Merge pull request #20484 from mguetschow/hashes-sha512-trunc

sys/hashes: support for SHA-{384,512/{224,256}}

sys/hashes/sha224.c

@@ -18,11 +18,9 @@
  * @}
  */
 
-#include <string.h>
 #include <assert.h>
 
 #include "hashes/sha224.h"
-#include "hashes/sha2xx_common.h"
 
 /* SHA-224 initialization.  Begins a SHA-224 operation. */
 void sha224_init(sha224_context_t *ctx)

sys/hashes/sha384.c

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ *
+ * @{
+ * @file
+ * @brief       SHA384 hash function implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <assert.h>
+
+#include "hashes/sha384.h"
+
+void sha384_init(sha384_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0xcbbb9d5dc1059ed8;
+    ctx->state[1] = 0x629a292a367cd507;
+    ctx->state[2] = 0x9159015a3070dd17;
+    ctx->state[3] = 0x152fecd8f70e5939;
+    ctx->state[4] = 0x67332667ffc00b31;
+    ctx->state[5] = 0x8eb44a8768581511;
+    ctx->state[6] = 0xdb0c2e0d64f98fa7;
+    ctx->state[7] = 0x47b5481dbefa4fa4;
+}
+
+void sha384(const void *data, size_t len, void *digest)
+{
+    sha384_context_t c;
+    assert(digest);
+
+    sha384_init(&c);
+    sha384_update(&c, data, len);
+    sha384_final(&c, digest);
+}

sys/hashes/sha512.c

@@ -18,11 +18,9 @@
  * @}
  */
 
-#include <string.h>
 #include <assert.h>
 
 #include "hashes/sha512.h"
-#include "hashes/sha512_common.h"
 
 /* SHA-512 initialization.  Begins a SHA-512 operation. */
 void sha512_init(sha512_context_t *ctx)
@@ -44,6 +42,7 @@ void sha512_init(sha512_context_t *ctx)
 void sha512(const void *data, size_t len, void *digest)
 {
     sha512_context_t c;
+    assert(digest);
 
     sha512_init(&c);
     sha512_update(&c, data, len);

sys/hashes/sha512_224.c

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ *
+ * @{
+ * @file
+ * @brief       SHA512/224 hash function implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <assert.h>
+
+#include "hashes/sha512_224.h"
+
+void sha512_224_init(sha512_224_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0x8C3D37C819544DA2;
+    ctx->state[1] = 0x73E1996689DCD4D6;
+    ctx->state[2] = 0x1DFAB7AE32FF9C82;
+    ctx->state[3] = 0x679DD514582F9FCF;
+    ctx->state[4] = 0x0F6D2B697BD44DA8;
+    ctx->state[5] = 0x77E36F7304C48942;
+    ctx->state[6] = 0x3F9D85A86A1D36C8;
+    ctx->state[7] = 0x1112E6AD91D692A1;
+}
+
+void sha512_224(const void *data, size_t len, void *digest)
+{
+    sha512_224_context_t c;
+    assert(digest);
+
+    sha512_224_init(&c);
+    sha512_224_update(&c, data, len);
+    sha512_224_final(&c, digest);
+}

sys/hashes/sha512_256.c

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     sys_hashes
+ *
+ * @{
+ * @file
+ * @brief       SHA512/256 hash function implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <assert.h>
+
+#include "hashes/sha512_256.h"
+
+void sha512_256_init(sha512_256_context_t *ctx)
+{
+    /* Zero bits processed so far */
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Magic initialization constants */
+    ctx->state[0] = 0x22312194FC2BF72C;
+    ctx->state[1] = 0x9F555FA3C84C64C2;
+    ctx->state[2] = 0x2393B86B6F53B151;
+    ctx->state[3] = 0x963877195940EABD;
+    ctx->state[4] = 0x96283EE2A88EFFE3;
+    ctx->state[5] = 0xBE5E1E2553863992;
+    ctx->state[6] = 0x2B0199FC2C85B8AA;
+    ctx->state[7] = 0x0EB72DDC81C52CA2;
+}
+
+void sha512_256(const void *data, size_t len, void *digest)
+{
+    sha512_256_context_t c;
+    assert(digest);
+
+    sha512_256_init(&c);
+    sha512_256_update(&c, data, len);
+    sha512_256_final(&c, digest);
+}

sys/hashes/sha512_common.c

@@ -34,26 +34,25 @@
 #else /* !__BIG_ENDIAN__ */
 
 /*
- * Encode a length len/8 vector of (uint64_t) into a length len vector of
- * (unsigned char) in big-endian form.  Assumes len is a multiple of 8.
+ * Encode a length ceil(len/8) vector of (uint64_t) into a length len vector of
+ * (unsigned char) in big-endian form.
  */
 static void be64enc_vect(void *dst_, const void *src_, size_t len)
 {
-    /* Assert if len is not a multiple of 8 */
-    assert(!(len & 7));
-
+    size_t i;
     if ((uintptr_t)dst_ % sizeof(uint64_t) == 0 &&
         (uintptr_t)src_ % sizeof(uint64_t) == 0) {
         uint64_t *dst = dst_;
         const uint64_t *src = src_;
-        for (size_t i = 0; i < len / 8; i++) {
+        for (i = 0; i < len / 8; i++) {
             dst[i] = __builtin_bswap64(src[i]);
         }
+        i *= 8;
     }
     else {
         uint8_t *dst = dst_;
         const uint8_t *src = src_;
-        for (size_t i = 0; i < len; i += 8) {
+        for (i = 0; i < len-7; i += 8) {
             dst[i] = src[i + 7];
             dst[i + 1] = src[i + 6];
             dst[i + 2] = src[i + 5];
@@ -64,6 +63,14 @@ static void be64enc_vect(void *dst_, const void *src_, size_t len)
             dst[i + 7] = src[i];
         }
     }
+    /* copy len%8 remaining bytes */
+    if (i < len) {
+        uint8_t *dst = dst_;
+        const uint8_t *src = src_;
+        for (size_t j = 0; j < len-i; j++) {
+            dst[i + j] = src[i+7 - j];
+        }
+    }
 }
 
 /*

sys/include/hashes/sha384.h

@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    sys_hashes_sha384 SHA-384
+ * @ingroup     sys_hashes_unkeyed
+ * @brief       Implementation of the SHA-384 hashing function
+ * @{
+ *
+ * @file
+ * @brief       Header definitions for the SHA384 hash function
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ */
+
+#ifndef HASHES_SHA384_H
+#define HASHES_SHA384_H
+
+#include <inttypes.h>
+#include <stddef.h>
+
+#include "hashes/sha512_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief   Length of SHA384 digests in bytes
+ */
+#define SHA384_DIGEST_LENGTH (48)
+
+/**
+ * @brief 1024 Bit (128 Byte) internally used block size for sha384
+ */
+#define SHA384_INTERNAL_BLOCK_SIZE (128)
+
+/**
+ * @brief Context for cipher operations based on sha384
+ */
+typedef sha512_common_context_t sha384_context_t;
+
+/**
+ * @brief SHA-384 initialization.  Begins a SHA-384 operation.
+ *
+ * @param ctx  sha384_context_t handle to init, must not be NULL
+ */
+void sha384_init(sha384_context_t *ctx);
+
+/**
+ * @brief Add bytes into the hash
+ *
+ * @param ctx      sha384_context_t handle to use, must not be NULL
+ * @param[in] data Input data
+ * @param[in] len  Length of @p data
+ */
+static inline void sha384_update(sha384_context_t *ctx, const void *data, size_t len)
+{
+    sha512_common_update(ctx, data, len);
+}
+
+/**
+ * @brief SHA-384 finalization.  Pads the input data, exports the hash value,
+ * and clears the context state.
+ *
+ * @param ctx           sha384_context_t handle to use, must not be NULL
+ * @param[out] digest   pointer to resulting digest, this is the hash of all the bytes.
+ *                      Length must be at least SHA384_DIGEST_LENGTH
+ */
+static inline void sha384_final(sha384_context_t *ctx, void *digest)
+{
+    sha512_common_final(ctx, digest, SHA384_DIGEST_LENGTH);
+}
+
+/**
+ * @brief A wrapper function to simplify the generation of a hash. This is
+ * useful for generating sha384 for one single buffer in a single step.
+ *
+ * @param[in] data      pointer to the buffer to generate hash from
+ * @param[in] len       length of the buffer
+ * @param[out] digest   optional pointer to an array for the result, length must
+ *                      be at least SHA384_DIGEST_LENGTH
+ */
+void sha384(const void *data, size_t len, void *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+/** @} */
+#endif /* HASHES_SHA384_H */

sys/include/hashes/sha512_224.h

@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    sys_hashes_sha512_224 SHA-512/224
+ * @ingroup     sys_hashes_unkeyed
+ * @brief       Implementation of the SHA-512/224 hashing function
+ * @{
+ *
+ * @file
+ * @brief       Header definitions for the SHA512/224 hash function
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ */
+
+#ifndef HASHES_SHA512_224_H
+#define HASHES_SHA512_224_H
+
+#include <inttypes.h>
+#include <stddef.h>
+
+#include "hashes/sha512_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief   Length of SHA512_224 digests in bytes
+ */
+#define SHA512_224_DIGEST_LENGTH (28)
+
+/**
+ * @brief 1024 Bit (128 Byte) internally used block size for sha512_224
+ */
+#define SHA512_224_INTERNAL_BLOCK_SIZE (128)
+
+/**
+ * @brief Context for cipher operations based on sha512_224
+ */
+typedef sha512_common_context_t sha512_224_context_t;
+
+/**
+ * @brief SHA-512/224 initialization.  Begins a SHA-512/224 operation.
+ *
+ * @param ctx  sha512_224_context_t handle to init, must not be NULL
+ */
+void sha512_224_init(sha512_224_context_t *ctx);
+
+/**
+ * @brief Add bytes into the hash
+ *
+ * @param ctx      sha512_224_context_t handle to use, must not be NULL
+ * @param[in] data Input data
+ * @param[in] len  Length of @p data
+ */
+static inline void sha512_224_update(sha512_224_context_t *ctx, const void *data, size_t len)
+{
+    sha512_common_update(ctx, data, len);
+}
+
+/**
+ * @brief SHA-512/224 finalization.  Pads the input data, exports the hash value,
+ * and clears the context state.
+ *
+ * @param ctx           sha512_224_context_t handle to use, must not be NULL
+ * @param[out] digest   pointer to resulting digest, this is the hash of all the bytes.
+ *                      Length must be at least SHA512_224_DIGEST_LENGTH
+ */
+static inline void sha512_224_final(sha512_224_context_t *ctx, void *digest)
+{
+    sha512_common_final(ctx, digest, SHA512_224_DIGEST_LENGTH);
+}
+
+/**
+ * @brief A wrapper function to simplify the generation of a hash. This is
+ * useful for generating sha512_224 for one single buffer in a single step.
+ *
+ * @param[in] data      pointer to the buffer to generate hash from
+ * @param[in] len       length of the buffer
+ * @param[out] digest   optional pointer to an array for the result, length must
+ *                      be at least SHA512_224_DIGEST_LENGTH
+ */
+void sha512_224(const void *data, size_t len, void *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+/** @} */
+#endif /* HASHES_SHA512_224_H */

sys/include/hashes/sha512_256.h

@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    sys_hashes_sha512_256 SHA-512/256
+ * @ingroup     sys_hashes_unkeyed
+ * @brief       Implementation of the SHA-512/256 hashing function
+ * @{
+ *
+ * @file
+ * @brief       Header definitions for the SHA512/256 hash function
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ */
+
+#ifndef HASHES_SHA512_256_H
+#define HASHES_SHA512_256_H
+
+#include <inttypes.h>
+#include <stddef.h>
+
+#include "hashes/sha512_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief   Length of SHA512_256 digests in bytes
+ */
+#define SHA512_256_DIGEST_LENGTH (32)
+
+/**
+ * @brief 1024 Bit (128 Byte) internally used block size for sha512_256
+ */
+#define SHA512_256_INTERNAL_BLOCK_SIZE (128)
+
+/**
+ * @brief Context for cipher operations based on sha512_256
+ */
+typedef sha512_common_context_t sha512_256_context_t;
+
+/**
+ * @brief SHA-512/256 initialization.  Begins a SHA-512/256 operation.
+ *
+ * @param ctx  sha512_256_context_t handle to init, must not be NULL
+ */
+void sha512_256_init(sha512_256_context_t *ctx);
+
+/**
+ * @brief Add bytes into the hash
+ *
+ * @param ctx      sha512_256_context_t handle to use, must not be NULL
+ * @param[in] data Input data
+ * @param[in] len  Length of @p data
+ */
+static inline void sha512_256_update(sha512_256_context_t *ctx, const void *data, size_t len)
+{
+    sha512_common_update(ctx, data, len);
+}
+
+/**
+ * @brief SHA-512/256 finalization.  Pads the input data, exports the hash value,
+ * and clears the context state.
+ *
+ * @param ctx           sha512_256_context_t handle to use, must not be NULL
+ * @param[out] digest   pointer to resulting digest, this is the hash of all the bytes.
+ *                      Length must be at least SHA512_256_DIGEST_LENGTH
+ */
+static inline void sha512_256_final(sha512_256_context_t *ctx, void *digest)
+{
+    sha512_common_final(ctx, digest, SHA512_256_DIGEST_LENGTH);
+}
+
+/**
+ * @brief A wrapper function to simplify the generation of a hash. This is
+ * useful for generating sha512_256 for one single buffer in a single step.
+ *
+ * @param[in] data      pointer to the buffer to generate hash from
+ * @param[in] len       length of the buffer
+ * @param[out] digest   optional pointer to an array for the result, length must
+ *                      be at least SHA512_256_DIGEST_LENGTH
+ */
+void sha512_256(const void *data, size_t len, void *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+/** @} */
+#endif /* HASHES_SHA512_256_H */

tests/unittests/tests-hashes/tests-hashes-sha224.c

@@ -80,14 +80,14 @@ static const unsigned char hlong_sequence[] =
 
 static int calc_and_compare_hash(const char *str, const unsigned char *expected)
 {
-    static unsigned char hash[28];
+    static unsigned char hash[SHA224_DIGEST_LENGTH];
     sha224_context_t sha224;
 
     sha224_init(&sha224);
     sha224_update(&sha224, (uint8_t*)str, strlen(str));
     sha224_final(&sha224, hash);
 
-    return (memcmp(expected, hash, 28) == 0);
+    return (memcmp(expected, hash, SHA224_DIGEST_LENGTH) == 0);
 }
 
 static int calc_and_compare_hash_wrapper(const char *str, const unsigned char *expected)
@@ -120,7 +120,7 @@ static void test_hashes_sha224_hash_sequence_abc_long(void)
     TEST_ASSERT(calc_and_compare_hash_wrapper(teststring, h_abc_long));
 }
 
-static void test_hashes_sha256_hash_long_sequence(void)
+static void test_hashes_sha224_hash_long_sequence(void)
 {
     static const char *teststring =
         {"RIOT is an open-source microkernel-based operating system, designed"
@@ -139,7 +139,7 @@ Test *tests_hashes_sha224_tests(void)
         new_TestFixture(test_hashes_sha224_hash_sequence_empty),
         new_TestFixture(test_hashes_sha224_hash_sequence_abc),
         new_TestFixture(test_hashes_sha224_hash_sequence_abc_long),
-        new_TestFixture(test_hashes_sha256_hash_long_sequence),
+        new_TestFixture(test_hashes_sha224_hash_long_sequence),
     };
 
     EMB_UNIT_TESTCALLER(hashes_sha224_tests, NULL, NULL,

tests/unittests/tests-hashes/tests-hashes-sha384.c

@@ -0,0 +1,204 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+ /**
+ * @ingroup     unittests
+ * @{
+ *
+ * @file
+ * @brief       testcases for the sha384 implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "embUnit/embUnit.h"
+
+#include "hashes/sha384.h"
+
+#include "tests-hashes.h"
+
+/**
+ * Hashes obtained using:
+ * h=$(echo -n '<test string>' | sha384sum - | cut -d ' ' -f1); s=$(echo $h | sed -e 's/../0x&, /g' | sed 's/, $//'); echo $h; echo {$s};
+ *
+ * where <test string> is the message to hash
+ */
+
+/**
+ * @brief expected hash for test empty
+ * i.e. 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
+ */
+static const unsigned char h_empty[] =
+   {0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
+    0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
+    0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b};
+static const char *s_empty = "";
+
+/**
+ * @brief expected hash for "abc"
+ *        (from FIPS 180-2 Appendix D.1)
+ * i.e. cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7
+ */
+static const unsigned char h_abc[] =
+   {0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
+    0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
+    0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7};
+static const char *s_abc = "abc";
+/**
+ * @brief expected hash for FIPS 180-2 Appendix D.2
+ * i.e. 09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039
+ */
+static const unsigned char h_abc_long[] =
+   {0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
+    0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
+    0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39};
+static const char *s_abc_long =
+    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijkl"
+    "mnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
+
+/**
+ * @brief expected hash for test long_sequence
+ * i.e. 1c2aaa49583a5f5507612ddfa87d75a4bfc384c25ed2eca878d77e1614217272b7aee62dc51432fb9b91d773798d3fc1
+ */
+static const unsigned char h_long_sequence[] =
+   {0x1c, 0x2a, 0xaa, 0x49, 0x58, 0x3a, 0x5f, 0x55, 0x07, 0x61, 0x2d, 0xdf, 0xa8, 0x7d, 0x75, 0xa4,
+    0xbf, 0xc3, 0x84, 0xc2, 0x5e, 0xd2, 0xec, 0xa8, 0x78, 0xd7, 0x7e, 0x16, 0x14, 0x21, 0x72, 0x72,
+    0xb7, 0xae, 0xe6, 0x2d, 0xc5, 0x14, 0x32, 0xfb, 0x9b, 0x91, 0xd7, 0x73, 0x79, 0x8d, 0x3f, 0xc1};
+static const char *s_long_sequence =
+    {"RIOT is an open-source microkernel-based operating system, designed"
+    " to match the requirements of Internet of Things (IoT) devices and"
+    " other embedded devices. These requirements include a very low memory"
+    " footprint (on the order of a few kilobytes), high energy efficiency"
+    ", real-time capabilities, communication stacks for both wireless and"
+    " wired networks, and support for a wide range of low-power hardware."};
+
+/**
+ * @brief expected hash for { 0xC0, 0xFF, 0xEE }
+ * i.e. 011f360db636cfa4c7a61768ad917fe3d95a6bd88a7968ce437b00b63a32b0da911329488b8571224e4245250b62ba86
+ *
+ * obtained using:
+ * h=$(printf '\xc0\xff\xee' | sha384sum - | cut -d ' ' -f1); s=$(echo $h | sed -e 's/../0x&, /g' | sed 's/, $//'); echo $h; echo {$s};
+ */
+static const unsigned char h_coffee[] =
+   {0x01, 0x1f, 0x36, 0x0d, 0xb6, 0x36, 0xcf, 0xa4, 0xc7, 0xa6, 0x17, 0x68, 0xad, 0x91, 0x7f, 0xe3,
+    0xd9, 0x5a, 0x6b, 0xd8, 0x8a, 0x79, 0x68, 0xce, 0x43, 0x7b, 0x00, 0xb6, 0x3a, 0x32, 0xb0, 0xda,
+    0x91, 0x13, 0x29, 0x48, 0x8b, 0x85, 0x71, 0x22, 0x4e, 0x42, 0x45, 0x25, 0x0b, 0x62, 0xba, 0x86};
+static const uint8_t s_coffe[] = { 0xC0, 0xFF, 0xEE };
+
+static int calc_and_compare_hash(const char *str, const unsigned char *expected)
+{
+    static unsigned char hash[SHA384_DIGEST_LENGTH];
+    sha384_context_t sha384;
+
+    sha384_init(&sha384);
+    sha384_update(&sha384, (uint8_t*)str, strlen(str));
+    sha384_final(&sha384, hash);
+
+    return (memcmp(expected, hash, SHA384_DIGEST_LENGTH) == 0);
+}
+
+static int calc_and_compare_hash_wrapper(const char *str, const unsigned char *expected)
+{
+    static unsigned char hash[SHA384_DIGEST_LENGTH];
+
+    sha384((uint8_t*)str, strlen(str), hash);
+
+    return (memcmp(expected, hash, SHA384_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha384_hash_sequence_empty(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_empty, h_empty));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_empty, h_empty));
+}
+
+static void test_hashes_sha384_hash_sequence_abc(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_abc, h_abc));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_abc, h_abc));
+}
+
+static void test_hashes_sha384_hash_sequence_abc_long(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_abc_long, h_abc_long));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_abc_long, h_abc_long));
+}
+
+static void test_hashes_sha384_hash_long_sequence(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_long_sequence, h_long_sequence));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_long_sequence, h_long_sequence));
+}
+
+static void test_hashes_sha384_hash_sequence_binary(void)
+{
+    static uint8_t hash[SHA384_DIGEST_LENGTH];
+    sha384(s_coffe, sizeof(s_coffe), hash);
+    TEST_ASSERT(memcmp(h_coffee, hash, SHA384_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha384_hash_update_twice(void)
+{
+    static const char teststring[] = "abcdef";
+
+    static uint8_t hash_update_once[SHA384_DIGEST_LENGTH];
+    static uint8_t hash_update_twice[SHA384_DIGEST_LENGTH];
+    sha384_context_t sha384;
+
+    sha384_init(&sha384);
+    sha384_update(&sha384, (uint8_t*)teststring, sizeof(teststring));
+    sha384_final(&sha384, hash_update_once);
+
+    sha384_init(&sha384);
+    sha384_update(&sha384, (uint8_t*)teststring, 3);
+    sha384_update(&sha384, (uint8_t*)&teststring[3], sizeof(teststring)-3);
+    sha384_final(&sha384, hash_update_twice);
+
+    TEST_ASSERT(memcmp(hash_update_once, hash_update_twice, SHA384_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha384_hash_clear_ctx(void)
+{
+    static uint8_t hash[SHA384_DIGEST_LENGTH];
+    sha384_context_t sha384;
+
+    sha384_init(&sha384);
+    sha384_update(&sha384, s_empty, strlen(s_empty));
+    sha384_final(&sha384, hash);
+
+    TEST_ASSERT(memcmp(h_empty, hash, SHA384_DIGEST_LENGTH) == 0);
+    for (size_t i=0; i<sizeof(sha384_context_t); i++) {
+        if (((uint8_t*)&sha384)[i] != 0)
+            TEST_FAIL("sha384_context_t not completely cleared.");
+    }
+}
+
+Test *tests_hashes_sha384_tests(void)
+{
+    EMB_UNIT_TESTFIXTURES(fixtures) {
+        new_TestFixture(test_hashes_sha384_hash_sequence_empty),
+        new_TestFixture(test_hashes_sha384_hash_sequence_abc),
+        new_TestFixture(test_hashes_sha384_hash_sequence_abc_long),
+        new_TestFixture(test_hashes_sha384_hash_long_sequence),
+        new_TestFixture(test_hashes_sha384_hash_sequence_binary),
+        new_TestFixture(test_hashes_sha384_hash_update_twice),
+        new_TestFixture(test_hashes_sha384_hash_clear_ctx),
+    };
+
+    EMB_UNIT_TESTCALLER(hashes_sha384_tests, NULL, NULL,
+                        fixtures);
+
+    return (Test *)&hashes_sha384_tests;
+}

tests/unittests/tests-hashes/tests-hashes-sha512_224.c

@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+ /**
+ * @ingroup     unittests
+ * @{
+ *
+ * @file
+ * @brief       testcases for the sha512_224 implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "embUnit/embUnit.h"
+
+#include "hashes/sha512_224.h"
+
+#include "tests-hashes.h"
+
+/**
+ * Hashes obtained using https://emn178.github.io/online-tools/sha512_224.html
+ * C-array generated with
+ * s=$(echo $hash | sed -e 's/../0x&, /g' | sed 's/, $//'); echo $s;
+ *
+ * where $hash is the hash of the given string
+ */
+
+/**
+ * @brief expected hash for test empty
+ * i.e. 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4
+ */
+static const unsigned char h_empty[] =
+   {0x6e, 0xd0, 0xdd, 0x02, 0x80, 0x6f, 0xa8, 0x9e, 0x25, 0xde, 0x06, 0x0c, 0x19, 0xd3,
+    0xac, 0x86, 0xca, 0xbb, 0x87, 0xd6, 0xa0, 0xdd, 0xd0, 0x5c, 0x33, 0x3b, 0x84, 0xf4};
+static const char *s_empty = "";
+
+/**
+ * @brief expected hash for "abc"
+ * i.e. 4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa
+ */
+static const unsigned char h_abc[] =
+   {0x46, 0x34, 0x27, 0x0f, 0x70, 0x7b, 0x6a, 0x54, 0xda, 0xae, 0x75, 0x30, 0x46, 0x08,
+    0x42, 0xe2, 0x0e, 0x37, 0xed, 0x26, 0x5c, 0xee, 0xe9, 0xa4, 0x3e, 0x89, 0x24, 0xaa};
+static const char *s_abc = "abc";
+/**
+ * @brief expected hash for string from FIPS 180-2 Appendix D.2
+ * i.e. 23fec5bb94d60b23308192640b0c453335d664734fe40e7268674af9
+ */
+static const unsigned char h_abc_long[] =
+   {0x23, 0xfe, 0xc5, 0xbb, 0x94, 0xd6, 0x0b, 0x23, 0x30, 0x81, 0x92, 0x64, 0x0b, 0x0c,
+    0x45, 0x33, 0x35, 0xd6, 0x64, 0x73, 0x4f, 0xe4, 0x0e, 0x72, 0x68, 0x67, 0x4a, 0xf9};
+static const char *s_abc_long =
+    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijkl"
+    "mnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
+
+/**
+ * @brief expected hash for test long_sequence
+ * i.e. 15d26dcdbf77989cc4534ce24b1d3ff9c607767787b96241e358d6b8
+ */
+static const unsigned char h_long_sequence[] =
+   {0x15, 0xd2, 0x6d, 0xcd, 0xbf, 0x77, 0x98, 0x9c, 0xc4, 0x53, 0x4c, 0xe2, 0x4b, 0x1d,
+    0x3f, 0xf9, 0xc6, 0x07, 0x76, 0x77, 0x87, 0xb9, 0x62, 0x41, 0xe3, 0x58, 0xd6, 0xb8};
+static const char *s_long_sequence =
+    {"RIOT is an open-source microkernel-based operating system, designed"
+    " to match the requirements of Internet of Things (IoT) devices and"
+    " other embedded devices. These requirements include a very low memory"
+    " footprint (on the order of a few kilobytes), high energy efficiency"
+    ", real-time capabilities, communication stacks for both wireless and"
+    " wired networks, and support for a wide range of low-power hardware."};
+
+/**
+ * @brief expected hash for { 0xC0, 0xFF, 0xEE }
+ * i.e. f16f1e9cf96b5b9caa0d5abd0aa2a10bdd0636d0d1c3de2b4c11e312
+ */
+static const unsigned char h_coffee[] =
+   {0xf1, 0x6f, 0x1e, 0x9c, 0xf9, 0x6b, 0x5b, 0x9c, 0xaa, 0x0d, 0x5a, 0xbd, 0x0a, 0xa2,
+    0xa1, 0x0b, 0xdd, 0x06, 0x36, 0xd0, 0xd1, 0xc3, 0xde, 0x2b, 0x4c, 0x11, 0xe3, 0x12};
+static const uint8_t s_coffe[] = { 0xC0, 0xFF, 0xEE };
+
+static int calc_and_compare_hash(const char *str, const unsigned char *expected)
+{
+    static unsigned char hash[SHA512_224_DIGEST_LENGTH];
+    sha512_224_context_t sha512_224;
+
+    sha512_224_init(&sha512_224);
+    sha512_224_update(&sha512_224, (uint8_t*)str, strlen(str));
+    sha512_224_final(&sha512_224, hash);
+
+    return (memcmp(expected, hash, SHA512_224_DIGEST_LENGTH) == 0);
+}
+
+static int calc_and_compare_hash_wrapper(const char *str, const unsigned char *expected)
+{
+    static unsigned char hash[SHA512_224_DIGEST_LENGTH];
+
+    sha512_224((uint8_t*)str, strlen(str), hash);
+
+    return (memcmp(expected, hash, SHA512_224_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha512_224_hash_sequence_empty(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_empty, h_empty));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_empty, h_empty));
+}
+
+static void test_hashes_sha512_224_hash_sequence_abc(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_abc, h_abc));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_abc, h_abc));
+}
+
+static void test_hashes_sha512_224_hash_sequence_abc_long(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_abc_long, h_abc_long));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_abc_long, h_abc_long));
+}
+
+static void test_hashes_sha512_224_hash_long_sequence(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_long_sequence, h_long_sequence));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_long_sequence, h_long_sequence));
+}
+
+static void test_hashes_sha512_224_hash_sequence_binary(void)
+{
+    static uint8_t hash[SHA512_224_DIGEST_LENGTH];
+    sha512_224(s_coffe, sizeof(s_coffe), hash);
+    TEST_ASSERT(memcmp(h_coffee, hash, SHA512_224_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha512_224_hash_update_twice(void)
+{
+    static const char teststring[] = "abcdef";
+
+    static uint8_t hash_update_once[SHA512_224_DIGEST_LENGTH];
+    static uint8_t hash_update_twice[SHA512_224_DIGEST_LENGTH];
+    sha512_224_context_t sha512_224;
+
+    sha512_224_init(&sha512_224);
+    sha512_224_update(&sha512_224, (uint8_t*)teststring, sizeof(teststring));
+    sha512_224_final(&sha512_224, hash_update_once);
+
+    sha512_224_init(&sha512_224);
+    sha512_224_update(&sha512_224, (uint8_t*)teststring, 3);
+    sha512_224_update(&sha512_224, (uint8_t*)&teststring[3], sizeof(teststring)-3);
+    sha512_224_final(&sha512_224, hash_update_twice);
+
+    TEST_ASSERT(memcmp(hash_update_once, hash_update_twice, SHA512_224_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha512_224_hash_clear_ctx(void)
+{
+    static uint8_t hash[SHA512_224_DIGEST_LENGTH];
+    sha512_224_context_t sha512_224;
+
+    sha512_224_init(&sha512_224);
+    sha512_224_update(&sha512_224, s_empty, strlen(s_empty));
+    sha512_224_final(&sha512_224, hash);
+
+    TEST_ASSERT(memcmp(h_empty, hash, SHA512_224_DIGEST_LENGTH) == 0);
+    for (size_t i=0; i<sizeof(sha512_224_context_t); i++) {
+        if (((uint8_t*)&sha512_224)[i] != 0)
+            TEST_FAIL("sha512_224_context_t not completely cleared.");
+    }
+}
+
+Test *tests_hashes_sha512_224_tests(void)
+{
+    EMB_UNIT_TESTFIXTURES(fixtures) {
+        new_TestFixture(test_hashes_sha512_224_hash_sequence_empty),
+        new_TestFixture(test_hashes_sha512_224_hash_sequence_abc),
+        new_TestFixture(test_hashes_sha512_224_hash_sequence_abc_long),
+        new_TestFixture(test_hashes_sha512_224_hash_long_sequence),
+        new_TestFixture(test_hashes_sha512_224_hash_sequence_binary),
+        new_TestFixture(test_hashes_sha512_224_hash_update_twice),
+        new_TestFixture(test_hashes_sha512_224_hash_clear_ctx),
+    };
+
+    EMB_UNIT_TESTCALLER(hashes_sha512_224_tests, NULL, NULL,
+                        fixtures);
+
+    return (Test *)&hashes_sha512_224_tests;
+}

tests/unittests/tests-hashes/tests-hashes-sha512_256.c

@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) 2023 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+ /**
+ * @ingroup     unittests
+ * @{
+ *
+ * @file
+ * @brief       testcases for the sha512_256 implementation
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "embUnit/embUnit.h"
+
+#include "hashes/sha512_256.h"
+
+#include "tests-hashes.h"
+
+/**
+ * Hashes obtained using https://emn178.github.io/online-tools/sha512_256.html
+ * C-array generated with
+ * s=$(echo $hash | sed -e 's/../0x&, /g' | sed 's/, $//'); echo $s;
+ *
+ * where $hash is the hash of the given string
+ */
+
+/**
+ * @brief expected hash for test empty
+ * i.e. c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a
+ */
+static const unsigned char h_empty[] =
+   {0xc6, 0x72, 0xb8, 0xd1, 0xef, 0x56, 0xed, 0x28, 0xab, 0x87, 0xc3, 0x62, 0x2c, 0x51, 0x14, 0x06,
+    0x9b, 0xdd, 0x3a, 0xd7, 0xb8, 0xf9, 0x73, 0x74, 0x98, 0xd0, 0xc0, 0x1e, 0xce, 0xf0, 0x96, 0x7a};
+static const char *s_empty = "";
+
+/**
+ * @brief expected hash for "abc"
+ * i.e. 53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23
+ */
+static const unsigned char h_abc[] =
+   {0x53, 0x04, 0x8e, 0x26, 0x81, 0x94, 0x1e, 0xf9, 0x9b, 0x2e, 0x29, 0xb7, 0x6b, 0x4c, 0x7d, 0xab,
+    0xe4, 0xc2, 0xd0, 0xc6, 0x34, 0xfc, 0x6d, 0x46, 0xe0, 0xe2, 0xf1, 0x31, 0x07, 0xe7, 0xaf, 0x23};
+static const char *s_abc = "abc";
+/**
+ * @brief expected hash for string from FIPS 180-2 Appendix D.2
+ * i.e. 3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a
+ */
+static const unsigned char h_abc_long[] =
+   {0x39, 0x28, 0xe1, 0x84, 0xfb, 0x86, 0x90, 0xf8, 0x40, 0xda, 0x39, 0x88, 0x12, 0x1d, 0x31, 0xbe,
+    0x65, 0xcb, 0x9d, 0x3e, 0xf8, 0x3e, 0xe6, 0x14, 0x6f, 0xea, 0xc8, 0x61, 0xe1, 0x9b, 0x56, 0x3a};
+static const char *s_abc_long =
+    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijkl"
+    "mnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
+
+/**
+ * @brief expected hash for test long_sequence
+ * i.e. 25c09a60bbdd1cd422bfd4c740c6c4a6acb734027e39e2ae7740858bd1022c5f
+ */
+static const unsigned char h_long_sequence[] =
+   {0x25, 0xc0, 0x9a, 0x60, 0xbb, 0xdd, 0x1c, 0xd4, 0x22, 0xbf, 0xd4, 0xc7, 0x40, 0xc6, 0xc4, 0xa6,
+    0xac, 0xb7, 0x34, 0x02, 0x7e, 0x39, 0xe2, 0xae, 0x77, 0x40, 0x85, 0x8b, 0xd1, 0x02, 0x2c, 0x5f};
+static const char *s_long_sequence =
+    {"RIOT is an open-source microkernel-based operating system, designed"
+    " to match the requirements of Internet of Things (IoT) devices and"
+    " other embedded devices. These requirements include a very low memory"
+    " footprint (on the order of a few kilobytes), high energy efficiency"
+    ", real-time capabilities, communication stacks for both wireless and"
+    " wired networks, and support for a wide range of low-power hardware."};
+
+/**
+ * @brief expected hash for { 0xC0, 0xFF, 0xEE }
+ * i.e. 22680446a2d2ec571ae5ec2b45f59c70211b5fcf44894c02bd242f7b05b24870
+ */
+static const unsigned char h_coffee[] =
+   {0x22, 0x68, 0x04, 0x46, 0xa2, 0xd2, 0xec, 0x57, 0x1a, 0xe5, 0xec, 0x2b, 0x45, 0xf5, 0x9c, 0x70,
+    0x21, 0x1b, 0x5f, 0xcf, 0x44, 0x89, 0x4c, 0x02, 0xbd, 0x24, 0x2f, 0x7b, 0x05, 0xb2, 0x48, 0x70};
+static const uint8_t s_coffe[] = { 0xC0, 0xFF, 0xEE };
+
+static int calc_and_compare_hash(const char *str, const unsigned char *expected)
+{
+    static unsigned char hash[SHA512_256_DIGEST_LENGTH];
+    sha512_256_context_t sha512_256;
+
+    sha512_256_init(&sha512_256);
+    sha512_256_update(&sha512_256, (uint8_t*)str, strlen(str));
+    sha512_256_final(&sha512_256, hash);
+
+    return (memcmp(expected, hash, SHA512_256_DIGEST_LENGTH) == 0);
+}
+
+static int calc_and_compare_hash_wrapper(const char *str, const unsigned char *expected)
+{
+    static unsigned char hash[SHA512_256_DIGEST_LENGTH];
+
+    sha512_256((uint8_t*)str, strlen(str), hash);
+
+    return (memcmp(expected, hash, SHA512_256_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha512_256_hash_sequence_empty(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_empty, h_empty));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_empty, h_empty));
+}
+
+static void test_hashes_sha512_256_hash_sequence_abc(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_abc, h_abc));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_abc, h_abc));
+}
+
+static void test_hashes_sha512_256_hash_sequence_abc_long(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_abc_long, h_abc_long));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_abc_long, h_abc_long));
+}
+
+static void test_hashes_sha512_256_hash_long_sequence(void)
+{
+    TEST_ASSERT(calc_and_compare_hash(s_long_sequence, h_long_sequence));
+    TEST_ASSERT(calc_and_compare_hash_wrapper(s_long_sequence, h_long_sequence));
+}
+
+static void test_hashes_sha512_256_hash_sequence_binary(void)
+{
+    static uint8_t hash[SHA512_256_DIGEST_LENGTH];
+    sha512_256(s_coffe, sizeof(s_coffe), hash);
+    TEST_ASSERT(memcmp(h_coffee, hash, SHA512_256_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha512_256_hash_update_twice(void)
+{
+    static const char teststring[] = "abcdef";
+
+    static uint8_t hash_update_once[SHA512_256_DIGEST_LENGTH];
+    static uint8_t hash_update_twice[SHA512_256_DIGEST_LENGTH];
+    sha512_256_context_t sha512_256;
+
+    sha512_256_init(&sha512_256);
+    sha512_256_update(&sha512_256, (uint8_t*)teststring, sizeof(teststring));
+    sha512_256_final(&sha512_256, hash_update_once);
+
+    sha512_256_init(&sha512_256);
+    sha512_256_update(&sha512_256, (uint8_t*)teststring, 3);
+    sha512_256_update(&sha512_256, (uint8_t*)&teststring[3], sizeof(teststring)-3);
+    sha512_256_final(&sha512_256, hash_update_twice);
+
+    TEST_ASSERT(memcmp(hash_update_once, hash_update_twice, SHA512_256_DIGEST_LENGTH) == 0);
+}
+
+static void test_hashes_sha512_256_hash_clear_ctx(void)
+{
+    static uint8_t hash[SHA512_256_DIGEST_LENGTH];
+    sha512_256_context_t sha512_256;
+
+    sha512_256_init(&sha512_256);
+    sha512_256_update(&sha512_256, s_empty, strlen(s_empty));
+    sha512_256_final(&sha512_256, hash);
+
+    TEST_ASSERT(memcmp(h_empty, hash, SHA512_256_DIGEST_LENGTH) == 0);
+    for (size_t i=0; i<sizeof(sha512_256_context_t); i++) {
+        if (((uint8_t*)&sha512_256)[i] != 0)
+            TEST_FAIL("sha512_256_context_t not completely cleared.");
+    }
+}
+
+Test *tests_hashes_sha512_256_tests(void)
+{
+    EMB_UNIT_TESTFIXTURES(fixtures) {
+        new_TestFixture(test_hashes_sha512_256_hash_sequence_empty),
+        new_TestFixture(test_hashes_sha512_256_hash_sequence_abc),
+        new_TestFixture(test_hashes_sha512_256_hash_sequence_abc_long),
+        new_TestFixture(test_hashes_sha512_256_hash_long_sequence),
+        new_TestFixture(test_hashes_sha512_256_hash_sequence_binary),
+        new_TestFixture(test_hashes_sha512_256_hash_update_twice),
+        new_TestFixture(test_hashes_sha512_256_hash_clear_ctx),
+    };
+
+    EMB_UNIT_TESTCALLER(hashes_sha512_256_tests, NULL, NULL,
+                        fixtures);
+
+    return (Test *)&hashes_sha512_256_tests;
+}

tests/unittests/tests-hashes/tests-hashes.c

@@ -29,6 +29,9 @@ void tests_hashes(void)
     TESTS_RUN(tests_hashes_sha256_tests());
     TESTS_RUN(tests_hashes_sha256_hmac_tests());
     TESTS_RUN(tests_hashes_sha256_chain_tests());
+    TESTS_RUN(tests_hashes_sha384_tests());
     TESTS_RUN(tests_hashes_sha512_tests());
+    TESTS_RUN(tests_hashes_sha512_224_tests());
+    TESTS_RUN(tests_hashes_sha512_256_tests());
     TESTS_RUN(tests_hashes_sha3_tests());
 }

tests/unittests/tests-hashes/tests-hashes.h

@@ -66,12 +66,33 @@ Test *tests_hashes_sha224_tests(void);
 Test *tests_hashes_sha256_tests(void);
 
 /**
- * @brief   Generates tests for hashes/sha2512.h
+ * @brief   Generates tests for hashes/sha384.h
+ *
+ * @return  embUnit tests if successful, NULL if not.
+ */
+Test *tests_hashes_sha384_tests(void);
+
+/**
+ * @brief   Generates tests for hashes/sha512.h
  *
  * @return  embUnit tests if successful, NULL if not.
  */
 Test *tests_hashes_sha512_tests(void);
 
+/**
+ * @brief   Generates tests for hashes/sha512_224.h
+ *
+ * @return  embUnit tests if successful, NULL if not.
+ */
+Test *tests_hashes_sha512_224_tests(void);
+
+/**
+ * @brief   Generates tests for hashes/sha512_256.h
+ *
+ * @return  embUnit tests if successful, NULL if not.
+ */
+Test *tests_hashes_sha512_256_tests(void);
+
 /**
  * @brief   Generates tests for hashes/sha256.h - hmac
  *