1 /** 2 * \file md.c 3 * 4 * \brief Generic message digest wrapper for Mbed TLS 5 * 6 * \author Adriaan de Jong <dejong@fox-it.com> 7 * 8 * Copyright The Mbed TLS Contributors 9 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 10 */ 11 12 #include "common.h" 13 14 /* 15 * Availability of functions in this module is controlled by two 16 * feature macros: 17 * - MBEDTLS_MD_C enables the whole module; 18 * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing 19 * most hash metadata (everything except string names); is it 20 * automatically set whenever MBEDTLS_MD_C is defined. 21 * 22 * In this file, functions from MD_LIGHT are at the top, MD_C at the end. 23 * 24 * In the future we may want to change the contract of some functions 25 * (behaviour with NULL arguments) depending on whether MD_C is defined or 26 * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. 27 * 28 * For these reasons, we're keeping MD_LIGHT internal for now. 29 */ 30 #if defined(MBEDTLS_MD_LIGHT) 31 32 #include "mbedtls/md.h" 33 #include "md_wrap.h" 34 #include "mbedtls/platform_util.h" 35 #include "mbedtls/error.h" 36 37 #include "mbedtls/md5.h" 38 #include "mbedtls/ripemd160.h" 39 #include "mbedtls/sha1.h" 40 #include "mbedtls/sha256.h" 41 #include "mbedtls/sha512.h" 42 #include "mbedtls/sha3.h" 43 44 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 45 #include <psa/crypto.h> 46 #include "md_psa.h" 47 #include "psa_util_internal.h" 48 #endif 49 50 #if defined(MBEDTLS_MD_SOME_PSA) 51 #include "psa_crypto_core.h" 52 #endif 53 54 #include "mbedtls/platform.h" 55 56 #include <string.h> 57 58 #if defined(MBEDTLS_FS_IO) 59 #include <stdio.h> 60 #endif 61 62 /* See comment above MBEDTLS_MD_MAX_SIZE in md.h */ 63 #if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE 64 #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE" 65 #endif 66 67 #if defined(MBEDTLS_MD_C) 68 #define MD_INFO(type, out_size, block_size) type, out_size, block_size, 69 #else 70 #define MD_INFO(type, out_size, block_size) type, out_size, 71 #endif 72 73 #if defined(MBEDTLS_MD_CAN_MD5) 74 static const mbedtls_md_info_t mbedtls_md5_info = { 75 MD_INFO(MBEDTLS_MD_MD5, 16, 64) 76 }; 77 #endif 78 79 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 80 static const mbedtls_md_info_t mbedtls_ripemd160_info = { 81 MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64) 82 }; 83 #endif 84 85 #if defined(MBEDTLS_MD_CAN_SHA1) 86 static const mbedtls_md_info_t mbedtls_sha1_info = { 87 MD_INFO(MBEDTLS_MD_SHA1, 20, 64) 88 }; 89 #endif 90 91 #if defined(MBEDTLS_MD_CAN_SHA224) 92 static const mbedtls_md_info_t mbedtls_sha224_info = { 93 MD_INFO(MBEDTLS_MD_SHA224, 28, 64) 94 }; 95 #endif 96 97 #if defined(MBEDTLS_MD_CAN_SHA256) 98 static const mbedtls_md_info_t mbedtls_sha256_info = { 99 MD_INFO(MBEDTLS_MD_SHA256, 32, 64) 100 }; 101 #endif 102 103 #if defined(MBEDTLS_MD_CAN_SHA384) 104 static const mbedtls_md_info_t mbedtls_sha384_info = { 105 MD_INFO(MBEDTLS_MD_SHA384, 48, 128) 106 }; 107 #endif 108 109 #if defined(MBEDTLS_MD_CAN_SHA512) 110 static const mbedtls_md_info_t mbedtls_sha512_info = { 111 MD_INFO(MBEDTLS_MD_SHA512, 64, 128) 112 }; 113 #endif 114 115 #if defined(MBEDTLS_MD_CAN_SHA3_224) 116 static const mbedtls_md_info_t mbedtls_sha3_224_info = { 117 MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144) 118 }; 119 #endif 120 121 #if defined(MBEDTLS_MD_CAN_SHA3_256) 122 static const mbedtls_md_info_t mbedtls_sha3_256_info = { 123 MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136) 124 }; 125 #endif 126 127 #if defined(MBEDTLS_MD_CAN_SHA3_384) 128 static const mbedtls_md_info_t mbedtls_sha3_384_info = { 129 MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104) 130 }; 131 #endif 132 133 #if defined(MBEDTLS_MD_CAN_SHA3_512) 134 static const mbedtls_md_info_t mbedtls_sha3_512_info = { 135 MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72) 136 }; 137 #endif 138 139 const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) 140 { 141 switch (md_type) { 142 #if defined(MBEDTLS_MD_CAN_MD5) 143 case MBEDTLS_MD_MD5: 144 return &mbedtls_md5_info; 145 #endif 146 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 147 case MBEDTLS_MD_RIPEMD160: 148 return &mbedtls_ripemd160_info; 149 #endif 150 #if defined(MBEDTLS_MD_CAN_SHA1) 151 case MBEDTLS_MD_SHA1: 152 return &mbedtls_sha1_info; 153 #endif 154 #if defined(MBEDTLS_MD_CAN_SHA224) 155 case MBEDTLS_MD_SHA224: 156 return &mbedtls_sha224_info; 157 #endif 158 #if defined(MBEDTLS_MD_CAN_SHA256) 159 case MBEDTLS_MD_SHA256: 160 return &mbedtls_sha256_info; 161 #endif 162 #if defined(MBEDTLS_MD_CAN_SHA384) 163 case MBEDTLS_MD_SHA384: 164 return &mbedtls_sha384_info; 165 #endif 166 #if defined(MBEDTLS_MD_CAN_SHA512) 167 case MBEDTLS_MD_SHA512: 168 return &mbedtls_sha512_info; 169 #endif 170 #if defined(MBEDTLS_MD_CAN_SHA3_224) 171 case MBEDTLS_MD_SHA3_224: 172 return &mbedtls_sha3_224_info; 173 #endif 174 #if defined(MBEDTLS_MD_CAN_SHA3_256) 175 case MBEDTLS_MD_SHA3_256: 176 return &mbedtls_sha3_256_info; 177 #endif 178 #if defined(MBEDTLS_MD_CAN_SHA3_384) 179 case MBEDTLS_MD_SHA3_384: 180 return &mbedtls_sha3_384_info; 181 #endif 182 #if defined(MBEDTLS_MD_CAN_SHA3_512) 183 case MBEDTLS_MD_SHA3_512: 184 return &mbedtls_sha3_512_info; 185 #endif 186 default: 187 return NULL; 188 } 189 } 190 191 #if defined(MBEDTLS_MD_SOME_PSA) 192 static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info) 193 { 194 switch (info->type) { 195 #if defined(MBEDTLS_MD_MD5_VIA_PSA) 196 case MBEDTLS_MD_MD5: 197 return PSA_ALG_MD5; 198 #endif 199 #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA) 200 case MBEDTLS_MD_RIPEMD160: 201 return PSA_ALG_RIPEMD160; 202 #endif 203 #if defined(MBEDTLS_MD_SHA1_VIA_PSA) 204 case MBEDTLS_MD_SHA1: 205 return PSA_ALG_SHA_1; 206 #endif 207 #if defined(MBEDTLS_MD_SHA224_VIA_PSA) 208 case MBEDTLS_MD_SHA224: 209 return PSA_ALG_SHA_224; 210 #endif 211 #if defined(MBEDTLS_MD_SHA256_VIA_PSA) 212 case MBEDTLS_MD_SHA256: 213 return PSA_ALG_SHA_256; 214 #endif 215 #if defined(MBEDTLS_MD_SHA384_VIA_PSA) 216 case MBEDTLS_MD_SHA384: 217 return PSA_ALG_SHA_384; 218 #endif 219 #if defined(MBEDTLS_MD_SHA512_VIA_PSA) 220 case MBEDTLS_MD_SHA512: 221 return PSA_ALG_SHA_512; 222 #endif 223 #if defined(MBEDTLS_MD_SHA3_224_VIA_PSA) 224 case MBEDTLS_MD_SHA3_224: 225 return PSA_ALG_SHA3_224; 226 #endif 227 #if defined(MBEDTLS_MD_SHA3_256_VIA_PSA) 228 case MBEDTLS_MD_SHA3_256: 229 return PSA_ALG_SHA3_256; 230 #endif 231 #if defined(MBEDTLS_MD_SHA3_384_VIA_PSA) 232 case MBEDTLS_MD_SHA3_384: 233 return PSA_ALG_SHA3_384; 234 #endif 235 #if defined(MBEDTLS_MD_SHA3_512_VIA_PSA) 236 case MBEDTLS_MD_SHA3_512: 237 return PSA_ALG_SHA3_512; 238 #endif 239 default: 240 return PSA_ALG_NONE; 241 } 242 } 243 244 static int md_can_use_psa(const mbedtls_md_info_t *info) 245 { 246 psa_algorithm_t alg = psa_alg_of_md(info); 247 if (alg == PSA_ALG_NONE) { 248 return 0; 249 } 250 251 return psa_can_do_hash(alg); 252 } 253 #endif /* MBEDTLS_MD_SOME_PSA */ 254 255 void mbedtls_md_init(mbedtls_md_context_t *ctx) 256 { 257 /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */ 258 memset(ctx, 0, sizeof(mbedtls_md_context_t)); 259 } 260 261 void mbedtls_md_free(mbedtls_md_context_t *ctx) 262 { 263 if (ctx == NULL || ctx->md_info == NULL) { 264 return; 265 } 266 267 if (ctx->md_ctx != NULL) { 268 #if defined(MBEDTLS_MD_SOME_PSA) 269 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 270 psa_hash_abort(ctx->md_ctx); 271 } else 272 #endif 273 switch (ctx->md_info->type) { 274 #if defined(MBEDTLS_MD5_C) 275 case MBEDTLS_MD_MD5: 276 mbedtls_md5_free(ctx->md_ctx); 277 break; 278 #endif 279 #if defined(MBEDTLS_RIPEMD160_C) 280 case MBEDTLS_MD_RIPEMD160: 281 mbedtls_ripemd160_free(ctx->md_ctx); 282 break; 283 #endif 284 #if defined(MBEDTLS_SHA1_C) 285 case MBEDTLS_MD_SHA1: 286 mbedtls_sha1_free(ctx->md_ctx); 287 break; 288 #endif 289 #if defined(MBEDTLS_SHA224_C) 290 case MBEDTLS_MD_SHA224: 291 mbedtls_sha256_free(ctx->md_ctx); 292 break; 293 #endif 294 #if defined(MBEDTLS_SHA256_C) 295 case MBEDTLS_MD_SHA256: 296 mbedtls_sha256_free(ctx->md_ctx); 297 break; 298 #endif 299 #if defined(MBEDTLS_SHA384_C) 300 case MBEDTLS_MD_SHA384: 301 mbedtls_sha512_free(ctx->md_ctx); 302 break; 303 #endif 304 #if defined(MBEDTLS_SHA512_C) 305 case MBEDTLS_MD_SHA512: 306 mbedtls_sha512_free(ctx->md_ctx); 307 break; 308 #endif 309 #if defined(MBEDTLS_SHA3_C) 310 case MBEDTLS_MD_SHA3_224: 311 case MBEDTLS_MD_SHA3_256: 312 case MBEDTLS_MD_SHA3_384: 313 case MBEDTLS_MD_SHA3_512: 314 mbedtls_sha3_free(ctx->md_ctx); 315 break; 316 #endif 317 default: 318 /* Shouldn't happen */ 319 break; 320 } 321 mbedtls_free(ctx->md_ctx); 322 } 323 324 #if defined(MBEDTLS_MD_C) 325 if (ctx->hmac_ctx != NULL) { 326 mbedtls_zeroize_and_free(ctx->hmac_ctx, 327 2 * ctx->md_info->block_size); 328 } 329 #endif 330 331 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); 332 } 333 334 int mbedtls_md_clone(mbedtls_md_context_t *dst, 335 const mbedtls_md_context_t *src) 336 { 337 if (dst == NULL || dst->md_info == NULL || 338 src == NULL || src->md_info == NULL || 339 dst->md_info != src->md_info) { 340 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 341 } 342 343 #if defined(MBEDTLS_MD_SOME_PSA) 344 if (src->engine != dst->engine) { 345 /* This can happen with src set to legacy because PSA wasn't ready 346 * yet, and dst to PSA because it became ready in the meantime. 347 * We currently don't support that case (we'd need to re-allocate 348 * md_ctx to the size of the appropriate MD context). */ 349 return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; 350 } 351 352 if (src->engine == MBEDTLS_MD_ENGINE_PSA) { 353 psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx); 354 return mbedtls_md_error_from_psa(status); 355 } 356 #endif 357 358 switch (src->md_info->type) { 359 #if defined(MBEDTLS_MD5_C) 360 case MBEDTLS_MD_MD5: 361 mbedtls_md5_clone(dst->md_ctx, src->md_ctx); 362 break; 363 #endif 364 #if defined(MBEDTLS_RIPEMD160_C) 365 case MBEDTLS_MD_RIPEMD160: 366 mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx); 367 break; 368 #endif 369 #if defined(MBEDTLS_SHA1_C) 370 case MBEDTLS_MD_SHA1: 371 mbedtls_sha1_clone(dst->md_ctx, src->md_ctx); 372 break; 373 #endif 374 #if defined(MBEDTLS_SHA224_C) 375 case MBEDTLS_MD_SHA224: 376 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); 377 break; 378 #endif 379 #if defined(MBEDTLS_SHA256_C) 380 case MBEDTLS_MD_SHA256: 381 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); 382 break; 383 #endif 384 #if defined(MBEDTLS_SHA384_C) 385 case MBEDTLS_MD_SHA384: 386 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); 387 break; 388 #endif 389 #if defined(MBEDTLS_SHA512_C) 390 case MBEDTLS_MD_SHA512: 391 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); 392 break; 393 #endif 394 #if defined(MBEDTLS_SHA3_C) 395 case MBEDTLS_MD_SHA3_224: 396 case MBEDTLS_MD_SHA3_256: 397 case MBEDTLS_MD_SHA3_384: 398 case MBEDTLS_MD_SHA3_512: 399 mbedtls_sha3_clone(dst->md_ctx, src->md_ctx); 400 break; 401 #endif 402 default: 403 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 404 } 405 406 if (dst->hmac_ctx != NULL && src->hmac_ctx != NULL) 407 memcpy(dst->hmac_ctx, src->hmac_ctx, 2 * src->md_info->block_size); 408 409 return 0; 410 } 411 412 #define ALLOC(type) \ 413 do { \ 414 ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ 415 if (ctx->md_ctx == NULL) \ 416 return MBEDTLS_ERR_MD_ALLOC_FAILED; \ 417 mbedtls_##type##_init(ctx->md_ctx); \ 418 } \ 419 while (0) 420 421 int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) 422 { 423 #if defined(MBEDTLS_MD_C) 424 if (ctx == NULL) { 425 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 426 } 427 #endif 428 if (md_info == NULL) { 429 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 430 } 431 432 ctx->md_info = md_info; 433 ctx->md_ctx = NULL; 434 #if defined(MBEDTLS_MD_C) 435 ctx->hmac_ctx = NULL; 436 #else 437 if (hmac != 0) { 438 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 439 } 440 #endif 441 442 #if defined(MBEDTLS_MD_SOME_PSA) 443 if (md_can_use_psa(ctx->md_info)) { 444 ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); 445 if (ctx->md_ctx == NULL) { 446 return MBEDTLS_ERR_MD_ALLOC_FAILED; 447 } 448 ctx->engine = MBEDTLS_MD_ENGINE_PSA; 449 } else 450 #endif 451 switch (md_info->type) { 452 #if defined(MBEDTLS_MD5_C) 453 case MBEDTLS_MD_MD5: 454 ALLOC(md5); 455 break; 456 #endif 457 #if defined(MBEDTLS_RIPEMD160_C) 458 case MBEDTLS_MD_RIPEMD160: 459 ALLOC(ripemd160); 460 break; 461 #endif 462 #if defined(MBEDTLS_SHA1_C) 463 case MBEDTLS_MD_SHA1: 464 ALLOC(sha1); 465 break; 466 #endif 467 #if defined(MBEDTLS_SHA224_C) 468 case MBEDTLS_MD_SHA224: 469 ALLOC(sha256); 470 break; 471 #endif 472 #if defined(MBEDTLS_SHA256_C) 473 case MBEDTLS_MD_SHA256: 474 ALLOC(sha256); 475 break; 476 #endif 477 #if defined(MBEDTLS_SHA384_C) 478 case MBEDTLS_MD_SHA384: 479 ALLOC(sha512); 480 break; 481 #endif 482 #if defined(MBEDTLS_SHA512_C) 483 case MBEDTLS_MD_SHA512: 484 ALLOC(sha512); 485 break; 486 #endif 487 #if defined(MBEDTLS_SHA3_C) 488 case MBEDTLS_MD_SHA3_224: 489 case MBEDTLS_MD_SHA3_256: 490 case MBEDTLS_MD_SHA3_384: 491 case MBEDTLS_MD_SHA3_512: 492 ALLOC(sha3); 493 break; 494 #endif 495 default: 496 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 497 } 498 499 #if defined(MBEDTLS_MD_C) 500 if (hmac != 0) { 501 ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); 502 if (ctx->hmac_ctx == NULL) { 503 mbedtls_md_free(ctx); 504 return MBEDTLS_ERR_MD_ALLOC_FAILED; 505 } 506 } 507 #endif 508 509 return 0; 510 } 511 #undef ALLOC 512 513 int mbedtls_md_starts(mbedtls_md_context_t *ctx) 514 { 515 #if defined(MBEDTLS_MD_C) 516 if (ctx == NULL || ctx->md_info == NULL) { 517 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 518 } 519 #endif 520 521 #if defined(MBEDTLS_MD_SOME_PSA) 522 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 523 psa_algorithm_t alg = psa_alg_of_md(ctx->md_info); 524 psa_hash_abort(ctx->md_ctx); 525 psa_status_t status = psa_hash_setup(ctx->md_ctx, alg); 526 return mbedtls_md_error_from_psa(status); 527 } 528 #endif 529 530 switch (ctx->md_info->type) { 531 #if defined(MBEDTLS_MD5_C) 532 case MBEDTLS_MD_MD5: 533 return mbedtls_md5_starts(ctx->md_ctx); 534 #endif 535 #if defined(MBEDTLS_RIPEMD160_C) 536 case MBEDTLS_MD_RIPEMD160: 537 return mbedtls_ripemd160_starts(ctx->md_ctx); 538 #endif 539 #if defined(MBEDTLS_SHA1_C) 540 case MBEDTLS_MD_SHA1: 541 return mbedtls_sha1_starts(ctx->md_ctx); 542 #endif 543 #if defined(MBEDTLS_SHA224_C) 544 case MBEDTLS_MD_SHA224: 545 return mbedtls_sha256_starts(ctx->md_ctx, 1); 546 #endif 547 #if defined(MBEDTLS_SHA256_C) 548 case MBEDTLS_MD_SHA256: 549 return mbedtls_sha256_starts(ctx->md_ctx, 0); 550 #endif 551 #if defined(MBEDTLS_SHA384_C) 552 case MBEDTLS_MD_SHA384: 553 return mbedtls_sha512_starts(ctx->md_ctx, 1); 554 #endif 555 #if defined(MBEDTLS_SHA512_C) 556 case MBEDTLS_MD_SHA512: 557 return mbedtls_sha512_starts(ctx->md_ctx, 0); 558 #endif 559 #if defined(MBEDTLS_SHA3_C) 560 case MBEDTLS_MD_SHA3_224: 561 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224); 562 case MBEDTLS_MD_SHA3_256: 563 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256); 564 case MBEDTLS_MD_SHA3_384: 565 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384); 566 case MBEDTLS_MD_SHA3_512: 567 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512); 568 #endif 569 default: 570 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 571 } 572 } 573 574 int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) 575 { 576 #if defined(MBEDTLS_MD_C) 577 if (ctx == NULL || ctx->md_info == NULL) { 578 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 579 } 580 #endif 581 582 #if defined(MBEDTLS_MD_SOME_PSA) 583 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 584 psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen); 585 return mbedtls_md_error_from_psa(status); 586 } 587 #endif 588 589 switch (ctx->md_info->type) { 590 #if defined(MBEDTLS_MD5_C) 591 case MBEDTLS_MD_MD5: 592 return mbedtls_md5_update(ctx->md_ctx, input, ilen); 593 #endif 594 #if defined(MBEDTLS_RIPEMD160_C) 595 case MBEDTLS_MD_RIPEMD160: 596 return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen); 597 #endif 598 #if defined(MBEDTLS_SHA1_C) 599 case MBEDTLS_MD_SHA1: 600 return mbedtls_sha1_update(ctx->md_ctx, input, ilen); 601 #endif 602 #if defined(MBEDTLS_SHA224_C) 603 case MBEDTLS_MD_SHA224: 604 return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 605 #endif 606 #if defined(MBEDTLS_SHA256_C) 607 case MBEDTLS_MD_SHA256: 608 return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 609 #endif 610 #if defined(MBEDTLS_SHA384_C) 611 case MBEDTLS_MD_SHA384: 612 return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 613 #endif 614 #if defined(MBEDTLS_SHA512_C) 615 case MBEDTLS_MD_SHA512: 616 return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 617 #endif 618 #if defined(MBEDTLS_SHA3_C) 619 case MBEDTLS_MD_SHA3_224: 620 case MBEDTLS_MD_SHA3_256: 621 case MBEDTLS_MD_SHA3_384: 622 case MBEDTLS_MD_SHA3_512: 623 return mbedtls_sha3_update(ctx->md_ctx, input, ilen); 624 #endif 625 default: 626 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 627 } 628 } 629 630 int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) 631 { 632 #if defined(MBEDTLS_MD_C) 633 if (ctx == NULL || ctx->md_info == NULL) { 634 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 635 } 636 #endif 637 638 #if defined(MBEDTLS_MD_SOME_PSA) 639 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 640 size_t size = ctx->md_info->size; 641 psa_status_t status = psa_hash_finish(ctx->md_ctx, 642 output, size, &size); 643 return mbedtls_md_error_from_psa(status); 644 } 645 #endif 646 647 switch (ctx->md_info->type) { 648 #if defined(MBEDTLS_MD5_C) 649 case MBEDTLS_MD_MD5: 650 return mbedtls_md5_finish(ctx->md_ctx, output); 651 #endif 652 #if defined(MBEDTLS_RIPEMD160_C) 653 case MBEDTLS_MD_RIPEMD160: 654 return mbedtls_ripemd160_finish(ctx->md_ctx, output); 655 #endif 656 #if defined(MBEDTLS_SHA1_C) 657 case MBEDTLS_MD_SHA1: 658 return mbedtls_sha1_finish(ctx->md_ctx, output); 659 #endif 660 #if defined(MBEDTLS_SHA224_C) 661 case MBEDTLS_MD_SHA224: 662 return mbedtls_sha256_finish(ctx->md_ctx, output); 663 #endif 664 #if defined(MBEDTLS_SHA256_C) 665 case MBEDTLS_MD_SHA256: 666 return mbedtls_sha256_finish(ctx->md_ctx, output); 667 #endif 668 #if defined(MBEDTLS_SHA384_C) 669 case MBEDTLS_MD_SHA384: 670 return mbedtls_sha512_finish(ctx->md_ctx, output); 671 #endif 672 #if defined(MBEDTLS_SHA512_C) 673 case MBEDTLS_MD_SHA512: 674 return mbedtls_sha512_finish(ctx->md_ctx, output); 675 #endif 676 #if defined(MBEDTLS_SHA3_C) 677 case MBEDTLS_MD_SHA3_224: 678 case MBEDTLS_MD_SHA3_256: 679 case MBEDTLS_MD_SHA3_384: 680 case MBEDTLS_MD_SHA3_512: 681 return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size); 682 #endif 683 default: 684 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 685 } 686 } 687 688 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, 689 unsigned char *output) 690 { 691 if (md_info == NULL) { 692 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 693 } 694 695 #if defined(MBEDTLS_MD_SOME_PSA) 696 if (md_can_use_psa(md_info)) { 697 size_t size = md_info->size; 698 psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info), 699 input, ilen, 700 output, size, &size); 701 return mbedtls_md_error_from_psa(status); 702 } 703 #endif 704 705 switch (md_info->type) { 706 #if defined(MBEDTLS_MD5_C) 707 case MBEDTLS_MD_MD5: 708 return mbedtls_md5(input, ilen, output); 709 #endif 710 #if defined(MBEDTLS_RIPEMD160_C) 711 case MBEDTLS_MD_RIPEMD160: 712 return mbedtls_ripemd160(input, ilen, output); 713 #endif 714 #if defined(MBEDTLS_SHA1_C) 715 case MBEDTLS_MD_SHA1: 716 return mbedtls_sha1(input, ilen, output); 717 #endif 718 #if defined(MBEDTLS_SHA224_C) 719 case MBEDTLS_MD_SHA224: 720 return mbedtls_sha256(input, ilen, output, 1); 721 #endif 722 #if defined(MBEDTLS_SHA256_C) 723 case MBEDTLS_MD_SHA256: 724 return mbedtls_sha256(input, ilen, output, 0); 725 #endif 726 #if defined(MBEDTLS_SHA384_C) 727 case MBEDTLS_MD_SHA384: 728 return mbedtls_sha512(input, ilen, output, 1); 729 #endif 730 #if defined(MBEDTLS_SHA512_C) 731 case MBEDTLS_MD_SHA512: 732 return mbedtls_sha512(input, ilen, output, 0); 733 #endif 734 #if defined(MBEDTLS_SHA3_C) 735 case MBEDTLS_MD_SHA3_224: 736 return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size); 737 case MBEDTLS_MD_SHA3_256: 738 return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size); 739 case MBEDTLS_MD_SHA3_384: 740 return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size); 741 case MBEDTLS_MD_SHA3_512: 742 return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size); 743 #endif 744 default: 745 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 746 } 747 } 748 749 unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) 750 { 751 if (md_info == NULL) { 752 return 0; 753 } 754 755 return md_info->size; 756 } 757 758 mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) 759 { 760 if (md_info == NULL) { 761 return MBEDTLS_MD_NONE; 762 } 763 764 return md_info->type; 765 } 766 767 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 768 int mbedtls_md_error_from_psa(psa_status_t status) 769 { 770 return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, 771 psa_generic_status_to_mbedtls); 772 } 773 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ 774 775 776 /************************************************************************ 777 * Functions above this separator are part of MBEDTLS_MD_LIGHT, * 778 * functions below are only available when MBEDTLS_MD_C is set. * 779 ************************************************************************/ 780 #if defined(MBEDTLS_MD_C) 781 782 /* 783 * Reminder: update profiles in x509_crt.c when adding a new hash! 784 */ 785 static const int supported_digests[] = { 786 787 #if defined(MBEDTLS_MD_CAN_SHA512) 788 MBEDTLS_MD_SHA512, 789 #endif 790 791 #if defined(MBEDTLS_MD_CAN_SHA384) 792 MBEDTLS_MD_SHA384, 793 #endif 794 795 #if defined(MBEDTLS_MD_CAN_SHA256) 796 MBEDTLS_MD_SHA256, 797 #endif 798 #if defined(MBEDTLS_MD_CAN_SHA224) 799 MBEDTLS_MD_SHA224, 800 #endif 801 802 #if defined(MBEDTLS_MD_CAN_SHA1) 803 MBEDTLS_MD_SHA1, 804 #endif 805 806 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 807 MBEDTLS_MD_RIPEMD160, 808 #endif 809 810 #if defined(MBEDTLS_MD_CAN_MD5) 811 MBEDTLS_MD_MD5, 812 #endif 813 814 #if defined(MBEDTLS_MD_CAN_SHA3_224) 815 MBEDTLS_MD_SHA3_224, 816 #endif 817 818 #if defined(MBEDTLS_MD_CAN_SHA3_256) 819 MBEDTLS_MD_SHA3_256, 820 #endif 821 822 #if defined(MBEDTLS_MD_CAN_SHA3_384) 823 MBEDTLS_MD_SHA3_384, 824 #endif 825 826 #if defined(MBEDTLS_MD_CAN_SHA3_512) 827 MBEDTLS_MD_SHA3_512, 828 #endif 829 830 MBEDTLS_MD_NONE 831 }; 832 833 const int *mbedtls_md_list(void) 834 { 835 return supported_digests; 836 } 837 838 typedef struct { 839 const char *md_name; 840 mbedtls_md_type_t md_type; 841 } md_name_entry; 842 843 static const md_name_entry md_names[] = { 844 #if defined(MBEDTLS_MD_CAN_MD5) 845 { "MD5", MBEDTLS_MD_MD5 }, 846 #endif 847 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 848 { "RIPEMD160", MBEDTLS_MD_RIPEMD160 }, 849 #endif 850 #if defined(MBEDTLS_MD_CAN_SHA1) 851 { "SHA1", MBEDTLS_MD_SHA1 }, 852 { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback 853 #endif 854 #if defined(MBEDTLS_MD_CAN_SHA224) 855 { "SHA224", MBEDTLS_MD_SHA224 }, 856 #endif 857 #if defined(MBEDTLS_MD_CAN_SHA256) 858 { "SHA256", MBEDTLS_MD_SHA256 }, 859 #endif 860 #if defined(MBEDTLS_MD_CAN_SHA384) 861 { "SHA384", MBEDTLS_MD_SHA384 }, 862 #endif 863 #if defined(MBEDTLS_MD_CAN_SHA512) 864 { "SHA512", MBEDTLS_MD_SHA512 }, 865 #endif 866 #if defined(MBEDTLS_MD_CAN_SHA3_224) 867 { "SHA3-224", MBEDTLS_MD_SHA3_224 }, 868 #endif 869 #if defined(MBEDTLS_MD_CAN_SHA3_256) 870 { "SHA3-256", MBEDTLS_MD_SHA3_256 }, 871 #endif 872 #if defined(MBEDTLS_MD_CAN_SHA3_384) 873 { "SHA3-384", MBEDTLS_MD_SHA3_384 }, 874 #endif 875 #if defined(MBEDTLS_MD_CAN_SHA3_512) 876 { "SHA3-512", MBEDTLS_MD_SHA3_512 }, 877 #endif 878 { NULL, MBEDTLS_MD_NONE }, 879 }; 880 881 const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) 882 { 883 if (NULL == md_name) { 884 return NULL; 885 } 886 887 const md_name_entry *entry = md_names; 888 while (entry->md_name != NULL && 889 strcmp(entry->md_name, md_name) != 0) { 890 ++entry; 891 } 892 893 return mbedtls_md_info_from_type(entry->md_type); 894 } 895 896 const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) 897 { 898 if (md_info == NULL) { 899 return NULL; 900 } 901 902 const md_name_entry *entry = md_names; 903 while (entry->md_type != MBEDTLS_MD_NONE && 904 entry->md_type != md_info->type) { 905 ++entry; 906 } 907 908 return entry->md_name; 909 } 910 911 const mbedtls_md_info_t *mbedtls_md_info_from_ctx( 912 const mbedtls_md_context_t *ctx) 913 { 914 if (ctx == NULL) { 915 return NULL; 916 } 917 918 return ctx->MBEDTLS_PRIVATE(md_info); 919 } 920 921 #if defined(MBEDTLS_FS_IO) 922 int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) 923 { 924 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 925 FILE *f; 926 size_t n; 927 mbedtls_md_context_t ctx; 928 unsigned char buf[1024]; 929 930 if (md_info == NULL) { 931 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 932 } 933 934 if ((f = fopen(path, "rb")) == NULL) { 935 return MBEDTLS_ERR_MD_FILE_IO_ERROR; 936 } 937 938 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ 939 mbedtls_setbuf(f, NULL); 940 941 mbedtls_md_init(&ctx); 942 943 if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { 944 goto cleanup; 945 } 946 947 if ((ret = mbedtls_md_starts(&ctx)) != 0) { 948 goto cleanup; 949 } 950 951 while ((n = fread(buf, 1, sizeof(buf), f)) > 0) { 952 if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) { 953 goto cleanup; 954 } 955 } 956 957 if (ferror(f) != 0) { 958 ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; 959 } else { 960 ret = mbedtls_md_finish(&ctx, output); 961 } 962 963 cleanup: 964 mbedtls_platform_zeroize(buf, sizeof(buf)); 965 fclose(f); 966 mbedtls_md_free(&ctx); 967 968 return ret; 969 } 970 #endif /* MBEDTLS_FS_IO */ 971 972 int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) 973 { 974 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 975 unsigned char sum[MBEDTLS_MD_MAX_SIZE]; 976 unsigned char *ipad, *opad; 977 978 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 979 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 980 } 981 982 if (keylen > (size_t) ctx->md_info->block_size) { 983 if ((ret = mbedtls_md_starts(ctx)) != 0) { 984 goto cleanup; 985 } 986 if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) { 987 goto cleanup; 988 } 989 if ((ret = mbedtls_md_finish(ctx, sum)) != 0) { 990 goto cleanup; 991 } 992 993 keylen = ctx->md_info->size; 994 key = sum; 995 } 996 997 ipad = (unsigned char *) ctx->hmac_ctx; 998 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 999 1000 memset(ipad, 0x36, ctx->md_info->block_size); 1001 memset(opad, 0x5C, ctx->md_info->block_size); 1002 1003 mbedtls_xor(ipad, ipad, key, keylen); 1004 mbedtls_xor(opad, opad, key, keylen); 1005 1006 if ((ret = mbedtls_md_starts(ctx)) != 0) { 1007 goto cleanup; 1008 } 1009 if ((ret = mbedtls_md_update(ctx, ipad, 1010 ctx->md_info->block_size)) != 0) { 1011 goto cleanup; 1012 } 1013 1014 cleanup: 1015 mbedtls_platform_zeroize(sum, sizeof(sum)); 1016 1017 return ret; 1018 } 1019 1020 int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) 1021 { 1022 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 1023 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1024 } 1025 1026 return mbedtls_md_update(ctx, input, ilen); 1027 } 1028 1029 int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) 1030 { 1031 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1032 unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; 1033 unsigned char *opad; 1034 1035 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 1036 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1037 } 1038 1039 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 1040 1041 if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) { 1042 return ret; 1043 } 1044 if ((ret = mbedtls_md_starts(ctx)) != 0) { 1045 return ret; 1046 } 1047 if ((ret = mbedtls_md_update(ctx, opad, 1048 ctx->md_info->block_size)) != 0) { 1049 return ret; 1050 } 1051 if ((ret = mbedtls_md_update(ctx, tmp, 1052 ctx->md_info->size)) != 0) { 1053 return ret; 1054 } 1055 return mbedtls_md_finish(ctx, output); 1056 } 1057 1058 int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) 1059 { 1060 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1061 unsigned char *ipad; 1062 1063 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { 1064 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1065 } 1066 1067 ipad = (unsigned char *) ctx->hmac_ctx; 1068 1069 if ((ret = mbedtls_md_starts(ctx)) != 0) { 1070 return ret; 1071 } 1072 return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size); 1073 } 1074 1075 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, 1076 const unsigned char *key, size_t keylen, 1077 const unsigned char *input, size_t ilen, 1078 unsigned char *output) 1079 { 1080 mbedtls_md_context_t ctx; 1081 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1082 1083 if (md_info == NULL) { 1084 return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 1085 } 1086 1087 mbedtls_md_init(&ctx); 1088 1089 if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) { 1090 goto cleanup; 1091 } 1092 1093 if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) { 1094 goto cleanup; 1095 } 1096 if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) { 1097 goto cleanup; 1098 } 1099 if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) { 1100 goto cleanup; 1101 } 1102 1103 cleanup: 1104 mbedtls_md_free(&ctx); 1105 1106 return ret; 1107 } 1108 1109 #endif /* MBEDTLS_MD_C */ 1110 1111 #endif /* MBEDTLS_MD_LIGHT */ 1112