From ff45d44c02cf49d7998b65df1f8421064302b551 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 10:11:34 +0100 Subject: [PATCH 1/6] Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 7 +++++-- library/md.c | 39 +++++++++++++++++++++++++++++++++------ 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 2f1b3e2bae..a73a7b0eaf 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -113,7 +113,10 @@ #define MBEDTLS_MD_SOME_LEGACY #endif #if defined(MBEDTLS_SHA3_C) -#define MBEDTLS_MD_CAN_SHA3 +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_CAN_SHA3_512 #endif #if defined(MBEDTLS_RIPEMD160_C) #define MBEDTLS_MD_CAN_RIPEMD160 @@ -171,7 +174,7 @@ typedef enum { or smaller (MD5 and earlier) */ #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ #elif defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 diff --git a/library/md.c b/library/md.c index ac0619871d..2af2e44925 100644 --- a/library/md.c +++ b/library/md.c @@ -139,25 +139,34 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) const mbedtls_md_info_t mbedtls_sha3_224_info = { "SHA3-224", MBEDTLS_MD_SHA3_224, 28, 144, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_256) const mbedtls_md_info_t mbedtls_sha3_256_info = { "SHA3-256", MBEDTLS_MD_SHA3_256, 32, 136, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_384) const mbedtls_md_info_t mbedtls_sha3_384_info = { "SHA3-384", MBEDTLS_MD_SHA3_384, 48, 104, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_512) const mbedtls_md_info_t mbedtls_sha3_512_info = { "SHA3-512", MBEDTLS_MD_SHA3_512, @@ -889,10 +898,19 @@ static const int supported_digests[] = { MBEDTLS_MD_MD5, #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) MBEDTLS_MD_SHA3_224, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_256) MBEDTLS_MD_SHA3_256, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_384) MBEDTLS_MD_SHA3_384, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_512) MBEDTLS_MD_SHA3_512, #endif @@ -946,14 +964,23 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA3_224) if (!strcmp("SHA3-224", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_224); - } else if (!strcmp("SHA3-256", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + if (!strcmp("SHA3-256", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_256); - } else if (!strcmp("SHA3-384", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + if (!strcmp("SHA3-384", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_384); - } else if (!strcmp("SHA3-512", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + if (!strcmp("SHA3-512", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_512); } #endif From 9304186ae9c79579379d211f21940a1444f59e42 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 10:13:22 +0100 Subject: [PATCH 2/6] Restore accidentally removed comment Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index a73a7b0eaf..67a5bd6ce0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -161,6 +161,14 @@ typedef enum { MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ } mbedtls_md_type_t; +/* Note: this should always be >= PSA_HASH_MAX_SIZE + * in all builds with both CRYPTO_C and MD_LIGHT. + * + * This is to make things easier for modules such as TLS that may define a + * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA + * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another + * part of the code based on PSA. + */ #if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) From 33701acf554b3f501f50c6bc0c27c2b1df2c8d73 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 13:48:42 +0100 Subject: [PATCH 3/6] Fix test dependencies Signed-off-by: Dave Rodgman --- tests/suites/test_suite_hmac_drbg.misc.data | 32 ++++++++++----------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 6a63507622..68866d7aa8 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -19,19 +19,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA512 HMAC_DRBG entropy usage SHA3-224 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_224 HMAC_DRBG entropy usage SHA3-256 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_256 HMAC_DRBG entropy usage SHA3-384 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384 HMAC_DRBG entropy usage SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512 HMAC_DRBG write/update seed file SHA-1 [#1] @@ -75,35 +75,35 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_seed_file:MBEDTLS_MD_SHA512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-224 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-224 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-256 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-256 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-384 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-384 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-512 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-512 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG from buffer SHA-1 @@ -127,19 +127,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_buf:MBEDTLS_MD_SHA512 HMAC_DRBG from buffer SHA3-224 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_buf:MBEDTLS_MD_SHA3_224 HMAC_DRBG from buffer SHA3-256 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_buf:MBEDTLS_MD_SHA3_256 HMAC_DRBG from buffer SHA3-384 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_buf:MBEDTLS_MD_SHA3_384 HMAC_DRBG from buffer SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_buf:MBEDTLS_MD_SHA3_512 HMAC_DRBG self test From 0442e1b56141a31f36127f489c484cec7ba34b3d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 16:03:33 +0100 Subject: [PATCH 4/6] Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 67a5bd6ce0..c040a48c57 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -169,13 +169,13 @@ typedef enum { * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another * part of the code based on PSA. */ -#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ -#elif defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */ -#elif defined(MBEDTLS_MD_CAN_SHA256) +#elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */ -#elif defined(MBEDTLS_MD_CAN_SHA224) +#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */ #else #define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160 @@ -184,8 +184,14 @@ typedef enum { #if defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ +#elif defined(MBEDTLS_MD_CAN_SHA3_256) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 136 #elif defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 +#elif defined(MBEDTLS_MD_CAN_SHA3_384) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 104 +#elif defined(MBEDTLS_MD_CAN_SHA3_512) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 72 #else #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 #endif From 6d4933e54d833092503cc62d48864843bc5a9fed Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 16:03:54 +0100 Subject: [PATCH 5/6] Replace use of MBEDTLS_SHA3_C with MBEDTLS_MD_CAN_SHA3_xxx Signed-off-by: Dave Rodgman --- library/md.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/md.c b/library/md.c index 2af2e44925..a29d876e9e 100644 --- a/library/md.c +++ b/library/md.c @@ -206,13 +206,19 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_SHA512: return &mbedtls_sha512_info; #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA3_224) case MBEDTLS_MD_SHA3_224: return &mbedtls_sha3_224_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) case MBEDTLS_MD_SHA3_256: return &mbedtls_sha3_256_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) case MBEDTLS_MD_SHA3_384: return &mbedtls_sha3_384_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) case MBEDTLS_MD_SHA3_512: return &mbedtls_sha3_512_info; #endif From f956312174ed8b8b24403cad4885269f62e6292a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 11 Jun 2023 16:04:29 +0100 Subject: [PATCH 6/6] Fix typo in MBEDTLS_MD_CAN macros Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index c040a48c57..f717618d27 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -186,7 +186,7 @@ typedef enum { #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ #elif defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_BLOCK_SIZE 136 -#elif defined(MBEDTLS_MD_CAN_SHA512) +#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 #elif defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 104