github/esphome
2
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-06-24 16:20:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

[sha256] Migrate to PSA Crypto API for ESP-IDF 6.0 (#14809)

Browse Source
This commit is contained in:
J. Nick Koston
2026-03-14 10:43:04 -10:00
committed by GitHub
parent b126f3af3b
commit 158a119a5a
2 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
esphome/components/sha256/sha256.cpp
View File

@@ -8,7 +8,28 @@
namespace esphome::sha256 {
#if defined(USE_ESP32) || defined(USE_LIBRETINY)
#if defined(USE_SHA256_PSA)
// ESP-IDF 6.0 ships mbedtls 4.0 which removed the legacy mbedtls_sha256_* API.
// Use the PSA Crypto API instead. PSA crypto is auto-initialized by ESP-IDF
// at startup, so no psa_crypto_init() call is needed.
SHA256::~SHA256() { psa_hash_abort(&this->op_); }
void SHA256::init() {
psa_hash_abort(&this->op_);
this->op_ = PSA_HASH_OPERATION_INIT;
psa_hash_setup(&this->op_, PSA_ALG_SHA_256);
}
void SHA256::add(const uint8_t *data, size_t len) { psa_hash_update(&this->op_, data, len); }
void SHA256::calculate() {
size_t hash_length;
psa_hash_finish(&this->op_, this->digest_, sizeof(this->digest_), &hash_length);
}
#elif defined(USE_SHA256_MBEDTLS)
// CRITICAL ESP32 HARDWARE SHA ACCELERATION REQUIREMENTS (IDF 5.5.x):
//

19
esphome/components/sha256/sha256.h
View File

@@ -10,7 +10,20 @@
#include <memory>
#include "esphome/core/hash_base.h"
#if defined(USE_ESP32) || defined(USE_LIBRETINY)
#if defined(USE_ESP32)
#include <esp_idf_version.h>
#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)
// mbedtls 4.0 (IDF 6.0) removed the legacy mbedtls_sha256_* API.
// Use the PSA Crypto API instead. PSA crypto is auto-initialized by
// ESP-IDF at startup (esp_psa_crypto_init.c, priority 104).
#define USE_SHA256_PSA
#include <psa/crypto.h>
#else
#define USE_SHA256_MBEDTLS
#include "mbedtls/sha256.h"
#endif
#elif defined(USE_LIBRETINY)
#define USE_SHA256_MBEDTLS
#include "mbedtls/sha256.h"
#elif defined(USE_ESP8266) || defined(USE_RP2040)
#include <bearssl/bearssl_hash.h>
@@ -51,7 +64,9 @@ class SHA256 : public esphome::HashBase {
size_t get_size() const override { return 32; }
protected:
#if defined(USE_ESP32) || defined(USE_LIBRETINY)
#if defined(USE_SHA256_PSA)
psa_hash_operation_t op_ = PSA_HASH_OPERATION_INIT;
#elif defined(USE_SHA256_MBEDTLS)
// The mbedtls context for ESP32-S3 hardware SHA requires proper alignment and stack frame constraints.
// See class documentation above for critical requirements.
mbedtls_sha256_context ctx_{};