md.c (30128B)
1 /** 2 * \file md.c 3 * 4 * \brief Generic message digest wrapper for Mbed TLS 5 * 6 * \author Adriaan de Jong <dejong@fox-it.com> 7 * 8 * Copyright The Mbed TLS Contributors 9 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 10 */ 11 12 #include "common.h" 13 14 /* 15 * Availability of functions in this module is controlled by two 16 * feature macros: 17 * - MBEDTLS_MD_C enables the whole module; 18 * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing 19 * most hash metadata (everything except string names); is it 20 * automatically set whenever MBEDTLS_MD_C is defined. 21 * 22 * In this file, functions from MD_LIGHT are at the top, MD_C at the end. 23 * 24 * In the future we may want to change the contract of some functions 25 * (behaviour with NULL arguments) depending on whether MD_C is defined or 26 * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. 27 * 28 * For these reasons, we're keeping MD_LIGHT internal for now. 29 */ 30 #if defined(MBEDTLS_MD_LIGHT) 31 32 #include "mbedtls/md.h" 33 #include "md_wrap.h" 34 #include "mbedtls/platform_util.h" 35 #include "mbedtls/error.h" 36 37 #include "mbedtls/md5.h" 38 #include "mbedtls/ripemd160.h" 39 #include "mbedtls/sha1.h" 40 #include "mbedtls/sha256.h" 41 #include "mbedtls/sha512.h" 42 #include "mbedtls/sha3.h" 43 44 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 45 #include <psa/crypto.h> 46 #include "md_psa.h" 47 #include "psa_util_internal.h" 48 #endif 49 50 #if defined(MBEDTLS_MD_SOME_PSA) 51 #include "psa_crypto_core.h" 52 #endif 53 54 #include "mbedtls/platform.h" 55 56 #include <string.h> 57 58 #if defined(MBEDTLS_FS_IO) 59 #include <stdio.h> 60 #endif 61 62 /* See comment above MBEDTLS_MD_MAX_SIZE in md.h */ 63 #if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE 64 #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE" 65 #endif 66 67 #if defined(MBEDTLS_MD_C) 68 #define MD_INFO(type, out_size, block_size) type, out_size, block_size, 69 #else 70 #define MD_INFO(type, out_size, block_size) type, out_size, 71 #endif 72 73 #if defined(MBEDTLS_MD_CAN_MD5) 74 static const mbedtls_md_info_t mbedtls_md5_info = { 75 MD_INFO(MBEDTLS_MD_MD5, 16, 64) 76 }; 77 #endif 78 79 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 80 static const mbedtls_md_info_t mbedtls_ripemd160_info = { 81 MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64) 82 }; 83 #endif 84 85 #if defined(MBEDTLS_MD_CAN_SHA1) 86 static const mbedtls_md_info_t mbedtls_sha1_info = { 87 MD_INFO(MBEDTLS_MD_SHA1, 20, 64) 88 }; 89 #endif 90 91 #if defined(MBEDTLS_MD_CAN_SHA224) 92 static const mbedtls_md_info_t mbedtls_sha224_info = { 93 MD_INFO(MBEDTLS_MD_SHA224, 28, 64) 94 }; 95 #endif 96 97 #if defined(MBEDTLS_MD_CAN_SHA256) 98 static const mbedtls_md_info_t mbedtls_sha256_info = { 99 MD_INFO(MBEDTLS_MD_SHA256, 32, 64) 100 }; 101 #endif 102 103 #if defined(MBEDTLS_MD_CAN_SHA384) 104 static const mbedtls_md_info_t mbedtls_sha384_info = { 105 MD_INFO(MBEDTLS_MD_SHA384, 48, 128) 106 }; 107 #endif 108 109 #if defined(MBEDTLS_MD_CAN_SHA512) 110 static const mbedtls_md_info_t mbedtls_sha512_info = { 111 MD_INFO(MBEDTLS_MD_SHA512, 64, 128) 112 }; 113 #endif 114 115 #if defined(MBEDTLS_MD_CAN_SHA3_224) 116 static const mbedtls_md_info_t mbedtls_sha3_224_info = { 117 MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144) 118 }; 119 #endif 120 121 #if defined(MBEDTLS_MD_CAN_SHA3_256) 122 static const mbedtls_md_info_t mbedtls_sha3_256_info = { 123 MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136) 124 }; 125 #endif 126 127 #if defined(MBEDTLS_MD_CAN_SHA3_384) 128 static const mbedtls_md_info_t mbedtls_sha3_384_info = { 129 MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104) 130 }; 131 #endif 132 133 #if defined(MBEDTLS_MD_CAN_SHA3_512) 134 static const mbedtls_md_info_t mbedtls_sha3_512_info = { 135 MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72) 136 }; 137 #endif 138 139 const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) 140 { 141 switch (md_type) { 142 #if defined(MBEDTLS_MD_CAN_MD5) 143 case MBEDTLS_MD_MD5: 144 return &mbedtls_md5_info; 145 #endif 146 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 147 case MBEDTLS_MD_RIPEMD160: 148 return &mbedtls_ripemd160_info; 149 #endif 150 #if defined(MBEDTLS_MD_CAN_SHA1) 151 case MBEDTLS_MD_SHA1: 152 return &mbedtls_sha1_info; 153 #endif 154 #if defined(MBEDTLS_MD_CAN_SHA224) 155 case MBEDTLS_MD_SHA224: 156 return &mbedtls_sha224_info; 157 #endif 158 #if defined(MBEDTLS_MD_CAN_SHA256) 159 case MBEDTLS_MD_SHA256: 160 return &mbedtls_sha256_info; 161 #endif 162 #if defined(MBEDTLS_MD_CAN_SHA384) 163 case MBEDTLS_MD_SHA384: 164 return &mbedtls_sha384_info; 165 #endif 166 #if defined(MBEDTLS_MD_CAN_SHA512) 167 case MBEDTLS_MD_SHA512: 168 return &mbedtls_sha512_info; 169 #endif 170 #if defined(MBEDTLS_MD_CAN_SHA3_224) 171 case MBEDTLS_MD_SHA3_224: 172 return &mbedtls_sha3_224_info; 173 #endif 174 #if defined(MBEDTLS_MD_CAN_SHA3_256) 175 case MBEDTLS_MD_SHA3_256: 176 return &mbedtls_sha3_256_info; 177 #endif 178 #if defined(MBEDTLS_MD_CAN_SHA3_384) 179 case MBEDTLS_MD_SHA3_384: 180 return &mbedtls_sha3_384_info; 181 #endif 182 #if defined(MBEDTLS_MD_CAN_SHA3_512) 183 case MBEDTLS_MD_SHA3_512: 184 return &mbedtls_sha3_512_info; 185 #endif 186 default: 187 return NULL; 188 } 189 } 190 191 #if defined(MBEDTLS_MD_SOME_PSA) 192 static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info) 193 { 194 switch (info->type) { 195 #if defined(MBEDTLS_MD_MD5_VIA_PSA) 196 case MBEDTLS_MD_MD5: 197 return PSA_ALG_MD5; 198 #endif 199 #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA) 200 case MBEDTLS_MD_RIPEMD160: 201 return PSA_ALG_RIPEMD160; 202 #endif 203 #if defined(MBEDTLS_MD_SHA1_VIA_PSA) 204 case MBEDTLS_MD_SHA1: 205 return PSA_ALG_SHA_1; 206 #endif 207 #if defined(MBEDTLS_MD_SHA224_VIA_PSA) 208 case MBEDTLS_MD_SHA224: 209 return PSA_ALG_SHA_224; 210 #endif 211 #if defined(MBEDTLS_MD_SHA256_VIA_PSA) 212 case MBEDTLS_MD_SHA256: 213 return PSA_ALG_SHA_256; 214 #endif 215 #if defined(MBEDTLS_MD_SHA384_VIA_PSA) 216 case MBEDTLS_MD_SHA384: 217 return PSA_ALG_SHA_384; 218 #endif 219 #if defined(MBEDTLS_MD_SHA512_VIA_PSA) 220 case MBEDTLS_MD_SHA512: 221 return PSA_ALG_SHA_512; 222 #endif 223 #if defined(MBEDTLS_MD_SHA3_224_VIA_PSA) 224 case MBEDTLS_MD_SHA3_224: 225 return PSA_ALG_SHA3_224; 226 #endif 227 #if defined(MBEDTLS_MD_SHA3_256_VIA_PSA) 228 case MBEDTLS_MD_SHA3_256: 229 return PSA_ALG_SHA3_256; 230 #endif 231 #if defined(MBEDTLS_MD_SHA3_384_VIA_PSA) 232 case MBEDTLS_MD_SHA3_384: 233 return PSA_ALG_SHA3_384; 234 #endif 235 #if defined(MBEDTLS_MD_SHA3_512_VIA_PSA) 236 case MBEDTLS_MD_SHA3_512: 237 return PSA_ALG_SHA3_512; 238 #endif 239 default: 240 return PSA_ALG_NONE; 241 } 242 } 243 244 static int md_can_use_psa(const mbedtls_md_info_t *info) 245 { 246 psa_algorithm_t alg = psa_alg_of_md(info); 247 if (alg == PSA_ALG_NONE) { 248 return 0; 249 } 250 251 return psa_can_do_hash(alg); 252 } 253 #endif /* MBEDTLS_MD_SOME_PSA */ 254 255 void mbedtls_md_init(mbedtls_md_context_t *ctx) 256 { 257 /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */ 258 memset(ctx, 0, sizeof(mbedtls_md_context_t)); 259 } 260 261 void mbedtls_md_free(mbedtls_md_context_t *ctx) 262 { 263 if (ctx == NULL || ctx->md_info == NULL) { 264 return; 265 } 266 267 if (ctx->md_ctx != NULL) { 268 #if defined(MBEDTLS_MD_SOME_PSA) 269 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 270 psa_hash_abort(ctx->md_ctx); 271 } else 272 #endif 273 switch (ctx->md_info->type) { 274 #if defined(MBEDTLS_MD5_C) 275 case MBEDTLS_MD_MD5: 276 mbedtls_md5_free(ctx->md_ctx); 277 break; 278 #endif 279 #if defined(MBEDTLS_RIPEMD160_C) 280 case MBEDTLS_MD_RIPEMD160: 281 mbedtls_ripemd160_free(ctx->md_ctx); 282 break; 283 #endif 284 #if defined(MBEDTLS_SHA1_C) 285 case MBEDTLS_MD_SHA1: 286 mbedtls_sha1_free(ctx->md_ctx); 287 break; 288 #endif 289 #if defined(MBEDTLS_SHA224_C) 290 case MBEDTLS_MD_SHA224: 291 mbedtls_sha256_free(ctx->md_ctx); 292 break; 293 #endif 294 #if defined(MBEDTLS_SHA256_C) 295 case MBEDTLS_MD_SHA256: 296 mbedtls_sha256_free(ctx->md_ctx); 297 break; 298 #endif 299 #if defined(MBEDTLS_SHA384_C) 300 case MBEDTLS_MD_SHA384: 301 mbedtls_sha512_free(ctx->md_ctx); 302 break; 303 #endif 304 #if defined(MBEDTLS_SHA512_C) 305 case MBEDTLS_MD_SHA512: 306 mbedtls_sha512_free(ctx->md_ctx); 307 break; 308 #endif 309 #if defined(MBEDTLS_SHA3_C) 310 case MBEDTLS_MD_SHA3_224: 311 case MBEDTLS_MD_SHA3_256: 312 case MBEDTLS_MD_SHA3_384: 313 case MBEDTLS_MD_SHA3_512: 314 mbedtls_sha3_free(ctx->md_ctx); 315 break; 316 #endif 317 default: 318 /* Shouldn't happen */ 319 break; 320 } 321 mbedtls_free(ctx->md_ctx); 322 } 323 324 #if defined(MBEDTLS_MD_C) 325 if (ctx->hmac_ctx != NULL) { 326 mbedtls_zeroize_and_free(ctx->hmac_ctx, 327 2 * ctx->md_info->block_size); 328 } 329 #endif 330 331 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); 332 } 333 334 int mbedtls_md_clone(mbedtls_md_context_t *dst, 335 const mbedtls_md_context_t *src) 336 { 337 if (dst == NULL || dst->md_info == NULL || 338 src == NULL || src->md_info == NULL || 339 dst->md_info != src->md_info) { 340 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 341 } 342 343 #if defined(MBEDTLS_MD_SOME_PSA) 344 if (src->engine != dst->engine) { 345 /* This can happen with src set to legacy because PSA wasn't ready 346 * yet, and dst to PSA because it became ready in the meantime. 347 * We currently don't support that case (we'd need to re-allocate 348 * md_ctx to the size of the appropriate MD context). */ 349 return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; 350 } 351 352 if (src->engine == MBEDTLS_MD_ENGINE_PSA) { 353 psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx); 354 return mbedtls_md_error_from_psa(status); 355 } 356 #endif 357 358 switch (src->md_info->type) { 359 #if defined(MBEDTLS_MD5_C) 360 case MBEDTLS_MD_MD5: 361 mbedtls_md5_clone(dst->md_ctx, src->md_ctx); 362 break; 363 #endif 364 #if defined(MBEDTLS_RIPEMD160_C) 365 case MBEDTLS_MD_RIPEMD160: 366 mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx); 367 break; 368 #endif 369 #if defined(MBEDTLS_SHA1_C) 370 case MBEDTLS_MD_SHA1: 371 mbedtls_sha1_clone(dst->md_ctx, src->md_ctx); 372 break; 373 #endif 374 #if defined(MBEDTLS_SHA224_C) 375 case MBEDTLS_MD_SHA224: 376 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); 377 break; 378 #endif 379 #if defined(MBEDTLS_SHA256_C) 380 case MBEDTLS_MD_SHA256: 381 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); 382 break; 383 #endif 384 #if defined(MBEDTLS_SHA384_C) 385 case MBEDTLS_MD_SHA384: 386 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); 387 break; 388 #endif 389 #if defined(MBEDTLS_SHA512_C) 390 case MBEDTLS_MD_SHA512: 391 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); 392 break; 393 #endif 394 #if defined(MBEDTLS_SHA3_C) 395 case MBEDTLS_MD_SHA3_224: 396 case MBEDTLS_MD_SHA3_256: 397 case MBEDTLS_MD_SHA3_384: 398 case MBEDTLS_MD_SHA3_512: 399 mbedtls_sha3_clone(dst->md_ctx, src->md_ctx); 400 break; 401 #endif 402 default: 403 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 404 } 405 406 return 0; 407 } 408 409 #define ALLOC(type) \ 410 do { \ 411 ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ 412 if (ctx->md_ctx == NULL) \ 413 return MBEDTLS_ERR_MD_ALLOC_FAILED; \ 414 mbedtls_##type##_init(ctx->md_ctx); \ 415 } \ 416 while (0) 417 418 int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) 419 { 420 #if defined(MBEDTLS_MD_C) 421 if (ctx == NULL) { 422 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 423 } 424 #endif 425 if (md_info == NULL) { 426 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 427 } 428 429 ctx->md_info = md_info; 430 ctx->md_ctx = NULL; 431 #if defined(MBEDTLS_MD_C) 432 ctx->hmac_ctx = NULL; 433 #else 434 if (hmac != 0) { 435 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 436 } 437 #endif 438 439 #if defined(MBEDTLS_MD_SOME_PSA) 440 if (md_can_use_psa(ctx->md_info)) { 441 ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); 442 if (ctx->md_ctx == NULL) { 443 return MBEDTLS_ERR_MD_ALLOC_FAILED; 444 } 445 ctx->engine = MBEDTLS_MD_ENGINE_PSA; 446 } else 447 #endif 448 switch (md_info->type) { 449 #if defined(MBEDTLS_MD5_C) 450 case MBEDTLS_MD_MD5: 451 ALLOC(md5); 452 break; 453 #endif 454 #if defined(MBEDTLS_RIPEMD160_C) 455 case MBEDTLS_MD_RIPEMD160: 456 ALLOC(ripemd160); 457 break; 458 #endif 459 #if defined(MBEDTLS_SHA1_C) 460 case MBEDTLS_MD_SHA1: 461 ALLOC(sha1); 462 break; 463 #endif 464 #if defined(MBEDTLS_SHA224_C) 465 case MBEDTLS_MD_SHA224: 466 ALLOC(sha256); 467 break; 468 #endif 469 #if defined(MBEDTLS_SHA256_C) 470 case MBEDTLS_MD_SHA256: 471 ALLOC(sha256); 472 break; 473 #endif 474 #if defined(MBEDTLS_SHA384_C) 475 case MBEDTLS_MD_SHA384: 476 ALLOC(sha512); 477 break; 478 #endif 479 #if defined(MBEDTLS_SHA512_C) 480 case MBEDTLS_MD_SHA512: 481 ALLOC(sha512); 482 break; 483 #endif 484 #if defined(MBEDTLS_SHA3_C) 485 case MBEDTLS_MD_SHA3_224: 486 case MBEDTLS_MD_SHA3_256: 487 case MBEDTLS_MD_SHA3_384: 488 case MBEDTLS_MD_SHA3_512: 489 ALLOC(sha3); 490 break; 491 #endif 492 default: 493 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 494 } 495 496 #if defined(MBEDTLS_MD_C) 497 if (hmac != 0) { 498 ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); 499 if (ctx->hmac_ctx == NULL) { 500 mbedtls_md_free(ctx); 501 return MBEDTLS_ERR_MD_ALLOC_FAILED; 502 } 503 } 504 #endif 505 506 return 0; 507 } 508 #undef ALLOC 509 510 int mbedtls_md_starts(mbedtls_md_context_t *ctx) 511 { 512 #if defined(MBEDTLS_MD_C) 513 if (ctx == NULL || ctx->md_info == NULL) { 514 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 515 } 516 #endif 517 518 #if defined(MBEDTLS_MD_SOME_PSA) 519 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 520 psa_algorithm_t alg = psa_alg_of_md(ctx->md_info); 521 psa_hash_abort(ctx->md_ctx); 522 psa_status_t status = psa_hash_setup(ctx->md_ctx, alg); 523 return mbedtls_md_error_from_psa(status); 524 } 525 #endif 526 527 switch (ctx->md_info->type) { 528 #if defined(MBEDTLS_MD5_C) 529 case MBEDTLS_MD_MD5: 530 return mbedtls_md5_starts(ctx->md_ctx); 531 #endif 532 #if defined(MBEDTLS_RIPEMD160_C) 533 case MBEDTLS_MD_RIPEMD160: 534 return mbedtls_ripemd160_starts(ctx->md_ctx); 535 #endif 536 #if defined(MBEDTLS_SHA1_C) 537 case MBEDTLS_MD_SHA1: 538 return mbedtls_sha1_starts(ctx->md_ctx); 539 #endif 540 #if defined(MBEDTLS_SHA224_C) 541 case MBEDTLS_MD_SHA224: 542 return mbedtls_sha256_starts(ctx->md_ctx, 1); 543 #endif 544 #if defined(MBEDTLS_SHA256_C) 545 case MBEDTLS_MD_SHA256: 546 return mbedtls_sha256_starts(ctx->md_ctx, 0); 547 #endif 548 #if defined(MBEDTLS_SHA384_C) 549 case MBEDTLS_MD_SHA384: 550 return mbedtls_sha512_starts(ctx->md_ctx, 1); 551 #endif 552 #if defined(MBEDTLS_SHA512_C) 553 case MBEDTLS_MD_SHA512: 554 return mbedtls_sha512_starts(ctx->md_ctx, 0); 555 #endif 556 #if defined(MBEDTLS_SHA3_C) 557 case MBEDTLS_MD_SHA3_224: 558 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224); 559 case MBEDTLS_MD_SHA3_256: 560 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256); 561 case MBEDTLS_MD_SHA3_384: 562 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384); 563 case MBEDTLS_MD_SHA3_512: 564 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512); 565 #endif 566 default: 567 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 568 } 569 } 570 571 int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) 572 { 573 #if defined(MBEDTLS_MD_C) 574 if (ctx == NULL || ctx->md_info == NULL) { 575 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 576 } 577 #endif 578 579 #if defined(MBEDTLS_MD_SOME_PSA) 580 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 581 psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen); 582 return mbedtls_md_error_from_psa(status); 583 } 584 #endif 585 586 switch (ctx->md_info->type) { 587 #if defined(MBEDTLS_MD5_C) 588 case MBEDTLS_MD_MD5: 589 return mbedtls_md5_update(ctx->md_ctx, input, ilen); 590 #endif 591 #if defined(MBEDTLS_RIPEMD160_C) 592 case MBEDTLS_MD_RIPEMD160: 593 return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen); 594 #endif 595 #if defined(MBEDTLS_SHA1_C) 596 case MBEDTLS_MD_SHA1: 597 return mbedtls_sha1_update(ctx->md_ctx, input, ilen); 598 #endif 599 #if defined(MBEDTLS_SHA224_C) 600 case MBEDTLS_MD_SHA224: 601 return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 602 #endif 603 #if defined(MBEDTLS_SHA256_C) 604 case MBEDTLS_MD_SHA256: 605 return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 606 #endif 607 #if defined(MBEDTLS_SHA384_C) 608 case MBEDTLS_MD_SHA384: 609 return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 610 #endif 611 #if defined(MBEDTLS_SHA512_C) 612 case MBEDTLS_MD_SHA512: 613 return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 614 #endif 615 #if defined(MBEDTLS_SHA3_C) 616 case MBEDTLS_MD_SHA3_224: 617 case MBEDTLS_MD_SHA3_256: 618 case MBEDTLS_MD_SHA3_384: 619 case MBEDTLS_MD_SHA3_512: 620 return mbedtls_sha3_update(ctx->md_ctx, input, ilen); 621 #endif 622 default: 623 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 624 } 625 } 626 627 int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) 628 { 629 #if defined(MBEDTLS_MD_C) 630 if (ctx == NULL || ctx->md_info == NULL) { 631 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 632 } 633 #endif 634 635 #if defined(MBEDTLS_MD_SOME_PSA) 636 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 637 size_t size = ctx->md_info->size; 638 psa_status_t status = psa_hash_finish(ctx->md_ctx, 639 output, size, &size); 640 return mbedtls_md_error_from_psa(status); 641 } 642 #endif 643 644 switch (ctx->md_info->type) { 645 #if defined(MBEDTLS_MD5_C) 646 case MBEDTLS_MD_MD5: 647 return mbedtls_md5_finish(ctx->md_ctx, output); 648 #endif 649 #if defined(MBEDTLS_RIPEMD160_C) 650 case MBEDTLS_MD_RIPEMD160: 651 return mbedtls_ripemd160_finish(ctx->md_ctx, output); 652 #endif 653 #if defined(MBEDTLS_SHA1_C) 654 case MBEDTLS_MD_SHA1: 655 return mbedtls_sha1_finish(ctx->md_ctx, output); 656 #endif 657 #if defined(MBEDTLS_SHA224_C) 658 case MBEDTLS_MD_SHA224: 659 return mbedtls_sha256_finish(ctx->md_ctx, output); 660 #endif 661 #if defined(MBEDTLS_SHA256_C) 662 case MBEDTLS_MD_SHA256: 663 return mbedtls_sha256_finish(ctx->md_ctx, output); 664 #endif 665 #if defined(MBEDTLS_SHA384_C) 666 case MBEDTLS_MD_SHA384: 667 return mbedtls_sha512_finish(ctx->md_ctx, output); 668 #endif 669 #if defined(MBEDTLS_SHA512_C) 670 case MBEDTLS_MD_SHA512: 671 return mbedtls_sha512_finish(ctx->md_ctx, output); 672 #endif 673 #if defined(MBEDTLS_SHA3_C) 674 case MBEDTLS_MD_SHA3_224: 675 case MBEDTLS_MD_SHA3_256: 676 case MBEDTLS_MD_SHA3_384: 677 case MBEDTLS_MD_SHA3_512: 678 return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size); 679 #endif 680 default: 681 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 682 } 683 } 684 685 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, 686 unsigned char *output) 687 { 688 if (md_info == NULL) { 689 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 690 } 691 692 #if defined(MBEDTLS_MD_SOME_PSA) 693 if (md_can_use_psa(md_info)) { 694 size_t size = md_info->size; 695 psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info), 696 input, ilen, 697 output, size, &size); 698 return mbedtls_md_error_from_psa(status); 699 } 700 #endif 701 702 switch (md_info->type) { 703 #if defined(MBEDTLS_MD5_C) 704 case MBEDTLS_MD_MD5: 705 return mbedtls_md5(input, ilen, output); 706 #endif 707 #if defined(MBEDTLS_RIPEMD160_C) 708 case MBEDTLS_MD_RIPEMD160: 709 return mbedtls_ripemd160(input, ilen, output); 710 #endif 711 #if defined(MBEDTLS_SHA1_C) 712 case MBEDTLS_MD_SHA1: 713 return mbedtls_sha1(input, ilen, output); 714 #endif 715 #if defined(MBEDTLS_SHA224_C) 716 case MBEDTLS_MD_SHA224: 717 return mbedtls_sha256(input, ilen, output, 1); 718 #endif 719 #if defined(MBEDTLS_SHA256_C) 720 case MBEDTLS_MD_SHA256: 721 return mbedtls_sha256(input, ilen, output, 0); 722 #endif 723 #if defined(MBEDTLS_SHA384_C) 724 case MBEDTLS_MD_SHA384: 725 return mbedtls_sha512(input, ilen, output, 1); 726 #endif 727 #if defined(MBEDTLS_SHA512_C) 728 case MBEDTLS_MD_SHA512: 729 return mbedtls_sha512(input, ilen, output, 0); 730 #endif 731 #if defined(MBEDTLS_SHA3_C) 732 case MBEDTLS_MD_SHA3_224: 733 return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size); 734 case MBEDTLS_MD_SHA3_256: 735 return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size); 736 case MBEDTLS_MD_SHA3_384: 737 return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size); 738 case MBEDTLS_MD_SHA3_512: 739 return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size); 740 #endif 741 default: 742 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 743 } 744 } 745 746 unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) 747 { 748 if (md_info == NULL) { 749 return 0; 750 } 751 752 return md_info->size; 753 } 754 755 mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) 756 { 757 if (md_info == NULL) { 758 return MBEDTLS_MD_NONE; 759 } 760 761 return md_info->type; 762 } 763 764 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 765 int mbedtls_md_error_from_psa(psa_status_t status) 766 { 767 return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, 768 psa_generic_status_to_mbedtls); 769 } 770 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ 771 772 773 /************************************************************************ 774 * Functions above this separator are part of MBEDTLS_MD_LIGHT, * 775 * functions below are only available when MBEDTLS_MD_C is set. * 776 ************************************************************************/ 777 #if defined(MBEDTLS_MD_C) 778 779 /* 780 * Reminder: update profiles in x509_crt.c when adding a new hash! 781 */ 782 static const int supported_digests[] = { 783 784 #if defined(MBEDTLS_MD_CAN_SHA512) 785 MBEDTLS_MD_SHA512, 786 #endif 787 788 #if defined(MBEDTLS_MD_CAN_SHA384) 789 MBEDTLS_MD_SHA384, 790 #endif 791 792 #if defined(MBEDTLS_MD_CAN_SHA256) 793 MBEDTLS_MD_SHA256, 794 #endif 795 #if defined(MBEDTLS_MD_CAN_SHA224) 796 MBEDTLS_MD_SHA224, 797 #endif 798 799 #if defined(MBEDTLS_MD_CAN_SHA1) 800 MBEDTLS_MD_SHA1, 801 #endif 802 803 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 804 MBEDTLS_MD_RIPEMD160, 805 #endif 806 807 #if defined(MBEDTLS_MD_CAN_MD5) 808 MBEDTLS_MD_MD5, 809 #endif 810 811 #if defined(MBEDTLS_MD_CAN_SHA3_224) 812 MBEDTLS_MD_SHA3_224, 813 #endif 814 815 #if defined(MBEDTLS_MD_CAN_SHA3_256) 816 MBEDTLS_MD_SHA3_256, 817 #endif 818 819 #if defined(MBEDTLS_MD_CAN_SHA3_384) 820 MBEDTLS_MD_SHA3_384, 821 #endif 822 823 #if defined(MBEDTLS_MD_CAN_SHA3_512) 824 MBEDTLS_MD_SHA3_512, 825 #endif 826 827 MBEDTLS_MD_NONE 828 }; 829 830 const int *mbedtls_md_list(void) 831 { 832 return supported_digests; 833 } 834 835 typedef struct { 836 const char *md_name; 837 mbedtls_md_type_t md_type; 838 } md_name_entry; 839 840 static const md_name_entry md_names[] = { 841 #if defined(MBEDTLS_MD_CAN_MD5) 842 { "MD5", MBEDTLS_MD_MD5 }, 843 #endif 844 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 845 { "RIPEMD160", MBEDTLS_MD_RIPEMD160 }, 846 #endif 847 #if defined(MBEDTLS_MD_CAN_SHA1) 848 { "SHA1", MBEDTLS_MD_SHA1 }, 849 { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback 850 #endif 851 #if defined(MBEDTLS_MD_CAN_SHA224) 852 { "SHA224", MBEDTLS_MD_SHA224 }, 853 #endif 854 #if defined(MBEDTLS_MD_CAN_SHA256) 855 { "SHA256", MBEDTLS_MD_SHA256 }, 856 #endif 857 #if defined(MBEDTLS_MD_CAN_SHA384) 858 { "SHA384", MBEDTLS_MD_SHA384 }, 859 #endif 860 #if defined(MBEDTLS_MD_CAN_SHA512) 861 { "SHA512", MBEDTLS_MD_SHA512 }, 862 #endif 863 #if defined(MBEDTLS_MD_CAN_SHA3_224) 864 { "SHA3-224", MBEDTLS_MD_SHA3_224 }, 865 #endif 866 #if defined(MBEDTLS_MD_CAN_SHA3_256) 867 { "SHA3-256", MBEDTLS_MD_SHA3_256 }, 868 #endif 869 #if defined(MBEDTLS_MD_CAN_SHA3_384) 870 { "SHA3-384", MBEDTLS_MD_SHA3_384 }, 871 #endif 872 #if defined(MBEDTLS_MD_CAN_SHA3_512) 873 { "SHA3-512", MBEDTLS_MD_SHA3_512 }, 874 #endif 875 { NULL, MBEDTLS_MD_NONE }, 876 }; 877 878 const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) 879 { 880 if (NULL == md_name) { 881 return NULL; 882 } 883 884 const md_name_entry *entry = md_names; 885 while (entry->md_name != NULL && 886 strcmp(entry->md_name, md_name) != 0) { 887 ++entry; 888 } 889 890 return mbedtls_md_info_from_type(entry->md_type); 891 } 892 893 const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) 894 { 895 if (md_info == NULL) { 896 return NULL; 897 } 898 899 const md_name_entry *entry = md_names; 900 while (entry->md_type != MBEDTLS_MD_NONE && 901 entry->md_type != md_info->type) { 902 ++entry; 903 } 904 905 return entry->md_name; 906 } 907 908 const mbedtls_md_info_t *mbedtls_md_info_from_ctx( 909 const mbedtls_md_context_t *ctx) 910 { 911 if (ctx == NULL) { 912 return NULL; 913 } 914 915 return ctx->MBEDTLS_PRIVATE(md_info); 916 } 917 918 #if defined(MBEDTLS_FS_IO) 919 int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) 920 { 921 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 922 FILE *f; 923 size_t n; 924 mbedtls_md_context_t ctx; 925 unsigned char buf[1024]; 926 927 if (md_info == NULL) { 928 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 929 } 930 931 if ((f = fopen(path, "rb")) == NULL) { 932 return MBEDTLS_ERR_MD_FILE_IO_ERROR; 933 } 934 935 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ 936 mbedtls_setbuf(f, NULL); 937 938 mbedtls_md_init(&ctx); 939 940 if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { 941 goto cleanup; 942 } 943 944 if ((ret = mbedtls_md_starts(&ctx)) != 0) { 945 goto cleanup; 946 } 947 948 while ((n = fread(buf, 1, sizeof(buf), f)) > 0) { 949 if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) { 950 goto cleanup; 951 } 952 } 953 954 if (ferror(f) != 0) { 955 ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; 956 } else { 957 ret = mbedtls_md_finish(&ctx, output); 958 } 959 960 cleanup: 961 mbedtls_platform_zeroize(buf, sizeof(buf)); 962 fclose(f); 963 mbedtls_md_free(&ctx); 964 965 return ret; 966 } 967 #endif /* MBEDTLS_FS_IO */ 968 969 int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) 970 { 971 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 972 unsigned char sum[MBEDTLS_MD_MAX_SIZE]; 973 unsigned char *ipad, *opad; 974 975 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 976 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 977 } 978 979 if (keylen > (size_t) ctx->md_info->block_size) { 980 if ((ret = mbedtls_md_starts(ctx)) != 0) { 981 goto cleanup; 982 } 983 if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) { 984 goto cleanup; 985 } 986 if ((ret = mbedtls_md_finish(ctx, sum)) != 0) { 987 goto cleanup; 988 } 989 990 keylen = ctx->md_info->size; 991 key = sum; 992 } 993 994 ipad = (unsigned char *) ctx->hmac_ctx; 995 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 996 997 memset(ipad, 0x36, ctx->md_info->block_size); 998 memset(opad, 0x5C, ctx->md_info->block_size); 999 1000 mbedtls_xor(ipad, ipad, key, keylen); 1001 mbedtls_xor(opad, opad, key, keylen); 1002 1003 if ((ret = mbedtls_md_starts(ctx)) != 0) { 1004 goto cleanup; 1005 } 1006 if ((ret = mbedtls_md_update(ctx, ipad, 1007 ctx->md_info->block_size)) != 0) { 1008 goto cleanup; 1009 } 1010 1011 cleanup: 1012 mbedtls_platform_zeroize(sum, sizeof(sum)); 1013 1014 return ret; 1015 } 1016 1017 int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) 1018 { 1019 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 1020 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1021 } 1022 1023 return mbedtls_md_update(ctx, input, ilen); 1024 } 1025 1026 int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) 1027 { 1028 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1029 unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; 1030 unsigned char *opad; 1031 1032 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 1033 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1034 } 1035 1036 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 1037 1038 if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) { 1039 return ret; 1040 } 1041 if ((ret = mbedtls_md_starts(ctx)) != 0) { 1042 return ret; 1043 } 1044 if ((ret = mbedtls_md_update(ctx, opad, 1045 ctx->md_info->block_size)) != 0) { 1046 return ret; 1047 } 1048 if ((ret = mbedtls_md_update(ctx, tmp, 1049 ctx->md_info->size)) != 0) { 1050 return ret; 1051 } 1052 return mbedtls_md_finish(ctx, output); 1053 } 1054 1055 int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) 1056 { 1057 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1058 unsigned char *ipad; 1059 1060 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 1061 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1062 } 1063 1064 ipad = (unsigned char *) ctx->hmac_ctx; 1065 1066 if ((ret = mbedtls_md_starts(ctx)) != 0) { 1067 return ret; 1068 } 1069 return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size); 1070 } 1071 1072 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, 1073 const unsigned char *key, size_t keylen, 1074 const unsigned char *input, size_t ilen, 1075 unsigned char *output) 1076 { 1077 mbedtls_md_context_t ctx; 1078 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1079 1080 if (md_info == NULL) { 1081 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1082 } 1083 1084 mbedtls_md_init(&ctx); 1085 1086 if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) { 1087 goto cleanup; 1088 } 1089 1090 if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) { 1091 goto cleanup; 1092 } 1093 if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) { 1094 goto cleanup; 1095 } 1096 if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) { 1097 goto cleanup; 1098 } 1099 1100 cleanup: 1101 mbedtls_md_free(&ctx); 1102 1103 return ret; 1104 } 1105 1106 #endif /* MBEDTLS_MD_C */ 1107 1108 #endif /* MBEDTLS_MD_LIGHT */