_ms = 1000, .timeout_ms = 1000,
.idle_core_mask = (1 << 0), // Watch core 0 idle .idle_core_mask = (1 << 0), // Watch core 0 idle

View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -119,14 +119,17 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]") TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
{ {
int r = -1;
const void* ptr; const void* ptr;
spi_flash_mmap_handle_t handle; spi_flash_mmap_handle_t handle;
#if CONFIG_MBEDTLS_SHA1_C
uint8_t sha1_espsha[20] = { 0 }; uint8_t sha1_espsha[20] = { 0 };
uint8_t sha1_mbedtls[20] = { 0 }; uint8_t sha1_mbedtls[20] = { 0 };
#endif
uint8_t sha256_espsha[32] = { 0 }; uint8_t sha256_espsha[32] = { 0 };
uint8_t sha256_mbedtls[32] = { 0 }; uint8_t sha256_mbedtls[32] = { 0 };
#if SOC_SHA_SUPPORT_SHA512 #if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
uint8_t sha512_espsha[64] = { 0 }; uint8_t sha512_espsha[64] = { 0 };
uint8_t sha512_mbedtls[64] = { 0 }; uint8_t sha512_mbedtls[64] = { 0 };
#endif #endif
@ -140,16 +143,17 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
TEST_ASSERT_NOT_NULL(ptr); TEST_ASSERT_NOT_NULL(ptr);
/* Compare esp_sha() result to the mbedTLS result, should always be the same */ /* Compare esp_sha() result to the mbedTLS result, should always be the same */
#if CONFIG_MBEDTLS_SHA1_C
esp_sha(SHA1, ptr, LEN, sha1_espsha); esp_sha(SHA1, ptr, LEN, sha1_espsha);
int r = mbedtls_sha1(ptr, LEN, sha1_mbedtls); r = mbedtls_sha1(ptr, LEN, sha1_mbedtls);
TEST_ASSERT_EQUAL(0, r); TEST_ASSERT_EQUAL(0, r);
#endif
esp_sha(SHA2_256, ptr, LEN, sha256_espsha); esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0); r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r); TEST_ASSERT_EQUAL(0, r);
#if SOC_SHA_SUPPORT_SHA512 #if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
esp_sha(SHA2_512, ptr, LEN, sha512_espsha); esp_sha(SHA2_512, ptr, LEN, sha512_espsha);
r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0); r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r); TEST_ASSERT_EQUAL(0, r);
@ -158,11 +162,13 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
/* munmap() 1MB of flash when the usge of memory-mapped ptr is over */ /* munmap() 1MB of flash when the usge of memory-mapped ptr is over */
spi_flash_munmap(handle); spi_flash_munmap(handle);
#if CONFIG_MBEDTLS_SHA1_C
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match");
#endif
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match");
#if SOC_SHA_SUPPORT_SHA512 #if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_espsha, sha512_mbedtls, sizeof(sha512_espsha), "SHA512 results should match"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_espsha, sha512_mbedtls, sizeof(sha512_espsha), "SHA512 results should match");
#endif #endif
} }