diff --git a/components/libsodium/Kconfig b/components/libsodium/Kconfig index 58b33bdf..171ea55f 100644 --- a/components/libsodium/Kconfig +++ b/components/libsodium/Kconfig @@ -3,7 +3,6 @@ menu "libsodium" config LIBSODIUM_USE_MBEDTLS_SHA bool "Use mbedTLS SHA256 & SHA512 implementations" default y - depends on !MBEDTLS_HARDWARE_SHA help If this option is enabled, libsodium will use thin wrappers around mbedTLS for SHA256 & SHA512 operations. diff --git a/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c b/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c index 39c36c70..9ffd28c6 100644 --- a/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c +++ b/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c @@ -16,15 +16,6 @@ #include "mbedtls/sha256.h" #include -#ifdef MBEDTLS_SHA256_ALT -/* Wrapper only works if the libsodium context structure can be mapped - directly to the mbedTLS context structure. - - See extended comments in crypto_hash_sha512_mbedtls.c -*/ -#error "This wrapper only support standard software mbedTLS SHA" -#endif - /* Sanity check that all the context fields have identical sizes (this should be more or less given from the SHA256 algorithm) @@ -55,7 +46,6 @@ static void sha256_libsodium_to_mbedtls(mbedtls_sha256_context *mb_ctx, crypto_h memcpy(mb_ctx->total, &ls_state->count, sizeof(mb_ctx->total)); memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state)); memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer)); - mb_ctx->is224 = 0; } int diff --git a/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c b/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c index 4dd58a1d..acb03849 100644 --- a/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c +++ b/components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c @@ -16,18 +16,6 @@ #include "mbedtls/sha512.h" #include -#ifdef MBEDTLS_SHA512_ALT -/* Wrapper only works if the libsodium context structure can be mapped - directly to the mbedTLS context structure. - - For ESP8266 hardware SHA, the problems are fitting all the data in - the libsodium state structure, and also that libsodium doesn't - have mbedtls_sha512_free() or mbedtls_sha512_clone() so we can't - manage the hardware state in a clean way. -*/ -#error "This wrapper only support standard software mbedTLS SHA" -#endif - /* Sanity check that all the context fields have identical sizes (this should be more or less given from the SHA512 algorithm) @@ -59,7 +47,6 @@ static void sha512_libsodium_to_mbedtls(mbedtls_sha512_context *mb_ctx, crypto_h memcpy(mb_ctx->total, ls_state->count, sizeof(mb_ctx->total)); memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state)); memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer)); - mb_ctx->is384 = 0; } int diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index a1c396cf..a8117c5f 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -116,51 +116,6 @@ menu "mbedTLS" default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE - config MBEDTLS_HARDWARE_AES - bool "Enable hardware AES acceleration" - default y - help - Enable hardware accelerated AES encryption & decryption. - - Note that if the ESP32 CPU is running at 240MHz, hardware AES does not - offer any speed boost over software AES. - - config MBEDTLS_HARDWARE_MPI - bool "Enable hardware MPI (bignum) acceleration" - default n - help - Enable hardware accelerated multiple precision integer operations. - - Hardware accelerated multiplication, modulo multiplication, - and modular exponentiation for up to 4096 bit results. - - These operations are used by RSA. - - config MBEDTLS_MPI_USE_INTERRUPT - bool "Use interrupt for MPI operations" - depends on MBEDTLS_HARDWARE_MPI - default n - help - Use an interrupt to coordinate MPI operations. - - This allows other code to run on the CPU while an MPI operation is pending. - Otherwise the CPU busy-waits. - - config MBEDTLS_HARDWARE_SHA - bool "Enable hardware SHA acceleration" - default y - help - Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS. - - Due to a hardware limitation, hardware acceleration is only - guaranteed if SHA digests are calculated one at a time. If more - than one SHA digest is calculated at the same time, one will - be calculated fully in hardware and the rest will be calculated - (at least partially calculated) in software. This happens automatically. - - SHA hardware acceleration is faster than software in some situations but - slower in others. You should benchmark to find the best setting for you. - config MBEDTLS_HAVE_TIME bool "Enable mbedtls time" depends on !ESP32_TIME_SYSCALL_USE_NONE diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index bdb9bf61..c8f682e2 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -108,40 +108,21 @@ * within the modules that are enabled. * \{ */ - -/* The following units have ESP32 hardware support, - uncommenting each _ALT macro will use the - hardware-accelerated implementation. */ -#ifdef CONFIG_MBEDTLS_HARDWARE_AES #define MBEDTLS_AES_ALT -#else -#undef MBEDTLS_AES_ALT -#endif /* MBEDTLS_SHAxx_ALT to enable hardware SHA support with software fallback. */ -#ifdef CONFIG_MBEDTLS_HARDWARE_SHA #define MBEDTLS_SHA1_ALT #define MBEDTLS_SHA256_ALT #define MBEDTLS_SHA512_ALT -#else -#undef MBEDTLS_SHA1_ALT -#undef MBEDTLS_SHA256_ALT -#undef MBEDTLS_SHA512_ALT -#endif /* The following MPI (bignum) functions have ESP32 hardware support, Uncommenting these macros will use the hardware-accelerated implementations. */ -#ifdef CONFIG_MBEDTLS_HARDWARE_MPI -#define MBEDTLS_MPI_EXP_MOD_ALT -#define MBEDTLS_MPI_MUL_MPI_ALT -#else #undef MBEDTLS_MPI_EXP_MOD_ALT #undef MBEDTLS_MPI_MUL_MPI_ALT -#endif /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT diff --git a/components/util/include/esp_sha.h b/components/util/include/esp_sha.h index d929ead8..52a81a10 100644 --- a/components/util/include/esp_sha.h +++ b/components/util/include/esp_sha.h @@ -28,10 +28,9 @@ typedef struct { } esp_sha1_t; typedef struct { - uint64_t length; - uint32_t curlen; + uint32_t total[2]; uint32_t state[8]; - uint8_t buf[64]; + uint8_t buffer[64]; } esp_sha256_t; typedef struct { diff --git a/components/util/src/sha256.c b/components/util/src/sha256.c index bc585dad..cc6de2bc 100644 --- a/components/util/src/sha256.c +++ b/components/util/src/sha256.c @@ -79,7 +79,7 @@ static const uint32_t K[64] = { 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL }; -static void esp_sha256_transform(esp_sha256_t *ctx, uint8_t *buf) +static void esp_sha256_transform(esp_sha256_t *ctx, const uint8_t *buf) { uint32_t S[8], W[64], t0, t1; uint32_t t; @@ -108,8 +108,8 @@ int esp_sha256_init(esp_sha256_t *ctx) { util_assert(ctx); - ctx->curlen = 0; - ctx->length = 0; + ctx->total[0] = 0; + ctx->total[1] = 0; ctx->state[0] = 0x6A09E667UL; ctx->state[1] = 0xBB67AE85UL; @@ -127,8 +127,8 @@ int esp_sha224_init(esp_sha224_t *ctx) { util_assert(ctx); - ctx->curlen = 0; - ctx->length = 0; + ctx->total[0] = 0; + ctx->total[1] = 0; ctx->state[0] = 0xC1059ED8; ctx->state[1] = 0x367CD507; @@ -144,39 +144,43 @@ int esp_sha224_init(esp_sha224_t *ctx) int esp_sha256_update(esp_sha256_t *ctx, const void *src, size_t size) { - const uint8_t *in = (const uint8_t *)src; - uint32_t n; + size_t fill; + uint32_t left; + const uint8_t *input = (const uint8_t *)src; util_assert(ctx); util_assert(src); util_assert(size); - if (ctx->curlen >= sizeof(ctx->buf)) - return -1; + left = ctx->total[0] & 0x3F; + fill = 64 - left; - while (size > 0) { - if (ctx->curlen == 0 && size >= 64) { - esp_sha256_transform(ctx, (uint8_t *) in); - - ctx->length += 64 * 8; - in += 64; - size -= 64; - } else { - n = MIN(size, (64 - ctx->curlen)); - memcpy(ctx->buf + ctx->curlen, in, n); - ctx->curlen += n; - in += n; - size -= n; + ctx->total[0] += size; + ctx->total[0] &= 0xFFFFFFFF; - if (ctx->curlen == 64) { - esp_sha256_transform(ctx, ctx->buf); + if (ctx->total[0] < size) + ctx->total[1]++; - ctx->length += 8 * 64; - ctx->curlen = 0; - } - } + if (left && size >= fill) { + memcpy(ctx->buffer + left, input, fill); + + esp_sha256_transform(ctx, ctx->buffer); + + input += fill; + size -= fill; + left = 0; } + while (size >= 64) { + esp_sha256_transform(ctx, input); + + input += 64; + size -= 64; + } + + if (size > 0) + memcpy(ctx->buffer + left, input, size); + return 0; } @@ -191,37 +195,42 @@ int esp_sha224_update(esp_sha224_t *ctx, const void *src, size_t size) int esp_sha224_finish(esp_sha224_t *ctx, void *dest) { - int i; + uint32_t used; + uint32_t high, low; uint8_t *out = (uint8_t *)dest; util_assert(ctx); util_assert(dest); - if (ctx->curlen >= sizeof(ctx->buf)) - return -1; + used = ctx->total[0] & 0x3F; - ctx->length += ctx->curlen * 8; + ctx->buffer[used++] = 0x80; - ctx->buf[ctx->curlen++] = 0x80; - - if (ctx->curlen > 56) { - while (ctx->curlen < 64) - ctx->buf[ctx->curlen++] = 0; - - esp_sha256_transform(ctx, ctx->buf); - ctx->curlen = 0; + if (used <= 56) { + memset(ctx->buffer + used, 0, 56 - used); + } else { + memset(ctx->buffer + used, 0, 64 - used); + esp_sha256_transform(ctx, ctx->buffer); + memset(ctx->buffer, 0, 56); } - while (ctx->curlen < 56) - ctx->buf[ctx->curlen++] = 0; + high = (ctx->total[0] >> 29) | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - ESP_PUT_BE64(ctx->buf + 56, ctx->length); - esp_sha256_transform(ctx, ctx->buf); + ESP_PUT_BE32(ctx->buffer + 56, high); + ESP_PUT_BE32(ctx->buffer + 60, low); - for (i = 0; i < 7; i++) - ESP_PUT_BE32(out + (4 * i), ctx->state[i]); + esp_sha256_transform(ctx, ctx->buffer); - return 0; + ESP_PUT_BE32(out + 0, ctx->state[0]); + ESP_PUT_BE32(out + 4, ctx->state[1]); + ESP_PUT_BE32(out + 8, ctx->state[2]); + ESP_PUT_BE32(out + 12, ctx->state[3]); + ESP_PUT_BE32(out + 16, ctx->state[4]); + ESP_PUT_BE32(out + 20, ctx->state[5]); + ESP_PUT_BE32(out + 24, ctx->state[6]); + + return( 0 ); } int esp_sha256_finish(esp_sha256_t *ctx, void *dest)