TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1e58235d8b9c7481096227454ede04ebfb597e64 / . / library / psa_crypto_hash.h
blob: 0181b4e163769b1dc6ad3752507fc91c2bbbb195 [file] [log] [blame]
Steven Cooreman0e307642021-02-18 16:18:32 +0100[diff] [blame]1/*
2 * PSA hashing layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#ifndef PSA_CRYPTO_HASH_H
22#define PSA_CRYPTO_HASH_H
23
24#include <psa/crypto.h>
25#include "mbedtls/md2.h"
26#include "mbedtls/md4.h"
27#include "mbedtls/md5.h"
28#include "mbedtls/ripemd160.h"
29#include "mbedtls/sha1.h"
30#include "mbedtls/sha256.h"
31#include "mbedtls/sha512.h"
32
Steven Cooreman1e582352021-02-18 17:24:37 +0100[diff] [blame^]33#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
34 defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
35 defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
36 defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
37 defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
38 defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
39 defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
40 defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
41 defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
42#define MBEDTLS_PSA_BUILTIN_HASH
43#endif
44
Steven Cooreman0e307642021-02-18 16:18:32 +0100[diff] [blame]45typedef struct
46{
47 psa_algorithm_t alg;
48 union
49 {
50 unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
51#if defined(MBEDTLS_MD2_C)
52 mbedtls_md2_context md2;
53#endif
54#if defined(MBEDTLS_MD4_C)
55 mbedtls_md4_context md4;
56#endif
57#if defined(MBEDTLS_MD5_C)
58 mbedtls_md5_context md5;
59#endif
60#if defined(MBEDTLS_RIPEMD160_C)
61 mbedtls_ripemd160_context ripemd160;
62#endif
63#if defined(MBEDTLS_SHA1_C)
64 mbedtls_sha1_context sha1;
65#endif
66#if defined(MBEDTLS_SHA256_C)
67 mbedtls_sha256_context sha256;
68#endif
69#if defined(MBEDTLS_SHA512_C)
70 mbedtls_sha512_context sha512;
71#endif
72 } ctx;
73} mbedtls_psa_hash_operation_t;
74
75#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
76
77/** Calculate the hash (digest) of a message using Mbed TLS routines.
78 *
79 * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
80 * such that #PSA_ALG_IS_HASH(\p alg) is true).
81 * \param[in] input Buffer containing the message to hash.
82 * \param input_length Size of the \p input buffer in bytes.
83 * \param[out] hash Buffer where the hash is to be written.
84 * \param hash_size Size of the \p hash buffer in bytes.
85 * \param[out] hash_length On success, the number of bytes
86 * that make up the hash value. This is always
87 * #PSA_HASH_LENGTH(\p alg).
88 *
89 * \retval #PSA_SUCCESS
90 * Success.
91 * \retval #PSA_ERROR_NOT_SUPPORTED
92 * \p alg is not supported or is not a hash algorithm.
93 * \retval #PSA_ERROR_INVALID_ARGUMENT
94 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
95 * \p hash_size is too small
96 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
97 * \retval #PSA_ERROR_COMMUNICATION_FAILURE
98 * \retval #PSA_ERROR_HARDWARE_FAILURE
99 * \retval #PSA_ERROR_CORRUPTION_DETECTED
100 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
101 */
102psa_status_t mbedtls_psa_hash_compute(
103 psa_algorithm_t alg,
104 const uint8_t *input,
105 size_t input_length,
106 uint8_t *hash,
107 size_t hash_size,
108 size_t *hash_length);
109
110/** Set up a multipart hash operation using Mbed TLS routines.
111 *
112 * If an error occurs at any step after a call to mbedtls_psa_hash_setup(), the
113 * operation will need to be reset by a call to mbedtls_psa_hash_abort(). The
114 * core may call mbedtls_psa_hash_abort() at any time after the operation
115 * has been initialized.
116 *
117 * After a successful call to mbedtls_psa_hash_setup(), the core must
118 * eventually terminate the operation. The following events terminate an
119 * operation:
120 * - A successful call to mbedtls_psa_hash_finish() or mbedtls_psa_hash_verify().
121 * - A call to mbedtls_psa_hash_abort().
122 *
123 * \param[in,out] operation The operation object to set up. It must have
124 * been initialized to all-zero and not yet be in use.
125 * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
126 * such that #PSA_ALG_IS_HASH(\p alg) is true).
127 *
128 * \retval #PSA_SUCCESS
129 * Success.
130 * \retval #PSA_ERROR_NOT_SUPPORTED
131 * \p alg is not a supported hash algorithm.
132 * \retval #PSA_ERROR_BAD_STATE
133 * The operation state is not valid (it must be inactive).
134 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
135 * \retval #PSA_ERROR_CORRUPTION_DETECTED
136 */
137psa_status_t mbedtls_psa_hash_setup(
138 mbedtls_psa_hash_operation_t *operation,
139 psa_algorithm_t alg );
140
141/** Clone an Mbed TLS hash operation.
142 *
143 * This function copies the state of an ongoing hash operation to
144 * a new operation object. In other words, this function is equivalent
145 * to calling mbedtls_psa_hash_setup() on \p target_operation with the same
146 * algorithm that \p source_operation was set up for, then
147 * mbedtls_psa_hash_update() on \p target_operation with the same input that
148 * that was passed to \p source_operation. After this function returns, the
149 * two objects are independent, i.e. subsequent calls involving one of
150 * the objects do not affect the other object.
151 *
152 * \param[in] source_operation The active hash operation to clone.
153 * \param[in,out] target_operation The operation object to set up.
154 * It must be initialized but not active.
155 *
156 * \retval #PSA_SUCCESS
157 * \retval #PSA_ERROR_BAD_STATE
158 * The \p source_operation state is not valid (it must be active).
159 * \retval #PSA_ERROR_BAD_STATE
160 * The \p target_operation state is not valid (it must be inactive).
161 * \retval #PSA_ERROR_CORRUPTION_DETECTED
162 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
163 */
164psa_status_t mbedtls_psa_hash_clone(
165 const mbedtls_psa_hash_operation_t *source_operation,
166 mbedtls_psa_hash_operation_t *target_operation );
167
168/** Add a message fragment to a multipart Mbed TLS hash operation.
169 *
170 * The application must call mbedtls_psa_hash_setup() before calling this function.
171 *
172 * If this function returns an error status, the operation enters an error
173 * state and must be aborted by calling mbedtls_psa_hash_abort().
174 *
175 * \param[in,out] operation Active hash operation.
176 * \param[in] input Buffer containing the message fragment to hash.
177 * \param input_length Size of the \p input buffer in bytes.
178 *
179 * \retval #PSA_SUCCESS
180 * Success.
181 * \retval #PSA_ERROR_BAD_STATE
182 * The operation state is not valid (it muct be active).
183 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
184 * \retval #PSA_ERROR_CORRUPTION_DETECTED
185 */
186psa_status_t mbedtls_psa_hash_update(
187 mbedtls_psa_hash_operation_t *operation,
188 const uint8_t *input,
189 size_t input_length );
190
191/** Finish the calculation of the Mbed TLS-calculated hash of a message.
192 *
193 * The application must call mbedtls_psa_hash_setup() before calling this function.
194 * This function calculates the hash of the message formed by concatenating
195 * the inputs passed to preceding calls to mbedtls_psa_hash_update().
196 *
197 * When this function returns successfuly, the operation becomes inactive.
198 * If this function returns an error status, the operation enters an error
199 * state and must be aborted by calling mbedtls_psa_hash_abort().
200 *
201 * \param[in,out] operation Active hash operation.
202 * \param[out] hash Buffer where the hash is to be written.
203 * \param hash_size Size of the \p hash buffer in bytes.
204 * \param[out] hash_length On success, the number of bytes
205 * that make up the hash value. This is always
206 * #PSA_HASH_LENGTH(\c alg) where \c alg is the
207 * hash algorithm that is calculated.
208 *
209 * \retval #PSA_SUCCESS
210 * Success.
211 * \retval #PSA_ERROR_BAD_STATE
212 * The operation state is not valid (it must be active).
213 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
214 * The size of the \p hash buffer is too small. You can determine a
215 * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
216 * where \c alg is the hash algorithm that is calculated.
217 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
218 * \retval #PSA_ERROR_CORRUPTION_DETECTED
219 */
220psa_status_t mbedtls_psa_hash_finish(
221 mbedtls_psa_hash_operation_t *operation,
222 uint8_t *hash,
223 size_t hash_size,
224 size_t *hash_length );
225
226/** Abort an Mbed TLS hash operation.
227 *
228 * Aborting an operation frees all associated resources except for the
229 * \p operation structure itself. Once aborted, the operation object
230 * can be reused for another operation by calling
231 * mbedtls_psa_hash_setup() again.
232 *
233 * You may call this function any time after the operation object has
234 * been initialized by one of the methods described in #psa_hash_operation_t.
235 *
236 * In particular, calling mbedtls_psa_hash_abort() after the operation has been
237 * terminated by a call to mbedtls_psa_hash_abort(), mbedtls_psa_hash_finish() or
238 * mbedtls_psa_hash_verify() is safe and has no effect.
239 *
240 * \param[in,out] operation Initialized hash operation.
241 *
242 * \retval #PSA_SUCCESS
243 * \retval #PSA_ERROR_CORRUPTION_DETECTED
244 */
245psa_status_t mbedtls_psa_hash_abort(
246 mbedtls_psa_hash_operation_t *operation );
247
248#endif /* PSA_CRYPTO_HASH_H */