From 979eabeba5324ae9054a22c560907ca1e8097199 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 18 Aug 2017 15:11:33 +1000 Subject: [PATCH] libsodium: Use mbedTLS implementations for SHA256 & SHA512 * Adds support for hardware accelerated SHA * Saves code size (~5.5KB) for SHA256 & SHA512 where libsodium & mbedTLS both used --- components/libsodium/component.mk | 9 ++- .../port/crypto_hash_sha256_mbedtls.c | 45 +++++++++++++ .../port/crypto_hash_sha512_mbedtls.c | 45 +++++++++++++ .../{private => port}/randombytes_default.h | 0 .../{private => port}/randombytes_esp32.c | 0 components/libsodium/port_include/sodium.h | 6 ++ .../port_include/sodium/crypto_auth.h | 6 ++ .../sodium/crypto_auth_hmacsha256.h | 6 ++ .../sodium/crypto_auth_hmacsha512.h | 5 ++ .../sodium/crypto_auth_hmacsha512256.h | 6 ++ .../port_include/sodium/crypto_hash_sha256.h | 66 +++++++++++++++++++ .../port_include/sodium/crypto_hash_sha512.h | 66 +++++++++++++++++++ components/libsodium/test/component.mk | 2 +- components/libsodium/test/test_sodium.c | 8 +++ 14 files changed, 264 insertions(+), 6 deletions(-) create mode 100644 components/libsodium/port/crypto_hash_sha256_mbedtls.c create mode 100644 components/libsodium/port/crypto_hash_sha512_mbedtls.c rename components/libsodium/{private => port}/randombytes_default.h (100%) rename components/libsodium/{private => port}/randombytes_esp32.c (100%) create mode 100644 components/libsodium/port_include/sodium.h create mode 100644 components/libsodium/port_include/sodium/crypto_auth.h create mode 100644 components/libsodium/port_include/sodium/crypto_auth_hmacsha256.h create mode 100644 components/libsodium/port_include/sodium/crypto_auth_hmacsha512.h create mode 100644 components/libsodium/port_include/sodium/crypto_auth_hmacsha512256.h create mode 100644 components/libsodium/port_include/sodium/crypto_hash_sha256.h create mode 100644 components/libsodium/port_include/sodium/crypto_hash_sha512.h diff --git a/components/libsodium/component.mk b/components/libsodium/component.mk index d28a07e45..482fc8e55 100644 --- a/components/libsodium/component.mk +++ b/components/libsodium/component.mk @@ -3,7 +3,7 @@ COMPONENT_SUBMODULES += libsodium # Common root directory for all source directories LSRC := libsodium/src/libsodium -COMPONENT_SRCDIRS := private +COMPONENT_SRCDIRS := port # Derived from libsodium/src/libsodium/Makefile.am # (ignoring the !MINIMAL set) @@ -26,9 +26,7 @@ COMPONENT_SRCDIRS += \ $(LSRC)/crypto_generichash/blake2b/ref \ $(LSRC)/crypto_hash \ $(LSRC)/crypto_hash/sha256 \ - $(LSRC)/crypto_hash/sha256/cp \ $(LSRC)/crypto_hash/sha512 \ - $(LSRC)/crypto_hash/sha512/cp \ $(LSRC)/crypto_kdf/blake2b \ $(LSRC)/crypto_kdf \ $(LSRC)/crypto_kx \ @@ -68,8 +66,9 @@ $(LSRC)/crypto_pwhash/argon2/argon2-core.o: CFLAGS += -Wno-type-limits $(LSRC)/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.o: CFLAGS += -Wno-type-limits $(LSRC)/sodium/utils.o: CFLAGS += -Wno-unused-variable -COMPONENT_ADD_INCLUDEDIRS := $(LSRC)/include port_include -COMPONENT_PRIV_INCLUDEDIRS := $(LSRC)/include/sodium port_include/sodium private +COMPONENT_ADD_INCLUDEDIRS := port_include $(LSRC)/include +# (port_include repeated here as these include directories come before COMPONENT_ADD_INCLUDEDIRS) +COMPONENT_PRIV_INCLUDEDIRS := port_include port_include/sodium $(LSRC)/include/sodium port # Not using autoconf, but this needs to be set CFLAGS += -DCONFIGURED diff --git a/components/libsodium/port/crypto_hash_sha256_mbedtls.c b/components/libsodium/port/crypto_hash_sha256_mbedtls.c new file mode 100644 index 000000000..dbb8abacb --- /dev/null +++ b/components/libsodium/port/crypto_hash_sha256_mbedtls.c @@ -0,0 +1,45 @@ +// Copyright 2017 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "crypto_hash_sha256.h" + +int +crypto_hash_sha256_init(crypto_hash_sha256_state *state) +{ + mbedtls_sha256_init(state); + return 0; +} + +int +crypto_hash_sha256_update(crypto_hash_sha256_state *state, + const unsigned char *in, unsigned long long inlen) +{ + mbedtls_sha256_update(state, in, inlen); + return 0; +} + +int +crypto_hash_sha256_final(crypto_hash_sha256_state *state, unsigned char *out) +{ + mbedtls_sha256_finish(state, out); + return 0; +} + +int +crypto_hash_sha256(unsigned char *out, const unsigned char *in, + unsigned long long inlen) +{ + mbedtls_sha256(in, inlen, out, 0); + return 0; +} diff --git a/components/libsodium/port/crypto_hash_sha512_mbedtls.c b/components/libsodium/port/crypto_hash_sha512_mbedtls.c new file mode 100644 index 000000000..22761f394 --- /dev/null +++ b/components/libsodium/port/crypto_hash_sha512_mbedtls.c @@ -0,0 +1,45 @@ +// Copyright 2017 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "crypto_hash_sha512.h" + +int +crypto_hash_sha512_init(crypto_hash_sha512_state *state) +{ + mbedtls_sha512_init(state); + return 0; +} + +int +crypto_hash_sha512_update(crypto_hash_sha512_state *state, + const unsigned char *in, unsigned long long inlen) +{ + mbedtls_sha512_update(state, in, inlen); + return 0; +} + +int +crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out) +{ + mbedtls_sha512_finish(state, out); + return 0; +} + +int +crypto_hash_sha512(unsigned char *out, const unsigned char *in, + unsigned long long inlen) +{ + mbedtls_sha512(in, inlen, out, 0); + return 0; +} diff --git a/components/libsodium/private/randombytes_default.h b/components/libsodium/port/randombytes_default.h similarity index 100% rename from components/libsodium/private/randombytes_default.h rename to components/libsodium/port/randombytes_default.h diff --git a/components/libsodium/private/randombytes_esp32.c b/components/libsodium/port/randombytes_esp32.c similarity index 100% rename from components/libsodium/private/randombytes_esp32.c rename to components/libsodium/port/randombytes_esp32.c diff --git a/components/libsodium/port_include/sodium.h b/components/libsodium/port_include/sodium.h new file mode 100644 index 000000000..05ad61357 --- /dev/null +++ b/components/libsodium/port_include/sodium.h @@ -0,0 +1,6 @@ +/* Shim needed to make sure the mbedTLS-specific + sha256 & 512 headers are included */ +#pragma once +#include "sodium/crypto_hash_sha512.h" +#include "sodium/crypto_hash_sha256.h" +#include_next "sodium.h" diff --git a/components/libsodium/port_include/sodium/crypto_auth.h b/components/libsodium/port_include/sodium/crypto_auth.h new file mode 100644 index 000000000..d877199a9 --- /dev/null +++ b/components/libsodium/port_include/sodium/crypto_auth.h @@ -0,0 +1,6 @@ +/* Shim needed to make sure the mbedTLS-specific + sha256 & sha512 headers are included */ +#pragma once +#include "crypto_hash_sha512.h" +#include "crypto_hash_sha256.h" +#include_next "sodium/crypto_auth.h" diff --git a/components/libsodium/port_include/sodium/crypto_auth_hmacsha256.h b/components/libsodium/port_include/sodium/crypto_auth_hmacsha256.h new file mode 100644 index 000000000..1a80a2637 --- /dev/null +++ b/components/libsodium/port_include/sodium/crypto_auth_hmacsha256.h @@ -0,0 +1,6 @@ +/* Shim needed to make sure the mbedTLS-specific + sha256 header is included */ +#pragma once +#include "crypto_hash_sha256.h" +#include_next "sodium/crypto_auth_hmacsha256.h" + diff --git a/components/libsodium/port_include/sodium/crypto_auth_hmacsha512.h b/components/libsodium/port_include/sodium/crypto_auth_hmacsha512.h new file mode 100644 index 000000000..d296d6184 --- /dev/null +++ b/components/libsodium/port_include/sodium/crypto_auth_hmacsha512.h @@ -0,0 +1,5 @@ +/* Shim needed to make sure the mbedTLS-specific + sha512 header is included */ +#pragma once +#include "crypto_hash_sha512.h" +#include_next "sodium/crypto_auth_hmacsha512.h" diff --git a/components/libsodium/port_include/sodium/crypto_auth_hmacsha512256.h b/components/libsodium/port_include/sodium/crypto_auth_hmacsha512256.h new file mode 100644 index 000000000..af50b238d --- /dev/null +++ b/components/libsodium/port_include/sodium/crypto_auth_hmacsha512256.h @@ -0,0 +1,6 @@ +/* Shim needed to make sure the mbedTLS-specific + sha256 & sha512 headers are included */ +#pragma once +#include "crypto_hash_sha512.h" +#include "crypto_hash_sha256.h" +#include_next "sodium/crypto_auth_hmacsha512256.h" diff --git a/components/libsodium/port_include/sodium/crypto_hash_sha256.h b/components/libsodium/port_include/sodium/crypto_hash_sha256.h new file mode 100644 index 000000000..c66a97a45 --- /dev/null +++ b/components/libsodium/port_include/sodium/crypto_hash_sha256.h @@ -0,0 +1,66 @@ +// Copyright 2017 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +#ifndef crypto_hash_sha256_H +#define crypto_hash_sha256_H + +/* This is a wrapper for libsodium sha256 that calls back to + the mbedTLS implementation (to reduce code size, improve + performance, provide hardware acceleration option). +*/ + +#include +#include +#include + +#include + +#include "sodium/export.h" + +#ifdef __cplusplus +# ifdef __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +typedef mbedtls_sha256_context crypto_hash_sha256_state; + +SODIUM_EXPORT +size_t crypto_hash_sha256_statebytes(void); + +#define crypto_hash_sha256_BYTES 32U +SODIUM_EXPORT +size_t crypto_hash_sha256_bytes(void); + +SODIUM_EXPORT +int crypto_hash_sha256(unsigned char *out, const unsigned char *in, + unsigned long long inlen); + +SODIUM_EXPORT +int crypto_hash_sha256_init(crypto_hash_sha256_state *state); + +SODIUM_EXPORT +int crypto_hash_sha256_update(crypto_hash_sha256_state *state, + const unsigned char *in, + unsigned long long inlen); + +SODIUM_EXPORT +int crypto_hash_sha256_final(crypto_hash_sha256_state *state, + unsigned char *out); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/components/libsodium/port_include/sodium/crypto_hash_sha512.h b/components/libsodium/port_include/sodium/crypto_hash_sha512.h new file mode 100644 index 000000000..f173eeb1a --- /dev/null +++ b/components/libsodium/port_include/sodium/crypto_hash_sha512.h @@ -0,0 +1,66 @@ +// Copyright 2017 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +#ifndef crypto_hash_sha512_H +#define crypto_hash_sha512_H + +/* This is a wrapper for libsodium sha512 that calls back to + the mbedTLS implementation (to reduce code size, improve + performance, provide hardware acceleration option). +*/ + +#include +#include +#include + +#include + +#include "sodium/export.h" + +#ifdef __cplusplus +# ifdef __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +typedef mbedtls_sha512_context crypto_hash_sha512_state; + +SODIUM_EXPORT +size_t crypto_hash_sha512_statebytes(void); + +#define crypto_hash_sha512_BYTES 64U +SODIUM_EXPORT +size_t crypto_hash_sha512_bytes(void); + +SODIUM_EXPORT +int crypto_hash_sha512(unsigned char *out, const unsigned char *in, + unsigned long long inlen); + +SODIUM_EXPORT +int crypto_hash_sha512_init(crypto_hash_sha512_state *state); + +SODIUM_EXPORT +int crypto_hash_sha512_update(crypto_hash_sha512_state *state, + const unsigned char *in, + unsigned long long inlen); + +SODIUM_EXPORT +int crypto_hash_sha512_final(crypto_hash_sha512_state *state, + unsigned char *out); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/components/libsodium/test/component.mk b/components/libsodium/test/component.mk index ec8a3e932..6e7c3bc7a 100644 --- a/components/libsodium/test/component.mk +++ b/components/libsodium/test/component.mk @@ -32,7 +32,7 @@ ote: COMPONENT_OBJS += $(LS_TESTDIR)/$(1).o endef -TEST_CASES := chacha20 aead_chacha20poly1305 box box2 ed25519_convert sign +TEST_CASES := chacha20 aead_chacha20poly1305 box box2 ed25519_convert sign hash $(foreach case,$(TEST_CASES),$(eval $(call sodium_testcase,$(case)))) diff --git a/components/libsodium/test/test_sodium.c b/components/libsodium/test/test_sodium.c index 097d61990..9c9cd33dc 100644 --- a/components/libsodium/test/test_sodium.c +++ b/components/libsodium/test/test_sodium.c @@ -51,4 +51,12 @@ TEST_CASE("sign tests", "[libsodium]") TEST_ASSERT_EQUAL(0, sign_xmain() ); } +extern int hash_xmain(); + +TEST_CASE("hash tests", "[libsodium]") +{ + printf("Running hash\n"); + TEST_ASSERT_EQUAL(0, hash_xmain() ); +} +