mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD, which is enough for final digest but not enough if you plan to resume digest in software.
This commit is contained in:
parent
a902e2a9de
commit
88b264cfce
|
@ -82,7 +82,7 @@ inline static size_t sha_engine_index(esp_sha_type type) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Return state & digest length (in bytes) for a given SHA type */
|
/* Return digest length (in bytes) for a given SHA type */
|
||||||
inline static size_t sha_length(esp_sha_type type) {
|
inline static size_t sha_length(esp_sha_type type) {
|
||||||
switch(type) {
|
switch(type) {
|
||||||
case SHA1:
|
case SHA1:
|
||||||
|
@ -90,7 +90,7 @@ inline static size_t sha_length(esp_sha_type type) {
|
||||||
case SHA2_256:
|
case SHA2_256:
|
||||||
return 32;
|
return 32;
|
||||||
case SHA2_384:
|
case SHA2_384:
|
||||||
return 64;
|
return 48;
|
||||||
case SHA2_512:
|
case SHA2_512:
|
||||||
return 64;
|
return 64;
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -113,11 +113,14 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_
|
||||||
* value that is read is the SHA digest (in big endian
|
* value that is read is the SHA digest (in big endian
|
||||||
* format). Otherwise, the value that is read is an interim SHA state.
|
* format). Otherwise, the value that is read is an interim SHA state.
|
||||||
*
|
*
|
||||||
|
* @note If sha_type is SHA2_384, only 48 bytes of state will be read.
|
||||||
|
* This is enough for the final SHA2_384 digest, but if you want the
|
||||||
|
* interim SHA-384 state (to continue digesting) then pass SHA2_512 instead.
|
||||||
|
*
|
||||||
* @param sha_type SHA algorithm in use.
|
* @param sha_type SHA algorithm in use.
|
||||||
*
|
*
|
||||||
* @param state Pointer to a memory buffer to hold the SHA state. Size
|
* @param state Pointer to a memory buffer to hold the SHA state. Size
|
||||||
* is 20 bytes (SHA1), 64 bytes (SHA2_256), or 128 bytes (SHA2_384 or
|
* is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512).
|
||||||
* SHA2_512).
|
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state);
|
void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state);
|
||||||
|
|
|
@ -121,8 +121,12 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||||
if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
|
if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
|
||||||
/* Copy hardware digest state out to cloned state,
|
/* Copy hardware digest state out to cloned state,
|
||||||
which will be a software digest.
|
which will be a software digest.
|
||||||
|
|
||||||
|
Always read 512 bits of state, even for SHA-384
|
||||||
|
(SHA-384 state is identical to SHA-512, only
|
||||||
|
digest is truncated.)
|
||||||
*/
|
*/
|
||||||
esp_sha_read_digest_state(sha_type(dst), dst->state);
|
esp_sha_read_digest_state(SHA2_512, dst->state);
|
||||||
dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
|
dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue