mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 23:05:41 +01:00
1e58235d8b
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
249 lines
9.3 KiB
C
249 lines
9.3 KiB
C
/*
|
|
* PSA hashing layer on top of Mbed TLS software crypto
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef PSA_CRYPTO_HASH_H
|
|
#define PSA_CRYPTO_HASH_H
|
|
|
|
#include <psa/crypto.h>
|
|
#include "mbedtls/md2.h"
|
|
#include "mbedtls/md4.h"
|
|
#include "mbedtls/md5.h"
|
|
#include "mbedtls/ripemd160.h"
|
|
#include "mbedtls/sha1.h"
|
|
#include "mbedtls/sha256.h"
|
|
#include "mbedtls/sha512.h"
|
|
|
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
|
|
#define MBEDTLS_PSA_BUILTIN_HASH
|
|
#endif
|
|
|
|
typedef struct
|
|
{
|
|
psa_algorithm_t alg;
|
|
union
|
|
{
|
|
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
|
#if defined(MBEDTLS_MD2_C)
|
|
mbedtls_md2_context md2;
|
|
#endif
|
|
#if defined(MBEDTLS_MD4_C)
|
|
mbedtls_md4_context md4;
|
|
#endif
|
|
#if defined(MBEDTLS_MD5_C)
|
|
mbedtls_md5_context md5;
|
|
#endif
|
|
#if defined(MBEDTLS_RIPEMD160_C)
|
|
mbedtls_ripemd160_context ripemd160;
|
|
#endif
|
|
#if defined(MBEDTLS_SHA1_C)
|
|
mbedtls_sha1_context sha1;
|
|
#endif
|
|
#if defined(MBEDTLS_SHA256_C)
|
|
mbedtls_sha256_context sha256;
|
|
#endif
|
|
#if defined(MBEDTLS_SHA512_C)
|
|
mbedtls_sha512_context sha512;
|
|
#endif
|
|
} ctx;
|
|
} mbedtls_psa_hash_operation_t;
|
|
|
|
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
|
|
|
|
/** Calculate the hash (digest) of a message using Mbed TLS routines.
|
|
*
|
|
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
|
|
* such that #PSA_ALG_IS_HASH(\p alg) is true).
|
|
* \param[in] input Buffer containing the message to hash.
|
|
* \param input_length Size of the \p input buffer in bytes.
|
|
* \param[out] hash Buffer where the hash is to be written.
|
|
* \param hash_size Size of the \p hash buffer in bytes.
|
|
* \param[out] hash_length On success, the number of bytes
|
|
* that make up the hash value. This is always
|
|
* #PSA_HASH_LENGTH(\p alg).
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
* \p alg is not supported or is not a hash algorithm.
|
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* \p hash_size is too small
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
|
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
*/
|
|
psa_status_t mbedtls_psa_hash_compute(
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *hash,
|
|
size_t hash_size,
|
|
size_t *hash_length);
|
|
|
|
/** Set up a multipart hash operation using Mbed TLS routines.
|
|
*
|
|
* If an error occurs at any step after a call to mbedtls_psa_hash_setup(), the
|
|
* operation will need to be reset by a call to mbedtls_psa_hash_abort(). The
|
|
* core may call mbedtls_psa_hash_abort() at any time after the operation
|
|
* has been initialized.
|
|
*
|
|
* After a successful call to mbedtls_psa_hash_setup(), the core must
|
|
* eventually terminate the operation. The following events terminate an
|
|
* operation:
|
|
* - A successful call to mbedtls_psa_hash_finish() or mbedtls_psa_hash_verify().
|
|
* - A call to mbedtls_psa_hash_abort().
|
|
*
|
|
* \param[in,out] operation The operation object to set up. It must have
|
|
* been initialized to all-zero and not yet be in use.
|
|
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
|
|
* such that #PSA_ALG_IS_HASH(\p alg) is true).
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
* \p alg is not a supported hash algorithm.
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be inactive).
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_hash_setup(
|
|
mbedtls_psa_hash_operation_t *operation,
|
|
psa_algorithm_t alg );
|
|
|
|
/** Clone an Mbed TLS hash operation.
|
|
*
|
|
* This function copies the state of an ongoing hash operation to
|
|
* a new operation object. In other words, this function is equivalent
|
|
* to calling mbedtls_psa_hash_setup() on \p target_operation with the same
|
|
* algorithm that \p source_operation was set up for, then
|
|
* mbedtls_psa_hash_update() on \p target_operation with the same input that
|
|
* that was passed to \p source_operation. After this function returns, the
|
|
* two objects are independent, i.e. subsequent calls involving one of
|
|
* the objects do not affect the other object.
|
|
*
|
|
* \param[in] source_operation The active hash operation to clone.
|
|
* \param[in,out] target_operation The operation object to set up.
|
|
* It must be initialized but not active.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The \p source_operation state is not valid (it must be active).
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The \p target_operation state is not valid (it must be inactive).
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
*/
|
|
psa_status_t mbedtls_psa_hash_clone(
|
|
const mbedtls_psa_hash_operation_t *source_operation,
|
|
mbedtls_psa_hash_operation_t *target_operation );
|
|
|
|
/** Add a message fragment to a multipart Mbed TLS hash operation.
|
|
*
|
|
* The application must call mbedtls_psa_hash_setup() before calling this function.
|
|
*
|
|
* If this function returns an error status, the operation enters an error
|
|
* state and must be aborted by calling mbedtls_psa_hash_abort().
|
|
*
|
|
* \param[in,out] operation Active hash operation.
|
|
* \param[in] input Buffer containing the message fragment to hash.
|
|
* \param input_length Size of the \p input buffer in bytes.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it muct be active).
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_hash_update(
|
|
mbedtls_psa_hash_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length );
|
|
|
|
/** Finish the calculation of the Mbed TLS-calculated hash of a message.
|
|
*
|
|
* The application must call mbedtls_psa_hash_setup() before calling this function.
|
|
* This function calculates the hash of the message formed by concatenating
|
|
* the inputs passed to preceding calls to mbedtls_psa_hash_update().
|
|
*
|
|
* When this function returns successfuly, the operation becomes inactive.
|
|
* If this function returns an error status, the operation enters an error
|
|
* state and must be aborted by calling mbedtls_psa_hash_abort().
|
|
*
|
|
* \param[in,out] operation Active hash operation.
|
|
* \param[out] hash Buffer where the hash is to be written.
|
|
* \param hash_size Size of the \p hash buffer in bytes.
|
|
* \param[out] hash_length On success, the number of bytes
|
|
* that make up the hash value. This is always
|
|
* #PSA_HASH_LENGTH(\c alg) where \c alg is the
|
|
* hash algorithm that is calculated.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* Success.
|
|
* \retval #PSA_ERROR_BAD_STATE
|
|
* The operation state is not valid (it must be active).
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* The size of the \p hash buffer is too small. You can determine a
|
|
* sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
|
|
* where \c alg is the hash algorithm that is calculated.
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_hash_finish(
|
|
mbedtls_psa_hash_operation_t *operation,
|
|
uint8_t *hash,
|
|
size_t hash_size,
|
|
size_t *hash_length );
|
|
|
|
/** Abort an Mbed TLS hash operation.
|
|
*
|
|
* Aborting an operation frees all associated resources except for the
|
|
* \p operation structure itself. Once aborted, the operation object
|
|
* can be reused for another operation by calling
|
|
* mbedtls_psa_hash_setup() again.
|
|
*
|
|
* You may call this function any time after the operation object has
|
|
* been initialized by one of the methods described in #psa_hash_operation_t.
|
|
*
|
|
* In particular, calling mbedtls_psa_hash_abort() after the operation has been
|
|
* terminated by a call to mbedtls_psa_hash_abort(), mbedtls_psa_hash_finish() or
|
|
* mbedtls_psa_hash_verify() is safe and has no effect.
|
|
*
|
|
* \param[in,out] operation Initialized hash operation.
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t mbedtls_psa_hash_abort(
|
|
mbedtls_psa_hash_operation_t *operation );
|
|
|
|
#endif /* PSA_CRYPTO_HASH_H */
|