Skip to content

Commit eb843d6

Browse files
mahavirjmahavirj
committed
feat(libsodium): add support for PSA crypto APIs
1 parent c32c9a2 commit eb843d6

File tree

2 files changed

+148
-4
lines changed

2 files changed

+148
-4
lines changed

libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c

Lines changed: 74 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
/*
2-
* SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD
2+
* SPDX-FileCopyrightText: 2017-2026 Espressif Systems (Shanghai) CO LTD
33
*
44
* SPDX-License-Identifier: Apache-2.0
55
*/
66

7+
#include "sdkconfig.h"
78
#include <mbedtls/version.h>
89

910
/* Keep forward-compatibility with Mbed TLS 3.x */
@@ -17,9 +18,15 @@
1718
#endif /* !(MBEDTLS_VERSION_NUMBER < 0x03000000) */
1819

1920
#include "crypto_hash_sha256.h"
20-
#include "mbedtls/sha256.h"
2121
#include <string.h>
2222

23+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
24+
#include "psa/crypto.h"
25+
#else
26+
#include "mbedtls/sha256.h"
27+
#endif
28+
29+
#if !defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
2330
#ifdef MBEDTLS_SHA256_ALT
2431
/* Wrapper only works if the libsodium context structure can be mapped
2532
directly to the mbedTLS context structure.
@@ -61,10 +68,28 @@ static void sha256_libsodium_to_mbedtls(mbedtls_sha256_context *mb_ctx, crypto_h
6168
memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer));
6269
mb_ctx->is224 = 0;
6370
}
71+
#endif /* !CONFIG_MBEDTLS_VER_4_X_SUPPORT */
6472

6573
int
6674
crypto_hash_sha256_init(crypto_hash_sha256_state *state)
6775
{
76+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
77+
psa_status_t status;
78+
psa_hash_operation_t *operation;
79+
80+
/* Store PSA hash operation in the state buffer
81+
* The libsodium state structure is large enough to hold psa_hash_operation_t
82+
*/
83+
memset(state, 0, sizeof(*state));
84+
operation = (psa_hash_operation_t *)state;
85+
*operation = psa_hash_operation_init();
86+
87+
status = psa_hash_setup(operation, PSA_ALG_SHA_256);
88+
if (status != PSA_SUCCESS) {
89+
return -1;
90+
}
91+
return 0;
92+
#else
6893
mbedtls_sha256_context ctx;
6994
mbedtls_sha256_init(&ctx);
7095
#ifdef MBEDTLS_2_X_COMPAT
@@ -77,12 +102,24 @@ crypto_hash_sha256_init(crypto_hash_sha256_state *state)
77102
}
78103
sha256_mbedtls_to_libsodium(state, &ctx);
79104
return 0;
105+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
80106
}
81107

82108
int
83109
crypto_hash_sha256_update(crypto_hash_sha256_state *state,
84110
const unsigned char *in, unsigned long long inlen)
85111
{
112+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
113+
psa_hash_operation_t *operation = (psa_hash_operation_t *)state;
114+
psa_status_t status;
115+
116+
status = psa_hash_update(operation, in, inlen);
117+
if (status != PSA_SUCCESS) {
118+
psa_hash_abort(operation);
119+
return -1;
120+
}
121+
return 0;
122+
#else
86123
mbedtls_sha256_context ctx;
87124
sha256_libsodium_to_mbedtls(&ctx, state);
88125
#ifdef MBEDTLS_2_X_COMPAT
@@ -95,27 +132,62 @@ crypto_hash_sha256_update(crypto_hash_sha256_state *state,
95132
}
96133
sha256_mbedtls_to_libsodium(state, &ctx);
97134
return 0;
135+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
98136
}
99137

100138
int
101139
crypto_hash_sha256_final(crypto_hash_sha256_state *state, unsigned char *out)
102140
{
141+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
142+
psa_hash_operation_t *operation = (psa_hash_operation_t *)state;
143+
psa_status_t status;
144+
size_t hash_len;
145+
146+
status = psa_hash_finish(operation, out, crypto_hash_sha256_BYTES, &hash_len);
147+
if (status != PSA_SUCCESS) {
148+
psa_hash_abort(operation);
149+
return -1;
150+
}
151+
return 0;
152+
#else
103153
mbedtls_sha256_context ctx;
104154
sha256_libsodium_to_mbedtls(&ctx, state);
105155
#ifdef MBEDTLS_2_X_COMPAT
106156
return mbedtls_sha256_finish_ret(&ctx, out);
107157
#else
108158
return mbedtls_sha256_finish(&ctx, out);
109159
#endif /* MBEDTLS_2_X_COMPAT */
160+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
110161
}
111162

112163
int
113164
crypto_hash_sha256(unsigned char *out, const unsigned char *in,
114165
unsigned long long inlen)
115166
{
167+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
168+
psa_status_t status;
169+
size_t hash_len;
170+
171+
status = psa_hash_compute(PSA_ALG_SHA_256, in, inlen, out,
172+
crypto_hash_sha256_BYTES, &hash_len);
173+
if (status != PSA_SUCCESS) {
174+
return -1;
175+
}
176+
return 0;
177+
#else
116178
#ifdef MBEDTLS_2_X_COMPAT
117179
return mbedtls_sha256_ret(in, inlen, out, 0);
118180
#else
119181
return mbedtls_sha256(in, inlen, out, 0);
120182
#endif /* MBEDTLS_2_X_COMPAT */
183+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
184+
}
185+
186+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
187+
__attribute__((constructor)) static void crypto_psa_init(void)
188+
{
189+
/* Ensure PSA is initialized */
190+
psa_status_t status = psa_crypto_init();
191+
assert(status == PSA_SUCCESS);
121192
}
193+
#endif

libsodium/port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c

Lines changed: 74 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
/*
2-
* SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD
2+
* SPDX-FileCopyrightText: 2017-2026 Espressif Systems (Shanghai) CO LTD
33
*
44
* SPDX-License-Identifier: Apache-2.0
55
*/
66

7+
#include "sdkconfig.h"
78
#include <mbedtls/version.h>
89

910
/* Keep forward-compatibility with Mbed TLS 3.x */
@@ -17,9 +18,15 @@
1718
#endif /* !(MBEDTLS_VERSION_NUMBER < 0x03000000) */
1819

1920
#include "crypto_hash_sha512.h"
20-
#include "mbedtls/sha512.h"
2121
#include <string.h>
2222

23+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
24+
#include "psa/crypto.h"
25+
#else
26+
#include "mbedtls/sha512.h"
27+
#endif
28+
29+
#if !defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
2330
#ifdef MBEDTLS_SHA512_ALT
2431
/* Wrapper only works if the libsodium context structure can be mapped
2532
directly to the mbedTLS context structure.
@@ -65,10 +72,28 @@ static void sha512_libsodium_to_mbedtls(mbedtls_sha512_context *mb_ctx, crypto_h
6572
memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer));
6673
mb_ctx->is384 = 0;
6774
}
75+
#endif /* !CONFIG_MBEDTLS_VER_4_X_SUPPORT */
6876

6977
int
7078
crypto_hash_sha512_init(crypto_hash_sha512_state *state)
7179
{
80+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
81+
psa_status_t status;
82+
psa_hash_operation_t *operation;
83+
84+
/* Store PSA hash operation in the state buffer
85+
* The libsodium state structure is large enough to hold psa_hash_operation_t
86+
*/
87+
memset(state, 0, sizeof(*state));
88+
operation = (psa_hash_operation_t *)state;
89+
*operation = psa_hash_operation_init();
90+
91+
status = psa_hash_setup(operation, PSA_ALG_SHA_512);
92+
if (status != PSA_SUCCESS) {
93+
return -1;
94+
}
95+
return 0;
96+
#else
7297
mbedtls_sha512_context ctx;
7398
mbedtls_sha512_init(&ctx);
7499
#ifdef MBEDTLS_2_X_COMPAT
@@ -81,12 +106,24 @@ crypto_hash_sha512_init(crypto_hash_sha512_state *state)
81106
}
82107
sha512_mbedtls_to_libsodium(state, &ctx);
83108
return 0;
109+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
84110
}
85111

86112
int
87113
crypto_hash_sha512_update(crypto_hash_sha512_state *state,
88114
const unsigned char *in, unsigned long long inlen)
89115
{
116+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
117+
psa_hash_operation_t *operation = (psa_hash_operation_t *)state;
118+
psa_status_t status;
119+
120+
status = psa_hash_update(operation, in, inlen);
121+
if (status != PSA_SUCCESS) {
122+
psa_hash_abort(operation);
123+
return -1;
124+
}
125+
return 0;
126+
#else
90127
mbedtls_sha512_context ctx;
91128
sha512_libsodium_to_mbedtls(&ctx, state);
92129
#ifdef MBEDTLS_2_X_COMPAT
@@ -99,27 +136,62 @@ crypto_hash_sha512_update(crypto_hash_sha512_state *state,
99136
}
100137
sha512_mbedtls_to_libsodium(state, &ctx);
101138
return 0;
139+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
102140
}
103141

104142
int
105143
crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out)
106144
{
145+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
146+
psa_hash_operation_t *operation = (psa_hash_operation_t *)state;
147+
psa_status_t status;
148+
size_t hash_len;
149+
150+
status = psa_hash_finish(operation, out, crypto_hash_sha512_BYTES, &hash_len);
151+
if (status != PSA_SUCCESS) {
152+
psa_hash_abort(operation);
153+
return -1;
154+
}
155+
return 0;
156+
#else
107157
mbedtls_sha512_context ctx;
108158
sha512_libsodium_to_mbedtls(&ctx, state);
109159
#ifdef MBEDTLS_2_X_COMPAT
110160
return mbedtls_sha512_finish_ret(&ctx, out);
111161
#else
112162
return mbedtls_sha512_finish(&ctx, out);
113163
#endif /* MBEDTLS_2_X_COMPAT */
164+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
114165
}
115166

116167
int
117168
crypto_hash_sha512(unsigned char *out, const unsigned char *in,
118169
unsigned long long inlen)
119170
{
171+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
172+
psa_status_t status;
173+
size_t hash_len;
174+
175+
status = psa_hash_compute(PSA_ALG_SHA_512, in, inlen, out,
176+
crypto_hash_sha512_BYTES, &hash_len);
177+
if (status != PSA_SUCCESS) {
178+
return -1;
179+
}
180+
return 0;
181+
#else
120182
#ifdef MBEDTLS_2_X_COMPAT
121183
return mbedtls_sha512_ret(in, inlen, out, 0);
122184
#else
123185
return mbedtls_sha512(in, inlen, out, 0);
124186
#endif /* MBEDTLS_2_X_COMPAT */
187+
#endif /* CONFIG_MBEDTLS_VER_4_X_SUPPORT */
188+
}
189+
190+
#if defined(CONFIG_MBEDTLS_VER_4_X_SUPPORT)
191+
__attribute__((constructor)) static void crypto_psa_init(void)
192+
{
193+
/* Ensure PSA is initialized */
194+
psa_status_t status = psa_crypto_init();
195+
assert(status == PSA_SUCCESS);
125196
}
197+
#endif

0 commit comments

Comments
 (0)