1 /**
2 * \file md.c
3 *
4 * \brief Generic message digest wrapper for Mbed TLS
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
8 * Copyright The Mbed TLS Contributors
9 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10 */
11
12 #include "common.h"
13
14 /*
15 * Availability of functions in this module is controlled by two
16 * feature macros:
17 * - MBEDTLS_MD_C enables the whole module;
18 * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
19 * most hash metadata (everything except string names); is it
20 * automatically set whenever MBEDTLS_MD_C is defined.
21 *
22 * In this file, functions from MD_LIGHT are at the top, MD_C at the end.
23 *
24 * In the future we may want to change the contract of some functions
25 * (behaviour with NULL arguments) depending on whether MD_C is defined or
26 * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary.
27 *
28 * For these reasons, we're keeping MD_LIGHT internal for now.
29 */
30 #if defined(MBEDTLS_MD_LIGHT)
31
32 #include "mbedtls/md.h"
33 #include "md_wrap.h"
34 #include "mbedtls/platform_util.h"
35 #include "mbedtls/error.h"
36
37 #include "mbedtls/md5.h"
38 #include "mbedtls/ripemd160.h"
39 #include "mbedtls/sha1.h"
40 #include "mbedtls/sha256.h"
41 #include "mbedtls/sha512.h"
42 #include "mbedtls/sha3.h"
43
44 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
45 #include <psa/crypto.h>
46 #include "md_psa.h"
47 #include "psa_util_internal.h"
48 #endif
49
50 #if defined(MBEDTLS_MD_SOME_PSA)
51 #include "psa_crypto_core.h"
52 #endif
53
54 #include "mbedtls/platform.h"
55
56 #include <string.h>
57
58 #if defined(MBEDTLS_FS_IO)
59 #include <stdio.h>
60 #endif
61
62 /* See comment above MBEDTLS_MD_MAX_SIZE in md.h */
63 #if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE
64 #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE"
65 #endif
66
67 #if defined(MBEDTLS_MD_C)
68 #define MD_INFO(type, out_size, block_size) type, out_size, block_size,
69 #else
70 #define MD_INFO(type, out_size, block_size) type, out_size,
71 #endif
72
73 #if defined(MBEDTLS_MD_CAN_MD5)
74 static const mbedtls_md_info_t mbedtls_md5_info = {
75 MD_INFO(MBEDTLS_MD_MD5, 16, 64)
76 };
77 #endif
78
79 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
80 static const mbedtls_md_info_t mbedtls_ripemd160_info = {
81 MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64)
82 };
83 #endif
84
85 #if defined(MBEDTLS_MD_CAN_SHA1)
86 static const mbedtls_md_info_t mbedtls_sha1_info = {
87 MD_INFO(MBEDTLS_MD_SHA1, 20, 64)
88 };
89 #endif
90
91 #if defined(MBEDTLS_MD_CAN_SHA224)
92 static const mbedtls_md_info_t mbedtls_sha224_info = {
93 MD_INFO(MBEDTLS_MD_SHA224, 28, 64)
94 };
95 #endif
96
97 #if defined(MBEDTLS_MD_CAN_SHA256)
98 static const mbedtls_md_info_t mbedtls_sha256_info = {
99 MD_INFO(MBEDTLS_MD_SHA256, 32, 64)
100 };
101 #endif
102
103 #if defined(MBEDTLS_MD_CAN_SHA384)
104 static const mbedtls_md_info_t mbedtls_sha384_info = {
105 MD_INFO(MBEDTLS_MD_SHA384, 48, 128)
106 };
107 #endif
108
109 #if defined(MBEDTLS_MD_CAN_SHA512)
110 static const mbedtls_md_info_t mbedtls_sha512_info = {
111 MD_INFO(MBEDTLS_MD_SHA512, 64, 128)
112 };
113 #endif
114
115 #if defined(MBEDTLS_MD_CAN_SHA3_224)
116 static const mbedtls_md_info_t mbedtls_sha3_224_info = {
117 MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144)
118 };
119 #endif
120
121 #if defined(MBEDTLS_MD_CAN_SHA3_256)
122 static const mbedtls_md_info_t mbedtls_sha3_256_info = {
123 MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136)
124 };
125 #endif
126
127 #if defined(MBEDTLS_MD_CAN_SHA3_384)
128 static const mbedtls_md_info_t mbedtls_sha3_384_info = {
129 MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104)
130 };
131 #endif
132
133 #if defined(MBEDTLS_MD_CAN_SHA3_512)
134 static const mbedtls_md_info_t mbedtls_sha3_512_info = {
135 MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
136 };
137 #endif
138
mbedtls_md_info_from_type(mbedtls_md_type_t md_type)139 const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
140 {
141 switch (md_type) {
142 #if defined(MBEDTLS_MD_CAN_MD5)
143 case MBEDTLS_MD_MD5:
144 return &mbedtls_md5_info;
145 #endif
146 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
147 case MBEDTLS_MD_RIPEMD160:
148 return &mbedtls_ripemd160_info;
149 #endif
150 #if defined(MBEDTLS_MD_CAN_SHA1)
151 case MBEDTLS_MD_SHA1:
152 return &mbedtls_sha1_info;
153 #endif
154 #if defined(MBEDTLS_MD_CAN_SHA224)
155 case MBEDTLS_MD_SHA224:
156 return &mbedtls_sha224_info;
157 #endif
158 #if defined(MBEDTLS_MD_CAN_SHA256)
159 case MBEDTLS_MD_SHA256:
160 return &mbedtls_sha256_info;
161 #endif
162 #if defined(MBEDTLS_MD_CAN_SHA384)
163 case MBEDTLS_MD_SHA384:
164 return &mbedtls_sha384_info;
165 #endif
166 #if defined(MBEDTLS_MD_CAN_SHA512)
167 case MBEDTLS_MD_SHA512:
168 return &mbedtls_sha512_info;
169 #endif
170 #if defined(MBEDTLS_MD_CAN_SHA3_224)
171 case MBEDTLS_MD_SHA3_224:
172 return &mbedtls_sha3_224_info;
173 #endif
174 #if defined(MBEDTLS_MD_CAN_SHA3_256)
175 case MBEDTLS_MD_SHA3_256:
176 return &mbedtls_sha3_256_info;
177 #endif
178 #if defined(MBEDTLS_MD_CAN_SHA3_384)
179 case MBEDTLS_MD_SHA3_384:
180 return &mbedtls_sha3_384_info;
181 #endif
182 #if defined(MBEDTLS_MD_CAN_SHA3_512)
183 case MBEDTLS_MD_SHA3_512:
184 return &mbedtls_sha3_512_info;
185 #endif
186 default:
187 return NULL;
188 }
189 }
190
191 #if defined(MBEDTLS_MD_SOME_PSA)
psa_alg_of_md(const mbedtls_md_info_t * info)192 static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info)
193 {
194 switch (info->type) {
195 #if defined(MBEDTLS_MD_MD5_VIA_PSA)
196 case MBEDTLS_MD_MD5:
197 return PSA_ALG_MD5;
198 #endif
199 #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA)
200 case MBEDTLS_MD_RIPEMD160:
201 return PSA_ALG_RIPEMD160;
202 #endif
203 #if defined(MBEDTLS_MD_SHA1_VIA_PSA)
204 case MBEDTLS_MD_SHA1:
205 return PSA_ALG_SHA_1;
206 #endif
207 #if defined(MBEDTLS_MD_SHA224_VIA_PSA)
208 case MBEDTLS_MD_SHA224:
209 return PSA_ALG_SHA_224;
210 #endif
211 #if defined(MBEDTLS_MD_SHA256_VIA_PSA)
212 case MBEDTLS_MD_SHA256:
213 return PSA_ALG_SHA_256;
214 #endif
215 #if defined(MBEDTLS_MD_SHA384_VIA_PSA)
216 case MBEDTLS_MD_SHA384:
217 return PSA_ALG_SHA_384;
218 #endif
219 #if defined(MBEDTLS_MD_SHA512_VIA_PSA)
220 case MBEDTLS_MD_SHA512:
221 return PSA_ALG_SHA_512;
222 #endif
223 #if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
224 case MBEDTLS_MD_SHA3_224:
225 return PSA_ALG_SHA3_224;
226 #endif
227 #if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
228 case MBEDTLS_MD_SHA3_256:
229 return PSA_ALG_SHA3_256;
230 #endif
231 #if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
232 case MBEDTLS_MD_SHA3_384:
233 return PSA_ALG_SHA3_384;
234 #endif
235 #if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
236 case MBEDTLS_MD_SHA3_512:
237 return PSA_ALG_SHA3_512;
238 #endif
239 default:
240 return PSA_ALG_NONE;
241 }
242 }
243
md_can_use_psa(const mbedtls_md_info_t * info)244 static int md_can_use_psa(const mbedtls_md_info_t *info)
245 {
246 psa_algorithm_t alg = psa_alg_of_md(info);
247 if (alg == PSA_ALG_NONE) {
248 return 0;
249 }
250
251 return psa_can_do_hash(alg);
252 }
253 #endif /* MBEDTLS_MD_SOME_PSA */
254
mbedtls_md_init(mbedtls_md_context_t * ctx)255 void mbedtls_md_init(mbedtls_md_context_t *ctx)
256 {
257 /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */
258 memset(ctx, 0, sizeof(mbedtls_md_context_t));
259 }
260
mbedtls_md_free(mbedtls_md_context_t * ctx)261 void mbedtls_md_free(mbedtls_md_context_t *ctx)
262 {
263 if (ctx == NULL || ctx->md_info == NULL) {
264 return;
265 }
266
267 if (ctx->md_ctx != NULL) {
268 #if defined(MBEDTLS_MD_SOME_PSA)
269 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
270 psa_hash_abort(ctx->md_ctx);
271 } else
272 #endif
273 switch (ctx->md_info->type) {
274 #if defined(MBEDTLS_MD5_C)
275 case MBEDTLS_MD_MD5:
276 mbedtls_md5_free(ctx->md_ctx);
277 break;
278 #endif
279 #if defined(MBEDTLS_RIPEMD160_C)
280 case MBEDTLS_MD_RIPEMD160:
281 mbedtls_ripemd160_free(ctx->md_ctx);
282 break;
283 #endif
284 #if defined(MBEDTLS_SHA1_C)
285 case MBEDTLS_MD_SHA1:
286 mbedtls_sha1_free(ctx->md_ctx);
287 break;
288 #endif
289 #if defined(MBEDTLS_SHA224_C)
290 case MBEDTLS_MD_SHA224:
291 mbedtls_sha256_free(ctx->md_ctx);
292 break;
293 #endif
294 #if defined(MBEDTLS_SHA256_C)
295 case MBEDTLS_MD_SHA256:
296 mbedtls_sha256_free(ctx->md_ctx);
297 break;
298 #endif
299 #if defined(MBEDTLS_SHA384_C)
300 case MBEDTLS_MD_SHA384:
301 mbedtls_sha512_free(ctx->md_ctx);
302 break;
303 #endif
304 #if defined(MBEDTLS_SHA512_C)
305 case MBEDTLS_MD_SHA512:
306 mbedtls_sha512_free(ctx->md_ctx);
307 break;
308 #endif
309 #if defined(MBEDTLS_SHA3_C)
310 case MBEDTLS_MD_SHA3_224:
311 case MBEDTLS_MD_SHA3_256:
312 case MBEDTLS_MD_SHA3_384:
313 case MBEDTLS_MD_SHA3_512:
314 mbedtls_sha3_free(ctx->md_ctx);
315 break;
316 #endif
317 default:
318 /* Shouldn't happen */
319 break;
320 }
321 mbedtls_free(ctx->md_ctx);
322 }
323
324 #if defined(MBEDTLS_MD_C)
325 if (ctx->hmac_ctx != NULL) {
326 mbedtls_zeroize_and_free(ctx->hmac_ctx,
327 2 * ctx->md_info->block_size);
328 }
329 #endif
330
331 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t));
332 }
333
mbedtls_md_clone(mbedtls_md_context_t * dst,const mbedtls_md_context_t * src)334 int mbedtls_md_clone(mbedtls_md_context_t *dst,
335 const mbedtls_md_context_t *src)
336 {
337 if (dst == NULL || dst->md_info == NULL ||
338 src == NULL || src->md_info == NULL ||
339 dst->md_info != src->md_info) {
340 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
341 }
342
343 #if defined(MBEDTLS_MD_SOME_PSA)
344 if (src->engine != dst->engine) {
345 /* This can happen with src set to legacy because PSA wasn't ready
346 * yet, and dst to PSA because it became ready in the meantime.
347 * We currently don't support that case (we'd need to re-allocate
348 * md_ctx to the size of the appropriate MD context). */
349 return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
350 }
351
352 if (src->engine == MBEDTLS_MD_ENGINE_PSA) {
353 psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx);
354 return mbedtls_md_error_from_psa(status);
355 }
356 #endif
357
358 switch (src->md_info->type) {
359 #if defined(MBEDTLS_MD5_C)
360 case MBEDTLS_MD_MD5:
361 mbedtls_md5_clone(dst->md_ctx, src->md_ctx);
362 break;
363 #endif
364 #if defined(MBEDTLS_RIPEMD160_C)
365 case MBEDTLS_MD_RIPEMD160:
366 mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx);
367 break;
368 #endif
369 #if defined(MBEDTLS_SHA1_C)
370 case MBEDTLS_MD_SHA1:
371 mbedtls_sha1_clone(dst->md_ctx, src->md_ctx);
372 break;
373 #endif
374 #if defined(MBEDTLS_SHA224_C)
375 case MBEDTLS_MD_SHA224:
376 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
377 break;
378 #endif
379 #if defined(MBEDTLS_SHA256_C)
380 case MBEDTLS_MD_SHA256:
381 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
382 break;
383 #endif
384 #if defined(MBEDTLS_SHA384_C)
385 case MBEDTLS_MD_SHA384:
386 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
387 break;
388 #endif
389 #if defined(MBEDTLS_SHA512_C)
390 case MBEDTLS_MD_SHA512:
391 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
392 break;
393 #endif
394 #if defined(MBEDTLS_SHA3_C)
395 case MBEDTLS_MD_SHA3_224:
396 case MBEDTLS_MD_SHA3_256:
397 case MBEDTLS_MD_SHA3_384:
398 case MBEDTLS_MD_SHA3_512:
399 mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
400 break;
401 #endif
402 default:
403 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
404 }
405
406 if (dst->hmac_ctx != NULL && src->hmac_ctx != NULL)
407 memcpy(dst->hmac_ctx, src->hmac_ctx, 2 * src->md_info->block_size);
408
409 return 0;
410 }
411
412 #define ALLOC(type) \
413 do { \
414 ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \
415 if (ctx->md_ctx == NULL) \
416 return MBEDTLS_ERR_MD_ALLOC_FAILED; \
417 mbedtls_##type##_init(ctx->md_ctx); \
418 } \
419 while (0)
420
mbedtls_md_setup(mbedtls_md_context_t * ctx,const mbedtls_md_info_t * md_info,int hmac)421 int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
422 {
423 #if defined(MBEDTLS_MD_C)
424 if (ctx == NULL) {
425 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
426 }
427 #endif
428 if (md_info == NULL) {
429 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
430 }
431
432 ctx->md_info = md_info;
433 ctx->md_ctx = NULL;
434 #if defined(MBEDTLS_MD_C)
435 ctx->hmac_ctx = NULL;
436 #else
437 if (hmac != 0) {
438 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
439 }
440 #endif
441
442 #if defined(MBEDTLS_MD_SOME_PSA)
443 if (md_can_use_psa(ctx->md_info)) {
444 ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t));
445 if (ctx->md_ctx == NULL) {
446 return MBEDTLS_ERR_MD_ALLOC_FAILED;
447 }
448 ctx->engine = MBEDTLS_MD_ENGINE_PSA;
449 } else
450 #endif
451 switch (md_info->type) {
452 #if defined(MBEDTLS_MD5_C)
453 case MBEDTLS_MD_MD5:
454 ALLOC(md5);
455 break;
456 #endif
457 #if defined(MBEDTLS_RIPEMD160_C)
458 case MBEDTLS_MD_RIPEMD160:
459 ALLOC(ripemd160);
460 break;
461 #endif
462 #if defined(MBEDTLS_SHA1_C)
463 case MBEDTLS_MD_SHA1:
464 ALLOC(sha1);
465 break;
466 #endif
467 #if defined(MBEDTLS_SHA224_C)
468 case MBEDTLS_MD_SHA224:
469 ALLOC(sha256);
470 break;
471 #endif
472 #if defined(MBEDTLS_SHA256_C)
473 case MBEDTLS_MD_SHA256:
474 ALLOC(sha256);
475 break;
476 #endif
477 #if defined(MBEDTLS_SHA384_C)
478 case MBEDTLS_MD_SHA384:
479 ALLOC(sha512);
480 break;
481 #endif
482 #if defined(MBEDTLS_SHA512_C)
483 case MBEDTLS_MD_SHA512:
484 ALLOC(sha512);
485 break;
486 #endif
487 #if defined(MBEDTLS_SHA3_C)
488 case MBEDTLS_MD_SHA3_224:
489 case MBEDTLS_MD_SHA3_256:
490 case MBEDTLS_MD_SHA3_384:
491 case MBEDTLS_MD_SHA3_512:
492 ALLOC(sha3);
493 break;
494 #endif
495 default:
496 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
497 }
498
499 #if defined(MBEDTLS_MD_C)
500 if (hmac != 0) {
501 ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
502 if (ctx->hmac_ctx == NULL) {
503 mbedtls_md_free(ctx);
504 return MBEDTLS_ERR_MD_ALLOC_FAILED;
505 }
506 }
507 #endif
508
509 return 0;
510 }
511 #undef ALLOC
512
mbedtls_md_starts(mbedtls_md_context_t * ctx)513 int mbedtls_md_starts(mbedtls_md_context_t *ctx)
514 {
515 #if defined(MBEDTLS_MD_C)
516 if (ctx == NULL || ctx->md_info == NULL) {
517 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
518 }
519 #endif
520
521 #if defined(MBEDTLS_MD_SOME_PSA)
522 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
523 psa_algorithm_t alg = psa_alg_of_md(ctx->md_info);
524 psa_hash_abort(ctx->md_ctx);
525 psa_status_t status = psa_hash_setup(ctx->md_ctx, alg);
526 return mbedtls_md_error_from_psa(status);
527 }
528 #endif
529
530 switch (ctx->md_info->type) {
531 #if defined(MBEDTLS_MD5_C)
532 case MBEDTLS_MD_MD5:
533 return mbedtls_md5_starts(ctx->md_ctx);
534 #endif
535 #if defined(MBEDTLS_RIPEMD160_C)
536 case MBEDTLS_MD_RIPEMD160:
537 return mbedtls_ripemd160_starts(ctx->md_ctx);
538 #endif
539 #if defined(MBEDTLS_SHA1_C)
540 case MBEDTLS_MD_SHA1:
541 return mbedtls_sha1_starts(ctx->md_ctx);
542 #endif
543 #if defined(MBEDTLS_SHA224_C)
544 case MBEDTLS_MD_SHA224:
545 return mbedtls_sha256_starts(ctx->md_ctx, 1);
546 #endif
547 #if defined(MBEDTLS_SHA256_C)
548 case MBEDTLS_MD_SHA256:
549 return mbedtls_sha256_starts(ctx->md_ctx, 0);
550 #endif
551 #if defined(MBEDTLS_SHA384_C)
552 case MBEDTLS_MD_SHA384:
553 return mbedtls_sha512_starts(ctx->md_ctx, 1);
554 #endif
555 #if defined(MBEDTLS_SHA512_C)
556 case MBEDTLS_MD_SHA512:
557 return mbedtls_sha512_starts(ctx->md_ctx, 0);
558 #endif
559 #if defined(MBEDTLS_SHA3_C)
560 case MBEDTLS_MD_SHA3_224:
561 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224);
562 case MBEDTLS_MD_SHA3_256:
563 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256);
564 case MBEDTLS_MD_SHA3_384:
565 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384);
566 case MBEDTLS_MD_SHA3_512:
567 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512);
568 #endif
569 default:
570 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
571 }
572 }
573
mbedtls_md_update(mbedtls_md_context_t * ctx,const unsigned char * input,size_t ilen)574 int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
575 {
576 #if defined(MBEDTLS_MD_C)
577 if (ctx == NULL || ctx->md_info == NULL) {
578 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
579 }
580 #endif
581
582 #if defined(MBEDTLS_MD_SOME_PSA)
583 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
584 psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen);
585 return mbedtls_md_error_from_psa(status);
586 }
587 #endif
588
589 switch (ctx->md_info->type) {
590 #if defined(MBEDTLS_MD5_C)
591 case MBEDTLS_MD_MD5:
592 return mbedtls_md5_update(ctx->md_ctx, input, ilen);
593 #endif
594 #if defined(MBEDTLS_RIPEMD160_C)
595 case MBEDTLS_MD_RIPEMD160:
596 return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen);
597 #endif
598 #if defined(MBEDTLS_SHA1_C)
599 case MBEDTLS_MD_SHA1:
600 return mbedtls_sha1_update(ctx->md_ctx, input, ilen);
601 #endif
602 #if defined(MBEDTLS_SHA224_C)
603 case MBEDTLS_MD_SHA224:
604 return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
605 #endif
606 #if defined(MBEDTLS_SHA256_C)
607 case MBEDTLS_MD_SHA256:
608 return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
609 #endif
610 #if defined(MBEDTLS_SHA384_C)
611 case MBEDTLS_MD_SHA384:
612 return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
613 #endif
614 #if defined(MBEDTLS_SHA512_C)
615 case MBEDTLS_MD_SHA512:
616 return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
617 #endif
618 #if defined(MBEDTLS_SHA3_C)
619 case MBEDTLS_MD_SHA3_224:
620 case MBEDTLS_MD_SHA3_256:
621 case MBEDTLS_MD_SHA3_384:
622 case MBEDTLS_MD_SHA3_512:
623 return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
624 #endif
625 default:
626 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
627 }
628 }
629
mbedtls_md_finish(mbedtls_md_context_t * ctx,unsigned char * output)630 int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
631 {
632 #if defined(MBEDTLS_MD_C)
633 if (ctx == NULL || ctx->md_info == NULL) {
634 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
635 }
636 #endif
637
638 #if defined(MBEDTLS_MD_SOME_PSA)
639 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
640 size_t size = ctx->md_info->size;
641 psa_status_t status = psa_hash_finish(ctx->md_ctx,
642 output, size, &size);
643 return mbedtls_md_error_from_psa(status);
644 }
645 #endif
646
647 switch (ctx->md_info->type) {
648 #if defined(MBEDTLS_MD5_C)
649 case MBEDTLS_MD_MD5:
650 return mbedtls_md5_finish(ctx->md_ctx, output);
651 #endif
652 #if defined(MBEDTLS_RIPEMD160_C)
653 case MBEDTLS_MD_RIPEMD160:
654 return mbedtls_ripemd160_finish(ctx->md_ctx, output);
655 #endif
656 #if defined(MBEDTLS_SHA1_C)
657 case MBEDTLS_MD_SHA1:
658 return mbedtls_sha1_finish(ctx->md_ctx, output);
659 #endif
660 #if defined(MBEDTLS_SHA224_C)
661 case MBEDTLS_MD_SHA224:
662 return mbedtls_sha256_finish(ctx->md_ctx, output);
663 #endif
664 #if defined(MBEDTLS_SHA256_C)
665 case MBEDTLS_MD_SHA256:
666 return mbedtls_sha256_finish(ctx->md_ctx, output);
667 #endif
668 #if defined(MBEDTLS_SHA384_C)
669 case MBEDTLS_MD_SHA384:
670 return mbedtls_sha512_finish(ctx->md_ctx, output);
671 #endif
672 #if defined(MBEDTLS_SHA512_C)
673 case MBEDTLS_MD_SHA512:
674 return mbedtls_sha512_finish(ctx->md_ctx, output);
675 #endif
676 #if defined(MBEDTLS_SHA3_C)
677 case MBEDTLS_MD_SHA3_224:
678 case MBEDTLS_MD_SHA3_256:
679 case MBEDTLS_MD_SHA3_384:
680 case MBEDTLS_MD_SHA3_512:
681 return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
682 #endif
683 default:
684 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
685 }
686 }
687
mbedtls_md(const mbedtls_md_info_t * md_info,const unsigned char * input,size_t ilen,unsigned char * output)688 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
689 unsigned char *output)
690 {
691 if (md_info == NULL) {
692 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
693 }
694
695 #if defined(MBEDTLS_MD_SOME_PSA)
696 if (md_can_use_psa(md_info)) {
697 size_t size = md_info->size;
698 psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info),
699 input, ilen,
700 output, size, &size);
701 return mbedtls_md_error_from_psa(status);
702 }
703 #endif
704
705 switch (md_info->type) {
706 #if defined(MBEDTLS_MD5_C)
707 case MBEDTLS_MD_MD5:
708 return mbedtls_md5(input, ilen, output);
709 #endif
710 #if defined(MBEDTLS_RIPEMD160_C)
711 case MBEDTLS_MD_RIPEMD160:
712 return mbedtls_ripemd160(input, ilen, output);
713 #endif
714 #if defined(MBEDTLS_SHA1_C)
715 case MBEDTLS_MD_SHA1:
716 return mbedtls_sha1(input, ilen, output);
717 #endif
718 #if defined(MBEDTLS_SHA224_C)
719 case MBEDTLS_MD_SHA224:
720 return mbedtls_sha256(input, ilen, output, 1);
721 #endif
722 #if defined(MBEDTLS_SHA256_C)
723 case MBEDTLS_MD_SHA256:
724 return mbedtls_sha256(input, ilen, output, 0);
725 #endif
726 #if defined(MBEDTLS_SHA384_C)
727 case MBEDTLS_MD_SHA384:
728 return mbedtls_sha512(input, ilen, output, 1);
729 #endif
730 #if defined(MBEDTLS_SHA512_C)
731 case MBEDTLS_MD_SHA512:
732 return mbedtls_sha512(input, ilen, output, 0);
733 #endif
734 #if defined(MBEDTLS_SHA3_C)
735 case MBEDTLS_MD_SHA3_224:
736 return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size);
737 case MBEDTLS_MD_SHA3_256:
738 return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size);
739 case MBEDTLS_MD_SHA3_384:
740 return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size);
741 case MBEDTLS_MD_SHA3_512:
742 return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size);
743 #endif
744 default:
745 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
746 }
747 }
748
mbedtls_md_get_size(const mbedtls_md_info_t * md_info)749 unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
750 {
751 if (md_info == NULL) {
752 return 0;
753 }
754
755 return md_info->size;
756 }
757
mbedtls_md_get_type(const mbedtls_md_info_t * md_info)758 mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
759 {
760 if (md_info == NULL) {
761 return MBEDTLS_MD_NONE;
762 }
763
764 return md_info->type;
765 }
766
767 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
mbedtls_md_error_from_psa(psa_status_t status)768 int mbedtls_md_error_from_psa(psa_status_t status)
769 {
770 return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
771 psa_generic_status_to_mbedtls);
772 }
773 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
774
775
776 /************************************************************************
777 * Functions above this separator are part of MBEDTLS_MD_LIGHT, *
778 * functions below are only available when MBEDTLS_MD_C is set. *
779 ************************************************************************/
780 #if defined(MBEDTLS_MD_C)
781
782 /*
783 * Reminder: update profiles in x509_crt.c when adding a new hash!
784 */
785 static const int supported_digests[] = {
786
787 #if defined(MBEDTLS_MD_CAN_SHA512)
788 MBEDTLS_MD_SHA512,
789 #endif
790
791 #if defined(MBEDTLS_MD_CAN_SHA384)
792 MBEDTLS_MD_SHA384,
793 #endif
794
795 #if defined(MBEDTLS_MD_CAN_SHA256)
796 MBEDTLS_MD_SHA256,
797 #endif
798 #if defined(MBEDTLS_MD_CAN_SHA224)
799 MBEDTLS_MD_SHA224,
800 #endif
801
802 #if defined(MBEDTLS_MD_CAN_SHA1)
803 MBEDTLS_MD_SHA1,
804 #endif
805
806 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
807 MBEDTLS_MD_RIPEMD160,
808 #endif
809
810 #if defined(MBEDTLS_MD_CAN_MD5)
811 MBEDTLS_MD_MD5,
812 #endif
813
814 #if defined(MBEDTLS_MD_CAN_SHA3_224)
815 MBEDTLS_MD_SHA3_224,
816 #endif
817
818 #if defined(MBEDTLS_MD_CAN_SHA3_256)
819 MBEDTLS_MD_SHA3_256,
820 #endif
821
822 #if defined(MBEDTLS_MD_CAN_SHA3_384)
823 MBEDTLS_MD_SHA3_384,
824 #endif
825
826 #if defined(MBEDTLS_MD_CAN_SHA3_512)
827 MBEDTLS_MD_SHA3_512,
828 #endif
829
830 MBEDTLS_MD_NONE
831 };
832
mbedtls_md_list(void)833 const int *mbedtls_md_list(void)
834 {
835 return supported_digests;
836 }
837
838 typedef struct {
839 const char *md_name;
840 mbedtls_md_type_t md_type;
841 } md_name_entry;
842
843 static const md_name_entry md_names[] = {
844 #if defined(MBEDTLS_MD_CAN_MD5)
845 { "MD5", MBEDTLS_MD_MD5 },
846 #endif
847 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
848 { "RIPEMD160", MBEDTLS_MD_RIPEMD160 },
849 #endif
850 #if defined(MBEDTLS_MD_CAN_SHA1)
851 { "SHA1", MBEDTLS_MD_SHA1 },
852 { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback
853 #endif
854 #if defined(MBEDTLS_MD_CAN_SHA224)
855 { "SHA224", MBEDTLS_MD_SHA224 },
856 #endif
857 #if defined(MBEDTLS_MD_CAN_SHA256)
858 { "SHA256", MBEDTLS_MD_SHA256 },
859 #endif
860 #if defined(MBEDTLS_MD_CAN_SHA384)
861 { "SHA384", MBEDTLS_MD_SHA384 },
862 #endif
863 #if defined(MBEDTLS_MD_CAN_SHA512)
864 { "SHA512", MBEDTLS_MD_SHA512 },
865 #endif
866 #if defined(MBEDTLS_MD_CAN_SHA3_224)
867 { "SHA3-224", MBEDTLS_MD_SHA3_224 },
868 #endif
869 #if defined(MBEDTLS_MD_CAN_SHA3_256)
870 { "SHA3-256", MBEDTLS_MD_SHA3_256 },
871 #endif
872 #if defined(MBEDTLS_MD_CAN_SHA3_384)
873 { "SHA3-384", MBEDTLS_MD_SHA3_384 },
874 #endif
875 #if defined(MBEDTLS_MD_CAN_SHA3_512)
876 { "SHA3-512", MBEDTLS_MD_SHA3_512 },
877 #endif
878 { NULL, MBEDTLS_MD_NONE },
879 };
880
mbedtls_md_info_from_string(const char * md_name)881 const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name)
882 {
883 if (NULL == md_name) {
884 return NULL;
885 }
886
887 const md_name_entry *entry = md_names;
888 while (entry->md_name != NULL &&
889 strcmp(entry->md_name, md_name) != 0) {
890 ++entry;
891 }
892
893 return mbedtls_md_info_from_type(entry->md_type);
894 }
895
mbedtls_md_get_name(const mbedtls_md_info_t * md_info)896 const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info)
897 {
898 if (md_info == NULL) {
899 return NULL;
900 }
901
902 const md_name_entry *entry = md_names;
903 while (entry->md_type != MBEDTLS_MD_NONE &&
904 entry->md_type != md_info->type) {
905 ++entry;
906 }
907
908 return entry->md_name;
909 }
910
mbedtls_md_info_from_ctx(const mbedtls_md_context_t * ctx)911 const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
912 const mbedtls_md_context_t *ctx)
913 {
914 if (ctx == NULL) {
915 return NULL;
916 }
917
918 return ctx->MBEDTLS_PRIVATE(md_info);
919 }
920
921 #if defined(MBEDTLS_FS_IO)
mbedtls_md_file(const mbedtls_md_info_t * md_info,const char * path,unsigned char * output)922 int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output)
923 {
924 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
925 FILE *f;
926 size_t n;
927 mbedtls_md_context_t ctx;
928 unsigned char buf[1024];
929
930 if (md_info == NULL) {
931 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
932 }
933
934 if ((f = fopen(path, "rb")) == NULL) {
935 return MBEDTLS_ERR_MD_FILE_IO_ERROR;
936 }
937
938 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
939 mbedtls_setbuf(f, NULL);
940
941 mbedtls_md_init(&ctx);
942
943 if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
944 goto cleanup;
945 }
946
947 if ((ret = mbedtls_md_starts(&ctx)) != 0) {
948 goto cleanup;
949 }
950
951 while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
952 if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) {
953 goto cleanup;
954 }
955 }
956
957 if (ferror(f) != 0) {
958 ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
959 } else {
960 ret = mbedtls_md_finish(&ctx, output);
961 }
962
963 cleanup:
964 mbedtls_platform_zeroize(buf, sizeof(buf));
965 fclose(f);
966 mbedtls_md_free(&ctx);
967
968 return ret;
969 }
970 #endif /* MBEDTLS_FS_IO */
971
mbedtls_md_hmac_starts(mbedtls_md_context_t * ctx,const unsigned char * key,size_t keylen)972 int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
973 {
974 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
975 unsigned char sum[MBEDTLS_MD_MAX_SIZE];
976 unsigned char *ipad, *opad;
977
978 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
979 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
980 }
981
982 if (keylen > (size_t) ctx->md_info->block_size) {
983 if ((ret = mbedtls_md_starts(ctx)) != 0) {
984 goto cleanup;
985 }
986 if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) {
987 goto cleanup;
988 }
989 if ((ret = mbedtls_md_finish(ctx, sum)) != 0) {
990 goto cleanup;
991 }
992
993 keylen = ctx->md_info->size;
994 key = sum;
995 }
996
997 ipad = (unsigned char *) ctx->hmac_ctx;
998 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
999
1000 memset(ipad, 0x36, ctx->md_info->block_size);
1001 memset(opad, 0x5C, ctx->md_info->block_size);
1002
1003 mbedtls_xor(ipad, ipad, key, keylen);
1004 mbedtls_xor(opad, opad, key, keylen);
1005
1006 if ((ret = mbedtls_md_starts(ctx)) != 0) {
1007 goto cleanup;
1008 }
1009 if ((ret = mbedtls_md_update(ctx, ipad,
1010 ctx->md_info->block_size)) != 0) {
1011 goto cleanup;
1012 }
1013
1014 cleanup:
1015 mbedtls_platform_zeroize(sum, sizeof(sum));
1016
1017 return ret;
1018 }
1019
mbedtls_md_hmac_update(mbedtls_md_context_t * ctx,const unsigned char * input,size_t ilen)1020 int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
1021 {
1022 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1023 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1024 }
1025
1026 return mbedtls_md_update(ctx, input, ilen);
1027 }
1028
mbedtls_md_hmac_finish(mbedtls_md_context_t * ctx,unsigned char * output)1029 int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
1030 {
1031 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1032 unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
1033 unsigned char *opad;
1034
1035 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1036 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1037 }
1038
1039 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
1040
1041 if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) {
1042 return ret;
1043 }
1044 if ((ret = mbedtls_md_starts(ctx)) != 0) {
1045 return ret;
1046 }
1047 if ((ret = mbedtls_md_update(ctx, opad,
1048 ctx->md_info->block_size)) != 0) {
1049 return ret;
1050 }
1051 if ((ret = mbedtls_md_update(ctx, tmp,
1052 ctx->md_info->size)) != 0) {
1053 return ret;
1054 }
1055 return mbedtls_md_finish(ctx, output);
1056 }
1057
mbedtls_md_hmac_reset(mbedtls_md_context_t * ctx)1058 int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
1059 {
1060 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1061 unsigned char *ipad;
1062
1063 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1064 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1065 }
1066
1067 ipad = (unsigned char *) ctx->hmac_ctx;
1068
1069 if ((ret = mbedtls_md_starts(ctx)) != 0) {
1070 return ret;
1071 }
1072 return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size);
1073 }
1074
mbedtls_md_hmac(const mbedtls_md_info_t * md_info,const unsigned char * key,size_t keylen,const unsigned char * input,size_t ilen,unsigned char * output)1075 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
1076 const unsigned char *key, size_t keylen,
1077 const unsigned char *input, size_t ilen,
1078 unsigned char *output)
1079 {
1080 mbedtls_md_context_t ctx;
1081 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1082
1083 if (md_info == NULL) {
1084 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1085 }
1086
1087 mbedtls_md_init(&ctx);
1088
1089 if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) {
1090 goto cleanup;
1091 }
1092
1093 if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) {
1094 goto cleanup;
1095 }
1096 if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) {
1097 goto cleanup;
1098 }
1099 if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
1100 goto cleanup;
1101 }
1102
1103 cleanup:
1104 mbedtls_md_free(&ctx);
1105
1106 return ret;
1107 }
1108
1109 #endif /* MBEDTLS_MD_C */
1110
1111 #endif /* MBEDTLS_MD_LIGHT */
1112