1 // Copyright 2017 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "crypto_hash_sha512.h"
16 #include "mbedtls/sha512.h"
17 #include <string.h>
18 
19 #ifdef MBEDTLS_SHA512_ALT
20 /* Wrapper only works if the libsodium context structure can be mapped
21    directly to the mbedTLS context structure.
22 
23    For ESP32 hardware SHA, the problems are fitting all the data in
24    the libsodium state structure, and also that libsodium doesn't
25    have mbedtls_sha512_free() or mbedtls_sha512_clone() so we can't
26    manage the hardware state in a clean way.
27 */
28 #error "This wrapper only support standard software mbedTLS SHA"
29 #endif
30 
31 /* Sanity check that all the context fields have identical sizes
32    (this should be more or less given from the SHA512 algorithm)
33 
34    Note that the meaning of the fields is *not* all the same. In libsodium,
35    SHA512 'count' is a 2xuin64_t *bit* count where count[0] == MSB. In mbedTLS,
36    SHA512 'total' is a 2xuint64_t *byte* count where count[0] == LSB.
37 
38    For this implementation, we don't convert so the libsodium state structure actually holds a binary copy of the
39    mbedTLS totals. This doesn't matter inside libsodium's documented API, but would matter if any callers try to use
40    the state's bit count.
41 */
42 _Static_assert(sizeof(((crypto_hash_sha512_state *)0)->state) == sizeof(((mbedtls_sha512_context *)0)->state), "state mismatch");
43 _Static_assert(sizeof(((crypto_hash_sha512_state *)0)->count) == sizeof(((mbedtls_sha512_context *)0)->total), "count mismatch");
44 _Static_assert(sizeof(((crypto_hash_sha512_state *)0)->buf) == sizeof(((mbedtls_sha512_context *)0)->buffer), "buf mismatch");
45 
46 /* Inline functions to convert between mbedTLS & libsodium
47    context structures
48 */
49 
sha512_mbedtls_to_libsodium(crypto_hash_sha512_state * ls_state,const mbedtls_sha512_context * mb_ctx)50 static void sha512_mbedtls_to_libsodium(crypto_hash_sha512_state *ls_state, const mbedtls_sha512_context *mb_ctx)
51 {
52     memcpy(ls_state->count, mb_ctx->total, sizeof(ls_state->count));
53     memcpy(ls_state->state, mb_ctx->state, sizeof(ls_state->state));
54     memcpy(ls_state->buf, mb_ctx->buffer, sizeof(ls_state->buf));
55 }
56 
sha512_libsodium_to_mbedtls(mbedtls_sha512_context * mb_ctx,crypto_hash_sha512_state * ls_state)57 static void sha512_libsodium_to_mbedtls(mbedtls_sha512_context *mb_ctx, crypto_hash_sha512_state *ls_state)
58 {
59     memcpy(mb_ctx->total, ls_state->count, sizeof(mb_ctx->total));
60     memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state));
61     memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer));
62     mb_ctx->is384 = 0;
63 }
64 
65 int
crypto_hash_sha512_init(crypto_hash_sha512_state * state)66 crypto_hash_sha512_init(crypto_hash_sha512_state *state)
67 {
68     mbedtls_sha512_context ctx;
69     mbedtls_sha512_init(&ctx);
70     int ret = mbedtls_sha512_starts_ret(&ctx, 0);
71     if (ret != 0) {
72         return ret;
73     }
74     sha512_mbedtls_to_libsodium(state, &ctx);
75     return 0;
76 }
77 
78 int
crypto_hash_sha512_update(crypto_hash_sha512_state * state,const unsigned char * in,unsigned long long inlen)79 crypto_hash_sha512_update(crypto_hash_sha512_state *state,
80                           const unsigned char *in, unsigned long long inlen)
81 {
82     mbedtls_sha512_context ctx;
83     sha512_libsodium_to_mbedtls(&ctx, state);
84     int ret = mbedtls_sha512_update_ret(&ctx, in, inlen);
85     if (ret != 0) {
86         return ret;
87     }
88     sha512_mbedtls_to_libsodium(state, &ctx);
89     return 0;
90 }
91 
92 int
crypto_hash_sha512_final(crypto_hash_sha512_state * state,unsigned char * out)93 crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out)
94 {
95     mbedtls_sha512_context ctx;
96     sha512_libsodium_to_mbedtls(&ctx, state);
97     return mbedtls_sha512_finish_ret(&ctx, out);
98 }
99 
100 int
crypto_hash_sha512(unsigned char * out,const unsigned char * in,unsigned long long inlen)101 crypto_hash_sha512(unsigned char *out, const unsigned char *in,
102                    unsigned long long inlen)
103 {
104     return mbedtls_sha512_ret(in, inlen, out, 0);
105 }
106