Merge pull request #689 from fadushin/crypto

Add support for `crypto:hash/2`

These changes are made under both the "Apache 2.0" and the "GNU Lesser General
Public License 2.1 or later" license terms (dual license).

SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later

Author: bettio

CHANGELOG.md

@@ -58,6 +58,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 functions that default to `?ATOMVM_NVS_NS` are deprecated now).
 - Added most format possibilities to `io:format/2` and `io_lib:format/2`
 - Added `unicode` module with `characters_to_list/1,2` and `characters_to_binary/1,2,3` functions
+- Added support for `crypto:hash/2` (ESP32 and generic_unix with openssl)
 
 ### Fixed
 - Fixed issue with formatting integers with io:format() on STM32 platform

doc/src/programmers-guide.md

@@ -627,11 +627,6 @@ To convert a `datetime()` to convert the number of seconds since midnight Januar
 
 ### Miscellaneous
 
-Use the `erlang:md5/1` function to compute the MD5 hash of an input binary.  The output is a fixed-length binary ()
-
-    %% erlang
-    Hash = erlang:md5(<<foo>>).
-
 Use `atomvm:random/0` to generate a random unsigned 32-bit integer in the range `0..4294967295`:
 
     %% erlang
@@ -801,6 +796,35 @@ Input values that are out of range for the specific mathematical function or whi
 
 > Note.  If the AtomVM virtual machine is built with floating point arithmetic support disabled, these functions will result in a `badarg` error.
 
+### Cryptographic Operations
+
+You can hash binary date using the `crypto:hash/2` function.
+
+    %% erlang
+    crypto:hash(sha, [<<"Some binary">>, $\s, "data"])
+
+This function takes a hash algorithm, which may be one of:
+
+    -type md_type() :: md5 | sha | sha224 | sha256 | sha384 | sha512.
+
+and an IO list.  The output type is a binary, who's length (in bytes) is dependent on the algorithm chosen:
+
+| Algorithm | Hash Length (bytes) |
+|-----------|-------------|
+| `md5` | 16 |
+| `sha` | 20 |
+| `sha224` | 32 |
+| `sha256` | 32 |
+| `sha384` | 64 |
+| `sha512` | 64 |
+
+> Note.  The `crypto:hash/2` function is currently only supported on the ESP32 and generic UNIX platforms.
+
+You can also use the legacy `erlang:md5/1` function to compute the MD5 hash of an input binary.  The output is a fixed-length binary (16 bytes)
+
+    %% erlang
+    Hash = erlang:md5(<<foo>>).
+
 ## ESP32-specific APIs
 
 Certain APIs are specific to and only supported on the ESP32 platform.  This section describes these APIs.

libs/estdlib/src/crypto.erl

@@ -0,0 +1,39 @@
+%
+% This file is part of AtomVM.
+%
+% Copyright 2023 Fred Dushin <[email protected]>
+%
+% Licensed under the Apache License, Version 2.0 (the "License")
+% you may not use this file except in compliance with the License.
+% You may obtain a copy of the License at
+%
+%    http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS,
+% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+% See the License for the specific language governing permissions and
+% limitations under the License.
+%
+% SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later
+%
+-module(crypto).
+
+-export([
+    hash/2
+]).
+
+-type hash_algorithm() :: md5 | sha | sha224 | sha256 | sha384 | sha512.
+-type digest() :: binary().
+
+%%-----------------------------------------------------------------------------
+%% @param   Type the hash algorithm
+%% @param   Data the data to hash
+%% @returns Returns the result of hashing the supplied data using the supplied
+%%          hash algorithm.
+%% @doc     Hash data using a specified hash algorithm.
+%% @end
+%%-----------------------------------------------------------------------------
+-spec hash(Type :: hash_algorithm(), Data :: iolist()) -> digest().
+hash(_Type, _Data) ->
+    erlang:nif_error(undefined).

libs/estdlib/src/erlang.erl

@@ -250,7 +250,7 @@ system_flag(_Key, _Value) ->
 %%-----------------------------------------------------------------------------
 -spec md5(Data :: binary()) -> binary().
 md5(Data) when is_binary(Data) ->
-    erlang:nif_error(undefined).
+    crypto:hash(md5, Data).
 
 %%-----------------------------------------------------------------------------
 %% @param   Module Name of module

src/platforms/esp32/components/avm_sys/CMakeLists.txt

@@ -39,7 +39,7 @@ endif()
 idf_component_register(
     SRCS ${AVM_SYS_COMPONENT_SRCS}
     INCLUDE_DIRS "include"
-    REQUIRES "spi_flash" "soc" "newlib" "pthread" "vfs" ${ADDITIONAL_COMPONENTS}
+    REQUIRES "spi_flash" "soc" "newlib" "pthread" "vfs" "mbedtls" ${ADDITIONAL_COMPONENTS}
     PRIV_REQUIRES "libatomvm" "esp_timer" ${ADDITIONAL_PRIV_REQUIRES}
 )
 

src/platforms/esp32/components/avm_sys/platform_nifs.c

@@ -36,25 +36,12 @@
 #include <esp_partition.h>
 #include <esp_sleep.h>
 #include <esp_system.h>
+#include <mbedtls/md5.h>
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
 #include <soc/soc.h>
 #include <stdlib.h>
-#if defined __has_include
-#  if __has_include (<esp_idf_version.h>)
-#    include <esp_idf_version.h>
-#  endif
-#endif
-#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 3, 0) && CONFIG_IDF_TARGET_ESP32
-#include <esp_rom_md5.h>
-#else
-#include <rom/md5_hash.h>
-#endif
-#if CONFIG_IDF_TARGET_ESP32C3
-#include "esp32c3/rom/md5_hash.h"
-#elif CONFIG_IDF_TARGET_ESP32S2
-#include "esp32s2/rom/md5_hash.h"
-#elif CONFIG_IDF_TARGET_ESP32S3
-#include "esp32s3/rom/md5_hash.h"
-#endif
 
 // introduced starting with 4.4
 #if ESP_IDF_VERSION_MAJOR >= 5
@@ -66,7 +53,7 @@
 
 #define TAG "atomvm"
 
-#define MD5_DIGEST_LENGTH 16
+#define MAX_MD_SIZE 64
 
 static const char *const esp_rst_unknown_atom   = "\xF"  "esp_rst_unknown";
 static const char *const esp_rst_poweron        = "\xF"  "esp_rst_poweron";
@@ -93,6 +80,33 @@ static const AtomStringIntPair interface_table[] = {
     SELECT_INT_DEFAULT(InvalidInterface)
 };
 
+enum crypto_algorithm
+{
+    CryptoInvalidAlgorithm = 0,
+    CryptoMd5,
+    CryptoSha1,
+    CryptoSha224,
+    CryptoSha256,
+    CryptoSha384,
+    CryptoSha512
+};
+
+static const AtomStringIntPair crypto_algorithm_table[] = {
+    { ATOM_STR("\x3", "md5"), CryptoMd5 },
+    { ATOM_STR("\x3", "sha"), CryptoSha1 },
+    { ATOM_STR("\x6", "sha224"), CryptoSha224 },
+    { ATOM_STR("\x6", "sha256"), CryptoSha256 },
+    { ATOM_STR("\x6", "sha384"), CryptoSha384 },
+    { ATOM_STR("\x6", "sha512"), CryptoSha512 },
+    SELECT_INT_DEFAULT(CryptoInvalidAlgorithm)
+};
+
+#if defined __has_include
+#if __has_include(<esp_idf_version.h>)
+#include <esp_idf_version.h>
+#endif
+#endif
+
 //
 // NIFs
 //
@@ -435,27 +449,156 @@ static term nif_esp_sleep_enable_ext1_wakeup(Context *ctx, int argc, term argv[]
 
 #endif
 
-static term nif_rom_md5(Context *ctx, int argc, term argv[])
+#define DEFINE_DO_HASH(ALGORITHM, SUFFIX)                                                                      \
+    static InteropFunctionResult ALGORITHM##_hash_fold_fun(term t, void *accum)                                \
+    {                                                                                                          \
+        mbedtls_##ALGORITHM##_context *md_ctx = (mbedtls_##ALGORITHM##_context *) accum;                       \
+        if (term_is_integer(t)) {                                                                              \
+            uint8_t val = term_to_uint8(t);                                                                    \
+            mbedtls_##ALGORITHM##_update##SUFFIX(md_ctx, &val, 1);                                             \
+        } else if (term_is_binary(t)) {                                                                        \
+            mbedtls_##ALGORITHM##_update(md_ctx, (uint8_t *) term_binary_data(t), term_binary_size(t));        \
+        }                                                                                                      \
+        return InteropOk;                                                                                      \
+    }                                                                                                          \
+                                                                                                               \
+    static bool do_##ALGORITHM##_hash(term data, unsigned char *dst)                                           \
+    {                                                                                                          \
+        mbedtls_##ALGORITHM##_context md_ctx;                                                                  \
+                                                                                                               \
+        mbedtls_##ALGORITHM##_init(&md_ctx);                                                                   \
+        mbedtls_##ALGORITHM##_starts##SUFFIX(&md_ctx);                                                         \
+                                                                                                               \
+        InteropFunctionResult result = interop_chardata_fold(data, ALGORITHM##_hash_fold_fun, NULL, (void *) &md_ctx); \
+        if (UNLIKELY(result != InteropOk)) {                                                                   \
+            return false;                                                                                      \
+        }                                                                                                      \
+                                                                                                               \
+        if (UNLIKELY(mbedtls_##ALGORITHM##_finish##SUFFIX(&md_ctx, dst) != 0)) {                               \
+            return false;                                                                                      \
+        }                                                                                                      \
+                                                                                                               \
+        return true;                                                                                           \
+    }
+
+#define DEFINE_DO_HASH2(ALGORITHM, SUFFIX, IS_OTHER)                                                           \
+    static InteropFunctionResult ALGORITHM##_hash_fold_fun_##IS_OTHER(term t, void *accum)                     \
+    {                                                                                                          \
+        mbedtls_##ALGORITHM##_context *md_ctx = (mbedtls_##ALGORITHM##_context *) accum;                       \
+        if (term_is_any_integer(t)) {                                                                          \
+            avm_int64_t tmp = term_maybe_unbox_int64(t);                                                       \
+            if (tmp < 0 || tmp > 255) {                                                                        \
+                return InteropBadArg;                                                                          \
+            }                                                                                                  \
+            uint8_t val = (avm_int64_t) tmp;                                                                   \
+            mbedtls_##ALGORITHM##_update##SUFFIX(md_ctx, &val, 1);                                             \
+        } else if (term_is_binary(t)) {                                                                        \
+            mbedtls_##ALGORITHM##_update(md_ctx, (uint8_t *) term_binary_data(t), term_binary_size(t));        \
+        }                                                                                                      \
+        return InteropOk;                                                                                      \
+    }                                                                                                          \
+                                                                                                               \
+    static bool do_##ALGORITHM##_hash_##IS_OTHER(term data, unsigned char *dst)                                \
+    {                                                                                                          \
+        mbedtls_##ALGORITHM##_context md_ctx;                                                                  \
+                                                                                                               \
+        mbedtls_##ALGORITHM##_init(&md_ctx);                                                                   \
+        mbedtls_##ALGORITHM##_starts##SUFFIX(&md_ctx, IS_OTHER);                                               \
+                                                                                                               \
+        InteropFunctionResult result = interop_chardata_fold(data, ALGORITHM##_hash_fold_fun_##IS_OTHER, NULL, (void *) &md_ctx); \
+        if (UNLIKELY(result != InteropOk)) {                                                                   \
+            return false;                                                                                      \
+        }                                                                                                      \
+                                                                                                               \
+        if (UNLIKELY(mbedtls_##ALGORITHM##_finish##SUFFIX(&md_ctx, dst) != 0)) {                               \
+            return false;                                                                                      \
+        }                                                                                                      \
+                                                                                                               \
+        return true;                                                                                           \
+    }
+
+#if ESP_IDF_VERSION < ESP_IDF_VERSION_VAL(5, 0, 0)
+
+DEFINE_DO_HASH(md5, _ret)
+DEFINE_DO_HASH(sha1, _ret)
+DEFINE_DO_HASH2(sha256, _ret, true)
+DEFINE_DO_HASH2(sha256, _ret, false)
+DEFINE_DO_HASH2(sha512, _ret, true)
+DEFINE_DO_HASH2(sha512, _ret, false)
+
+#else
+
+DEFINE_DO_HASH(md5, )
+DEFINE_DO_HASH(sha1, )
+DEFINE_DO_HASH2(sha256, , true)
+DEFINE_DO_HASH2(sha256, , false)
+DEFINE_DO_HASH2(sha512, , true)
+DEFINE_DO_HASH2(sha512, , false)
+
+#endif
+
+static term nif_crypto_hash(Context *ctx, int argc, term argv[])
 {
     UNUSED(argc);
-    term data = argv[0];
-    VALIDATE_VALUE(data, term_is_binary);
-
-    unsigned char digest[MD5_DIGEST_LENGTH];
-    struct MD5Context md5;
-    #if __has_include (<esp_idf_version.h>) && ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 3, 0) && CONFIG_IDF_TARGET_ESP32
-    esp_rom_md5_init(&md5);
-    esp_rom_md5_update(&md5, (const unsigned char *) term_binary_data(data), term_binary_size(data));
-    esp_rom_md5_final(digest, &md5);
-    #else
-    MD5Init(&md5);
-    MD5Update(&md5, (const unsigned char *) term_binary_data(data), term_binary_size(data));
-    MD5Final(digest, &md5);
-    #endif
-    if (UNLIKELY(memory_ensure_free(ctx, term_binary_heap_size(MD5_DIGEST_LENGTH)) != MEMORY_GC_OK)) {
+    term type = argv[0];
+    VALIDATE_VALUE(type, term_is_atom);
+    term data = argv[1];
+
+    unsigned char digest[MAX_MD_SIZE];
+    size_t digest_len = 0;
+
+    enum crypto_algorithm algo = interop_atom_term_select_int(crypto_algorithm_table, type, ctx->global);
+    switch (algo) {
+        case CryptoMd5: {
+            if (UNLIKELY(!do_md5_hash(data, digest))) {
+                RAISE_ERROR(BADARG_ATOM)
+            }
+            digest_len = 16;
+            break;
+        }
+        case CryptoSha1: {
+            if (UNLIKELY(!do_sha1_hash(data, digest))) {
+                RAISE_ERROR(BADARG_ATOM)
+            }
+            digest_len = 20;
+            break;
+        }
+        case CryptoSha224: {
+            if (UNLIKELY(!do_sha256_hash_true(data, digest))) {
+                RAISE_ERROR(BADARG_ATOM)
+            }
+            digest_len = 28;
+            break;
+        }
+        case CryptoSha256: {
+            if (UNLIKELY(!do_sha256_hash_false(data, digest))) {
+                RAISE_ERROR(BADARG_ATOM)
+            }
+            digest_len = 32;
+            break;
+        }
+        case CryptoSha384: {
+            if (UNLIKELY(!do_sha512_hash_true(data, digest))) {
+                RAISE_ERROR(BADARG_ATOM)
+            }
+            digest_len = 48;
+            break;
+        }
+        case CryptoSha512: {
+            if (UNLIKELY(!do_sha512_hash_false(data, digest))) {
+                RAISE_ERROR(BADARG_ATOM)
+            }
+            digest_len = 64;
+            break;
+        }
+        default:
+            RAISE_ERROR(BADARG_ATOM);
+    }
+
+    if (UNLIKELY(memory_ensure_free(ctx, term_binary_heap_size(digest_len)) != MEMORY_GC_OK)) {
         RAISE_ERROR(OUT_OF_MEMORY_ATOM);
     }
-    return term_from_literal_binary(digest, MD5_DIGEST_LENGTH, &ctx->heap, ctx->global);
+    return term_from_literal_binary(digest, digest_len, &ctx->heap, ctx->global);
 }
 
 static term nif_atomvm_platform(Context *ctx, int argc, term argv[])
@@ -566,10 +709,10 @@ static const struct Nif esp_sleep_enable_ext1_wakeup_nif =
     .nif_ptr = nif_esp_sleep_enable_ext1_wakeup
 };
 #endif
-static const struct Nif rom_md5_nif =
+static const struct Nif crypto_hash_nif =
 {
     .base.type = NIFFunctionType,
-    .nif_ptr = nif_rom_md5
+    .nif_ptr = nif_crypto_hash
 };
 static const struct Nif atomvm_platform_nif =
 {
@@ -638,9 +781,9 @@ const struct Nif *platform_nifs_get_nif(const char *nifname)
         return &esp_sleep_enable_ext1_wakeup_nif;
     }
 #endif
-    if (strcmp("erlang:md5/1", nifname) == 0) {
+    if (strcmp("crypto:hash/2", nifname) == 0) {
         TRACE("Resolved platform nif %s ...\n", nifname);
-        return &rom_md5_nif;
+        return &crypto_hash_nif;
     }
     if (strcmp("atomvm:platform/0", nifname) == 0) {
         TRACE("Resolved platform nif %s ...\n", nifname);