fix Sha512 tests

miyazakh · miyazakh · commit 1b761c0bd729 · 2025-08-15T04:19:33.000+09:00
enable sha224, sha384 and sh512 as default

enable sha224, sha384 and sha512 at tcp server
diff --git a/benchmark/Makefile b/benchmark/Makefile
@@ -104,7 +104,7 @@ SRC_C += \
 		$(WOLFSSL_DIR)/wolfcrypt/src/hash.c \
 		$(WOLFSSL_DIR)/wolfcrypt/src/hmac.c \
 		$(WOLFSSL_DIR)/wolfcrypt/src/sha256.c \
-		$(WOLFSSL_DIR)/wolfCrypt/src/sha512.c \
+		$(WOLFSSL_DIR)/wolfcrypt/src/sha512.c \
 		$(WOLFSSL_DIR)/wolfcrypt/src/aes.c \
 		$(WOLFSSL_DIR)/wolfcrypt/src/ecc.c \
 		$(WOLFSSL_DIR)/wolfcrypt/src/cmac.c \
diff --git a/benchmark/config/user_settings.h b/benchmark/config/user_settings.h
@@ -127,9 +127,10 @@ extern "C" {
 /** SHA Options */
 #define NO_SHA
 /* #define NO_SHA256 */
-/* #define WOLFSSL_SHA224 */
-/* #define WOLFSSL_SHA384 */
-/* #define WOLFSSL_SHA512 */
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA512_HASHTYPE
 
 /* Dilithium Options */
 #define HAVE_DILITHIUM
diff --git a/benchmark/wh_bench_ops.h b/benchmark/wh_bench_ops.h
@@ -26,7 +26,7 @@
 #include <stdint.h>
 
 /* Maximum number of operations that can be registered */
-#define MAX_BENCH_OPS 73
+#define MAX_BENCH_OPS 79
 /* Maximum length of operation name */
 #define MAX_OP_NAME 64
 
diff --git a/examples/posix/tcp/wh_server_tcp/user_settings.h b/examples/posix/tcp/wh_server_tcp/user_settings.h
@@ -116,9 +116,10 @@ extern "C" {
 /** SHA Options */
 #define NO_SHA
 /* #define NO_SHA256 */
-/* #define WOLFSSL_SHA224 */
-/* #define WOLFSSL_SHA384 */
-/* #define WOLFSSL_SHA512 */
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA512_HASHTYPE
 
 /* Dilithium Options */
 #define HAVE_DILITHIUM
diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c
@@ -3188,7 +3188,7 @@ static int _xferSha512BlockAndUpdateDigest(whClientContext* ctx,
     memcpy(req->resumeState.hash, sha512->digest, WC_SHA512_DIGEST_SIZE);
     req->resumeState.hiLen = sha512->hiLen;
     req->resumeState.loLen = sha512->loLen;
-
+    req->resumeState.hashType = sha512->hashType;
     uint32_t req_len =
         sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req);
 
@@ -3221,6 +3221,7 @@ static int _xferSha512BlockAndUpdateDigest(whClientContext* ctx,
         if (ret >= 0) {
 #ifdef DEBUG_CRYPTOCB_VERBOSE
             printf("[client] ERROR Client SHA512 Res recv: ret=%d", ret);
+            printf("[client] hashType: %d\n", sha512->hashType);
 #endif /* DEBUG_CRYPTOCB_VERBOSE */
             /* Store the received intermediate hash in the sha512
              * context and indicate the field is now valid and
@@ -3288,7 +3289,9 @@ int wh_Client_Sha512(whClientContext* ctx, wc_Sha512* sha512, const uint8_t* in,
             memcpy(out, sha512->digest, WC_SHA512_DIGEST_SIZE);
         }
 
-        /* reset the state of the sha context (without blowing away devId) */
+        /* reset the state of the sha context (without blowing away devId and
+         *  hashType)
+         */
         sha512->buffLen = 0;
         sha512->hiLen   = 0;
         sha512->loLen   = 0;
diff --git a/src/wh_message_crypto.c b/src/wh_message_crypto.c
@@ -553,6 +553,7 @@ int wh_MessageCrypto_TranslateSha512Request(
     }
     WH_T32(magic, dest, src, resumeState.hiLen);
     WH_T32(magic, dest, src, resumeState.loLen);
+    WH_T32(magic, dest, src, resumeState.hashType);
     /* Hash value is just a byte array, no translation needed */
     if (src != dest) {
         memcpy(dest->resumeState.hash, src->resumeState.hash,
@@ -577,6 +578,7 @@ int wh_MessageCrypto_TranslateSha512Response(
     }
     WH_T32(magic, dest, src, hiLen);
     WH_T32(magic, dest, src, loLen);
+    WH_T32(magic, dest, src, hashType);
     /* Hash value is just a byte array, no translation needed */
     if (src != dest) {
         memcpy(dest->hash, src->hash, sizeof(src->hash));
diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -1938,6 +1938,7 @@ static int _HandleSha512(whServerContext* ctx, uint16_t magic,
     wc_Sha512*                     sha512 = ctx->crypto->algoCtx.sha512;
     whMessageCrypto_Sha512Request  req;
     whMessageCrypto_Sha512Response res;
+    int                            hashType = WC_HASH_TYPE_SHA512;
     (void)inSize;
     /* The server SHA512 struct doesn't persist state (it is a union), meaning
      * the devId may get blown away between calls. We must restore the server
@@ -1949,17 +1950,28 @@ static int _HandleSha512(whServerContext* ctx, uint16_t magic,
     if (ret != 0) {
         return ret;
     }
-
+    hashType = req.resumeState.hashType;
     /* Init the SHA512 context if this is the first time, otherwise restore the
      * hash state from the client */
     if (req.resumeState.hiLen == 0 && req.resumeState.loLen == 0) {
-        ret = wc_InitSha512_ex(sha512, NULL, ctx->crypto->devId);
+        switch(hashType) {
+            case WC_HASH_TYPE_SHA512_224:
+                ret = wc_InitSha512_224_ex(sha512, NULL, ctx->crypto->devId);
+                break;
+            case WC_HASH_TYPE_SHA512_256:
+                ret = wc_InitSha512_256_ex(sha512, NULL, ctx->crypto->devId);
+                break;
+            default:
+                ret = wc_InitSha512_ex(sha512, NULL, ctx->crypto->devId);
+                break;
+        }
     }
     else {
         /* HAVE_DILITHIUM */
         memcpy(sha512->digest, req.resumeState.hash, WC_SHA512_DIGEST_SIZE);
         sha512->loLen = req.resumeState.loLen;
         sha512->hiLen = req.resumeState.hiLen;
+        hashType = req.resumeState.hashType;
     }
 
     if (req.isLastBlock) {
@@ -1968,7 +1980,17 @@ static int _HandleSha512(whServerContext* ctx, uint16_t magic,
             ret = wc_Sha512Update(sha512, req.inBlock, req.lastBlockLen);
         }
         if (ret == 0) {
-            ret = wc_Sha512Final(sha512, res.hash);
+            switch(hashType) {
+                case WC_HASH_TYPE_SHA512_224:
+                    ret = wc_Sha512_224Final(sha512, res.hash);
+                    break;
+                case WC_HASH_TYPE_SHA512_256:
+                    ret = wc_Sha512_256Final(sha512, res.hash);
+                    break;
+                default:
+                    ret = wc_Sha512Final(sha512, res.hash);
+                    break;
+            }
         }
     }
     else {
@@ -3005,14 +3027,14 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq,
     whMessageCrypto_Sha512DmaResponse res;
     wc_Sha512*                        sha512 = ctx->crypto->algoCtx.sha512;
     int                               clientDevId;
+    int                               hashType = WC_HASH_TYPE_SHA512;
 
     /* Translate the request */
     ret = wh_MessageCrypto_TranslateSha512DmaRequest(
         magic, (whMessageCrypto_Sha512DmaRequest*)cryptoDataIn, &req);
     if (ret != WH_ERROR_OK) {
         return ret;
     }
-
     /* Ensure state sizes are the same */
     if (req.state.sz != sizeof(*sha512)) {
         res.dmaAddrStatus.badAddr = req.state;
@@ -3032,6 +3054,8 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq,
             clientDevId = sha512->devId;
             /* overwrite the devId to that of the server for local crypto */
             sha512->devId = ctx->crypto->devId;
+            /* retrieve hash Type to handle 512, 512-224, or 512-256 */
+            hashType = sha512->hashType;
         }
     }
 
@@ -3051,8 +3075,19 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq,
         if (ret == WH_ERROR_OK) {
 #ifdef DEBUG_CRYPTOCB_VERBOSE
             printf("[server]   wc_Sha512Final: outAddr=%p\n", outAddr);
+            printf("[server]   hashTpe: %d\n", hashType);
 #endif
-            ret = wc_Sha512Final(sha512, outAddr);
+             switch(hashType) {
+                case WC_HASH_TYPE_SHA512_224:
+                    ret = wc_Sha512_224Final(sha512, outAddr);
+                    break;
+                case WC_HASH_TYPE_SHA512_256:
+                    ret = wc_Sha512_256Final(sha512, outAddr);
+                    break;
+                default:
+                    ret = wc_Sha512Final(sha512, outAddr);
+                    break;
+            }
         }
 
         if (ret == WH_ERROR_OK) {
diff --git a/test/config/user_settings.h b/test/config/user_settings.h
@@ -128,9 +128,10 @@ extern "C" {
 /** SHA Options */
 #define NO_SHA
 /* #define NO_SHA256 */
-/* #define WOLFSSL_SHA224 */
-/* #define WOLFSSL_SHA384 */
-/* #define WOLFSSL_SHA512 */
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA512_HASHTYPE
 
 /* Dilithium Options */
 #define HAVE_DILITHIUM
diff --git a/wolfhsm/wh_message_crypto.h b/wolfhsm/wh_message_crypto.h
@@ -605,6 +605,7 @@ typedef struct {
         uint32_t loLen;
         /* intermediate hash value */
         uint8_t hash[64]; /* TODO (HM) WC_SHA512_DIGEST_SIZE */
+        int hashType;
     } resumeState;
     /* Flag indicating to the server that this is the last block and it should
      * finalize the hash. If set, inBlock may be only partially full*/
@@ -622,6 +623,7 @@ typedef struct {
     uint32_t hiLen;
     uint32_t loLen;
     uint8_t  hash[64]; /* TODO WC_SHA512_DIGEST_SIZE */
+    int hashType;
 } whMessageCrypto_Sha512Response;
 
 int wh_MessageCrypto_TranslateSha512Request(
