Add option to build SHA-512 without SHA-384 #179
Conversation
mpg
added
enhancement
|
Please extend |
Patater
added
the
needs: work
|
Note: an extension of |
mpg
removed
the
needs: work
|
@gilles-peskine-arm I rebased in order to resolve conflicts (previous state is at https://github.com/mpg/mbed-crypto/tree/sha512-no-sha384-1) and extended |
gilles-peskine-arm
added
needs: work
| @@ -59,8 +59,10 @@ typedef struct mbedtls_sha512_context | |||
| uint64_t total[2]; /*!< The number of Bytes processed. */ | |||
| uint64_t state[8]; /*!< The intermediate digest state. */ | |||
| unsigned char buffer[128]; /*!< The data block being processed. */ | |||
| #if !defined(MBEDTLS_SHA512_NO_SHA384) | |||
| int is384; /*!< Determines which function to use: | |||
| 0: Use SHA-512, or 1: Use SHA-384. */ | |||
There was a problem hiding this comment.
I would change int is384; in to char is384; or even bool to keep good practice with structure padding
There was a problem hiding this comment.
That would be an ABI change, so I'd rather not do it here.
| extern const mbedtls_md_info_t mbedtls_sha384_info; | ||
| #endif |
There was a problem hiding this comment.
There is many places when you use this sentence with double negation "#if !defined(MBEDTLS_SHA512_NO_SHA384)" an it makes riding it is not very friendly. This is a second advantage to use option like MBEDTLS_SHA512_WITH_SHA384
There was a problem hiding this comment.
Whether mbedtls_sha384_info shouldn't be excluded in md.c also?
Saves 140 bytes on sha512.o, measured with: arm-none-eabi-gcc -Wall -Wextra -Iinclude -Os -mcpu=cortex-m0plus -mthumb -c library/sha512.c && arm-none-eabi-size sha512.o arm-none-eabi-gcc (GNU Tools for Arm Embedded Processors 7-2018-q2-update) 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907] Todo: - fix selftest - fix dependencies in test suites - implement in MD layer
|
I just rebased on current development and force-pushed in order to resolve conflicts. The previous state of the branch was saved at https://github.com/mpg/mbed-crypto/tree/sha512-no-sha384-2 I'll push more commits in order to address review comments later. |
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C - Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
|
@gilles-peskine-arm @piotr-now I believe I addressed your comments, either by changing the code as suggested, or commenting why I'd rather not. This is ready for you to review again. |
There was a problem hiding this comment.
LGTM apart from a few minor issues.
There's no test of trying to use SHA-384 when it's disabled. But this is a preexisting test gap so this PR doesn't need to do anything about it.
Other cases in this switch statement aren't guarded either.
Other modules have similar internal macros using _LENGTH in the name.
|
@gilles-peskine-arm Thanks for your feedback, and clarifying when I didn't immediately understand it. I believe I've addressed all of it so feel free to review again! |
mpg
added
needs: review
|
The CI passes all tests except the ones involving Mbed OS, which is a known issue independent from this PR, so it's as good as a pass as far as merging this PR is concerned. |
library/sha512.c
Outdated
| @@ -587,7 +587,7 @@ static const unsigned char sha512_test_sum[][64] = | |||
| 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B } | |||
| }; | |||
|
|
|||
| #define ARRAY_LEN(a) ( sizeof( a ) / sizeof( a[0] ) ) | |||
| #define ARRAY_LENGTH(a) ( sizeof( a ) / sizeof( a[0] ) ) | |||
There was a problem hiding this comment.
| #define ARRAY_LENGTH(a) ( sizeof( a ) / sizeof( a[0] ) ) | |
| #define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) ) |
|
@gilles-peskine-arm Thanks for catching that issue. I fixed it, this should now be ready for re-review. @piotr-now You reviewed and approved a previous version of this PR, do you think you'd be able to review it again? Thanks! |
|
LGTM |
|
The CI passes all tests except for the ones relying on mbed-os, which is a know issue with mbed-os, unrelated to this PR, so it's a s good as a pass. |
mpg
added
ready for merge
Previously in d875285: * ARMmbed#333: Streamline PSA key type encodings: prepare * ARMmbed#323: Initialise return values to an error Previously in dbcb442: * ARMmbed#291: Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * ARMmbed#334: Fix some pylint warnings Previously in ceceedb: * ARMmbed#348: Bump version to Mbed TLS 2.20.0 and crypto SO version to 4 * ARMmbed#354: Fix incrementing pointer instead of value In this commit: * ARMmbed#349: Fix minor defects found by Coverity * ARMmbed#179: Add option to build SHA-512 without SHA-384 * ARMmbed#327: Implement psa_hash_compute and psa_hash_compare * ARMmbed#330: Streamline PSA key type and curve encodings
This adds a config.h option
MBEDTLS_SHA512_NO_SHA384that allows to build with SHA-512 enabled but not SHA-384, for people who don't need SHA-384 and want to save on code size.This is very comparable to https://github.com/ARMmbed/mbedtls-restricted/pull/621 (which should be side-ported).
Contrary to SHA-256 however, it seems desirable to also have a symmetrical option for people who only need SHA-384 but not SHA-512. In order to keep this PR small and allow it to move forward quickly, it was not included but can be done later.
Reviewers, please double-check if I didn't miss anything to do with PSA as I'm less familiar with that part.
Size, building with
CFLAGS='-Os -mcpu=cortex-m0plus -mthumb' CC=arm-none-eabi-gcc(ARM-GCC 7.3) after runningscripts/config.pl baremetal(don't pay attention to the absolute values as this is a full config, only the difference is interesting):libmbedcrypto.awith SHA-384libmbedcrypto.awithout SHA-384Note: If #327 is merged first, this PR will need to be modified to add a dependency on
!MBEDTLS_SHA512_NO_SHA384to some test cases added by #327.