From ba2412fd21c95c350b1cbdf361ede2ce9df4fe8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Feb 2023 18:44:46 +0100 Subject: [PATCH 01/10] Remove internal function md_process() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was already marked as internal use only, and no longer used internally. Also, it won't work when we dispatch to PSA. Remove it before the MD_LIGHT split to avoid a corner case: it's technically a hashing function, no HMAC or extra metadata, but we still don't want it in MD_LIGHT really. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 4 --- library/md.c | 40 ----------------------------- tests/suites/test_suite_md.data | 4 +-- tests/suites/test_suite_md.function | 17 +++--------- 4 files changed, 6 insertions(+), 59 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 1a92c57611..bcf56a5499 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -471,10 +471,6 @@ int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, const unsigned char *input, size_t ilen, unsigned char *output); -/* Internal use */ -MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data); - #ifdef __cplusplus } #endif diff --git a/library/md.c b/library/md.c index a729878990..dd5553aa9a 100644 --- a/library/md.c +++ b/library/md.c @@ -774,46 +774,6 @@ cleanup: return ret; } -int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data) -{ - if (ctx == NULL || ctx->md_info == NULL) { - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - } - - switch (ctx->md_info->type) { -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return mbedtls_internal_md5_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_RIPEMD160_C) - case MBEDTLS_MD_RIPEMD160: - return mbedtls_internal_ripemd160_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return mbedtls_internal_sha1_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA224_C) - case MBEDTLS_MD_SHA224: - return mbedtls_internal_sha256_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA256: - return mbedtls_internal_sha256_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_MD_SHA384: - return mbedtls_internal_sha512_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA512: - return mbedtls_internal_sha512_process(ctx->md_ctx, data); -#endif - default: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - } -} - unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { if (md_info == NULL) { diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 5659ff4316..79b837619b 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,6 +1,6 @@ # Tests of the generic message digest interface -MD process -mbedtls_md_process: +MD list +mbedtls_md_list: MD NULL/uninitialised arguments md_null_args: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 2f60c4e999..ac3a8baf4f 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -8,30 +8,24 @@ */ /* BEGIN_CASE */ -void mbedtls_md_process() +void mbedtls_md_list() { const int *md_type_ptr; const mbedtls_md_info_t *info; mbedtls_md_context_t ctx; - unsigned char buf[150]; + unsigned char out[MBEDTLS_MD_MAX_SIZE] = { 0 }; mbedtls_md_init(&ctx); - memset(buf, 0, sizeof(buf)); /* - * Very minimal testing of mbedtls_md_process, just make sure the various - * xxx_process_wrap() function pointers are valid. (Testing that they - * indeed do the right thing would require messing with the internal - * state of the underlying mbedtls_md/sha context.) - * - * Also tests that mbedtls_md_list() only returns valid MDs. + * Test that mbedtls_md_list() only returns valid MDs. */ for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) { info = mbedtls_md_info_from_type(*md_type_ptr); TEST_ASSERT(info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, info, 0)); TEST_EQUAL(0, mbedtls_md_starts(&ctx)); - TEST_EQUAL(0, mbedtls_md_process(&ctx, buf)); + TEST_EQUAL(0, mbedtls_md_finish(&ctx, out)); mbedtls_md_free(&ctx); } @@ -94,9 +88,6 @@ void md_null_args() TEST_EQUAL(mbedtls_md_hmac(NULL, buf, 1, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); - TEST_EQUAL(mbedtls_md_process(NULL, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); - TEST_EQUAL(mbedtls_md_process(&ctx, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); - /* Ok, this is not NULL arg but NULL return... */ TEST_ASSERT(mbedtls_md_info_from_type(MBEDTLS_MD_NONE) == NULL); TEST_ASSERT(mbedtls_md_info_from_string("no such md") == NULL); From b9b630d6286be77df901d0c9a0371180460bd2e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Feb 2023 19:07:31 +0100 Subject: [PATCH 02/10] Define "light" subset of MD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See docs/architecture/psa-migration/md-cipher-dispatch.md Regarding testing, the no_md component was never very useful, as that's not something people are likely to want to do: it was mostly useful as executable documentation of what depends on MD. It's going to be even less useful when more and more modules auto-enable MD_LIGHT or even MD_C. So, recycle it to test the build with only MD_LIGHT, which is something that might happen in practice, and is necessary to ensure that the division is consistent. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 7 ++++++ include/mbedtls/mbedtls_config.h | 21 +++++++++++++++- include/mbedtls/md.h | 22 ++++++++++++++--- library/md.c | 16 +++++++++---- tests/scripts/all.sh | 20 ++++++++++------ tests/suites/test_suite_md.function | 37 +++++++++++++++++++++++------ 6 files changed, 101 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index bbfd5d48df..bc94acf104 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -80,6 +80,13 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. + * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. + */ +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_MD_LIGHT +#endif + /* The PK wrappers need pk_write functions to format RSA key objects * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964a..41a007ea90 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2643,7 +2643,7 @@ /** * \def MBEDTLS_MD_C * - * Enable the generic message digest layer. + * Enable the generic layer for message digest (hashing) and HMAC. * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2672,6 +2672,25 @@ */ #define MBEDTLS_MD_C +/** + * \def MBEDTLS_MD_LIGHT + * + * Enable the "light" subset of MBEDTLS_MD_C: just hashing and basic + * meta-data. + * + * This is automatically enabled whenever MBEDTLS_MD_C is enabled, but it is + * possible to enable this with MBEDTLS_MD_C if support for HMAC or extra + * metadata functions is not needed. + * + * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, + * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, + * MBEDTLS_SHA512_C. + * Module: library/md.c + * + * Uncomment to enabled the "light" subsect of MD. + */ +#define MBEDTLS_MD_LIGHT + /** * \def MBEDTLS_MD5_C * diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index bcf56a5499..f9349e1d85 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -1,7 +1,15 @@ /** * \file md.h * - * \brief This file contains the generic message-digest wrapper. + * \brief This file contains the generic functions for message-digest + * (hashing) and HMAC. + * + * Availability of function in this modules is controled by two + * feature macros: + * - MBEDTLS_MD_C enables the whole module; + * - MBEDTLS_MD_LIGHT enables only functions for hashing an accessing + * some hash metadata; is it automatically set whenever MBEDTLS_MD_C + * is set. * * \author Adriaan de Jong */ @@ -107,6 +115,7 @@ typedef struct mbedtls_md_context_t { void *MBEDTLS_PRIVATE(hmac_ctx); } mbedtls_md_context_t; +#if defined(MBEDTLS_MD_C) /** * \brief This function returns the list of digests supported by the * generic digest module. @@ -130,6 +139,7 @@ const int *mbedtls_md_list(void); * \return NULL if the associated message-digest information is not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); +#endif /* MBEDTLS_MD_C */ /** * \brief This function returns the message-digest information @@ -142,6 +152,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); */ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); +#if defined(MBEDTLS_MD_C) /** * \brief This function returns the message-digest information * from the given context. @@ -154,6 +165,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); */ const mbedtls_md_info_t *mbedtls_md_info_from_ctx( const mbedtls_md_context_t *ctx); +#endif /* MBEDTLS_MD_C */ /** * \brief This function initializes a message-digest context without @@ -248,6 +260,7 @@ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); */ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); +#if defined(MBEDTLS_MD_C) /** * \brief This function extracts the message-digest name from the * message-digest information structure. @@ -258,6 +271,7 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); * \return The name of the message digest. */ const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); +#endif /* MBEDTLS_MD_C */ /** * \brief This function starts a message-digest computation. @@ -337,7 +351,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output); -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) /** * \brief This function calculates the message-digest checksum * result of the contents of the provided file. @@ -358,8 +372,9 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output); -#endif /* MBEDTLS_FS_IO */ +#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#if defined(MBEDTLS_MD_C) /** * \brief This function sets the HMAC key and prepares to * authenticate a new message. @@ -470,6 +485,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output); +#endif /* MBEDTLS_MD_C */ #ifdef __cplusplus } diff --git a/library/md.c b/library/md.c index dd5553aa9a..8aecd39f07 100644 --- a/library/md.c +++ b/library/md.c @@ -23,7 +23,7 @@ #include "common.h" -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_MD_LIGHT) #include "mbedtls/md.h" #include "md_wrap.h" @@ -110,6 +110,7 @@ const mbedtls_md_info_t mbedtls_sha512_info = { /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ +#if defined(MBEDTLS_MD_C) static const int supported_digests[] = { #if defined(MBEDTLS_SHA512_C) @@ -191,6 +192,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) #endif return NULL; } +#endif /* MBEDTLS_MD_C */ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { @@ -228,6 +230,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) } } +#if defined(MBEDTLS_MD_C) const mbedtls_md_info_t *mbedtls_md_info_from_ctx( const mbedtls_md_context_t *ctx) { @@ -237,6 +240,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_ctx( return ctx->MBEDTLS_PRIVATE(md_info); } +#endif /* MBEDTLS_MD_C */ void mbedtls_md_init(mbedtls_md_context_t *ctx) { @@ -586,7 +590,7 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz } } -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -635,8 +639,9 @@ cleanup: return ret; } -#endif /* MBEDTLS_FS_IO */ +#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#if defined(MBEDTLS_MD_C) int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -773,6 +778,7 @@ cleanup: return ret; } +#endif /* MBEDTLS_MD_C */ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { @@ -792,6 +798,7 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) return md_info->type; } +#if defined(MBEDTLS_MD_C) const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) { if (md_info == NULL) { @@ -800,5 +807,6 @@ const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) return md_info->name; } - #endif /* MBEDTLS_MD_C */ + +#endif /* MBEDTLS_MD_LIGHT */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d3..c4a8fe652d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1219,19 +1219,25 @@ component_test_psa_external_rng_no_drbg_use_psa () { tests/ssl-opt.sh -f 'Default\|opaque' } -component_test_crypto_full_no_md () { - msg "build: crypto_full minus MD" +component_test_crypto_full_md_light_only () { + msg "build: crypto_full with only the light subset of MD" scripts/config.py crypto_full + # Disable MD scripts/config.py unset MBEDTLS_MD_C - # Direct dependencies + # Disable direct dependencies of MD scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C - # Indirect dependencies - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC - make + # Disable indirect dependencies of MD + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG + # Enable "light" subset of MD + scripts/config.py set MBEDTLS_MD_LIGHT + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: crypto_full minus MD" + # Make sure we don't have the HMAC functions + not grep mbedtls_md_hmac library/md.o + + msg "test: crypto_full with only the light subset of MD" make test } diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index ac3a8baf4f..1e8622be0f 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -3,11 +3,11 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_MD_C + * depends_on:MBEDTLS_MD_LIGHT * END_DEPENDENCIES */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C */ void mbedtls_md_list() { const int *md_type_ptr; @@ -38,21 +38,27 @@ exit: void md_null_args() { mbedtls_md_context_t ctx; +#if defined(MBEDTLS_MD_C) const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*(mbedtls_md_list())); +#endif unsigned char buf[1] = { 0 }; mbedtls_md_init(&ctx); TEST_EQUAL(0, mbedtls_md_get_size(NULL)); +#if defined(MBEDTLS_MD_C) TEST_EQUAL(mbedtls_md_get_type(NULL), MBEDTLS_MD_NONE); TEST_ASSERT(mbedtls_md_get_name(NULL) == NULL); TEST_ASSERT(mbedtls_md_info_from_string(NULL) == NULL); TEST_ASSERT(mbedtls_md_info_from_ctx(NULL) == NULL); TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == NULL); +#endif /* MBEDTLS_MD_C */ TEST_EQUAL(mbedtls_md_setup(&ctx, NULL, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#if defined(MBEDTLS_MD_C) TEST_EQUAL(mbedtls_md_setup(NULL, info, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#endif TEST_EQUAL(mbedtls_md_starts(NULL), MBEDTLS_ERR_MD_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_md_starts(&ctx), MBEDTLS_ERR_MD_BAD_INPUT_DATA); @@ -65,6 +71,7 @@ void md_null_args() TEST_EQUAL(mbedtls_md(NULL, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#if defined(MBEDTLS_MD_C) #if defined(MBEDTLS_FS_IO) TEST_EQUAL(mbedtls_md_file(NULL, "", buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); #endif @@ -87,10 +94,13 @@ void md_null_args() TEST_EQUAL(mbedtls_md_hmac(NULL, buf, 1, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#endif /* MBEDTLS_MD_C */ /* Ok, this is not NULL arg but NULL return... */ TEST_ASSERT(mbedtls_md_info_from_type(MBEDTLS_MD_NONE) == NULL); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_string("no such md") == NULL); +#endif } /* END_CASE */ @@ -98,24 +108,31 @@ void md_null_args() void md_info(int md_type, char *md_name, int md_size) { const mbedtls_md_info_t *md_info; +#if defined(MBEDTLS_MD_C) const int *md_type_ptr; - int found; +#else + (void) md_name; +#endif md_info = mbedtls_md_info_from_type(md_type); TEST_ASSERT(md_info != NULL); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(md_info == mbedtls_md_info_from_string(md_name)); +#endif TEST_EQUAL(mbedtls_md_get_type(md_info), (mbedtls_md_type_t) md_type); TEST_EQUAL(mbedtls_md_get_size(md_info), (unsigned char) md_size); +#if defined(MBEDTLS_MD_C) TEST_EQUAL(0, strcmp(mbedtls_md_get_name(md_info), md_name)); - found = 0; + int found = 0; for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) { if (*md_type_ptr == md_type) { found = 1; } } TEST_EQUAL(found, 1); +#endif /* MBEDTLS_MD_C */ } /* END_CASE */ @@ -173,8 +190,10 @@ void md_text_multi(int md_type, char *text_src_string, TEST_ASSERT(md_info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0)); TEST_EQUAL(0, mbedtls_md_setup(&ctx_copy, md_info, 0)); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info); TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx_copy) == md_info); +#endif /* MBEDTLS_MD_C */ TEST_EQUAL(0, mbedtls_md_starts(&ctx)); TEST_ASSERT(ctx.md_ctx != NULL); @@ -213,8 +232,10 @@ void md_hex_multi(int md_type, data_t *src_str, data_t *hash) TEST_ASSERT(md_info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0)); TEST_EQUAL(0, mbedtls_md_setup(&ctx_copy, md_info, 0)); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info); TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx_copy) == md_info); +#endif /* MBEDTLS_MD_C */ halfway = src_str->len / 2; @@ -240,7 +261,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C */ void mbedtls_md_hmac(int md_type, int trunc_size, data_t *key_str, data_t *src_str, data_t *hash) @@ -259,7 +280,7 @@ void mbedtls_md_hmac(int md_type, int trunc_size, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C */ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, data_t *src_str, data_t *hash) { @@ -273,7 +294,9 @@ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, md_info = mbedtls_md_info_from_type(md_type); TEST_ASSERT(md_info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1)); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info); +#endif halfway = src_str->len / 2; @@ -300,7 +323,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_MD_C */ void mbedtls_md_file(int md_type, char *filename, data_t *hash) { From 9e04b5bcfceaa0cb9fa10a33000d9a195fab9271 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Feb 2023 12:40:51 +0100 Subject: [PATCH 03/10] Disable MD-light in accel_hash_use_psa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c4a8fe652d..ad5073574f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2351,10 +2351,10 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former - # Also unset MD_C and things that depend on it; - # see component_test_crypto_full_no_md. + # Also unset MD_C and things that depend on it. if [ "$DRIVER_ONLY" -eq 1 ]; then scripts/config.py unset MBEDTLS_MD_C + scripts/config.py unset MBEDTLS_MD_LIGHT fi scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation scripts/config.py unset MBEDTLS_HMAC_DRBG_C From 82a43942c864d40f243e2832ff7fd274c3c4e764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:36:29 +0100 Subject: [PATCH 04/10] Make it clearer what's part of MD-light or not MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 124 ++++++++++++++++++++++--------------------- 1 file changed, 63 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index f9349e1d85..013cb6502d 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,12 +4,15 @@ * \brief This file contains the generic functions for message-digest * (hashing) and HMAC. * - * Availability of function in this modules is controled by two + * Availability of functions in this modules is controled by two * feature macros: * - MBEDTLS_MD_C enables the whole module; - * - MBEDTLS_MD_LIGHT enables only functions for hashing an accessing - * some hash metadata; is it automatically set whenever MBEDTLS_MD_C - * is set. + * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing + * most hash metadata (everything except string names); is it + * automatically set whenever MBEDTLS_MD_C is defined. + * + * The functions that are only available when MBEDTLS_MD_C is defined + * are grouped at the end of the file and guarded by this macro. * * \author Adriaan de Jong */ @@ -115,32 +118,6 @@ typedef struct mbedtls_md_context_t { void *MBEDTLS_PRIVATE(hmac_ctx); } mbedtls_md_context_t; -#if defined(MBEDTLS_MD_C) -/** - * \brief This function returns the list of digests supported by the - * generic digest module. - * - * \note The list starts with the strongest available hashes. - * - * \return A statically allocated array of digests. Each element - * in the returned list is an integer belonging to the - * message-digest enumeration #mbedtls_md_type_t. - * The last entry is 0. - */ -const int *mbedtls_md_list(void); - -/** - * \brief This function returns the message-digest information - * associated with the given digest name. - * - * \param md_name The name of the digest to search for. - * - * \return The message-digest information associated with \p md_name. - * \return NULL if the associated message-digest information is not found. - */ -const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); -#endif /* MBEDTLS_MD_C */ - /** * \brief This function returns the message-digest information * associated with the given digest type. @@ -152,21 +129,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); */ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); -#if defined(MBEDTLS_MD_C) -/** - * \brief This function returns the message-digest information - * from the given context. - * - * \param ctx The context from which to extract the information. - * This must be initialized (or \c NULL). - * - * \return The message-digest information associated with \p ctx. - * \return \c NULL if \p ctx is \c NULL. - */ -const mbedtls_md_info_t *mbedtls_md_info_from_ctx( - const mbedtls_md_context_t *ctx); -#endif /* MBEDTLS_MD_C */ - /** * \brief This function initializes a message-digest context without * binding it to a particular message-digest algorithm. @@ -260,19 +222,6 @@ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); */ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); -#if defined(MBEDTLS_MD_C) -/** - * \brief This function extracts the message-digest name from the - * message-digest information structure. - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * - * \return The name of the message digest. - */ -const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); -#endif /* MBEDTLS_MD_C */ - /** * \brief This function starts a message-digest computation. * @@ -351,7 +300,61 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output); -#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) +/************************************************************************ + * Functions below this separator are not part of MBEDTLS_MD_LIGHT * + * and require MBEDTLS_MD_C * + ************************************************************************/ + +#if defined(MBEDTLS_MD_C) +/** + * \brief This function returns the list of digests supported by the + * generic digest module. + * + * \note The list starts with the strongest available hashes. + * + * \return A statically allocated array of digests. Each element + * in the returned list is an integer belonging to the + * message-digest enumeration #mbedtls_md_type_t. + * The last entry is 0. + */ +const int *mbedtls_md_list(void); + +/** + * \brief This function returns the message-digest information + * associated with the given digest name. + * + * \param md_name The name of the digest to search for. + * + * \return The message-digest information associated with \p md_name. + * \return NULL if the associated message-digest information is not found. + */ +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); + +/** + * \brief This function extracts the message-digest name from the + * message-digest information structure. + * + * \param md_info The information structure of the message-digest algorithm + * to use. + * + * \return The name of the message digest. + */ +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); + +/** + * \brief This function returns the message-digest information + * from the given context. + * + * \param ctx The context from which to extract the information. + * This must be initialized (or \c NULL). + * + * \return The message-digest information associated with \p ctx. + * \return \c NULL if \p ctx is \c NULL. + */ +const mbedtls_md_info_t *mbedtls_md_info_from_ctx( + const mbedtls_md_context_t *ctx); + +#if defined(MBEDTLS_FS_IO) /** * \brief This function calculates the message-digest checksum * result of the contents of the provided file. @@ -372,9 +375,8 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output); -#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_MD_C) /** * \brief This function sets the HMAC key and prepares to * authenticate a new message. From f3953c878e756fc2f6366787609cf14685648321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:39:05 +0100 Subject: [PATCH 05/10] Clarify relationship between MD_C and MD_LIGHT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 41a007ea90..b1c9db9454 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2644,6 +2644,7 @@ * \def MBEDTLS_MD_C * * Enable the generic layer for message digest (hashing) and HMAC. + * This will automatically enabled MBEDTLS_MD_LIGHT * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2676,10 +2677,10 @@ * \def MBEDTLS_MD_LIGHT * * Enable the "light" subset of MBEDTLS_MD_C: just hashing and basic - * meta-data. + * meta-data (see md.h for details). * * This is automatically enabled whenever MBEDTLS_MD_C is enabled, but it is - * possible to enable this with MBEDTLS_MD_C if support for HMAC or extra + * possible to enable this without MBEDTLS_MD_C if support for HMAC or extra * metadata functions is not needed. * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, From 39a4f4285ddcee15fbfcd5076a5e4fed5cc3e0b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:40:24 +0100 Subject: [PATCH 06/10] Add links for macros in doxygen documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 8 ++++---- include/mbedtls/md.h | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b1c9db9454..3c5a28407b 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2644,7 +2644,7 @@ * \def MBEDTLS_MD_C * * Enable the generic layer for message digest (hashing) and HMAC. - * This will automatically enabled MBEDTLS_MD_LIGHT + * This will automatically enable #MBEDTLS_MD_LIGHT * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2676,11 +2676,11 @@ /** * \def MBEDTLS_MD_LIGHT * - * Enable the "light" subset of MBEDTLS_MD_C: just hashing and basic + * Enable the "light" subset of #MBEDTLS_MD_C: just hashing and basic * meta-data (see md.h for details). * - * This is automatically enabled whenever MBEDTLS_MD_C is enabled, but it is - * possible to enable this without MBEDTLS_MD_C if support for HMAC or extra + * This is automatically enabled whenever #MBEDTLS_MD_C is enabled, but it is + * possible to enable this without #MBEDTLS_MD_C if support for HMAC or extra * metadata functions is not needed. * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 013cb6502d..e3561ba9d0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -6,12 +6,12 @@ * * Availability of functions in this modules is controled by two * feature macros: - * - MBEDTLS_MD_C enables the whole module; - * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing + * - #MBEDTLS_MD_C enables the whole module; + * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing * most hash metadata (everything except string names); is it - * automatically set whenever MBEDTLS_MD_C is defined. + * automatically set whenever #MBEDTLS_MD_C is defined. * - * The functions that are only available when MBEDTLS_MD_C is defined + * The functions that are only available when #MBEDTLS_MD_C is defined * are grouped at the end of the file and guarded by this macro. * * \author Adriaan de Jong From cacc0ea144c3c455c7d504b9883638bc7f48cfcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:42:37 +0100 Subject: [PATCH 07/10] Fix a couple more typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index e3561ba9d0..8c77ea0c09 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,7 +4,7 @@ * \brief This file contains the generic functions for message-digest * (hashing) and HMAC. * - * Availability of functions in this modules is controled by two + * Availability of functions in this module is controlled by two * feature macros: * - #MBEDTLS_MD_C enables the whole module; * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing From 0d4152186dcd62b23d3703fa4e77e6a66ab340d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 13:02:13 +0100 Subject: [PATCH 08/10] Make MBEDTLS_MD_LIGHT private for now. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 20 -------------------- include/mbedtls/md.h | 17 ----------------- library/md.c | 14 ++++++++++++++ tests/scripts/all.sh | 6 +++--- 4 files changed, 17 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3c5a28407b..5d3cdb58f7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2644,7 +2644,6 @@ * \def MBEDTLS_MD_C * * Enable the generic layer for message digest (hashing) and HMAC. - * This will automatically enable #MBEDTLS_MD_LIGHT * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2673,25 +2672,6 @@ */ #define MBEDTLS_MD_C -/** - * \def MBEDTLS_MD_LIGHT - * - * Enable the "light" subset of #MBEDTLS_MD_C: just hashing and basic - * meta-data (see md.h for details). - * - * This is automatically enabled whenever #MBEDTLS_MD_C is enabled, but it is - * possible to enable this without #MBEDTLS_MD_C if support for HMAC or extra - * metadata functions is not needed. - * - * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, - * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, - * MBEDTLS_SHA512_C. - * Module: library/md.c - * - * Uncomment to enabled the "light" subsect of MD. - */ -#define MBEDTLS_MD_LIGHT - /** * \def MBEDTLS_MD5_C * diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 8c77ea0c09..3341d1cc02 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,16 +4,6 @@ * \brief This file contains the generic functions for message-digest * (hashing) and HMAC. * - * Availability of functions in this module is controlled by two - * feature macros: - * - #MBEDTLS_MD_C enables the whole module; - * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing - * most hash metadata (everything except string names); is it - * automatically set whenever #MBEDTLS_MD_C is defined. - * - * The functions that are only available when #MBEDTLS_MD_C is defined - * are grouped at the end of the file and guarded by this macro. - * * \author Adriaan de Jong */ /* @@ -300,12 +290,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output); -/************************************************************************ - * Functions below this separator are not part of MBEDTLS_MD_LIGHT * - * and require MBEDTLS_MD_C * - ************************************************************************/ - -#if defined(MBEDTLS_MD_C) /** * \brief This function returns the list of digests supported by the * generic digest module. @@ -487,7 +471,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output); -#endif /* MBEDTLS_MD_C */ #ifdef __cplusplus } diff --git a/library/md.c b/library/md.c index 8aecd39f07..c1cf67460a 100644 --- a/library/md.c +++ b/library/md.c @@ -23,6 +23,20 @@ #include "common.h" +/* + * Availability of functions in this module is controlled by two + * feature macros: + * - MBEDTLS_MD_C enables the whole module; + * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing + * most hash metadata (everything except string names); is it + * automatically set whenever MBEDTLS_MD_C is defined. + * + * In the future we may want to change the contract of some functions + * (behaviour with NULL arguments) depending on whether MD_C is defined or + * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. + * + * For these reasons, we're keeping MD_LIGHT internal for now. + */ #if defined(MBEDTLS_MD_LIGHT) #include "mbedtls/md.h" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ad5073574f..0758282d60 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1231,11 +1231,11 @@ component_test_crypto_full_md_light_only () { # Disable indirect dependencies of MD scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG # Enable "light" subset of MD - scripts/config.py set MBEDTLS_MD_LIGHT - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_MD_LIGHT" LDFLAGS="$ASAN_CFLAGS" - # Make sure we don't have the HMAC functions + # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac library/md.o + grep mbedtls_md library/md.o msg "test: crypto_full with only the light subset of MD" make test From 623c73b46d3aa91ac8b767a46a110a3aea5a0c53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 20:36:05 +0100 Subject: [PATCH 09/10] Remove config.py call on now-internal option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It turns out config.py wouldn't complain, but it's still confusing. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0758282d60..7c89e7fa38 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2354,7 +2354,6 @@ config_psa_crypto_hash_use_psa () { # Also unset MD_C and things that depend on it. if [ "$DRIVER_ONLY" -eq 1 ]; then scripts/config.py unset MBEDTLS_MD_C - scripts/config.py unset MBEDTLS_MD_LIGHT fi scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation scripts/config.py unset MBEDTLS_HMAC_DRBG_C From 1e57abd3eca2cdaed8b5bcda0e016394d6fb0298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 20:45:26 +0100 Subject: [PATCH 10/10] Group MD_LIGHT and MD_C parts of md.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 246 ++++++++++++++++++++++++++------------------------- 1 file changed, 124 insertions(+), 122 deletions(-) diff --git a/library/md.c b/library/md.c index c1cf67460a..6681f9aa0c 100644 --- a/library/md.c +++ b/library/md.c @@ -31,6 +31,8 @@ * most hash metadata (everything except string names); is it * automatically set whenever MBEDTLS_MD_C is defined. * + * In this file, functions from MD_LIGHT are at the top, MD_C at the end. + * * In the future we may want to change the contract of some functions * (behaviour with NULL arguments) depending on whether MD_C is defined or * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. @@ -121,93 +123,6 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif -/* - * Reminder: update profiles in x509_crt.c when adding a new hash! - */ -#if defined(MBEDTLS_MD_C) -static const int supported_digests[] = { - -#if defined(MBEDTLS_SHA512_C) - MBEDTLS_MD_SHA512, -#endif - -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_MD_SHA384, -#endif - -#if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, -#endif -#if defined(MBEDTLS_SHA224_C) - MBEDTLS_MD_SHA224, -#endif - -#if defined(MBEDTLS_SHA1_C) - MBEDTLS_MD_SHA1, -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - MBEDTLS_MD_RIPEMD160, -#endif - -#if defined(MBEDTLS_MD5_C) - MBEDTLS_MD_MD5, -#endif - - MBEDTLS_MD_NONE -}; - -const int *mbedtls_md_list(void) -{ - return supported_digests; -} - -const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) -{ - if (NULL == md_name) { - return NULL; - } - - /* Get the appropriate digest information */ -#if defined(MBEDTLS_MD5_C) - if (!strcmp("MD5", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); - } -#endif -#if defined(MBEDTLS_RIPEMD160_C) - if (!strcmp("RIPEMD160", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); - } -#endif -#if defined(MBEDTLS_SHA1_C) - if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - } -#endif -#if defined(MBEDTLS_SHA224_C) - if (!strcmp("SHA224", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); - } -#endif -#if defined(MBEDTLS_SHA256_C) - if (!strcmp("SHA256", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - } -#endif -#if defined(MBEDTLS_SHA384_C) - if (!strcmp("SHA384", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); - } -#endif -#if defined(MBEDTLS_SHA512_C) - if (!strcmp("SHA512", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); - } -#endif - return NULL; -} -#endif /* MBEDTLS_MD_C */ - const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { switch (md_type) { @@ -244,18 +159,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) } } -#if defined(MBEDTLS_MD_C) -const mbedtls_md_info_t *mbedtls_md_info_from_ctx( - const mbedtls_md_context_t *ctx) -{ - if (ctx == NULL) { - return NULL; - } - - return ctx->MBEDTLS_PRIVATE(md_info); -} -#endif /* MBEDTLS_MD_C */ - void mbedtls_md_init(mbedtls_md_context_t *ctx) { memset(ctx, 0, sizeof(mbedtls_md_context_t)); @@ -604,7 +507,126 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz } } -#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) +unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) +{ + if (md_info == NULL) { + return 0; + } + + return md_info->size; +} + +mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) +{ + if (md_info == NULL) { + return MBEDTLS_MD_NONE; + } + + return md_info->type; +} + +/************************************************************************ + * Functions above this separator are part of MBEDTLS_MD_LIGHT, * + * functions below are only available when MBEDTLS_MD_C is set. * + ************************************************************************/ +#if defined(MBEDTLS_MD_C) + +/* + * Reminder: update profiles in x509_crt.c when adding a new hash! + */ +static const int supported_digests[] = { + +#if defined(MBEDTLS_SHA512_C) + MBEDTLS_MD_SHA512, +#endif + +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_MD_SHA384, +#endif + +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_MD_SHA256, +#endif +#if defined(MBEDTLS_SHA224_C) + MBEDTLS_MD_SHA224, +#endif + +#if defined(MBEDTLS_SHA1_C) + MBEDTLS_MD_SHA1, +#endif + +#if defined(MBEDTLS_RIPEMD160_C) + MBEDTLS_MD_RIPEMD160, +#endif + +#if defined(MBEDTLS_MD5_C) + MBEDTLS_MD_MD5, +#endif + + MBEDTLS_MD_NONE +}; + +const int *mbedtls_md_list(void) +{ + return supported_digests; +} + +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) +{ + if (NULL == md_name) { + return NULL; + } + + /* Get the appropriate digest information */ +#if defined(MBEDTLS_MD5_C) + if (!strcmp("MD5", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); + } +#endif +#if defined(MBEDTLS_RIPEMD160_C) + if (!strcmp("RIPEMD160", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); + } +#endif +#if defined(MBEDTLS_SHA1_C) + if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + } +#endif +#if defined(MBEDTLS_SHA224_C) + if (!strcmp("SHA224", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); + } +#endif +#if defined(MBEDTLS_SHA256_C) + if (!strcmp("SHA256", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + } +#endif +#if defined(MBEDTLS_SHA384_C) + if (!strcmp("SHA384", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); + } +#endif +#if defined(MBEDTLS_SHA512_C) + if (!strcmp("SHA512", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); + } +#endif + return NULL; +} + +const mbedtls_md_info_t *mbedtls_md_info_from_ctx( + const mbedtls_md_context_t *ctx) +{ + if (ctx == NULL) { + return NULL; + } + + return ctx->MBEDTLS_PRIVATE(md_info); +} + +#if defined(MBEDTLS_FS_IO) int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -653,9 +675,8 @@ cleanup: return ret; } -#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_MD_C) int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -792,27 +813,7 @@ cleanup: return ret; } -#endif /* MBEDTLS_MD_C */ -unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) -{ - if (md_info == NULL) { - return 0; - } - - return md_info->size; -} - -mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) -{ - if (md_info == NULL) { - return MBEDTLS_MD_NONE; - } - - return md_info->type; -} - -#if defined(MBEDTLS_MD_C) const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) { if (md_info == NULL) { @@ -821,6 +822,7 @@ const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) return md_info->name; } + #endif /* MBEDTLS_MD_C */ #endif /* MBEDTLS_MD_LIGHT */