Merge pull request #327 from gilles-peskine-arm/psa-hash_compute

Implement psa_hash_compute and psa_hash_compare

include/psa/crypto.h

@@ -932,7 +932,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
                               const uint8_t *input,
                               size_t input_length,
                               const uint8_t *hash,
-                              const size_t hash_length);
+                              size_t hash_length);
 
 /** The type of the state data structure for multipart hash operations.
  *
@@ -1300,7 +1300,7 @@ psa_status_t psa_mac_verify(psa_key_handle_t handle,
                             const uint8_t *input,
                             size_t input_length,
                             const uint8_t *mac,
-                            const size_t mac_length);
+                            size_t mac_length);
 
 /** The type of the state data structure for multipart MAC operations.
  *

library/psa_crypto.c

@@ -2351,6 +2351,58 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
     return( PSA_SUCCESS );
 }
 
+psa_status_t psa_hash_compute( psa_algorithm_t alg,
+                               const uint8_t *input, size_t input_length,
+                               uint8_t *hash, size_t hash_size,
+                               size_t *hash_length )
+{
+    psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+    *hash_length = hash_size;
+    status = psa_hash_setup( &operation, alg );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = psa_hash_update( &operation, input, input_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = psa_hash_finish( &operation, hash, hash_size, hash_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+exit:
+    if( status == PSA_SUCCESS )
+        status = psa_hash_abort( &operation );
+    else
+        psa_hash_abort( &operation );
+    return( status );
+}
+
+psa_status_t psa_hash_compare( psa_algorithm_t alg,
+                               const uint8_t *input, size_t input_length,
+                               const uint8_t *hash, size_t hash_length )
+{
+    psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+    status = psa_hash_setup( &operation, alg );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = psa_hash_update( &operation, input, input_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = psa_hash_verify( &operation, hash, hash_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+exit:
+    if( status == PSA_SUCCESS )
+        status = psa_hash_abort( &operation );
+    else
+        psa_hash_abort( &operation );
+    return( status );
+}
+
 psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
                              psa_hash_operation_t *target_operation )
 {
@@ -2685,14 +2737,8 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
 
     if( key_length > block_size )
     {
-        status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
+        status = psa_hash_compute( hash_alg, key, key_length,
-        if( status != PSA_SUCCESS )
+                                   ipad, sizeof( ipad ), &key_length );
-            goto cleanup;
-        status = psa_hash_update( &hmac->hash_ctx, key, key_length );
-        if( status != PSA_SUCCESS )
-            goto cleanup;
-        status = psa_hash_finish( &hmac->hash_ctx,
-                                  ipad, sizeof( ipad ), &key_length );
         if( status != PSA_SUCCESS )
             goto cleanup;
     }

tests/scripts/check-test-cases.py

@@ -20,6 +20,7 @@
 #
 # This file is part of Mbed TLS (https://tls.mbed.org)
 
+import argparse
 import glob
 import os
 import re
@@ -27,9 +28,11 @@ import sys
 
 class Results:
     """Store file and line information about errors or warnings in test suites."""
-    def __init__(self):
+
+    def __init__(self, options):
         self.errors = 0
         self.warnings = 0
+        self.ignore_warnings = options.quiet
 
     def error(self, file_name, line_number, fmt, *args):
         sys.stderr.write(('{}:{}:ERROR:' + fmt + '\n').
@@ -37,9 +40,10 @@ class Results:
         self.errors += 1
 
     def warning(self, file_name, line_number, fmt, *args):
-        sys.stderr.write(('{}:{}:Warning:' + fmt + '\n')
+        if not self.ignore_warnings:
-                         .format(file_name, line_number, *args))
+            sys.stderr.write(('{}:{}:Warning:' + fmt + '\n')
-        self.warnings += 1
+                             .format(file_name, line_number, *args))
+            self.warnings += 1
 
 def collect_test_directories():
     """Get the relative path for the TLS and Crypto test directories."""
@@ -108,8 +112,16 @@ def check_ssl_opt_sh(results, file_name):
                               file_name, line_number, description)
 
 def main():
+    parser = argparse.ArgumentParser(description=__doc__)
+    parser.add_argument('--quiet', '-q',
+                        action='store_true',
+                        help='Hide warnings')
+    parser.add_argument('--verbose', '-v',
+                        action='store_false', dest='quiet',
+                        help='Show warnings (default: on; undoes --quiet)')
+    options = parser.parse_args()
     test_directories = collect_test_directories()
-    results = Results()
+    results = Results(options)
     for directory in test_directories:
         for data_file_name in glob.glob(os.path.join(directory, 'suites',
                                                      '*.data')):
@@ -117,7 +129,7 @@ def main():
         ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh')
         if os.path.exists(ssl_opt_sh):
             check_ssl_opt_sh(results, ssl_opt_sh)
-    if results.warnings or results.errors:
+    if (results.warnings or results.errors) and not options.quiet:
         sys.stderr.write('{}: {} errors, {} warnings\n'
                          .format(sys.argv[0], results.errors, results.warnings))
     sys.exit(1 if results.errors else 0)

tests/suites/test_suite_psa_crypto.function

@@ -2430,6 +2430,109 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void hash_compute_fail( int alg_arg, data_t *input,
+                        int output_size_arg, int expected_status_arg )
+{
+    psa_algorithm_t alg = alg_arg;
+    uint8_t *output = NULL;
+    size_t output_size = output_size_arg;
+    size_t output_length = INVALID_EXPORT_LENGTH;
+    psa_status_t expected_status = expected_status_arg;
+    psa_status_t status;
+
+    ASSERT_ALLOC( output, output_size );
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    status = psa_hash_compute( alg, input->x, input->len,
+                               output, output_size, &output_length );
+    TEST_EQUAL( status, expected_status );
+    TEST_ASSERT( output_length <= output_size );
+
+exit:
+    mbedtls_free( output );
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_compare_fail( int alg_arg, data_t *input,
+                        data_t *reference_hash,
+                        int expected_status_arg )
+{
+    psa_algorithm_t alg = alg_arg;
+    psa_status_t expected_status = expected_status_arg;
+    psa_status_t status;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    status = psa_hash_compare( alg, input->x, input->len,
+                               reference_hash->x, reference_hash->len );
+    TEST_EQUAL( status, expected_status );
+
+exit:
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_compute_compare( int alg_arg, data_t *input,
+                           data_t *expected_output )
+{
+    psa_algorithm_t alg = alg_arg;
+    uint8_t output[PSA_HASH_MAX_SIZE + 1];
+    size_t output_length = INVALID_EXPORT_LENGTH;
+    size_t i;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    /* Compute with tight buffer */
+    PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
+                                  output, PSA_HASH_SIZE( alg ),
+                                  &output_length ) );
+    TEST_EQUAL( output_length, PSA_HASH_SIZE( alg ) );
+    ASSERT_COMPARE( output, output_length,
+                    expected_output->x, expected_output->len );
+
+    /* Compute with larger buffer */
+    PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
+                                  output, sizeof( output ),
+                                  &output_length ) );
+    TEST_EQUAL( output_length, PSA_HASH_SIZE( alg ) );
+    ASSERT_COMPARE( output, output_length,
+                    expected_output->x, expected_output->len );
+
+    /* Compare with correct hash */
+    PSA_ASSERT( psa_hash_compare( alg, input->x, input->len,
+                                  output, output_length ) );
+
+    /* Compare with trailing garbage */
+    TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
+                                  output, output_length + 1 ),
+                PSA_ERROR_INVALID_SIGNATURE );
+
+    /* Compare with truncated hash */
+    TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
+                                  output, output_length - 1 ),
+                PSA_ERROR_INVALID_SIGNATURE );
+
+    /* Compare with corrupted value */
+    for( i = 0; i < output_length; i++ )
+    {
+        test_set_step( i );
+        output[i] ^= 1;
+        TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
+                                      output, output_length ),
+                    PSA_ERROR_INVALID_SIGNATURE );
+        output[i] ^= 1;
+    }
+
+exit:
+    PSA_DONE( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void hash_bad_order( )
 {