1 /** 2 * \file md.c 3 * 4 * \brief Generic message digest wrapper for mbed TLS 5 * 6 * \author Adriaan de Jong <dejong@fox-it.com> 7 * 8 * Copyright The Mbed TLS Contributors 9 * SPDX-License-Identifier: Apache-2.0 10 * 11 * Licensed under the Apache License, Version 2.0 (the "License"); you may 12 * not use this file except in compliance with the License. 13 * You may obtain a copy of the License at 14 * 15 * http://www.apache.org/licenses/LICENSE-2.0 16 * 17 * Unless required by applicable law or agreed to in writing, software 18 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 * See the License for the specific language governing permissions and 21 * limitations under the License. 22 */ 23 24 #include "common.h" 25 26 /* 27 * Availability of functions in this module is controlled by two 28 * feature macros: 29 * - MBEDTLS_MD_C enables the whole module; 30 * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing 31 * most hash metadata (everything except string names); is it 32 * automatically set whenever MBEDTLS_MD_C is defined. 33 * 34 * In this file, functions from MD_LIGHT are at the top, MD_C at the end. 35 * 36 * In the future we may want to change the contract of some functions 37 * (behaviour with NULL arguments) depending on whether MD_C is defined or 38 * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. 39 * 40 * For these reasons, we're keeping MD_LIGHT internal for now. 41 */ 42 #if defined(MBEDTLS_MD_LIGHT) 43 44 #include "mbedtls/md.h" 45 #include "md_wrap.h" 46 #include "mbedtls/platform_util.h" 47 #include "mbedtls/error.h" 48 49 #include "mbedtls/md5.h" 50 #include "mbedtls/ripemd160.h" 51 #include "mbedtls/sha1.h" 52 #include "mbedtls/sha256.h" 53 #include "mbedtls/sha512.h" 54 55 #if defined(MBEDTLS_MD_SOME_PSA) 56 #include <psa/crypto.h> 57 #include "psa_crypto_core.h" 58 #endif 59 60 #include "mbedtls/platform.h" 61 62 #include <string.h> 63 64 #if defined(MBEDTLS_FS_IO) 65 #include <stdio.h> 66 #endif 67 68 #if defined(MBEDTLS_MD_CAN_MD5) 69 const mbedtls_md_info_t mbedtls_md5_info = { 70 "MD5", 71 MBEDTLS_MD_MD5, 72 16, 73 64, 74 }; 75 #endif 76 77 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 78 const mbedtls_md_info_t mbedtls_ripemd160_info = { 79 "RIPEMD160", 80 MBEDTLS_MD_RIPEMD160, 81 20, 82 64, 83 }; 84 #endif 85 86 #if defined(MBEDTLS_MD_CAN_SHA1) 87 const mbedtls_md_info_t mbedtls_sha1_info = { 88 "SHA1", 89 MBEDTLS_MD_SHA1, 90 20, 91 64, 92 }; 93 #endif 94 95 #if defined(MBEDTLS_MD_CAN_SHA224) 96 const mbedtls_md_info_t mbedtls_sha224_info = { 97 "SHA224", 98 MBEDTLS_MD_SHA224, 99 28, 100 64, 101 }; 102 #endif 103 104 #if defined(MBEDTLS_MD_CAN_SHA256) 105 const mbedtls_md_info_t mbedtls_sha256_info = { 106 "SHA256", 107 MBEDTLS_MD_SHA256, 108 32, 109 64, 110 }; 111 #endif 112 113 #if defined(MBEDTLS_MD_CAN_SHA384) 114 const mbedtls_md_info_t mbedtls_sha384_info = { 115 "SHA384", 116 MBEDTLS_MD_SHA384, 117 48, 118 128, 119 }; 120 #endif 121 122 #if defined(MBEDTLS_MD_CAN_SHA512) 123 const mbedtls_md_info_t mbedtls_sha512_info = { 124 "SHA512", 125 MBEDTLS_MD_SHA512, 126 64, 127 128, 128 }; 129 #endif 130 131 const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) 132 { 133 switch (md_type) { 134 #if defined(MBEDTLS_MD_CAN_MD5) 135 case MBEDTLS_MD_MD5: 136 return &mbedtls_md5_info; 137 #endif 138 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 139 case MBEDTLS_MD_RIPEMD160: 140 return &mbedtls_ripemd160_info; 141 #endif 142 #if defined(MBEDTLS_MD_CAN_SHA1) 143 case MBEDTLS_MD_SHA1: 144 return &mbedtls_sha1_info; 145 #endif 146 #if defined(MBEDTLS_MD_CAN_SHA224) 147 case MBEDTLS_MD_SHA224: 148 return &mbedtls_sha224_info; 149 #endif 150 #if defined(MBEDTLS_MD_CAN_SHA256) 151 case MBEDTLS_MD_SHA256: 152 return &mbedtls_sha256_info; 153 #endif 154 #if defined(MBEDTLS_MD_CAN_SHA384) 155 case MBEDTLS_MD_SHA384: 156 return &mbedtls_sha384_info; 157 #endif 158 #if defined(MBEDTLS_MD_CAN_SHA512) 159 case MBEDTLS_MD_SHA512: 160 return &mbedtls_sha512_info; 161 #endif 162 default: 163 return NULL; 164 } 165 } 166 167 #if defined(MBEDTLS_MD_SOME_PSA) 168 static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info) 169 { 170 switch (info->type) { 171 #if defined(MBEDTLS_MD_MD5_VIA_PSA) 172 case MBEDTLS_MD_MD5: 173 return PSA_ALG_MD5; 174 #endif 175 #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA) 176 case MBEDTLS_MD_RIPEMD160: 177 return PSA_ALG_RIPEMD160; 178 #endif 179 #if defined(MBEDTLS_MD_SHA1_VIA_PSA) 180 case MBEDTLS_MD_SHA1: 181 return PSA_ALG_SHA_1; 182 #endif 183 #if defined(MBEDTLS_MD_SHA224_VIA_PSA) 184 case MBEDTLS_MD_SHA224: 185 return PSA_ALG_SHA_224; 186 #endif 187 #if defined(MBEDTLS_MD_SHA256_VIA_PSA) 188 case MBEDTLS_MD_SHA256: 189 return PSA_ALG_SHA_256; 190 #endif 191 #if defined(MBEDTLS_MD_SHA384_VIA_PSA) 192 case MBEDTLS_MD_SHA384: 193 return PSA_ALG_SHA_384; 194 #endif 195 #if defined(MBEDTLS_MD_SHA512_VIA_PSA) 196 case MBEDTLS_MD_SHA512: 197 return PSA_ALG_SHA_512; 198 #endif 199 default: 200 return PSA_ALG_NONE; 201 } 202 } 203 204 static int md_can_use_psa(const mbedtls_md_info_t *info) 205 { 206 psa_algorithm_t alg = psa_alg_of_md(info); 207 if (alg == PSA_ALG_NONE) { 208 return 0; 209 } 210 211 return psa_can_do_hash(alg); 212 } 213 214 static int mbedtls_md_error_from_psa(psa_status_t status) 215 { 216 switch (status) { 217 case PSA_SUCCESS: 218 return 0; 219 case PSA_ERROR_NOT_SUPPORTED: 220 return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; 221 case PSA_ERROR_INSUFFICIENT_MEMORY: 222 return MBEDTLS_ERR_MD_ALLOC_FAILED; 223 default: 224 return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; 225 } 226 } 227 #endif /* MBEDTLS_MD_SOME_PSA */ 228 229 void mbedtls_md_init(mbedtls_md_context_t *ctx) 230 { 231 /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */ 232 memset(ctx, 0, sizeof(mbedtls_md_context_t)); 233 } 234 235 void mbedtls_md_free(mbedtls_md_context_t *ctx) 236 { 237 if (ctx == NULL || ctx->md_info == NULL) { 238 return; 239 } 240 241 if (ctx->md_ctx != NULL) { 242 #if defined(MBEDTLS_MD_SOME_PSA) 243 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 244 psa_hash_abort(ctx->md_ctx); 245 } else 246 #endif 247 switch (ctx->md_info->type) { 248 #if defined(MBEDTLS_MD5_C) 249 case MBEDTLS_MD_MD5: 250 mbedtls_md5_free(ctx->md_ctx); 251 break; 252 #endif 253 #if defined(MBEDTLS_RIPEMD160_C) 254 case MBEDTLS_MD_RIPEMD160: 255 mbedtls_ripemd160_free(ctx->md_ctx); 256 break; 257 #endif 258 #if defined(MBEDTLS_SHA1_C) 259 case MBEDTLS_MD_SHA1: 260 mbedtls_sha1_free(ctx->md_ctx); 261 break; 262 #endif 263 #if defined(MBEDTLS_SHA224_C) 264 case MBEDTLS_MD_SHA224: 265 mbedtls_sha256_free(ctx->md_ctx); 266 break; 267 #endif 268 #if defined(MBEDTLS_SHA256_C) 269 case MBEDTLS_MD_SHA256: 270 mbedtls_sha256_free(ctx->md_ctx); 271 break; 272 #endif 273 #if defined(MBEDTLS_SHA384_C) 274 case MBEDTLS_MD_SHA384: 275 mbedtls_sha512_free(ctx->md_ctx); 276 break; 277 #endif 278 #if defined(MBEDTLS_SHA512_C) 279 case MBEDTLS_MD_SHA512: 280 mbedtls_sha512_free(ctx->md_ctx); 281 break; 282 #endif 283 default: 284 /* Shouldn't happen */ 285 break; 286 } 287 mbedtls_free(ctx->md_ctx); 288 } 289 290 #if defined(MBEDTLS_MD_C) 291 if (ctx->hmac_ctx != NULL) { 292 mbedtls_platform_zeroize(ctx->hmac_ctx, 293 2 * ctx->md_info->block_size); 294 mbedtls_free(ctx->hmac_ctx); 295 } 296 #endif 297 298 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); 299 } 300 301 int mbedtls_md_clone(mbedtls_md_context_t *dst, 302 const mbedtls_md_context_t *src) 303 { 304 if (dst == NULL || dst->md_info == NULL || 305 src == NULL || src->md_info == NULL || 306 dst->md_info != src->md_info) { 307 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 308 } 309 310 #if defined(MBEDTLS_MD_SOME_PSA) 311 if (src->engine != dst->engine) { 312 /* This can happen with src set to legacy because PSA wasn't ready 313 * yet, and dst to PSA because it became ready in the meantime. 314 * We currently don't support that case (we'd need to re-allocate 315 * md_ctx to the size of the appropriate MD context). */ 316 return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; 317 } 318 319 if (src->engine == MBEDTLS_MD_ENGINE_PSA) { 320 psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx); 321 return mbedtls_md_error_from_psa(status); 322 } 323 #endif 324 325 switch (src->md_info->type) { 326 #if defined(MBEDTLS_MD5_C) 327 case MBEDTLS_MD_MD5: 328 mbedtls_md5_clone(dst->md_ctx, src->md_ctx); 329 break; 330 #endif 331 #if defined(MBEDTLS_RIPEMD160_C) 332 case MBEDTLS_MD_RIPEMD160: 333 mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx); 334 break; 335 #endif 336 #if defined(MBEDTLS_SHA1_C) 337 case MBEDTLS_MD_SHA1: 338 mbedtls_sha1_clone(dst->md_ctx, src->md_ctx); 339 break; 340 #endif 341 #if defined(MBEDTLS_SHA224_C) 342 case MBEDTLS_MD_SHA224: 343 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); 344 break; 345 #endif 346 #if defined(MBEDTLS_SHA256_C) 347 case MBEDTLS_MD_SHA256: 348 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); 349 break; 350 #endif 351 #if defined(MBEDTLS_SHA384_C) 352 case MBEDTLS_MD_SHA384: 353 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); 354 break; 355 #endif 356 #if defined(MBEDTLS_SHA512_C) 357 case MBEDTLS_MD_SHA512: 358 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); 359 break; 360 #endif 361 default: 362 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 363 } 364 365 if (dst->hmac_ctx != NULL && src->hmac_ctx != NULL) 366 memcpy(dst->hmac_ctx, src->hmac_ctx, 2 * src->md_info->block_size); 367 368 return 0; 369 } 370 371 #define ALLOC(type) \ 372 do { \ 373 ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ 374 if (ctx->md_ctx == NULL) \ 375 return MBEDTLS_ERR_MD_ALLOC_FAILED; \ 376 mbedtls_##type##_init(ctx->md_ctx); \ 377 } \ 378 while (0) 379 380 int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) 381 { 382 if (md_info == NULL || ctx == NULL) { 383 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 384 } 385 386 ctx->md_info = md_info; 387 ctx->md_ctx = NULL; 388 #if defined(MBEDTLS_MD_C) 389 ctx->hmac_ctx = NULL; 390 #else 391 if (hmac != 0) { 392 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 393 } 394 #endif 395 396 #if defined(MBEDTLS_MD_SOME_PSA) 397 if (md_can_use_psa(ctx->md_info)) { 398 ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); 399 if (ctx->md_ctx == NULL) { 400 return MBEDTLS_ERR_MD_ALLOC_FAILED; 401 } 402 ctx->engine = MBEDTLS_MD_ENGINE_PSA; 403 } else 404 #endif 405 switch (md_info->type) { 406 #if defined(MBEDTLS_MD5_C) 407 case MBEDTLS_MD_MD5: 408 ALLOC(md5); 409 break; 410 #endif 411 #if defined(MBEDTLS_RIPEMD160_C) 412 case MBEDTLS_MD_RIPEMD160: 413 ALLOC(ripemd160); 414 break; 415 #endif 416 #if defined(MBEDTLS_SHA1_C) 417 case MBEDTLS_MD_SHA1: 418 ALLOC(sha1); 419 break; 420 #endif 421 #if defined(MBEDTLS_SHA224_C) 422 case MBEDTLS_MD_SHA224: 423 ALLOC(sha256); 424 break; 425 #endif 426 #if defined(MBEDTLS_SHA256_C) 427 case MBEDTLS_MD_SHA256: 428 ALLOC(sha256); 429 break; 430 #endif 431 #if defined(MBEDTLS_SHA384_C) 432 case MBEDTLS_MD_SHA384: 433 ALLOC(sha512); 434 break; 435 #endif 436 #if defined(MBEDTLS_SHA512_C) 437 case MBEDTLS_MD_SHA512: 438 ALLOC(sha512); 439 break; 440 #endif 441 default: 442 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 443 } 444 445 #if defined(MBEDTLS_MD_C) 446 if (hmac != 0) { 447 ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); 448 if (ctx->hmac_ctx == NULL) { 449 mbedtls_md_free(ctx); 450 return MBEDTLS_ERR_MD_ALLOC_FAILED; 451 } 452 } 453 #endif 454 455 return 0; 456 } 457 #undef ALLOC 458 459 int mbedtls_md_starts(mbedtls_md_context_t *ctx) 460 { 461 if (ctx == NULL || ctx->md_info == NULL) { 462 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 463 } 464 465 #if defined(MBEDTLS_MD_SOME_PSA) 466 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 467 psa_algorithm_t alg = psa_alg_of_md(ctx->md_info); 468 psa_hash_abort(ctx->md_ctx); 469 psa_status_t status = psa_hash_setup(ctx->md_ctx, alg); 470 return mbedtls_md_error_from_psa(status); 471 } 472 #endif 473 474 switch (ctx->md_info->type) { 475 #if defined(MBEDTLS_MD5_C) 476 case MBEDTLS_MD_MD5: 477 return mbedtls_md5_starts(ctx->md_ctx); 478 #endif 479 #if defined(MBEDTLS_RIPEMD160_C) 480 case MBEDTLS_MD_RIPEMD160: 481 return mbedtls_ripemd160_starts(ctx->md_ctx); 482 #endif 483 #if defined(MBEDTLS_SHA1_C) 484 case MBEDTLS_MD_SHA1: 485 return mbedtls_sha1_starts(ctx->md_ctx); 486 #endif 487 #if defined(MBEDTLS_SHA224_C) 488 case MBEDTLS_MD_SHA224: 489 return mbedtls_sha256_starts(ctx->md_ctx, 1); 490 #endif 491 #if defined(MBEDTLS_SHA256_C) 492 case MBEDTLS_MD_SHA256: 493 return mbedtls_sha256_starts(ctx->md_ctx, 0); 494 #endif 495 #if defined(MBEDTLS_SHA384_C) 496 case MBEDTLS_MD_SHA384: 497 return mbedtls_sha512_starts(ctx->md_ctx, 1); 498 #endif 499 #if defined(MBEDTLS_SHA512_C) 500 case MBEDTLS_MD_SHA512: 501 return mbedtls_sha512_starts(ctx->md_ctx, 0); 502 #endif 503 default: 504 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 505 } 506 } 507 508 int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) 509 { 510 if (ctx == NULL || ctx->md_info == NULL) { 511 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 512 } 513 514 #if defined(MBEDTLS_MD_SOME_PSA) 515 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 516 psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen); 517 return mbedtls_md_error_from_psa(status); 518 } 519 #endif 520 521 switch (ctx->md_info->type) { 522 #if defined(MBEDTLS_MD5_C) 523 case MBEDTLS_MD_MD5: 524 return mbedtls_md5_update(ctx->md_ctx, input, ilen); 525 #endif 526 #if defined(MBEDTLS_RIPEMD160_C) 527 case MBEDTLS_MD_RIPEMD160: 528 return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen); 529 #endif 530 #if defined(MBEDTLS_SHA1_C) 531 case MBEDTLS_MD_SHA1: 532 return mbedtls_sha1_update(ctx->md_ctx, input, ilen); 533 #endif 534 #if defined(MBEDTLS_SHA224_C) 535 case MBEDTLS_MD_SHA224: 536 return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 537 #endif 538 #if defined(MBEDTLS_SHA256_C) 539 case MBEDTLS_MD_SHA256: 540 return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 541 #endif 542 #if defined(MBEDTLS_SHA384_C) 543 case MBEDTLS_MD_SHA384: 544 return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 545 #endif 546 #if defined(MBEDTLS_SHA512_C) 547 case MBEDTLS_MD_SHA512: 548 return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 549 #endif 550 default: 551 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 552 } 553 } 554 555 int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) 556 { 557 if (ctx == NULL || ctx->md_info == NULL) { 558 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 559 } 560 561 #if defined(MBEDTLS_MD_SOME_PSA) 562 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 563 size_t size = ctx->md_info->size; 564 psa_status_t status = psa_hash_finish(ctx->md_ctx, 565 output, size, &size); 566 return mbedtls_md_error_from_psa(status); 567 } 568 #endif 569 570 switch (ctx->md_info->type) { 571 #if defined(MBEDTLS_MD5_C) 572 case MBEDTLS_MD_MD5: 573 return mbedtls_md5_finish(ctx->md_ctx, output); 574 #endif 575 #if defined(MBEDTLS_RIPEMD160_C) 576 case MBEDTLS_MD_RIPEMD160: 577 return mbedtls_ripemd160_finish(ctx->md_ctx, output); 578 #endif 579 #if defined(MBEDTLS_SHA1_C) 580 case MBEDTLS_MD_SHA1: 581 return mbedtls_sha1_finish(ctx->md_ctx, output); 582 #endif 583 #if defined(MBEDTLS_SHA224_C) 584 case MBEDTLS_MD_SHA224: 585 return mbedtls_sha256_finish(ctx->md_ctx, output); 586 #endif 587 #if defined(MBEDTLS_SHA256_C) 588 case MBEDTLS_MD_SHA256: 589 return mbedtls_sha256_finish(ctx->md_ctx, output); 590 #endif 591 #if defined(MBEDTLS_SHA384_C) 592 case MBEDTLS_MD_SHA384: 593 return mbedtls_sha512_finish(ctx->md_ctx, output); 594 #endif 595 #if defined(MBEDTLS_SHA512_C) 596 case MBEDTLS_MD_SHA512: 597 return mbedtls_sha512_finish(ctx->md_ctx, output); 598 #endif 599 default: 600 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 601 } 602 } 603 604 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, 605 unsigned char *output) 606 { 607 if (md_info == NULL) { 608 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 609 } 610 611 #if defined(MBEDTLS_MD_SOME_PSA) 612 if (md_can_use_psa(md_info)) { 613 size_t size = md_info->size; 614 psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info), 615 input, ilen, 616 output, size, &size); 617 return mbedtls_md_error_from_psa(status); 618 } 619 #endif 620 621 switch (md_info->type) { 622 #if defined(MBEDTLS_MD5_C) 623 case MBEDTLS_MD_MD5: 624 return mbedtls_md5(input, ilen, output); 625 #endif 626 #if defined(MBEDTLS_RIPEMD160_C) 627 case MBEDTLS_MD_RIPEMD160: 628 return mbedtls_ripemd160(input, ilen, output); 629 #endif 630 #if defined(MBEDTLS_SHA1_C) 631 case MBEDTLS_MD_SHA1: 632 return mbedtls_sha1(input, ilen, output); 633 #endif 634 #if defined(MBEDTLS_SHA224_C) 635 case MBEDTLS_MD_SHA224: 636 return mbedtls_sha256(input, ilen, output, 1); 637 #endif 638 #if defined(MBEDTLS_SHA256_C) 639 case MBEDTLS_MD_SHA256: 640 return mbedtls_sha256(input, ilen, output, 0); 641 #endif 642 #if defined(MBEDTLS_SHA384_C) 643 case MBEDTLS_MD_SHA384: 644 return mbedtls_sha512(input, ilen, output, 1); 645 #endif 646 #if defined(MBEDTLS_SHA512_C) 647 case MBEDTLS_MD_SHA512: 648 return mbedtls_sha512(input, ilen, output, 0); 649 #endif 650 default: 651 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 652 } 653 } 654 655 unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) 656 { 657 if (md_info == NULL) { 658 return 0; 659 } 660 661 return md_info->size; 662 } 663 664 mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) 665 { 666 if (md_info == NULL) { 667 return MBEDTLS_MD_NONE; 668 } 669 670 return md_info->type; 671 } 672 673 /************************************************************************ 674 * Functions above this separator are part of MBEDTLS_MD_LIGHT, * 675 * functions below are only available when MBEDTLS_MD_C is set. * 676 ************************************************************************/ 677 #if defined(MBEDTLS_MD_C) 678 679 /* 680 * Reminder: update profiles in x509_crt.c when adding a new hash! 681 */ 682 static const int supported_digests[] = { 683 684 #if defined(MBEDTLS_MD_CAN_SHA512) 685 MBEDTLS_MD_SHA512, 686 #endif 687 688 #if defined(MBEDTLS_MD_CAN_SHA384) 689 MBEDTLS_MD_SHA384, 690 #endif 691 692 #if defined(MBEDTLS_MD_CAN_SHA256) 693 MBEDTLS_MD_SHA256, 694 #endif 695 #if defined(MBEDTLS_MD_CAN_SHA224) 696 MBEDTLS_MD_SHA224, 697 #endif 698 699 #if defined(MBEDTLS_MD_CAN_SHA1) 700 MBEDTLS_MD_SHA1, 701 #endif 702 703 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 704 MBEDTLS_MD_RIPEMD160, 705 #endif 706 707 #if defined(MBEDTLS_MD_CAN_MD5) 708 MBEDTLS_MD_MD5, 709 #endif 710 711 MBEDTLS_MD_NONE 712 }; 713 714 const int *mbedtls_md_list(void) 715 { 716 return supported_digests; 717 } 718 719 const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) 720 { 721 if (NULL == md_name) { 722 return NULL; 723 } 724 725 /* Get the appropriate digest information */ 726 #if defined(MBEDTLS_MD_CAN_MD5) 727 if (!strcmp("MD5", md_name)) { 728 return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); 729 } 730 #endif 731 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 732 if (!strcmp("RIPEMD160", md_name)) { 733 return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); 734 } 735 #endif 736 #if defined(MBEDTLS_MD_CAN_SHA1) 737 if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { 738 return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); 739 } 740 #endif 741 #if defined(MBEDTLS_MD_CAN_SHA224) 742 if (!strcmp("SHA224", md_name)) { 743 return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); 744 } 745 #endif 746 #if defined(MBEDTLS_MD_CAN_SHA256) 747 if (!strcmp("SHA256", md_name)) { 748 return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); 749 } 750 #endif 751 #if defined(MBEDTLS_MD_CAN_SHA384) 752 if (!strcmp("SHA384", md_name)) { 753 return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); 754 } 755 #endif 756 #if defined(MBEDTLS_MD_CAN_SHA512) 757 if (!strcmp("SHA512", md_name)) { 758 return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); 759 } 760 #endif 761 return NULL; 762 } 763 764 const mbedtls_md_info_t *mbedtls_md_info_from_ctx( 765 const mbedtls_md_context_t *ctx) 766 { 767 if (ctx == NULL) { 768 return NULL; 769 } 770 771 return ctx->MBEDTLS_PRIVATE(md_info); 772 } 773 774 #if defined(MBEDTLS_FS_IO) 775 int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) 776 { 777 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 778 FILE *f; 779 size_t n; 780 mbedtls_md_context_t ctx; 781 unsigned char buf[1024]; 782 783 if (md_info == NULL) { 784 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 785 } 786 787 if ((f = fopen(path, "rb")) == NULL) { 788 return MBEDTLS_ERR_MD_FILE_IO_ERROR; 789 } 790 791 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ 792 mbedtls_setbuf(f, NULL); 793 794 mbedtls_md_init(&ctx); 795 796 if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { 797 goto cleanup; 798 } 799 800 if ((ret = mbedtls_md_starts(&ctx)) != 0) { 801 goto cleanup; 802 } 803 804 while ((n = fread(buf, 1, sizeof(buf), f)) > 0) { 805 if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) { 806 goto cleanup; 807 } 808 } 809 810 if (ferror(f) != 0) { 811 ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; 812 } else { 813 ret = mbedtls_md_finish(&ctx, output); 814 } 815 816 cleanup: 817 mbedtls_platform_zeroize(buf, sizeof(buf)); 818 fclose(f); 819 mbedtls_md_free(&ctx); 820 821 return ret; 822 } 823 #endif /* MBEDTLS_FS_IO */ 824 825 int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) 826 { 827 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 828 unsigned char sum[MBEDTLS_MD_MAX_SIZE]; 829 unsigned char *ipad, *opad; 830 831 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 832 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 833 } 834 835 if (keylen > (size_t) ctx->md_info->block_size) { 836 if ((ret = mbedtls_md_starts(ctx)) != 0) { 837 goto cleanup; 838 } 839 if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) { 840 goto cleanup; 841 } 842 if ((ret = mbedtls_md_finish(ctx, sum)) != 0) { 843 goto cleanup; 844 } 845 846 keylen = ctx->md_info->size; 847 key = sum; 848 } 849 850 ipad = (unsigned char *) ctx->hmac_ctx; 851 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 852 853 memset(ipad, 0x36, ctx->md_info->block_size); 854 memset(opad, 0x5C, ctx->md_info->block_size); 855 856 mbedtls_xor(ipad, ipad, key, keylen); 857 mbedtls_xor(opad, opad, key, keylen); 858 859 if ((ret = mbedtls_md_starts(ctx)) != 0) { 860 goto cleanup; 861 } 862 if ((ret = mbedtls_md_update(ctx, ipad, 863 ctx->md_info->block_size)) != 0) { 864 goto cleanup; 865 } 866 867 cleanup: 868 mbedtls_platform_zeroize(sum, sizeof(sum)); 869 870 return ret; 871 } 872 873 int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) 874 { 875 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 876 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 877 } 878 879 return mbedtls_md_update(ctx, input, ilen); 880 } 881 882 int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) 883 { 884 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 885 unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; 886 unsigned char *opad; 887 888 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 889 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 890 } 891 892 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 893 894 if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) { 895 return ret; 896 } 897 if ((ret = mbedtls_md_starts(ctx)) != 0) { 898 return ret; 899 } 900 if ((ret = mbedtls_md_update(ctx, opad, 901 ctx->md_info->block_size)) != 0) { 902 return ret; 903 } 904 if ((ret = mbedtls_md_update(ctx, tmp, 905 ctx->md_info->size)) != 0) { 906 return ret; 907 } 908 return mbedtls_md_finish(ctx, output); 909 } 910 911 int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) 912 { 913 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 914 unsigned char *ipad; 915 916 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 917 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 918 } 919 920 ipad = (unsigned char *) ctx->hmac_ctx; 921 922 if ((ret = mbedtls_md_starts(ctx)) != 0) { 923 return ret; 924 } 925 return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size); 926 } 927 928 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, 929 const unsigned char *key, size_t keylen, 930 const unsigned char *input, size_t ilen, 931 unsigned char *output) 932 { 933 mbedtls_md_context_t ctx; 934 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 935 936 if (md_info == NULL) { 937 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 938 } 939 940 mbedtls_md_init(&ctx); 941 942 if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) { 943 goto cleanup; 944 } 945 946 if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) { 947 goto cleanup; 948 } 949 if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) { 950 goto cleanup; 951 } 952 if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) { 953 goto cleanup; 954 } 955 956 cleanup: 957 mbedtls_md_free(&ctx); 958 959 return ret; 960 } 961 962 const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) 963 { 964 if (md_info == NULL) { 965 return NULL; 966 } 967 968 return md_info->name; 969 } 970 971 #endif /* MBEDTLS_MD_C */ 972 973 #endif /* MBEDTLS_MD_LIGHT */ 974