mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD, which is enough for final digest but not enough if you plan to resume digest in software.
This commit is contained in:
parent
a902e2a9de
commit
88b264cfce
@ -82,7 +82,7 @@ inline static size_t sha_engine_index(esp_sha_type type) {
|
||||
}
|
||||
}
|
||||
|
||||
/* Return state & digest length (in bytes) for a given SHA type */
|
||||
/* Return digest length (in bytes) for a given SHA type */
|
||||
inline static size_t sha_length(esp_sha_type type) {
|
||||
switch(type) {
|
||||
case SHA1:
|
||||
@ -90,7 +90,7 @@ inline static size_t sha_length(esp_sha_type type) {
|
||||
case SHA2_256:
|
||||
return 32;
|
||||
case SHA2_384:
|
||||
return 64;
|
||||
return 48;
|
||||
case SHA2_512:
|
||||
return 64;
|
||||
default:
|
||||
|
@ -113,11 +113,14 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_
|
||||
* value that is read is the SHA digest (in big endian
|
||||
* format). Otherwise, the value that is read is an interim SHA state.
|
||||
*
|
||||
* @note If sha_type is SHA2_384, only 48 bytes of state will be read.
|
||||
* This is enough for the final SHA2_384 digest, but if you want the
|
||||
* interim SHA-384 state (to continue digesting) then pass SHA2_512 instead.
|
||||
*
|
||||
* @param sha_type SHA algorithm in use.
|
||||
*
|
||||
* @param state Pointer to a memory buffer to hold the SHA state. Size
|
||||
* is 20 bytes (SHA1), 64 bytes (SHA2_256), or 128 bytes (SHA2_384 or
|
||||
* SHA2_512).
|
||||
* is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512).
|
||||
*
|
||||
*/
|
||||
void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state);
|
||||
|
@ -121,8 +121,12 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
|
||||
/* Copy hardware digest state out to cloned state,
|
||||
which will be a software digest.
|
||||
|
||||
Always read 512 bits of state, even for SHA-384
|
||||
(SHA-384 state is identical to SHA-512, only
|
||||
digest is truncated.)
|
||||
*/
|
||||
esp_sha_read_digest_state(sha_type(dst), dst->state);
|
||||
esp_sha_read_digest_state(SHA2_512, dst->state);
|
||||
dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user