Merge branch 'feature/libsodium_use_mbedtls' into 'master'

libsodium: Use mbedTLS implementations for SHA256 & SHA512



See merge request !1121

components/libsodium/component.mk

@@ -3,7 +3,7 @@ COMPONENT_SUBMODULES += libsodium
 # Common root directory for all source directories
 LSRC := libsodium/src/libsodium
 
-COMPONENT_SRCDIRS := private
+COMPONENT_SRCDIRS := port
 
 # Derived from libsodium/src/libsodium/Makefile.am
 # (ignoring the !MINIMAL set)
@@ -26,9 +26,7 @@ COMPONENT_SRCDIRS += \
 	$(LSRC)/crypto_generichash/blake2b/ref \
 	$(LSRC)/crypto_hash \
 	$(LSRC)/crypto_hash/sha256 \
-	$(LSRC)/crypto_hash/sha256/cp \
 	$(LSRC)/crypto_hash/sha512 \
-	$(LSRC)/crypto_hash/sha512/cp \
 	$(LSRC)/crypto_kdf/blake2b \
 	$(LSRC)/crypto_kdf \
 	$(LSRC)/crypto_kx \
@@ -68,8 +66,9 @@ $(LSRC)/crypto_pwhash/argon2/argon2-core.o: CFLAGS += -Wno-type-limits
 $(LSRC)/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.o: CFLAGS += -Wno-type-limits
 $(LSRC)/sodium/utils.o: CFLAGS += -Wno-unused-variable
 
-COMPONENT_ADD_INCLUDEDIRS := $(LSRC)/include port_include
-COMPONENT_PRIV_INCLUDEDIRS := $(LSRC)/include/sodium port_include/sodium private
+COMPONENT_ADD_INCLUDEDIRS := port_include $(LSRC)/include
+# (port_include repeated here as these include directories come before COMPONENT_ADD_INCLUDEDIRS)
+COMPONENT_PRIV_INCLUDEDIRS := port_include port_include/sodium $(LSRC)/include/sodium port
 
 # Not using autoconf, but this needs to be set
 CFLAGS += -DCONFIGURED

components/libsodium/port/crypto_hash_sha256_mbedtls.c

@@ -0,0 +1,45 @@
+// Copyright 2017 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "crypto_hash_sha256.h"
+
+int
+crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+{
+    mbedtls_sha256_init(state);
+    return 0;
+}
+
+int
+crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                          const unsigned char *in, unsigned long long inlen)
+{
+    mbedtls_sha256_update(state, in, inlen);
+    return 0;
+}
+
+int
+crypto_hash_sha256_final(crypto_hash_sha256_state *state, unsigned char *out)
+{
+    mbedtls_sha256_finish(state, out);
+    return 0;
+}
+
+int
+crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                   unsigned long long inlen)
+{
+    mbedtls_sha256(in, inlen, out, 0);
+    return 0;
+}

components/libsodium/port/crypto_hash_sha512_mbedtls.c

@@ -0,0 +1,45 @@
+// Copyright 2017 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "crypto_hash_sha512.h"
+
+int
+crypto_hash_sha512_init(crypto_hash_sha512_state *state)
+{
+    mbedtls_sha512_init(state);
+    return 0;
+}
+
+int
+crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+                          const unsigned char *in, unsigned long long inlen)
+{
+    mbedtls_sha512_update(state, in, inlen);
+    return 0;
+}
+
+int
+crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out)
+{
+    mbedtls_sha512_finish(state, out);
+    return 0;
+}
+
+int
+crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+                   unsigned long long inlen)
+{
+    mbedtls_sha512(in, inlen, out, 0);
+    return 0;
+}

components/libsodium/port_include/sodium.h

@@ -0,0 +1,6 @@
+/* Shim needed to make sure the mbedTLS-specific
+   sha256 & 512 headers are included */
+#pragma once
+#include "sodium/crypto_hash_sha512.h"
+#include "sodium/crypto_hash_sha256.h"
+#include_next "sodium.h"

components/libsodium/port_include/sodium/crypto_auth.h

@@ -0,0 +1,6 @@
+/* Shim needed to make sure the mbedTLS-specific
+   sha256 & sha512 headers are included */
+#pragma once
+#include "crypto_hash_sha512.h"
+#include "crypto_hash_sha256.h"
+#include_next "sodium/crypto_auth.h"

components/libsodium/port_include/sodium/crypto_auth_hmacsha256.h

@@ -0,0 +1,6 @@
+/* Shim needed to make sure the mbedTLS-specific
+   sha256 header is included */
+#pragma once
+#include "crypto_hash_sha256.h"
+#include_next "sodium/crypto_auth_hmacsha256.h"
+

components/libsodium/port_include/sodium/crypto_auth_hmacsha512.h

@@ -0,0 +1,5 @@
+/* Shim needed to make sure the mbedTLS-specific
+   sha512 header is included */
+#pragma once
+#include "crypto_hash_sha512.h"
+#include_next "sodium/crypto_auth_hmacsha512.h"

components/libsodium/port_include/sodium/crypto_auth_hmacsha512256.h

@@ -0,0 +1,6 @@
+/* Shim needed to make sure the mbedTLS-specific
+   sha256 & sha512 headers are included */
+#pragma once
+#include "crypto_hash_sha512.h"
+#include "crypto_hash_sha256.h"
+#include_next "sodium/crypto_auth_hmacsha512256.h"

components/libsodium/port_include/sodium/crypto_hash_sha256.h

@@ -0,0 +1,66 @@
+// Copyright 2017 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/* This is a wrapper for libsodium sha256 that calls back to
+   the mbedTLS implementation (to reduce code size, improve
+   performance, provide hardware acceleration option).
+*/
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <mbedtls/sha256.h>
+
+#include "sodium/export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef mbedtls_sha256_context crypto_hash_sha256_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                             unsigned char *out);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

components/libsodium/port_include/sodium/crypto_hash_sha512.h

@@ -0,0 +1,66 @@
+// Copyright 2017 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+/* This is a wrapper for libsodium sha512 that calls back to
+   the mbedTLS implementation (to reduce code size, improve
+   performance, provide hardware acceleration option).
+*/
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <mbedtls/sha512.h>
+
+#include "sodium/export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef mbedtls_sha512_context crypto_hash_sha512_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
+
+#define crypto_hash_sha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_hash_sha512_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+                       unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_hash_sha512_init(crypto_hash_sha512_state *state);
+
+SODIUM_EXPORT
+int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen);
+
+SODIUM_EXPORT
+int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
+                             unsigned char *out);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

components/libsodium/test/component.mk

@@ -32,7 +32,7 @@ ote:
 COMPONENT_OBJS += $(LS_TESTDIR)/$(1).o
 endef
 
-TEST_CASES := chacha20 aead_chacha20poly1305 box box2 ed25519_convert sign
+TEST_CASES := chacha20 aead_chacha20poly1305 box box2 ed25519_convert sign hash
 
 $(foreach case,$(TEST_CASES),$(eval $(call sodium_testcase,$(case))))
 

components/libsodium/test/test_sodium.c

@@ -51,4 +51,12 @@ TEST_CASE("sign tests", "[libsodium]")
     TEST_ASSERT_EQUAL(0, sign_xmain() );
 }
 
+extern int hash_xmain();
+
+TEST_CASE("hash tests", "[libsodium]")
+{
+    printf("Running hash\n");
+    TEST_ASSERT_EQUAL(0, hash_xmain() );
+}
+