Coverage Report

Created: 2025-03-01 06:26

/src/mbedtls/library/psa_crypto_hash.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  PSA hashing layer on top of Mbed TLS software crypto
3
 */
4
/*
5
 *  Copyright The Mbed TLS Contributors
6
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7
 */
8
9
#include "common.h"
10
11
#if defined(MBEDTLS_PSA_CRYPTO_C)
12
13
#include <psa/crypto.h>
14
#include "psa_crypto_core.h"
15
#include "psa_crypto_hash.h"
16
17
#include <mbedtls/error.h>
18
#include <string.h>
19
20
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
21
psa_status_t mbedtls_psa_hash_abort(
22
    mbedtls_psa_hash_operation_t *operation)
23
0
{
24
0
    switch (operation->alg) {
25
0
        case 0:
26
            /* The object has (apparently) been initialized but it is not
27
             * in use. It's ok to call abort on such an object, and there's
28
             * nothing to do. */
29
0
            break;
30
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
31
0
        case PSA_ALG_MD5:
32
0
            mbedtls_md5_free(&operation->ctx.md5);
33
0
            break;
34
0
#endif
35
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
36
0
        case PSA_ALG_RIPEMD160:
37
0
            mbedtls_ripemd160_free(&operation->ctx.ripemd160);
38
0
            break;
39
0
#endif
40
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
41
0
        case PSA_ALG_SHA_1:
42
0
            mbedtls_sha1_free(&operation->ctx.sha1);
43
0
            break;
44
0
#endif
45
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
46
0
        case PSA_ALG_SHA_224:
47
0
            mbedtls_sha256_free(&operation->ctx.sha256);
48
0
            break;
49
0
#endif
50
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
51
0
        case PSA_ALG_SHA_256:
52
0
            mbedtls_sha256_free(&operation->ctx.sha256);
53
0
            break;
54
0
#endif
55
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
56
0
        case PSA_ALG_SHA_384:
57
0
            mbedtls_sha512_free(&operation->ctx.sha512);
58
0
            break;
59
0
#endif
60
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
61
0
        case PSA_ALG_SHA_512:
62
0
            mbedtls_sha512_free(&operation->ctx.sha512);
63
0
            break;
64
0
#endif
65
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
66
0
        case PSA_ALG_SHA3_224:
67
0
#endif
68
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
69
0
        case PSA_ALG_SHA3_256:
70
0
#endif
71
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
72
0
        case PSA_ALG_SHA3_384:
73
0
#endif
74
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
75
0
        case PSA_ALG_SHA3_512:
76
0
#endif
77
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
78
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
79
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
80
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
81
0
            mbedtls_sha3_free(&operation->ctx.sha3);
82
0
            break;
83
0
#endif
84
0
        default:
85
0
            return PSA_ERROR_BAD_STATE;
86
0
    }
87
0
    operation->alg = 0;
88
0
    return PSA_SUCCESS;
89
0
}
90
91
psa_status_t mbedtls_psa_hash_setup(
92
    mbedtls_psa_hash_operation_t *operation,
93
    psa_algorithm_t alg)
94
0
{
95
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
96
97
    /* A context must be freshly initialized before it can be set up. */
98
0
    if (operation->alg != 0) {
99
0
        return PSA_ERROR_BAD_STATE;
100
0
    }
101
102
0
    switch (alg) {
103
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
104
0
        case PSA_ALG_MD5:
105
0
            mbedtls_md5_init(&operation->ctx.md5);
106
0
            ret = mbedtls_md5_starts(&operation->ctx.md5);
107
0
            break;
108
0
#endif
109
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
110
0
        case PSA_ALG_RIPEMD160:
111
0
            mbedtls_ripemd160_init(&operation->ctx.ripemd160);
112
0
            ret = mbedtls_ripemd160_starts(&operation->ctx.ripemd160);
113
0
            break;
114
0
#endif
115
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
116
0
        case PSA_ALG_SHA_1:
117
0
            mbedtls_sha1_init(&operation->ctx.sha1);
118
0
            ret = mbedtls_sha1_starts(&operation->ctx.sha1);
119
0
            break;
120
0
#endif
121
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
122
0
        case PSA_ALG_SHA_224:
123
0
            mbedtls_sha256_init(&operation->ctx.sha256);
124
0
            ret = mbedtls_sha256_starts(&operation->ctx.sha256, 1);
125
0
            break;
126
0
#endif
127
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
128
0
        case PSA_ALG_SHA_256:
129
0
            mbedtls_sha256_init(&operation->ctx.sha256);
130
0
            ret = mbedtls_sha256_starts(&operation->ctx.sha256, 0);
131
0
            break;
132
0
#endif
133
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
134
0
        case PSA_ALG_SHA_384:
135
0
            mbedtls_sha512_init(&operation->ctx.sha512);
136
0
            ret = mbedtls_sha512_starts(&operation->ctx.sha512, 1);
137
0
            break;
138
0
#endif
139
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
140
0
        case PSA_ALG_SHA_512:
141
0
            mbedtls_sha512_init(&operation->ctx.sha512);
142
0
            ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0);
143
0
            break;
144
0
#endif
145
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
146
0
        case PSA_ALG_SHA3_224:
147
0
            mbedtls_sha3_init(&operation->ctx.sha3);
148
0
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224);
149
0
            break;
150
0
#endif
151
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
152
0
        case PSA_ALG_SHA3_256:
153
0
            mbedtls_sha3_init(&operation->ctx.sha3);
154
0
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256);
155
0
            break;
156
0
#endif
157
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
158
0
        case PSA_ALG_SHA3_384:
159
0
            mbedtls_sha3_init(&operation->ctx.sha3);
160
0
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384);
161
0
            break;
162
0
#endif
163
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
164
0
        case PSA_ALG_SHA3_512:
165
0
            mbedtls_sha3_init(&operation->ctx.sha3);
166
0
            ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512);
167
0
            break;
168
0
#endif
169
0
        default:
170
0
            return PSA_ALG_IS_HASH(alg) ?
171
0
                   PSA_ERROR_NOT_SUPPORTED :
172
0
                   PSA_ERROR_INVALID_ARGUMENT;
173
0
    }
174
0
    if (ret == 0) {
175
0
        operation->alg = alg;
176
0
    } else {
177
0
        mbedtls_psa_hash_abort(operation);
178
0
    }
179
0
    return mbedtls_to_psa_error(ret);
180
0
}
181
182
psa_status_t mbedtls_psa_hash_clone(
183
    const mbedtls_psa_hash_operation_t *source_operation,
184
    mbedtls_psa_hash_operation_t *target_operation)
185
0
{
186
0
    switch (source_operation->alg) {
187
0
        case 0:
188
0
            return PSA_ERROR_BAD_STATE;
189
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
190
0
        case PSA_ALG_MD5:
191
0
            mbedtls_md5_clone(&target_operation->ctx.md5,
192
0
                              &source_operation->ctx.md5);
193
0
            break;
194
0
#endif
195
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
196
0
        case PSA_ALG_RIPEMD160:
197
0
            mbedtls_ripemd160_clone(&target_operation->ctx.ripemd160,
198
0
                                    &source_operation->ctx.ripemd160);
199
0
            break;
200
0
#endif
201
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
202
0
        case PSA_ALG_SHA_1:
203
0
            mbedtls_sha1_clone(&target_operation->ctx.sha1,
204
0
                               &source_operation->ctx.sha1);
205
0
            break;
206
0
#endif
207
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
208
0
        case PSA_ALG_SHA_224:
209
0
            mbedtls_sha256_clone(&target_operation->ctx.sha256,
210
0
                                 &source_operation->ctx.sha256);
211
0
            break;
212
0
#endif
213
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
214
0
        case PSA_ALG_SHA_256:
215
0
            mbedtls_sha256_clone(&target_operation->ctx.sha256,
216
0
                                 &source_operation->ctx.sha256);
217
0
            break;
218
0
#endif
219
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
220
0
        case PSA_ALG_SHA_384:
221
0
            mbedtls_sha512_clone(&target_operation->ctx.sha512,
222
0
                                 &source_operation->ctx.sha512);
223
0
            break;
224
0
#endif
225
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
226
0
        case PSA_ALG_SHA_512:
227
0
            mbedtls_sha512_clone(&target_operation->ctx.sha512,
228
0
                                 &source_operation->ctx.sha512);
229
0
            break;
230
0
#endif
231
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
232
0
        case PSA_ALG_SHA3_224:
233
0
#endif
234
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
235
0
        case PSA_ALG_SHA3_256:
236
0
#endif
237
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
238
0
        case PSA_ALG_SHA3_384:
239
0
#endif
240
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
241
0
        case PSA_ALG_SHA3_512:
242
0
#endif
243
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
244
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
245
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
246
0
            defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
247
0
            mbedtls_sha3_clone(&target_operation->ctx.sha3,
248
0
                               &source_operation->ctx.sha3);
249
0
            break;
250
0
#endif
251
0
        default:
252
0
            (void) source_operation;
253
0
            (void) target_operation;
254
0
            return PSA_ERROR_NOT_SUPPORTED;
255
0
    }
256
257
0
    target_operation->alg = source_operation->alg;
258
0
    return PSA_SUCCESS;
259
0
}
260
261
psa_status_t mbedtls_psa_hash_update(
262
    mbedtls_psa_hash_operation_t *operation,
263
    const uint8_t *input,
264
    size_t input_length)
265
0
{
266
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
267
268
0
    switch (operation->alg) {
269
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
270
0
        case PSA_ALG_MD5:
271
0
            ret = mbedtls_md5_update(&operation->ctx.md5,
272
0
                                     input, input_length);
273
0
            break;
274
0
#endif
275
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
276
0
        case PSA_ALG_RIPEMD160:
277
0
            ret = mbedtls_ripemd160_update(&operation->ctx.ripemd160,
278
0
                                           input, input_length);
279
0
            break;
280
0
#endif
281
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
282
0
        case PSA_ALG_SHA_1:
283
0
            ret = mbedtls_sha1_update(&operation->ctx.sha1,
284
0
                                      input, input_length);
285
0
            break;
286
0
#endif
287
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
288
0
        case PSA_ALG_SHA_224:
289
0
            ret = mbedtls_sha256_update(&operation->ctx.sha256,
290
0
                                        input, input_length);
291
0
            break;
292
0
#endif
293
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
294
0
        case PSA_ALG_SHA_256:
295
0
            ret = mbedtls_sha256_update(&operation->ctx.sha256,
296
0
                                        input, input_length);
297
0
            break;
298
0
#endif
299
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
300
0
        case PSA_ALG_SHA_384:
301
0
            ret = mbedtls_sha512_update(&operation->ctx.sha512,
302
0
                                        input, input_length);
303
0
            break;
304
0
#endif
305
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
306
0
        case PSA_ALG_SHA_512:
307
0
            ret = mbedtls_sha512_update(&operation->ctx.sha512,
308
0
                                        input, input_length);
309
0
            break;
310
0
#endif
311
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
312
0
        case PSA_ALG_SHA3_224:
313
0
#endif
314
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
315
0
        case PSA_ALG_SHA3_256:
316
0
#endif
317
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
318
0
        case PSA_ALG_SHA3_384:
319
0
#endif
320
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
321
0
        case PSA_ALG_SHA3_512:
322
0
#endif
323
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
324
0
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
325
0
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
326
0
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
327
0
    ret = mbedtls_sha3_update(&operation->ctx.sha3,
328
0
                              input, input_length);
329
0
    break;
330
0
#endif
331
0
        default:
332
0
            (void) input;
333
0
            (void) input_length;
334
0
            return PSA_ERROR_BAD_STATE;
335
0
    }
336
337
0
    return mbedtls_to_psa_error(ret);
338
0
}
339
340
psa_status_t mbedtls_psa_hash_finish(
341
    mbedtls_psa_hash_operation_t *operation,
342
    uint8_t *hash,
343
    size_t hash_size,
344
    size_t *hash_length)
345
0
{
346
0
    psa_status_t status;
347
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
348
0
    size_t actual_hash_length = PSA_HASH_LENGTH(operation->alg);
349
350
    /* Fill the output buffer with something that isn't a valid hash
351
     * (barring an attack on the hash and deliberately-crafted input),
352
     * in case the caller doesn't check the return status properly. */
353
0
    *hash_length = hash_size;
354
    /* If hash_size is 0 then hash may be NULL and then the
355
     * call to memset would have undefined behavior. */
356
0
    if (hash_size != 0) {
357
0
        memset(hash, '!', hash_size);
358
0
    }
359
360
0
    if (hash_size < actual_hash_length) {
361
0
        status = PSA_ERROR_BUFFER_TOO_SMALL;
362
0
        goto exit;
363
0
    }
364
365
0
    switch (operation->alg) {
366
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
367
0
        case PSA_ALG_MD5:
368
0
            ret = mbedtls_md5_finish(&operation->ctx.md5, hash);
369
0
            break;
370
0
#endif
371
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
372
0
        case PSA_ALG_RIPEMD160:
373
0
            ret = mbedtls_ripemd160_finish(&operation->ctx.ripemd160, hash);
374
0
            break;
375
0
#endif
376
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
377
0
        case PSA_ALG_SHA_1:
378
0
            ret = mbedtls_sha1_finish(&operation->ctx.sha1, hash);
379
0
            break;
380
0
#endif
381
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
382
0
        case PSA_ALG_SHA_224:
383
0
            ret = mbedtls_sha256_finish(&operation->ctx.sha256, hash);
384
0
            break;
385
0
#endif
386
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
387
0
        case PSA_ALG_SHA_256:
388
0
            ret = mbedtls_sha256_finish(&operation->ctx.sha256, hash);
389
0
            break;
390
0
#endif
391
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
392
0
        case PSA_ALG_SHA_384:
393
0
            ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
394
0
            break;
395
0
#endif
396
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
397
0
        case PSA_ALG_SHA_512:
398
0
            ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
399
0
            break;
400
0
#endif
401
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
402
0
        case PSA_ALG_SHA3_224:
403
0
#endif
404
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
405
0
        case PSA_ALG_SHA3_256:
406
0
#endif
407
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
408
0
        case PSA_ALG_SHA3_384:
409
0
#endif
410
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
411
0
        case PSA_ALG_SHA3_512:
412
0
#endif
413
0
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
414
0
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
415
0
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
416
0
    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
417
0
    ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size);
418
0
    break;
419
0
#endif
420
0
        default:
421
0
            (void) hash;
422
0
            return PSA_ERROR_BAD_STATE;
423
0
    }
424
0
    status = mbedtls_to_psa_error(ret);
425
426
0
exit:
427
0
    if (status == PSA_SUCCESS) {
428
0
        *hash_length = actual_hash_length;
429
0
    }
430
0
    return status;
431
0
}
432
433
psa_status_t mbedtls_psa_hash_compute(
434
    psa_algorithm_t alg,
435
    const uint8_t *input,
436
    size_t input_length,
437
    uint8_t *hash,
438
    size_t hash_size,
439
    size_t *hash_length)
440
0
{
441
0
    mbedtls_psa_hash_operation_t operation = MBEDTLS_PSA_HASH_OPERATION_INIT;
442
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
443
0
    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
444
445
0
    *hash_length = hash_size;
446
0
    status = mbedtls_psa_hash_setup(&operation, alg);
447
0
    if (status != PSA_SUCCESS) {
448
0
        goto exit;
449
0
    }
450
0
    status = mbedtls_psa_hash_update(&operation, input, input_length);
451
0
    if (status != PSA_SUCCESS) {
452
0
        goto exit;
453
0
    }
454
0
    status = mbedtls_psa_hash_finish(&operation, hash, hash_size, hash_length);
455
0
    if (status != PSA_SUCCESS) {
456
0
        goto exit;
457
0
    }
458
459
0
exit:
460
0
    abort_status = mbedtls_psa_hash_abort(&operation);
461
0
    if (status == PSA_SUCCESS) {
462
0
        return abort_status;
463
0
    } else {
464
0
        return status;
465
0
    }
466
467
0
}
468
#endif /* MBEDTLS_PSA_BUILTIN_HASH */
469
470
#endif /* MBEDTLS_PSA_CRYPTO_C */