1 /*
2 * PSA hashing layer on top of Mbed TLS software crypto
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 */
8
9 #include "common.h"
10
11 #if defined(MBEDTLS_PSA_CRYPTO_C)
12
13 #include <psa/crypto.h>
14 #include "psa_crypto_core.h"
15 #include "psa_crypto_hash.h"
16
17 #include <mbedtls/error.h>
18 #include <string.h>
19
20 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
21 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
22 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
23 defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
mbedtls_md_info_from_psa(psa_algorithm_t alg)24 const mbedtls_md_info_t *mbedtls_md_info_from_psa(psa_algorithm_t alg)
25 {
26 switch (alg) {
27 #if defined(MBEDTLS_MD2_C)
28 case PSA_ALG_MD2:
29 return &mbedtls_md2_info;
30 #endif
31 #if defined(MBEDTLS_MD4_C)
32 case PSA_ALG_MD4:
33 return &mbedtls_md4_info;
34 #endif
35 #if defined(MBEDTLS_MD5_C)
36 case PSA_ALG_MD5:
37 return &mbedtls_md5_info;
38 #endif
39 #if defined(MBEDTLS_RIPEMD160_C)
40 case PSA_ALG_RIPEMD160:
41 return &mbedtls_ripemd160_info;
42 #endif
43 #if defined(MBEDTLS_SHA1_C)
44 case PSA_ALG_SHA_1:
45 return &mbedtls_sha1_info;
46 #endif
47 #if defined(MBEDTLS_SHA256_C)
48 case PSA_ALG_SHA_224:
49 return &mbedtls_sha224_info;
50 #endif
51 #if defined(MBEDTLS_SHA256_C)
52 case PSA_ALG_SHA_256:
53 return &mbedtls_sha256_info;
54 #endif
55 #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
56 case PSA_ALG_SHA_384:
57 return &mbedtls_sha384_info;
58 #endif
59 #if defined(MBEDTLS_SHA512_C)
60 case PSA_ALG_SHA_512:
61 return &mbedtls_sha512_info;
62 #endif
63 default:
64 return NULL;
65 }
66 }
67 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
68 * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
69 * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
70 * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
71
72 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_psa_hash_abort(mbedtls_psa_hash_operation_t * operation)73 psa_status_t mbedtls_psa_hash_abort(
74 mbedtls_psa_hash_operation_t *operation)
75 {
76 switch (operation->alg) {
77 case 0:
78 /* The object has (apparently) been initialized but it is not
79 * in use. It's ok to call abort on such an object, and there's
80 * nothing to do. */
81 break;
82 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
83 case PSA_ALG_MD2:
84 mbedtls_md2_free(&operation->ctx.md2);
85 break;
86 #endif
87 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
88 case PSA_ALG_MD4:
89 mbedtls_md4_free(&operation->ctx.md4);
90 break;
91 #endif
92 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
93 case PSA_ALG_MD5:
94 mbedtls_md5_free(&operation->ctx.md5);
95 break;
96 #endif
97 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
98 case PSA_ALG_RIPEMD160:
99 mbedtls_ripemd160_free(&operation->ctx.ripemd160);
100 break;
101 #endif
102 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
103 case PSA_ALG_SHA_1:
104 mbedtls_sha1_free(&operation->ctx.sha1);
105 break;
106 #endif
107 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
108 case PSA_ALG_SHA_224:
109 mbedtls_sha256_free(&operation->ctx.sha256);
110 break;
111 #endif
112 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
113 case PSA_ALG_SHA_256:
114 mbedtls_sha256_free(&operation->ctx.sha256);
115 break;
116 #endif
117 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
118 case PSA_ALG_SHA_384:
119 mbedtls_sha512_free(&operation->ctx.sha512);
120 break;
121 #endif
122 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
123 case PSA_ALG_SHA_512:
124 mbedtls_sha512_free(&operation->ctx.sha512);
125 break;
126 #endif
127 default:
128 return PSA_ERROR_BAD_STATE;
129 }
130 operation->alg = 0;
131 return PSA_SUCCESS;
132 }
133
mbedtls_psa_hash_setup(mbedtls_psa_hash_operation_t * operation,psa_algorithm_t alg)134 psa_status_t mbedtls_psa_hash_setup(
135 mbedtls_psa_hash_operation_t *operation,
136 psa_algorithm_t alg)
137 {
138 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
139
140 /* A context must be freshly initialized before it can be set up. */
141 if (operation->alg != 0) {
142 return PSA_ERROR_BAD_STATE;
143 }
144
145 switch (alg) {
146 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
147 case PSA_ALG_MD2:
148 mbedtls_md2_init(&operation->ctx.md2);
149 ret = mbedtls_md2_starts_ret(&operation->ctx.md2);
150 break;
151 #endif
152 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
153 case PSA_ALG_MD4:
154 mbedtls_md4_init(&operation->ctx.md4);
155 ret = mbedtls_md4_starts_ret(&operation->ctx.md4);
156 break;
157 #endif
158 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
159 case PSA_ALG_MD5:
160 mbedtls_md5_init(&operation->ctx.md5);
161 ret = mbedtls_md5_starts_ret(&operation->ctx.md5);
162 break;
163 #endif
164 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
165 case PSA_ALG_RIPEMD160:
166 mbedtls_ripemd160_init(&operation->ctx.ripemd160);
167 ret = mbedtls_ripemd160_starts_ret(&operation->ctx.ripemd160);
168 break;
169 #endif
170 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
171 case PSA_ALG_SHA_1:
172 mbedtls_sha1_init(&operation->ctx.sha1);
173 ret = mbedtls_sha1_starts_ret(&operation->ctx.sha1);
174 break;
175 #endif
176 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
177 case PSA_ALG_SHA_224:
178 mbedtls_sha256_init(&operation->ctx.sha256);
179 ret = mbedtls_sha256_starts_ret(&operation->ctx.sha256, 1);
180 break;
181 #endif
182 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
183 case PSA_ALG_SHA_256:
184 mbedtls_sha256_init(&operation->ctx.sha256);
185 ret = mbedtls_sha256_starts_ret(&operation->ctx.sha256, 0);
186 break;
187 #endif
188 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
189 case PSA_ALG_SHA_384:
190 mbedtls_sha512_init(&operation->ctx.sha512);
191 ret = mbedtls_sha512_starts_ret(&operation->ctx.sha512, 1);
192 break;
193 #endif
194 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
195 case PSA_ALG_SHA_512:
196 mbedtls_sha512_init(&operation->ctx.sha512);
197 ret = mbedtls_sha512_starts_ret(&operation->ctx.sha512, 0);
198 break;
199 #endif
200 default:
201 return PSA_ALG_IS_HASH(alg) ?
202 PSA_ERROR_NOT_SUPPORTED :
203 PSA_ERROR_INVALID_ARGUMENT;
204 }
205 if (ret == 0) {
206 operation->alg = alg;
207 } else {
208 mbedtls_psa_hash_abort(operation);
209 }
210 return mbedtls_to_psa_error(ret);
211 }
212
mbedtls_psa_hash_clone(const mbedtls_psa_hash_operation_t * source_operation,mbedtls_psa_hash_operation_t * target_operation)213 psa_status_t mbedtls_psa_hash_clone(
214 const mbedtls_psa_hash_operation_t *source_operation,
215 mbedtls_psa_hash_operation_t *target_operation)
216 {
217 switch (source_operation->alg) {
218 case 0:
219 return PSA_ERROR_BAD_STATE;
220 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
221 case PSA_ALG_MD2:
222 mbedtls_md2_clone(&target_operation->ctx.md2,
223 &source_operation->ctx.md2);
224 break;
225 #endif
226 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
227 case PSA_ALG_MD4:
228 mbedtls_md4_clone(&target_operation->ctx.md4,
229 &source_operation->ctx.md4);
230 break;
231 #endif
232 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
233 case PSA_ALG_MD5:
234 mbedtls_md5_clone(&target_operation->ctx.md5,
235 &source_operation->ctx.md5);
236 break;
237 #endif
238 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
239 case PSA_ALG_RIPEMD160:
240 mbedtls_ripemd160_clone(&target_operation->ctx.ripemd160,
241 &source_operation->ctx.ripemd160);
242 break;
243 #endif
244 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
245 case PSA_ALG_SHA_1:
246 mbedtls_sha1_clone(&target_operation->ctx.sha1,
247 &source_operation->ctx.sha1);
248 break;
249 #endif
250 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
251 case PSA_ALG_SHA_224:
252 mbedtls_sha256_clone(&target_operation->ctx.sha256,
253 &source_operation->ctx.sha256);
254 break;
255 #endif
256 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
257 case PSA_ALG_SHA_256:
258 mbedtls_sha256_clone(&target_operation->ctx.sha256,
259 &source_operation->ctx.sha256);
260 break;
261 #endif
262 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
263 case PSA_ALG_SHA_384:
264 mbedtls_sha512_clone(&target_operation->ctx.sha512,
265 &source_operation->ctx.sha512);
266 break;
267 #endif
268 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
269 case PSA_ALG_SHA_512:
270 mbedtls_sha512_clone(&target_operation->ctx.sha512,
271 &source_operation->ctx.sha512);
272 break;
273 #endif
274 default:
275 (void) source_operation;
276 (void) target_operation;
277 return PSA_ERROR_NOT_SUPPORTED;
278 }
279
280 target_operation->alg = source_operation->alg;
281 return PSA_SUCCESS;
282 }
283
mbedtls_psa_hash_update(mbedtls_psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)284 psa_status_t mbedtls_psa_hash_update(
285 mbedtls_psa_hash_operation_t *operation,
286 const uint8_t *input,
287 size_t input_length)
288 {
289 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
290
291 switch (operation->alg) {
292 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
293 case PSA_ALG_MD2:
294 ret = mbedtls_md2_update_ret(&operation->ctx.md2,
295 input, input_length);
296 break;
297 #endif
298 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
299 case PSA_ALG_MD4:
300 ret = mbedtls_md4_update_ret(&operation->ctx.md4,
301 input, input_length);
302 break;
303 #endif
304 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
305 case PSA_ALG_MD5:
306 ret = mbedtls_md5_update_ret(&operation->ctx.md5,
307 input, input_length);
308 break;
309 #endif
310 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
311 case PSA_ALG_RIPEMD160:
312 ret = mbedtls_ripemd160_update_ret(&operation->ctx.ripemd160,
313 input, input_length);
314 break;
315 #endif
316 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
317 case PSA_ALG_SHA_1:
318 ret = mbedtls_sha1_update_ret(&operation->ctx.sha1,
319 input, input_length);
320 break;
321 #endif
322 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
323 case PSA_ALG_SHA_224:
324 ret = mbedtls_sha256_update_ret(&operation->ctx.sha256,
325 input, input_length);
326 break;
327 #endif
328 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
329 case PSA_ALG_SHA_256:
330 ret = mbedtls_sha256_update_ret(&operation->ctx.sha256,
331 input, input_length);
332 break;
333 #endif
334 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
335 case PSA_ALG_SHA_384:
336 ret = mbedtls_sha512_update_ret(&operation->ctx.sha512,
337 input, input_length);
338 break;
339 #endif
340 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
341 case PSA_ALG_SHA_512:
342 ret = mbedtls_sha512_update_ret(&operation->ctx.sha512,
343 input, input_length);
344 break;
345 #endif
346 default:
347 (void) input;
348 (void) input_length;
349 return PSA_ERROR_BAD_STATE;
350 }
351
352 return mbedtls_to_psa_error(ret);
353 }
354
mbedtls_psa_hash_finish(mbedtls_psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)355 psa_status_t mbedtls_psa_hash_finish(
356 mbedtls_psa_hash_operation_t *operation,
357 uint8_t *hash,
358 size_t hash_size,
359 size_t *hash_length)
360 {
361 psa_status_t status;
362 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
363 size_t actual_hash_length = PSA_HASH_LENGTH(operation->alg);
364
365 /* Fill the output buffer with something that isn't a valid hash
366 * (barring an attack on the hash and deliberately-crafted input),
367 * in case the caller doesn't check the return status properly. */
368 *hash_length = hash_size;
369 /* If hash_size is 0 then hash may be NULL and then the
370 * call to memset would have undefined behavior. */
371 if (hash_size != 0) {
372 memset(hash, '!', hash_size);
373 }
374
375 if (hash_size < actual_hash_length) {
376 status = PSA_ERROR_BUFFER_TOO_SMALL;
377 goto exit;
378 }
379
380 switch (operation->alg) {
381 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
382 case PSA_ALG_MD2:
383 ret = mbedtls_md2_finish_ret(&operation->ctx.md2, hash);
384 break;
385 #endif
386 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
387 case PSA_ALG_MD4:
388 ret = mbedtls_md4_finish_ret(&operation->ctx.md4, hash);
389 break;
390 #endif
391 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
392 case PSA_ALG_MD5:
393 ret = mbedtls_md5_finish_ret(&operation->ctx.md5, hash);
394 break;
395 #endif
396 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
397 case PSA_ALG_RIPEMD160:
398 ret = mbedtls_ripemd160_finish_ret(&operation->ctx.ripemd160, hash);
399 break;
400 #endif
401 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
402 case PSA_ALG_SHA_1:
403 ret = mbedtls_sha1_finish_ret(&operation->ctx.sha1, hash);
404 break;
405 #endif
406 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
407 case PSA_ALG_SHA_224:
408 ret = mbedtls_sha256_finish_ret(&operation->ctx.sha256, hash);
409 break;
410 #endif
411 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
412 case PSA_ALG_SHA_256:
413 ret = mbedtls_sha256_finish_ret(&operation->ctx.sha256, hash);
414 break;
415 #endif
416 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
417 case PSA_ALG_SHA_384:
418 ret = mbedtls_sha512_finish_ret(&operation->ctx.sha512, hash);
419 break;
420 #endif
421 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
422 case PSA_ALG_SHA_512:
423 ret = mbedtls_sha512_finish_ret(&operation->ctx.sha512, hash);
424 break;
425 #endif
426 default:
427 (void) hash;
428 return PSA_ERROR_BAD_STATE;
429 }
430 status = mbedtls_to_psa_error(ret);
431
432 exit:
433 if (status == PSA_SUCCESS) {
434 *hash_length = actual_hash_length;
435 }
436 return status;
437 }
438
mbedtls_psa_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)439 psa_status_t mbedtls_psa_hash_compute(
440 psa_algorithm_t alg,
441 const uint8_t *input,
442 size_t input_length,
443 uint8_t *hash,
444 size_t hash_size,
445 size_t *hash_length)
446 {
447 mbedtls_psa_hash_operation_t operation = MBEDTLS_PSA_HASH_OPERATION_INIT;
448 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
449 psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
450
451 *hash_length = hash_size;
452 status = mbedtls_psa_hash_setup(&operation, alg);
453 if (status != PSA_SUCCESS) {
454 goto exit;
455 }
456 status = mbedtls_psa_hash_update(&operation, input, input_length);
457 if (status != PSA_SUCCESS) {
458 goto exit;
459 }
460 status = mbedtls_psa_hash_finish(&operation, hash, hash_size, hash_length);
461 if (status != PSA_SUCCESS) {
462 goto exit;
463 }
464
465 exit:
466 abort_status = mbedtls_psa_hash_abort(&operation);
467 if (status == PSA_SUCCESS) {
468 return abort_status;
469 } else {
470 return status;
471 }
472
473 }
474 #endif /* MBEDTLS_PSA_BUILTIN_HASH */
475
476 #endif /* MBEDTLS_PSA_CRYPTO_C */
477