/src/mbedtls/library/md.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * \file md.c |
3 | | * |
4 | | * \brief Generic message digest wrapper for Mbed TLS |
5 | | * |
6 | | * \author Adriaan de Jong <dejong@fox-it.com> |
7 | | * |
8 | | * Copyright The Mbed TLS Contributors |
9 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
10 | | */ |
11 | | |
12 | | #include "common.h" |
13 | | |
14 | | /* |
15 | | * Availability of functions in this module is controlled by two |
16 | | * feature macros: |
17 | | * - MBEDTLS_MD_C enables the whole module; |
18 | | * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing |
19 | | * most hash metadata (everything except string names); is it |
20 | | * automatically set whenever MBEDTLS_MD_C is defined. |
21 | | * |
22 | | * In this file, functions from MD_LIGHT are at the top, MD_C at the end. |
23 | | * |
24 | | * In the future we may want to change the contract of some functions |
25 | | * (behaviour with NULL arguments) depending on whether MD_C is defined or |
26 | | * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. |
27 | | * |
28 | | * For these reasons, we're keeping MD_LIGHT internal for now. |
29 | | */ |
30 | | #if defined(MBEDTLS_MD_LIGHT) |
31 | | |
32 | | #include "mbedtls/md.h" |
33 | | #include "md_wrap.h" |
34 | | #include "mbedtls/platform_util.h" |
35 | | #include "mbedtls/error.h" |
36 | | |
37 | | #include "mbedtls/md5.h" |
38 | | #include "mbedtls/ripemd160.h" |
39 | | #include "mbedtls/sha1.h" |
40 | | #include "mbedtls/sha256.h" |
41 | | #include "mbedtls/sha512.h" |
42 | | #include "mbedtls/sha3.h" |
43 | | |
44 | | #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) |
45 | | #include <psa/crypto.h> |
46 | | #include "md_psa.h" |
47 | | #include "psa_util_internal.h" |
48 | | #endif |
49 | | |
50 | | #if defined(MBEDTLS_MD_SOME_PSA) |
51 | | #include "psa_crypto_core.h" |
52 | | #endif |
53 | | |
54 | | #include "mbedtls/platform.h" |
55 | | |
56 | | #include <string.h> |
57 | | |
58 | | #if defined(MBEDTLS_FS_IO) |
59 | | #include <stdio.h> |
60 | | #endif |
61 | | |
62 | | /* See comment above MBEDTLS_MD_MAX_SIZE in md.h */ |
63 | | #if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE |
64 | | #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE" |
65 | | #endif |
66 | | |
67 | | #if defined(MBEDTLS_MD_C) |
68 | | #define MD_INFO(type, out_size, block_size) type, out_size, block_size, |
69 | | #else |
70 | | #define MD_INFO(type, out_size, block_size) type, out_size, |
71 | | #endif |
72 | | |
73 | | #if defined(MBEDTLS_MD_CAN_MD5) |
74 | | static const mbedtls_md_info_t mbedtls_md5_info = { |
75 | | MD_INFO(MBEDTLS_MD_MD5, 16, 64) |
76 | | }; |
77 | | #endif |
78 | | |
79 | | #if defined(MBEDTLS_MD_CAN_RIPEMD160) |
80 | | static const mbedtls_md_info_t mbedtls_ripemd160_info = { |
81 | | MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64) |
82 | | }; |
83 | | #endif |
84 | | |
85 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
86 | | static const mbedtls_md_info_t mbedtls_sha1_info = { |
87 | | MD_INFO(MBEDTLS_MD_SHA1, 20, 64) |
88 | | }; |
89 | | #endif |
90 | | |
91 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
92 | | static const mbedtls_md_info_t mbedtls_sha224_info = { |
93 | | MD_INFO(MBEDTLS_MD_SHA224, 28, 64) |
94 | | }; |
95 | | #endif |
96 | | |
97 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
98 | | static const mbedtls_md_info_t mbedtls_sha256_info = { |
99 | | MD_INFO(MBEDTLS_MD_SHA256, 32, 64) |
100 | | }; |
101 | | #endif |
102 | | |
103 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
104 | | static const mbedtls_md_info_t mbedtls_sha384_info = { |
105 | | MD_INFO(MBEDTLS_MD_SHA384, 48, 128) |
106 | | }; |
107 | | #endif |
108 | | |
109 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
110 | | static const mbedtls_md_info_t mbedtls_sha512_info = { |
111 | | MD_INFO(MBEDTLS_MD_SHA512, 64, 128) |
112 | | }; |
113 | | #endif |
114 | | |
115 | | #if defined(MBEDTLS_MD_CAN_SHA3_224) |
116 | | static const mbedtls_md_info_t mbedtls_sha3_224_info = { |
117 | | MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144) |
118 | | }; |
119 | | #endif |
120 | | |
121 | | #if defined(MBEDTLS_MD_CAN_SHA3_256) |
122 | | static const mbedtls_md_info_t mbedtls_sha3_256_info = { |
123 | | MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136) |
124 | | }; |
125 | | #endif |
126 | | |
127 | | #if defined(MBEDTLS_MD_CAN_SHA3_384) |
128 | | static const mbedtls_md_info_t mbedtls_sha3_384_info = { |
129 | | MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104) |
130 | | }; |
131 | | #endif |
132 | | |
133 | | #if defined(MBEDTLS_MD_CAN_SHA3_512) |
134 | | static const mbedtls_md_info_t mbedtls_sha3_512_info = { |
135 | | MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72) |
136 | | }; |
137 | | #endif |
138 | | |
139 | | const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) |
140 | 4 | { |
141 | 4 | switch (md_type) { |
142 | 0 | #if defined(MBEDTLS_MD_CAN_MD5) |
143 | 0 | case MBEDTLS_MD_MD5: |
144 | 0 | return &mbedtls_md5_info; |
145 | 0 | #endif |
146 | 0 | #if defined(MBEDTLS_MD_CAN_RIPEMD160) |
147 | 0 | case MBEDTLS_MD_RIPEMD160: |
148 | 0 | return &mbedtls_ripemd160_info; |
149 | 0 | #endif |
150 | 0 | #if defined(MBEDTLS_MD_CAN_SHA1) |
151 | 0 | case MBEDTLS_MD_SHA1: |
152 | 0 | return &mbedtls_sha1_info; |
153 | 0 | #endif |
154 | 0 | #if defined(MBEDTLS_MD_CAN_SHA224) |
155 | 0 | case MBEDTLS_MD_SHA224: |
156 | 0 | return &mbedtls_sha224_info; |
157 | 0 | #endif |
158 | 0 | #if defined(MBEDTLS_MD_CAN_SHA256) |
159 | 0 | case MBEDTLS_MD_SHA256: |
160 | 0 | return &mbedtls_sha256_info; |
161 | 0 | #endif |
162 | 0 | #if defined(MBEDTLS_MD_CAN_SHA384) |
163 | 0 | case MBEDTLS_MD_SHA384: |
164 | 0 | return &mbedtls_sha384_info; |
165 | 0 | #endif |
166 | 0 | #if defined(MBEDTLS_MD_CAN_SHA512) |
167 | 4 | case MBEDTLS_MD_SHA512: |
168 | 4 | return &mbedtls_sha512_info; |
169 | 0 | #endif |
170 | 0 | #if defined(MBEDTLS_MD_CAN_SHA3_224) |
171 | 0 | case MBEDTLS_MD_SHA3_224: |
172 | 0 | return &mbedtls_sha3_224_info; |
173 | 0 | #endif |
174 | 0 | #if defined(MBEDTLS_MD_CAN_SHA3_256) |
175 | 0 | case MBEDTLS_MD_SHA3_256: |
176 | 0 | return &mbedtls_sha3_256_info; |
177 | 0 | #endif |
178 | 0 | #if defined(MBEDTLS_MD_CAN_SHA3_384) |
179 | 0 | case MBEDTLS_MD_SHA3_384: |
180 | 0 | return &mbedtls_sha3_384_info; |
181 | 0 | #endif |
182 | 0 | #if defined(MBEDTLS_MD_CAN_SHA3_512) |
183 | 0 | case MBEDTLS_MD_SHA3_512: |
184 | 0 | return &mbedtls_sha3_512_info; |
185 | 0 | #endif |
186 | 0 | default: |
187 | 0 | return NULL; |
188 | 4 | } |
189 | 4 | } |
190 | | |
191 | | #if defined(MBEDTLS_MD_SOME_PSA) |
192 | | static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info) |
193 | | { |
194 | | switch (info->type) { |
195 | | #if defined(MBEDTLS_MD_MD5_VIA_PSA) |
196 | | case MBEDTLS_MD_MD5: |
197 | | return PSA_ALG_MD5; |
198 | | #endif |
199 | | #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA) |
200 | | case MBEDTLS_MD_RIPEMD160: |
201 | | return PSA_ALG_RIPEMD160; |
202 | | #endif |
203 | | #if defined(MBEDTLS_MD_SHA1_VIA_PSA) |
204 | | case MBEDTLS_MD_SHA1: |
205 | | return PSA_ALG_SHA_1; |
206 | | #endif |
207 | | #if defined(MBEDTLS_MD_SHA224_VIA_PSA) |
208 | | case MBEDTLS_MD_SHA224: |
209 | | return PSA_ALG_SHA_224; |
210 | | #endif |
211 | | #if defined(MBEDTLS_MD_SHA256_VIA_PSA) |
212 | | case MBEDTLS_MD_SHA256: |
213 | | return PSA_ALG_SHA_256; |
214 | | #endif |
215 | | #if defined(MBEDTLS_MD_SHA384_VIA_PSA) |
216 | | case MBEDTLS_MD_SHA384: |
217 | | return PSA_ALG_SHA_384; |
218 | | #endif |
219 | | #if defined(MBEDTLS_MD_SHA512_VIA_PSA) |
220 | | case MBEDTLS_MD_SHA512: |
221 | | return PSA_ALG_SHA_512; |
222 | | #endif |
223 | | #if defined(MBEDTLS_MD_SHA3_224_VIA_PSA) |
224 | | case MBEDTLS_MD_SHA3_224: |
225 | | return PSA_ALG_SHA3_224; |
226 | | #endif |
227 | | #if defined(MBEDTLS_MD_SHA3_256_VIA_PSA) |
228 | | case MBEDTLS_MD_SHA3_256: |
229 | | return PSA_ALG_SHA3_256; |
230 | | #endif |
231 | | #if defined(MBEDTLS_MD_SHA3_384_VIA_PSA) |
232 | | case MBEDTLS_MD_SHA3_384: |
233 | | return PSA_ALG_SHA3_384; |
234 | | #endif |
235 | | #if defined(MBEDTLS_MD_SHA3_512_VIA_PSA) |
236 | | case MBEDTLS_MD_SHA3_512: |
237 | | return PSA_ALG_SHA3_512; |
238 | | #endif |
239 | | default: |
240 | | return PSA_ALG_NONE; |
241 | | } |
242 | | } |
243 | | |
244 | | static int md_can_use_psa(const mbedtls_md_info_t *info) |
245 | | { |
246 | | psa_algorithm_t alg = psa_alg_of_md(info); |
247 | | if (alg == PSA_ALG_NONE) { |
248 | | return 0; |
249 | | } |
250 | | |
251 | | return psa_can_do_hash(alg); |
252 | | } |
253 | | #endif /* MBEDTLS_MD_SOME_PSA */ |
254 | | |
255 | | void mbedtls_md_init(mbedtls_md_context_t *ctx) |
256 | 2 | { |
257 | | /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */ |
258 | 2 | memset(ctx, 0, sizeof(mbedtls_md_context_t)); |
259 | 2 | } |
260 | | |
261 | | void mbedtls_md_free(mbedtls_md_context_t *ctx) |
262 | 2 | { |
263 | 2 | if (ctx == NULL || ctx->md_info == NULL) { |
264 | 0 | return; |
265 | 0 | } |
266 | | |
267 | 2 | if (ctx->md_ctx != NULL) { |
268 | | #if defined(MBEDTLS_MD_SOME_PSA) |
269 | | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { |
270 | | psa_hash_abort(ctx->md_ctx); |
271 | | } else |
272 | | #endif |
273 | 2 | switch (ctx->md_info->type) { |
274 | 0 | #if defined(MBEDTLS_MD5_C) |
275 | 0 | case MBEDTLS_MD_MD5: |
276 | 0 | mbedtls_md5_free(ctx->md_ctx); |
277 | 0 | break; |
278 | 0 | #endif |
279 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
280 | 0 | case MBEDTLS_MD_RIPEMD160: |
281 | 0 | mbedtls_ripemd160_free(ctx->md_ctx); |
282 | 0 | break; |
283 | 0 | #endif |
284 | 0 | #if defined(MBEDTLS_SHA1_C) |
285 | 0 | case MBEDTLS_MD_SHA1: |
286 | 0 | mbedtls_sha1_free(ctx->md_ctx); |
287 | 0 | break; |
288 | 0 | #endif |
289 | 0 | #if defined(MBEDTLS_SHA224_C) |
290 | 0 | case MBEDTLS_MD_SHA224: |
291 | 0 | mbedtls_sha256_free(ctx->md_ctx); |
292 | 0 | break; |
293 | 0 | #endif |
294 | 0 | #if defined(MBEDTLS_SHA256_C) |
295 | 0 | case MBEDTLS_MD_SHA256: |
296 | 0 | mbedtls_sha256_free(ctx->md_ctx); |
297 | 0 | break; |
298 | 0 | #endif |
299 | 0 | #if defined(MBEDTLS_SHA384_C) |
300 | 0 | case MBEDTLS_MD_SHA384: |
301 | 0 | mbedtls_sha512_free(ctx->md_ctx); |
302 | 0 | break; |
303 | 0 | #endif |
304 | 0 | #if defined(MBEDTLS_SHA512_C) |
305 | 2 | case MBEDTLS_MD_SHA512: |
306 | 2 | mbedtls_sha512_free(ctx->md_ctx); |
307 | 2 | break; |
308 | 0 | #endif |
309 | 0 | #if defined(MBEDTLS_SHA3_C) |
310 | 0 | case MBEDTLS_MD_SHA3_224: |
311 | 0 | case MBEDTLS_MD_SHA3_256: |
312 | 0 | case MBEDTLS_MD_SHA3_384: |
313 | 0 | case MBEDTLS_MD_SHA3_512: |
314 | 0 | mbedtls_sha3_free(ctx->md_ctx); |
315 | 0 | break; |
316 | 0 | #endif |
317 | 0 | default: |
318 | | /* Shouldn't happen */ |
319 | 0 | break; |
320 | 2 | } |
321 | 2 | mbedtls_free(ctx->md_ctx); |
322 | 2 | } |
323 | | |
324 | 2 | #if defined(MBEDTLS_MD_C) |
325 | 2 | if (ctx->hmac_ctx != NULL) { |
326 | 0 | mbedtls_zeroize_and_free(ctx->hmac_ctx, |
327 | 0 | 2 * ctx->md_info->block_size); |
328 | 0 | } |
329 | 2 | #endif |
330 | | |
331 | 2 | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); |
332 | 2 | } |
333 | | |
334 | | int mbedtls_md_clone(mbedtls_md_context_t *dst, |
335 | | const mbedtls_md_context_t *src) |
336 | 0 | { |
337 | 0 | if (dst == NULL || dst->md_info == NULL || |
338 | 0 | src == NULL || src->md_info == NULL || |
339 | 0 | dst->md_info != src->md_info) { |
340 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
341 | 0 | } |
342 | | |
343 | | #if defined(MBEDTLS_MD_SOME_PSA) |
344 | | if (src->engine != dst->engine) { |
345 | | /* This can happen with src set to legacy because PSA wasn't ready |
346 | | * yet, and dst to PSA because it became ready in the meantime. |
347 | | * We currently don't support that case (we'd need to re-allocate |
348 | | * md_ctx to the size of the appropriate MD context). */ |
349 | | return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; |
350 | | } |
351 | | |
352 | | if (src->engine == MBEDTLS_MD_ENGINE_PSA) { |
353 | | psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx); |
354 | | return mbedtls_md_error_from_psa(status); |
355 | | } |
356 | | #endif |
357 | | |
358 | 0 | switch (src->md_info->type) { |
359 | 0 | #if defined(MBEDTLS_MD5_C) |
360 | 0 | case MBEDTLS_MD_MD5: |
361 | 0 | mbedtls_md5_clone(dst->md_ctx, src->md_ctx); |
362 | 0 | break; |
363 | 0 | #endif |
364 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
365 | 0 | case MBEDTLS_MD_RIPEMD160: |
366 | 0 | mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx); |
367 | 0 | break; |
368 | 0 | #endif |
369 | 0 | #if defined(MBEDTLS_SHA1_C) |
370 | 0 | case MBEDTLS_MD_SHA1: |
371 | 0 | mbedtls_sha1_clone(dst->md_ctx, src->md_ctx); |
372 | 0 | break; |
373 | 0 | #endif |
374 | 0 | #if defined(MBEDTLS_SHA224_C) |
375 | 0 | case MBEDTLS_MD_SHA224: |
376 | 0 | mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); |
377 | 0 | break; |
378 | 0 | #endif |
379 | 0 | #if defined(MBEDTLS_SHA256_C) |
380 | 0 | case MBEDTLS_MD_SHA256: |
381 | 0 | mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); |
382 | 0 | break; |
383 | 0 | #endif |
384 | 0 | #if defined(MBEDTLS_SHA384_C) |
385 | 0 | case MBEDTLS_MD_SHA384: |
386 | 0 | mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); |
387 | 0 | break; |
388 | 0 | #endif |
389 | 0 | #if defined(MBEDTLS_SHA512_C) |
390 | 0 | case MBEDTLS_MD_SHA512: |
391 | 0 | mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); |
392 | 0 | break; |
393 | 0 | #endif |
394 | 0 | #if defined(MBEDTLS_SHA3_C) |
395 | 0 | case MBEDTLS_MD_SHA3_224: |
396 | 0 | case MBEDTLS_MD_SHA3_256: |
397 | 0 | case MBEDTLS_MD_SHA3_384: |
398 | 0 | case MBEDTLS_MD_SHA3_512: |
399 | 0 | mbedtls_sha3_clone(dst->md_ctx, src->md_ctx); |
400 | 0 | break; |
401 | 0 | #endif |
402 | 0 | default: |
403 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
404 | 0 | } |
405 | | |
406 | 0 | return 0; |
407 | 0 | } |
408 | | |
409 | | #define ALLOC(type) \ |
410 | 2 | do { \ |
411 | 2 | ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ |
412 | 2 | if (ctx->md_ctx == NULL) \ |
413 | 2 | return MBEDTLS_ERR_MD_ALLOC_FAILED; \ |
414 | 2 | mbedtls_##type##_init(ctx->md_ctx); \ |
415 | 2 | } \ |
416 | 2 | while (0) |
417 | | |
418 | | int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) |
419 | 2 | { |
420 | 2 | #if defined(MBEDTLS_MD_C) |
421 | 2 | if (ctx == NULL) { |
422 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
423 | 0 | } |
424 | 2 | #endif |
425 | 2 | if (md_info == NULL) { |
426 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
427 | 0 | } |
428 | | |
429 | 2 | ctx->md_info = md_info; |
430 | 2 | ctx->md_ctx = NULL; |
431 | 2 | #if defined(MBEDTLS_MD_C) |
432 | 2 | ctx->hmac_ctx = NULL; |
433 | | #else |
434 | | if (hmac != 0) { |
435 | | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
436 | | } |
437 | | #endif |
438 | | |
439 | | #if defined(MBEDTLS_MD_SOME_PSA) |
440 | | if (md_can_use_psa(ctx->md_info)) { |
441 | | ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); |
442 | | if (ctx->md_ctx == NULL) { |
443 | | return MBEDTLS_ERR_MD_ALLOC_FAILED; |
444 | | } |
445 | | ctx->engine = MBEDTLS_MD_ENGINE_PSA; |
446 | | } else |
447 | | #endif |
448 | 2 | switch (md_info->type) { |
449 | 0 | #if defined(MBEDTLS_MD5_C) |
450 | 0 | case MBEDTLS_MD_MD5: |
451 | 0 | ALLOC(md5); |
452 | 0 | break; |
453 | 0 | #endif |
454 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
455 | 0 | case MBEDTLS_MD_RIPEMD160: |
456 | 0 | ALLOC(ripemd160); |
457 | 0 | break; |
458 | 0 | #endif |
459 | 0 | #if defined(MBEDTLS_SHA1_C) |
460 | 0 | case MBEDTLS_MD_SHA1: |
461 | 0 | ALLOC(sha1); |
462 | 0 | break; |
463 | 0 | #endif |
464 | 0 | #if defined(MBEDTLS_SHA224_C) |
465 | 0 | case MBEDTLS_MD_SHA224: |
466 | 0 | ALLOC(sha256); |
467 | 0 | break; |
468 | 0 | #endif |
469 | 0 | #if defined(MBEDTLS_SHA256_C) |
470 | 0 | case MBEDTLS_MD_SHA256: |
471 | 0 | ALLOC(sha256); |
472 | 0 | break; |
473 | 0 | #endif |
474 | 0 | #if defined(MBEDTLS_SHA384_C) |
475 | 0 | case MBEDTLS_MD_SHA384: |
476 | 0 | ALLOC(sha512); |
477 | 0 | break; |
478 | 0 | #endif |
479 | 0 | #if defined(MBEDTLS_SHA512_C) |
480 | 2 | case MBEDTLS_MD_SHA512: |
481 | 2 | ALLOC(sha512); |
482 | 2 | break; |
483 | 2 | #endif |
484 | 2 | #if defined(MBEDTLS_SHA3_C) |
485 | 2 | case MBEDTLS_MD_SHA3_224: |
486 | 0 | case MBEDTLS_MD_SHA3_256: |
487 | 0 | case MBEDTLS_MD_SHA3_384: |
488 | 0 | case MBEDTLS_MD_SHA3_512: |
489 | 0 | ALLOC(sha3); |
490 | 0 | break; |
491 | 0 | #endif |
492 | 0 | default: |
493 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
494 | 2 | } |
495 | | |
496 | 2 | #if defined(MBEDTLS_MD_C) |
497 | 2 | if (hmac != 0) { |
498 | 0 | ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); |
499 | 0 | if (ctx->hmac_ctx == NULL) { |
500 | 0 | mbedtls_md_free(ctx); |
501 | 0 | return MBEDTLS_ERR_MD_ALLOC_FAILED; |
502 | 0 | } |
503 | 0 | } |
504 | 2 | #endif |
505 | | |
506 | 2 | return 0; |
507 | 2 | } |
508 | | #undef ALLOC |
509 | | |
510 | | int mbedtls_md_starts(mbedtls_md_context_t *ctx) |
511 | 2 | { |
512 | 2 | #if defined(MBEDTLS_MD_C) |
513 | 2 | if (ctx == NULL || ctx->md_info == NULL) { |
514 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
515 | 0 | } |
516 | 2 | #endif |
517 | | |
518 | | #if defined(MBEDTLS_MD_SOME_PSA) |
519 | | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { |
520 | | psa_algorithm_t alg = psa_alg_of_md(ctx->md_info); |
521 | | psa_hash_abort(ctx->md_ctx); |
522 | | psa_status_t status = psa_hash_setup(ctx->md_ctx, alg); |
523 | | return mbedtls_md_error_from_psa(status); |
524 | | } |
525 | | #endif |
526 | | |
527 | 2 | switch (ctx->md_info->type) { |
528 | 0 | #if defined(MBEDTLS_MD5_C) |
529 | 0 | case MBEDTLS_MD_MD5: |
530 | 0 | return mbedtls_md5_starts(ctx->md_ctx); |
531 | 0 | #endif |
532 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
533 | 0 | case MBEDTLS_MD_RIPEMD160: |
534 | 0 | return mbedtls_ripemd160_starts(ctx->md_ctx); |
535 | 0 | #endif |
536 | 0 | #if defined(MBEDTLS_SHA1_C) |
537 | 0 | case MBEDTLS_MD_SHA1: |
538 | 0 | return mbedtls_sha1_starts(ctx->md_ctx); |
539 | 0 | #endif |
540 | 0 | #if defined(MBEDTLS_SHA224_C) |
541 | 0 | case MBEDTLS_MD_SHA224: |
542 | 0 | return mbedtls_sha256_starts(ctx->md_ctx, 1); |
543 | 0 | #endif |
544 | 0 | #if defined(MBEDTLS_SHA256_C) |
545 | 0 | case MBEDTLS_MD_SHA256: |
546 | 0 | return mbedtls_sha256_starts(ctx->md_ctx, 0); |
547 | 0 | #endif |
548 | 0 | #if defined(MBEDTLS_SHA384_C) |
549 | 0 | case MBEDTLS_MD_SHA384: |
550 | 0 | return mbedtls_sha512_starts(ctx->md_ctx, 1); |
551 | 0 | #endif |
552 | 0 | #if defined(MBEDTLS_SHA512_C) |
553 | 2 | case MBEDTLS_MD_SHA512: |
554 | 2 | return mbedtls_sha512_starts(ctx->md_ctx, 0); |
555 | 0 | #endif |
556 | 0 | #if defined(MBEDTLS_SHA3_C) |
557 | 0 | case MBEDTLS_MD_SHA3_224: |
558 | 0 | return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224); |
559 | 0 | case MBEDTLS_MD_SHA3_256: |
560 | 0 | return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256); |
561 | 0 | case MBEDTLS_MD_SHA3_384: |
562 | 0 | return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384); |
563 | 0 | case MBEDTLS_MD_SHA3_512: |
564 | 0 | return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512); |
565 | 0 | #endif |
566 | 0 | default: |
567 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
568 | 2 | } |
569 | 2 | } |
570 | | |
571 | | int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) |
572 | 4 | { |
573 | 4 | #if defined(MBEDTLS_MD_C) |
574 | 4 | if (ctx == NULL || ctx->md_info == NULL) { |
575 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
576 | 0 | } |
577 | 4 | #endif |
578 | | |
579 | | #if defined(MBEDTLS_MD_SOME_PSA) |
580 | | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { |
581 | | psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen); |
582 | | return mbedtls_md_error_from_psa(status); |
583 | | } |
584 | | #endif |
585 | | |
586 | 4 | switch (ctx->md_info->type) { |
587 | 0 | #if defined(MBEDTLS_MD5_C) |
588 | 0 | case MBEDTLS_MD_MD5: |
589 | 0 | return mbedtls_md5_update(ctx->md_ctx, input, ilen); |
590 | 0 | #endif |
591 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
592 | 0 | case MBEDTLS_MD_RIPEMD160: |
593 | 0 | return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen); |
594 | 0 | #endif |
595 | 0 | #if defined(MBEDTLS_SHA1_C) |
596 | 0 | case MBEDTLS_MD_SHA1: |
597 | 0 | return mbedtls_sha1_update(ctx->md_ctx, input, ilen); |
598 | 0 | #endif |
599 | 0 | #if defined(MBEDTLS_SHA224_C) |
600 | 0 | case MBEDTLS_MD_SHA224: |
601 | 0 | return mbedtls_sha256_update(ctx->md_ctx, input, ilen); |
602 | 0 | #endif |
603 | 0 | #if defined(MBEDTLS_SHA256_C) |
604 | 0 | case MBEDTLS_MD_SHA256: |
605 | 0 | return mbedtls_sha256_update(ctx->md_ctx, input, ilen); |
606 | 0 | #endif |
607 | 0 | #if defined(MBEDTLS_SHA384_C) |
608 | 0 | case MBEDTLS_MD_SHA384: |
609 | 0 | return mbedtls_sha512_update(ctx->md_ctx, input, ilen); |
610 | 0 | #endif |
611 | 0 | #if defined(MBEDTLS_SHA512_C) |
612 | 4 | case MBEDTLS_MD_SHA512: |
613 | 4 | return mbedtls_sha512_update(ctx->md_ctx, input, ilen); |
614 | 0 | #endif |
615 | 0 | #if defined(MBEDTLS_SHA3_C) |
616 | 0 | case MBEDTLS_MD_SHA3_224: |
617 | 0 | case MBEDTLS_MD_SHA3_256: |
618 | 0 | case MBEDTLS_MD_SHA3_384: |
619 | 0 | case MBEDTLS_MD_SHA3_512: |
620 | 0 | return mbedtls_sha3_update(ctx->md_ctx, input, ilen); |
621 | 0 | #endif |
622 | 0 | default: |
623 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
624 | 4 | } |
625 | 4 | } |
626 | | |
627 | | int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) |
628 | 0 | { |
629 | 0 | #if defined(MBEDTLS_MD_C) |
630 | 0 | if (ctx == NULL || ctx->md_info == NULL) { |
631 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
632 | 0 | } |
633 | 0 | #endif |
634 | | |
635 | | #if defined(MBEDTLS_MD_SOME_PSA) |
636 | | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { |
637 | | size_t size = ctx->md_info->size; |
638 | | psa_status_t status = psa_hash_finish(ctx->md_ctx, |
639 | | output, size, &size); |
640 | | return mbedtls_md_error_from_psa(status); |
641 | | } |
642 | | #endif |
643 | | |
644 | 0 | switch (ctx->md_info->type) { |
645 | 0 | #if defined(MBEDTLS_MD5_C) |
646 | 0 | case MBEDTLS_MD_MD5: |
647 | 0 | return mbedtls_md5_finish(ctx->md_ctx, output); |
648 | 0 | #endif |
649 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
650 | 0 | case MBEDTLS_MD_RIPEMD160: |
651 | 0 | return mbedtls_ripemd160_finish(ctx->md_ctx, output); |
652 | 0 | #endif |
653 | 0 | #if defined(MBEDTLS_SHA1_C) |
654 | 0 | case MBEDTLS_MD_SHA1: |
655 | 0 | return mbedtls_sha1_finish(ctx->md_ctx, output); |
656 | 0 | #endif |
657 | 0 | #if defined(MBEDTLS_SHA224_C) |
658 | 0 | case MBEDTLS_MD_SHA224: |
659 | 0 | return mbedtls_sha256_finish(ctx->md_ctx, output); |
660 | 0 | #endif |
661 | 0 | #if defined(MBEDTLS_SHA256_C) |
662 | 0 | case MBEDTLS_MD_SHA256: |
663 | 0 | return mbedtls_sha256_finish(ctx->md_ctx, output); |
664 | 0 | #endif |
665 | 0 | #if defined(MBEDTLS_SHA384_C) |
666 | 0 | case MBEDTLS_MD_SHA384: |
667 | 0 | return mbedtls_sha512_finish(ctx->md_ctx, output); |
668 | 0 | #endif |
669 | 0 | #if defined(MBEDTLS_SHA512_C) |
670 | 0 | case MBEDTLS_MD_SHA512: |
671 | 0 | return mbedtls_sha512_finish(ctx->md_ctx, output); |
672 | 0 | #endif |
673 | 0 | #if defined(MBEDTLS_SHA3_C) |
674 | 0 | case MBEDTLS_MD_SHA3_224: |
675 | 0 | case MBEDTLS_MD_SHA3_256: |
676 | 0 | case MBEDTLS_MD_SHA3_384: |
677 | 0 | case MBEDTLS_MD_SHA3_512: |
678 | 0 | return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size); |
679 | 0 | #endif |
680 | 0 | default: |
681 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
682 | 0 | } |
683 | 0 | } |
684 | | |
685 | | int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, |
686 | | unsigned char *output) |
687 | 2 | { |
688 | 2 | if (md_info == NULL) { |
689 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
690 | 0 | } |
691 | | |
692 | | #if defined(MBEDTLS_MD_SOME_PSA) |
693 | | if (md_can_use_psa(md_info)) { |
694 | | size_t size = md_info->size; |
695 | | psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info), |
696 | | input, ilen, |
697 | | output, size, &size); |
698 | | return mbedtls_md_error_from_psa(status); |
699 | | } |
700 | | #endif |
701 | | |
702 | 2 | switch (md_info->type) { |
703 | 0 | #if defined(MBEDTLS_MD5_C) |
704 | 0 | case MBEDTLS_MD_MD5: |
705 | 0 | return mbedtls_md5(input, ilen, output); |
706 | 0 | #endif |
707 | 0 | #if defined(MBEDTLS_RIPEMD160_C) |
708 | 0 | case MBEDTLS_MD_RIPEMD160: |
709 | 0 | return mbedtls_ripemd160(input, ilen, output); |
710 | 0 | #endif |
711 | 0 | #if defined(MBEDTLS_SHA1_C) |
712 | 0 | case MBEDTLS_MD_SHA1: |
713 | 0 | return mbedtls_sha1(input, ilen, output); |
714 | 0 | #endif |
715 | 0 | #if defined(MBEDTLS_SHA224_C) |
716 | 0 | case MBEDTLS_MD_SHA224: |
717 | 0 | return mbedtls_sha256(input, ilen, output, 1); |
718 | 0 | #endif |
719 | 0 | #if defined(MBEDTLS_SHA256_C) |
720 | 0 | case MBEDTLS_MD_SHA256: |
721 | 0 | return mbedtls_sha256(input, ilen, output, 0); |
722 | 0 | #endif |
723 | 0 | #if defined(MBEDTLS_SHA384_C) |
724 | 0 | case MBEDTLS_MD_SHA384: |
725 | 0 | return mbedtls_sha512(input, ilen, output, 1); |
726 | 0 | #endif |
727 | 0 | #if defined(MBEDTLS_SHA512_C) |
728 | 2 | case MBEDTLS_MD_SHA512: |
729 | 2 | return mbedtls_sha512(input, ilen, output, 0); |
730 | 0 | #endif |
731 | 0 | #if defined(MBEDTLS_SHA3_C) |
732 | 0 | case MBEDTLS_MD_SHA3_224: |
733 | 0 | return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size); |
734 | 0 | case MBEDTLS_MD_SHA3_256: |
735 | 0 | return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size); |
736 | 0 | case MBEDTLS_MD_SHA3_384: |
737 | 0 | return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size); |
738 | 0 | case MBEDTLS_MD_SHA3_512: |
739 | 0 | return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size); |
740 | 0 | #endif |
741 | 0 | default: |
742 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
743 | 2 | } |
744 | 2 | } |
745 | | |
746 | | unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) |
747 | 0 | { |
748 | 0 | if (md_info == NULL) { |
749 | 0 | return 0; |
750 | 0 | } |
751 | | |
752 | 0 | return md_info->size; |
753 | 0 | } |
754 | | |
755 | | mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) |
756 | 0 | { |
757 | 0 | if (md_info == NULL) { |
758 | 0 | return MBEDTLS_MD_NONE; |
759 | 0 | } |
760 | | |
761 | 0 | return md_info->type; |
762 | 0 | } |
763 | | |
764 | | #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) |
765 | | int mbedtls_md_error_from_psa(psa_status_t status) |
766 | 0 | { |
767 | 0 | return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, |
768 | 0 | psa_generic_status_to_mbedtls); |
769 | 0 | } |
770 | | #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ |
771 | | |
772 | | |
773 | | /************************************************************************ |
774 | | * Functions above this separator are part of MBEDTLS_MD_LIGHT, * |
775 | | * functions below are only available when MBEDTLS_MD_C is set. * |
776 | | ************************************************************************/ |
777 | | #if defined(MBEDTLS_MD_C) |
778 | | |
779 | | /* |
780 | | * Reminder: update profiles in x509_crt.c when adding a new hash! |
781 | | */ |
782 | | static const int supported_digests[] = { |
783 | | |
784 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
785 | | MBEDTLS_MD_SHA512, |
786 | | #endif |
787 | | |
788 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
789 | | MBEDTLS_MD_SHA384, |
790 | | #endif |
791 | | |
792 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
793 | | MBEDTLS_MD_SHA256, |
794 | | #endif |
795 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
796 | | MBEDTLS_MD_SHA224, |
797 | | #endif |
798 | | |
799 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
800 | | MBEDTLS_MD_SHA1, |
801 | | #endif |
802 | | |
803 | | #if defined(MBEDTLS_MD_CAN_RIPEMD160) |
804 | | MBEDTLS_MD_RIPEMD160, |
805 | | #endif |
806 | | |
807 | | #if defined(MBEDTLS_MD_CAN_MD5) |
808 | | MBEDTLS_MD_MD5, |
809 | | #endif |
810 | | |
811 | | #if defined(MBEDTLS_MD_CAN_SHA3_224) |
812 | | MBEDTLS_MD_SHA3_224, |
813 | | #endif |
814 | | |
815 | | #if defined(MBEDTLS_MD_CAN_SHA3_256) |
816 | | MBEDTLS_MD_SHA3_256, |
817 | | #endif |
818 | | |
819 | | #if defined(MBEDTLS_MD_CAN_SHA3_384) |
820 | | MBEDTLS_MD_SHA3_384, |
821 | | #endif |
822 | | |
823 | | #if defined(MBEDTLS_MD_CAN_SHA3_512) |
824 | | MBEDTLS_MD_SHA3_512, |
825 | | #endif |
826 | | |
827 | | MBEDTLS_MD_NONE |
828 | | }; |
829 | | |
830 | | const int *mbedtls_md_list(void) |
831 | 0 | { |
832 | 0 | return supported_digests; |
833 | 0 | } |
834 | | |
835 | | typedef struct { |
836 | | const char *md_name; |
837 | | mbedtls_md_type_t md_type; |
838 | | } md_name_entry; |
839 | | |
840 | | static const md_name_entry md_names[] = { |
841 | | #if defined(MBEDTLS_MD_CAN_MD5) |
842 | | { "MD5", MBEDTLS_MD_MD5 }, |
843 | | #endif |
844 | | #if defined(MBEDTLS_MD_CAN_RIPEMD160) |
845 | | { "RIPEMD160", MBEDTLS_MD_RIPEMD160 }, |
846 | | #endif |
847 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
848 | | { "SHA1", MBEDTLS_MD_SHA1 }, |
849 | | { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback |
850 | | #endif |
851 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
852 | | { "SHA224", MBEDTLS_MD_SHA224 }, |
853 | | #endif |
854 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
855 | | { "SHA256", MBEDTLS_MD_SHA256 }, |
856 | | #endif |
857 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
858 | | { "SHA384", MBEDTLS_MD_SHA384 }, |
859 | | #endif |
860 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
861 | | { "SHA512", MBEDTLS_MD_SHA512 }, |
862 | | #endif |
863 | | #if defined(MBEDTLS_MD_CAN_SHA3_224) |
864 | | { "SHA3-224", MBEDTLS_MD_SHA3_224 }, |
865 | | #endif |
866 | | #if defined(MBEDTLS_MD_CAN_SHA3_256) |
867 | | { "SHA3-256", MBEDTLS_MD_SHA3_256 }, |
868 | | #endif |
869 | | #if defined(MBEDTLS_MD_CAN_SHA3_384) |
870 | | { "SHA3-384", MBEDTLS_MD_SHA3_384 }, |
871 | | #endif |
872 | | #if defined(MBEDTLS_MD_CAN_SHA3_512) |
873 | | { "SHA3-512", MBEDTLS_MD_SHA3_512 }, |
874 | | #endif |
875 | | { NULL, MBEDTLS_MD_NONE }, |
876 | | }; |
877 | | |
878 | | const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) |
879 | 0 | { |
880 | 0 | if (NULL == md_name) { |
881 | 0 | return NULL; |
882 | 0 | } |
883 | | |
884 | 0 | const md_name_entry *entry = md_names; |
885 | 0 | while (entry->md_name != NULL && |
886 | 0 | strcmp(entry->md_name, md_name) != 0) { |
887 | 0 | ++entry; |
888 | 0 | } |
889 | |
|
890 | 0 | return mbedtls_md_info_from_type(entry->md_type); |
891 | 0 | } |
892 | | |
893 | | const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) |
894 | 0 | { |
895 | 0 | if (md_info == NULL) { |
896 | 0 | return NULL; |
897 | 0 | } |
898 | | |
899 | 0 | const md_name_entry *entry = md_names; |
900 | 0 | while (entry->md_type != MBEDTLS_MD_NONE && |
901 | 0 | entry->md_type != md_info->type) { |
902 | 0 | ++entry; |
903 | 0 | } |
904 | |
|
905 | 0 | return entry->md_name; |
906 | 0 | } |
907 | | |
908 | | const mbedtls_md_info_t *mbedtls_md_info_from_ctx( |
909 | | const mbedtls_md_context_t *ctx) |
910 | 0 | { |
911 | 0 | if (ctx == NULL) { |
912 | 0 | return NULL; |
913 | 0 | } |
914 | | |
915 | 0 | return ctx->MBEDTLS_PRIVATE(md_info); |
916 | 0 | } |
917 | | |
918 | | #if defined(MBEDTLS_FS_IO) |
919 | | int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) |
920 | 0 | { |
921 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
922 | 0 | FILE *f; |
923 | 0 | size_t n; |
924 | 0 | mbedtls_md_context_t ctx; |
925 | 0 | unsigned char buf[1024]; |
926 | |
|
927 | 0 | if (md_info == NULL) { |
928 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
929 | 0 | } |
930 | | |
931 | 0 | if ((f = fopen(path, "rb")) == NULL) { |
932 | 0 | return MBEDTLS_ERR_MD_FILE_IO_ERROR; |
933 | 0 | } |
934 | | |
935 | | /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ |
936 | 0 | mbedtls_setbuf(f, NULL); |
937 | |
|
938 | 0 | mbedtls_md_init(&ctx); |
939 | |
|
940 | 0 | if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { |
941 | 0 | goto cleanup; |
942 | 0 | } |
943 | | |
944 | 0 | if ((ret = mbedtls_md_starts(&ctx)) != 0) { |
945 | 0 | goto cleanup; |
946 | 0 | } |
947 | | |
948 | 0 | while ((n = fread(buf, 1, sizeof(buf), f)) > 0) { |
949 | 0 | if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) { |
950 | 0 | goto cleanup; |
951 | 0 | } |
952 | 0 | } |
953 | | |
954 | 0 | if (ferror(f) != 0) { |
955 | 0 | ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; |
956 | 0 | } else { |
957 | 0 | ret = mbedtls_md_finish(&ctx, output); |
958 | 0 | } |
959 | |
|
960 | 0 | cleanup: |
961 | 0 | mbedtls_platform_zeroize(buf, sizeof(buf)); |
962 | 0 | fclose(f); |
963 | 0 | mbedtls_md_free(&ctx); |
964 | |
|
965 | 0 | return ret; |
966 | 0 | } |
967 | | #endif /* MBEDTLS_FS_IO */ |
968 | | |
969 | | int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) |
970 | 0 | { |
971 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
972 | 0 | unsigned char sum[MBEDTLS_MD_MAX_SIZE]; |
973 | 0 | unsigned char *ipad, *opad; |
974 | |
|
975 | 0 | if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { |
976 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
977 | 0 | } |
978 | | |
979 | 0 | if (keylen > (size_t) ctx->md_info->block_size) { |
980 | 0 | if ((ret = mbedtls_md_starts(ctx)) != 0) { |
981 | 0 | goto cleanup; |
982 | 0 | } |
983 | 0 | if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) { |
984 | 0 | goto cleanup; |
985 | 0 | } |
986 | 0 | if ((ret = mbedtls_md_finish(ctx, sum)) != 0) { |
987 | 0 | goto cleanup; |
988 | 0 | } |
989 | | |
990 | 0 | keylen = ctx->md_info->size; |
991 | 0 | key = sum; |
992 | 0 | } |
993 | | |
994 | 0 | ipad = (unsigned char *) ctx->hmac_ctx; |
995 | 0 | opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; |
996 | |
|
997 | 0 | memset(ipad, 0x36, ctx->md_info->block_size); |
998 | 0 | memset(opad, 0x5C, ctx->md_info->block_size); |
999 | |
|
1000 | 0 | mbedtls_xor(ipad, ipad, key, keylen); |
1001 | 0 | mbedtls_xor(opad, opad, key, keylen); |
1002 | |
|
1003 | 0 | if ((ret = mbedtls_md_starts(ctx)) != 0) { |
1004 | 0 | goto cleanup; |
1005 | 0 | } |
1006 | 0 | if ((ret = mbedtls_md_update(ctx, ipad, |
1007 | 0 | ctx->md_info->block_size)) != 0) { |
1008 | 0 | goto cleanup; |
1009 | 0 | } |
1010 | | |
1011 | 0 | cleanup: |
1012 | 0 | mbedtls_platform_zeroize(sum, sizeof(sum)); |
1013 | |
|
1014 | 0 | return ret; |
1015 | 0 | } |
1016 | | |
1017 | | int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) |
1018 | 0 | { |
1019 | 0 | if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { |
1020 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
1021 | 0 | } |
1022 | | |
1023 | 0 | return mbedtls_md_update(ctx, input, ilen); |
1024 | 0 | } |
1025 | | |
1026 | | int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) |
1027 | 0 | { |
1028 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1029 | 0 | unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; |
1030 | 0 | unsigned char *opad; |
1031 | |
|
1032 | 0 | if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { |
1033 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
1034 | 0 | } |
1035 | | |
1036 | 0 | opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; |
1037 | |
|
1038 | 0 | if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) { |
1039 | 0 | return ret; |
1040 | 0 | } |
1041 | 0 | if ((ret = mbedtls_md_starts(ctx)) != 0) { |
1042 | 0 | return ret; |
1043 | 0 | } |
1044 | 0 | if ((ret = mbedtls_md_update(ctx, opad, |
1045 | 0 | ctx->md_info->block_size)) != 0) { |
1046 | 0 | return ret; |
1047 | 0 | } |
1048 | 0 | if ((ret = mbedtls_md_update(ctx, tmp, |
1049 | 0 | ctx->md_info->size)) != 0) { |
1050 | 0 | return ret; |
1051 | 0 | } |
1052 | 0 | return mbedtls_md_finish(ctx, output); |
1053 | 0 | } |
1054 | | |
1055 | | int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) |
1056 | 0 | { |
1057 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1058 | 0 | unsigned char *ipad; |
1059 | |
|
1060 | 0 | if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { |
1061 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
1062 | 0 | } |
1063 | | |
1064 | 0 | ipad = (unsigned char *) ctx->hmac_ctx; |
1065 | |
|
1066 | 0 | if ((ret = mbedtls_md_starts(ctx)) != 0) { |
1067 | 0 | return ret; |
1068 | 0 | } |
1069 | 0 | return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size); |
1070 | 0 | } |
1071 | | |
1072 | | int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, |
1073 | | const unsigned char *key, size_t keylen, |
1074 | | const unsigned char *input, size_t ilen, |
1075 | | unsigned char *output) |
1076 | 0 | { |
1077 | 0 | mbedtls_md_context_t ctx; |
1078 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1079 | |
|
1080 | 0 | if (md_info == NULL) { |
1081 | 0 | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; |
1082 | 0 | } |
1083 | | |
1084 | 0 | mbedtls_md_init(&ctx); |
1085 | |
|
1086 | 0 | if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) { |
1087 | 0 | goto cleanup; |
1088 | 0 | } |
1089 | | |
1090 | 0 | if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) { |
1091 | 0 | goto cleanup; |
1092 | 0 | } |
1093 | 0 | if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) { |
1094 | 0 | goto cleanup; |
1095 | 0 | } |
1096 | 0 | if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) { |
1097 | 0 | goto cleanup; |
1098 | 0 | } |
1099 | | |
1100 | 0 | cleanup: |
1101 | 0 | mbedtls_md_free(&ctx); |
1102 | |
|
1103 | 0 | return ret; |
1104 | 0 | } |
1105 | | |
1106 | | #endif /* MBEDTLS_MD_C */ |
1107 | | |
1108 | | #endif /* MBEDTLS_MD_LIGHT */ |