mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-08 17:42:09 +03:00
Merge remote-tracking branch 'development' into psa_crypto_config-in-full
Conflicts: * `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and `PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions from `development`, and add the `u` suffix to the relevant constants.
This commit is contained in:
Gilles Peskine
@@ -59,6 +59,7 @@
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* X.509, TLS and non-PSA crypto configuration */
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/mbedtls_config.h"
|
||||
#else
|
||||
@@ -80,6 +81,18 @@
|
||||
#include MBEDTLS_USER_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/* PSA crypto configuration */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
|
||||
#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
|
||||
#else
|
||||
#include "psa/crypto_config.h"
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
|
||||
#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
|
||||
#endif
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
|
||||
|
||||
/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
|
||||
* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
|
||||
* to ensure a 128-bit key size in CTR_DRBG.
|
||||
|
||||
@@ -412,10 +412,6 @@
|
||||
#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
|
||||
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
|
||||
#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
@@ -30,24 +30,8 @@
|
||||
#ifndef MBEDTLS_CONFIG_PSA_H
|
||||
#define MBEDTLS_CONFIG_PSA_H
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
|
||||
#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
|
||||
#else
|
||||
#include "psa/crypto_config.h"
|
||||
#endif
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
|
||||
#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "psa/crypto_legacy.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
@@ -113,6 +97,13 @@ extern "C" {
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define PSA_WANT_ALG_SHA3_224 1
|
||||
#define PSA_WANT_ALG_SHA3_256 1
|
||||
#define PSA_WANT_ALG_SHA3_384 1
|
||||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#endif
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Require built-in implementations based on PSA requirements */
|
||||
@@ -270,6 +261,26 @@ extern "C" {
|
||||
#define MBEDTLS_SHA512_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
|
||||
@@ -888,6 +899,17 @@ extern "C" {
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
|
||||
#define PSA_WANT_ALG_SHA3_224 1
|
||||
#define PSA_WANT_ALG_SHA3_256 1
|
||||
#define PSA_WANT_ALG_SHA3_384 1
|
||||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
@@ -1074,8 +1096,4 @@ extern "C" {
|
||||
#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
|
||||
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_PSA_H */
|
||||
|
||||
@@ -172,15 +172,47 @@
|
||||
* This allows different allocators (self-implemented or provided) to be
|
||||
* provided to the platform abstraction layer.
|
||||
*
|
||||
* Enabling MBEDTLS_PLATFORM_MEMORY without the
|
||||
* Enabling #MBEDTLS_PLATFORM_MEMORY without the
|
||||
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
|
||||
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
|
||||
* free() function pointer at runtime.
|
||||
*
|
||||
* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
|
||||
* Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
|
||||
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
|
||||
* alternate function at compile time.
|
||||
*
|
||||
* An overview of how the value of mbedtls_calloc is determined:
|
||||
*
|
||||
* - if !MBEDTLS_PLATFORM_MEMORY
|
||||
* - mbedtls_calloc = calloc
|
||||
* - if MBEDTLS_PLATFORM_MEMORY
|
||||
* - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
|
||||
* - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
|
||||
* - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
|
||||
* - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
|
||||
* - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
|
||||
* - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
|
||||
* - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
|
||||
* - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
|
||||
* - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
|
||||
* - if MBEDTLS_PLATFORM_STD_CALLOC is present:
|
||||
* - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
|
||||
* - if !MBEDTLS_PLATFORM_STD_CALLOC:
|
||||
* - MBEDTLS_PLATFORM_STD_CALLOC = calloc
|
||||
*
|
||||
* - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
|
||||
* - if !MBEDTLS_PLATFORM_STD_CALLOC
|
||||
* - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
|
||||
*
|
||||
* - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
|
||||
*
|
||||
* Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
|
||||
* MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
|
||||
* #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
|
||||
* dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
|
||||
*
|
||||
* Requires: MBEDTLS_PLATFORM_C
|
||||
*
|
||||
* Enable this layer to allow use of alternative memory allocators.
|
||||
@@ -3708,8 +3740,29 @@
|
||||
|
||||
/* Platform options */
|
||||
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
|
||||
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
|
||||
|
||||
/** \def MBEDTLS_PLATFORM_STD_CALLOC
|
||||
*
|
||||
* Default allocator to use, can be undefined.
|
||||
* It must initialize the allocated buffer memory to zeroes.
|
||||
* The size of the buffer is the product of the two parameters.
|
||||
* The calloc function returns either a null pointer or a pointer to the allocated space.
|
||||
* If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
|
||||
* See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
|
||||
* The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
|
||||
|
||||
/** \def MBEDTLS_PLATFORM_STD_FREE
|
||||
*
|
||||
* Default free to use, can be undefined.
|
||||
* NULL is a valid parameter, and the function must do nothing.
|
||||
* A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
|
||||
* See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_STD_FREE free
|
||||
//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
@@ -3723,10 +3776,10 @@
|
||||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
|
||||
|
||||
/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
|
||||
/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
|
||||
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
|
||||
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
|
||||
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
|
||||
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
@@ -4016,4 +4069,18 @@
|
||||
*/
|
||||
//#define MBEDTLS_ECP_WITH_MPI_UINT
|
||||
|
||||
/*
|
||||
* Disable plain C implementation for AES.
|
||||
*
|
||||
* When the plain C implementation is enabled, and an implementation using a
|
||||
* special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
|
||||
* detection will be used to select between them.
|
||||
*
|
||||
* If only one implementation is present, runtime detection will not be used.
|
||||
* This configuration will crash at runtime if running on a CPU without the
|
||||
* necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
|
||||
* and/or MBEDTLS_AESNI_C is enabled & present in the build.
|
||||
*/
|
||||
//#define MBEDTLS_AES_USE_HARDWARE_ONLY
|
||||
|
||||
/** \} name SECTION: Module configuration options */
|
||||
|
||||
@@ -85,6 +85,26 @@
|
||||
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_SHA3_224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_SHA3_256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_SHA3_384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SHA3_512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Built-in implementations */
|
||||
@@ -117,6 +137,7 @@
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
|
||||
@@ -286,6 +286,10 @@ int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len,
|
||||
* \brief Closes down the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to close
|
||||
*
|
||||
* \note This function frees and clears data associated with the
|
||||
* context but does not free the memory pointed to by \p ctx.
|
||||
* This memory is the responsibility of the caller.
|
||||
*/
|
||||
void mbedtls_net_close(mbedtls_net_context *ctx);
|
||||
|
||||
@@ -293,6 +297,10 @@ void mbedtls_net_close(mbedtls_net_context *ctx);
|
||||
* \brief Gracefully shutdown the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to free
|
||||
*
|
||||
* \note This function frees and clears data associated with the
|
||||
* context but does not free the memory pointed to by \p ctx.
|
||||
* This memory is the responsibility of the caller.
|
||||
*/
|
||||
void mbedtls_net_free(mbedtls_net_context *ctx);
|
||||
|
||||
|
||||
@@ -270,6 +270,15 @@
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */
|
||||
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
|
||||
@@ -280,6 +289,16 @@
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
*/
|
||||
|
||||
@@ -130,11 +130,22 @@ extern "C" {
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
/* Enable certain documented defines only when generating doxygen to avoid
|
||||
* an "unrecognized define" error. */
|
||||
#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC
|
||||
#endif
|
||||
|
||||
#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#define MBEDTLS_PLATFORM_STD_FREE
|
||||
#endif
|
||||
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free.
|
||||
* Please see MBEDTLS_PLATFORM_STD_CALLOC and MBEDTLS_PLATFORM_STD_FREE
|
||||
* in mbedtls_config.h for more information about behaviour and requirements.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
|
||||
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/sha512.h"
|
||||
#include "mbedtls/sha3.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
|
||||
@@ -52,7 +53,11 @@
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
|
||||
#define MBEDTLS_PSA_BUILTIN_HASH
|
||||
#endif
|
||||
|
||||
@@ -76,6 +81,12 @@ typedef struct {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
|
||||
mbedtls_sha512_context sha512;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
|
||||
mbedtls_sha3_context sha3;
|
||||
#endif
|
||||
} MBEDTLS_PRIVATE(ctx);
|
||||
} mbedtls_psa_hash_operation_t;
|
||||
|
||||
@@ -87,12 +87,17 @@
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#define PSA_WANT_ALG_SHA_384 1
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#define PSA_WANT_ALG_SHA3_224 1
|
||||
#define PSA_WANT_ALG_SHA3_256 1
|
||||
#define PSA_WANT_ALG_SHA3_384 1
|
||||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
||||
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
|
||||
|
||||
/* Note: when adding support, also adjust include/mbedtls/config_psa.h */
|
||||
/* XTS is not yet supported via the PSA API in Mbed TLS.
|
||||
* Note: when adding support, also adjust include/mbedtls/config_psa.h */
|
||||
//#define PSA_WANT_ALG_XTS 1
|
||||
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
||||
|
||||
@@ -125,28 +125,43 @@
|
||||
* This macro expands to a compile-time constant integer. This value
|
||||
* is the maximum size of a hash in bytes.
|
||||
*/
|
||||
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
|
||||
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
|
||||
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
|
||||
* HMAC-SHA3-512. */
|
||||
/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
|
||||
* see the note on MBEDTLS_MD_MAX_SIZE for details. */
|
||||
#if defined(PSA_WANT_ALG_SHA_512)
|
||||
#define PSA_HASH_MAX_SIZE 64u
|
||||
#if defined(PSA_WANT_ALG_SHA3_224)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
|
||||
#elif defined(PSA_WANT_ALG_SHA3_256)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
|
||||
#elif defined(PSA_WANT_ALG_SHA_512)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
|
||||
#elif defined(PSA_WANT_ALG_SHA_384)
|
||||
#define PSA_HASH_MAX_SIZE 48u
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
|
||||
#elif defined(PSA_WANT_ALG_SHA3_384)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
|
||||
#elif defined(PSA_WANT_ALG_SHA3_512)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
|
||||
#elif defined(PSA_WANT_ALG_SHA_256)
|
||||
#define PSA_HASH_MAX_SIZE 32u
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
|
||||
#elif defined(PSA_WANT_ALG_SHA_224)
|
||||
#define PSA_HASH_MAX_SIZE 28u
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
|
||||
#else /* SHA-1 or smaller */
|
||||
#define PSA_HASH_MAX_SIZE 20u
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
|
||||
#define PSA_HASH_MAX_SIZE 64u
|
||||
#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
|
||||
#define PSA_HASH_MAX_SIZE 48u
|
||||
#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
|
||||
#define PSA_HASH_MAX_SIZE 32u
|
||||
#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
|
||||
#define PSA_HASH_MAX_SIZE 28u
|
||||
#else /* SHA-1 or smaller */
|
||||
#define PSA_HASH_MAX_SIZE 20u
|
||||
#endif
|
||||
|
||||
/** \def PSA_MAC_MAX_SIZE
|
||||
*
|
||||
* Maximum size of a MAC.
|
||||
|
||||
Reference in New Issue
Block a user