From 1a18fdb83aa5ae4283640cd8acd21d71397c2bef Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Mon, 28 Aug 2023 15:44:47 +0530 Subject: [PATCH] feat(hal): Adding AES snd SHA peripheral to crypto testapps --- components/hal/test_apps/crypto/README.md | 16 + .../hal/test_apps/crypto/main/CMakeLists.txt | 12 + .../hal/test_apps/crypto/main/aes/aes_block.c | 117 +++++ .../hal/test_apps/crypto/main/aes/aes_block.h | 29 ++ .../crypto/main/aes/test_aes_block.c | 128 ++++++ .../test_apps/crypto/main/aes/test_params.h | 26 ++ .../hal/test_apps/crypto/main/app_main.c | 10 + .../hal/test_apps/crypto/main/mpi/test_mpi.c | 9 +- .../hal/test_apps/crypto/main/sha/sha_block.c | 399 ++++++++++++++++++ .../hal/test_apps/crypto/main/sha/sha_block.h | 49 +++ .../test_apps/crypto/main/sha/test_params.h | 179 ++++++++ .../crypto/main/sha/test_sha_block.c | 203 +++++++++ 12 files changed, 1173 insertions(+), 4 deletions(-) create mode 100644 components/hal/test_apps/crypto/main/aes/aes_block.c create mode 100644 components/hal/test_apps/crypto/main/aes/aes_block.h create mode 100644 components/hal/test_apps/crypto/main/aes/test_aes_block.c create mode 100644 components/hal/test_apps/crypto/main/aes/test_params.h create mode 100644 components/hal/test_apps/crypto/main/sha/sha_block.c create mode 100644 components/hal/test_apps/crypto/main/sha/sha_block.h create mode 100644 components/hal/test_apps/crypto/main/sha/test_params.h create mode 100644 components/hal/test_apps/crypto/main/sha/test_sha_block.c diff --git a/components/hal/test_apps/crypto/README.md b/components/hal/test_apps/crypto/README.md index 7f5b9e7248..6c4d3af205 100644 --- a/components/hal/test_apps/crypto/README.md +++ b/components/hal/test_apps/crypto/README.md @@ -47,6 +47,22 @@ This contains tests for the following features of the crypto peripherals: - ECDSA P192 signature verification - ECDSA P256 signature verification +- AES peripheral + - Block Mode + - CBC AES-256 + - CTR AES-256 + +- SHA peripheral + - Block Mode + - SHA-1 + - SHA-224 + - SHA-256 + - SHA-384 + - SHA-512 + - SHA-512/224 + - SHA-512/256 + - SHA-512/t + > **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment. # Burning the HMAC key diff --git a/components/hal/test_apps/crypto/main/CMakeLists.txt b/components/hal/test_apps/crypto/main/CMakeLists.txt index fe81012989..add281587e 100644 --- a/components/hal/test_apps/crypto/main/CMakeLists.txt +++ b/components/hal/test_apps/crypto/main/CMakeLists.txt @@ -20,6 +20,18 @@ if(CONFIG_SOC_ECDSA_SUPPORTED) list(APPEND srcs "ecdsa/test_ecdsa.c") endif() +if(CONFIG_SOC_AES_SUPPORTED) + list(APPEND srcs "aes/aes_block.c") + list(APPEND srcs "aes/test_aes_block.c") +endif() + +if(CONFIG_SOC_SHA_SUPPORTED) + if(NOT CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG) + list(APPEND srcs "sha/sha_block.c") + list(APPEND srcs "sha/test_sha_block.c") + endif() +endif() + idf_component_register(SRCS ${srcs} REQUIRES test_utils unity WHOLE_ARCHIVE) diff --git a/components/hal/test_apps/crypto/main/aes/aes_block.c b/components/hal/test_apps/crypto/main/aes/aes_block.c new file mode 100644 index 0000000000..5192ca5377 --- /dev/null +++ b/components/hal/test_apps/crypto/main/aes/aes_block.c @@ -0,0 +1,117 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: CC0-1.0 + */ + +#include +#include +#include + +#include "soc/periph_defs.h" +#include "esp_private/periph_ctrl.h" + +#include "hal/aes_types.h" +#include "hal/aes_hal.h" +#include "hal/clk_gate_ll.h" + +#if SOC_AES_SUPPORTED + +#include "aes_block.h" + +void aes_crypt_cbc_block(int mode, + uint8_t key_bytes, + const uint8_t key[32], + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + uint32_t *output_words = (uint32_t *)output; + const uint32_t *input_words = (const uint32_t *)input; + uint32_t *iv_words = (uint32_t *)iv; + unsigned char temp[16]; + + /* Enable peripheral module by un-gating the clock and de-asserting the reset signal. */ + periph_ll_enable_clk_clear_rst(PERIPH_AES_MODULE); + + /* Sets the key used for AES encryption/decryption */ + aes_hal_setkey(key, key_bytes, mode); + + if (mode == ESP_AES_DECRYPT) { + while ( length > 0 ) { + memcpy(temp, input_words, 16); + aes_hal_transform_block(input_words, output_words); + + output_words[0] = output_words[0] ^ iv_words[0]; + output_words[1] = output_words[1] ^ iv_words[1]; + output_words[2] = output_words[2] ^ iv_words[2]; + output_words[3] = output_words[3] ^ iv_words[3]; + + memcpy( iv_words, temp, 16 ); + + input_words += 4; + output_words += 4; + length -= 16; + } + } else { // ESP_AES_ENCRYPT + while ( length > 0 ) { + + output_words[0] = input_words[0] ^ iv_words[0]; + output_words[1] = input_words[1] ^ iv_words[1]; + output_words[2] = input_words[2] ^ iv_words[2]; + output_words[3] = input_words[3] ^ iv_words[3]; + + aes_hal_transform_block(output_words, output_words); + memcpy( iv_words, output_words, 16 ); + + input_words += 4; + output_words += 4; + length -= 16; + } + } + + /* Disable peripheral module by gating the clock and asserting the reset signal. */ + periph_ll_disable_clk_set_rst(PERIPH_AES_MODULE); +} + + +void aes_crypt_ctr_block(uint8_t key_bytes, + const uint8_t key[32], + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ) +{ + int c, i; + size_t n = *nc_off; + + /* Enable peripheral module by un-gating the clock and de-asserting the reset signal. */ + periph_ll_enable_clk_clear_rst(PERIPH_AES_MODULE); + + /* Sets the key used for AES encryption/decryption */ + aes_hal_setkey(key, key_bytes, ESP_AES_ENCRYPT); + + while (length--) { + if ( n == 0 ) { + aes_hal_transform_block(nonce_counter, stream_block); + for ( i = 16; i > 0; i-- ) { + if ( ++nonce_counter[i - 1] != 0 ) { + break; + } + } + } + c = *input++; + *output++ = (unsigned char)( c ^ stream_block[n] ); + n = ( n + 1 ) & 0x0F; + } + + *nc_off = n; + + /* Disable peripheral module by gating the clock and asserting the reset signal. */ + periph_ll_disable_clk_set_rst(PERIPH_AES_MODULE); +} + +#endif diff --git a/components/hal/test_apps/crypto/main/aes/aes_block.h b/components/hal/test_apps/crypto/main/aes/aes_block.h new file mode 100644 index 0000000000..bb46bd8c91 --- /dev/null +++ b/components/hal/test_apps/crypto/main/aes/aes_block.h @@ -0,0 +1,29 @@ +/* + * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include + +#if SOC_AES_SUPPORTED + +void aes_crypt_cbc_block(int mode, + uint8_t key_bytes, + const uint8_t key[32], + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); + +void aes_crypt_ctr_block(uint8_t key_bytes, + const uint8_t key[32], + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ); + +#endif diff --git a/components/hal/test_apps/crypto/main/aes/test_aes_block.c b/components/hal/test_apps/crypto/main/aes/test_aes_block.c new file mode 100644 index 0000000000..271ffd25a2 --- /dev/null +++ b/components/hal/test_apps/crypto/main/aes/test_aes_block.c @@ -0,0 +1,128 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: CC0-1.0 + */ + +#include +#include +#include +#include "soc/soc_caps.h" +#include "esp_heap_caps.h" +#include "unity.h" +#include "test_params.h" +#include "memory_checks.h" +#include "unity_fixture.h" + + +#define CBC_AES_BUFFER_SIZE 1600 +#define CTR_AES_BUFFER_SIZE 1000 + +#if SOC_AES_SUPPORTED + +#include "aes_block.h" + +TEST_GROUP(aes); + +TEST_SETUP(aes) +{ + test_utils_record_free_mem(); + TEST_ESP_OK(test_utils_set_leak_level(0, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL)); +} + +TEST_TEAR_DOWN(aes) +{ + test_utils_finish_and_evaluate_leaks(test_utils_get_leak_level(ESP_LEAK_TYPE_WARNING, ESP_COMP_LEAK_ALL), + test_utils_get_leak_level(ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_ALL)); +} + + +TEST(aes, cbc_aes_256_test) +{ + uint8_t key_bytes = 256 / 8; + uint8_t nonce[16]; + + const uint8_t expected_cipher_end[] = { + 0x3e, 0x68, 0x8a, 0x02, 0xe6, 0xf2, 0x6a, 0x9e, + 0x9b, 0xb2, 0xc0, 0xc4, 0x63, 0x63, 0xd9, 0x25, + 0x51, 0xdc, 0xc2, 0x71, 0x96, 0xb3, 0xe5, 0xcd, + 0xbd, 0x0e, 0xf2, 0xef, 0xa9, 0xab, 0xab, 0x2d, + }; + + uint8_t *chipertext = heap_caps_calloc(CBC_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(chipertext); + uint8_t *plaintext = heap_caps_calloc(CBC_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(plaintext); + uint8_t *decryptedtext = heap_caps_calloc(CBC_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(decryptedtext); + + memset(plaintext, 0x3A, CBC_AES_BUFFER_SIZE); + memset(decryptedtext, 0x0, CBC_AES_BUFFER_SIZE); + + // Encrypt + memcpy(nonce, iv, 16); + aes_crypt_cbc_block(ESP_AES_ENCRYPT, key_bytes, key_256, CBC_AES_BUFFER_SIZE, nonce, plaintext, chipertext); + TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + CBC_AES_BUFFER_SIZE - 32, 32); + + // Decrypt + memcpy(nonce, iv, 16); + aes_crypt_cbc_block(ESP_AES_DECRYPT, key_bytes, key_256, CBC_AES_BUFFER_SIZE, nonce, chipertext, decryptedtext); + TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, CBC_AES_BUFFER_SIZE); + + // Free dynamically allocated memory + heap_caps_free(chipertext); + heap_caps_free(plaintext); + heap_caps_free(decryptedtext); +} + + +TEST(aes, ctr_aes_256_test) +{ + uint8_t key_bytes = 256 / 8; + uint8_t nonce[16]; + uint8_t stream_block[16]; + size_t nc_off = 0; + + const uint8_t expected_cipher_end[] = { + 0xd4, 0xdc, 0x4f, 0x8f, 0xfe, 0x86, 0xee, 0xb5, + 0x14, 0x7f, 0xba, 0x30, 0x25, 0xa6, 0x7f, 0x6c, + 0xb5, 0x73, 0xaf, 0x90, 0xd7, 0xff, 0x36, 0xba, + 0x2b, 0x1d, 0xec, 0xb9, 0x38, 0xfa, 0x0d, 0xeb, + }; + + uint8_t *chipertext = heap_caps_calloc(CTR_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(chipertext); + uint8_t *plaintext = heap_caps_calloc(CTR_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(plaintext); + uint8_t *decryptedtext = heap_caps_calloc(CTR_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(decryptedtext); + + memset(plaintext, 0x3A, CTR_AES_BUFFER_SIZE); + memset(decryptedtext, 0x0, CTR_AES_BUFFER_SIZE); + + // Encrypt + memcpy(nonce, iv, 16); + aes_crypt_ctr_block(key_bytes, key_256, CTR_AES_BUFFER_SIZE, &nc_off, nonce, stream_block, plaintext, chipertext); + TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + CTR_AES_BUFFER_SIZE - 32, 32); + + // Decrypt + nc_off = 0; + memcpy(nonce, iv, 16); + aes_crypt_ctr_block(key_bytes, key_256, CTR_AES_BUFFER_SIZE, &nc_off, nonce, stream_block, chipertext, decryptedtext); + TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, CTR_AES_BUFFER_SIZE); + + // Free dynamically allocated memory + heap_caps_free(chipertext); + heap_caps_free(plaintext); + heap_caps_free(decryptedtext); +} + +#endif // SOC_AES_SUPPORTED + +TEST_GROUP_RUNNER(aes) +{ +#if SOC_AES_SUPPORTED + RUN_TEST_CASE(aes, cbc_aes_256_test); + RUN_TEST_CASE(aes, ctr_aes_256_test); +#endif // SOC_AES_SUPPORTED +} diff --git a/components/hal/test_apps/crypto/main/aes/test_params.h b/components/hal/test_apps/crypto/main/aes/test_params.h new file mode 100644 index 0000000000..9296fe71fc --- /dev/null +++ b/components/hal/test_apps/crypto/main/aes/test_params.h @@ -0,0 +1,26 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + * + */ + +#include "soc/soc_caps.h" + +#if SOC_AES_SUPPORTED + +#define ESP_AES_ENCRYPT 1 /**< AES encryption. */ +#define ESP_AES_DECRYPT 0 /**< AES decryption. */ + +static const uint8_t key_256[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, +}; + +static const uint8_t iv[] = { + 0x10, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, + 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, +}; +#endif /* SOC_AES_SUPPORTED */ diff --git a/components/hal/test_apps/crypto/main/app_main.c b/components/hal/test_apps/crypto/main/app_main.c index 7f95e09050..f33712ac24 100644 --- a/components/hal/test_apps/crypto/main/app_main.c +++ b/components/hal/test_apps/crypto/main/app_main.c @@ -20,6 +20,16 @@ static void run_all_tests(void) RUN_TEST_GROUP(ecc); #endif +#if CONFIG_SOC_AES_SUPPORTED + RUN_TEST_GROUP(aes); +#endif + +#if CONFIG_SOC_SHA_SUPPORTED +#if !CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG + RUN_TEST_GROUP(sha); +#endif /* !CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG*/ +#endif + #if CONFIG_IDF_ENV_FPGA #if CONFIG_SOC_HMAC_SUPPORTED diff --git a/components/hal/test_apps/crypto/main/mpi/test_mpi.c b/components/hal/test_apps/crypto/main/mpi/test_mpi.c index e0e0094b7e..8e1969b13b 100644 --- a/components/hal/test_apps/crypto/main/mpi/test_mpi.c +++ b/components/hal/test_apps/crypto/main/mpi/test_mpi.c @@ -8,6 +8,7 @@ #include "esp_log.h" #include "esp_private/periph_ctrl.h" +#include "esp_heap_caps.h" #include "memory_checks.h" #include "unity_fixture.h" @@ -69,7 +70,7 @@ static void mpi_mul_mpi_mod_hw_op(void) #else mpi_hal_start_op(MPI_MODMULT); #endif - uint32_t* Z_p = (uint32_t*)calloc(test_cases_Z_words[i], sizeof(uint32_t)); + uint32_t* Z_p = (uint32_t*)heap_caps_calloc(test_cases_Z_words[i], sizeof(uint32_t), MALLOC_CAP_INTERNAL); mpi_hal_read_result_hw_op(Z_p, test_cases_Z_words[i], test_cases_Z_words[i]); printf("Test Case %d: ", i+1); @@ -82,7 +83,7 @@ static void mpi_mul_mpi_mod_hw_op(void) TEST_ASSERT_EQUAL_HEX32_ARRAY_MESSAGE(test_cases_Z_p[i], Z_p, test_cases_Z_words[i], "Result"); printf("PASS\n"); - free(Z_p); + heap_caps_free(Z_p); } esp_mpi_disable_hardware_hw_op(); } @@ -118,7 +119,7 @@ static void mpi_exp_mpi_mod_hw_op(void) mpi_hal_enable_search(false); #endif - uint32_t* Z_p = (uint32_t*)calloc(exp_test_cases_m_words[i], sizeof(uint32_t)); + uint32_t* Z_p = (uint32_t*)heap_caps_calloc(exp_test_cases_m_words[i], sizeof(uint32_t), MALLOC_CAP_INTERNAL); /* Read back the result */ mpi_hal_read_result_hw_op(Z_p, exp_test_cases_m_words[i], exp_test_cases_m_words[i]); esp_mpi_disable_hardware_hw_op(); @@ -133,7 +134,7 @@ static void mpi_exp_mpi_mod_hw_op(void) TEST_ASSERT_EQUAL_HEX32_ARRAY_MESSAGE(exp_test_cases_Z_p[i], Z_p, exp_test_cases_m_words[i], "Result"); printf("PASS\n"); - free(Z_p); + heap_caps_free(Z_p); } } diff --git a/components/hal/test_apps/crypto/main/sha/sha_block.c b/components/hal/test_apps/crypto/main/sha/sha_block.c new file mode 100644 index 0000000000..4919359b37 --- /dev/null +++ b/components/hal/test_apps/crypto/main/sha/sha_block.c @@ -0,0 +1,399 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: CC0-1.0 + */ +#include +#include +#include +#include "soc/soc_caps.h" + +#if SOC_SHA_SUPPORTED + +#include "soc/periph_defs.h" +#include "esp_private/periph_ctrl.h" +#include "hal/sha_hal.h" +#include "hal/clk_gate_ll.h" +#include "sha_block.h" + +#if defined(SOC_SHA_SUPPORT_SHA1) + +static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsigned char *input, size_t ilen) +{ + size_t fill; + uint32_t left, local_len = 0; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += (uint32_t) ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if ( ctx->total[0] < (uint32_t) ilen ) { + ctx->total[1]++; + } + + if ( left && ilen >= fill ) { + memcpy( (void *) (ctx->buffer + left), input, fill ); + input += fill; + ilen -= fill; + left = 0; + local_len = 64; + } + + if ( (ilen >= 64) || local_len) { + /* Enable peripheral module */ + periph_ll_enable_clk_clear_rst(PERIPH_SHA_MODULE); + + if (ctx->first_block == 0) { + /* Writes the message digest to the SHA engine */ + sha_hal_write_digest(sha_type, ctx->state); + } + + /* First process buffered block, if any */ + if ( local_len ) { + /* Hash a single block */ + sha_hal_hash_block(sha_type, ctx->buffer, block_length(sha_type)/4, ctx->first_block); + if (ctx->first_block == 1) { + ctx->first_block = 0; + } + } + + while ( ilen >= 64 ) { + sha_hal_hash_block(sha_type, input, block_length(sha_type)/4, ctx->first_block); + if (ctx->first_block == 1) { + ctx->first_block = 0; + } + input += 64; + ilen -= 64; + } + + /* Reads the current message digest from the SHA engine */ + sha_hal_read_digest(sha_type, ctx->state); + + /* Disable peripheral module */ + periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE); + } + + if ( ilen > 0 ) { + memcpy( (void *) (ctx->buffer + left), input, ilen); + } +} + +void sha1_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output) +{ + + sha1_ctx ctx; + memset(&ctx, 0, sizeof(sha1_ctx)); + ctx.first_block = 1; + + sha1_update_block(&ctx, sha_type, input, ilen); + + uint32_t last, padn; + uint32_t high, low; + unsigned char msglen[8]; + + high = ( ctx.total[0] >> 29 ) + | ( ctx.total[1] << 3 ); + low = ( ctx.total[0] << 3 ); + + PUT_UINT32_BE( high, msglen, 0 ); + PUT_UINT32_BE( low, msglen, 4 ); + + last = ctx.total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + sha1_update_block(&ctx, sha_type, sha1_padding, padn); + + sha1_update_block(&ctx, sha_type, msglen, 8); + + memcpy(output, ctx.state, 20); +} + +#endif /* defined(SOC_SHA_SUPPORT_SHA1) */ + +#if defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) + +static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const unsigned char *input, size_t ilen) +{ + size_t fill; + uint32_t left, local_len = 0; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += (uint32_t) ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if ( ctx->total[0] < (uint32_t) ilen ) { + ctx->total[1]++; + } + + if ( left && ilen >= fill ) { + memcpy( (void *) (ctx->buffer + left), input, fill ); + input += fill; + ilen -= fill; + left = 0; + local_len = 64; + } + + if ( (ilen >= 64) || local_len) { + /* Enable peripheral module */ + periph_ll_enable_clk_clear_rst(PERIPH_SHA_MODULE); + + if (ctx->first_block == 0) { + /* Writes the message digest to the SHA engine */ + sha_hal_write_digest(sha_type, ctx->state); + } + + /* First process buffered block, if any */ + if ( local_len ) { + /* Hash a single block */ + sha_hal_hash_block(sha_type, ctx->buffer, block_length(sha_type)/4, ctx->first_block); + if (ctx->first_block == 1) { + ctx->first_block = 0; + } + } + + while ( ilen >= 64 ) { + sha_hal_hash_block(sha_type, input, block_length(sha_type)/4, ctx->first_block); + if (ctx->first_block == 1) { + ctx->first_block = 0; + } + input += 64; + ilen -= 64; + } + + /* Reads the current message digest from the SHA engine */ + sha_hal_read_digest(sha_type, ctx->state); + + /* Disable peripheral module */ + periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE); + } + + if ( ilen > 0 ) { + memcpy( (void *) (ctx->buffer + left), input, ilen); + } +} + +void sha256_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output) +{ + + sha256_ctx ctx; + memset(&ctx, 0, sizeof(sha256_ctx)); + ctx.first_block = 1; + + sha256_update_block(&ctx, sha_type, input, ilen); + + uint32_t last, padn; + uint32_t high, low; + unsigned char msglen[8]; + + high = ( ctx.total[0] >> 29 ) + | ( ctx.total[1] << 3 ); + low = ( ctx.total[0] << 3 ); + + PUT_UINT32_BE( high, msglen, 0 ); + PUT_UINT32_BE( low, msglen, 4 ); + + last = ctx.total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + sha256_update_block(&ctx, sha_type, sha256_padding, padn); + + sha256_update_block(&ctx, sha_type, msglen, 8); + + if (sha_type == SHA2_256) { + memcpy(output, ctx.state, 32); + } else if (sha_type == SHA2_224) { + memcpy(output, ctx.state, 28); + } +} + +#endif /* defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) */ + +#if defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) + +#if SOC_SHA_SUPPORT_SHA512_T + +int sha_512_t_init_hash_block(uint16_t t) +{ + uint32_t t_string = 0; + uint8_t t0, t1, t2, t_len; + + if (t == 384) { + return -1; + } + + if (t <= 9) { + t_string = (uint32_t)((1 << 23) | ((0x30 + t) << 24)); + t_len = 0x48; + } else if (t <= 99) { + t0 = t % 10; + t1 = (t / 10) % 10; + t_string = (uint32_t)((1 << 15) | ((0x30 + t0) << 16) | + (((0x30 + t1) << 24))); + t_len = 0x50; + } else if (t <= 512) { + t0 = t % 10; + t1 = (t / 10) % 10; + t2 = t / 100; + t_string = (uint32_t)((1 << 7) | ((0x30 + t0) << 8) | + (((0x30 + t1) << 16) + ((0x30 + t2) << 24))); + t_len = 0x58; + } else { + return -1; + } + + /* Calculates and sets the initial digiest for SHA512_t */ + sha_hal_sha512_init_hash(t_string, t_len); + + return 0; +} + +#endif //SOC_SHA_SUPPORT_SHA512_T + +static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const unsigned char *input, size_t ilen) +{ + + size_t fill; + unsigned int left, local_len = 0; + + left = (unsigned int) (ctx->total[0] & 0x7F); + fill = 128 - left; + + ctx->total[0] += (uint64_t) ilen; + + if ( ctx->total[0] < (uint64_t) ilen ) { + ctx->total[1]++; + } + + if ( left && ilen >= fill ) { + memcpy( (void *) (ctx->buffer + left), input, fill ); + input += fill; + ilen -= fill; + left = 0; + local_len = 128; + } + + + if ( (ilen >= 128) || local_len) { + + /* Enable peripheral module */ + periph_ll_enable_clk_clear_rst(PERIPH_SHA_MODULE); + + if (ctx->first_block && sha_type == SHA2_512T){ + sha_512_t_init_hash_block(ctx->t_val); + ctx->first_block = 0; + } + else if (ctx->first_block == 0) { + /* Writes the message digest to the SHA engine */ + sha_hal_write_digest(sha_type, ctx->state); + } + + /* First process buffered block, if any */ + if ( local_len ) { + /* Hash a single block */ + sha_hal_hash_block(sha_type, ctx->buffer, block_length(sha_type)/4, ctx->first_block); + if (ctx->first_block == 1) { + ctx->first_block = 0; + } + } + + while ( ilen >= 128 ) { + sha_hal_hash_block(sha_type, input, block_length(sha_type)/4, ctx->first_block); + if (ctx->first_block == 1) { + ctx->first_block = 0; + } + input += 128; + ilen -= 128; + } + + /* Reads the current message digest from the SHA engine */ + sha_hal_read_digest(sha_type, ctx->state); + + /* Disable peripheral module */ + periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE); + } + + if ( ilen > 0 ) { + memcpy( (void *) (ctx->buffer + left), input, ilen); + } +} + +void sha512_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output) +{ + + sha512_ctx ctx; + memset(&ctx, 0, sizeof(sha512_ctx)); + ctx.first_block = 1; + + sha512_update_block(&ctx, sha_type, input, ilen); + + size_t last, padn; + uint64_t high, low; + unsigned char msglen[16]; + + high = ( ctx.total[0] >> 61 ) + | ( ctx.total[1] << 3 ); + low = ( ctx.total[0] << 3 ); + + PUT_UINT64_BE( high, msglen, 0 ); + PUT_UINT64_BE( low, msglen, 8 ); + + last = (size_t)( ctx.total[0] & 0x7F ); + padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); + + sha512_update_block( &ctx, sha_type, sha512_padding, padn ); + + sha512_update_block( &ctx, sha_type, msglen, 16 ); + + if (sha_type == SHA2_384) { + memcpy(output, ctx.state, 48); + } else { + memcpy(output, ctx.state, 64); + } + +} + +#endif /* defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) */ + +#if SOC_SHA_SUPPORT_SHA512_T + +void sha512t_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output, uint32_t t_val) +{ + sha512_ctx ctx; + memset(&ctx, 0, sizeof(sha512_ctx)); + ctx.first_block = 1; + ctx.t_val = t_val; + + sha512_update_block(&ctx, sha_type, input, ilen); + + size_t last, padn; + uint64_t high, low; + unsigned char msglen[16]; + + high = ( ctx.total[0] >> 61 ) + | ( ctx.total[1] << 3 ); + low = ( ctx.total[0] << 3 ); + + PUT_UINT64_BE( high, msglen, 0 ); + PUT_UINT64_BE( low, msglen, 8 ); + + last = (size_t)( ctx.total[0] & 0x7F ); + padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); + + sha512_update_block( &ctx, sha_type, sha512_padding, padn ); + + sha512_update_block( &ctx, sha_type, msglen, 16 ); + + if (sha_type == SHA2_384) { + memcpy(output, ctx.state, 48); + } else { + memcpy(output, ctx.state, 64); + } +} + +#endif /*SOC_SHA_SUPPORT_SHA512_T*/ + +#endif /*SOC_SHA_SUPPORTED*/ diff --git a/components/hal/test_apps/crypto/main/sha/sha_block.h b/components/hal/test_apps/crypto/main/sha/sha_block.h new file mode 100644 index 0000000000..c2c3eafa20 --- /dev/null +++ b/components/hal/test_apps/crypto/main/sha/sha_block.h @@ -0,0 +1,49 @@ +/* + * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * +// * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include +#include +#include + +#if SOC_SHA_SUPPORTED + +#include "soc/periph_defs.h" +#include "esp_private/periph_ctrl.h" +#include "hal/sha_hal.h" +#include "test_params.h" + +#if defined(SOC_SHA_SUPPORT_SHA1) + +void sha1_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); + +#endif /* defined(SOC_SHA_SUPPORT_SHA1) */ + +#if defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) + +void sha256_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); + +#endif /* defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) */ + +#if defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) + +#if SOC_SHA_SUPPORT_SHA512_T + +int sha_512_t_init_hash_block(uint16_t t); + +#endif //SOC_SHA_SUPPORT_SHA512_T + +void sha512_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); + +#endif /* defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) */ + +#if SOC_SHA_SUPPORT_SHA512_T + +void sha512t_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output, uint32_t t_val); + +#endif /*SOC_SHA_SUPPORT_SHA512_T*/ + +#endif /*SOC_SHA_SUPPORTED*/ diff --git a/components/hal/test_apps/crypto/main/sha/test_params.h b/components/hal/test_apps/crypto/main/sha/test_params.h new file mode 100644 index 0000000000..99184fe2fc --- /dev/null +++ b/components/hal/test_apps/crypto/main/sha/test_params.h @@ -0,0 +1,179 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + * + */ + +#include "soc/soc_caps.h" +#include "hal/sha_types.h" + +#if SOC_SHA_SUPPORTED + +#define PUT_UINT32_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} + +#define PUT_UINT64_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ + (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 7] = (unsigned char) ( (n) ); \ +} + +#define BUFFER_SZ 1030 // NB: not an exact multiple of SHA block size + +static inline size_t block_length(esp_sha_type type) +{ + switch (type) { + case SHA1: + case SHA2_224: + case SHA2_256: + return 64; +#if SOC_SHA_SUPPORT_SHA384 + case SHA2_384: +#endif +#if SOC_SHA_SUPPORT_SHA512 + case SHA2_512: +#endif +#if SOC_SHA_SUPPORT_SHA512_T + case SHA2_512224: + case SHA2_512256: + case SHA2_512T: +#endif + return 128; + default: + return 0; + } +} + +#if defined(SOC_SHA_SUPPORT_SHA1) + +static const unsigned char sha1_padding[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +typedef struct { + uint32_t total[2]; /*!< number of bytes processed */ + uint32_t state[5]; /*!< intermediate digest state */ + unsigned char buffer[64]; /*!< data block being processed */ + int first_block; /*!< if first then true else false */ +} sha1_ctx; + +#endif /* defined(SOC_SHA_SUPPORT_SHA1) */ + + +#if defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) + +static const unsigned char sha256_padding[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +typedef struct { + uint32_t total[2]; /*!< number of bytes processed */ + uint32_t state[8]; /*!< intermediate digest state */ + unsigned char buffer[64]; /*!< data block being processed */ + int first_block; /*!< if first then true, else false */ +} sha256_ctx; + +#endif /* defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) */ + +#if defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) + +static const unsigned char sha512_padding[128] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +typedef struct { + uint64_t total[2]; /*!< number of bytes processed */ + uint64_t state[8]; /*!< intermediate digest state */ + unsigned char buffer[128]; /*!< data block being processed */ + int first_block; + uint32_t t_val; /*!< t_val for 512/t mode */ +} sha512_ctx; + +#if SOC_SHA_SUPPORT_SHA512_T +int sha_512_t_init_hash_block(uint16_t t); + +/* + * FIPS-180-2 test vectors + */ +static const unsigned char sha512T_test_buf[2][113] = { + { "abc" }, + { + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" + } +}; + +static const size_t sha512T_test_buflen[2] = { + 3, 112 +}; + +static const esp_sha_type sha512T_algo[4] = { + SHA2_512224, SHA2_512256, SHA2_512T, SHA2_512T +}; + +static const size_t sha512T_t_len[4] = { 224, 256, 224, 256 }; + +static const unsigned char sha512_test_sum[4][32] = { + /* SHA512-224 */ + { + 0x46, 0x34, 0x27, 0x0f, 0x70, 0x7b, 0x6a, 0x54, + 0xda, 0xae, 0x75, 0x30, 0x46, 0x08, 0x42, 0xe2, + 0x0e, 0x37, 0xed, 0x26, 0x5c, 0xee, 0xe9, 0xa4, + 0x3e, 0x89, 0x24, 0xaa + }, + { + 0x23, 0xfe, 0xc5, 0xbb, 0x94, 0xd6, 0x0b, 0x23, + 0x30, 0x81, 0x92, 0x64, 0x0b, 0x0c, 0x45, 0x33, + 0x35, 0xd6, 0x64, 0x73, 0x4f, 0xe4, 0x0e, 0x72, + 0x68, 0x67, 0x4a, 0xf9 + }, + + /* SHA512-256 */ + { + 0x53, 0x04, 0x8e, 0x26, 0x81, 0x94, 0x1e, 0xf9, + 0x9b, 0x2e, 0x29, 0xb7, 0x6b, 0x4c, 0x7d, 0xab, + 0xe4, 0xc2, 0xd0, 0xc6, 0x34, 0xfc, 0x6d, 0x46, + 0xe0, 0xe2, 0xf1, 0x31, 0x07, 0xe7, 0xaf, 0x23 + }, + { + 0x39, 0x28, 0xe1, 0x84, 0xfb, 0x86, 0x90, 0xf8, + 0x40, 0xda, 0x39, 0x88, 0x12, 0x1d, 0x31, 0xbe, + 0x65, 0xcb, 0x9d, 0x3e, 0xf8, 0x3e, 0xe6, 0x14, + 0x6f, 0xea, 0xc8, 0x61, 0xe1, 0x9b, 0x56, 0x3a + } + + /* For SHA512_T testing we use t=224 & t=256 + * so the hash digest should be same as above + */ +}; + +#endif //SOC_SHA_SUPPORT_SHA512_T + +#endif /* defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) */ + +#endif /* SOC_SHA_SUPPORTED */ diff --git a/components/hal/test_apps/crypto/main/sha/test_sha_block.c b/components/hal/test_apps/crypto/main/sha/test_sha_block.c new file mode 100644 index 0000000000..f44316d474 --- /dev/null +++ b/components/hal/test_apps/crypto/main/sha/test_sha_block.c @@ -0,0 +1,203 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: CC0-1.0 + */ + +#include +#include +#include +#include +#include "esp_types.h" +#include "soc/soc_caps.h" +#include "esp_heap_caps.h" +#include "unity.h" +#include "esp_heap_caps.h" + +#include "memory_checks.h" +#include "unity_fixture.h" +#include "sha_block.h" + +#if SOC_SHA_SUPPORTED + +TEST_GROUP(sha); + +TEST_SETUP(sha) +{ + test_utils_record_free_mem(); + TEST_ESP_OK(test_utils_set_leak_level(0, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL)); +} + +TEST_TEAR_DOWN(sha) +{ + test_utils_finish_and_evaluate_leaks(test_utils_get_leak_level(ESP_LEAK_TYPE_WARNING, ESP_COMP_LEAK_ALL), + test_utils_get_leak_level(ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_ALL)); +} + +#if SOC_SHA_SUPPORT_SHA1 + +TEST(sha, test_sha1) +{ + uint8_t sha1_result[20] = { 0 }; + uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(buffer); + memset(buffer, 0xEE, BUFFER_SZ); + + const uint8_t sha1_expected[20] = { 0x09, 0x23, 0x02, 0xfb, 0x2d, 0x36, 0x42, 0xec, + 0xc5, 0xfa, 0xd5, 0x8f, 0xdb, 0xc3, 0x8d, 0x5c, + 0x97, 0xd6, 0x17, 0xee }; + + sha1_block(SHA1, buffer, BUFFER_SZ, sha1_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha1_expected, sha1_result, sizeof(sha1_expected)); + heap_caps_free(buffer); +} + +#endif /* SOC_SHA_SUPPORT_SHA1 */ + + +#if SOC_SHA_SUPPORT_SHA224 + +TEST(sha, test_sha224) +{ + uint8_t sha224_result[28] = { 0 }; + uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(buffer); + memset(buffer, 0xEE, BUFFER_SZ); + + const uint8_t sha224_expected[28] = { 0x69, 0xfd, 0x84, 0x30, 0xd9, 0x4a, 0x44, 0x96, + 0x41, 0xc4, 0xab, 0xab, 0x89, 0x53, 0xa9, 0x1f, + 0x4b, 0xfa, 0x5f, 0x2c, 0xa0, 0x72, 0x5f, 0x6b, + 0xec, 0xd1, 0x47, 0xf9}; + + sha256_block(SHA2_224, buffer, BUFFER_SZ, sha224_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha224_expected, sha224_result, sizeof(sha224_expected)); + heap_caps_free(buffer); +} + +#endif /* SOC_SHA_SUPPORT_SHA224 */ + + +#if SOC_SHA_SUPPORT_SHA256 + +TEST(sha, test_sha256) +{ + uint8_t sha256_result[32] = { 0 }; + uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(buffer); + memset(buffer, 0xEE, BUFFER_SZ); + + const uint8_t sha256_expected[32] = { 0x0c, 0x67, 0x8d, 0x7b, 0x8a, 0x3e, 0x9e, 0xc0, + 0xb5, 0x61, 0xaa, 0x51, 0xd8, 0xfd, 0x42, 0x70, + 0xd6, 0x11, 0x2a, 0xec, 0x4c, 0x72, 0x9b, 0x2c, + 0xa4, 0xc6, 0x04, 0x80, 0x93, 0x4d, 0xc9, 0x99 }; + + sha256_block(SHA2_256, buffer, BUFFER_SZ, sha256_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha256_expected, sha256_result, sizeof(sha256_expected)); + heap_caps_free(buffer); +} + +#endif /* SOC_SHA_SUPPORT_SHA256 */ + + +#if SOC_SHA_SUPPORT_SHA384 + +TEST(sha, test_sha384) +{ + uint8_t sha384_result[48] = { 0 }; + uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(buffer); + memset(buffer, 0xEE, BUFFER_SZ); + + const uint8_t sha384_expected[48] = { 0xf2, 0x7c, 0x75, 0x16, 0xa9, 0xe6, 0xe5, 0xe2, + 0x4d, 0x8b, 0xe4, 0x6b, 0xc5, 0xb3, 0x25, 0xb1, + 0x10, 0xc2, 0xb4, 0x7d, 0xb7, 0xe1, 0xee, 0x1c, + 0xbd, 0xde, 0x52, 0x9d, 0xaa, 0x31, 0xda, 0x88, + 0xfe, 0xec, 0xd5, 0x38, 0x59, 0x28, 0x93, 0xc7, + 0x1c, 0x1a, 0x0b, 0x3b, 0x4e, 0x06, 0x48, 0xa7 }; + + sha512_block(SHA2_384, buffer, BUFFER_SZ, sha384_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha384_expected, sha384_result, sizeof(sha384_expected)); + heap_caps_free(buffer); +} +#endif /* SOC_SHA_SUPPORT_SHA384 */ + +#if SOC_SHA_SUPPORT_SHA512 + +TEST(sha, test_sha512) +{ + uint8_t sha512_result[64] = { 0 }; + uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL); + TEST_ASSERT_NOT_NULL(buffer); + memset(buffer, 0xEE, BUFFER_SZ); + + const uint8_t sha512_expected[64] = { 0x7f, 0xca, 0x1c, 0x81, 0xc6, 0xc7, 0x1e, 0x49, + 0x1f, 0x4a, 0x35, 0x50, 0xb0, 0x0c, 0xd9, 0xbf, + 0x3e, 0xba, 0x90, 0x31, 0x08, 0xc7, 0xb3, 0xf0, + 0x58, 0x11, 0xd3, 0x29, 0xee, 0xa0, 0x4f, 0x3b, + 0xe4, 0x60, 0xd2, 0xc7, 0x2e, 0x50, 0x39, 0x68, + 0xf7, 0x27, 0x2e, 0x71, 0xbc, 0x9f, 0x10, 0xfc, + 0x9d, 0x75, 0xb5, 0x57, 0x74, 0x8d, 0xb9, 0x4b, + 0x69, 0x1a, 0x9c, 0x5f, 0x30, 0x61, 0xca, 0x3b }; + + + sha512_block(SHA2_512, buffer, BUFFER_SZ, sha512_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha512_expected, sha512_result, sizeof(sha512_expected)); + heap_caps_free(buffer); +} +#endif /* SOC_SHA_SUPPORT_SHA512 */ + + +#if SOC_SHA_SUPPORT_SHA512_T + +TEST(sha, test_sha512t) +{ + unsigned char sha512[64], k; + + for (int i = 0; i < 4; i++) { + for (int j = 0; j < 2; j++) { + k = i * 2 + j; + if (i > 1) { + k = (i - 2) * 2 + j; + } + + sha512t_block(sha512T_algo[i], sha512T_test_buf[j], sha512T_test_buflen[j], sha512, sha512T_t_len[i]); + + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha512_test_sum[k], sha512, sha512T_t_len[i] / 8); + } + } +} + +#endif // SOC_SHA_SUPPORT_SHA512_T + +#endif // SOC_SHA_SUPPORTED + +TEST_GROUP_RUNNER(sha) +{ +#if SOC_SHA_SUPPORTED + +#if SOC_SHA_SUPPORT_SHA1 + RUN_TEST_CASE(sha, test_sha1); +#endif /* SOC_SHA_SUPPORT_SHA1 */ + +#if SOC_SHA_SUPPORT_SHA224 + RUN_TEST_CASE(sha, test_sha224); +#endif /* SOC_SHA_SUPPORT_SHA224 */ + +#if SOC_SHA_SUPPORT_SHA256 + RUN_TEST_CASE(sha, test_sha256); +#endif /* SOC_SHA_SUPPORT_SHA256 */ + +#if SOC_SHA_SUPPORT_SHA384 + RUN_TEST_CASE(sha, test_sha384); +#endif /* SOC_SHA_SUPPORT_SHA384 */ + +#if SOC_SHA_SUPPORT_SHA512 + RUN_TEST_CASE(sha, test_sha512); +#endif /* SOC_SHA_SUPPORT_SHA512 */ + +#if SOC_SHA_SUPPORT_SHA512_T + RUN_TEST_CASE(sha, test_sha512t); +#endif // SOC_SHA_SUPPORT_SHA512_T + +#endif /* SOC_SHA_SUPPORTED */ +}