TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 84d670d20c910b263e26177c41311e47b932108b / . / library / psa_crypto_hash.h
blob: 42a8183b3b30389923fae8b6e4978bcb97865218 [file] [log] [blame]
Steven Cooreman0e307642021-02-18 16:18:32 +0100[diff] [blame]1/*
2 * PSA hashing layer on top of Mbed TLS software crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#ifndef PSA_CRYPTO_HASH_H
22#define PSA_CRYPTO_HASH_H
23
24#include <psa/crypto.h>
25#include "mbedtls/md2.h"
26#include "mbedtls/md4.h"
27#include "mbedtls/md5.h"
28#include "mbedtls/ripemd160.h"
29#include "mbedtls/sha1.h"
30#include "mbedtls/sha256.h"
31#include "mbedtls/sha512.h"
32
33typedef struct
34{
35 psa_algorithm_t alg;
36 union
37 {
38 unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
39#if defined(MBEDTLS_MD2_C)
40 mbedtls_md2_context md2;
41#endif
42#if defined(MBEDTLS_MD4_C)
43 mbedtls_md4_context md4;
44#endif
45#if defined(MBEDTLS_MD5_C)
46 mbedtls_md5_context md5;
47#endif
48#if defined(MBEDTLS_RIPEMD160_C)
49 mbedtls_ripemd160_context ripemd160;
50#endif
51#if defined(MBEDTLS_SHA1_C)
52 mbedtls_sha1_context sha1;
53#endif
54#if defined(MBEDTLS_SHA256_C)
55 mbedtls_sha256_context sha256;
56#endif
57#if defined(MBEDTLS_SHA512_C)
58 mbedtls_sha512_context sha512;
59#endif
60 } ctx;
61} mbedtls_psa_hash_operation_t;
62
63#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
64
65/** Calculate the hash (digest) of a message using Mbed TLS routines.
66 *
67 * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
68 * such that #PSA_ALG_IS_HASH(\p alg) is true).
69 * \param[in] input Buffer containing the message to hash.
70 * \param input_length Size of the \p input buffer in bytes.
71 * \param[out] hash Buffer where the hash is to be written.
72 * \param hash_size Size of the \p hash buffer in bytes.
73 * \param[out] hash_length On success, the number of bytes
74 * that make up the hash value. This is always
75 * #PSA_HASH_LENGTH(\p alg).
76 *
77 * \retval #PSA_SUCCESS
78 * Success.
79 * \retval #PSA_ERROR_NOT_SUPPORTED
80 * \p alg is not supported or is not a hash algorithm.
81 * \retval #PSA_ERROR_INVALID_ARGUMENT
82 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
83 * \p hash_size is too small
84 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
85 * \retval #PSA_ERROR_COMMUNICATION_FAILURE
86 * \retval #PSA_ERROR_HARDWARE_FAILURE
87 * \retval #PSA_ERROR_CORRUPTION_DETECTED
88 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
89 */
90psa_status_t mbedtls_psa_hash_compute(
91 psa_algorithm_t alg,
92 const uint8_t *input,
93 size_t input_length,
94 uint8_t *hash,
95 size_t hash_size,
96 size_t *hash_length);
97
98/** Set up a multipart hash operation using Mbed TLS routines.
99 *
100 * If an error occurs at any step after a call to mbedtls_psa_hash_setup(), the
101 * operation will need to be reset by a call to mbedtls_psa_hash_abort(). The
102 * core may call mbedtls_psa_hash_abort() at any time after the operation
103 * has been initialized.
104 *
105 * After a successful call to mbedtls_psa_hash_setup(), the core must
106 * eventually terminate the operation. The following events terminate an
107 * operation:
108 * - A successful call to mbedtls_psa_hash_finish() or mbedtls_psa_hash_verify().
109 * - A call to mbedtls_psa_hash_abort().
110 *
111 * \param[in,out] operation The operation object to set up. It must have
112 * been initialized to all-zero and not yet be in use.
113 * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
114 * such that #PSA_ALG_IS_HASH(\p alg) is true).
115 *
116 * \retval #PSA_SUCCESS
117 * Success.
118 * \retval #PSA_ERROR_NOT_SUPPORTED
119 * \p alg is not a supported hash algorithm.
120 * \retval #PSA_ERROR_BAD_STATE
121 * The operation state is not valid (it must be inactive).
122 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
123 * \retval #PSA_ERROR_CORRUPTION_DETECTED
124 */
125psa_status_t mbedtls_psa_hash_setup(
126 mbedtls_psa_hash_operation_t *operation,
127 psa_algorithm_t alg );
128
129/** Clone an Mbed TLS hash operation.
130 *
131 * This function copies the state of an ongoing hash operation to
132 * a new operation object. In other words, this function is equivalent
133 * to calling mbedtls_psa_hash_setup() on \p target_operation with the same
134 * algorithm that \p source_operation was set up for, then
135 * mbedtls_psa_hash_update() on \p target_operation with the same input that
136 * that was passed to \p source_operation. After this function returns, the
137 * two objects are independent, i.e. subsequent calls involving one of
138 * the objects do not affect the other object.
139 *
140 * \param[in] source_operation The active hash operation to clone.
141 * \param[in,out] target_operation The operation object to set up.
142 * It must be initialized but not active.
143 *
144 * \retval #PSA_SUCCESS
145 * \retval #PSA_ERROR_BAD_STATE
146 * The \p source_operation state is not valid (it must be active).
147 * \retval #PSA_ERROR_BAD_STATE
148 * The \p target_operation state is not valid (it must be inactive).
149 * \retval #PSA_ERROR_CORRUPTION_DETECTED
150 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
151 */
152psa_status_t mbedtls_psa_hash_clone(
153 const mbedtls_psa_hash_operation_t *source_operation,
154 mbedtls_psa_hash_operation_t *target_operation );
155
156/** Add a message fragment to a multipart Mbed TLS hash operation.
157 *
158 * The application must call mbedtls_psa_hash_setup() before calling this function.
159 *
160 * If this function returns an error status, the operation enters an error
161 * state and must be aborted by calling mbedtls_psa_hash_abort().
162 *
163 * \param[in,out] operation Active hash operation.
164 * \param[in] input Buffer containing the message fragment to hash.
165 * \param input_length Size of the \p input buffer in bytes.
166 *
167 * \retval #PSA_SUCCESS
168 * Success.
169 * \retval #PSA_ERROR_BAD_STATE
170 * The operation state is not valid (it muct be active).
171 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
172 * \retval #PSA_ERROR_CORRUPTION_DETECTED
173 */
174psa_status_t mbedtls_psa_hash_update(
175 mbedtls_psa_hash_operation_t *operation,
176 const uint8_t *input,
177 size_t input_length );
178
179/** Finish the calculation of the Mbed TLS-calculated hash of a message.
180 *
181 * The application must call mbedtls_psa_hash_setup() before calling this function.
182 * This function calculates the hash of the message formed by concatenating
183 * the inputs passed to preceding calls to mbedtls_psa_hash_update().
184 *
185 * When this function returns successfuly, the operation becomes inactive.
186 * If this function returns an error status, the operation enters an error
187 * state and must be aborted by calling mbedtls_psa_hash_abort().
188 *
189 * \param[in,out] operation Active hash operation.
190 * \param[out] hash Buffer where the hash is to be written.
191 * \param hash_size Size of the \p hash buffer in bytes.
192 * \param[out] hash_length On success, the number of bytes
193 * that make up the hash value. This is always
194 * #PSA_HASH_LENGTH(\c alg) where \c alg is the
195 * hash algorithm that is calculated.
196 *
197 * \retval #PSA_SUCCESS
198 * Success.
199 * \retval #PSA_ERROR_BAD_STATE
200 * The operation state is not valid (it must be active).
201 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
202 * The size of the \p hash buffer is too small. You can determine a
203 * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
204 * where \c alg is the hash algorithm that is calculated.
205 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
206 * \retval #PSA_ERROR_CORRUPTION_DETECTED
207 */
208psa_status_t mbedtls_psa_hash_finish(
209 mbedtls_psa_hash_operation_t *operation,
210 uint8_t *hash,
211 size_t hash_size,
212 size_t *hash_length );
213
214/** Abort an Mbed TLS hash operation.
215 *
216 * Aborting an operation frees all associated resources except for the
217 * \p operation structure itself. Once aborted, the operation object
218 * can be reused for another operation by calling
219 * mbedtls_psa_hash_setup() again.
220 *
221 * You may call this function any time after the operation object has
222 * been initialized by one of the methods described in #psa_hash_operation_t.
223 *
224 * In particular, calling mbedtls_psa_hash_abort() after the operation has been
225 * terminated by a call to mbedtls_psa_hash_abort(), mbedtls_psa_hash_finish() or
226 * mbedtls_psa_hash_verify() is safe and has no effect.
227 *
228 * \param[in,out] operation Initialized hash operation.
229 *
230 * \retval #PSA_SUCCESS
231 * \retval #PSA_ERROR_CORRUPTION_DETECTED
232 */
233psa_status_t mbedtls_psa_hash_abort(
234 mbedtls_psa_hash_operation_t *operation );
235
236#endif /* PSA_CRYPTO_HASH_H */