diff --git a/components/mbedtls/port/include/sha/sha_block.h b/components/mbedtls/port/include/sha/sha_block.h index bcae68e5a1..105c706842 100644 --- a/components/mbedtls/port/include/sha/sha_block.h +++ b/components/mbedtls/port/include/sha/sha_block.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -40,8 +40,9 @@ extern "C" { * @param ilen Length of input data in bytes. * * @param output Buffer for output SHA digest. Output is 20 bytes for - * sha_type SHA1, 32 bytes for sha_type SHA2_256, 48 bytes for - * sha_type SHA2_384, 64 bytes for sha_type SHA2_512. + * sha_type SHA1, 28 bytes for sha_type SHA2_224, 32 bytes for + * sha_type SHA2_256, 48 bytes for sha_type SHA2_384, 64 bytes for + * sha_type SHA2_512. */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); diff --git a/components/mbedtls/port/include/sha/sha_dma.h b/components/mbedtls/port/include/sha/sha_dma.h index af12f23a59..a92ec7e6ca 100644 --- a/components/mbedtls/port/include/sha/sha_dma.h +++ b/components/mbedtls/port/include/sha/sha_dma.h @@ -1,16 +1,8 @@ -// Copyright 2019-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once @@ -51,8 +43,9 @@ extern "C" { * @param ilen Length of input data in bytes. * * @param output Buffer for output SHA digest. Output is 20 bytes for - * sha_type SHA1, 32 bytes for sha_type SHA2_256, 48 bytes for - * sha_type SHA2_384, 64 bytes for sha_type SHA2_512. + * sha_type SHA1, 28 bytes for sha_type SHA2_224, 32 bytes for + * sha_type SHA2_256, 48 bytes for sha_type SHA2_384, 64 bytes for + * sha_type SHA2_512. */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); @@ -87,7 +80,7 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns * SHA engine will be used. * * @param t The number of bits for the SHA512/t hash function, with - * output truncated to t bits. Used for calculating the inital hash. + * output truncated to t bits. Used for calculating the initial hash. * t is any positive integer between 1 and 512, except 384. * * @return 0 if successful diff --git a/components/mbedtls/port/sha/block/esp_sha256.c b/components/mbedtls/port/sha/block/esp_sha256.c index eb456afda7..fabd3c240a 100644 --- a/components/mbedtls/port/sha/block/esp_sha256.c +++ b/components/mbedtls/port/sha/block/esp_sha256.c @@ -5,7 +5,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. @@ -231,7 +231,11 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char *output ) return ret; } - memcpy(output, ctx->state, 32); + if (ctx->mode == SHA2_224) { + memcpy(output, ctx->state, 28); + } else { + memcpy(output, ctx->state, 32); + } return ret; } diff --git a/components/mbedtls/port/sha/dma/esp_sha256.c b/components/mbedtls/port/sha/dma/esp_sha256.c index b2d33b04ac..b7aaf2ddfd 100644 --- a/components/mbedtls/port/sha/dma/esp_sha256.c +++ b/components/mbedtls/port/sha/dma/esp_sha256.c @@ -5,7 +5,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. @@ -222,7 +222,11 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char *output ) return ret; } - memcpy(output, ctx->state, 32); + if (ctx->mode == SHA2_224) { + memcpy(output, ctx->state, 28); + } else { + memcpy(output, ctx->state, 32); + } return ret; } diff --git a/components/mbedtls/port/sha/esp_sha.c b/components/mbedtls/port/sha/esp_sha.c index 00686d2b0b..048697425e 100644 --- a/components/mbedtls/port/sha/esp_sha.c +++ b/components/mbedtls/port/sha/esp_sha.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2018-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2018-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -32,7 +32,7 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns #if SOC_SHA_SUPPORT_SHA1 mbedtls_sha1_context sha1; #endif -#if SOC_SHA_SUPPORT_SHA256 +#if SOC_SHA_SUPPORT_SHA224 || SOC_SHA_SUPPORT_SHA256 mbedtls_sha256_context sha256; #endif #if SOC_SHA_SUPPORT_SHA384 || SOC_SHA_SUPPORT_SHA512 @@ -56,6 +56,19 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns } #endif //SOC_SHA_SUPPORT_SHA1 +#if SOC_SHA_SUPPORT_SHA224 + if (sha_type == SHA2_224) { + mbedtls_sha256_init(&ctx.sha256); + mbedtls_sha256_starts(&ctx.sha256, 1); + ret = mbedtls_sha256_update(&ctx.sha256, input, ilen); + assert(ret == 0); + ret = mbedtls_sha256_finish(&ctx.sha256, output); + assert(ret == 0); + mbedtls_sha256_free(&ctx.sha256); + return; + } +#endif //SOC_SHA_SUPPORT_SHA224 + #if SOC_SHA_SUPPORT_SHA256 if (sha_type == SHA2_256) { mbedtls_sha256_init(&ctx.sha256); diff --git a/components/mbedtls/test_apps/main/test_sha.c b/components/mbedtls/test_apps/main/test_sha.c index ee254fccf3..b7f324833d 100644 --- a/components/mbedtls/test_apps/main/test_sha.c +++ b/components/mbedtls/test_apps/main/test_sha.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -83,6 +83,31 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]") ESP_LOGI(TAG, "esp_sha() 32KB SHA512 in %" PRIu32 " us", us_sha512); #endif +/* NOTE: The Mbed TLS ROM implementation needs to updated to support SHA224 operations */ +#if !CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL +#if SOC_SHA_SUPPORT_SHA224 + uint8_t sha224_result[28] = { 0 }; + const uint8_t sha224_expected[28] = { 0xc0, 0x2a, 0x54, 0x2f, 0x70, 0x93, 0xaa, 0x3e, + 0xb6, 0xec, 0xe6, 0xb2, 0xb8, 0xe6, 0x57, 0x27, + 0xf9, 0x34, 0x9e, 0xb7, 0xbc, 0x96, 0x0d, 0xf5, + 0xd9, 0x87, 0xa8, 0x17 }; + esp_sha(SHA2_224, buffer, BUFFER_SZ, sha224_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha224_expected, sha224_result, sizeof(sha224_expected)); +#endif +#endif + +#if SOC_SHA_SUPPORT_SHA384 + uint8_t sha384_result[48] = { 0 }; + const uint8_t sha384_expected[48] = { 0x72, 0x13, 0xc8, 0x09, 0x7b, 0xbc, 0x9e, 0x65, + 0x02, 0xf8, 0x1d, 0xd2, 0x02, 0xd3, 0xd1, 0x80, + 0x48, 0xb9, 0xfb, 0x10, 0x2f, 0x1b, 0xd1, 0x40, + 0x4c, 0xc6, 0x3c, 0xfe, 0xcf, 0xa0, 0x83, 0x1b, + 0x6e, 0xfb, 0x97, 0x17, 0x65, 0x08, 0x28, 0x04, + 0x2f, 0x06, 0x2c, 0x97, 0x4e, 0xf8, 0x26, 0x86 }; + esp_sha(SHA2_384, buffer, BUFFER_SZ, sha384_result); + TEST_ASSERT_EQUAL_HEX8_ARRAY(sha384_expected, sha384_result, sizeof(sha384_expected)); +#endif + free(buffer); TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA1_32KB, "%" PRId32 " us", us_sha1); diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 6879a27e9d..b6542bc3e1 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -485,7 +485,6 @@ components/mbedtls/port/include/esp32s2/aes.h components/mbedtls/port/include/esp32s2/gcm.h components/mbedtls/port/include/esp32s2/sha.h components/mbedtls/port/include/mbedtls/esp_debug.h -components/mbedtls/port/include/sha/sha_dma.h components/mbedtls/port/include/sha/sha_parallel_engine.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h