1*4882a593Smuzhiyun /** 2*4882a593Smuzhiyun * \file md.h 3*4882a593Smuzhiyun * 4*4882a593Smuzhiyun * \brief Generic message digest wrapper 5*4882a593Smuzhiyun * 6*4882a593Smuzhiyun * \author Adriaan de Jong <dejong@fox-it.com> 7*4882a593Smuzhiyun * 8*4882a593Smuzhiyun * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 9*4882a593Smuzhiyun * SPDX-License-Identifier: Apache-2.0 10*4882a593Smuzhiyun * 11*4882a593Smuzhiyun * Licensed under the Apache License, Version 2.0 (the "License"); you may 12*4882a593Smuzhiyun * not use this file except in compliance with the License. 13*4882a593Smuzhiyun * You may obtain a copy of the License at 14*4882a593Smuzhiyun * 15*4882a593Smuzhiyun * http://www.apache.org/licenses/LICENSE-2.0 16*4882a593Smuzhiyun * 17*4882a593Smuzhiyun * Unless required by applicable law or agreed to in writing, software 18*4882a593Smuzhiyun * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19*4882a593Smuzhiyun * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20*4882a593Smuzhiyun * See the License for the specific language governing permissions and 21*4882a593Smuzhiyun * limitations under the License. 22*4882a593Smuzhiyun * 23*4882a593Smuzhiyun * This file is part of mbed TLS (https://tls.mbed.org) 24*4882a593Smuzhiyun */ 25*4882a593Smuzhiyun #ifndef MBEDTLS_MD_H 26*4882a593Smuzhiyun #define MBEDTLS_MD_H 27*4882a593Smuzhiyun 28*4882a593Smuzhiyun #include <stddef.h> 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ 31*4882a593Smuzhiyun #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ 32*4882a593Smuzhiyun #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ 33*4882a593Smuzhiyun #define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun #ifdef __cplusplus 36*4882a593Smuzhiyun extern "C" { 37*4882a593Smuzhiyun #endif 38*4882a593Smuzhiyun 39*4882a593Smuzhiyun typedef enum { 40*4882a593Smuzhiyun MBEDTLS_MD_NONE=0, 41*4882a593Smuzhiyun MBEDTLS_MD_MD2, 42*4882a593Smuzhiyun MBEDTLS_MD_MD4, 43*4882a593Smuzhiyun MBEDTLS_MD_MD5, 44*4882a593Smuzhiyun MBEDTLS_MD_SHA1, 45*4882a593Smuzhiyun MBEDTLS_MD_SHA224, 46*4882a593Smuzhiyun MBEDTLS_MD_SHA256, 47*4882a593Smuzhiyun MBEDTLS_MD_SHA384, 48*4882a593Smuzhiyun MBEDTLS_MD_SHA512, 49*4882a593Smuzhiyun MBEDTLS_MD_RIPEMD160 50*4882a593Smuzhiyun } mbedtls_md_type_t; 51*4882a593Smuzhiyun 52*4882a593Smuzhiyun #if defined(MBEDTLS_SHA512_C) 53*4882a593Smuzhiyun #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ 54*4882a593Smuzhiyun #else 55*4882a593Smuzhiyun #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */ 56*4882a593Smuzhiyun #endif 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun /** 59*4882a593Smuzhiyun * Opaque struct defined in md_internal.h 60*4882a593Smuzhiyun */ 61*4882a593Smuzhiyun typedef struct mbedtls_md_info_t mbedtls_md_info_t; 62*4882a593Smuzhiyun 63*4882a593Smuzhiyun /** 64*4882a593Smuzhiyun * Generic message digest context. 65*4882a593Smuzhiyun */ 66*4882a593Smuzhiyun typedef struct { 67*4882a593Smuzhiyun /** Information about the associated message digest */ 68*4882a593Smuzhiyun const mbedtls_md_info_t *md_info; 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun /** Digest-specific context */ 71*4882a593Smuzhiyun void *md_ctx; 72*4882a593Smuzhiyun 73*4882a593Smuzhiyun /** HMAC part of the context */ 74*4882a593Smuzhiyun void *hmac_ctx; 75*4882a593Smuzhiyun } mbedtls_md_context_t; 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun /** 78*4882a593Smuzhiyun * \brief Returns the list of digests supported by the generic digest module. 79*4882a593Smuzhiyun * 80*4882a593Smuzhiyun * \return a statically allocated array of digests, the last entry 81*4882a593Smuzhiyun * is 0. 82*4882a593Smuzhiyun */ 83*4882a593Smuzhiyun const int *mbedtls_md_list( void ); 84*4882a593Smuzhiyun 85*4882a593Smuzhiyun /** 86*4882a593Smuzhiyun * \brief Returns the message digest information associated with the 87*4882a593Smuzhiyun * given digest name. 88*4882a593Smuzhiyun * 89*4882a593Smuzhiyun * \param md_name Name of the digest to search for. 90*4882a593Smuzhiyun * 91*4882a593Smuzhiyun * \return The message digest information associated with md_name or 92*4882a593Smuzhiyun * NULL if not found. 93*4882a593Smuzhiyun */ 94*4882a593Smuzhiyun const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); 95*4882a593Smuzhiyun 96*4882a593Smuzhiyun /** 97*4882a593Smuzhiyun * \brief Returns the message digest information associated with the 98*4882a593Smuzhiyun * given digest type. 99*4882a593Smuzhiyun * 100*4882a593Smuzhiyun * \param md_type type of digest to search for. 101*4882a593Smuzhiyun * 102*4882a593Smuzhiyun * \return The message digest information associated with md_type or 103*4882a593Smuzhiyun * NULL if not found. 104*4882a593Smuzhiyun */ 105*4882a593Smuzhiyun const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun /** 108*4882a593Smuzhiyun * \brief Initialize a md_context (as NONE) 109*4882a593Smuzhiyun * This should always be called first. 110*4882a593Smuzhiyun * Prepares the context for mbedtls_md_setup() or mbedtls_md_free(). 111*4882a593Smuzhiyun */ 112*4882a593Smuzhiyun void mbedtls_md_init( mbedtls_md_context_t *ctx ); 113*4882a593Smuzhiyun 114*4882a593Smuzhiyun /** 115*4882a593Smuzhiyun * \brief Free and clear the internal structures of ctx. 116*4882a593Smuzhiyun * Can be called at any time after mbedtls_md_init(). 117*4882a593Smuzhiyun * Mandatory once mbedtls_md_setup() has been called. 118*4882a593Smuzhiyun */ 119*4882a593Smuzhiyun void mbedtls_md_free( mbedtls_md_context_t *ctx ); 120*4882a593Smuzhiyun 121*4882a593Smuzhiyun #if ! defined(MBEDTLS_DEPRECATED_REMOVED) 122*4882a593Smuzhiyun #if defined(MBEDTLS_DEPRECATED_WARNING) 123*4882a593Smuzhiyun #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 124*4882a593Smuzhiyun #else 125*4882a593Smuzhiyun #define MBEDTLS_DEPRECATED 126*4882a593Smuzhiyun #endif 127*4882a593Smuzhiyun /** 128*4882a593Smuzhiyun * \brief Select MD to use and allocate internal structures. 129*4882a593Smuzhiyun * Should be called after mbedtls_md_init() or mbedtls_md_free(). 130*4882a593Smuzhiyun * Makes it necessary to call mbedtls_md_free() later. 131*4882a593Smuzhiyun * 132*4882a593Smuzhiyun * \deprecated Superseded by mbedtls_md_setup() in 2.0.0 133*4882a593Smuzhiyun * 134*4882a593Smuzhiyun * \param ctx Context to set up. 135*4882a593Smuzhiyun * \param md_info Message digest to use. 136*4882a593Smuzhiyun * 137*4882a593Smuzhiyun * \returns \c 0 on success, 138*4882a593Smuzhiyun * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, 139*4882a593Smuzhiyun * \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. 140*4882a593Smuzhiyun */ 141*4882a593Smuzhiyun int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; 142*4882a593Smuzhiyun #undef MBEDTLS_DEPRECATED 143*4882a593Smuzhiyun #endif /* MBEDTLS_DEPRECATED_REMOVED */ 144*4882a593Smuzhiyun 145*4882a593Smuzhiyun /** 146*4882a593Smuzhiyun * \brief Select MD to use and allocate internal structures. 147*4882a593Smuzhiyun * Should be called after mbedtls_md_init() or mbedtls_md_free(). 148*4882a593Smuzhiyun * Makes it necessary to call mbedtls_md_free() later. 149*4882a593Smuzhiyun * 150*4882a593Smuzhiyun * \param ctx Context to set up. 151*4882a593Smuzhiyun * \param md_info Message digest to use. 152*4882a593Smuzhiyun * \param hmac 0 to save some memory if HMAC will not be used, 153*4882a593Smuzhiyun * non-zero is HMAC is going to be used with this context. 154*4882a593Smuzhiyun * 155*4882a593Smuzhiyun * \returns \c 0 on success, 156*4882a593Smuzhiyun * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, 157*4882a593Smuzhiyun * \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. 158*4882a593Smuzhiyun */ 159*4882a593Smuzhiyun int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); 160*4882a593Smuzhiyun 161*4882a593Smuzhiyun /** 162*4882a593Smuzhiyun * \brief Clone the state of an MD context 163*4882a593Smuzhiyun * 164*4882a593Smuzhiyun * \note The two contexts must have been setup to the same type 165*4882a593Smuzhiyun * (cloning from SHA-256 to SHA-512 make no sense). 166*4882a593Smuzhiyun * 167*4882a593Smuzhiyun * \warning Only clones the MD state, not the HMAC state! (for now) 168*4882a593Smuzhiyun * 169*4882a593Smuzhiyun * \param dst The destination context 170*4882a593Smuzhiyun * \param src The context to be cloned 171*4882a593Smuzhiyun * 172*4882a593Smuzhiyun * \return \c 0 on success, 173*4882a593Smuzhiyun * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. 174*4882a593Smuzhiyun */ 175*4882a593Smuzhiyun int mbedtls_md_clone( mbedtls_md_context_t *dst, 176*4882a593Smuzhiyun const mbedtls_md_context_t *src ); 177*4882a593Smuzhiyun 178*4882a593Smuzhiyun /** 179*4882a593Smuzhiyun * \brief Returns the size of the message digest output. 180*4882a593Smuzhiyun * 181*4882a593Smuzhiyun * \param md_info message digest info 182*4882a593Smuzhiyun * 183*4882a593Smuzhiyun * \return size of the message digest output in bytes. 184*4882a593Smuzhiyun */ 185*4882a593Smuzhiyun unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); 186*4882a593Smuzhiyun 187*4882a593Smuzhiyun /** 188*4882a593Smuzhiyun * \brief Returns the type of the message digest output. 189*4882a593Smuzhiyun * 190*4882a593Smuzhiyun * \param md_info message digest info 191*4882a593Smuzhiyun * 192*4882a593Smuzhiyun * \return type of the message digest output. 193*4882a593Smuzhiyun */ 194*4882a593Smuzhiyun mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); 195*4882a593Smuzhiyun 196*4882a593Smuzhiyun /** 197*4882a593Smuzhiyun * \brief Returns the name of the message digest output. 198*4882a593Smuzhiyun * 199*4882a593Smuzhiyun * \param md_info message digest info 200*4882a593Smuzhiyun * 201*4882a593Smuzhiyun * \return name of the message digest output. 202*4882a593Smuzhiyun */ 203*4882a593Smuzhiyun const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); 204*4882a593Smuzhiyun 205*4882a593Smuzhiyun /** 206*4882a593Smuzhiyun * \brief Prepare the context to digest a new message. 207*4882a593Smuzhiyun * Generally called after mbedtls_md_setup() or mbedtls_md_finish(). 208*4882a593Smuzhiyun * Followed by mbedtls_md_update(). 209*4882a593Smuzhiyun * 210*4882a593Smuzhiyun * \param ctx generic message digest context. 211*4882a593Smuzhiyun * 212*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 213*4882a593Smuzhiyun * verification fails. 214*4882a593Smuzhiyun */ 215*4882a593Smuzhiyun int mbedtls_md_starts( mbedtls_md_context_t *ctx ); 216*4882a593Smuzhiyun 217*4882a593Smuzhiyun /** 218*4882a593Smuzhiyun * \brief Generic message digest process buffer 219*4882a593Smuzhiyun * Called between mbedtls_md_starts() and mbedtls_md_finish(). 220*4882a593Smuzhiyun * May be called repeatedly. 221*4882a593Smuzhiyun * 222*4882a593Smuzhiyun * \param ctx Generic message digest context 223*4882a593Smuzhiyun * \param input buffer holding the datal 224*4882a593Smuzhiyun * \param ilen length of the input data 225*4882a593Smuzhiyun * 226*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 227*4882a593Smuzhiyun * verification fails. 228*4882a593Smuzhiyun */ 229*4882a593Smuzhiyun int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); 230*4882a593Smuzhiyun 231*4882a593Smuzhiyun /** 232*4882a593Smuzhiyun * \brief Generic message digest final digest 233*4882a593Smuzhiyun * Called after mbedtls_md_update(). 234*4882a593Smuzhiyun * Usually followed by mbedtls_md_free() or mbedtls_md_starts(). 235*4882a593Smuzhiyun * 236*4882a593Smuzhiyun * \param ctx Generic message digest context 237*4882a593Smuzhiyun * \param output Generic message digest checksum result 238*4882a593Smuzhiyun * 239*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 240*4882a593Smuzhiyun * verification fails. 241*4882a593Smuzhiyun */ 242*4882a593Smuzhiyun int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); 243*4882a593Smuzhiyun 244*4882a593Smuzhiyun /** 245*4882a593Smuzhiyun * \brief Output = message_digest( input buffer ) 246*4882a593Smuzhiyun * 247*4882a593Smuzhiyun * \param md_info message digest info 248*4882a593Smuzhiyun * \param input buffer holding the data 249*4882a593Smuzhiyun * \param ilen length of the input data 250*4882a593Smuzhiyun * \param output Generic message digest checksum result 251*4882a593Smuzhiyun * 252*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 253*4882a593Smuzhiyun * verification fails. 254*4882a593Smuzhiyun */ 255*4882a593Smuzhiyun int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, 256*4882a593Smuzhiyun unsigned char *output ); 257*4882a593Smuzhiyun 258*4882a593Smuzhiyun #if defined(MBEDTLS_FS_IO) 259*4882a593Smuzhiyun /** 260*4882a593Smuzhiyun * \brief Output = message_digest( file contents ) 261*4882a593Smuzhiyun * 262*4882a593Smuzhiyun * \param md_info message digest info 263*4882a593Smuzhiyun * \param path input file name 264*4882a593Smuzhiyun * \param output generic message digest checksum result 265*4882a593Smuzhiyun * 266*4882a593Smuzhiyun * \return 0 if successful, 267*4882a593Smuzhiyun * MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, 268*4882a593Smuzhiyun * MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL. 269*4882a593Smuzhiyun */ 270*4882a593Smuzhiyun int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, 271*4882a593Smuzhiyun unsigned char *output ); 272*4882a593Smuzhiyun #endif /* MBEDTLS_FS_IO */ 273*4882a593Smuzhiyun 274*4882a593Smuzhiyun /** 275*4882a593Smuzhiyun * \brief Set HMAC key and prepare to authenticate a new message. 276*4882a593Smuzhiyun * Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish(). 277*4882a593Smuzhiyun * 278*4882a593Smuzhiyun * \param ctx HMAC context 279*4882a593Smuzhiyun * \param key HMAC secret key 280*4882a593Smuzhiyun * \param keylen length of the HMAC key in bytes 281*4882a593Smuzhiyun * 282*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 283*4882a593Smuzhiyun * verification fails. 284*4882a593Smuzhiyun */ 285*4882a593Smuzhiyun int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, 286*4882a593Smuzhiyun size_t keylen ); 287*4882a593Smuzhiyun 288*4882a593Smuzhiyun /** 289*4882a593Smuzhiyun * \brief Generic HMAC process buffer. 290*4882a593Smuzhiyun * Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset() 291*4882a593Smuzhiyun * and mbedtls_md_hmac_finish(). 292*4882a593Smuzhiyun * May be called repeatedly. 293*4882a593Smuzhiyun * 294*4882a593Smuzhiyun * \param ctx HMAC context 295*4882a593Smuzhiyun * \param input buffer holding the data 296*4882a593Smuzhiyun * \param ilen length of the input data 297*4882a593Smuzhiyun * 298*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 299*4882a593Smuzhiyun * verification fails. 300*4882a593Smuzhiyun */ 301*4882a593Smuzhiyun int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, 302*4882a593Smuzhiyun size_t ilen ); 303*4882a593Smuzhiyun 304*4882a593Smuzhiyun /** 305*4882a593Smuzhiyun * \brief Output HMAC. 306*4882a593Smuzhiyun * Called after mbedtls_md_hmac_update(). 307*4882a593Smuzhiyun * Usually followed by mbedtls_md_hmac_reset(), 308*4882a593Smuzhiyun * mbedtls_md_hmac_starts(), or mbedtls_md_free(). 309*4882a593Smuzhiyun * 310*4882a593Smuzhiyun * \param ctx HMAC context 311*4882a593Smuzhiyun * \param output Generic HMAC checksum result 312*4882a593Smuzhiyun * 313*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 314*4882a593Smuzhiyun * verification fails. 315*4882a593Smuzhiyun */ 316*4882a593Smuzhiyun int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); 317*4882a593Smuzhiyun 318*4882a593Smuzhiyun /** 319*4882a593Smuzhiyun * \brief Prepare to authenticate a new message with the same key. 320*4882a593Smuzhiyun * Called after mbedtls_md_hmac_finish() and before 321*4882a593Smuzhiyun * mbedtls_md_hmac_update(). 322*4882a593Smuzhiyun * 323*4882a593Smuzhiyun * \param ctx HMAC context to be reset 324*4882a593Smuzhiyun * 325*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 326*4882a593Smuzhiyun * verification fails. 327*4882a593Smuzhiyun */ 328*4882a593Smuzhiyun int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); 329*4882a593Smuzhiyun 330*4882a593Smuzhiyun /** 331*4882a593Smuzhiyun * \brief Output = Generic_HMAC( hmac key, input buffer ) 332*4882a593Smuzhiyun * 333*4882a593Smuzhiyun * \param md_info message digest info 334*4882a593Smuzhiyun * \param key HMAC secret key 335*4882a593Smuzhiyun * \param keylen length of the HMAC key in bytes 336*4882a593Smuzhiyun * \param input buffer holding the data 337*4882a593Smuzhiyun * \param ilen length of the input data 338*4882a593Smuzhiyun * \param output Generic HMAC-result 339*4882a593Smuzhiyun * 340*4882a593Smuzhiyun * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 341*4882a593Smuzhiyun * verification fails. 342*4882a593Smuzhiyun */ 343*4882a593Smuzhiyun int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, 344*4882a593Smuzhiyun const unsigned char *input, size_t ilen, 345*4882a593Smuzhiyun unsigned char *output ); 346*4882a593Smuzhiyun 347*4882a593Smuzhiyun /* Internal use */ 348*4882a593Smuzhiyun int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); 349*4882a593Smuzhiyun 350*4882a593Smuzhiyun #ifdef __cplusplus 351*4882a593Smuzhiyun } 352*4882a593Smuzhiyun #endif 353*4882a593Smuzhiyun 354*4882a593Smuzhiyun #endif /* MBEDTLS_MD_H */ 355