Coverage Report

Created: 2025-03-01 06:26

/src/mbedtls/library/md.c
Line
Count
Source (jump to first uncovered line)
1
/**
2
 * \file md.c
3
 *
4
 * \brief Generic message digest wrapper for Mbed TLS
5
 *
6
 * \author Adriaan de Jong <dejong@fox-it.com>
7
 *
8
 *  Copyright The Mbed TLS Contributors
9
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10
 */
11
12
#include "common.h"
13
14
/*
15
 * Availability of functions in this module is controlled by two
16
 * feature macros:
17
 * - MBEDTLS_MD_C enables the whole module;
18
 * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
19
 * most hash metadata (everything except string names); is it
20
 * automatically set whenever MBEDTLS_MD_C is defined.
21
 *
22
 * In this file, functions from MD_LIGHT are at the top, MD_C at the end.
23
 *
24
 * In the future we may want to change the contract of some functions
25
 * (behaviour with NULL arguments) depending on whether MD_C is defined or
26
 * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary.
27
 *
28
 * For these reasons, we're keeping MD_LIGHT internal for now.
29
 */
30
#if defined(MBEDTLS_MD_LIGHT)
31
32
#include "mbedtls/md.h"
33
#include "md_wrap.h"
34
#include "mbedtls/platform_util.h"
35
#include "mbedtls/error.h"
36
37
#include "mbedtls/md5.h"
38
#include "mbedtls/ripemd160.h"
39
#include "mbedtls/sha1.h"
40
#include "mbedtls/sha256.h"
41
#include "mbedtls/sha512.h"
42
#include "mbedtls/sha3.h"
43
44
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
45
#include <psa/crypto.h>
46
#include "md_psa.h"
47
#include "psa_util_internal.h"
48
#endif
49
50
#if defined(MBEDTLS_MD_SOME_PSA)
51
#include "psa_crypto_core.h"
52
#endif
53
54
#include "mbedtls/platform.h"
55
56
#include <string.h>
57
58
#if defined(MBEDTLS_FS_IO)
59
#include <stdio.h>
60
#endif
61
62
/* See comment above MBEDTLS_MD_MAX_SIZE in md.h */
63
#if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE
64
#error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE"
65
#endif
66
67
#if defined(MBEDTLS_MD_C)
68
#define MD_INFO(type, out_size, block_size) type, out_size, block_size,
69
#else
70
#define MD_INFO(type, out_size, block_size) type, out_size,
71
#endif
72
73
#if defined(MBEDTLS_MD_CAN_MD5)
74
static const mbedtls_md_info_t mbedtls_md5_info = {
75
    MD_INFO(MBEDTLS_MD_MD5, 16, 64)
76
};
77
#endif
78
79
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
80
static const mbedtls_md_info_t mbedtls_ripemd160_info = {
81
    MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64)
82
};
83
#endif
84
85
#if defined(MBEDTLS_MD_CAN_SHA1)
86
static const mbedtls_md_info_t mbedtls_sha1_info = {
87
    MD_INFO(MBEDTLS_MD_SHA1, 20, 64)
88
};
89
#endif
90
91
#if defined(MBEDTLS_MD_CAN_SHA224)
92
static const mbedtls_md_info_t mbedtls_sha224_info = {
93
    MD_INFO(MBEDTLS_MD_SHA224, 28, 64)
94
};
95
#endif
96
97
#if defined(MBEDTLS_MD_CAN_SHA256)
98
static const mbedtls_md_info_t mbedtls_sha256_info = {
99
    MD_INFO(MBEDTLS_MD_SHA256, 32, 64)
100
};
101
#endif
102
103
#if defined(MBEDTLS_MD_CAN_SHA384)
104
static const mbedtls_md_info_t mbedtls_sha384_info = {
105
    MD_INFO(MBEDTLS_MD_SHA384, 48, 128)
106
};
107
#endif
108
109
#if defined(MBEDTLS_MD_CAN_SHA512)
110
static const mbedtls_md_info_t mbedtls_sha512_info = {
111
    MD_INFO(MBEDTLS_MD_SHA512, 64, 128)
112
};
113
#endif
114
115
#if defined(MBEDTLS_MD_CAN_SHA3_224)
116
static const mbedtls_md_info_t mbedtls_sha3_224_info = {
117
    MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144)
118
};
119
#endif
120
121
#if defined(MBEDTLS_MD_CAN_SHA3_256)
122
static const mbedtls_md_info_t mbedtls_sha3_256_info = {
123
    MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136)
124
};
125
#endif
126
127
#if defined(MBEDTLS_MD_CAN_SHA3_384)
128
static const mbedtls_md_info_t mbedtls_sha3_384_info = {
129
    MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104)
130
};
131
#endif
132
133
#if defined(MBEDTLS_MD_CAN_SHA3_512)
134
static const mbedtls_md_info_t mbedtls_sha3_512_info = {
135
    MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
136
};
137
#endif
138
139
const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
140
4
{
141
4
    switch (md_type) {
142
0
#if defined(MBEDTLS_MD_CAN_MD5)
143
0
        case MBEDTLS_MD_MD5:
144
0
            return &mbedtls_md5_info;
145
0
#endif
146
0
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
147
0
        case MBEDTLS_MD_RIPEMD160:
148
0
            return &mbedtls_ripemd160_info;
149
0
#endif
150
0
#if defined(MBEDTLS_MD_CAN_SHA1)
151
0
        case MBEDTLS_MD_SHA1:
152
0
            return &mbedtls_sha1_info;
153
0
#endif
154
0
#if defined(MBEDTLS_MD_CAN_SHA224)
155
0
        case MBEDTLS_MD_SHA224:
156
0
            return &mbedtls_sha224_info;
157
0
#endif
158
0
#if defined(MBEDTLS_MD_CAN_SHA256)
159
0
        case MBEDTLS_MD_SHA256:
160
0
            return &mbedtls_sha256_info;
161
0
#endif
162
0
#if defined(MBEDTLS_MD_CAN_SHA384)
163
0
        case MBEDTLS_MD_SHA384:
164
0
            return &mbedtls_sha384_info;
165
0
#endif
166
0
#if defined(MBEDTLS_MD_CAN_SHA512)
167
4
        case MBEDTLS_MD_SHA512:
168
4
            return &mbedtls_sha512_info;
169
0
#endif
170
0
#if defined(MBEDTLS_MD_CAN_SHA3_224)
171
0
        case MBEDTLS_MD_SHA3_224:
172
0
            return &mbedtls_sha3_224_info;
173
0
#endif
174
0
#if defined(MBEDTLS_MD_CAN_SHA3_256)
175
0
        case MBEDTLS_MD_SHA3_256:
176
0
            return &mbedtls_sha3_256_info;
177
0
#endif
178
0
#if defined(MBEDTLS_MD_CAN_SHA3_384)
179
0
        case MBEDTLS_MD_SHA3_384:
180
0
            return &mbedtls_sha3_384_info;
181
0
#endif
182
0
#if defined(MBEDTLS_MD_CAN_SHA3_512)
183
0
        case MBEDTLS_MD_SHA3_512:
184
0
            return &mbedtls_sha3_512_info;
185
0
#endif
186
0
        default:
187
0
            return NULL;
188
4
    }
189
4
}
190
191
#if defined(MBEDTLS_MD_SOME_PSA)
192
static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info)
193
{
194
    switch (info->type) {
195
#if defined(MBEDTLS_MD_MD5_VIA_PSA)
196
        case MBEDTLS_MD_MD5:
197
            return PSA_ALG_MD5;
198
#endif
199
#if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA)
200
        case MBEDTLS_MD_RIPEMD160:
201
            return PSA_ALG_RIPEMD160;
202
#endif
203
#if defined(MBEDTLS_MD_SHA1_VIA_PSA)
204
        case MBEDTLS_MD_SHA1:
205
            return PSA_ALG_SHA_1;
206
#endif
207
#if defined(MBEDTLS_MD_SHA224_VIA_PSA)
208
        case MBEDTLS_MD_SHA224:
209
            return PSA_ALG_SHA_224;
210
#endif
211
#if defined(MBEDTLS_MD_SHA256_VIA_PSA)
212
        case MBEDTLS_MD_SHA256:
213
            return PSA_ALG_SHA_256;
214
#endif
215
#if defined(MBEDTLS_MD_SHA384_VIA_PSA)
216
        case MBEDTLS_MD_SHA384:
217
            return PSA_ALG_SHA_384;
218
#endif
219
#if defined(MBEDTLS_MD_SHA512_VIA_PSA)
220
        case MBEDTLS_MD_SHA512:
221
            return PSA_ALG_SHA_512;
222
#endif
223
#if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
224
        case MBEDTLS_MD_SHA3_224:
225
            return PSA_ALG_SHA3_224;
226
#endif
227
#if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
228
        case MBEDTLS_MD_SHA3_256:
229
            return PSA_ALG_SHA3_256;
230
#endif
231
#if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
232
        case MBEDTLS_MD_SHA3_384:
233
            return PSA_ALG_SHA3_384;
234
#endif
235
#if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
236
        case MBEDTLS_MD_SHA3_512:
237
            return PSA_ALG_SHA3_512;
238
#endif
239
        default:
240
            return PSA_ALG_NONE;
241
    }
242
}
243
244
static int md_can_use_psa(const mbedtls_md_info_t *info)
245
{
246
    psa_algorithm_t alg = psa_alg_of_md(info);
247
    if (alg == PSA_ALG_NONE) {
248
        return 0;
249
    }
250
251
    return psa_can_do_hash(alg);
252
}
253
#endif /* MBEDTLS_MD_SOME_PSA */
254
255
void mbedtls_md_init(mbedtls_md_context_t *ctx)
256
2
{
257
    /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */
258
2
    memset(ctx, 0, sizeof(mbedtls_md_context_t));
259
2
}
260
261
void mbedtls_md_free(mbedtls_md_context_t *ctx)
262
2
{
263
2
    if (ctx == NULL || ctx->md_info == NULL) {
264
0
        return;
265
0
    }
266
267
2
    if (ctx->md_ctx != NULL) {
268
#if defined(MBEDTLS_MD_SOME_PSA)
269
        if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
270
            psa_hash_abort(ctx->md_ctx);
271
        } else
272
#endif
273
2
        switch (ctx->md_info->type) {
274
0
#if defined(MBEDTLS_MD5_C)
275
0
            case MBEDTLS_MD_MD5:
276
0
                mbedtls_md5_free(ctx->md_ctx);
277
0
                break;
278
0
#endif
279
0
#if defined(MBEDTLS_RIPEMD160_C)
280
0
            case MBEDTLS_MD_RIPEMD160:
281
0
                mbedtls_ripemd160_free(ctx->md_ctx);
282
0
                break;
283
0
#endif
284
0
#if defined(MBEDTLS_SHA1_C)
285
0
            case MBEDTLS_MD_SHA1:
286
0
                mbedtls_sha1_free(ctx->md_ctx);
287
0
                break;
288
0
#endif
289
0
#if defined(MBEDTLS_SHA224_C)
290
0
            case MBEDTLS_MD_SHA224:
291
0
                mbedtls_sha256_free(ctx->md_ctx);
292
0
                break;
293
0
#endif
294
0
#if defined(MBEDTLS_SHA256_C)
295
0
            case MBEDTLS_MD_SHA256:
296
0
                mbedtls_sha256_free(ctx->md_ctx);
297
0
                break;
298
0
#endif
299
0
#if defined(MBEDTLS_SHA384_C)
300
0
            case MBEDTLS_MD_SHA384:
301
0
                mbedtls_sha512_free(ctx->md_ctx);
302
0
                break;
303
0
#endif
304
0
#if defined(MBEDTLS_SHA512_C)
305
2
            case MBEDTLS_MD_SHA512:
306
2
                mbedtls_sha512_free(ctx->md_ctx);
307
2
                break;
308
0
#endif
309
0
#if defined(MBEDTLS_SHA3_C)
310
0
            case MBEDTLS_MD_SHA3_224:
311
0
            case MBEDTLS_MD_SHA3_256:
312
0
            case MBEDTLS_MD_SHA3_384:
313
0
            case MBEDTLS_MD_SHA3_512:
314
0
                mbedtls_sha3_free(ctx->md_ctx);
315
0
                break;
316
0
#endif
317
0
            default:
318
                /* Shouldn't happen */
319
0
                break;
320
2
        }
321
2
        mbedtls_free(ctx->md_ctx);
322
2
    }
323
324
2
#if defined(MBEDTLS_MD_C)
325
2
    if (ctx->hmac_ctx != NULL) {
326
0
        mbedtls_zeroize_and_free(ctx->hmac_ctx,
327
0
                                 2 * ctx->md_info->block_size);
328
0
    }
329
2
#endif
330
331
2
    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t));
332
2
}
333
334
int mbedtls_md_clone(mbedtls_md_context_t *dst,
335
                     const mbedtls_md_context_t *src)
336
0
{
337
0
    if (dst == NULL || dst->md_info == NULL ||
338
0
        src == NULL || src->md_info == NULL ||
339
0
        dst->md_info != src->md_info) {
340
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
341
0
    }
342
343
#if defined(MBEDTLS_MD_SOME_PSA)
344
    if (src->engine != dst->engine) {
345
        /* This can happen with src set to legacy because PSA wasn't ready
346
         * yet, and dst to PSA because it became ready in the meantime.
347
         * We currently don't support that case (we'd need to re-allocate
348
         * md_ctx to the size of the appropriate MD context). */
349
        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
350
    }
351
352
    if (src->engine == MBEDTLS_MD_ENGINE_PSA) {
353
        psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx);
354
        return mbedtls_md_error_from_psa(status);
355
    }
356
#endif
357
358
0
    switch (src->md_info->type) {
359
0
#if defined(MBEDTLS_MD5_C)
360
0
        case MBEDTLS_MD_MD5:
361
0
            mbedtls_md5_clone(dst->md_ctx, src->md_ctx);
362
0
            break;
363
0
#endif
364
0
#if defined(MBEDTLS_RIPEMD160_C)
365
0
        case MBEDTLS_MD_RIPEMD160:
366
0
            mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx);
367
0
            break;
368
0
#endif
369
0
#if defined(MBEDTLS_SHA1_C)
370
0
        case MBEDTLS_MD_SHA1:
371
0
            mbedtls_sha1_clone(dst->md_ctx, src->md_ctx);
372
0
            break;
373
0
#endif
374
0
#if defined(MBEDTLS_SHA224_C)
375
0
        case MBEDTLS_MD_SHA224:
376
0
            mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
377
0
            break;
378
0
#endif
379
0
#if defined(MBEDTLS_SHA256_C)
380
0
        case MBEDTLS_MD_SHA256:
381
0
            mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
382
0
            break;
383
0
#endif
384
0
#if defined(MBEDTLS_SHA384_C)
385
0
        case MBEDTLS_MD_SHA384:
386
0
            mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
387
0
            break;
388
0
#endif
389
0
#if defined(MBEDTLS_SHA512_C)
390
0
        case MBEDTLS_MD_SHA512:
391
0
            mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
392
0
            break;
393
0
#endif
394
0
#if defined(MBEDTLS_SHA3_C)
395
0
        case MBEDTLS_MD_SHA3_224:
396
0
        case MBEDTLS_MD_SHA3_256:
397
0
        case MBEDTLS_MD_SHA3_384:
398
0
        case MBEDTLS_MD_SHA3_512:
399
0
            mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
400
0
            break;
401
0
#endif
402
0
        default:
403
0
            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
404
0
    }
405
406
0
    return 0;
407
0
}
408
409
#define ALLOC(type)                                                   \
410
2
    do {                                                                \
411
2
        ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \
412
2
        if (ctx->md_ctx == NULL)                                       \
413
2
        return MBEDTLS_ERR_MD_ALLOC_FAILED;                      \
414
2
        mbedtls_##type##_init(ctx->md_ctx);                           \
415
2
    }                                                                   \
416
2
    while (0)
417
418
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
419
2
{
420
2
#if defined(MBEDTLS_MD_C)
421
2
    if (ctx == NULL) {
422
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
423
0
    }
424
2
#endif
425
2
    if (md_info == NULL) {
426
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
427
0
    }
428
429
2
    ctx->md_info = md_info;
430
2
    ctx->md_ctx = NULL;
431
2
#if defined(MBEDTLS_MD_C)
432
2
    ctx->hmac_ctx = NULL;
433
#else
434
    if (hmac != 0) {
435
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
436
    }
437
#endif
438
439
#if defined(MBEDTLS_MD_SOME_PSA)
440
    if (md_can_use_psa(ctx->md_info)) {
441
        ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t));
442
        if (ctx->md_ctx == NULL) {
443
            return MBEDTLS_ERR_MD_ALLOC_FAILED;
444
        }
445
        ctx->engine = MBEDTLS_MD_ENGINE_PSA;
446
    } else
447
#endif
448
2
    switch (md_info->type) {
449
0
#if defined(MBEDTLS_MD5_C)
450
0
        case MBEDTLS_MD_MD5:
451
0
            ALLOC(md5);
452
0
            break;
453
0
#endif
454
0
#if defined(MBEDTLS_RIPEMD160_C)
455
0
        case MBEDTLS_MD_RIPEMD160:
456
0
            ALLOC(ripemd160);
457
0
            break;
458
0
#endif
459
0
#if defined(MBEDTLS_SHA1_C)
460
0
        case MBEDTLS_MD_SHA1:
461
0
            ALLOC(sha1);
462
0
            break;
463
0
#endif
464
0
#if defined(MBEDTLS_SHA224_C)
465
0
        case MBEDTLS_MD_SHA224:
466
0
            ALLOC(sha256);
467
0
            break;
468
0
#endif
469
0
#if defined(MBEDTLS_SHA256_C)
470
0
        case MBEDTLS_MD_SHA256:
471
0
            ALLOC(sha256);
472
0
            break;
473
0
#endif
474
0
#if defined(MBEDTLS_SHA384_C)
475
0
        case MBEDTLS_MD_SHA384:
476
0
            ALLOC(sha512);
477
0
            break;
478
0
#endif
479
0
#if defined(MBEDTLS_SHA512_C)
480
2
        case MBEDTLS_MD_SHA512:
481
2
            ALLOC(sha512);
482
2
            break;
483
2
#endif
484
2
#if defined(MBEDTLS_SHA3_C)
485
2
        case MBEDTLS_MD_SHA3_224:
486
0
        case MBEDTLS_MD_SHA3_256:
487
0
        case MBEDTLS_MD_SHA3_384:
488
0
        case MBEDTLS_MD_SHA3_512:
489
0
            ALLOC(sha3);
490
0
            break;
491
0
#endif
492
0
        default:
493
0
            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
494
2
    }
495
496
2
#if defined(MBEDTLS_MD_C)
497
2
    if (hmac != 0) {
498
0
        ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
499
0
        if (ctx->hmac_ctx == NULL) {
500
0
            mbedtls_md_free(ctx);
501
0
            return MBEDTLS_ERR_MD_ALLOC_FAILED;
502
0
        }
503
0
    }
504
2
#endif
505
506
2
    return 0;
507
2
}
508
#undef ALLOC
509
510
int mbedtls_md_starts(mbedtls_md_context_t *ctx)
511
2
{
512
2
#if defined(MBEDTLS_MD_C)
513
2
    if (ctx == NULL || ctx->md_info == NULL) {
514
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
515
0
    }
516
2
#endif
517
518
#if defined(MBEDTLS_MD_SOME_PSA)
519
    if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
520
        psa_algorithm_t alg = psa_alg_of_md(ctx->md_info);
521
        psa_hash_abort(ctx->md_ctx);
522
        psa_status_t status = psa_hash_setup(ctx->md_ctx, alg);
523
        return mbedtls_md_error_from_psa(status);
524
    }
525
#endif
526
527
2
    switch (ctx->md_info->type) {
528
0
#if defined(MBEDTLS_MD5_C)
529
0
        case MBEDTLS_MD_MD5:
530
0
            return mbedtls_md5_starts(ctx->md_ctx);
531
0
#endif
532
0
#if defined(MBEDTLS_RIPEMD160_C)
533
0
        case MBEDTLS_MD_RIPEMD160:
534
0
            return mbedtls_ripemd160_starts(ctx->md_ctx);
535
0
#endif
536
0
#if defined(MBEDTLS_SHA1_C)
537
0
        case MBEDTLS_MD_SHA1:
538
0
            return mbedtls_sha1_starts(ctx->md_ctx);
539
0
#endif
540
0
#if defined(MBEDTLS_SHA224_C)
541
0
        case MBEDTLS_MD_SHA224:
542
0
            return mbedtls_sha256_starts(ctx->md_ctx, 1);
543
0
#endif
544
0
#if defined(MBEDTLS_SHA256_C)
545
0
        case MBEDTLS_MD_SHA256:
546
0
            return mbedtls_sha256_starts(ctx->md_ctx, 0);
547
0
#endif
548
0
#if defined(MBEDTLS_SHA384_C)
549
0
        case MBEDTLS_MD_SHA384:
550
0
            return mbedtls_sha512_starts(ctx->md_ctx, 1);
551
0
#endif
552
0
#if defined(MBEDTLS_SHA512_C)
553
2
        case MBEDTLS_MD_SHA512:
554
2
            return mbedtls_sha512_starts(ctx->md_ctx, 0);
555
0
#endif
556
0
#if defined(MBEDTLS_SHA3_C)
557
0
        case MBEDTLS_MD_SHA3_224:
558
0
            return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224);
559
0
        case MBEDTLS_MD_SHA3_256:
560
0
            return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256);
561
0
        case MBEDTLS_MD_SHA3_384:
562
0
            return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384);
563
0
        case MBEDTLS_MD_SHA3_512:
564
0
            return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512);
565
0
#endif
566
0
        default:
567
0
            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
568
2
    }
569
2
}
570
571
int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
572
4
{
573
4
#if defined(MBEDTLS_MD_C)
574
4
    if (ctx == NULL || ctx->md_info == NULL) {
575
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
576
0
    }
577
4
#endif
578
579
#if defined(MBEDTLS_MD_SOME_PSA)
580
    if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
581
        psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen);
582
        return mbedtls_md_error_from_psa(status);
583
    }
584
#endif
585
586
4
    switch (ctx->md_info->type) {
587
0
#if defined(MBEDTLS_MD5_C)
588
0
        case MBEDTLS_MD_MD5:
589
0
            return mbedtls_md5_update(ctx->md_ctx, input, ilen);
590
0
#endif
591
0
#if defined(MBEDTLS_RIPEMD160_C)
592
0
        case MBEDTLS_MD_RIPEMD160:
593
0
            return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen);
594
0
#endif
595
0
#if defined(MBEDTLS_SHA1_C)
596
0
        case MBEDTLS_MD_SHA1:
597
0
            return mbedtls_sha1_update(ctx->md_ctx, input, ilen);
598
0
#endif
599
0
#if defined(MBEDTLS_SHA224_C)
600
0
        case MBEDTLS_MD_SHA224:
601
0
            return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
602
0
#endif
603
0
#if defined(MBEDTLS_SHA256_C)
604
0
        case MBEDTLS_MD_SHA256:
605
0
            return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
606
0
#endif
607
0
#if defined(MBEDTLS_SHA384_C)
608
0
        case MBEDTLS_MD_SHA384:
609
0
            return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
610
0
#endif
611
0
#if defined(MBEDTLS_SHA512_C)
612
4
        case MBEDTLS_MD_SHA512:
613
4
            return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
614
0
#endif
615
0
#if defined(MBEDTLS_SHA3_C)
616
0
        case MBEDTLS_MD_SHA3_224:
617
0
        case MBEDTLS_MD_SHA3_256:
618
0
        case MBEDTLS_MD_SHA3_384:
619
0
        case MBEDTLS_MD_SHA3_512:
620
0
            return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
621
0
#endif
622
0
        default:
623
0
            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
624
4
    }
625
4
}
626
627
int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
628
0
{
629
0
#if defined(MBEDTLS_MD_C)
630
0
    if (ctx == NULL || ctx->md_info == NULL) {
631
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
632
0
    }
633
0
#endif
634
635
#if defined(MBEDTLS_MD_SOME_PSA)
636
    if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
637
        size_t size = ctx->md_info->size;
638
        psa_status_t status = psa_hash_finish(ctx->md_ctx,
639
                                              output, size, &size);
640
        return mbedtls_md_error_from_psa(status);
641
    }
642
#endif
643
644
0
    switch (ctx->md_info->type) {
645
0
#if defined(MBEDTLS_MD5_C)
646
0
        case MBEDTLS_MD_MD5:
647
0
            return mbedtls_md5_finish(ctx->md_ctx, output);
648
0
#endif
649
0
#if defined(MBEDTLS_RIPEMD160_C)
650
0
        case MBEDTLS_MD_RIPEMD160:
651
0
            return mbedtls_ripemd160_finish(ctx->md_ctx, output);
652
0
#endif
653
0
#if defined(MBEDTLS_SHA1_C)
654
0
        case MBEDTLS_MD_SHA1:
655
0
            return mbedtls_sha1_finish(ctx->md_ctx, output);
656
0
#endif
657
0
#if defined(MBEDTLS_SHA224_C)
658
0
        case MBEDTLS_MD_SHA224:
659
0
            return mbedtls_sha256_finish(ctx->md_ctx, output);
660
0
#endif
661
0
#if defined(MBEDTLS_SHA256_C)
662
0
        case MBEDTLS_MD_SHA256:
663
0
            return mbedtls_sha256_finish(ctx->md_ctx, output);
664
0
#endif
665
0
#if defined(MBEDTLS_SHA384_C)
666
0
        case MBEDTLS_MD_SHA384:
667
0
            return mbedtls_sha512_finish(ctx->md_ctx, output);
668
0
#endif
669
0
#if defined(MBEDTLS_SHA512_C)
670
0
        case MBEDTLS_MD_SHA512:
671
0
            return mbedtls_sha512_finish(ctx->md_ctx, output);
672
0
#endif
673
0
#if defined(MBEDTLS_SHA3_C)
674
0
        case MBEDTLS_MD_SHA3_224:
675
0
        case MBEDTLS_MD_SHA3_256:
676
0
        case MBEDTLS_MD_SHA3_384:
677
0
        case MBEDTLS_MD_SHA3_512:
678
0
            return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
679
0
#endif
680
0
        default:
681
0
            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
682
0
    }
683
0
}
684
685
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
686
               unsigned char *output)
687
2
{
688
2
    if (md_info == NULL) {
689
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
690
0
    }
691
692
#if defined(MBEDTLS_MD_SOME_PSA)
693
    if (md_can_use_psa(md_info)) {
694
        size_t size = md_info->size;
695
        psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info),
696
                                               input, ilen,
697
                                               output, size, &size);
698
        return mbedtls_md_error_from_psa(status);
699
    }
700
#endif
701
702
2
    switch (md_info->type) {
703
0
#if defined(MBEDTLS_MD5_C)
704
0
        case MBEDTLS_MD_MD5:
705
0
            return mbedtls_md5(input, ilen, output);
706
0
#endif
707
0
#if defined(MBEDTLS_RIPEMD160_C)
708
0
        case MBEDTLS_MD_RIPEMD160:
709
0
            return mbedtls_ripemd160(input, ilen, output);
710
0
#endif
711
0
#if defined(MBEDTLS_SHA1_C)
712
0
        case MBEDTLS_MD_SHA1:
713
0
            return mbedtls_sha1(input, ilen, output);
714
0
#endif
715
0
#if defined(MBEDTLS_SHA224_C)
716
0
        case MBEDTLS_MD_SHA224:
717
0
            return mbedtls_sha256(input, ilen, output, 1);
718
0
#endif
719
0
#if defined(MBEDTLS_SHA256_C)
720
0
        case MBEDTLS_MD_SHA256:
721
0
            return mbedtls_sha256(input, ilen, output, 0);
722
0
#endif
723
0
#if defined(MBEDTLS_SHA384_C)
724
0
        case MBEDTLS_MD_SHA384:
725
0
            return mbedtls_sha512(input, ilen, output, 1);
726
0
#endif
727
0
#if defined(MBEDTLS_SHA512_C)
728
2
        case MBEDTLS_MD_SHA512:
729
2
            return mbedtls_sha512(input, ilen, output, 0);
730
0
#endif
731
0
#if defined(MBEDTLS_SHA3_C)
732
0
        case MBEDTLS_MD_SHA3_224:
733
0
            return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size);
734
0
        case MBEDTLS_MD_SHA3_256:
735
0
            return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size);
736
0
        case MBEDTLS_MD_SHA3_384:
737
0
            return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size);
738
0
        case MBEDTLS_MD_SHA3_512:
739
0
            return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size);
740
0
#endif
741
0
        default:
742
0
            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
743
2
    }
744
2
}
745
746
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
747
0
{
748
0
    if (md_info == NULL) {
749
0
        return 0;
750
0
    }
751
752
0
    return md_info->size;
753
0
}
754
755
mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
756
0
{
757
0
    if (md_info == NULL) {
758
0
        return MBEDTLS_MD_NONE;
759
0
    }
760
761
0
    return md_info->type;
762
0
}
763
764
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
765
int mbedtls_md_error_from_psa(psa_status_t status)
766
0
{
767
0
    return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
768
0
                                   psa_generic_status_to_mbedtls);
769
0
}
770
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
771
772
773
/************************************************************************
774
 * Functions above this separator are part of MBEDTLS_MD_LIGHT,         *
775
 * functions below are only available when MBEDTLS_MD_C is set.         *
776
 ************************************************************************/
777
#if defined(MBEDTLS_MD_C)
778
779
/*
780
 * Reminder: update profiles in x509_crt.c when adding a new hash!
781
 */
782
static const int supported_digests[] = {
783
784
#if defined(MBEDTLS_MD_CAN_SHA512)
785
    MBEDTLS_MD_SHA512,
786
#endif
787
788
#if defined(MBEDTLS_MD_CAN_SHA384)
789
    MBEDTLS_MD_SHA384,
790
#endif
791
792
#if defined(MBEDTLS_MD_CAN_SHA256)
793
    MBEDTLS_MD_SHA256,
794
#endif
795
#if defined(MBEDTLS_MD_CAN_SHA224)
796
    MBEDTLS_MD_SHA224,
797
#endif
798
799
#if defined(MBEDTLS_MD_CAN_SHA1)
800
    MBEDTLS_MD_SHA1,
801
#endif
802
803
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
804
    MBEDTLS_MD_RIPEMD160,
805
#endif
806
807
#if defined(MBEDTLS_MD_CAN_MD5)
808
    MBEDTLS_MD_MD5,
809
#endif
810
811
#if defined(MBEDTLS_MD_CAN_SHA3_224)
812
    MBEDTLS_MD_SHA3_224,
813
#endif
814
815
#if defined(MBEDTLS_MD_CAN_SHA3_256)
816
    MBEDTLS_MD_SHA3_256,
817
#endif
818
819
#if defined(MBEDTLS_MD_CAN_SHA3_384)
820
    MBEDTLS_MD_SHA3_384,
821
#endif
822
823
#if defined(MBEDTLS_MD_CAN_SHA3_512)
824
    MBEDTLS_MD_SHA3_512,
825
#endif
826
827
    MBEDTLS_MD_NONE
828
};
829
830
const int *mbedtls_md_list(void)
831
0
{
832
0
    return supported_digests;
833
0
}
834
835
typedef struct {
836
    const char *md_name;
837
    mbedtls_md_type_t md_type;
838
} md_name_entry;
839
840
static const md_name_entry md_names[] = {
841
#if defined(MBEDTLS_MD_CAN_MD5)
842
    { "MD5", MBEDTLS_MD_MD5 },
843
#endif
844
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
845
    { "RIPEMD160", MBEDTLS_MD_RIPEMD160 },
846
#endif
847
#if defined(MBEDTLS_MD_CAN_SHA1)
848
    { "SHA1", MBEDTLS_MD_SHA1 },
849
    { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback
850
#endif
851
#if defined(MBEDTLS_MD_CAN_SHA224)
852
    { "SHA224", MBEDTLS_MD_SHA224 },
853
#endif
854
#if defined(MBEDTLS_MD_CAN_SHA256)
855
    { "SHA256", MBEDTLS_MD_SHA256 },
856
#endif
857
#if defined(MBEDTLS_MD_CAN_SHA384)
858
    { "SHA384", MBEDTLS_MD_SHA384 },
859
#endif
860
#if defined(MBEDTLS_MD_CAN_SHA512)
861
    { "SHA512", MBEDTLS_MD_SHA512 },
862
#endif
863
#if defined(MBEDTLS_MD_CAN_SHA3_224)
864
    { "SHA3-224", MBEDTLS_MD_SHA3_224 },
865
#endif
866
#if defined(MBEDTLS_MD_CAN_SHA3_256)
867
    { "SHA3-256", MBEDTLS_MD_SHA3_256 },
868
#endif
869
#if defined(MBEDTLS_MD_CAN_SHA3_384)
870
    { "SHA3-384", MBEDTLS_MD_SHA3_384 },
871
#endif
872
#if defined(MBEDTLS_MD_CAN_SHA3_512)
873
    { "SHA3-512", MBEDTLS_MD_SHA3_512 },
874
#endif
875
    { NULL, MBEDTLS_MD_NONE },
876
};
877
878
const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name)
879
0
{
880
0
    if (NULL == md_name) {
881
0
        return NULL;
882
0
    }
883
884
0
    const md_name_entry *entry = md_names;
885
0
    while (entry->md_name != NULL &&
886
0
           strcmp(entry->md_name, md_name) != 0) {
887
0
        ++entry;
888
0
    }
889
890
0
    return mbedtls_md_info_from_type(entry->md_type);
891
0
}
892
893
const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info)
894
0
{
895
0
    if (md_info == NULL) {
896
0
        return NULL;
897
0
    }
898
899
0
    const md_name_entry *entry = md_names;
900
0
    while (entry->md_type != MBEDTLS_MD_NONE &&
901
0
           entry->md_type != md_info->type) {
902
0
        ++entry;
903
0
    }
904
905
0
    return entry->md_name;
906
0
}
907
908
const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
909
    const mbedtls_md_context_t *ctx)
910
0
{
911
0
    if (ctx == NULL) {
912
0
        return NULL;
913
0
    }
914
915
0
    return ctx->MBEDTLS_PRIVATE(md_info);
916
0
}
917
918
#if defined(MBEDTLS_FS_IO)
919
int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output)
920
0
{
921
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
922
0
    FILE *f;
923
0
    size_t n;
924
0
    mbedtls_md_context_t ctx;
925
0
    unsigned char buf[1024];
926
927
0
    if (md_info == NULL) {
928
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
929
0
    }
930
931
0
    if ((f = fopen(path, "rb")) == NULL) {
932
0
        return MBEDTLS_ERR_MD_FILE_IO_ERROR;
933
0
    }
934
935
    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
936
0
    mbedtls_setbuf(f, NULL);
937
938
0
    mbedtls_md_init(&ctx);
939
940
0
    if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
941
0
        goto cleanup;
942
0
    }
943
944
0
    if ((ret = mbedtls_md_starts(&ctx)) != 0) {
945
0
        goto cleanup;
946
0
    }
947
948
0
    while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
949
0
        if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) {
950
0
            goto cleanup;
951
0
        }
952
0
    }
953
954
0
    if (ferror(f) != 0) {
955
0
        ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
956
0
    } else {
957
0
        ret = mbedtls_md_finish(&ctx, output);
958
0
    }
959
960
0
cleanup:
961
0
    mbedtls_platform_zeroize(buf, sizeof(buf));
962
0
    fclose(f);
963
0
    mbedtls_md_free(&ctx);
964
965
0
    return ret;
966
0
}
967
#endif /* MBEDTLS_FS_IO */
968
969
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
970
0
{
971
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
972
0
    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
973
0
    unsigned char *ipad, *opad;
974
975
0
    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
976
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
977
0
    }
978
979
0
    if (keylen > (size_t) ctx->md_info->block_size) {
980
0
        if ((ret = mbedtls_md_starts(ctx)) != 0) {
981
0
            goto cleanup;
982
0
        }
983
0
        if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) {
984
0
            goto cleanup;
985
0
        }
986
0
        if ((ret = mbedtls_md_finish(ctx, sum)) != 0) {
987
0
            goto cleanup;
988
0
        }
989
990
0
        keylen = ctx->md_info->size;
991
0
        key = sum;
992
0
    }
993
994
0
    ipad = (unsigned char *) ctx->hmac_ctx;
995
0
    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
996
997
0
    memset(ipad, 0x36, ctx->md_info->block_size);
998
0
    memset(opad, 0x5C, ctx->md_info->block_size);
999
1000
0
    mbedtls_xor(ipad, ipad, key, keylen);
1001
0
    mbedtls_xor(opad, opad, key, keylen);
1002
1003
0
    if ((ret = mbedtls_md_starts(ctx)) != 0) {
1004
0
        goto cleanup;
1005
0
    }
1006
0
    if ((ret = mbedtls_md_update(ctx, ipad,
1007
0
                                 ctx->md_info->block_size)) != 0) {
1008
0
        goto cleanup;
1009
0
    }
1010
1011
0
cleanup:
1012
0
    mbedtls_platform_zeroize(sum, sizeof(sum));
1013
1014
0
    return ret;
1015
0
}
1016
1017
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
1018
0
{
1019
0
    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1020
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1021
0
    }
1022
1023
0
    return mbedtls_md_update(ctx, input, ilen);
1024
0
}
1025
1026
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
1027
0
{
1028
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1029
0
    unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
1030
0
    unsigned char *opad;
1031
1032
0
    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1033
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1034
0
    }
1035
1036
0
    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
1037
1038
0
    if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) {
1039
0
        return ret;
1040
0
    }
1041
0
    if ((ret = mbedtls_md_starts(ctx)) != 0) {
1042
0
        return ret;
1043
0
    }
1044
0
    if ((ret = mbedtls_md_update(ctx, opad,
1045
0
                                 ctx->md_info->block_size)) != 0) {
1046
0
        return ret;
1047
0
    }
1048
0
    if ((ret = mbedtls_md_update(ctx, tmp,
1049
0
                                 ctx->md_info->size)) != 0) {
1050
0
        return ret;
1051
0
    }
1052
0
    return mbedtls_md_finish(ctx, output);
1053
0
}
1054
1055
int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
1056
0
{
1057
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1058
0
    unsigned char *ipad;
1059
1060
0
    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1061
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1062
0
    }
1063
1064
0
    ipad = (unsigned char *) ctx->hmac_ctx;
1065
1066
0
    if ((ret = mbedtls_md_starts(ctx)) != 0) {
1067
0
        return ret;
1068
0
    }
1069
0
    return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size);
1070
0
}
1071
1072
int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
1073
                    const unsigned char *key, size_t keylen,
1074
                    const unsigned char *input, size_t ilen,
1075
                    unsigned char *output)
1076
0
{
1077
0
    mbedtls_md_context_t ctx;
1078
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1079
1080
0
    if (md_info == NULL) {
1081
0
        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1082
0
    }
1083
1084
0
    mbedtls_md_init(&ctx);
1085
1086
0
    if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) {
1087
0
        goto cleanup;
1088
0
    }
1089
1090
0
    if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) {
1091
0
        goto cleanup;
1092
0
    }
1093
0
    if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) {
1094
0
        goto cleanup;
1095
0
    }
1096
0
    if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
1097
0
        goto cleanup;
1098
0
    }
1099
1100
0
cleanup:
1101
0
    mbedtls_md_free(&ctx);
1102
1103
0
    return ret;
1104
0
}
1105
1106
#endif /* MBEDTLS_MD_C */
1107
1108
#endif /* MBEDTLS_MD_LIGHT */