Merge pull request #690 from Ashish285/fix_libsodium/fix_nonnull_compare_build_error

fix(libsodium): improve esp port layer

Author: mahavirj

.github/workflows/deploy_gh_pages.yml

@@ -52,7 +52,9 @@ jobs:
           args: >-
             --no-progress
             --include-fragments
-            './docs_build_output/**/*.html'
+            --root-dir docs_build_output
+            --exclude-path '.*/404\.html$'
+            docs_build_output/**/*.html
           # Fail the action if broken links are found
           fail: true
 

libsodium/CMakeLists.txt

@@ -34,9 +34,7 @@ set(srcs
     "${SRC}/crypto_generichash/blake2b/ref/generichash_blake2b.c"
     "${SRC}/crypto_generichash/crypto_generichash.c"
     "${SRC}/crypto_hash/crypto_hash.c"
-    "${SRC}/crypto_hash/sha256/cp/hash_sha256_cp.c"
     "${SRC}/crypto_hash/sha256/hash_sha256.c"
-    "${SRC}/crypto_hash/sha512/cp/hash_sha512_cp.c"
     "${SRC}/crypto_hash/sha512/hash_sha512.c"
     "${SRC}/crypto_kdf/blake2b/kdf_blake2b.c"
     "${SRC}/crypto_kdf/crypto_kdf.c"
@@ -120,14 +118,16 @@ if(CONFIG_LIBSODIUM_USE_MBEDTLS_SHA)
     list(APPEND srcs
         "port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c"
         "port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c")
+    set(include_dirs port_include ${SRC}/include)
+    set(priv_include_dirs port port_include/sodium ${SRC}/include/sodium)
 else()
     list(APPEND srcs
         "${SRC}/crypto_hash/sha256/cp/hash_sha256_cp.c"
         "${SRC}/crypto_hash/sha512/cp/hash_sha512_cp.c")
+    set(include_dirs ${SRC}/include port_include)
+    set(priv_include_dirs ${SRC}/include/sodium port_include/sodium port)
 endif()
 
-set(include_dirs ${SRC}/include port_include)
-set(priv_include_dirs ${SRC}/include/sodium port_include/sodium port)
 idf_component_register(SRCS "${srcs}"
                     INCLUDE_DIRS "${include_dirs}"
                     PRIV_INCLUDE_DIRS "${priv_include_dirs}"
@@ -177,6 +177,12 @@ set_source_files_properties(
 
 target_compile_options(${COMPONENT_LIB} PRIVATE -Wno-unused-function)
 
+if(CONFIG_LIBSODIUM_USE_MBEDTLS_SHA)
+    target_compile_options(${COMPONENT_LIB} PRIVATE
+        "$<$<COMPILE_LANGUAGE:C>:SHELL:-include ${CMAKE_CURRENT_SOURCE_DIR}/port_include/sodium/crypto_hash_sha256.h>"
+        "$<$<COMPILE_LANGUAGE:C>:SHELL:-include ${CMAKE_CURRENT_SOURCE_DIR}/port_include/sodium/crypto_hash_sha512.h>")
+endif()
+
 if(CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE)
     # some libsodium variables are only used for asserts
     target_compile_options(${COMPONENT_LIB} PRIVATE -Wno-unused-but-set-variable)

libsodium/Kconfig

@@ -3,13 +3,8 @@ menu "libsodium"
     config LIBSODIUM_USE_MBEDTLS_SHA
         bool "Use mbedTLS SHA256 & SHA512 implementations"
         default y
-        depends on !MBEDTLS_HARDWARE_SHA
         help
             If this option is enabled, libsodium will use thin wrappers
             around mbedTLS for SHA256 & SHA512 operations.
-
-            This saves some code size if mbedTLS is also used. However it
-            is incompatible with hardware SHA acceleration (due to the
-            way libsodium's API manages SHA state).
-
+            This saves some code size if mbedTLS is also used.
 endmenu # libsodium

libsodium/idf_component.yml

@@ -1,4 +1,4 @@
-version: "1.0.20~3"
+version: "1.0.20~4"
 description: libsodium port to ESP
 url: https://github.com/espressif/idf-extra-components/tree/master/libsodium
 dependencies:

libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c

@@ -24,62 +24,9 @@
 #include "crypto_hash_sha256.h"
 #include <string.h>
 
-#ifdef MBEDTLS_PSA_CRYPTO
-#include "psa/crypto.h"
-#else
-#include "mbedtls/sha256.h"
-#endif
-
-#ifndef MBEDTLS_PSA_CRYPTO
-#ifdef MBEDTLS_SHA256_ALT
-/* Wrapper only works if the libsodium context structure can be mapped
-   directly to the mbedTLS context structure.
-
-   See extended comments in crypto_hash_sha512_mbedtls.c
-*/
-#error "This wrapper only support standard software mbedTLS SHA"
-#endif
-
-/* Sanity check that all the context fields have identical sizes
-   (this should be more or less given from the SHA256 algorithm)
-
-   Note that the meaning of the fields is *not* all the same. In libsodium, SHA256 'count' is a 64-bit *bit* count. In
-   mbedTLS, 'total' is a 2x32-bit *byte* count (count[0] == MSB).
-
-   For this implementation, we don't convert so the libsodium state structure actually holds a binary copy of the
-   mbedTLS totals. This doesn't matter inside libsodium's documented API, but would matter if any callers try to use
-   the state's bit count.
-*/
-_Static_assert(sizeof(((crypto_hash_sha256_state *)0)->state) == sizeof(((mbedtls_sha256_context *)0)->state), "state mismatch");
-_Static_assert(sizeof(((crypto_hash_sha256_state *)0)->count) == sizeof(((mbedtls_sha256_context *)0)->total), "count mismatch");
-_Static_assert(sizeof(((crypto_hash_sha256_state *)0)->buf) == sizeof(((mbedtls_sha256_context *)0)->buffer), "buf mismatch");
-
-/* Inline functions to convert between mbedTLS & libsodium
-   context structures
-*/
-
-static void sha256_mbedtls_to_libsodium(crypto_hash_sha256_state *ls_state, const mbedtls_sha256_context *mb_ctx)
-{
-    memcpy(&ls_state->count, mb_ctx->total, sizeof(ls_state->count));
-    memcpy(ls_state->state, mb_ctx->state, sizeof(ls_state->state));
-    memcpy(ls_state->buf, mb_ctx->buffer, sizeof(ls_state->buf));
-}
-
-static void sha256_libsodium_to_mbedtls(mbedtls_sha256_context *mb_ctx, crypto_hash_sha256_state *ls_state)
-{
-    memcpy(mb_ctx->total, &ls_state->count, sizeof(mb_ctx->total));
-    memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state));
-    memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer));
-    mb_ctx->is224 = 0;
-}
-#endif /* !MBEDTLS_PSA_CRYPTO */
-
 int
 crypto_hash_sha256_init(crypto_hash_sha256_state *state)
 {
-    if (state == NULL) {
-        return -1;
-    }
 #ifdef MBEDTLS_PSA_CRYPTO
     psa_status_t status;
 
@@ -88,37 +35,23 @@ crypto_hash_sha256_init(crypto_hash_sha256_state *state)
         return -1;
     }
 
-    psa_hash_operation_t *operation;
-
-    /* Store PSA hash operation in the state buffer
-     * The libsodium state structure is large enough to hold psa_hash_operation_t.
-     * Ensure this is safe with respect to both size and alignment.
-     */
-    _Static_assert(sizeof(crypto_hash_sha256_state) >= sizeof(psa_hash_operation_t),
-                   "crypto_hash_sha256_state too small for psa_hash_operation_t");
-    _Static_assert(_Alignof(crypto_hash_sha256_state) >= _Alignof(psa_hash_operation_t),
-                   "crypto_hash_sha256_state alignment insufficient for psa_hash_operation_t");
-    memset(state, 0, sizeof(*state));
-    operation = (psa_hash_operation_t *)state;
-    *operation = psa_hash_operation_init();
+    state->_psa_op = psa_hash_operation_init();
 
-    status = psa_hash_setup(operation, PSA_ALG_SHA_256);
+    status = psa_hash_setup(&state->_psa_op, PSA_ALG_SHA_256);
     if (status != PSA_SUCCESS) {
         return -1;
     }
     return 0;
 #else
-    mbedtls_sha256_context ctx;
-    mbedtls_sha256_init(&ctx);
+    mbedtls_sha256_init(&state->ctx);
 #ifdef MBEDTLS_2_X_COMPAT
-    int ret = mbedtls_sha256_starts_ret(&ctx, 0);
+    int ret = mbedtls_sha256_starts_ret(&state->ctx, 0);
 #else
-    int ret = mbedtls_sha256_starts(&ctx, 0);
+    int ret = mbedtls_sha256_starts(&state->ctx, 0);
 #endif /* MBEDTLS_2_X_COMPAT */
     if (ret != 0) {
         return ret;
     }
-    sha256_mbedtls_to_libsodium(state, &ctx);
     return 0;
 #endif /* !MBEDTLS_PSA_CRYPTO */
 }
@@ -127,59 +60,49 @@ int
 crypto_hash_sha256_update(crypto_hash_sha256_state *state,
                           const unsigned char *in, unsigned long long inlen)
 {
-    if (state == NULL || (in == NULL && inlen > 0)) {
+    if (in == NULL && inlen > 0) {
         return -1;
     }
 #ifdef MBEDTLS_PSA_CRYPTO
-    psa_hash_operation_t *operation = (psa_hash_operation_t *)state;
     psa_status_t status;
 
-    status = psa_hash_update(operation, in, inlen);
+    status = psa_hash_update(&state->_psa_op, in, inlen);
     if (status != PSA_SUCCESS) {
-        psa_hash_abort(operation);
+        psa_hash_abort(&state->_psa_op);
         return -1;
     }
     return 0;
 #else
-    mbedtls_sha256_context ctx;
-    sha256_libsodium_to_mbedtls(&ctx, state);
 #ifdef MBEDTLS_2_X_COMPAT
-    int ret = mbedtls_sha256_update_ret(&ctx, in, inlen);
+    int ret = mbedtls_sha256_update_ret(&state->ctx, in, inlen);
 #else
-    int ret = mbedtls_sha256_update(&ctx, in, inlen);
+    int ret = mbedtls_sha256_update(&state->ctx, in, inlen);
 #endif /* MBEDTLS_2_X_COMPAT */
     if (ret != 0) {
         return ret;
     }
-    sha256_mbedtls_to_libsodium(state, &ctx);
     return 0;
 #endif /* !MBEDTLS_PSA_CRYPTO */
 }
 
 int
 crypto_hash_sha256_final(crypto_hash_sha256_state *state, unsigned char *out)
 {
-    if (state == NULL || out == NULL) {
-        return -1;
-    }
 #ifdef MBEDTLS_PSA_CRYPTO
-    psa_hash_operation_t *operation = (psa_hash_operation_t *)state;
     psa_status_t status;
     size_t hash_len;
 
-    status = psa_hash_finish(operation, out, crypto_hash_sha256_BYTES, &hash_len);
+    status = psa_hash_finish(&state->_psa_op, out, crypto_hash_sha256_BYTES, &hash_len);
     if (status != PSA_SUCCESS || hash_len != crypto_hash_sha256_BYTES) {
-        psa_hash_abort(operation);
+        psa_hash_abort(&state->_psa_op);
         return -1;
     }
     return 0;
 #else
-    mbedtls_sha256_context ctx;
-    sha256_libsodium_to_mbedtls(&ctx, state);
 #ifdef MBEDTLS_2_X_COMPAT
-    return mbedtls_sha256_finish_ret(&ctx, out);
+    return mbedtls_sha256_finish_ret(&state->ctx, out);
 #else
-    return mbedtls_sha256_finish(&ctx, out);
+    return mbedtls_sha256_finish(&state->ctx, out);
 #endif /* MBEDTLS_2_X_COMPAT */
 #endif /* !MBEDTLS_PSA_CRYPTO */
 }
@@ -188,7 +111,7 @@ int
 crypto_hash_sha256(unsigned char *out, const unsigned char *in,
                    unsigned long long inlen)
 {
-    if (out == NULL || (in == NULL && inlen > 0)) {
+    if (in == NULL && inlen > 0) {
         return -1;
     }
 #ifdef MBEDTLS_PSA_CRYPTO