AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement hash functions

Browse Source 
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
This commit is contained in:
Gilles Peskine 2018-02-07 21:05:37 +01:00 committed by itayzafrir
parent a590529938
commit 9ef733faa0
5 changed files with 508 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
include/psa/crypto.h
View File

@ -307,6 +307,54 @@ psa_status_t psa_export_key(psa_key_slot_t key,
/**@}*/
/** \defgroup hash Message digests
* @{
*/
typedef struct psa_hash_operation_s psa_hash_operation_t;
#define PSA_HASH_FINAL_SIZE(alg) \
( \
(alg) == PSA_ALG_MD2 ? 16 : \
(alg) == PSA_ALG_MD4 ? 16 : \
(alg) == PSA_ALG_MD5 ? 16 : \
(alg) == PSA_ALG_SHA_256_128 ? 16 : \
(alg) == PSA_ALG_RIPEMD160 ? 20 : \
(alg) == PSA_ALG_SHA_1 ? 20 : \
(alg) == PSA_ALG_SHA_256_160 ? 20 : \
(alg) == PSA_ALG_SHA_224 ? 28 : \
(alg) == PSA_ALG_SHA_256 ? 32 : \
(alg) == PSA_ALG_SHA_384 ? 48 : \
(alg) == PSA_ALG_SHA_512 ? 64 : \
(alg) == PSA_ALG_SHA_512_224 ? 28 : \
(alg) == PSA_ALG_SHA_512_256 ? 32 : \
(alg) == PSA_ALG_SHA3_224 ? 28 : \
(alg) == PSA_ALG_SHA3_256 ? 32 : \
(alg) == PSA_ALG_SHA3_384 ? 48 : \
(alg) == PSA_ALG_SHA3_512 ? 64 : \
0)
psa_status_t psa_hash_start(psa_hash_operation_t *operation,
psa_algorithm_t alg);
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length);
psa_status_t ps_hash_abort(psa_hash_operation_t *operation);
/**@}*/
/** \defgroup MAC Message authentication codes
/** \defgroup asymmetric Asymmetric cryptography
* @{
*/
@ -379,6 +427,12 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
}
#endif
/* The file "crypto_struct.h" contains definitions for
* implementation-specific structs that are declared above. */
#include "crypto_struct.h"
/* The file "crypto_extra.h" contains vendor-specific definitions. This
* can include vendor-defined algorithms, extra functions, etc. */
#include "crypto_extra.h"
#endif /* PSA_CRYPTO_H */

96
include/psa/crypto_struct.h Normal file
View File

@ -0,0 +1,96 @@
/**
* \file psa/crypto_struct.h
*
* \brief PSA cryptography module: Mbed TLS structured type implementations
*/
/*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/cipher.h"
#include "mbedtls/cmac.h"
#include "mbedtls/gcm.h"
#include "mbedtls/md.h"
#include "mbedtls/md2.h"
#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
struct psa_hash_operation_s
{
psa_algorithm_t alg;
union
{
#if defined(MBEDTLS_MD2_C)
mbedtls_md2_context md2;
#endif
#if defined(MBEDTLS_MD4_C)
mbedtls_md4_context md4;
#endif
#if defined(MBEDTLS_MD5_C)
mbedtls_md5_context md5;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
mbedtls_ripemd160_context ripemd160;
#endif
#if defined(MBEDTLS_SHA1_C)
mbedtls_sha1_context sha1;
#endif
#if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_context sha256;
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_context sha512;
#endif
} ctx;
};
struct psa_mac_operation_s
{
psa_algorithm_t alg;
int key_set : 1;
int iv_required : 1;
int iv_set : 1;
int has_input : 1;
uint8_t mac_size;
union
{
#if defined(MBEDTLS_MD_C)
mbedtls_md_context_t hmac;
#endif
#if defined(MBEDTLS_CMAC_C)
mbedtls_cipher_context_t cmac;
#endif
} ctx;
};
#endif /* PSA_CRYPTO_STRUCT_H */

283
library/psa_crypto.c
View File

@ -72,6 +72,20 @@ static void mbedtls_zeroize( void *v, size_t n )
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* constant-time buffer comparison */
static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
{
size_t i;
unsigned char diff = 0;
for( i = 0; i < n; i++ )
diff |= a[i] ^ b[i];
return( diff );
}
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
@ -573,6 +587,275 @@ static psa_algorithm_t mbedtls_md_alg_to_psa( mbedtls_md_type_t md_alg )
}
#endif
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
{
switch( operation->alg )
{
#if defined(MBEDTLS_MD2_C)
case PSA_ALG_MD2:
mbedtls_md2_free( &operation->ctx.md2 );
break;
#endif
#if defined(MBEDTLS_MD4_C)
case PSA_ALG_MD4:
mbedtls_md4_free( &operation->ctx.md4 );
break;
#endif
#if defined(MBEDTLS_MD5_C)
case PSA_ALG_MD5:
mbedtls_md5_free( &operation->ctx.md5 );
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case PSA_ALG_SHA_1:
mbedtls_sha1_free( &operation->ctx.sha1 );
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case PSA_ALG_SHA_224:
case PSA_ALG_SHA_256:
mbedtls_sha256_free( &operation->ctx.sha256 );
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case PSA_ALG_SHA_384:
case PSA_ALG_SHA_512:
mbedtls_sha512_free( &operation->ctx.sha512 );
break;
#endif
default:
return( PSA_ERROR_NOT_SUPPORTED );
}
operation->alg = 0;
return( PSA_SUCCESS );
}
psa_status_t psa_hash_start( psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
int ret;
operation->alg = 0;
switch( alg )
{
#if defined(MBEDTLS_MD2_C)
case PSA_ALG_MD2:
mbedtls_md2_init( &operation->ctx.md2 );
ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
break;
#endif
#if defined(MBEDTLS_MD4_C)
case PSA_ALG_MD4:
mbedtls_md4_init( &operation->ctx.md4 );
ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
break;
#endif
#if defined(MBEDTLS_MD5_C)
case PSA_ALG_MD5:
mbedtls_md5_init( &operation->ctx.md5 );
ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case PSA_ALG_SHA_1:
mbedtls_sha1_init( &operation->ctx.sha1 );
ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case PSA_ALG_SHA_224:
mbedtls_sha256_init( &operation->ctx.sha256 );
ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
break;
case PSA_ALG_SHA_256:
mbedtls_sha256_init( &operation->ctx.sha256 );
ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case PSA_ALG_SHA_384:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
break;
case PSA_ALG_SHA_512:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
break;
#endif
default:
return( PSA_ERROR_NOT_SUPPORTED );
}
if( ret == 0 )
operation->alg = alg;
else
psa_hash_abort( operation );
return( mbedtls_to_psa_error( ret ) );
}
psa_status_t psa_hash_update( psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
int ret;
switch( operation->alg )
{
#if defined(MBEDTLS_MD2_C)
case PSA_ALG_MD2:
ret = mbedtls_md2_update_ret( &operation->ctx.md2,
input, input_length );
break;
#endif
#if defined(MBEDTLS_MD4_C)
case PSA_ALG_MD4:
ret = mbedtls_md4_update_ret( &operation->ctx.md4,
input, input_length );
break;
#endif
#if defined(MBEDTLS_MD5_C)
case PSA_ALG_MD5:
ret = mbedtls_md5_update_ret( &operation->ctx.md5,
input, input_length );
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case PSA_ALG_RIPEMD160:
ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
input, input_length );
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case PSA_ALG_SHA_1:
ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
input, input_length );
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case PSA_ALG_SHA_224:
case PSA_ALG_SHA_256:
ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case PSA_ALG_SHA_384:
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
input, input_length );
break;
#endif
default:
ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
break;
}
if( ret != 0 )
psa_hash_abort( operation );
return( mbedtls_to_psa_error( ret ) );
}
psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length )
{
int ret;
size_t actual_hash_length = PSA_HASH_FINAL_SIZE( operation->alg );
/* Fill the output buffer with something that isn't a valid hash
* (barring an attack on the hash and deliberately-crafted input),
* in case the caller doesn't check the return status properly. */
*hash_length = actual_hash_length;
memset( hash, '!', hash_size );
if( hash_size < actual_hash_length )
return( PSA_ERROR_BUFFER_TOO_SMALL );
switch( operation->alg )
{
#if defined(MBEDTLS_MD2_C)
case PSA_ALG_MD2:
ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
break;
#endif
#if defined(MBEDTLS_MD4_C)
case PSA_ALG_MD4:
ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
break;
#endif
#if defined(MBEDTLS_MD5_C)
case PSA_ALG_MD5:
ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
break;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case PSA_ALG_RIPEMD160:
ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
break;
#endif
#if defined(MBEDTLS_SHA1_C)
case PSA_ALG_SHA_1:
ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case PSA_ALG_SHA_224:
case PSA_ALG_SHA_256:
ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case PSA_ALG_SHA_384:
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
break;
#endif
default:
ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
break;
}
if( ret == 0 )
{
return( psa_hash_abort( operation ) );
}
else
{
psa_hash_abort( operation );
return( mbedtls_to_psa_error( ret ) );
}
}
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length)
{
uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish( operation,
actual_hash, sizeof( actual_hash ),
&actual_hash_length );
if( status != PSA_SUCCESS )
return( status );
if( actual_hash_length != hash_length )
return( PSA_ERROR_INVALID_SIGNATURE );
if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
return( PSA_ERROR_INVALID_SIGNATURE );
return( PSA_SUCCESS );
}
/****************************************************************/
/****************************************************************/

8
tests/suites/test_suite_psa_crypto.data
View File

@ -37,6 +37,14 @@ import_export:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1
#depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
#import_export:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_NISTP256R1:256:0:PSA_SUCCESS:1
#
PSA hash finish: SHA-256
depends_on:MBEDTLS_SHA256_C
hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
PSA hash verify: SHA-256
depends_on:MBEDTLS_SHA256_C
hash_verify:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_RAW:128

67
tests/suites/test_suite_psa_crypto.function
View File

@ -133,6 +133,73 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void hash_finish( int alg_arg, char *input_hex, char *hash_hex )
{
psa_algorithm_t alg = alg_arg;
unsigned char *input = NULL;
size_t input_size;
unsigned char expected_hash[MBEDTLS_MD_MAX_SIZE];
size_t expected_hash_length;
unsigned char actual_hash[MBEDTLS_MD_MAX_SIZE];
size_t actual_hash_length;
psa_hash_operation_t operation;
input_size = strlen( input_hex ) / 2;
input = mbedtls_calloc( 1, input_size );
TEST_ASSERT( input != NULL );
input_size = unhexify( input, input_hex );
expected_hash_length = unhexify( expected_hash, hash_hex );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_update( &operation,
input, input_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_finish( &operation,
actual_hash, sizeof( actual_hash ),
&actual_hash_length ) == PSA_SUCCESS );
TEST_ASSERT( actual_hash_length == expected_hash_length );
TEST_ASSERT( memcmp( expected_hash, actual_hash,
expected_hash_length ) == 0 );
exit:
mbedtls_free( input );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void hash_verify( int alg_arg, char *input_hex, char *hash_hex )
{
psa_algorithm_t alg = alg_arg;
unsigned char *input = NULL;
size_t input_size;
unsigned char expected_hash[MBEDTLS_MD_MAX_SIZE];
size_t expected_hash_length;
psa_hash_operation_t operation;
input_size = strlen( input_hex ) / 2;
input = mbedtls_calloc( 1, input_size );
TEST_ASSERT( input != NULL );
input_size = unhexify( input, input_hex );
expected_hash_length = unhexify( expected_hash, hash_hex );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_update( &operation,
input, input_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_verify( &operation,
expected_hash,
expected_hash_length ) == PSA_SUCCESS );
exit:
mbedtls_free( input );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void signature_size( int type_arg, int bits, int alg_arg, int expected_size_arg )
{