feat(hal): Adding AES snd SHA peripheral to crypto testapps

components/hal/test_apps/crypto/README.md

@@ -47,6 +47,22 @@ This contains tests for the following features of the crypto peripherals:
     - ECDSA P192 signature verification
     - ECDSA P256 signature verification
 
+- AES peripheral
+    - Block Mode
+        - CBC AES-256
+        - CTR AES-256
+
+- SHA peripheral
+    - Block Mode
+        - SHA-1
+        - SHA-224
+        - SHA-256
+        - SHA-384
+        - SHA-512
+        - SHA-512/224
+        - SHA-512/256
+        - SHA-512/t
+
 > **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment.
 # Burning the HMAC key
 

components/hal/test_apps/crypto/main/CMakeLists.txt

@@ -20,6 +20,18 @@ if(CONFIG_SOC_ECDSA_SUPPORTED)
    list(APPEND srcs "ecdsa/test_ecdsa.c")
 endif()
 
+if(CONFIG_SOC_AES_SUPPORTED)
+   list(APPEND srcs "aes/aes_block.c")
+   list(APPEND srcs "aes/test_aes_block.c")
+endif()
+
+if(CONFIG_SOC_SHA_SUPPORTED)
+   if(NOT CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG)
+      list(APPEND srcs "sha/sha_block.c")
+      list(APPEND srcs "sha/test_sha_block.c")
+   endif()
+endif()
+
 idf_component_register(SRCS ${srcs}
                        REQUIRES test_utils unity
                        WHOLE_ARCHIVE)

components/hal/test_apps/crypto/main/aes/aes_block.c

@@ -0,0 +1,117 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: CC0-1.0
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "soc/periph_defs.h"
+#include "esp_private/periph_ctrl.h"
+
+#include "hal/aes_types.h"
+#include "hal/aes_hal.h"
+#include "hal/clk_gate_ll.h"
+
+#if SOC_AES_SUPPORTED
+
+#include "aes_block.h"
+
+void aes_crypt_cbc_block(int mode,
+                        uint8_t key_bytes,
+                        const uint8_t key[32],
+                        size_t length,
+                        unsigned char iv[16],
+                        const unsigned char *input,
+                        unsigned char *output)
+{
+    uint32_t *output_words = (uint32_t *)output;
+    const uint32_t *input_words = (const uint32_t *)input;
+    uint32_t *iv_words = (uint32_t *)iv;
+    unsigned char temp[16];
+
+    /* Enable peripheral module by un-gating the clock and de-asserting the reset signal. */
+    periph_ll_enable_clk_clear_rst(PERIPH_AES_MODULE);
+
+    /* Sets the key used for AES encryption/decryption */
+    aes_hal_setkey(key, key_bytes, mode);
+
+    if (mode == ESP_AES_DECRYPT) {
+        while ( length > 0 ) {
+            memcpy(temp, input_words, 16);
+            aes_hal_transform_block(input_words, output_words);
+
+            output_words[0] = output_words[0] ^ iv_words[0];
+            output_words[1] = output_words[1] ^ iv_words[1];
+            output_words[2] = output_words[2] ^ iv_words[2];
+            output_words[3] = output_words[3] ^ iv_words[3];
+
+            memcpy( iv_words, temp, 16 );
+
+            input_words += 4;
+            output_words += 4;
+            length -= 16;
+        }
+    } else { // ESP_AES_ENCRYPT
+        while ( length > 0 ) {
+
+            output_words[0] = input_words[0] ^ iv_words[0];
+            output_words[1] = input_words[1] ^ iv_words[1];
+            output_words[2] = input_words[2] ^ iv_words[2];
+            output_words[3] = input_words[3] ^ iv_words[3];
+
+            aes_hal_transform_block(output_words, output_words);
+            memcpy( iv_words, output_words, 16 );
+
+            input_words  += 4;
+            output_words += 4;
+            length -= 16;
+        }
+    }
+
+    /* Disable peripheral module by gating the clock and asserting the reset signal. */
+    periph_ll_disable_clk_set_rst(PERIPH_AES_MODULE);
+}
+
+
+void aes_crypt_ctr_block(uint8_t key_bytes,
+                        const uint8_t key[32],
+                        size_t length,
+                        size_t *nc_off,
+                        unsigned char nonce_counter[16],
+                        unsigned char stream_block[16],
+                        const unsigned char *input,
+                        unsigned char *output )
+{
+    int c, i;
+    size_t n = *nc_off;
+
+    /* Enable peripheral module by un-gating the clock and de-asserting the reset signal. */
+    periph_ll_enable_clk_clear_rst(PERIPH_AES_MODULE);
+
+    /* Sets the key used for AES encryption/decryption */
+    aes_hal_setkey(key, key_bytes, ESP_AES_ENCRYPT);
+
+    while (length--) {
+        if ( n == 0 ) {
+            aes_hal_transform_block(nonce_counter, stream_block);
+            for ( i = 16; i > 0; i-- ) {
+                if ( ++nonce_counter[i - 1] != 0 ) {
+                    break;
+                }
+            }
+        }
+        c = *input++;
+        *output++ = (unsigned char)( c ^ stream_block[n] );
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *nc_off = n;
+
+    /* Disable peripheral module by gating the clock and asserting the reset signal. */
+    periph_ll_disable_clk_set_rst(PERIPH_AES_MODULE);
+}
+
+#endif

components/hal/test_apps/crypto/main/aes/aes_block.h

@@ -0,0 +1,29 @@
+/*
+ * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include <stdio.h>
+
+#if SOC_AES_SUPPORTED
+
+void aes_crypt_cbc_block(int mode,
+                        uint8_t key_bytes,
+                        const uint8_t key[32],
+                        size_t length,
+                        unsigned char iv[16],
+                        const unsigned char *input,
+                        unsigned char *output);
+
+void aes_crypt_ctr_block(uint8_t key_bytes,
+                        const uint8_t key[32],
+                        size_t length,
+                        size_t *nc_off,
+                        unsigned char nonce_counter[16],
+                        unsigned char stream_block[16],
+                        const unsigned char *input,
+                        unsigned char *output );
+
+#endif

components/hal/test_apps/crypto/main/aes/test_aes_block.c

@@ -0,0 +1,128 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: CC0-1.0
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "soc/soc_caps.h"
+#include "esp_heap_caps.h"
+#include "unity.h"
+#include "test_params.h"
+#include "memory_checks.h"
+#include "unity_fixture.h"
+
+
+#define CBC_AES_BUFFER_SIZE 1600
+#define CTR_AES_BUFFER_SIZE 1000
+
+#if SOC_AES_SUPPORTED
+
+#include "aes_block.h"
+
+TEST_GROUP(aes);
+
+TEST_SETUP(aes)
+{
+    test_utils_record_free_mem();
+    TEST_ESP_OK(test_utils_set_leak_level(0, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL));
+}
+
+TEST_TEAR_DOWN(aes)
+{
+    test_utils_finish_and_evaluate_leaks(test_utils_get_leak_level(ESP_LEAK_TYPE_WARNING, ESP_COMP_LEAK_ALL),
+                                         test_utils_get_leak_level(ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_ALL));
+}
+
+
+TEST(aes, cbc_aes_256_test)
+{
+    uint8_t key_bytes = 256 / 8;
+    uint8_t nonce[16];
+
+    const uint8_t expected_cipher_end[] = {
+        0x3e, 0x68, 0x8a, 0x02, 0xe6, 0xf2, 0x6a, 0x9e,
+        0x9b, 0xb2, 0xc0, 0xc4, 0x63, 0x63, 0xd9, 0x25,
+        0x51, 0xdc, 0xc2, 0x71, 0x96, 0xb3, 0xe5, 0xcd,
+        0xbd, 0x0e, 0xf2, 0xef, 0xa9, 0xab, 0xab, 0x2d,
+    };
+
+    uint8_t *chipertext = heap_caps_calloc(CBC_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(chipertext);
+    uint8_t *plaintext = heap_caps_calloc(CBC_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(plaintext);
+    uint8_t *decryptedtext = heap_caps_calloc(CBC_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(decryptedtext);
+
+    memset(plaintext, 0x3A, CBC_AES_BUFFER_SIZE);
+    memset(decryptedtext, 0x0, CBC_AES_BUFFER_SIZE);
+
+    // Encrypt
+    memcpy(nonce, iv, 16);
+    aes_crypt_cbc_block(ESP_AES_ENCRYPT, key_bytes, key_256, CBC_AES_BUFFER_SIZE, nonce, plaintext, chipertext);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + CBC_AES_BUFFER_SIZE - 32, 32);
+
+    // Decrypt
+    memcpy(nonce, iv, 16);
+    aes_crypt_cbc_block(ESP_AES_DECRYPT, key_bytes, key_256, CBC_AES_BUFFER_SIZE, nonce, chipertext, decryptedtext);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, CBC_AES_BUFFER_SIZE);
+
+    // Free dynamically allocated memory
+    heap_caps_free(chipertext);
+    heap_caps_free(plaintext);
+    heap_caps_free(decryptedtext);
+}
+
+
+TEST(aes, ctr_aes_256_test)
+{
+    uint8_t key_bytes = 256 / 8;
+    uint8_t nonce[16];
+    uint8_t stream_block[16];
+    size_t nc_off = 0;
+
+    const uint8_t expected_cipher_end[] = {
+        0xd4, 0xdc, 0x4f, 0x8f, 0xfe, 0x86, 0xee, 0xb5,
+        0x14, 0x7f, 0xba, 0x30, 0x25, 0xa6, 0x7f, 0x6c,
+        0xb5, 0x73, 0xaf, 0x90, 0xd7, 0xff, 0x36, 0xba,
+        0x2b, 0x1d, 0xec, 0xb9, 0x38, 0xfa, 0x0d, 0xeb,
+    };
+
+    uint8_t *chipertext = heap_caps_calloc(CTR_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(chipertext);
+    uint8_t *plaintext = heap_caps_calloc(CTR_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(plaintext);
+    uint8_t *decryptedtext = heap_caps_calloc(CTR_AES_BUFFER_SIZE, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(decryptedtext);
+
+    memset(plaintext, 0x3A, CTR_AES_BUFFER_SIZE);
+    memset(decryptedtext, 0x0, CTR_AES_BUFFER_SIZE);
+
+    // Encrypt
+    memcpy(nonce, iv, 16);
+    aes_crypt_ctr_block(key_bytes, key_256, CTR_AES_BUFFER_SIZE, &nc_off, nonce, stream_block, plaintext, chipertext);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + CTR_AES_BUFFER_SIZE - 32, 32);
+
+    // Decrypt
+    nc_off = 0;
+    memcpy(nonce, iv, 16);
+    aes_crypt_ctr_block(key_bytes, key_256, CTR_AES_BUFFER_SIZE, &nc_off, nonce, stream_block, chipertext, decryptedtext);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, CTR_AES_BUFFER_SIZE);
+
+    // Free dynamically allocated memory
+    heap_caps_free(chipertext);
+    heap_caps_free(plaintext);
+    heap_caps_free(decryptedtext);
+}
+
+#endif // SOC_AES_SUPPORTED
+
+TEST_GROUP_RUNNER(aes)
+{
+#if SOC_AES_SUPPORTED
+    RUN_TEST_CASE(aes, cbc_aes_256_test);
+    RUN_TEST_CASE(aes, ctr_aes_256_test);
+#endif // SOC_AES_SUPPORTED
+}

components/hal/test_apps/crypto/main/aes/test_params.h

@@ -0,0 +1,26 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+#include "soc/soc_caps.h"
+
+#if SOC_AES_SUPPORTED
+
+#define ESP_AES_ENCRYPT     1 /**< AES encryption. */
+#define ESP_AES_DECRYPT     0 /**< AES decryption. */
+
+static const uint8_t key_256[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+};
+
+static const uint8_t iv[] = {
+    0x10, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09,
+    0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
+};
+#endif /* SOC_AES_SUPPORTED */

components/hal/test_apps/crypto/main/app_main.c

@@ -20,6 +20,16 @@ static void run_all_tests(void)
     RUN_TEST_GROUP(ecc);
 #endif
 
+#if CONFIG_SOC_AES_SUPPORTED
+    RUN_TEST_GROUP(aes);
+#endif
+
+#if CONFIG_SOC_SHA_SUPPORTED
+#if !CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG
+    RUN_TEST_GROUP(sha);
+#endif /* !CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG*/
+#endif
+
 #if CONFIG_IDF_ENV_FPGA
 
 #if CONFIG_SOC_HMAC_SUPPORTED

components/hal/test_apps/crypto/main/mpi/test_mpi.c

@@ -8,6 +8,7 @@
 
 #include "esp_log.h"
 #include "esp_private/periph_ctrl.h"
+#include "esp_heap_caps.h"
 #include "memory_checks.h"
 #include "unity_fixture.h"
 
@@ -69,7 +70,7 @@ static void mpi_mul_mpi_mod_hw_op(void)
 #else
         mpi_hal_start_op(MPI_MODMULT);
 #endif
-        uint32_t* Z_p = (uint32_t*)calloc(test_cases_Z_words[i], sizeof(uint32_t));
+        uint32_t* Z_p = (uint32_t*)heap_caps_calloc(test_cases_Z_words[i], sizeof(uint32_t), MALLOC_CAP_INTERNAL);
         mpi_hal_read_result_hw_op(Z_p, test_cases_Z_words[i], test_cases_Z_words[i]);
 
         printf("Test Case %d: ", i+1);
@@ -82,7 +83,7 @@ static void mpi_mul_mpi_mod_hw_op(void)
 
         TEST_ASSERT_EQUAL_HEX32_ARRAY_MESSAGE(test_cases_Z_p[i], Z_p, test_cases_Z_words[i], "Result");
         printf("PASS\n");
-        free(Z_p);
+        heap_caps_free(Z_p);
     }
     esp_mpi_disable_hardware_hw_op();
 }
@@ -118,7 +119,7 @@ static void mpi_exp_mpi_mod_hw_op(void)
 
         mpi_hal_enable_search(false);
 #endif
-        uint32_t* Z_p = (uint32_t*)calloc(exp_test_cases_m_words[i], sizeof(uint32_t));
+        uint32_t* Z_p = (uint32_t*)heap_caps_calloc(exp_test_cases_m_words[i], sizeof(uint32_t), MALLOC_CAP_INTERNAL);
         /* Read back the result */
         mpi_hal_read_result_hw_op(Z_p, exp_test_cases_m_words[i], exp_test_cases_m_words[i]);
         esp_mpi_disable_hardware_hw_op();
@@ -133,7 +134,7 @@ static void mpi_exp_mpi_mod_hw_op(void)
 
         TEST_ASSERT_EQUAL_HEX32_ARRAY_MESSAGE(exp_test_cases_Z_p[i], Z_p, exp_test_cases_m_words[i], "Result");
         printf("PASS\n");
-        free(Z_p);
+        heap_caps_free(Z_p);
     }
 }
 

components/hal/test_apps/crypto/main/sha/sha_block.c

@@ -0,0 +1,399 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: CC0-1.0
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "soc/soc_caps.h"
+
+#if SOC_SHA_SUPPORTED
+
+#include "soc/periph_defs.h"
+#include "esp_private/periph_ctrl.h"
+#include "hal/sha_hal.h"
+#include "hal/clk_gate_ll.h"
+#include "sha_block.h"
+
+#if defined(SOC_SHA_SUPPORT_SHA1)
+
+static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsigned char *input, size_t ilen)
+{
+    size_t fill;
+    uint32_t left, local_len = 0;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if ( ctx->total[0] < (uint32_t) ilen ) {
+        ctx->total[1]++;
+    }
+
+    if ( left && ilen >= fill ) {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+        local_len = 64;
+    }
+
+    if ( (ilen >= 64) || local_len) {
+        /* Enable peripheral module */
+        periph_ll_enable_clk_clear_rst(PERIPH_SHA_MODULE);
+
+        if (ctx->first_block == 0) {
+            /* Writes the message digest to the SHA engine */
+            sha_hal_write_digest(sha_type, ctx->state);
+        }
+
+        /* First process buffered block, if any */
+        if ( local_len ) {
+            /* Hash a single block */
+            sha_hal_hash_block(sha_type, ctx->buffer, block_length(sha_type)/4, ctx->first_block);
+            if (ctx->first_block == 1) {
+                ctx->first_block = 0;
+            }
+        }
+
+        while ( ilen >= 64 ) {
+            sha_hal_hash_block(sha_type, input, block_length(sha_type)/4, ctx->first_block);
+            if (ctx->first_block == 1) {
+                ctx->first_block = 0;
+            }
+            input += 64;
+            ilen  -= 64;
+        }
+
+        /* Reads the current message digest from the SHA engine */
+        sha_hal_read_digest(sha_type, ctx->state);
+
+        /* Disable peripheral module */
+        periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE);
+    }
+
+    if ( ilen > 0 ) {
+        memcpy( (void *) (ctx->buffer + left), input, ilen);
+    }
+}
+
+void sha1_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
+{
+
+    sha1_ctx ctx;
+    memset(&ctx, 0, sizeof(sha1_ctx));
+    ctx.first_block = 1;
+
+    sha1_update_block(&ctx, sha_type, input, ilen);
+
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx.total[0] >> 29 )
+           | ( ctx.total[1] <<  3 );
+    low  = ( ctx.total[0] <<  3 );
+
+    PUT_UINT32_BE( high, msglen, 0 );
+    PUT_UINT32_BE( low,  msglen, 4 );
+
+    last = ctx.total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    sha1_update_block(&ctx, sha_type, sha1_padding, padn);
+
+    sha1_update_block(&ctx, sha_type, msglen, 8);
+
+    memcpy(output, ctx.state, 20);
+}
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA1) */
+
+#if defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256)
+
+static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const unsigned char *input, size_t ilen)
+{
+    size_t fill;
+    uint32_t left, local_len = 0;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if ( ctx->total[0] < (uint32_t) ilen ) {
+        ctx->total[1]++;
+    }
+
+    if ( left && ilen >= fill ) {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+        local_len = 64;
+    }
+
+    if ( (ilen >= 64) || local_len) {
+        /* Enable peripheral module */
+        periph_ll_enable_clk_clear_rst(PERIPH_SHA_MODULE);
+
+        if (ctx->first_block == 0) {
+            /* Writes the message digest to the SHA engine */
+            sha_hal_write_digest(sha_type, ctx->state);
+        }
+
+        /* First process buffered block, if any */
+        if ( local_len ) {
+            /* Hash a single block */
+            sha_hal_hash_block(sha_type, ctx->buffer, block_length(sha_type)/4, ctx->first_block);
+            if (ctx->first_block == 1) {
+                ctx->first_block = 0;
+            }
+        }
+
+        while ( ilen >= 64 ) {
+            sha_hal_hash_block(sha_type, input, block_length(sha_type)/4, ctx->first_block);
+            if (ctx->first_block == 1) {
+                ctx->first_block = 0;
+            }
+            input += 64;
+            ilen  -= 64;
+        }
+
+        /* Reads the current message digest from the SHA engine */
+        sha_hal_read_digest(sha_type, ctx->state);
+
+        /* Disable peripheral module */
+        periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE);
+    }
+
+    if ( ilen > 0 ) {
+        memcpy( (void *) (ctx->buffer + left), input, ilen);
+    }
+}
+
+void sha256_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
+{
+
+    sha256_ctx ctx;
+    memset(&ctx, 0, sizeof(sha256_ctx));
+    ctx.first_block = 1;
+
+    sha256_update_block(&ctx, sha_type, input, ilen);
+
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx.total[0] >> 29 )
+           | ( ctx.total[1] <<  3 );
+    low  = ( ctx.total[0] <<  3 );
+
+    PUT_UINT32_BE( high, msglen, 0 );
+    PUT_UINT32_BE( low,  msglen, 4 );
+
+    last = ctx.total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    sha256_update_block(&ctx, sha_type, sha256_padding, padn);
+
+    sha256_update_block(&ctx, sha_type, msglen, 8);
+
+    if (sha_type == SHA2_256) {
+        memcpy(output, ctx.state, 32);
+    } else if (sha_type == SHA2_224) {
+        memcpy(output, ctx.state, 28);
+    }
+}
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) */
+
+#if defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512)
+
+#if SOC_SHA_SUPPORT_SHA512_T
+
+int sha_512_t_init_hash_block(uint16_t t)
+{
+    uint32_t t_string = 0;
+    uint8_t t0, t1, t2, t_len;
+
+    if (t == 384) {
+        return -1;
+    }
+
+    if (t <= 9) {
+        t_string = (uint32_t)((1 << 23) | ((0x30 + t) << 24));
+        t_len = 0x48;
+    } else if (t <= 99) {
+        t0 = t % 10;
+        t1 = (t / 10) % 10;
+        t_string = (uint32_t)((1 << 15) | ((0x30 + t0) << 16) |
+                              (((0x30 + t1) << 24)));
+        t_len = 0x50;
+    } else if (t <= 512) {
+        t0 = t % 10;
+        t1 = (t / 10) % 10;
+        t2 = t / 100;
+        t_string = (uint32_t)((1 << 7) | ((0x30 + t0) << 8) |
+                              (((0x30 + t1) << 16) + ((0x30 + t2) << 24)));
+        t_len = 0x58;
+    } else {
+        return -1;
+    }
+
+    /* Calculates and sets the initial digiest for SHA512_t */
+    sha_hal_sha512_init_hash(t_string, t_len);
+
+    return 0;
+}
+
+#endif //SOC_SHA_SUPPORT_SHA512_T
+
+static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const unsigned char *input, size_t ilen)
+{
+
+    size_t fill;
+    unsigned int left, local_len = 0;
+
+    left = (unsigned int) (ctx->total[0] & 0x7F);
+    fill = 128 - left;
+
+    ctx->total[0] += (uint64_t) ilen;
+
+    if ( ctx->total[0] < (uint64_t) ilen ) {
+        ctx->total[1]++;
+    }
+
+    if ( left && ilen >= fill ) {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+        local_len = 128;
+    }
+
+
+    if ( (ilen >= 128) || local_len) {
+
+        /* Enable peripheral module */
+        periph_ll_enable_clk_clear_rst(PERIPH_SHA_MODULE);
+
+        if (ctx->first_block && sha_type == SHA2_512T){
+            sha_512_t_init_hash_block(ctx->t_val);
+            ctx->first_block = 0;
+        }
+        else if (ctx->first_block == 0) {
+            /* Writes the message digest to the SHA engine */
+            sha_hal_write_digest(sha_type, ctx->state);
+        }
+
+        /* First process buffered block, if any */
+        if ( local_len ) {
+            /* Hash a single block */
+            sha_hal_hash_block(sha_type, ctx->buffer, block_length(sha_type)/4, ctx->first_block);
+            if (ctx->first_block == 1) {
+                ctx->first_block = 0;
+            }
+        }
+
+        while ( ilen >= 128 ) {
+            sha_hal_hash_block(sha_type, input, block_length(sha_type)/4, ctx->first_block);
+            if (ctx->first_block == 1) {
+                ctx->first_block = 0;
+            }
+            input += 128;
+            ilen  -= 128;
+        }
+
+        /* Reads the current message digest from the SHA engine */
+        sha_hal_read_digest(sha_type, ctx->state);
+
+        /* Disable peripheral module */
+        periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE);
+    }
+
+    if ( ilen > 0 ) {
+        memcpy( (void *) (ctx->buffer + left), input, ilen);
+    }
+}
+
+void sha512_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
+{
+
+    sha512_ctx ctx;
+    memset(&ctx, 0, sizeof(sha512_ctx));
+    ctx.first_block = 1;
+
+    sha512_update_block(&ctx, sha_type, input, ilen);
+
+    size_t last, padn;
+    uint64_t high, low;
+    unsigned char msglen[16];
+
+    high = ( ctx.total[0] >> 61 )
+           | ( ctx.total[1] <<  3 );
+    low  = ( ctx.total[0] <<  3 );
+
+    PUT_UINT64_BE( high, msglen, 0 );
+    PUT_UINT64_BE( low,  msglen, 8 );
+
+    last = (size_t)( ctx.total[0] & 0x7F );
+    padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
+
+    sha512_update_block( &ctx, sha_type, sha512_padding, padn );
+
+    sha512_update_block( &ctx, sha_type, msglen, 16 );
+
+    if (sha_type == SHA2_384) {
+        memcpy(output, ctx.state, 48);
+    } else {
+        memcpy(output, ctx.state, 64);
+    }
+
+}
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) */
+
+#if SOC_SHA_SUPPORT_SHA512_T
+
+void sha512t_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output, uint32_t t_val)
+{
+    sha512_ctx ctx;
+    memset(&ctx, 0, sizeof(sha512_ctx));
+    ctx.first_block = 1;
+    ctx.t_val = t_val;
+
+    sha512_update_block(&ctx, sha_type, input, ilen);
+
+    size_t last, padn;
+    uint64_t high, low;
+    unsigned char msglen[16];
+
+    high = ( ctx.total[0] >> 61 )
+           | ( ctx.total[1] <<  3 );
+    low  = ( ctx.total[0] <<  3 );
+
+    PUT_UINT64_BE( high, msglen, 0 );
+    PUT_UINT64_BE( low,  msglen, 8 );
+
+    last = (size_t)( ctx.total[0] & 0x7F );
+    padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
+
+    sha512_update_block( &ctx, sha_type, sha512_padding, padn );
+
+    sha512_update_block( &ctx, sha_type, msglen, 16 );
+
+    if (sha_type == SHA2_384) {
+        memcpy(output, ctx.state, 48);
+    } else {
+        memcpy(output, ctx.state, 64);
+    }
+}
+
+#endif /*SOC_SHA_SUPPORT_SHA512_T*/
+
+#endif /*SOC_SHA_SUPPORTED*/

components/hal/test_apps/crypto/main/sha/sha_block.h

@@ -0,0 +1,49 @@
+/*
+ * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ *
+//  * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if SOC_SHA_SUPPORTED
+
+#include "soc/periph_defs.h"
+#include "esp_private/periph_ctrl.h"
+#include "hal/sha_hal.h"
+#include "test_params.h"
+
+#if defined(SOC_SHA_SUPPORT_SHA1)
+
+void sha1_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output);
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA1) */
+
+#if defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256)
+
+void sha256_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output);
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) */
+
+#if defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512)
+
+#if SOC_SHA_SUPPORT_SHA512_T
+
+int sha_512_t_init_hash_block(uint16_t t);
+
+#endif //SOC_SHA_SUPPORT_SHA512_T
+
+void sha512_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output);
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) */
+
+#if SOC_SHA_SUPPORT_SHA512_T
+
+void sha512t_block(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output, uint32_t t_val);
+
+#endif /*SOC_SHA_SUPPORT_SHA512_T*/
+
+#endif /*SOC_SHA_SUPPORTED*/

components/hal/test_apps/crypto/main/sha/test_params.h

@@ -0,0 +1,179 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+#include "soc/soc_caps.h"
+#include "hal/sha_types.h"
+
+#if SOC_SHA_SUPPORTED
+
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+
+#define PUT_UINT64_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 56 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 48 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >> 40 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n) >> 32 );       \
+    (b)[(i) + 4] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 5] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 6] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 7] = (unsigned char) ( (n)       );       \
+}
+
+#define BUFFER_SZ 1030 // NB: not an exact multiple of SHA block size
+
+static inline size_t block_length(esp_sha_type type)
+{
+    switch (type) {
+    case SHA1:
+    case SHA2_224:
+    case SHA2_256:
+        return 64;
+#if SOC_SHA_SUPPORT_SHA384
+    case SHA2_384:
+#endif
+#if SOC_SHA_SUPPORT_SHA512
+    case SHA2_512:
+#endif
+#if SOC_SHA_SUPPORT_SHA512_T
+    case SHA2_512224:
+    case SHA2_512256:
+    case SHA2_512T:
+#endif
+        return 128;
+    default:
+        return 0;
+    }
+}
+
+#if defined(SOC_SHA_SUPPORT_SHA1)
+
+static const unsigned char sha1_padding[64] = {
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+typedef struct {
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    int first_block;            /*!< if first then true else false */
+} sha1_ctx;
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA1) */
+
+
+#if defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256)
+
+static const unsigned char sha256_padding[64] = {
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+typedef struct {
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    int first_block;            /*!< if first then true, else false */
+} sha256_ctx;
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA224) || defined(SOC_SHA_SUPPORT_SHA256) */
+
+#if defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512)
+
+static const unsigned char sha512_padding[128] = {
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+typedef struct {
+    uint64_t total[2];          /*!< number of bytes processed  */
+    uint64_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[128];  /*!< data block being processed */
+    int first_block;
+    uint32_t t_val;             /*!< t_val for 512/t mode */
+} sha512_ctx;
+
+#if SOC_SHA_SUPPORT_SHA512_T
+int sha_512_t_init_hash_block(uint16_t t);
+
+/*
+ * FIPS-180-2 test vectors
+ */
+static const unsigned char sha512T_test_buf[2][113] = {
+    { "abc" },
+    {
+        "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+        "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+    }
+};
+
+static const size_t sha512T_test_buflen[2] = {
+    3, 112
+};
+
+static const esp_sha_type sha512T_algo[4] = {
+    SHA2_512224, SHA2_512256, SHA2_512T, SHA2_512T
+};
+
+static const size_t sha512T_t_len[4] = { 224, 256, 224, 256 };
+
+static const unsigned char sha512_test_sum[4][32] = {
+    /* SHA512-224 */
+    {
+        0x46, 0x34, 0x27, 0x0f, 0x70, 0x7b, 0x6a, 0x54,
+        0xda, 0xae, 0x75, 0x30, 0x46, 0x08, 0x42, 0xe2,
+        0x0e, 0x37, 0xed, 0x26, 0x5c, 0xee, 0xe9, 0xa4,
+        0x3e, 0x89, 0x24, 0xaa
+    },
+    {
+        0x23, 0xfe, 0xc5, 0xbb, 0x94, 0xd6, 0x0b, 0x23,
+        0x30, 0x81, 0x92, 0x64, 0x0b, 0x0c, 0x45, 0x33,
+        0x35, 0xd6, 0x64, 0x73, 0x4f, 0xe4, 0x0e, 0x72,
+        0x68, 0x67, 0x4a, 0xf9
+    },
+
+    /* SHA512-256 */
+    {
+        0x53, 0x04, 0x8e, 0x26, 0x81, 0x94, 0x1e, 0xf9,
+        0x9b, 0x2e, 0x29, 0xb7, 0x6b, 0x4c, 0x7d, 0xab,
+        0xe4, 0xc2, 0xd0, 0xc6, 0x34, 0xfc, 0x6d, 0x46,
+        0xe0, 0xe2, 0xf1, 0x31, 0x07, 0xe7, 0xaf, 0x23
+    },
+    {
+        0x39, 0x28, 0xe1, 0x84, 0xfb, 0x86, 0x90, 0xf8,
+        0x40, 0xda, 0x39, 0x88, 0x12, 0x1d, 0x31, 0xbe,
+        0x65, 0xcb, 0x9d, 0x3e, 0xf8, 0x3e, 0xe6, 0x14,
+        0x6f, 0xea, 0xc8, 0x61, 0xe1, 0x9b, 0x56, 0x3a
+    }
+
+    /* For SHA512_T testing we use t=224 & t=256
+     * so the hash digest should be same as above
+     */
+};
+
+#endif //SOC_SHA_SUPPORT_SHA512_T
+
+#endif /* defined(SOC_SHA_SUPPORT_SHA384) || defined(SOC_SHA_SUPPORT_SHA512) */
+
+#endif /* SOC_SHA_SUPPORTED */

components/hal/test_apps/crypto/main/sha/test_sha_block.c

@@ -0,0 +1,203 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: CC0-1.0
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <inttypes.h>
+#include "esp_types.h"
+#include "soc/soc_caps.h"
+#include "esp_heap_caps.h"
+#include "unity.h"
+#include "esp_heap_caps.h"
+
+#include "memory_checks.h"
+#include "unity_fixture.h"
+#include "sha_block.h"
+
+#if SOC_SHA_SUPPORTED
+
+TEST_GROUP(sha);
+
+TEST_SETUP(sha)
+{
+    test_utils_record_free_mem();
+    TEST_ESP_OK(test_utils_set_leak_level(0, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL));
+}
+
+TEST_TEAR_DOWN(sha)
+{
+    test_utils_finish_and_evaluate_leaks(test_utils_get_leak_level(ESP_LEAK_TYPE_WARNING, ESP_COMP_LEAK_ALL),
+                                         test_utils_get_leak_level(ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_ALL));
+}
+
+#if SOC_SHA_SUPPORT_SHA1
+
+TEST(sha, test_sha1)
+{
+    uint8_t sha1_result[20] = { 0 };
+    uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(buffer);
+    memset(buffer, 0xEE, BUFFER_SZ);
+
+    const uint8_t sha1_expected[20] = { 0x09, 0x23, 0x02, 0xfb, 0x2d, 0x36, 0x42, 0xec,
+                                        0xc5, 0xfa, 0xd5, 0x8f, 0xdb, 0xc3, 0x8d, 0x5c,
+                                        0x97, 0xd6, 0x17, 0xee };
+
+    sha1_block(SHA1, buffer, BUFFER_SZ, sha1_result);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(sha1_expected, sha1_result, sizeof(sha1_expected));
+    heap_caps_free(buffer);
+}
+
+#endif /* SOC_SHA_SUPPORT_SHA1 */
+
+
+#if SOC_SHA_SUPPORT_SHA224
+
+TEST(sha, test_sha224)
+{
+    uint8_t sha224_result[28] = { 0 };
+    uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(buffer);
+    memset(buffer, 0xEE, BUFFER_SZ);
+
+    const uint8_t sha224_expected[28] = { 0x69, 0xfd, 0x84, 0x30, 0xd9, 0x4a, 0x44, 0x96,
+                                        0x41, 0xc4, 0xab, 0xab, 0x89, 0x53, 0xa9, 0x1f,
+                                        0x4b, 0xfa, 0x5f, 0x2c, 0xa0, 0x72, 0x5f, 0x6b,
+                                        0xec, 0xd1, 0x47, 0xf9};
+
+    sha256_block(SHA2_224, buffer, BUFFER_SZ, sha224_result);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(sha224_expected, sha224_result, sizeof(sha224_expected));
+    heap_caps_free(buffer);
+}
+
+#endif /* SOC_SHA_SUPPORT_SHA224 */
+
+
+#if SOC_SHA_SUPPORT_SHA256
+
+TEST(sha, test_sha256)
+{
+    uint8_t sha256_result[32] = { 0 };
+    uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(buffer);
+    memset(buffer, 0xEE, BUFFER_SZ);
+
+    const uint8_t sha256_expected[32] = { 0x0c, 0x67, 0x8d, 0x7b, 0x8a, 0x3e, 0x9e, 0xc0,
+                                        0xb5, 0x61, 0xaa, 0x51, 0xd8, 0xfd, 0x42, 0x70,
+                                        0xd6, 0x11, 0x2a, 0xec, 0x4c, 0x72, 0x9b, 0x2c,
+                                        0xa4, 0xc6, 0x04, 0x80, 0x93, 0x4d, 0xc9, 0x99 };
+
+    sha256_block(SHA2_256, buffer, BUFFER_SZ, sha256_result);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(sha256_expected, sha256_result, sizeof(sha256_expected));
+    heap_caps_free(buffer);
+}
+
+#endif /* SOC_SHA_SUPPORT_SHA256 */
+
+
+#if SOC_SHA_SUPPORT_SHA384
+
+TEST(sha, test_sha384)
+{
+    uint8_t sha384_result[48] = { 0 };
+    uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(buffer);
+    memset(buffer, 0xEE, BUFFER_SZ);
+
+    const uint8_t sha384_expected[48] = { 0xf2, 0x7c, 0x75, 0x16, 0xa9, 0xe6, 0xe5, 0xe2,
+                                        0x4d, 0x8b, 0xe4, 0x6b, 0xc5, 0xb3, 0x25, 0xb1,
+                                        0x10, 0xc2, 0xb4, 0x7d, 0xb7, 0xe1, 0xee, 0x1c,
+                                        0xbd, 0xde, 0x52, 0x9d, 0xaa, 0x31, 0xda, 0x88,
+                                        0xfe, 0xec, 0xd5, 0x38, 0x59, 0x28, 0x93, 0xc7,
+                                        0x1c, 0x1a, 0x0b, 0x3b, 0x4e, 0x06, 0x48, 0xa7 };
+
+    sha512_block(SHA2_384, buffer, BUFFER_SZ, sha384_result);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(sha384_expected, sha384_result, sizeof(sha384_expected));
+    heap_caps_free(buffer);
+}
+#endif /* SOC_SHA_SUPPORT_SHA384 */
+
+#if SOC_SHA_SUPPORT_SHA512
+
+TEST(sha, test_sha512)
+{
+    uint8_t sha512_result[64] = { 0 };
+    uint8_t *buffer = heap_caps_calloc(BUFFER_SZ, sizeof(uint8_t), MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(buffer);
+    memset(buffer, 0xEE, BUFFER_SZ);
+
+    const uint8_t sha512_expected[64] = { 0x7f, 0xca, 0x1c, 0x81, 0xc6, 0xc7, 0x1e, 0x49,
+                                        0x1f, 0x4a, 0x35, 0x50, 0xb0, 0x0c, 0xd9, 0xbf,
+                                        0x3e, 0xba, 0x90, 0x31, 0x08, 0xc7, 0xb3, 0xf0,
+                                        0x58, 0x11, 0xd3, 0x29, 0xee, 0xa0, 0x4f, 0x3b,
+                                        0xe4, 0x60, 0xd2, 0xc7, 0x2e, 0x50, 0x39, 0x68,
+                                        0xf7, 0x27, 0x2e, 0x71, 0xbc, 0x9f, 0x10, 0xfc,
+                                        0x9d, 0x75, 0xb5, 0x57, 0x74, 0x8d, 0xb9, 0x4b,
+                                        0x69, 0x1a, 0x9c, 0x5f, 0x30, 0x61, 0xca, 0x3b };
+
+
+    sha512_block(SHA2_512, buffer, BUFFER_SZ, sha512_result);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(sha512_expected, sha512_result, sizeof(sha512_expected));
+    heap_caps_free(buffer);
+}
+#endif /* SOC_SHA_SUPPORT_SHA512 */
+
+
+#if SOC_SHA_SUPPORT_SHA512_T
+
+TEST(sha, test_sha512t)
+{
+    unsigned char sha512[64], k;
+
+    for (int i = 0; i < 4; i++) {
+        for (int j = 0; j < 2; j++) {
+            k = i * 2 + j;
+            if (i > 1) {
+                k = (i - 2) * 2 + j;
+            }
+
+            sha512t_block(sha512T_algo[i], sha512T_test_buf[j], sha512T_test_buflen[j], sha512, sha512T_t_len[i]);
+
+            TEST_ASSERT_EQUAL_HEX8_ARRAY(sha512_test_sum[k], sha512, sha512T_t_len[i] / 8);
+        }
+    }
+}
+
+#endif // SOC_SHA_SUPPORT_SHA512_T
+
+#endif // SOC_SHA_SUPPORTED
+
+TEST_GROUP_RUNNER(sha)
+{
+#if SOC_SHA_SUPPORTED
+
+#if SOC_SHA_SUPPORT_SHA1
+    RUN_TEST_CASE(sha, test_sha1);
+#endif /* SOC_SHA_SUPPORT_SHA1 */
+
+#if SOC_SHA_SUPPORT_SHA224
+    RUN_TEST_CASE(sha, test_sha224);
+#endif /* SOC_SHA_SUPPORT_SHA224 */
+
+#if SOC_SHA_SUPPORT_SHA256
+    RUN_TEST_CASE(sha, test_sha256);
+#endif /* SOC_SHA_SUPPORT_SHA256 */
+
+#if SOC_SHA_SUPPORT_SHA384
+    RUN_TEST_CASE(sha, test_sha384);
+#endif /* SOC_SHA_SUPPORT_SHA384 */
+
+#if SOC_SHA_SUPPORT_SHA512
+    RUN_TEST_CASE(sha, test_sha512);
+#endif /* SOC_SHA_SUPPORT_SHA512 */
+
+#if SOC_SHA_SUPPORT_SHA512_T
+    RUN_TEST_CASE(sha, test_sha512t);
+#endif // SOC_SHA_SUPPORT_SHA512_T
+
+#endif /* SOC_SHA_SUPPORTED */
+}