1 /**
2 * \file md.c
3 *
4 * \brief Generic message digest wrapper for Mbed TLS
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
8 * Copyright The Mbed TLS Contributors
9 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10 */
11
12 #include "common.h"
13
14 /*
15 * Availability of functions in this module is controlled by two
16 * feature macros:
17 * - MBEDTLS_MD_C enables the whole module;
18 * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
19 * most hash metadata (everything except string names); is it
20 * automatically set whenever MBEDTLS_MD_C is defined.
21 *
22 * In this file, functions from MD_LIGHT are at the top, MD_C at the end.
23 *
24 * In the future we may want to change the contract of some functions
25 * (behaviour with NULL arguments) depending on whether MD_C is defined or
26 * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary.
27 *
28 * For these reasons, we're keeping MD_LIGHT internal for now.
29 */
30 #if defined(MBEDTLS_MD_LIGHT)
31
32 #include "mbedtls/md.h"
33 #include "md_wrap.h"
34 #include "mbedtls/platform_util.h"
35 #include "mbedtls/error.h"
36
37 #include "mbedtls/md5.h"
38 #include "mbedtls/ripemd160.h"
39 #include "mbedtls/sha1.h"
40 #include "mbedtls/sha256.h"
41 #include "mbedtls/sha512.h"
42 #include "mbedtls/sha3.h"
43
44 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
45 #include <psa/crypto.h>
46 #include "md_psa.h"
47 #include "psa_util_internal.h"
48 #endif
49
50 #if defined(MBEDTLS_MD_SOME_PSA)
51 #include "psa_crypto_core.h"
52 #endif
53
54 #include "mbedtls/platform.h"
55
56 #include <string.h>
57
58 #if defined(MBEDTLS_FS_IO)
59 #include <stdio.h>
60 #endif
61
62 /* See comment above MBEDTLS_MD_MAX_SIZE in md.h */
63 #if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE
64 #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE"
65 #endif
66
67 #if defined(MBEDTLS_MD_C)
68 #define MD_INFO(type, out_size, block_size) type, out_size, block_size,
69 #else
70 #define MD_INFO(type, out_size, block_size) type, out_size,
71 #endif
72
73 #if defined(MBEDTLS_MD_CAN_MD5)
74 static const mbedtls_md_info_t mbedtls_md5_info = {
75 MD_INFO(MBEDTLS_MD_MD5, 16, 64)
76 };
77 #endif
78
79 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
80 static const mbedtls_md_info_t mbedtls_ripemd160_info = {
81 MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64)
82 };
83 #endif
84
85 #if defined(MBEDTLS_MD_CAN_SHA1)
86 static const mbedtls_md_info_t mbedtls_sha1_info = {
87 MD_INFO(MBEDTLS_MD_SHA1, 20, 64)
88 };
89 #endif
90
91 #if defined(MBEDTLS_MD_CAN_SHA224)
92 static const mbedtls_md_info_t mbedtls_sha224_info = {
93 MD_INFO(MBEDTLS_MD_SHA224, 28, 64)
94 };
95 #endif
96
97 #if defined(MBEDTLS_MD_CAN_SHA256)
98 static const mbedtls_md_info_t mbedtls_sha256_info = {
99 MD_INFO(MBEDTLS_MD_SHA256, 32, 64)
100 };
101 #endif
102
103 #if defined(MBEDTLS_MD_CAN_SHA384)
104 static const mbedtls_md_info_t mbedtls_sha384_info = {
105 MD_INFO(MBEDTLS_MD_SHA384, 48, 128)
106 };
107 #endif
108
109 #if defined(MBEDTLS_MD_CAN_SHA512)
110 static const mbedtls_md_info_t mbedtls_sha512_info = {
111 MD_INFO(MBEDTLS_MD_SHA512, 64, 128)
112 };
113 #endif
114
115 #if defined(MBEDTLS_MD_CAN_SHA3_224)
116 static const mbedtls_md_info_t mbedtls_sha3_224_info = {
117 MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144)
118 };
119 #endif
120
121 #if defined(MBEDTLS_MD_CAN_SHA3_256)
122 static const mbedtls_md_info_t mbedtls_sha3_256_info = {
123 MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136)
124 };
125 #endif
126
127 #if defined(MBEDTLS_MD_CAN_SHA3_384)
128 static const mbedtls_md_info_t mbedtls_sha3_384_info = {
129 MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104)
130 };
131 #endif
132
133 #if defined(MBEDTLS_MD_CAN_SHA3_512)
134 static const mbedtls_md_info_t mbedtls_sha3_512_info = {
135 MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
136 };
137 #endif
138
mbedtls_md_info_from_type(mbedtls_md_type_t md_type)139 const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
140 {
141 switch (md_type) {
142 #if defined(MBEDTLS_MD_CAN_MD5)
143 case MBEDTLS_MD_MD5:
144 return &mbedtls_md5_info;
145 #endif
146 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
147 case MBEDTLS_MD_RIPEMD160:
148 return &mbedtls_ripemd160_info;
149 #endif
150 #if defined(MBEDTLS_MD_CAN_SHA1)
151 case MBEDTLS_MD_SHA1:
152 return &mbedtls_sha1_info;
153 #endif
154 #if defined(MBEDTLS_MD_CAN_SHA224)
155 case MBEDTLS_MD_SHA224:
156 return &mbedtls_sha224_info;
157 #endif
158 #if defined(MBEDTLS_MD_CAN_SHA256)
159 case MBEDTLS_MD_SHA256:
160 return &mbedtls_sha256_info;
161 #endif
162 #if defined(MBEDTLS_MD_CAN_SHA384)
163 case MBEDTLS_MD_SHA384:
164 return &mbedtls_sha384_info;
165 #endif
166 #if defined(MBEDTLS_MD_CAN_SHA512)
167 case MBEDTLS_MD_SHA512:
168 return &mbedtls_sha512_info;
169 #endif
170 #if defined(MBEDTLS_MD_CAN_SHA3_224)
171 case MBEDTLS_MD_SHA3_224:
172 return &mbedtls_sha3_224_info;
173 #endif
174 #if defined(MBEDTLS_MD_CAN_SHA3_256)
175 case MBEDTLS_MD_SHA3_256:
176 return &mbedtls_sha3_256_info;
177 #endif
178 #if defined(MBEDTLS_MD_CAN_SHA3_384)
179 case MBEDTLS_MD_SHA3_384:
180 return &mbedtls_sha3_384_info;
181 #endif
182 #if defined(MBEDTLS_MD_CAN_SHA3_512)
183 case MBEDTLS_MD_SHA3_512:
184 return &mbedtls_sha3_512_info;
185 #endif
186 default:
187 return NULL;
188 }
189 }
190
191 #if defined(MBEDTLS_MD_SOME_PSA)
psa_alg_of_md(const mbedtls_md_info_t * info)192 static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info)
193 {
194 switch (info->type) {
195 #if defined(MBEDTLS_MD_MD5_VIA_PSA)
196 case MBEDTLS_MD_MD5:
197 return PSA_ALG_MD5;
198 #endif
199 #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA)
200 case MBEDTLS_MD_RIPEMD160:
201 return PSA_ALG_RIPEMD160;
202 #endif
203 #if defined(MBEDTLS_MD_SHA1_VIA_PSA)
204 case MBEDTLS_MD_SHA1:
205 return PSA_ALG_SHA_1;
206 #endif
207 #if defined(MBEDTLS_MD_SHA224_VIA_PSA)
208 case MBEDTLS_MD_SHA224:
209 return PSA_ALG_SHA_224;
210 #endif
211 #if defined(MBEDTLS_MD_SHA256_VIA_PSA)
212 case MBEDTLS_MD_SHA256:
213 return PSA_ALG_SHA_256;
214 #endif
215 #if defined(MBEDTLS_MD_SHA384_VIA_PSA)
216 case MBEDTLS_MD_SHA384:
217 return PSA_ALG_SHA_384;
218 #endif
219 #if defined(MBEDTLS_MD_SHA512_VIA_PSA)
220 case MBEDTLS_MD_SHA512:
221 return PSA_ALG_SHA_512;
222 #endif
223 #if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
224 case MBEDTLS_MD_SHA3_224:
225 return PSA_ALG_SHA3_224;
226 #endif
227 #if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
228 case MBEDTLS_MD_SHA3_256:
229 return PSA_ALG_SHA3_256;
230 #endif
231 #if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
232 case MBEDTLS_MD_SHA3_384:
233 return PSA_ALG_SHA3_384;
234 #endif
235 #if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
236 case MBEDTLS_MD_SHA3_512:
237 return PSA_ALG_SHA3_512;
238 #endif
239 default:
240 return PSA_ALG_NONE;
241 }
242 }
243
md_can_use_psa(const mbedtls_md_info_t * info)244 static int md_can_use_psa(const mbedtls_md_info_t *info)
245 {
246 psa_algorithm_t alg = psa_alg_of_md(info);
247 if (alg == PSA_ALG_NONE) {
248 return 0;
249 }
250
251 return psa_can_do_hash(alg);
252 }
253 #endif /* MBEDTLS_MD_SOME_PSA */
254
mbedtls_md_init(mbedtls_md_context_t * ctx)255 void mbedtls_md_init(mbedtls_md_context_t *ctx)
256 {
257 /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */
258 memset(ctx, 0, sizeof(mbedtls_md_context_t));
259 }
260
mbedtls_md_free(mbedtls_md_context_t * ctx)261 void mbedtls_md_free(mbedtls_md_context_t *ctx)
262 {
263 if (ctx == NULL || ctx->md_info == NULL) {
264 return;
265 }
266
267 if (ctx->md_ctx != NULL) {
268 #if defined(MBEDTLS_MD_SOME_PSA)
269 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
270 psa_hash_abort(ctx->md_ctx);
271 } else
272 #endif
273 switch (ctx->md_info->type) {
274 #if defined(MBEDTLS_MD5_C)
275 case MBEDTLS_MD_MD5:
276 mbedtls_md5_free(ctx->md_ctx);
277 break;
278 #endif
279 #if defined(MBEDTLS_RIPEMD160_C)
280 case MBEDTLS_MD_RIPEMD160:
281 mbedtls_ripemd160_free(ctx->md_ctx);
282 break;
283 #endif
284 #if defined(MBEDTLS_SHA1_C)
285 case MBEDTLS_MD_SHA1:
286 mbedtls_sha1_free(ctx->md_ctx);
287 break;
288 #endif
289 #if defined(MBEDTLS_SHA224_C)
290 case MBEDTLS_MD_SHA224:
291 mbedtls_sha256_free(ctx->md_ctx);
292 break;
293 #endif
294 #if defined(MBEDTLS_SHA256_C)
295 case MBEDTLS_MD_SHA256:
296 mbedtls_sha256_free(ctx->md_ctx);
297 break;
298 #endif
299 #if defined(MBEDTLS_SHA384_C)
300 case MBEDTLS_MD_SHA384:
301 mbedtls_sha512_free(ctx->md_ctx);
302 break;
303 #endif
304 #if defined(MBEDTLS_SHA512_C)
305 case MBEDTLS_MD_SHA512:
306 mbedtls_sha512_free(ctx->md_ctx);
307 break;
308 #endif
309 #if defined(MBEDTLS_SHA3_C)
310 case MBEDTLS_MD_SHA3_224:
311 case MBEDTLS_MD_SHA3_256:
312 case MBEDTLS_MD_SHA3_384:
313 case MBEDTLS_MD_SHA3_512:
314 mbedtls_sha3_free(ctx->md_ctx);
315 break;
316 #endif
317 default:
318 /* Shouldn't happen */
319 break;
320 }
321 mbedtls_free(ctx->md_ctx);
322 }
323
324 #if defined(MBEDTLS_MD_C)
325 if (ctx->hmac_ctx != NULL) {
326 mbedtls_zeroize_and_free(ctx->hmac_ctx,
327 2 * ctx->md_info->block_size);
328 }
329 #endif
330
331 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t));
332 }
333
mbedtls_md_clone(mbedtls_md_context_t * dst,const mbedtls_md_context_t * src)334 int mbedtls_md_clone(mbedtls_md_context_t *dst,
335 const mbedtls_md_context_t *src)
336 {
337 if (dst == NULL || dst->md_info == NULL ||
338 src == NULL || src->md_info == NULL ||
339 dst->md_info != src->md_info) {
340 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
341 }
342
343 #if defined(MBEDTLS_MD_SOME_PSA)
344 if (src->engine != dst->engine) {
345 /* This can happen with src set to legacy because PSA wasn't ready
346 * yet, and dst to PSA because it became ready in the meantime.
347 * We currently don't support that case (we'd need to re-allocate
348 * md_ctx to the size of the appropriate MD context). */
349 return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
350 }
351
352 if (src->engine == MBEDTLS_MD_ENGINE_PSA) {
353 psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx);
354 return mbedtls_md_error_from_psa(status);
355 }
356 #endif
357
358 switch (src->md_info->type) {
359 #if defined(MBEDTLS_MD5_C)
360 case MBEDTLS_MD_MD5:
361 mbedtls_md5_clone(dst->md_ctx, src->md_ctx);
362 break;
363 #endif
364 #if defined(MBEDTLS_RIPEMD160_C)
365 case MBEDTLS_MD_RIPEMD160:
366 mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx);
367 break;
368 #endif
369 #if defined(MBEDTLS_SHA1_C)
370 case MBEDTLS_MD_SHA1:
371 mbedtls_sha1_clone(dst->md_ctx, src->md_ctx);
372 break;
373 #endif
374 #if defined(MBEDTLS_SHA224_C)
375 case MBEDTLS_MD_SHA224:
376 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
377 break;
378 #endif
379 #if defined(MBEDTLS_SHA256_C)
380 case MBEDTLS_MD_SHA256:
381 mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
382 break;
383 #endif
384 #if defined(MBEDTLS_SHA384_C)
385 case MBEDTLS_MD_SHA384:
386 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
387 break;
388 #endif
389 #if defined(MBEDTLS_SHA512_C)
390 case MBEDTLS_MD_SHA512:
391 mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
392 break;
393 #endif
394 #if defined(MBEDTLS_SHA3_C)
395 case MBEDTLS_MD_SHA3_224:
396 case MBEDTLS_MD_SHA3_256:
397 case MBEDTLS_MD_SHA3_384:
398 case MBEDTLS_MD_SHA3_512:
399 mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
400 break;
401 #endif
402 default:
403 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
404 }
405
406 return 0;
407 }
408
409 #define ALLOC(type) \
410 do { \
411 ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \
412 if (ctx->md_ctx == NULL) \
413 return MBEDTLS_ERR_MD_ALLOC_FAILED; \
414 mbedtls_##type##_init(ctx->md_ctx); \
415 } \
416 while (0)
417
mbedtls_md_setup(mbedtls_md_context_t * ctx,const mbedtls_md_info_t * md_info,int hmac)418 int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
419 {
420 #if defined(MBEDTLS_MD_C)
421 if (ctx == NULL) {
422 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
423 }
424 #endif
425 if (md_info == NULL) {
426 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
427 }
428
429 ctx->md_info = md_info;
430 ctx->md_ctx = NULL;
431 #if defined(MBEDTLS_MD_C)
432 ctx->hmac_ctx = NULL;
433 #else
434 if (hmac != 0) {
435 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
436 }
437 #endif
438
439 #if defined(MBEDTLS_MD_SOME_PSA)
440 if (md_can_use_psa(ctx->md_info)) {
441 ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t));
442 if (ctx->md_ctx == NULL) {
443 return MBEDTLS_ERR_MD_ALLOC_FAILED;
444 }
445 ctx->engine = MBEDTLS_MD_ENGINE_PSA;
446 } else
447 #endif
448 switch (md_info->type) {
449 #if defined(MBEDTLS_MD5_C)
450 case MBEDTLS_MD_MD5:
451 ALLOC(md5);
452 break;
453 #endif
454 #if defined(MBEDTLS_RIPEMD160_C)
455 case MBEDTLS_MD_RIPEMD160:
456 ALLOC(ripemd160);
457 break;
458 #endif
459 #if defined(MBEDTLS_SHA1_C)
460 case MBEDTLS_MD_SHA1:
461 ALLOC(sha1);
462 break;
463 #endif
464 #if defined(MBEDTLS_SHA224_C)
465 case MBEDTLS_MD_SHA224:
466 ALLOC(sha256);
467 break;
468 #endif
469 #if defined(MBEDTLS_SHA256_C)
470 case MBEDTLS_MD_SHA256:
471 ALLOC(sha256);
472 break;
473 #endif
474 #if defined(MBEDTLS_SHA384_C)
475 case MBEDTLS_MD_SHA384:
476 ALLOC(sha512);
477 break;
478 #endif
479 #if defined(MBEDTLS_SHA512_C)
480 case MBEDTLS_MD_SHA512:
481 ALLOC(sha512);
482 break;
483 #endif
484 #if defined(MBEDTLS_SHA3_C)
485 case MBEDTLS_MD_SHA3_224:
486 case MBEDTLS_MD_SHA3_256:
487 case MBEDTLS_MD_SHA3_384:
488 case MBEDTLS_MD_SHA3_512:
489 ALLOC(sha3);
490 break;
491 #endif
492 default:
493 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
494 }
495
496 #if defined(MBEDTLS_MD_C)
497 if (hmac != 0) {
498 ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
499 if (ctx->hmac_ctx == NULL) {
500 mbedtls_md_free(ctx);
501 return MBEDTLS_ERR_MD_ALLOC_FAILED;
502 }
503 }
504 #endif
505
506 return 0;
507 }
508 #undef ALLOC
509
mbedtls_md_starts(mbedtls_md_context_t * ctx)510 int mbedtls_md_starts(mbedtls_md_context_t *ctx)
511 {
512 #if defined(MBEDTLS_MD_C)
513 if (ctx == NULL || ctx->md_info == NULL) {
514 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
515 }
516 #endif
517
518 #if defined(MBEDTLS_MD_SOME_PSA)
519 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
520 psa_algorithm_t alg = psa_alg_of_md(ctx->md_info);
521 psa_hash_abort(ctx->md_ctx);
522 psa_status_t status = psa_hash_setup(ctx->md_ctx, alg);
523 return mbedtls_md_error_from_psa(status);
524 }
525 #endif
526
527 switch (ctx->md_info->type) {
528 #if defined(MBEDTLS_MD5_C)
529 case MBEDTLS_MD_MD5:
530 return mbedtls_md5_starts(ctx->md_ctx);
531 #endif
532 #if defined(MBEDTLS_RIPEMD160_C)
533 case MBEDTLS_MD_RIPEMD160:
534 return mbedtls_ripemd160_starts(ctx->md_ctx);
535 #endif
536 #if defined(MBEDTLS_SHA1_C)
537 case MBEDTLS_MD_SHA1:
538 return mbedtls_sha1_starts(ctx->md_ctx);
539 #endif
540 #if defined(MBEDTLS_SHA224_C)
541 case MBEDTLS_MD_SHA224:
542 return mbedtls_sha256_starts(ctx->md_ctx, 1);
543 #endif
544 #if defined(MBEDTLS_SHA256_C)
545 case MBEDTLS_MD_SHA256:
546 return mbedtls_sha256_starts(ctx->md_ctx, 0);
547 #endif
548 #if defined(MBEDTLS_SHA384_C)
549 case MBEDTLS_MD_SHA384:
550 return mbedtls_sha512_starts(ctx->md_ctx, 1);
551 #endif
552 #if defined(MBEDTLS_SHA512_C)
553 case MBEDTLS_MD_SHA512:
554 return mbedtls_sha512_starts(ctx->md_ctx, 0);
555 #endif
556 #if defined(MBEDTLS_SHA3_C)
557 case MBEDTLS_MD_SHA3_224:
558 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224);
559 case MBEDTLS_MD_SHA3_256:
560 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256);
561 case MBEDTLS_MD_SHA3_384:
562 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384);
563 case MBEDTLS_MD_SHA3_512:
564 return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512);
565 #endif
566 default:
567 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
568 }
569 }
570
mbedtls_md_update(mbedtls_md_context_t * ctx,const unsigned char * input,size_t ilen)571 int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
572 {
573 #if defined(MBEDTLS_MD_C)
574 if (ctx == NULL || ctx->md_info == NULL) {
575 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
576 }
577 #endif
578
579 #if defined(MBEDTLS_MD_SOME_PSA)
580 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
581 psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen);
582 return mbedtls_md_error_from_psa(status);
583 }
584 #endif
585
586 switch (ctx->md_info->type) {
587 #if defined(MBEDTLS_MD5_C)
588 case MBEDTLS_MD_MD5:
589 return mbedtls_md5_update(ctx->md_ctx, input, ilen);
590 #endif
591 #if defined(MBEDTLS_RIPEMD160_C)
592 case MBEDTLS_MD_RIPEMD160:
593 return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen);
594 #endif
595 #if defined(MBEDTLS_SHA1_C)
596 case MBEDTLS_MD_SHA1:
597 return mbedtls_sha1_update(ctx->md_ctx, input, ilen);
598 #endif
599 #if defined(MBEDTLS_SHA224_C)
600 case MBEDTLS_MD_SHA224:
601 return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
602 #endif
603 #if defined(MBEDTLS_SHA256_C)
604 case MBEDTLS_MD_SHA256:
605 return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
606 #endif
607 #if defined(MBEDTLS_SHA384_C)
608 case MBEDTLS_MD_SHA384:
609 return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
610 #endif
611 #if defined(MBEDTLS_SHA512_C)
612 case MBEDTLS_MD_SHA512:
613 return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
614 #endif
615 #if defined(MBEDTLS_SHA3_C)
616 case MBEDTLS_MD_SHA3_224:
617 case MBEDTLS_MD_SHA3_256:
618 case MBEDTLS_MD_SHA3_384:
619 case MBEDTLS_MD_SHA3_512:
620 return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
621 #endif
622 default:
623 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
624 }
625 }
626
mbedtls_md_finish(mbedtls_md_context_t * ctx,unsigned char * output)627 int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
628 {
629 #if defined(MBEDTLS_MD_C)
630 if (ctx == NULL || ctx->md_info == NULL) {
631 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
632 }
633 #endif
634
635 #if defined(MBEDTLS_MD_SOME_PSA)
636 if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
637 size_t size = ctx->md_info->size;
638 psa_status_t status = psa_hash_finish(ctx->md_ctx,
639 output, size, &size);
640 return mbedtls_md_error_from_psa(status);
641 }
642 #endif
643
644 switch (ctx->md_info->type) {
645 #if defined(MBEDTLS_MD5_C)
646 case MBEDTLS_MD_MD5:
647 return mbedtls_md5_finish(ctx->md_ctx, output);
648 #endif
649 #if defined(MBEDTLS_RIPEMD160_C)
650 case MBEDTLS_MD_RIPEMD160:
651 return mbedtls_ripemd160_finish(ctx->md_ctx, output);
652 #endif
653 #if defined(MBEDTLS_SHA1_C)
654 case MBEDTLS_MD_SHA1:
655 return mbedtls_sha1_finish(ctx->md_ctx, output);
656 #endif
657 #if defined(MBEDTLS_SHA224_C)
658 case MBEDTLS_MD_SHA224:
659 return mbedtls_sha256_finish(ctx->md_ctx, output);
660 #endif
661 #if defined(MBEDTLS_SHA256_C)
662 case MBEDTLS_MD_SHA256:
663 return mbedtls_sha256_finish(ctx->md_ctx, output);
664 #endif
665 #if defined(MBEDTLS_SHA384_C)
666 case MBEDTLS_MD_SHA384:
667 return mbedtls_sha512_finish(ctx->md_ctx, output);
668 #endif
669 #if defined(MBEDTLS_SHA512_C)
670 case MBEDTLS_MD_SHA512:
671 return mbedtls_sha512_finish(ctx->md_ctx, output);
672 #endif
673 #if defined(MBEDTLS_SHA3_C)
674 case MBEDTLS_MD_SHA3_224:
675 case MBEDTLS_MD_SHA3_256:
676 case MBEDTLS_MD_SHA3_384:
677 case MBEDTLS_MD_SHA3_512:
678 return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
679 #endif
680 default:
681 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
682 }
683 }
684
mbedtls_md(const mbedtls_md_info_t * md_info,const unsigned char * input,size_t ilen,unsigned char * output)685 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
686 unsigned char *output)
687 {
688 if (md_info == NULL) {
689 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
690 }
691
692 #if defined(MBEDTLS_MD_SOME_PSA)
693 if (md_can_use_psa(md_info)) {
694 size_t size = md_info->size;
695 psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info),
696 input, ilen,
697 output, size, &size);
698 return mbedtls_md_error_from_psa(status);
699 }
700 #endif
701
702 switch (md_info->type) {
703 #if defined(MBEDTLS_MD5_C)
704 case MBEDTLS_MD_MD5:
705 return mbedtls_md5(input, ilen, output);
706 #endif
707 #if defined(MBEDTLS_RIPEMD160_C)
708 case MBEDTLS_MD_RIPEMD160:
709 return mbedtls_ripemd160(input, ilen, output);
710 #endif
711 #if defined(MBEDTLS_SHA1_C)
712 case MBEDTLS_MD_SHA1:
713 return mbedtls_sha1(input, ilen, output);
714 #endif
715 #if defined(MBEDTLS_SHA224_C)
716 case MBEDTLS_MD_SHA224:
717 return mbedtls_sha256(input, ilen, output, 1);
718 #endif
719 #if defined(MBEDTLS_SHA256_C)
720 case MBEDTLS_MD_SHA256:
721 return mbedtls_sha256(input, ilen, output, 0);
722 #endif
723 #if defined(MBEDTLS_SHA384_C)
724 case MBEDTLS_MD_SHA384:
725 return mbedtls_sha512(input, ilen, output, 1);
726 #endif
727 #if defined(MBEDTLS_SHA512_C)
728 case MBEDTLS_MD_SHA512:
729 return mbedtls_sha512(input, ilen, output, 0);
730 #endif
731 #if defined(MBEDTLS_SHA3_C)
732 case MBEDTLS_MD_SHA3_224:
733 return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size);
734 case MBEDTLS_MD_SHA3_256:
735 return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size);
736 case MBEDTLS_MD_SHA3_384:
737 return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size);
738 case MBEDTLS_MD_SHA3_512:
739 return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size);
740 #endif
741 default:
742 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
743 }
744 }
745
mbedtls_md_get_size(const mbedtls_md_info_t * md_info)746 unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
747 {
748 if (md_info == NULL) {
749 return 0;
750 }
751
752 return md_info->size;
753 }
754
mbedtls_md_get_type(const mbedtls_md_info_t * md_info)755 mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
756 {
757 if (md_info == NULL) {
758 return MBEDTLS_MD_NONE;
759 }
760
761 return md_info->type;
762 }
763
764 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
mbedtls_md_error_from_psa(psa_status_t status)765 int mbedtls_md_error_from_psa(psa_status_t status)
766 {
767 return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
768 psa_generic_status_to_mbedtls);
769 }
770 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
771
772
773 /************************************************************************
774 * Functions above this separator are part of MBEDTLS_MD_LIGHT, *
775 * functions below are only available when MBEDTLS_MD_C is set. *
776 ************************************************************************/
777 #if defined(MBEDTLS_MD_C)
778
779 /*
780 * Reminder: update profiles in x509_crt.c when adding a new hash!
781 */
782 static const int supported_digests[] = {
783
784 #if defined(MBEDTLS_MD_CAN_SHA512)
785 MBEDTLS_MD_SHA512,
786 #endif
787
788 #if defined(MBEDTLS_MD_CAN_SHA384)
789 MBEDTLS_MD_SHA384,
790 #endif
791
792 #if defined(MBEDTLS_MD_CAN_SHA256)
793 MBEDTLS_MD_SHA256,
794 #endif
795 #if defined(MBEDTLS_MD_CAN_SHA224)
796 MBEDTLS_MD_SHA224,
797 #endif
798
799 #if defined(MBEDTLS_MD_CAN_SHA1)
800 MBEDTLS_MD_SHA1,
801 #endif
802
803 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
804 MBEDTLS_MD_RIPEMD160,
805 #endif
806
807 #if defined(MBEDTLS_MD_CAN_MD5)
808 MBEDTLS_MD_MD5,
809 #endif
810
811 #if defined(MBEDTLS_MD_CAN_SHA3_224)
812 MBEDTLS_MD_SHA3_224,
813 #endif
814
815 #if defined(MBEDTLS_MD_CAN_SHA3_256)
816 MBEDTLS_MD_SHA3_256,
817 #endif
818
819 #if defined(MBEDTLS_MD_CAN_SHA3_384)
820 MBEDTLS_MD_SHA3_384,
821 #endif
822
823 #if defined(MBEDTLS_MD_CAN_SHA3_512)
824 MBEDTLS_MD_SHA3_512,
825 #endif
826
827 MBEDTLS_MD_NONE
828 };
829
mbedtls_md_list(void)830 const int *mbedtls_md_list(void)
831 {
832 return supported_digests;
833 }
834
835 typedef struct {
836 const char *md_name;
837 mbedtls_md_type_t md_type;
838 } md_name_entry;
839
840 static const md_name_entry md_names[] = {
841 #if defined(MBEDTLS_MD_CAN_MD5)
842 { "MD5", MBEDTLS_MD_MD5 },
843 #endif
844 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
845 { "RIPEMD160", MBEDTLS_MD_RIPEMD160 },
846 #endif
847 #if defined(MBEDTLS_MD_CAN_SHA1)
848 { "SHA1", MBEDTLS_MD_SHA1 },
849 { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback
850 #endif
851 #if defined(MBEDTLS_MD_CAN_SHA224)
852 { "SHA224", MBEDTLS_MD_SHA224 },
853 #endif
854 #if defined(MBEDTLS_MD_CAN_SHA256)
855 { "SHA256", MBEDTLS_MD_SHA256 },
856 #endif
857 #if defined(MBEDTLS_MD_CAN_SHA384)
858 { "SHA384", MBEDTLS_MD_SHA384 },
859 #endif
860 #if defined(MBEDTLS_MD_CAN_SHA512)
861 { "SHA512", MBEDTLS_MD_SHA512 },
862 #endif
863 #if defined(MBEDTLS_MD_CAN_SHA3_224)
864 { "SHA3-224", MBEDTLS_MD_SHA3_224 },
865 #endif
866 #if defined(MBEDTLS_MD_CAN_SHA3_256)
867 { "SHA3-256", MBEDTLS_MD_SHA3_256 },
868 #endif
869 #if defined(MBEDTLS_MD_CAN_SHA3_384)
870 { "SHA3-384", MBEDTLS_MD_SHA3_384 },
871 #endif
872 #if defined(MBEDTLS_MD_CAN_SHA3_512)
873 { "SHA3-512", MBEDTLS_MD_SHA3_512 },
874 #endif
875 { NULL, MBEDTLS_MD_NONE },
876 };
877
mbedtls_md_info_from_string(const char * md_name)878 const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name)
879 {
880 if (NULL == md_name) {
881 return NULL;
882 }
883
884 const md_name_entry *entry = md_names;
885 while (entry->md_name != NULL &&
886 strcmp(entry->md_name, md_name) != 0) {
887 ++entry;
888 }
889
890 return mbedtls_md_info_from_type(entry->md_type);
891 }
892
mbedtls_md_get_name(const mbedtls_md_info_t * md_info)893 const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info)
894 {
895 if (md_info == NULL) {
896 return NULL;
897 }
898
899 const md_name_entry *entry = md_names;
900 while (entry->md_type != MBEDTLS_MD_NONE &&
901 entry->md_type != md_info->type) {
902 ++entry;
903 }
904
905 return entry->md_name;
906 }
907
mbedtls_md_info_from_ctx(const mbedtls_md_context_t * ctx)908 const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
909 const mbedtls_md_context_t *ctx)
910 {
911 if (ctx == NULL) {
912 return NULL;
913 }
914
915 return ctx->MBEDTLS_PRIVATE(md_info);
916 }
917
918 #if defined(MBEDTLS_FS_IO)
mbedtls_md_file(const mbedtls_md_info_t * md_info,const char * path,unsigned char * output)919 int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output)
920 {
921 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
922 FILE *f;
923 size_t n;
924 mbedtls_md_context_t ctx;
925 unsigned char buf[1024];
926
927 if (md_info == NULL) {
928 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
929 }
930
931 if ((f = fopen(path, "rb")) == NULL) {
932 return MBEDTLS_ERR_MD_FILE_IO_ERROR;
933 }
934
935 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
936 mbedtls_setbuf(f, NULL);
937
938 mbedtls_md_init(&ctx);
939
940 if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
941 goto cleanup;
942 }
943
944 if ((ret = mbedtls_md_starts(&ctx)) != 0) {
945 goto cleanup;
946 }
947
948 while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
949 if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) {
950 goto cleanup;
951 }
952 }
953
954 if (ferror(f) != 0) {
955 ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
956 } else {
957 ret = mbedtls_md_finish(&ctx, output);
958 }
959
960 cleanup:
961 mbedtls_platform_zeroize(buf, sizeof(buf));
962 fclose(f);
963 mbedtls_md_free(&ctx);
964
965 return ret;
966 }
967 #endif /* MBEDTLS_FS_IO */
968
mbedtls_md_hmac_starts(mbedtls_md_context_t * ctx,const unsigned char * key,size_t keylen)969 int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
970 {
971 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
972 unsigned char sum[MBEDTLS_MD_MAX_SIZE];
973 unsigned char *ipad, *opad;
974
975 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
976 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
977 }
978
979 if (keylen > (size_t) ctx->md_info->block_size) {
980 if ((ret = mbedtls_md_starts(ctx)) != 0) {
981 goto cleanup;
982 }
983 if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) {
984 goto cleanup;
985 }
986 if ((ret = mbedtls_md_finish(ctx, sum)) != 0) {
987 goto cleanup;
988 }
989
990 keylen = ctx->md_info->size;
991 key = sum;
992 }
993
994 ipad = (unsigned char *) ctx->hmac_ctx;
995 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
996
997 memset(ipad, 0x36, ctx->md_info->block_size);
998 memset(opad, 0x5C, ctx->md_info->block_size);
999
1000 mbedtls_xor(ipad, ipad, key, keylen);
1001 mbedtls_xor(opad, opad, key, keylen);
1002
1003 if ((ret = mbedtls_md_starts(ctx)) != 0) {
1004 goto cleanup;
1005 }
1006 if ((ret = mbedtls_md_update(ctx, ipad,
1007 ctx->md_info->block_size)) != 0) {
1008 goto cleanup;
1009 }
1010
1011 cleanup:
1012 mbedtls_platform_zeroize(sum, sizeof(sum));
1013
1014 return ret;
1015 }
1016
mbedtls_md_hmac_update(mbedtls_md_context_t * ctx,const unsigned char * input,size_t ilen)1017 int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
1018 {
1019 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1020 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1021 }
1022
1023 return mbedtls_md_update(ctx, input, ilen);
1024 }
1025
mbedtls_md_hmac_finish(mbedtls_md_context_t * ctx,unsigned char * output)1026 int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
1027 {
1028 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1029 unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
1030 unsigned char *opad;
1031
1032 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1033 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1034 }
1035
1036 opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
1037
1038 if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) {
1039 return ret;
1040 }
1041 if ((ret = mbedtls_md_starts(ctx)) != 0) {
1042 return ret;
1043 }
1044 if ((ret = mbedtls_md_update(ctx, opad,
1045 ctx->md_info->block_size)) != 0) {
1046 return ret;
1047 }
1048 if ((ret = mbedtls_md_update(ctx, tmp,
1049 ctx->md_info->size)) != 0) {
1050 return ret;
1051 }
1052 return mbedtls_md_finish(ctx, output);
1053 }
1054
mbedtls_md_hmac_reset(mbedtls_md_context_t * ctx)1055 int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
1056 {
1057 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1058 unsigned char *ipad;
1059
1060 if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1061 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1062 }
1063
1064 ipad = (unsigned char *) ctx->hmac_ctx;
1065
1066 if ((ret = mbedtls_md_starts(ctx)) != 0) {
1067 return ret;
1068 }
1069 return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size);
1070 }
1071
mbedtls_md_hmac(const mbedtls_md_info_t * md_info,const unsigned char * key,size_t keylen,const unsigned char * input,size_t ilen,unsigned char * output)1072 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
1073 const unsigned char *key, size_t keylen,
1074 const unsigned char *input, size_t ilen,
1075 unsigned char *output)
1076 {
1077 mbedtls_md_context_t ctx;
1078 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1079
1080 if (md_info == NULL) {
1081 return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1082 }
1083
1084 mbedtls_md_init(&ctx);
1085
1086 if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) {
1087 goto cleanup;
1088 }
1089
1090 if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) {
1091 goto cleanup;
1092 }
1093 if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) {
1094 goto cleanup;
1095 }
1096 if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
1097 goto cleanup;
1098 }
1099
1100 cleanup:
1101 mbedtls_md_free(&ctx);
1102
1103 return ret;
1104 }
1105
1106 #endif /* MBEDTLS_MD_C */
1107
1108 #endif /* MBEDTLS_MD_LIGHT */
1109