RIOT-OS · miri64 · Nov 30, 2023 · Oct 10, 2023
diff --git a/dist/tools/doccheck/exclude_simple b/dist/tools/doccheck/exclude_simple
@@ -4010,7 +4010,6 @@ warning: Member MAG3110_SYSMOD_ACTIVE (macro definition) of file mag3110_reg.h i
 warning: Member MAG3110_SYSMOD_ACTIVE_RAW (macro definition) of file mag3110_reg.h is not documented.
 warning: Member MAG3110_SYSMOD_STANDBY (macro definition) of file mag3110_reg.h is not documented.
 warning: Member MAIPGL_FD (macro definition) of file enc28j60_regs.h is not documented.
-warning: Member Maj(x, y, z) (macro definition) of group sys_hashes_sha2xx_common is not documented.
 warning: Member MASK_MAX_RT (macro definition) of file nrf24l01p_settings.h is not documented.
 warning: Member MASK_RX_DR (macro definition) of file nrf24l01p_settings.h is not documented.
 warning: Member MASK_TX_DS (macro definition) of file nrf24l01p_settings.h is not documented.
@@ -6025,7 +6024,6 @@ warning: Member rom_setup_set_aon_rtc_sub_sec_inc (macro definition) of file cc2
 warning: Member rom_setup_set_cache_mode_according_to_ccfg_setting (macro definition) of file cc26x2_cc13x2_setup.h is not documented.
 warning: Member rom_setup_step_vddr_trim_to (macro definition) of file cc26x2_cc13x2_setup.h is not documented.
 warning: Member rotating_hash(const uint8_t *buf, size_t len) (function) of file hashes.h is not documented.
-warning: Member ROTR(x, n) (macro definition) of group sys_hashes_sha2xx_common is not documented.
 warning: Member RR_CLASS_LENGTH (macro definition) of group net_dns is not documented.
 warning: Member RR_RDLENGTH_LENGTH (macro definition) of group net_dns is not documented.
 warning: Member RR_TTL_LENGTH (macro definition) of group net_dns is not documented.
@@ -6063,14 +6061,10 @@ warning: Member RUN_MIC_PIN (macro definition) of file board.h is not documented
 warning: Member RX_DR (macro definition) of file nrf24l01p_settings.h is not documented.
 warning: Member RX_P_NO (macro definition) of file nrf24l01p_settings.h is not documented.
 warning: Member s0_OFFSET (macro definition) of file context_frame.h is not documented.
-warning: Member s0(x) (macro definition) of group sys_hashes_sha2xx_common is not documented.
-warning: Member S0(x) (macro definition) of group sys_hashes_sha2xx_common is not documented.
 warning: Member s10_OFFSET (macro definition) of file context_frame.h is not documented.
 warning: Member s11_OFFSET (macro definition) of file context_frame.h is not documented.
 warning: Member S16_F (macro definition) of group pkg_lwip_sys is not documented.
 warning: Member s1_OFFSET (macro definition) of file context_frame.h is not documented.
-warning: Member s1(x) (macro definition) of group sys_hashes_sha2xx_common is not documented.
-warning: Member S1(x) (macro definition) of group sys_hashes_sha2xx_common is not documented.
 warning: Member s2_OFFSET (macro definition) of file context_frame.h is not documented.
 warning: Member S32_F (macro definition) of group pkg_lwip_sys is not documented.
 warning: Member s3_OFFSET (macro definition) of file context_frame.h is not documented.
@@ -6280,7 +6274,6 @@ warning: Member setup_fpu(void) (function) of group cpu_lm4f120 is not documente
 warning: Member SGP30_PARAM_I2C_DEV (macro definition) of file sgp30_params.h is not documented.
 warning: Member SGP30_PARAMS (macro definition) of file sgp30_params.h is not documented.
 warning: Member SGP30_SAUL_INFO (macro definition) of file sgp30_params.h is not documented.
-warning: Member SHR(x, n) (macro definition) of group sys_hashes_sha2xx_common is not documented.
 warning: Member SHT1X_PARAM_CLK (macro definition) of file board.h is not documented.
 warning: Member SHT1X_PARAM_DATA (macro definition) of file board.h is not documented.
 warning: Member SHT2X_PARAM_CRC_MODE (macro definition) of file sht2x_params.h is not documented.

diff --git a/makefiles/pseudomodules.inc.mk b/makefiles/pseudomodules.inc.mk
@@ -397,6 +397,7 @@ PSEUDOMODULES += psa_riot_hashes_md5
 PSEUDOMODULES += psa_riot_hashes_sha_1
 PSEUDOMODULES += psa_riot_hashes_sha_224
 PSEUDOMODULES += psa_riot_hashes_sha_256
+PSEUDOMODULES += psa_riot_hashes_sha_512
 PSEUDOMODULES += psa_riot_hashes_hmac_sha256
 PSEUDOMODULES += fortuna_reseed
 ## @defgroup pseudomodule_random_cmd random_cmd

diff --git a/pkg/esp32_sdk/patches/0033-wpa_supplicant-add-prefix-wpa_-to-sha512_init.patch b/pkg/esp32_sdk/patches/0033-wpa_supplicant-add-prefix-wpa_-to-sha512_init.patch
@@ -0,0 +1,62 @@
+From 241861e24ad628946e3257317549a70c6f90aeec Mon Sep 17 00:00:00 2001
+From: Gunar Schorcht <[email protected]>
+Date: Tue, 10 Oct 2023 17:54:52 +0200
+Subject: [PATCH 33/33] wpa_supplicant: add prefix wpa_ to sha512_init
+
+Prefix `_wpa` added to `sha512_init` function of `wpa_suppplicant` to avoid name conflicts with RIOT modules `crypto` and `hashes`.
+---
+ components/wpa_supplicant/src/crypto/crypto_internal.c | 2 +-
+ components/wpa_supplicant/src/crypto/sha512-internal.c | 4 ++--
+ components/wpa_supplicant/src/crypto/sha512_i.h        | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/components/wpa_supplicant/src/crypto/crypto_internal.c b/components/wpa_supplicant/src/crypto/crypto_internal.c
+index d1426a8feb7..7ff588cbb40 100644
+--- a/components/wpa_supplicant/src/crypto/crypto_internal.c
++++ b/components/wpa_supplicant/src/crypto/crypto_internal.c
+@@ -67,7 +67,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ #endif /* CONFIG_INTERNAL_SHA384 */
+ #ifdef CONFIG_INTERNAL_SHA512
+ 	case CRYPTO_HASH_ALG_SHA512:
+-		sha512_init(&ctx->u.sha512);
++		wpa_sha512_init(&ctx->u.sha512);
+ 		break;
+ #endif /* CONFIG_INTERNAL_SHA512 */
+ 	case CRYPTO_HASH_ALG_HMAC_MD5:
+diff --git a/components/wpa_supplicant/src/crypto/sha512-internal.c b/components/wpa_supplicant/src/crypto/sha512-internal.c
+index c0263941c12..1e816867faf 100644
+--- a/components/wpa_supplicant/src/crypto/sha512-internal.c
++++ b/components/wpa_supplicant/src/crypto/sha512-internal.c
+@@ -27,7 +27,7 @@ int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ 	struct sha512_state ctx;
+ 	size_t i;
+
+-	sha512_init(&ctx);
++	wpa_sha512_init(&ctx);
+ 	for (i = 0; i < num_elem; i++)
+ 		if (sha512_process(&ctx, addr[i], len[i]))
+ 			return -1;
+@@ -161,7 +161,7 @@ static int sha512_compress(struct sha512_state *md, unsigned char *buf)
+    @param md   The hash state you wish to initialize
+    @return CRYPT_OK if successful
+ */
+-void sha512_init(struct sha512_state *md)
++void wpa_sha512_init(struct sha512_state *md)
+ {
+ 	md->curlen = 0;
+ 	md->length = 0;
+diff --git a/components/wpa_supplicant/src/crypto/sha512_i.h b/components/wpa_supplicant/src/crypto/sha512_i.h
+index 108958911ef..e451e48fcfd 100644
+--- a/components/wpa_supplicant/src/crypto/sha512_i.h
++++ b/components/wpa_supplicant/src/crypto/sha512_i.h
+@@ -17,7 +17,7 @@ struct sha512_state {
+ 	u8 buf[SHA512_BLOCK_SIZE];
+ };
+
+-void sha512_init(struct sha512_state *md);
++void wpa_sha512_init(struct sha512_state *md);
+ int sha512_process(struct sha512_state *md, const unsigned char *in,
+ 		   unsigned long inlen);
+ int sha512_done(struct sha512_state *md, unsigned char *out);
+-- 
+2.34.1
@@ -29,6 +29,12 @@ config MODULE_PSA_RIOT_HASHES_SHA_256
     select MODULE_PSA_RIOT_HASHES
     select MODULE_HASHES
 
+config MODULE_PSA_RIOT_HASHES_SHA_512
+    bool
+    depends on MODULE_PSA_CRYPTO
+    select MODULE_PSA_RIOT_HASHES
+    select MODULE_HASHES
+
 config MODULE_PSA_RIOT_HASHES_HMAC_SHA256
     bool
     depends on MODULE_PSA_CRYPTO

diff --git a/sys/hashes/psa_riot_hashes/sha_512.c b/sys/hashes/psa_riot_hashes/sha_512.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_psa_crypto
+ * @{
+ *
+ * @brief       Glue code translating between PSA Crypto and the RIOT Hash module
+ *
+ * @author      Mikolai Gütschow <[email protected]>
+ *
+ * @}
+ */
+
+#include "psa/crypto.h"
+#include "hashes/psa/riot_hashes.h"
+
+psa_status_t psa_hashes_sha512_setup(psa_hashes_sha512_ctx_t *ctx)
+{
+    sha512_init((sha512_context_t *)ctx);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha512_update(psa_hashes_sha512_ctx_t *ctx,
+                                      const uint8_t *input,
+                                      size_t input_length)
+{
+    sha512_update((sha512_context_t *)ctx, input, input_length);
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_hashes_sha512_finish(psa_hashes_sha512_ctx_t *ctx,
+                                      uint8_t *hash,
+                                      size_t hash_size,
+                                      size_t *hash_length)
+{
+    sha512_final((sha512_context_t *)ctx, hash);
+
+    (void)hash_size;
+    (void)hash_length;
+    return PSA_SUCCESS;
+}
diff --git a/sys/hashes/sha256.c b/sys/hashes/sha256.c
@@ -78,7 +78,7 @@
     }
 
     sha256_init(&c);
-    sha2xx_update(&c, data, len);
+    sha256_update(&c, data, len);
     sha256_final(&c, digest);
 
     return digest;
@@ -153,7 +153,7 @@
    hmac_context_t ctx;

    hmac_sha256_init(&ctx, key, key_length);
    hmac_sha256_update(&ctx,data, len);
    hmac_sha256_final(&ctx, digest);

    return digest;

diff --git a/sys/hashes/sha2xx_common.c b/sys/hashes/sha2xx_common.c
@@ -96,6 +96,40 @@ static void be32enc_vect(void *dst_, const void *src_, size_t len)
 
 #endif /* __BYTE_ORDER__ != __ORDER_BIG_ENDIAN__ */
 
+/**
+ * @brief    Elementary functions used by SHA2XX
+ * @{
+ */
+#define Ch(x, y, z) ((x & (y ^ z)) ^ z)
+#define Maj(x, y, z)    ((x & (y | z)) | (y & z))
+#define SHR(x, n)   (x >> n)
+#define ROTR(x, n)  ((x >> n) | (x << (32 - n)))
+#define S0(x)       (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
+#define S1(x)       (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
+#define s0(x)       (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
+#define s1(x)       (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
+/** @} */
+
+/** @brief SHA-224 and SHA-256 Constants */
+static const uint32_t K[64] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
+};
+
 /*
  * SHA256 block compression function.  The 256-bit state is transformed via
  * the 512-bit input block to produce a new state.
@@ -153,8 +187,8 @@ void sha2xx_pad(sha2xx_context_t *ctx)
     be32enc_vect(len, ctx->count, 8);
 
     /* Add 1--64 bytes so that the resulting length is 56 mod 64 */
-    uint32_t r = (ctx->count[1] >> 3) & 0x3f;
-    uint32_t plen = (r < 56) ? (56 - r) : (120 - r);
+    uint8_t r = (ctx->count[1] >> 3) & 0x3f;
+    uint8_t plen = (r < 56) ? (56 - r) : (120 - r);
     sha2xx_update(ctx, PAD, (size_t) plen);
 
     /* Add the terminating bit-count */
@@ -165,7 +199,9 @@ void sha2xx_pad(sha2xx_context_t *ctx)
 void sha2xx_update(sha2xx_context_t *ctx, const void *data, size_t len)
 {
     /* Number of bytes left in the buffer from previous updates */
-    uint32_t r = (ctx->count[1] >> 3) & 0x3f;
+    uint8_t r = (ctx->count[1] >> 3) & 0x3f;
+    /* Number of bytes free in the buffer from previous updates */
+    uint8_t f = 64 - r;
 
     /* Convert the length into a number of bits */
     uint32_t bitlen1 = ((uint32_t) len) << 3;
@@ -179,7 +215,7 @@ void sha2xx_update(sha2xx_context_t *ctx, const void *data, size_t len)
     ctx->count[0] += bitlen0;
 
     /* Handle the case where we don't need to perform any transforms */
-    if (len < 64 - r) {
+    if (len < f) {
         if (len > 0) {
             memcpy(&ctx->buf[r], data, len);
         }
@@ -189,10 +225,10 @@ void sha2xx_update(sha2xx_context_t *ctx, const void *data, size_t len)
     /* Finish the current block */
     const unsigned char *src = data;
 
-    memcpy(&ctx->buf[r], src, 64 - r);
+    memcpy(&ctx->buf[r], src, f);
     sha2xx_transform(ctx->state, ctx->buf);
-    src += 64 - r;
-    len -= 64 - r;
+    src += f;
+    len -= f;
 
     /* Perform complete blocks */
     while (len >= 64) {

diff --git a/sys/hashes/sha512.c b/sys/hashes/sha512.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ * @{
+ *
+ * @file
+ * @brief       SHA-512 hash function implementation
+ *
+ * @author      Mikolai Gütschow <[email protected]>
+ *
+ * @}
+ */
+
+#include <string.h>
+#include <assert.h>
+
+#include "hashes/sha512.h"
+#include "hashes/sha512_common.h"
+
+/* SHA-512 initialization.  Begins a SHA-512 operation. */
+void sha512_init(sha512_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0x6a09e667f3bcc908;
+    ctx->state[1] = 0xbb67ae8584caa73b;
+    ctx->state[2] = 0x3c6ef372fe94f82b;
+    ctx->state[3] = 0xa54ff53a5f1d36f1;
+    ctx->state[4] = 0x510e527fade682d1;
+    ctx->state[5] = 0x9b05688c2b3e6c1f;
+    ctx->state[6] = 0x1f83d9abfb41bd6b;
+    ctx->state[7] = 0x5be0cd19137e2179;
+}
+
+void sha512(const void *data, size_t len, void *digest)
+{
+    sha512_context_t c;
+
+    sha512_init(&c);
+    sha512_update(&c, data, len);
+    sha512_final(&c, digest);
+}