Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
This commit is contained in:
commit
7a389ddc84
21 changed files with 259 additions and 177 deletions
|
@ -0,0 +1,4 @@
|
|||
Features
|
||||
* SHA224_C/SHA384_C are now independent from SHA384_C/SHA512_C respectively.
|
||||
This helps in saving code size when some of the above hashes are not
|
||||
required.
|
|
@ -47,10 +47,6 @@
|
|||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_NET_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SSL_CLI_C
|
||||
#define MBEDTLS_SSL_COOKIE_C
|
||||
|
|
|
@ -46,10 +46,6 @@
|
|||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_NET_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SSL_CLI_C
|
||||
#define MBEDTLS_SSL_SRV_C
|
||||
|
|
|
@ -60,10 +60,6 @@
|
|||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SHA384_C
|
||||
#define MBEDTLS_SHA512_C
|
||||
|
|
|
@ -63,10 +63,6 @@
|
|||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SSL_COOKIE_C
|
||||
#define MBEDTLS_SSL_CLI_C
|
||||
|
|
|
@ -695,10 +695,6 @@
|
|||
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C)
|
||||
#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
|
||||
defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
|
||||
#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
|
||||
|
@ -754,14 +750,6 @@
|
|||
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
|
||||
#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)
|
||||
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
|
||||
defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
|
||||
#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*"
|
||||
|
|
|
@ -3046,9 +3046,6 @@
|
|||
*
|
||||
* Enable the SHA-224 cryptographic hash algorithm.
|
||||
*
|
||||
* Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
|
||||
* SHA-224 without SHA-256.
|
||||
*
|
||||
* Module: library/sha256.c
|
||||
* Caller: library/md.c
|
||||
* library/ssl_cookie.c
|
||||
|
@ -3062,9 +3059,6 @@
|
|||
*
|
||||
* Enable the SHA-256 cryptographic hash algorithm.
|
||||
*
|
||||
* Requires: MBEDTLS_SHA224_C. The library does not currently support enabling
|
||||
* SHA-256 without SHA-224.
|
||||
*
|
||||
* Module: library/sha256.c
|
||||
* Caller: library/entropy.c
|
||||
* library/md.c
|
||||
|
@ -3132,8 +3126,6 @@
|
|||
*
|
||||
* Enable the SHA-384 cryptographic hash algorithm.
|
||||
*
|
||||
* Requires: MBEDTLS_SHA512_C
|
||||
*
|
||||
* Module: library/sha512.c
|
||||
* Caller: library/md.c
|
||||
* library/psa_crypto_hash.c
|
||||
|
|
|
@ -65,8 +65,14 @@ typedef enum {
|
|||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
|
||||
#elif defined(MBEDTLS_SHA384_C)
|
||||
#define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */
|
||||
#elif defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */
|
||||
#elif defined(MBEDTLS_SHA224_C)
|
||||
#define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */
|
||||
#else
|
||||
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
|
||||
#define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160 */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
|
|
|
@ -96,6 +96,10 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
|||
* \param is224 This determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*
|
||||
* \note is224 must be defined accordingly to the enabled
|
||||
* MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
|
||||
* function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
|
@ -178,13 +182,25 @@ int mbedtls_sha256( const unsigned char *input,
|
|||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
/**
|
||||
* \brief The SHA-224 and SHA-256 checkup routine.
|
||||
* \brief The SHA-224 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha224_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SHA224_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
/**
|
||||
* \brief The SHA-256 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
|
|
|
@ -99,9 +99,9 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
|||
* \param is384 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-512, or \c 1 for SHA-384.
|
||||
*
|
||||
* \note When \c MBEDTLS_SHA384_C is not defined,
|
||||
* \p is384 must be \c 0, or the function will return
|
||||
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
|
||||
* \note is384 must be defined accordingly to the enabled
|
||||
* MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
|
||||
* function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
|
@ -175,8 +175,11 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
|||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512, or \c 1 for SHA-384.
|
||||
*
|
||||
* \note When \c MBEDTLS_SHA384_C is not defined, \p is384 must
|
||||
* be \c 0, or the function will return
|
||||
* \note is384 must be defined accordingly with the supported
|
||||
* symbols in the config file. If:
|
||||
* - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
|
||||
* - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
|
||||
* then the function will return
|
||||
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -189,13 +192,26 @@ int mbedtls_sha512( const unsigned char *input,
|
|||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
/**
|
||||
* \brief The SHA-384 or SHA-512 checkup routine.
|
||||
* \brief The SHA-384 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha384_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
/**
|
||||
* \brief The SHA-512 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha512_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C)
|
||||
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
@ -167,12 +167,15 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
|||
*/
|
||||
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
|
||||
{
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
|
||||
if( is224 != 0 && is224 != 1 )
|
||||
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
|
||||
#else
|
||||
#elif defined(MBEDTLS_SHA256_C)
|
||||
if( is224 != 0 )
|
||||
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
|
||||
#else /* defined MBEDTLS_SHA224_C only */
|
||||
if( is224 == 0 )
|
||||
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
|
||||
#endif
|
||||
|
||||
ctx->total[0] = 0;
|
||||
|
@ -180,7 +183,7 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
|
|||
|
||||
if( is224 == 0 )
|
||||
{
|
||||
/* SHA-256 */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
ctx->state[0] = 0x6A09E667;
|
||||
ctx->state[1] = 0xBB67AE85;
|
||||
ctx->state[2] = 0x3C6EF372;
|
||||
|
@ -189,11 +192,11 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
|
|||
ctx->state[5] = 0x9B05688C;
|
||||
ctx->state[6] = 0x1F83D9AB;
|
||||
ctx->state[7] = 0x5BE0CD19;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
/* SHA-224 */
|
||||
ctx->state[0] = 0xC1059ED8;
|
||||
ctx->state[1] = 0x367CD507;
|
||||
ctx->state[2] = 0x3070DD17;
|
||||
|
@ -205,7 +208,9 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
|
|||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
ctx->is224 = is224;
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -678,12 +683,15 @@ int mbedtls_sha256( const unsigned char *input,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_sha256_context ctx;
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
|
||||
if( is224 != 0 && is224 != 1 )
|
||||
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
|
||||
#else
|
||||
#elif defined(MBEDTLS_SHA256_C)
|
||||
if( is224 != 0 )
|
||||
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
|
||||
#else /* defined MBEDTLS_SHA224_C only */
|
||||
if( is224 == 0 )
|
||||
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
|
||||
#endif
|
||||
|
||||
mbedtls_sha256_init( &ctx );
|
||||
|
@ -707,23 +715,26 @@ exit:
|
|||
/*
|
||||
* FIPS-180-2 test vectors
|
||||
*/
|
||||
static const unsigned char sha256_test_buf[3][57] =
|
||||
static const unsigned char sha_test_buf[3][57] =
|
||||
{
|
||||
{ "abc" },
|
||||
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
|
||||
{ "" }
|
||||
};
|
||||
|
||||
static const size_t sha256_test_buflen[3] =
|
||||
static const size_t sha_test_buflen[3] =
|
||||
{
|
||||
3, 56, 1000
|
||||
};
|
||||
|
||||
static const unsigned char sha256_test_sum[6][32] =
|
||||
typedef const unsigned char (sha_test_sum_t)[32];
|
||||
|
||||
/*
|
||||
* SHA-224 test vectors
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
static sha_test_sum_t sha224_test_sum[] =
|
||||
{
|
||||
/*
|
||||
* SHA-224 test vectors
|
||||
*/
|
||||
{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
|
||||
0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
|
||||
0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
|
||||
|
@ -735,11 +746,16 @@ static const unsigned char sha256_test_sum[6][32] =
|
|||
{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
|
||||
0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
|
||||
0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
|
||||
0x4E, 0xE7, 0xAD, 0x67 },
|
||||
0x4E, 0xE7, 0xAD, 0x67 }
|
||||
};
|
||||
#endif
|
||||
|
||||
/*
|
||||
* SHA-256 test vectors
|
||||
*/
|
||||
/*
|
||||
* SHA-256 test vectors
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static sha_test_sum_t sha256_test_sum[] =
|
||||
{
|
||||
{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
|
||||
0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
|
||||
0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
|
||||
|
@ -753,17 +769,26 @@ static const unsigned char sha256_test_sum[6][32] =
|
|||
0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
|
||||
0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
|
||||
};
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose )
|
||||
static int mbedtls_sha256_common_self_test( int verbose, int is224 )
|
||||
{
|
||||
int i, j, k, buflen, ret = 0;
|
||||
int i, buflen, ret = 0;
|
||||
unsigned char *buf;
|
||||
unsigned char sha256sum[32];
|
||||
mbedtls_sha256_context ctx;
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
|
||||
sha_test_sum_t* sha_test_sum = ( is224 ) ? sha224_test_sum : sha256_test_sum;
|
||||
#elif defined(MBEDTLS_SHA256_C)
|
||||
sha_test_sum_t* sha_test_sum = sha256_test_sum;
|
||||
#else
|
||||
sha_test_sum_t* sha_test_sum = sha224_test_sum;
|
||||
#endif
|
||||
|
||||
buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
|
||||
if( NULL == buf )
|
||||
{
|
||||
|
@ -775,22 +800,19 @@ int mbedtls_sha256_self_test( int verbose )
|
|||
|
||||
mbedtls_sha256_init( &ctx );
|
||||
|
||||
for( i = 0; i < 6; i++ )
|
||||
for( i = 0; i < 3; i++ )
|
||||
{
|
||||
j = i % 3;
|
||||
k = i < 3;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
|
||||
mbedtls_printf( " SHA-%d test #%d: ", 256 - is224 * 32, i + 1 );
|
||||
|
||||
if( ( ret = mbedtls_sha256_starts( &ctx, k ) ) != 0 )
|
||||
if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
|
||||
goto fail;
|
||||
|
||||
if( j == 2 )
|
||||
if( i == 2 )
|
||||
{
|
||||
memset( buf, 'a', buflen = 1000 );
|
||||
|
||||
for( j = 0; j < 1000; j++ )
|
||||
for( int j = 0; j < 1000; j++ )
|
||||
{
|
||||
ret = mbedtls_sha256_update( &ctx, buf, buflen );
|
||||
if( ret != 0 )
|
||||
|
@ -800,8 +822,8 @@ int mbedtls_sha256_self_test( int verbose )
|
|||
}
|
||||
else
|
||||
{
|
||||
ret = mbedtls_sha256_update( &ctx, sha256_test_buf[j],
|
||||
sha256_test_buflen[j] );
|
||||
ret = mbedtls_sha256_update( &ctx, sha_test_buf[i],
|
||||
sha_test_buflen[i] );
|
||||
if( ret != 0 )
|
||||
goto fail;
|
||||
}
|
||||
|
@ -810,7 +832,7 @@ int mbedtls_sha256_self_test( int verbose )
|
|||
goto fail;
|
||||
|
||||
|
||||
if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
|
||||
if( memcmp( sha256sum, sha_test_sum[i], 32 - is224 * 4 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto fail;
|
||||
|
@ -836,6 +858,20 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
int mbedtls_sha256_self_test( int verbose )
|
||||
{
|
||||
return mbedtls_sha256_common_self_test( verbose, 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
int mbedtls_sha224_self_test( int verbose )
|
||||
{
|
||||
return mbedtls_sha256_common_self_test( verbose, 1 );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA224_C */
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA224_C */
|
||||
|
|
107
library/sha512.c
107
library/sha512.c
|
@ -24,7 +24,7 @@
|
|||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C)
|
||||
|
||||
#include "mbedtls/sha512.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
@ -191,12 +191,15 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
|||
*/
|
||||
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
|
||||
{
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
|
||||
if( is384 != 0 && is384 != 1 )
|
||||
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
|
||||
#else
|
||||
#elif defined(MBEDTLS_SHA512_C)
|
||||
if( is384 != 0 )
|
||||
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
|
||||
#else /* defined MBEDTLS_SHA384_C only */
|
||||
if( is384 == 0 )
|
||||
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
|
||||
#endif
|
||||
|
||||
ctx->total[0] = 0;
|
||||
|
@ -204,7 +207,7 @@ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
|
|||
|
||||
if( is384 == 0 )
|
||||
{
|
||||
/* SHA-512 */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
ctx->state[0] = UL64(0x6A09E667F3BCC908);
|
||||
ctx->state[1] = UL64(0xBB67AE8584CAA73B);
|
||||
ctx->state[2] = UL64(0x3C6EF372FE94F82B);
|
||||
|
@ -213,13 +216,11 @@ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
|
|||
ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
|
||||
ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
|
||||
ctx->state[7] = UL64(0x5BE0CD19137E2179);
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
}
|
||||
else
|
||||
{
|
||||
#if !defined(MBEDTLS_SHA384_C)
|
||||
return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA );
|
||||
#else
|
||||
/* SHA-384 */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
|
||||
ctx->state[1] = UL64(0x629A292A367CD507);
|
||||
ctx->state[2] = UL64(0x9159015A3070DD17);
|
||||
|
@ -836,12 +837,15 @@ int mbedtls_sha512( const unsigned char *input,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_sha512_context ctx;
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
|
||||
if( is384 != 0 && is384 != 1 )
|
||||
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
|
||||
#else
|
||||
#elif defined(MBEDTLS_SHA512_C)
|
||||
if( is384 != 0 )
|
||||
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
|
||||
#else /* defined MBEDTLS_SHA384_C only */
|
||||
if( is384 == 0 )
|
||||
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
|
||||
#endif
|
||||
|
||||
mbedtls_sha512_init( &ctx );
|
||||
|
@ -866,24 +870,26 @@ exit:
|
|||
/*
|
||||
* FIPS-180-2 test vectors
|
||||
*/
|
||||
static const unsigned char sha512_test_buf[3][113] =
|
||||
static const unsigned char sha_test_buf[3][113] =
|
||||
{
|
||||
{ "abc" },
|
||||
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
|
||||
{ "" }
|
||||
};
|
||||
|
||||
static const size_t sha512_test_buflen[3] =
|
||||
static const size_t sha_test_buflen[3] =
|
||||
{
|
||||
3, 112, 1000
|
||||
};
|
||||
|
||||
static const unsigned char sha512_test_sum[][64] =
|
||||
{
|
||||
typedef const unsigned char (sha_test_sum_t)[64];
|
||||
|
||||
/*
|
||||
* SHA-384 test vectors
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
/*
|
||||
* SHA-384 test vectors
|
||||
*/
|
||||
static sha_test_sum_t sha384_test_sum[] =
|
||||
{
|
||||
{ 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
|
||||
0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
|
||||
0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
|
||||
|
@ -901,12 +907,16 @@ static const unsigned char sha512_test_sum[][64] =
|
|||
0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
|
||||
0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
|
||||
0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
|
||||
0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
|
||||
0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 }
|
||||
};
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
||||
/*
|
||||
* SHA-512 test vectors
|
||||
*/
|
||||
/*
|
||||
* SHA-512 test vectors
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
static sha_test_sum_t sha512_test_sum[] =
|
||||
{
|
||||
{ 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
|
||||
0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
|
||||
0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
|
||||
|
@ -932,19 +942,25 @@ static const unsigned char sha512_test_sum[][64] =
|
|||
0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
|
||||
0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
|
||||
};
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) )
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int mbedtls_sha512_self_test( int verbose )
|
||||
static int mbedtls_sha512_common_self_test( int verbose, int is384 )
|
||||
{
|
||||
int i, j, k, buflen, ret = 0;
|
||||
int i, buflen, ret = 0;
|
||||
unsigned char *buf;
|
||||
unsigned char sha512sum[64];
|
||||
mbedtls_sha512_context ctx;
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
|
||||
sha_test_sum_t* sha_test_sum = ( is384 ) ? sha384_test_sum : sha512_test_sum;
|
||||
#elif defined(MBEDTLS_SHA512_C)
|
||||
sha_test_sum_t* sha_test_sum = sha512_test_sum;
|
||||
#else
|
||||
sha_test_sum_t* sha_test_sum = sha384_test_sum;
|
||||
#endif
|
||||
|
||||
buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
|
||||
if( NULL == buf )
|
||||
{
|
||||
|
@ -956,26 +972,19 @@ int mbedtls_sha512_self_test( int verbose )
|
|||
|
||||
mbedtls_sha512_init( &ctx );
|
||||
|
||||
for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ )
|
||||
for( i = 0; i < 3; i++ )
|
||||
{
|
||||
j = i % 3;
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
k = i < 3;
|
||||
#else
|
||||
k = 0;
|
||||
#endif
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
|
||||
mbedtls_printf( " SHA-%d test #%d: ", 512 - is384 * 128, i + 1 );
|
||||
|
||||
if( ( ret = mbedtls_sha512_starts( &ctx, k ) ) != 0 )
|
||||
if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 )
|
||||
goto fail;
|
||||
|
||||
if( j == 2 )
|
||||
if( i == 2 )
|
||||
{
|
||||
memset( buf, 'a', buflen = 1000 );
|
||||
|
||||
for( j = 0; j < 1000; j++ )
|
||||
for( int j = 0; j < 1000; j++ )
|
||||
{
|
||||
ret = mbedtls_sha512_update( &ctx, buf, buflen );
|
||||
if( ret != 0 )
|
||||
|
@ -984,8 +993,8 @@ int mbedtls_sha512_self_test( int verbose )
|
|||
}
|
||||
else
|
||||
{
|
||||
ret = mbedtls_sha512_update( &ctx, sha512_test_buf[j],
|
||||
sha512_test_buflen[j] );
|
||||
ret = mbedtls_sha512_update( &ctx, sha_test_buf[i],
|
||||
sha_test_buflen[i] );
|
||||
if( ret != 0 )
|
||||
goto fail;
|
||||
}
|
||||
|
@ -993,7 +1002,7 @@ int mbedtls_sha512_self_test( int verbose )
|
|||
if( ( ret = mbedtls_sha512_finish( &ctx, sha512sum ) ) != 0 )
|
||||
goto fail;
|
||||
|
||||
if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
|
||||
if( memcmp( sha512sum, sha_test_sum[i], 64 - is384 * 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto fail;
|
||||
|
@ -1019,8 +1028,22 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
int mbedtls_sha512_self_test( int verbose )
|
||||
{
|
||||
return mbedtls_sha512_common_self_test( verbose, 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
int mbedtls_sha384_self_test( int verbose )
|
||||
{
|
||||
return mbedtls_sha512_common_self_test( verbose, 1 );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
||||
#undef ARRAY_LENGTH
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_SHA512_C || MBEDTLS_SHA384_C */
|
||||
|
|
|
@ -38,23 +38,19 @@
|
|||
#include <string.h>
|
||||
|
||||
/*
|
||||
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-384 is
|
||||
* available. Try SHA-256 first, 384 wastes resources
|
||||
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
|
||||
* available. Try SHA-256 first as 384 wastes resources
|
||||
*/
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
|
||||
#define COOKIE_MD MBEDTLS_MD_SHA224
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
|
||||
#define COOKIE_MD MBEDTLS_MD_SHA256
|
||||
#define COOKIE_MD_OUTLEN 32
|
||||
#define COOKIE_HMAC_LEN 28
|
||||
#elif defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
|
||||
#define COOKIE_MD MBEDTLS_MD_SHA384
|
||||
#define COOKIE_MD_OUTLEN 48
|
||||
#define COOKIE_HMAC_LEN 28
|
||||
#elif defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
|
||||
#define COOKIE_MD MBEDTLS_MD_SHA1
|
||||
#define COOKIE_MD_OUTLEN 20
|
||||
#define COOKIE_HMAC_LEN 20
|
||||
#else
|
||||
#error "DTLS hello verify needs SHA-1 or SHA-2"
|
||||
#error "DTLS hello verify needs SHA-256 or SHA-384"
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
|
|
@ -243,9 +243,15 @@ const selftest_t selftests[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{"sha1", mbedtls_sha1_self_test},
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
{"sha224", mbedtls_sha224_self_test},
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
{"sha256", mbedtls_sha256_self_test},
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
{"sha384", mbedtls_sha384_self_test},
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
{"sha512", mbedtls_sha512_self_test},
|
||||
#endif
|
||||
|
|
|
@ -35,7 +35,6 @@
|
|||
/* PSA core mandatory configuration options */
|
||||
#define MBEDTLS_CIPHER_C
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
|
@ -46,6 +45,7 @@
|
|||
* purpose of a specific set of tests.
|
||||
*/
|
||||
//#define MBEDTLS_SHA1_C
|
||||
//#define MBEDTLS_SHA224_C
|
||||
//#define MBEDTLS_SHA384_C
|
||||
//#define MBEDTLS_SHA512_C
|
||||
//#define MBEDTLS_MD_C
|
||||
|
|
|
@ -1969,7 +1969,8 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
|||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
# SHA384 needed for some ECDSA signature tests.
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
|
||||
|
||||
|
@ -1978,6 +1979,7 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
|||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Restore test driver base configuration
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA384_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
|
||||
|
||||
|
@ -2062,6 +2064,7 @@ component_test_psa_crypto_config_accel_rsa_signature () {
|
|||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C
|
||||
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
|
||||
# We need to define either MD_C or all of the PSA_WANT_ALG_SHAxxx.
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_MD_C
|
||||
|
@ -2076,6 +2079,7 @@ component_test_psa_crypto_config_accel_rsa_signature () {
|
|||
|
||||
# Restore test driver base configuration
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_MD_C
|
||||
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C
|
||||
|
|
|
@ -44,12 +44,6 @@ The configuration building method can be one of the three following:
|
|||
direct dependencies, but rather non-trivial results of other configs missing. Then
|
||||
look for any unset symbols and handle their reverse dependencies.
|
||||
Examples of EXCLUSIVE_GROUPS usage:
|
||||
- MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating
|
||||
reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled,
|
||||
and then SHA256 is found to depend on SHA224, so it is also disabled. To handle
|
||||
this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224
|
||||
should also be enabled before processing reverse dependencies:
|
||||
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C']
|
||||
- MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
|
||||
requires either SHA256 or SHA384 to work, so it also has to be disabled.
|
||||
This is not a dependency on SHA512_C, but a result of an exclusive domain
|
||||
|
@ -257,17 +251,14 @@ REVERSE_DEPENDENCIES = {
|
|||
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
|
||||
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
|
||||
'MBEDTLS_ENTROPY_FORCE_SHA256',
|
||||
'MBEDTLS_SHA224_C',
|
||||
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
|
||||
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
|
||||
'MBEDTLS_LMS_C',
|
||||
'MBEDTLS_LMS_PRIVATE'],
|
||||
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C',
|
||||
'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
|
||||
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
|
||||
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
|
||||
'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
|
||||
'MBEDTLS_ENTROPY_FORCE_SHA256',
|
||||
'MBEDTLS_SHA256_C',
|
||||
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
|
||||
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
|
||||
'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
|
||||
|
@ -277,8 +268,6 @@ REVERSE_DEPENDENCIES = {
|
|||
# These are not necessarily dependencies, but just minimal required changes
|
||||
# if a given define is the only one enabled from an exclusive group.
|
||||
EXCLUSIVE_GROUPS = {
|
||||
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'],
|
||||
'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C'],
|
||||
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
|
||||
'-MBEDTLS_SSL_PROTO_TLS1_3'],
|
||||
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
|
||||
|
@ -421,15 +410,15 @@ class DomainData:
|
|||
build_and_test),
|
||||
# Elliptic curves. Run the test suites.
|
||||
'curves': ExclusiveDomain(curve_symbols, build_and_test),
|
||||
# Hash algorithms. Exclude three groups:
|
||||
# - Exclusive domain of MD, RIPEMD, SHA1 (obsolete);
|
||||
# - Exclusive domain of SHA224 (tested with and depends on SHA256);
|
||||
# - Complementary domain of SHA224 and SHA384 - tested with and depend
|
||||
# on SHA256 and SHA512, respectively.
|
||||
# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1,
|
||||
# SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
|
||||
# across various modules, but it depends on either SHA256 or SHA512.
|
||||
# As a consequence an "exclusive" test of anything other than SHA256
|
||||
# or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible.
|
||||
'hashes': DualDomain(hash_symbols, build_and_test,
|
||||
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
|
||||
'|MBEDTLS_SHA224_'\
|
||||
'|!MBEDTLS_(SHA224_|SHA384_)'),
|
||||
'|MBEDTLS_SHA224_' \
|
||||
'|MBEDTLS_SHA384_'),
|
||||
# Key exchange types. Only build the library and the sample
|
||||
# programs.
|
||||
'kex': ExclusiveDomain(key_exchange_symbols,
|
||||
|
|
|
@ -169,10 +169,18 @@ SHA-1 Selftest
|
|||
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA1_C
|
||||
sha1_selftest:
|
||||
|
||||
SHA-224 Selftest
|
||||
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA224_C
|
||||
sha224_selftest:
|
||||
|
||||
SHA-256 Selftest
|
||||
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA256_C
|
||||
sha256_selftest:
|
||||
|
||||
SHA-384 Selftest
|
||||
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA384_C
|
||||
sha384_selftest:
|
||||
|
||||
SHA-512 Selftest
|
||||
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA512_C
|
||||
sha512_selftest:
|
||||
|
|
|
@ -46,9 +46,9 @@ void sha224( data_t * src_str, data_t * hash )
|
|||
memset(output, 0x00, 57);
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 1 ) == 0 );
|
||||
TEST_EQUAL( mbedtls_sha256( src_str->x, src_str->len, output, 1 ), 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
|
||||
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -60,9 +60,9 @@ void mbedtls_sha256( data_t * src_str, data_t * hash )
|
|||
memset(output, 0x00, 65);
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 0 ) == 0 );
|
||||
TEST_EQUAL( mbedtls_sha256( src_str->x, src_str->len, output, 0 ), 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
|
||||
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -94,9 +94,9 @@ void sha384( data_t * src_str, data_t * hash )
|
|||
memset(output, 0x00, 97);
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 1 ) == 0 );
|
||||
TEST_EQUAL( mbedtls_sha512( src_str->x, src_str->len, output, 1 ), 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
|
||||
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -108,9 +108,9 @@ void mbedtls_sha512( data_t * src_str, data_t * hash )
|
|||
memset(output, 0x00, 129);
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 0 ) == 0 );
|
||||
TEST_EQUAL( mbedtls_sha512( src_str->x, src_str->len, output, 0 ), 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
|
||||
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -121,16 +121,30 @@ void sha1_selftest( )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA224_C:MBEDTLS_SELF_TEST */
|
||||
void sha224_selftest( )
|
||||
{
|
||||
TEST_EQUAL( mbedtls_sha224_self_test( 1 ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */
|
||||
void sha256_selftest( )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 );
|
||||
TEST_EQUAL( mbedtls_sha256_self_test( 1 ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA384_C:MBEDTLS_SELF_TEST */
|
||||
void sha384_selftest( )
|
||||
{
|
||||
TEST_EQUAL( mbedtls_sha384_self_test( 1 ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */
|
||||
void sha512_selftest( )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 );
|
||||
TEST_EQUAL( mbedtls_sha512_self_test( 1 ), 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
@ -4532,7 +4532,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
|
|||
data_t *transcript,
|
||||
data_t *binder_expected )
|
||||
{
|
||||
unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char binder[ MBEDTLS_HASH_MAX_SIZE ];
|
||||
|
||||
/* Double-check that we've passed sane parameters. */
|
||||
psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
|
||||
|
@ -4664,7 +4664,7 @@ void ssl_tls13_key_evolution( int hash_alg,
|
|||
data_t *input,
|
||||
data_t *expected )
|
||||
{
|
||||
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char secret_new[ MBEDTLS_HASH_MAX_SIZE ];
|
||||
|
||||
PSA_INIT();
|
||||
|
||||
|
|
|
@ -704,7 +704,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR
|
|||
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
|
||||
|
@ -840,7 +840,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_S
|
|||
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #70 (v1 trusted CA)
|
||||
|
@ -2117,35 +2117,35 @@ X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown)
|
|||
x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, issuer set missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
# 305c
|
||||
|
@ -2171,35 +2171,35 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:
|
|||
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, signatureValue missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, single empty entry at end)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, good entry then empty entry at end)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, missing time in entry)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, missing time in entry at end)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, invalid tag for time in entry)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, invalid tag for serial)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRL ASN1 (TBSCertList, no entries)
|
||||
|
|
Loading…
Reference in a new issue