feat: migrates esp_http_client and esp_http_server to PSA APIs

components/esp_http_client/lib/http_auth.c

@@ -20,6 +20,8 @@
 #include "http_auth.h"
 #include "http_crypto.h"
 
+#include "psa/crypto.h"
+
 #define MD5_MAX_LEN (33)
 #define HTTP_AUTH_BUF_LEN (1024)
 
@@ -70,7 +72,6 @@ static int md5_printf(char *md, const char *fmt, ...)
  */
 static int sha256_sprintf(char *sha, const char *fmt, ...)
 {
-
     unsigned char *buf;
     unsigned char digest[SHA256_LEN];
     int len, i;
@@ -83,9 +84,22 @@ static int sha256_sprintf(char *sha, const char *fmt, ...)
     }
 
     int ret = 0;
+    psa_status_t status;
+    psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
 
-    esp_err_t err = http_crypto_sha256(buf, len, digest);
-    if (err != ESP_OK) {
+    status = psa_hash_setup(&operation, PSA_ALG_SHA_256);
+    if (status != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    status = psa_hash_update(&operation, buf, len);
+    if (status != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    size_t hash_length;
+    status = psa_hash_finish(&operation, digest, sizeof(digest), &hash_length);
+    if (status != PSA_SUCCESS || hash_length != SHA256_LEN) {
         goto exit;
     }
 
@@ -97,6 +111,7 @@ static int sha256_sprintf(char *sha, const char *fmt, ...)
 
 exit:
     free(buf);
+    psa_hash_abort(&operation);
     va_end(ap);
     return ret;
 }

components/esp_http_server/src/httpd_ws.c

@@ -11,7 +11,7 @@
 #include <sys/random.h>
 #include <esp_log.h>
 #include <esp_err.h>
-
+#include <psa/crypto.h>
 #include <mbedtls/base64.h>
 #include <mbedtls/error.h>
 
@@ -143,17 +143,29 @@ esp_err_t httpd_ws_respond_server_handshake(httpd_req_t *req, const char *suppor
 
     ESP_LOGD(TAG, LOG_FMT("Server key before encoding: %s"), server_raw_text);
 
-#if CONFIG_MBEDTLS_SHA1_C || CONFIG_MBEDTLS_HARDWARE_SHA
-    esp_err_t err = httpd_crypto_sha1((const uint8_t *)server_raw_text, strlen(server_raw_text), server_key_hash);
-    if (err != ESP_OK) {
-        ESP_LOGE(TAG, "Failed to compute SHA-1 hash");
-        return err;
+    /* Generate SHA-1 hash */
+    psa_hash_operation_t sha1_operation = PSA_HASH_OPERATION_INIT;
+    psa_status_t status = psa_hash_setup(&sha1_operation, PSA_ALG_SHA_1);
+    if (status != PSA_SUCCESS) {
+        ESP_LOGE(TAG, "Failed to setup SHA-1 operation");
+        return ESP_FAIL;
     }
-#else
-    ESP_LOGE(TAG, "Please enable CONFIG_MBEDTLS_SHA1_C or CONFIG_MBEDTLS_HARDWARE_SHA to support SHA1 operations");
-    return ESP_ERR_NOT_SUPPORTED;
-#endif /* CONFIG_MBEDTLS_SHA1_C || CONFIG_MBEDTLS_HARDWARE_SHA */
 
+    status = psa_hash_update(&sha1_operation, (uint8_t *)server_raw_text, strlen(server_raw_text));
+    if (status != PSA_SUCCESS) {
+        ESP_LOGE(TAG, "Failed to update SHA-1 hash");
+        psa_hash_abort(&sha1_operation);
+        return ESP_FAIL;
+    }
+
+    size_t hash_length;
+    status = psa_hash_finish(&sha1_operation, server_key_hash, sizeof(server_key_hash), &hash_length);
+    if (status != PSA_SUCCESS || hash_length != sizeof(server_key_hash)) {
+        ESP_LOGE(TAG, "Failed to finish SHA-1 hash");
+        return ESP_FAIL;
+    }
+
+    /* Encode to Base64 */
     size_t encoded_len = 0;
     mbedtls_base64_encode((uint8_t *)server_key_encoded, sizeof(server_key_encoded), &encoded_len,
                           server_key_hash, sizeof(server_key_hash));