diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 2f1b3e2bae..f717618d27 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -113,7 +113,10 @@ #define MBEDTLS_MD_SOME_LEGACY #endif #if defined(MBEDTLS_SHA3_C) -#define MBEDTLS_MD_CAN_SHA3 +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_CAN_SHA3_512 #endif #if defined(MBEDTLS_RIPEMD160_C) #define MBEDTLS_MD_CAN_RIPEMD160 @@ -158,23 +161,37 @@ typedef enum { MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ } mbedtls_md_type_t; -#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C) +/* Note: this should always be >= PSA_HASH_MAX_SIZE + * in all builds with both CRYPTO_C and MD_LIGHT. + * + * This is to make things easier for modules such as TLS that may define a + * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA + * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another + * part of the code based on PSA. + */ +#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ -#elif defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */ -#elif defined(MBEDTLS_MD_CAN_SHA256) +#elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */ -#elif defined(MBEDTLS_MD_CAN_SHA224) +#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */ #else #define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160 or smaller (MD5 and earlier) */ #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ -#elif defined(MBEDTLS_MD_CAN_SHA512) +#elif defined(MBEDTLS_MD_CAN_SHA3_256) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 136 +#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 +#elif defined(MBEDTLS_MD_CAN_SHA3_384) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 104 +#elif defined(MBEDTLS_MD_CAN_SHA3_512) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 72 #else #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 #endif diff --git a/library/md.c b/library/md.c index ac0619871d..a29d876e9e 100644 --- a/library/md.c +++ b/library/md.c @@ -139,25 +139,34 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) const mbedtls_md_info_t mbedtls_sha3_224_info = { "SHA3-224", MBEDTLS_MD_SHA3_224, 28, 144, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_256) const mbedtls_md_info_t mbedtls_sha3_256_info = { "SHA3-256", MBEDTLS_MD_SHA3_256, 32, 136, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_384) const mbedtls_md_info_t mbedtls_sha3_384_info = { "SHA3-384", MBEDTLS_MD_SHA3_384, 48, 104, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_512) const mbedtls_md_info_t mbedtls_sha3_512_info = { "SHA3-512", MBEDTLS_MD_SHA3_512, @@ -197,13 +206,19 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_SHA512: return &mbedtls_sha512_info; #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA3_224) case MBEDTLS_MD_SHA3_224: return &mbedtls_sha3_224_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) case MBEDTLS_MD_SHA3_256: return &mbedtls_sha3_256_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) case MBEDTLS_MD_SHA3_384: return &mbedtls_sha3_384_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) case MBEDTLS_MD_SHA3_512: return &mbedtls_sha3_512_info; #endif @@ -889,10 +904,19 @@ static const int supported_digests[] = { MBEDTLS_MD_MD5, #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) MBEDTLS_MD_SHA3_224, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_256) MBEDTLS_MD_SHA3_256, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_384) MBEDTLS_MD_SHA3_384, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_512) MBEDTLS_MD_SHA3_512, #endif @@ -946,14 +970,23 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA3_224) if (!strcmp("SHA3-224", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_224); - } else if (!strcmp("SHA3-256", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + if (!strcmp("SHA3-256", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_256); - } else if (!strcmp("SHA3-384", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + if (!strcmp("SHA3-384", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_384); - } else if (!strcmp("SHA3-512", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + if (!strcmp("SHA3-512", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_512); } #endif diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 6a63507622..68866d7aa8 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -19,19 +19,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA512 HMAC_DRBG entropy usage SHA3-224 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_224 HMAC_DRBG entropy usage SHA3-256 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_256 HMAC_DRBG entropy usage SHA3-384 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384 HMAC_DRBG entropy usage SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512 HMAC_DRBG write/update seed file SHA-1 [#1] @@ -75,35 +75,35 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_seed_file:MBEDTLS_MD_SHA512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-224 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-224 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-256 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-256 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-384 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-384 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-512 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-512 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG from buffer SHA-1 @@ -127,19 +127,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_buf:MBEDTLS_MD_SHA512 HMAC_DRBG from buffer SHA3-224 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_buf:MBEDTLS_MD_SHA3_224 HMAC_DRBG from buffer SHA3-256 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_buf:MBEDTLS_MD_SHA3_256 HMAC_DRBG from buffer SHA3-384 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_buf:MBEDTLS_MD_SHA3_384 HMAC_DRBG from buffer SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_buf:MBEDTLS_MD_SHA3_512 HMAC_DRBG self test