sys/hashes: support for SHA-{384,512/{224,256}}

pkg/esp32_sdk: rename sha384_init to avoid name clash
Ollrogge · Mar 25, 2024 · 9300007 · 9300007
1 parent c571039
commit 9300007
Show file tree

Hide file tree

Showing 16 changed files with 1,138 additions and 16 deletions.
diff --git a/pkg/esp32_sdk/patches/0034-wpa_supplicant-add-prefix-wpa_-to-sha384_init.patch b/pkg/esp32_sdk/patches/0034-wpa_supplicant-add-prefix-wpa_-to-sha384_init.patch
@@ -0,0 +1,63 @@
+From 1a3bd2c8020d9d8e36312f0a64adf9d3bf45f462 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= <mikolai.guetschow@tu-dresden.de>
+Date: Fri, 22 Mar 2024 07:54:19 +0100
+Subject: [PATCH] wpa_supplicant: add prefix wpa_ to sha384_init
+
+Prefix `wpa_` added to `sha384_init` function of `wpa_suppplicant` to avoid name conflicts with RIOT module `sys/hashes`.
+---
+ components/wpa_supplicant/src/crypto/crypto_internal.c | 2 +-
+ components/wpa_supplicant/src/crypto/sha384-internal.c | 4 ++--
+ components/wpa_supplicant/src/crypto/sha384_i.h        | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/components/wpa_supplicant/src/crypto/crypto_internal.c b/components/wpa_supplicant/src/crypto/crypto_internal.c
+index 7ff588cb..bda80730 100644
+--- a/components/wpa_supplicant/src/crypto/crypto_internal.c
++++ b/components/wpa_supplicant/src/crypto/crypto_internal.c
+@@ -62,7 +62,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ #endif /* CONFIG_SHA256 */
+ #ifdef CONFIG_INTERNAL_SHA384
+ 	case CRYPTO_HASH_ALG_SHA384:
+-		sha384_init(&ctx->u.sha384);
++		wpa_sha384_init(&ctx->u.sha384);
+ 		break;
+ #endif /* CONFIG_INTERNAL_SHA384 */
+ #ifdef CONFIG_INTERNAL_SHA512
+diff --git a/components/wpa_supplicant/src/crypto/sha384-internal.c b/components/wpa_supplicant/src/crypto/sha384-internal.c
+index 646f7297..5cefa825 100644
+--- a/components/wpa_supplicant/src/crypto/sha384-internal.c
++++ b/components/wpa_supplicant/src/crypto/sha384-internal.c
+@@ -27,7 +27,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ 	struct sha384_state ctx;
+ 	size_t i;
+
+-	sha384_init(&ctx);
++	wpa_sha384_init(&ctx);
+ 	for (i = 0; i < num_elem; i++)
+ 		if (sha384_process(&ctx, addr[i], len[i]))
+ 			return -1;
+@@ -49,7 +49,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+    @param md   The hash state you wish to initialize
+    @return CRYPT_OK if successful
+ */
+-void sha384_init(struct sha384_state *md)
++void wpa_sha384_init(struct sha384_state *md)
+ {
+ 	md->curlen = 0;
+ 	md->length = 0;
+diff --git a/components/wpa_supplicant/src/crypto/sha384_i.h b/components/wpa_supplicant/src/crypto/sha384_i.h
+index a00253ff..57860bdf 100644
+--- a/components/wpa_supplicant/src/crypto/sha384_i.h
++++ b/components/wpa_supplicant/src/crypto/sha384_i.h
+@@ -15,7 +15,7 @@
+
+ #define sha384_state sha512_state
+
+-void sha384_init(struct sha384_state *md);
++void wpa_sha384_init(struct sha384_state *md);
+ int sha384_process(struct sha384_state *md, const unsigned char *in,
+ 		   unsigned long inlen);
+ int sha384_done(struct sha384_state *md, unsigned char *out);
+-- 
+2.39.2
+
diff --git a/sys/hashes/sha224.c b/sys/hashes/sha224.c
@@ -18,11 +18,9 @@
  * @}
  */
 
-#include <string.h>
 #include <assert.h>
 
 #include "hashes/sha224.h"
-#include "hashes/sha2xx_common.h"
 
 /* SHA-224 initialization.  Begins a SHA-224 operation. */
 void sha224_init(sha224_context_t *ctx)

diff --git a/sys/hashes/sha384.c b/sys/hashes/sha384.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ *
+ * @{
+ * @file
+ * @brief       SHA384 hash function implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <assert.h>
+
+#include "hashes/sha384.h"
+
+void sha384_init(sha384_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0xcbbb9d5dc1059ed8;
+    ctx->state[1] = 0x629a292a367cd507;
+    ctx->state[2] = 0x9159015a3070dd17;
+    ctx->state[3] = 0x152fecd8f70e5939;
+    ctx->state[4] = 0x67332667ffc00b31;
+    ctx->state[5] = 0x8eb44a8768581511;
+    ctx->state[6] = 0xdb0c2e0d64f98fa7;
+    ctx->state[7] = 0x47b5481dbefa4fa4;
+}
+
+void sha384(const void *data, size_t len, void *digest)
+{
+    sha384_context_t c;
+    assert(digest);
+
+    sha384_init(&c);
+    sha384_update(&c, data, len);
+    sha384_final(&c, digest);
+}
diff --git a/sys/hashes/sha512.c b/sys/hashes/sha512.c
@@ -18,11 +18,9 @@
  * @}
  */
 
-#include <string.h>
 #include <assert.h>
 
 #include "hashes/sha512.h"
-#include "hashes/sha512_common.h"
 
 /* SHA-512 initialization.  Begins a SHA-512 operation. */
 void sha512_init(sha512_context_t *ctx)
@@ -44,6 +42,7 @@ void sha512_init(sha512_context_t *ctx)
 void sha512(const void *data, size_t len, void *digest)
 {
     sha512_context_t c;
+    assert(digest);
 
     sha512_init(&c);
     sha512_update(&c, data, len);

diff --git a/sys/hashes/sha512_224.c b/sys/hashes/sha512_224.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ *
+ * @{
+ * @file
+ * @brief       SHA512/224 hash function implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <assert.h>
+
+#include "hashes/sha512_224.h"
+
+void sha512_224_init(sha512_224_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0x8C3D37C819544DA2;
+    ctx->state[1] = 0x73E1996689DCD4D6;
+    ctx->state[2] = 0x1DFAB7AE32FF9C82;
+    ctx->state[3] = 0x679DD514582F9FCF;
+    ctx->state[4] = 0x0F6D2B697BD44DA8;
+    ctx->state[5] = 0x77E36F7304C48942;
+    ctx->state[6] = 0x3F9D85A86A1D36C8;
+    ctx->state[7] = 0x1112E6AD91D692A1;
+}
+
+void sha512_224(const void *data, size_t len, void *digest)
+{
+    sha512_224_context_t c;
+    assert(digest);
+
+    sha512_224_init(&c);
+    sha512_224_update(&c, data, len);
+    sha512_224_final(&c, digest);
+}
diff --git a/sys/hashes/sha512_256.c b/sys/hashes/sha512_256.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ *
+ * @{
+ * @file
+ * @brief       SHA512/256 hash function implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <assert.h>
+
+#include "hashes/sha512_256.h"
+
+void sha512_256_init(sha512_256_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0x22312194FC2BF72C;
+    ctx->state[1] = 0x9F555FA3C84C64C2;
+    ctx->state[2] = 0x2393B86B6F53B151;
+    ctx->state[3] = 0x963877195940EABD;
+    ctx->state[4] = 0x96283EE2A88EFFE3;
+    ctx->state[5] = 0xBE5E1E2553863992;
+    ctx->state[6] = 0x2B0199FC2C85B8AA;
+    ctx->state[7] = 0x0EB72DDC81C52CA2;
+}
+
+void sha512_256(const void *data, size_t len, void *digest)
+{
+    sha512_256_context_t c;
+    assert(digest);
+
+    sha512_256_init(&c);
+    sha512_256_update(&c, data, len);
+    sha512_256_final(&c, digest);
+}
diff --git a/sys/hashes/sha512_common.c b/sys/hashes/sha512_common.c
@@ -34,26 +34,25 @@
 #else /* !__BIG_ENDIAN__ */
 
 /*
- * Encode a length len/8 vector of (uint64_t) into a length len vector of
- * (unsigned char) in big-endian form.  Assumes len is a multiple of 8.
+ * Encode a length ceil(len/8) vector of (uint64_t) into a length len vector of
+ * (unsigned char) in big-endian form.
  */
 static void be64enc_vect(void *dst_, const void *src_, size_t len)
 {
-    /* Assert if len is not a multiple of 8 */
-    assert(!(len & 7));
-
+    size_t i;
     if ((uintptr_t)dst_ % sizeof(uint64_t) == 0 &&
         (uintptr_t)src_ % sizeof(uint64_t) == 0) {
         uint64_t *dst = dst_;
         const uint64_t *src = src_;
-        for (size_t i = 0; i < len / 8; i++) {
+        for (i = 0; i < len / 8; i++) {
             dst[i] = __builtin_bswap64(src[i]);
         }
+        i *= 8;
     }
     else {
         uint8_t *dst = dst_;
         const uint8_t *src = src_;
-        for (size_t i = 0; i < len; i += 8) {
+        for (i = 0; i < len-7; i += 8) {
             dst[i] = src[i + 7];
             dst[i + 1] = src[i + 6];
             dst[i + 2] = src[i + 5];
@@ -64,6 +63,14 @@ static void be64enc_vect(void *dst_, const void *src_, size_t len)
             dst[i + 7] = src[i];
         }
     }
+    /* copy len%8 remaining bytes */
+    if (i < len) {
+        uint8_t *dst = dst_;
+        const uint8_t *src = src_;
+        for (size_t j = 0; j < len-i; j++) {
+            dst[i + j] = src[i+7 - j];
+        }
+    }
 }
 
 /*

diff --git a/sys/include/hashes/sha384.h b/sys/include/hashes/sha384.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    sys_hashes_sha384 SHA-384
+ * @ingroup     sys_hashes_unkeyed
+ * @brief       Implementation of the SHA-384 hashing function
+ * @{
+ *
+ * @file
+ * @brief       Header definitions for the SHA384 hash function
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ */
+
+#ifndef HASHES_SHA384_H
+#define HASHES_SHA384_H
+
+#include <inttypes.h>
+#include <stddef.h>
+
+#include "hashes/sha512_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief   Length of SHA384 digests in bytes
+ */
+#define SHA384_DIGEST_LENGTH (48)
+
+/**
+ * @brief 1024 Bit (128 Byte) internally used block size for sha384
+ */
+#define SHA384_INTERNAL_BLOCK_SIZE (128)
+
+/**
+ * @brief Context for cipher operations based on sha384
+ */
+typedef sha512_common_context_t sha384_context_t;
+
+/**
+ * @brief SHA-384 initialization.  Begins a SHA-384 operation.
+ *
+ * @param ctx  sha384_context_t handle to init, must not be NULL
+ */
+void sha384_init(sha384_context_t *ctx);
+
+/**
+ * @brief Add bytes into the hash
+ *
+ * @param ctx      sha384_context_t handle to use, must not be NULL
+ * @param[in] data Input data
+ * @param[in] len  Length of @p data
+ */
+static inline void sha384_update(sha384_context_t *ctx, const void *data, size_t len)
+{
+    sha512_common_update(ctx, data, len);
+}
+
+/**
+ * @brief SHA-384 finalization.  Pads the input data, exports the hash value,
+ * and clears the context state.
+ *
+ * @param ctx           sha384_context_t handle to use, must not be NULL
+ * @param[out] digest   pointer to resulting digest, this is the hash of all the bytes.
+ *                      Length must be at least SHA384_DIGEST_LENGTH
+ */
+static inline void sha384_final(sha384_context_t *ctx, void *digest)
+{
+    sha512_common_final(ctx, digest, SHA384_DIGEST_LENGTH);
+}
+
+/**
+ * @brief A wrapper function to simplify the generation of a hash. This is
+ * useful for generating sha384 for one single buffer in a single step.
+ *
+ * @param[in] data      pointer to the buffer to generate hash from
+ * @param[in] len       length of the buffer
+ * @param[out] digest   optional pointer to an array for the result, length must
+ *                      be at least SHA384_DIGEST_LENGTH
+ */
+void sha384(const void *data, size_t len, void *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+/** @} */
+#endif /* HASHES_SHA384_H */