diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 612061d152..78f9b4056b 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -61,15 +61,23 @@ typedef enum { MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ +#if defined(MBEDTLS_SHA3_C) + MBEDTLS_MD_SHA3_224, /**< The SHA3-224 message digest. */ + MBEDTLS_MD_SHA3_256, /**< The SHA3-256 message digest. */ + MBEDTLS_MD_SHA3_384, /**< The SHA3-384 message digest. */ + MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ +#endif } mbedtls_md_type_t; -#if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA3_C) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #else #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */ #endif -#if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_SHA3_C) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ +#elif defined(MBEDTLS_SHA512_C) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 #else #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 diff --git a/library/md.c b/library/md.c index f2c1a90f86..ca3b9a0175 100644 --- a/library/md.c +++ b/library/md.c @@ -35,6 +35,9 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#if defined(MBEDTLS_SHA3_C) +#include "mbedtls/sha3.h" +#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -113,11 +116,46 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif +#if defined(MBEDTLS_SHA3_C) +const mbedtls_md_info_t mbedtls_sha3_224_info = { + "SHA3-224", + MBEDTLS_MD_SHA3_224, + 28, + 144, +}; +const mbedtls_md_info_t mbedtls_sha3_256_info = { + "SHA3-256", + MBEDTLS_MD_SHA3_256, + 32, + 136, +}; +const mbedtls_md_info_t mbedtls_sha3_384_info = { + "SHA3-384", + MBEDTLS_MD_SHA3_384, + 48, + 104, +}; +const mbedtls_md_info_t mbedtls_sha3_512_info = { + "SHA3-512", + MBEDTLS_MD_SHA3_512, + 64, + 72, +}; +#endif + + /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ static const int supported_digests[] = { +#if defined(MBEDTLS_SHA3_C) + MBEDTLS_MD_SHA3_512, + MBEDTLS_MD_SHA3_384, + MBEDTLS_MD_SHA3_256, + MBEDTLS_MD_SHA3_224, +#endif + #if defined(MBEDTLS_SHA512_C) MBEDTLS_MD_SHA512, #endif @@ -186,6 +224,16 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) #if defined(MBEDTLS_SHA512_C) if( !strcmp( "SHA512", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 ); +#endif +#if defined(MBEDTLS_SHA3_C) + if( !strcmp( "SHA3-224", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_224 ); + if( !strcmp( "SHA3-256", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_256 ); + if( !strcmp( "SHA3-384", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_384 ); + if( !strcmp( "SHA3-512", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_512 ); #endif return( NULL ); } @@ -221,6 +269,16 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( &mbedtls_sha512_info ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + return( &mbedtls_sha3_224_info ); + case MBEDTLS_MD_SHA3_256: + return( &mbedtls_sha3_256_info ); + case MBEDTLS_MD_SHA3_384: + return( &mbedtls_sha3_384_info ); + case MBEDTLS_MD_SHA3_512: + return( &mbedtls_sha3_512_info ); #endif default: return( NULL ); @@ -284,6 +342,14 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) case MBEDTLS_MD_SHA512: mbedtls_sha512_free( ctx->md_ctx ); break; +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + mbedtls_sha3_free( ctx->md_ctx ); + break; #endif default: /* Shouldn't happen */ @@ -348,6 +414,14 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, case MBEDTLS_MD_SHA512: mbedtls_sha512_clone( dst->md_ctx, src->md_ctx ); break; +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + mbedtls_sha3_clone( dst->md_ctx, src->md_ctx ); + break; #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -410,6 +484,14 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf case MBEDTLS_MD_SHA512: ALLOC( sha512 ); break; +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + ALLOC( sha3 ); + break; #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -463,6 +545,16 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512_starts( ctx->md_ctx, 0 ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_224 ) ); + case MBEDTLS_MD_SHA3_256: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_256 ) ); + case MBEDTLS_MD_SHA3_384: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_384 ) ); + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_512 ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -503,6 +595,13 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3_update( ctx->md_ctx, input, ilen ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -543,6 +642,13 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512_finish( ctx->md_ctx, output ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3_finish( ctx->md_ctx, output, ctx->md_info->size ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -584,6 +690,16 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512( input, ilen, output, 0 ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + return( mbedtls_sha3( MBEDTLS_SHA3_224, input, ilen, output, md_info->size ) ); + case MBEDTLS_MD_SHA3_256: + return( mbedtls_sha3( MBEDTLS_SHA3_256, input, ilen, output, md_info->size ) ); + case MBEDTLS_MD_SHA3_384: + return( mbedtls_sha3( MBEDTLS_SHA3_384, input, ilen, output, md_info->size ) ); + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3( MBEDTLS_SHA3_512, input, ilen, output, md_info->size ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -788,6 +904,15 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + /* mbedtls_md_process() is used for test suite. Since, sha3.c does not + implement mbedtls_sha3_process(), we silently return 0 */ + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + return( 0 ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); diff --git a/library/md_wrap.h b/library/md_wrap.h index 90c7957316..50a409352a 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -74,6 +74,12 @@ extern const mbedtls_md_info_t mbedtls_sha384_info; #if defined(MBEDTLS_SHA512_C) extern const mbedtls_md_info_t mbedtls_sha512_info; #endif +#if defined(MBEDTLS_SHA3_C) +extern const mbedtls_md_info_t mbedtls_sha3_224_info; +extern const mbedtls_md_info_t mbedtls_sha3_256_info; +extern const mbedtls_md_info_t mbedtls_sha3_384_info; +extern const mbedtls_md_info_t mbedtls_sha3_512_info; +#endif #ifdef __cplusplus }