Skip to content

Add option to build SHA-512 without SHA-384 #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Jan 30, 2020
Merged

Add option to build SHA-512 without SHA-384 #179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
ad6cb11
Declare new config.h option MBEDTLS_SHA512_NO_SHA384
mpg Jul 17, 2019
3df4e60
Implement SHA512_NO_SHA384 in sha512 module
mpg Jul 17, 2019
39ea19a
Adapt sha512 selftest to NO_SHA384 option
mpg Jul 17, 2019
6ba5a3f
Declare test dependencies on !SHA512_NO_SHA384
mpg Jul 17, 2019
d602084
Implement NO_SHA384 in MD layer and PSA
mpg Jul 17, 2019
20f236d
Adjust depends-hashes.pl to test NO_SHA384 as well
mpg Sep 11, 2019
663ee20
Clarify documentation on is384.
mpg Jan 7, 2020
792b16d
Make more code paths conditional in psa_crypto.c
mpg Jan 7, 2020
0b9db44
Make optional parameter validation more precise
mpg Jan 7, 2020
2d88549
Improve readability of macro in selftest
mpg Jan 7, 2020
86a39bd
Improve readability of test dependencies
mpg Jan 7, 2020
1e6fb01
Make SHA512_NO_SHA384 depend on SHA512_C
mpg Jan 7, 2020
3a3b5c7
Improve doxygen formatting
mpg Jan 24, 2020
b7f7092
Remove preprocessor directive for consistency
mpg Jan 24, 2020
2b9b780
Rename internal macro for consistency
mpg Jan 24, 2020
74ca84a
Fix some whitespace issues
mpg Jan 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions include/mbedtls/check_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,10 @@
#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
#endif

#if defined(MBEDTLS_SHA512_NO_SHA384) && !defined(MBEDTLS_SHA512_C)
#error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
#endif

#if defined(MBEDTLS_THREADING_PTHREAD)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
Expand Down
12 changes: 12 additions & 0 deletions include/mbedtls/config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1033,6 +1033,18 @@
*/
//#define MBEDTLS_SHA512_SMALLER

/**
* \def MBEDTLS_SHA512_NO_SHA384
*
* Disable the SHA-384 option of the SHA-512 module. Use this to save some
* code size on devices that don't use SHA-384.
*
* Requires: MBEDTLS_SHA512_C
*
* Uncomment to disable SHA-384
*/
//#define MBEDTLS_SHA512_NO_SHA384

/**
* \def MBEDTLS_THREADING_ALT
*
Expand Down
2 changes: 2 additions & 0 deletions include/mbedtls/md_internal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,9 @@ extern const mbedtls_md_info_t mbedtls_sha224_info;
extern const mbedtls_md_info_t mbedtls_sha256_info;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
extern const mbedtls_md_info_t mbedtls_sha384_info;
#endif
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is many places when you use this sentence with double negation "#if !defined(MBEDTLS_SHA512_NO_SHA384)" an it makes riding it is not very friendly. This is a second advantage to use option like MBEDTLS_SHA512_WITH_SHA384

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whether mbedtls_sha384_info shouldn't be excluded in md.c also?

extern const mbedtls_md_info_t mbedtls_sha512_info;
#endif

Expand Down
18 changes: 17 additions & 1 deletion include/mbedtls/sha512.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,10 @@ typedef struct mbedtls_sha512_context
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */
#if !defined(MBEDTLS_SHA512_NO_SHA384)
int is384; /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would change int is384; in to char is384; or even bool to keep good practice with structure padding

Copy link
Contributor Author

@mpg mpg Jan 6, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be an ABI change, so I'd rather not do it here.

#endif
}
mbedtls_sha512_context;

Expand Down Expand Up @@ -101,7 +103,11 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
*
* \param ctx The SHA-512 context to use. This must be initialized.
* \param is384 Determines which function to use. This must be
* either \c for SHA-512, or \c 1 for SHA-384.
* either \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
* \return A negative error code on failure.
Expand Down Expand Up @@ -169,6 +175,9 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
* \param ctx The SHA-512 context to use. This must be initialized.
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512 or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will fail to work.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 );
Expand Down Expand Up @@ -239,6 +248,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
Expand Down Expand Up @@ -273,6 +286,9 @@ int mbedtls_sha512_ret( const unsigned char *input,
* be a writable buffer of length \c 64 Bytes.
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will fail to work.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
size_t ilen,
Expand Down
24 changes: 24 additions & 0 deletions library/md.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,14 @@ const mbedtls_md_info_t mbedtls_sha256_info = {
#endif

#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
const mbedtls_md_info_t mbedtls_sha384_info = {
"SHA384",
MBEDTLS_MD_SHA384,
48,
128,
};
#endif

const mbedtls_md_info_t mbedtls_sha512_info = {
"SHA512",
Expand All @@ -142,8 +144,10 @@ static const int supported_digests[] = {

#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
#if !defined(MBEDTLS_SHA512_NO_SHA384)
MBEDTLS_MD_SHA384,
#endif
#endif

#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
Expand Down Expand Up @@ -211,8 +215,10 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
if( !strcmp( "SHA384", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
#endif
if( !strcmp( "SHA512", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
#endif
Expand Down Expand Up @@ -250,8 +256,10 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
return( &mbedtls_sha256_info );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( &mbedtls_sha384_info );
#endif
case MBEDTLS_MD_SHA512:
return( &mbedtls_sha512_info );
#endif
Expand Down Expand Up @@ -306,7 +314,9 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
mbedtls_sha512_free( ctx->md_ctx );
break;
Expand Down Expand Up @@ -372,7 +382,9 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
mbedtls_sha512_clone( dst->md_ctx, src->md_ctx );
break;
Expand Down Expand Up @@ -439,7 +451,9 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
ALLOC( sha512 );
break;
Expand Down Expand Up @@ -498,8 +512,10 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx )
return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) );
#endif
Expand Down Expand Up @@ -542,8 +558,10 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
#endif
Expand Down Expand Up @@ -586,8 +604,10 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
#endif
Expand Down Expand Up @@ -631,8 +651,10 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
#endif
Expand Down Expand Up @@ -839,8 +861,10 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
#endif
Expand Down
12 changes: 12 additions & 0 deletions library/psa_crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2037,8 +2037,10 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
return( &mbedtls_sha256_info );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
return( &mbedtls_sha384_info );
#endif
case PSA_ALG_SHA_512:
return( &mbedtls_sha512_info );
#endif
Expand Down Expand Up @@ -2089,7 +2091,9 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
mbedtls_sha512_free( &operation->ctx.sha512 );
break;
Expand Down Expand Up @@ -2155,10 +2159,12 @@ psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
break;
#endif
case PSA_ALG_SHA_512:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
Expand Down Expand Up @@ -2227,7 +2233,9 @@ psa_status_t psa_hash_update( psa_hash_operation_t *operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
input, input_length );
Expand Down Expand Up @@ -2300,7 +2308,9 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
break;
Expand Down Expand Up @@ -2389,7 +2399,9 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
mbedtls_sha512_clone( &target_operation->ctx.sha512,
&source_operation->ctx.sha512 );
Expand Down
Loading