Coverage Report

Created: 2024-11-21 07:03

/src/mbedtls/library/psa_crypto_hash.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  PSA hashing layer on top of Mbed TLS software crypto
3
 */
4
/*
5
 *  Copyright The Mbed TLS Contributors
6
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7
 */
8
9
#include "common.h"
10
11
#if defined(MBEDTLS_PSA_CRYPTO_C)
12
13
#include <psa/crypto.h>
14
#include "psa_crypto_core.h"
15
#include "psa_crypto_hash.h"
16
17
#include <mbedtls/error.h>
18
#include <string.h>
19
20
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
21
psa_status_t mbedtls_psa_hash_abort(
22
    mbedtls_psa_hash_operation_t *operation)
23
2.46k
{
24
2.46k
    switch (operation->alg) {
25
0
        case 0:
26
            /* The object has (apparently) been initialized but it is not
27
             * in use. It's ok to call abort on such an object, and there's
28
             * nothing to do. */
29
0
            break;
30
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
31
236
        case PSA_ALG_MD5:
32
236
            mbedtls_md5_free(&operation->ctx.md5);
33
236
            break;
34
0
#endif
35
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
36
312
        case PSA_ALG_RIPEMD160:
37
312
            mbedtls_ripemd160_free(&operation->ctx.ripemd160);
38
312
            break;
39
0
#endif
40
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
41
284
        case PSA_ALG_SHA_1:
42
284
            mbedtls_sha1_free(&operation->ctx.sha1);
43
284
            break;
44
0
#endif
45
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
46
181
        case PSA_ALG_SHA_224:
47
181
            mbedtls_sha256_free(&operation->ctx.sha256);
48
181
            break;
49
0
#endif
50
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
51
266
        case PSA_ALG_SHA_256:
52
266
            mbedtls_sha256_free(&operation->ctx.sha256);
53
266
            break;
54
0
#endif
55
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
56
181
        case PSA_ALG_SHA_384:
57
181
            mbedtls_sha512_free(&operation->ctx.sha512);
58
181
            break;
59
0
#endif
60
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
61
305
        case PSA_ALG_SHA_512:
62
305
            mbedtls_sha512_free(&operation->ctx.sha512);
63
305
            break;
64
0
#endif
65
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
66
144
        case PSA_ALG_SHA3_224:
67
144
#endif
68
144
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
69
326
        case PSA_ALG_SHA3_256:
70
326
#endif
71
326
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
72
501
        case PSA_ALG_SHA3_384:
73
501
#endif
74
501
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
75
695
        case PSA_ALG_SHA3_512:
76
695
#endif
77
695
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
78
695
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
79
695
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
80
695
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
81
695
            mbedtls_sha3_free(&operation->ctx.sha3);
82
695
            break;
83
0
#endif
84
0
        default:
85
0
            return PSA_ERROR_BAD_STATE;
86
2.46k
    }
87
2.46k
    operation->alg = 0;
88
2.46k
    return PSA_SUCCESS;
89
2.46k
}
90
91
psa_status_t mbedtls_psa_hash_setup(
92
    mbedtls_psa_hash_operation_t *operation,
93
    psa_algorithm_t alg)
94
2.46k
{
95
2.46k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
96
97
    /* A context must be freshly initialized before it can be set up. */
98
2.46k
    if (operation->alg != 0) {
99
0
        return PSA_ERROR_BAD_STATE;
100
0
    }
101
102
2.46k
    switch (alg) {
103
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
104
236
        case PSA_ALG_MD5:
105
236
            mbedtls_md5_init(&operation->ctx.md5);
106
236
            ret = mbedtls_md5_starts(&operation->ctx.md5);
107
236
            break;
108
0
#endif
109
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
110
312
        case PSA_ALG_RIPEMD160:
111
312
            mbedtls_ripemd160_init(&operation->ctx.ripemd160);
112
312
            ret = mbedtls_ripemd160_starts(&operation->ctx.ripemd160);
113
312
            break;
114
0
#endif
115
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
116
284
        case PSA_ALG_SHA_1:
117
284
            mbedtls_sha1_init(&operation->ctx.sha1);
118
284
            ret = mbedtls_sha1_starts(&operation->ctx.sha1);
119
284
            break;
120
0
#endif
121
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
122
181
        case PSA_ALG_SHA_224:
123
181
            mbedtls_sha256_init(&operation->ctx.sha256);
124
181
            ret = mbedtls_sha256_starts(&operation->ctx.sha256, 1);
125
181
            break;
126
0
#endif
127
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
128
266
        case PSA_ALG_SHA_256:
129
266
            mbedtls_sha256_init(&operation->ctx.sha256);
130
266
            ret = mbedtls_sha256_starts(&operation->ctx.sha256, 0);
131
266
            break;
132
0
#endif
133
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
134
181
        case PSA_ALG_SHA_384:
135
181
            mbedtls_sha512_init(&operation->ctx.sha512);
136
181
            ret = mbedtls_sha512_starts(&operation->ctx.sha512, 1);
137
181
            break;
138
0
#endif
139
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
140
305
        case PSA_ALG_SHA_512:
141
305
            mbedtls_sha512_init(&operation->ctx.sha512);
142
305
            ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0);
143
305
            break;
144
0
#endif
145
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
146
144
        case PSA_ALG_SHA3_224:
147
144
            mbedtls_sha3_init(&operation->ctx.sha3);
148
144
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224);
149
144
            break;
150
0
#endif
151
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
152
182
        case PSA_ALG_SHA3_256:
153
182
            mbedtls_sha3_init(&operation->ctx.sha3);
154
182
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256);
155
182
            break;
156
0
#endif
157
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
158
175
        case PSA_ALG_SHA3_384:
159
175
            mbedtls_sha3_init(&operation->ctx.sha3);
160
175
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384);
161
175
            break;
162
0
#endif
163
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
164
194
        case PSA_ALG_SHA3_512:
165
194
            mbedtls_sha3_init(&operation->ctx.sha3);
166
194
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512);
167
194
            break;
168
0
#endif
169
0
        default:
170
0
            return PSA_ALG_IS_HASH(alg) ?
171
0
                   PSA_ERROR_NOT_SUPPORTED :
172
0
                   PSA_ERROR_INVALID_ARGUMENT;
173
2.46k
    }
174
2.46k
    if (ret == 0) {
175
2.46k
        operation->alg = alg;
176
2.46k
    } else {
177
0
        mbedtls_psa_hash_abort(operation);
178
0
    }
179
2.46k
    return mbedtls_to_psa_error(ret);
180
2.46k
}
181
182
psa_status_t mbedtls_psa_hash_clone(
183
    const mbedtls_psa_hash_operation_t *source_operation,
184
    mbedtls_psa_hash_operation_t *target_operation)
185
0
{
186
0
    switch (source_operation->alg) {
187
0
        case 0:
188
0
            return PSA_ERROR_BAD_STATE;
189
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
190
0
        case PSA_ALG_MD5:
191
0
            mbedtls_md5_clone(&target_operation->ctx.md5,
192
0
                              &source_operation->ctx.md5);
193
0
            break;
194
0
#endif
195
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
196
0
        case PSA_ALG_RIPEMD160:
197
0
            mbedtls_ripemd160_clone(&target_operation->ctx.ripemd160,
198
0
                                    &source_operation->ctx.ripemd160);
199
0
            break;
200
0
#endif
201
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
202
0
        case PSA_ALG_SHA_1:
203
0
            mbedtls_sha1_clone(&target_operation->ctx.sha1,
204
0
                               &source_operation->ctx.sha1);
205
0
            break;
206
0
#endif
207
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
208
0
        case PSA_ALG_SHA_224:
209
0
            mbedtls_sha256_clone(&target_operation->ctx.sha256,
210
0
                                 &source_operation->ctx.sha256);
211
0
            break;
212
0
#endif
213
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
214
0
        case PSA_ALG_SHA_256:
215
0
            mbedtls_sha256_clone(&target_operation->ctx.sha256,
216
0
                                 &source_operation->ctx.sha256);
217
0
            break;
218
0
#endif
219
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
220
0
        case PSA_ALG_SHA_384:
221
0
            mbedtls_sha512_clone(&target_operation->ctx.sha512,
222
0
                                 &source_operation->ctx.sha512);
223
0
            break;
224
0
#endif
225
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
226
0
        case PSA_ALG_SHA_512:
227
0
            mbedtls_sha512_clone(&target_operation->ctx.sha512,
228
0
                                 &source_operation->ctx.sha512);
229
0
            break;
230
0
#endif
231
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
232
0
        case PSA_ALG_SHA3_224:
233
0
#endif
234
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
235
0
        case PSA_ALG_SHA3_256:
236
0
#endif
237
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
238
0
        case PSA_ALG_SHA3_384:
239
0
#endif
240
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
241
0
        case PSA_ALG_SHA3_512:
242
0
#endif
243
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
244
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
245
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
246
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
247
0
            mbedtls_sha3_clone(&target_operation->ctx.sha3,
248
0
                               &source_operation->ctx.sha3);
249
0
            break;
250
0
#endif
251
0
        default:
252
0
            (void) source_operation;
253
0
            (void) target_operation;
254
0
            return PSA_ERROR_NOT_SUPPORTED;
255
0
    }
256
257
0
    target_operation->alg = source_operation->alg;
258
0
    return PSA_SUCCESS;
259
0
}
260
261
psa_status_t mbedtls_psa_hash_update(
262
    mbedtls_psa_hash_operation_t *operation,
263
    const uint8_t *input,
264
    size_t input_length)
265
9.52k
{
266
9.52k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
267
268
9.52k
    switch (operation->alg) {
269
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
270
866
        case PSA_ALG_MD5:
271
866
            ret = mbedtls_md5_update(&operation->ctx.md5,
272
866
                                     input, input_length);
273
866
            break;
274
0
#endif
275
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
276
1.10k
        case PSA_ALG_RIPEMD160:
277
1.10k
            ret = mbedtls_ripemd160_update(&operation->ctx.ripemd160,
278
1.10k
                                           input, input_length);
279
1.10k
            break;
280
0
#endif
281
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
282
1.02k
        case PSA_ALG_SHA_1:
283
1.02k
            ret = mbedtls_sha1_update(&operation->ctx.sha1,
284
1.02k
                                      input, input_length);
285
1.02k
            break;
286
0
#endif
287
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
288
778
        case PSA_ALG_SHA_224:
289
778
            ret = mbedtls_sha256_update(&operation->ctx.sha256,
290
778
                                        input, input_length);
291
778
            break;
292
0
#endif
293
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
294
1.09k
        case PSA_ALG_SHA_256:
295
1.09k
            ret = mbedtls_sha256_update(&operation->ctx.sha256,
296
1.09k
                                        input, input_length);
297
1.09k
            break;
298
0
#endif
299
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
300
632
        case PSA_ALG_SHA_384:
301
632
            ret = mbedtls_sha512_update(&operation->ctx.sha512,
302
632
                                        input, input_length);
303
632
            break;
304
0
#endif
305
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
306
1.20k
        case PSA_ALG_SHA_512:
307
1.20k
            ret = mbedtls_sha512_update(&operation->ctx.sha512,
308
1.20k
                                        input, input_length);
309
1.20k
            break;
310
0
#endif
311
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
312
621
        case PSA_ALG_SHA3_224:
313
621
#endif
314
621
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
315
1.41k
        case PSA_ALG_SHA3_256:
316
1.41k
#endif
317
1.41k
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
318
2.07k
        case PSA_ALG_SHA3_384:
319
2.07k
#endif
320
2.07k
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
321
2.81k
        case PSA_ALG_SHA3_512:
322
2.81k
#endif
323
2.81k
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
324
2.81k
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
325
2.81k
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
326
2.81k
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
327
2.81k
    ret = mbedtls_sha3_update(&operation->ctx.sha3,
328
2.81k
                              input, input_length);
329
2.81k
    break;
330
0
#endif
331
0
        default:
332
0
            (void) input;
333
0
            (void) input_length;
334
0
            return PSA_ERROR_BAD_STATE;
335
9.52k
    }
336
337
9.52k
    return mbedtls_to_psa_error(ret);
338
9.52k
}
339
340
psa_status_t mbedtls_psa_hash_finish(
341
    mbedtls_psa_hash_operation_t *operation,
342
    uint8_t *hash,
343
    size_t hash_size,
344
    size_t *hash_length)
345
2.42k
{
346
2.42k
    psa_status_t status;
347
2.42k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
348
2.42k
    size_t actual_hash_length = PSA_HASH_LENGTH(operation->alg);
349
350
    /* Fill the output buffer with something that isn't a valid hash
351
     * (barring an attack on the hash and deliberately-crafted input),
352
     * in case the caller doesn't check the return status properly. */
353
2.42k
    *hash_length = hash_size;
354
    /* If hash_size is 0 then hash may be NULL and then the
355
     * call to memset would have undefined behavior. */
356
2.42k
    if (hash_size != 0) {
357
2.42k
        memset(hash, '!', hash_size);
358
2.42k
    }
359
360
2.42k
    if (hash_size < actual_hash_length) {
361
0
        status = PSA_ERROR_BUFFER_TOO_SMALL;
362
0
        goto exit;
363
0
    }
364
365
2.42k
    switch (operation->alg) {
366
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
367
228
        case PSA_ALG_MD5:
368
228
            ret = mbedtls_md5_finish(&operation->ctx.md5, hash);
369
228
            break;
370
0
#endif
371
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
372
310
        case PSA_ALG_RIPEMD160:
373
310
            ret = mbedtls_ripemd160_finish(&operation->ctx.ripemd160, hash);
374
310
            break;
375
0
#endif
376
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
377
279
        case PSA_ALG_SHA_1:
378
279
            ret = mbedtls_sha1_finish(&operation->ctx.sha1, hash);
379
279
            break;
380
0
#endif
381
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
382
180
        case PSA_ALG_SHA_224:
383
180
            ret = mbedtls_sha256_finish(&operation->ctx.sha256, hash);
384
180
            break;
385
0
#endif
386
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
387
262
        case PSA_ALG_SHA_256:
388
262
            ret = mbedtls_sha256_finish(&operation->ctx.sha256, hash);
389
262
            break;
390
0
#endif
391
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
392
180
        case PSA_ALG_SHA_384:
393
180
            ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
394
180
            break;
395
0
#endif
396
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
397
302
        case PSA_ALG_SHA_512:
398
302
            ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
399
302
            break;
400
0
#endif
401
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
402
140
        case PSA_ALG_SHA3_224:
403
140
#endif
404
140
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
405
318
        case PSA_ALG_SHA3_256:
406
318
#endif
407
318
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
408
491
        case PSA_ALG_SHA3_384:
409
491
#endif
410
491
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
411
683
        case PSA_ALG_SHA3_512:
412
683
#endif
413
683
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
414
683
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
415
683
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
416
683
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
417
683
    ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size);
418
683
    break;
419
0
#endif
420
0
        default:
421
0
            (void) hash;
422
0
            return PSA_ERROR_BAD_STATE;
423
2.42k
    }
424
2.42k
    status = mbedtls_to_psa_error(ret);
425
426
2.42k
exit:
427
2.42k
    if (status == PSA_SUCCESS) {
428
2.42k
        *hash_length = actual_hash_length;
429
2.42k
    }
430
2.42k
    return status;
431
2.42k
}
432
433
psa_status_t mbedtls_psa_hash_compute(
434
    psa_algorithm_t alg,
435
    const uint8_t *input,
436
    size_t input_length,
437
    uint8_t *hash,
438
    size_t hash_size,
439
    size_t *hash_length)
440
785
{
441
785
    mbedtls_psa_hash_operation_t operation = MBEDTLS_PSA_HASH_OPERATION_INIT;
442
785
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
443
785
    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
444
445
785
    *hash_length = hash_size;
446
785
    status = mbedtls_psa_hash_setup(&operation, alg);
447
785
    if (status != PSA_SUCCESS) {
448
0
        goto exit;
449
0
    }
450
785
    status = mbedtls_psa_hash_update(&operation, input, input_length);
451
785
    if (status != PSA_SUCCESS) {
452
0
        goto exit;
453
0
    }
454
785
    status = mbedtls_psa_hash_finish(&operation, hash, hash_size, hash_length);
455
785
    if (status != PSA_SUCCESS) {
456
0
        goto exit;
457
0
    }
458
459
785
exit:
460
785
    abort_status = mbedtls_psa_hash_abort(&operation);
461
785
    if (status == PSA_SUCCESS) {
462
785
        return abort_status;
463
785
    } else {
464
0
        return status;
465
0
    }
466
467
785
}
468
#endif /* MBEDTLS_PSA_BUILTIN_HASH */
469
470
#endif /* MBEDTLS_PSA_CRYPTO_C */