Home Verkennen Help
Inloggen
RT-Thread-packages
/
esp-idf
spiegel van https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

mbedTLS SHA: Fix cloning of SHA-384 digests

Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
Angus Gratton 9 jaren geleden
bovenliggende
a902e2a9de
commit
88b264cfce
3 gewijzigde bestanden met toevoegingen van 12 en 5 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 2 2
      components/esp32/hwcrypto/sha.c
  2. 5 2
      components/esp32/include/hwcrypto/sha.h
  3. 5 1
      components/mbedtls/port/esp_sha512.c

+ 2 - 2
components/esp32/hwcrypto/sha.c
Bestand weergeven 

@@ -82,7 +82,7 @@ inline static size_t sha_engine_index(esp_sha_type type) {
 
     }
 
 }
 
 
-/* Return state & digest length (in bytes) for a given SHA type */
 
+/* Return digest length (in bytes) for a given SHA type */
 
 inline static size_t sha_length(esp_sha_type type) {
 
     switch(type) {
 
     case SHA1:
 
@@ -90,7 +90,7 @@ inline static size_t sha_length(esp_sha_type type) {
 
     case SHA2_256:
 
         return 32;
 
     case SHA2_384:
 
-        return 64;
 
+        return 48;
 
     case SHA2_512:
 
         return 64;
 
     default:

+ 5 - 2
components/esp32/include/hwcrypto/sha.h
Bestand weergeven 

@@ -113,11 +113,14 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_
 
  * value that is read is the SHA digest (in big endian
 
  * format). Otherwise, the value that is read is an interim SHA state.
 
  *
 
+ * @note If sha_type is SHA2_384, only 48 bytes of state will be read.
 
+ * This is enough for the final SHA2_384 digest, but if you want the
 
+ * interim SHA-384 state (to continue digesting) then pass SHA2_512 instead.
 
+ *
 
  * @param sha_type SHA algorithm in use.
 
  *
 
  * @param state Pointer to a memory buffer to hold the SHA state. Size
 
- * is 20 bytes (SHA1), 64 bytes (SHA2_256), or 128 bytes (SHA2_384 or
 
- * SHA2_512).
 
+ * is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512).
 
  *
 
  */
 
 void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state);

+ 5 - 1
components/mbedtls/port/esp_sha512.c
Bestand weergeven 

@@ -121,8 +121,12 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
 
     if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
 
         /* Copy hardware digest state out to cloned state,
 
            which will be a software digest.
 
+
 
+           Always read 512 bits of state, even for SHA-384
 
+           (SHA-384 state is identical to SHA-512, only
 
+           digest is truncated.)
 
         */
 
-        esp_sha_read_digest_state(sha_type(dst), dst->state);
 
+        esp_sha_read_digest_state(SHA2_512, dst->state);
 
         dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
 
     }
 
 }