From f8b9ebf2974d3891d3e0a04867d63e4f3c0af322 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Tue, 18 Jul 2023 13:46:10 +0100 Subject: [PATCH 01/33] Add example program for PSA hash This commit adds the example program for PSA hash as well as the relevant changes to CMakeLists.txt and the Makefile. Signed-off-by: Thomas Daubney --- programs/Makefile | 5 ++ programs/psa/CMakeLists.txt | 1 + programs/psa/psa_hash.c | 152 ++++++++++++++++++++++++++++++++++++ 3 files changed, 158 insertions(+) create mode 100644 programs/psa/psa_hash.c diff --git a/programs/Makefile b/programs/Makefile index 3509fc374..0bd1b924e 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -109,6 +109,7 @@ APPS = \ psa/hmac_demo \ psa/key_ladder_demo \ psa/psa_constant_names \ + psa/psa_hash \ random/gen_entropy \ random/gen_random_ctr_drbg \ ssl/dtls_client \ @@ -316,6 +317,10 @@ psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c psa/psa_constant_names_ echo " CC psa/psa_constant_names.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP) + echo " CC psa/psa_hash.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) echo " CC random/gen_entropy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 7ba4af63d..c8ee626d8 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -4,6 +4,7 @@ set(executables hmac_demo key_ladder_demo psa_constant_names + psa_hash ) if(GEN_FILES) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c new file mode 100644 index 000000000..45f61320e --- /dev/null +++ b/programs/psa/psa_hash.c @@ -0,0 +1,152 @@ +/* + * Example computing a SHA-256 hash using the PSA Crypto API + * + * The example computes the SHA-256 hash of a test string using the + * one-shot API call psa_hash_compute() and the using multi-part + * operation, which requires psa_hash_setup(), psa_hash_update() and + * psa_hash_finish(). The multi-part operation is popular on embedded + * devices where a rolling hash needs to be computed. + * + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "psa/crypto.h" +#include +#include +#include + +#include "mbedtls/build_info.h" + +#define TEST_SHA256_HASH { \ + 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ + 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ + 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ +} + +const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; + +const size_t mbedtls_test_sha256_hash_len = + sizeof( mbedtls_test_sha256_hash ); + +#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_SHA256_C) +int main( void ) +{ + printf( "MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + "not defined.\r\n" ); + return( EXIT_SUCCESS ); +} +#else + +int main( void ) +{ + uint8_t buf[] = "Hello World!"; + psa_status_t status; + uint8_t hash[PSA_HASH_MAX_SIZE]; + size_t hash_size; + psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; + + printf( "PSA Crypto API: SHA-256 example\n\n" ); + + status = psa_crypto_init( ); + if( status != PSA_SUCCESS ) + { + printf( "psa_crypto_init failed\n" ); + return( EXIT_FAILURE ); + } + + + /* Compute hash using multi-part operation */ + + status = psa_hash_setup( &sha256_psa, PSA_ALG_SHA_256 ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_setup failed\n" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_update( &sha256_psa, buf, sizeof( buf ) ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_update failed\n" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_clone( &sha256_psa, &cloned_sha256 ); + if( status != PSA_SUCCESS ) + { + printf( "PSA hash clone failed" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_finish( &sha256_psa, hash, sizeof( hash ), &hash_size ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_finish failed\n" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_verify( &cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_verify failed\n" ); + return( EXIT_FAILURE ); + } else + { + printf( "Multi-part hash operation successful!\n"); + } + + /* Compute hash using one-shot function call */ + memset( hash,0,sizeof( hash ) ); + hash_size = 0; + + status = psa_hash_compute( PSA_ALG_SHA_256, + buf, sizeof( buf ), + hash, sizeof( hash ), + &hash_size ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_compute failed\n" ); + return( EXIT_FAILURE ); + } + + for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) + { + if( hash[j] != mbedtls_test_sha256_hash[j] ) + { + printf( "One-shot hash operation failed!\n\n"); + return( EXIT_FAILURE ); + } + } + + printf( "One-shot hash operation successful!\n\n"); + + printf( "The SHA-256( '%s' ) is:\n", buf ); + + for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) + { + if( j % 8 == 0 ) printf( "\n " ); + printf( "%02x ", hash[j] ); + } + + printf( "\n" ); + + mbedtls_psa_crypto_free( ); + return( EXIT_SUCCESS ); +} +#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_SHA256_C */ From 209c9c94925195c26cee30acf6ceb9ea612bda07 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 Jul 2023 14:59:45 +0100 Subject: [PATCH 02/33] Bring code-style up-to-date This PR was originally created before the code style was changed. This commit updates the style. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 126 +++++++++++++++++++--------------------- 1 file changed, 59 insertions(+), 67 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 45f61320e..4be9c3839 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,26 +33,26 @@ #include "mbedtls/build_info.h" #define TEST_SHA256_HASH { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ + 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ + 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ + 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ } const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; const size_t mbedtls_test_sha256_hash_len = - sizeof( mbedtls_test_sha256_hash ); + sizeof(mbedtls_test_sha256_hash); #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_SHA256_C) -int main( void ) +int main(void) { - printf( "MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" - "not defined.\r\n" ); - return( EXIT_SUCCESS ); + printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + "not defined.\r\n"); + return EXIT_SUCCESS; } #else -int main( void ) +int main(void) { uint8_t buf[] = "Hello World!"; psa_status_t status; @@ -61,92 +61,84 @@ int main( void ) psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; - printf( "PSA Crypto API: SHA-256 example\n\n" ); + printf("PSA Crypto API: SHA-256 example\n\n"); - status = psa_crypto_init( ); - if( status != PSA_SUCCESS ) - { - printf( "psa_crypto_init failed\n" ); - return( EXIT_FAILURE ); + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; } /* Compute hash using multi-part operation */ - status = psa_hash_setup( &sha256_psa, PSA_ALG_SHA_256 ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_setup failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_setup(&sha256_psa, PSA_ALG_SHA_256); + if (status != PSA_SUCCESS) { + printf("psa_hash_setup failed\n"); + return EXIT_FAILURE; } - status = psa_hash_update( &sha256_psa, buf, sizeof( buf ) ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_update failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_update(&sha256_psa, buf, sizeof(buf)); + if (status != PSA_SUCCESS) { + printf("psa_hash_update failed\n"); + return EXIT_FAILURE; } - status = psa_hash_clone( &sha256_psa, &cloned_sha256 ); - if( status != PSA_SUCCESS ) - { - printf( "PSA hash clone failed" ); - return( EXIT_FAILURE ); + status = psa_hash_clone(&sha256_psa, &cloned_sha256); + if (status != PSA_SUCCESS) { + printf("PSA hash clone failed"); + return EXIT_FAILURE; } - status = psa_hash_finish( &sha256_psa, hash, sizeof( hash ), &hash_size ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_finish failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_finish(&sha256_psa, hash, sizeof(hash), &hash_size); + if (status != PSA_SUCCESS) { + printf("psa_hash_finish failed\n"); + return EXIT_FAILURE; } - status = psa_hash_verify( &cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_verify failed\n" ); - return( EXIT_FAILURE ); - } else - { - printf( "Multi-part hash operation successful!\n"); + status = + psa_hash_verify(&cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len); + if (status != PSA_SUCCESS) { + printf("psa_hash_verify failed\n"); + return EXIT_FAILURE; + } else { + printf("Multi-part hash operation successful!\n"); } /* Compute hash using one-shot function call */ - memset( hash,0,sizeof( hash ) ); + memset(hash, 0, sizeof(hash)); hash_size = 0; - status = psa_hash_compute( PSA_ALG_SHA_256, - buf, sizeof( buf ), - hash, sizeof( hash ), - &hash_size ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_compute failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_compute(PSA_ALG_SHA_256, + buf, sizeof(buf), + hash, sizeof(hash), + &hash_size); + if (status != PSA_SUCCESS) { + printf("psa_hash_compute failed\n"); + return EXIT_FAILURE; } - for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) - { - if( hash[j] != mbedtls_test_sha256_hash[j] ) - { - printf( "One-shot hash operation failed!\n\n"); - return( EXIT_FAILURE ); + for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { + if (hash[j] != mbedtls_test_sha256_hash[j]) { + printf("One-shot hash operation failed!\n\n"); + return EXIT_FAILURE; } } - printf( "One-shot hash operation successful!\n\n"); + printf("One-shot hash operation successful!\n\n"); - printf( "The SHA-256( '%s' ) is:\n", buf ); + printf("The SHA-256( '%s' ) is:\n", buf); - for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) - { - if( j % 8 == 0 ) printf( "\n " ); - printf( "%02x ", hash[j] ); + for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { + if (j % 8 == 0) { + printf("\n "); + } + printf("%02x ", hash[j]); } - printf( "\n" ); + printf("\n"); - mbedtls_psa_crypto_free( ); - return( EXIT_SUCCESS ); + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; } #endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_SHA256_C */ From 8907815866bf853a1e4792a84767f9e31ed8b1c8 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 Jul 2023 18:29:46 +0100 Subject: [PATCH 03/33] Added ChangeLog entry Signed-off-by: Thomas Daubney --- ChangeLog.d/add-psa-example-program-hash.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-psa-example-program-hash.txt diff --git a/ChangeLog.d/add-psa-example-program-hash.txt b/ChangeLog.d/add-psa-example-program-hash.txt new file mode 100644 index 000000000..ba4da20d3 --- /dev/null +++ b/ChangeLog.d/add-psa-example-program-hash.txt @@ -0,0 +1,2 @@ +Features + * Added an example program showing how to hash with the PSA API. From f7348ae1fc298ed4b1e3e3aceb95cb3f60b56885 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 Jul 2023 12:18:40 +0100 Subject: [PATCH 04/33] Improve program from first round review comments Following an initial review: - Swap printf for mbedtls_printf - Remove MBEDTLS_xxx dependencies - Demonstrate correct buffer sizing Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 4be9c3839..07d0b4fa9 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -31,6 +31,7 @@ #include #include "mbedtls/build_info.h" +#include "mbedtls/platform.h" #define TEST_SHA256_HASH { \ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ @@ -43,10 +44,10 @@ const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; const size_t mbedtls_test_sha256_hash_len = sizeof(mbedtls_test_sha256_hash); -#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { - printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" "not defined.\r\n"); return EXIT_SUCCESS; } @@ -56,16 +57,16 @@ int main(void) { uint8_t buf[] = "Hello World!"; psa_status_t status; - uint8_t hash[PSA_HASH_MAX_SIZE]; + uint8_t hash[PSA_HASH_LENGTH(PSA_ALG_SHA_256)]; size_t hash_size; psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; - printf("PSA Crypto API: SHA-256 example\n\n"); + mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); status = psa_crypto_init(); if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); + mbedtls_printf("psa_crypto_init failed\n"); return EXIT_FAILURE; } @@ -74,35 +75,35 @@ int main(void) status = psa_hash_setup(&sha256_psa, PSA_ALG_SHA_256); if (status != PSA_SUCCESS) { - printf("psa_hash_setup failed\n"); + mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; } status = psa_hash_update(&sha256_psa, buf, sizeof(buf)); if (status != PSA_SUCCESS) { - printf("psa_hash_update failed\n"); + mbedtls_printf("psa_hash_update failed\n"); return EXIT_FAILURE; } status = psa_hash_clone(&sha256_psa, &cloned_sha256); if (status != PSA_SUCCESS) { - printf("PSA hash clone failed"); + mbedtls_printf("PSA hash clone failed"); return EXIT_FAILURE; } status = psa_hash_finish(&sha256_psa, hash, sizeof(hash), &hash_size); if (status != PSA_SUCCESS) { - printf("psa_hash_finish failed\n"); + mbedtls_printf("psa_hash_finish failed\n"); return EXIT_FAILURE; } status = psa_hash_verify(&cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len); if (status != PSA_SUCCESS) { - printf("psa_hash_verify failed\n"); + mbedtls_printf("psa_hash_verify failed\n"); return EXIT_FAILURE; } else { - printf("Multi-part hash operation successful!\n"); + mbedtls_printf("Multi-part hash operation successful!\n"); } /* Compute hash using one-shot function call */ @@ -114,29 +115,29 @@ int main(void) hash, sizeof(hash), &hash_size); if (status != PSA_SUCCESS) { - printf("psa_hash_compute failed\n"); + mbedtls_printf("psa_hash_compute failed\n"); return EXIT_FAILURE; } for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { if (hash[j] != mbedtls_test_sha256_hash[j]) { - printf("One-shot hash operation failed!\n\n"); + mbedtls_printf("One-shot hash operation failed!\n\n"); return EXIT_FAILURE; } } - printf("One-shot hash operation successful!\n\n"); + mbedtls_printf("One-shot hash operation successful!\n\n"); - printf("The SHA-256( '%s' ) is:\n", buf); + mbedtls_printf("The SHA-256( '%s' ) is:\n", buf); for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { if (j % 8 == 0) { - printf("\n "); + mbedtls_printf("\n "); } - printf("%02x ", hash[j]); + mbedtls_printf("%02x ", hash[j]); } - printf("\n"); + mbedtls_printf("\n"); mbedtls_psa_crypto_free(); return EXIT_SUCCESS; From 1db78fa32a2e716cfc670f826e7a47d5cd71d4ad Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 Jul 2023 16:49:14 +0100 Subject: [PATCH 05/33] Demonstrate algorithm agility Define HALH_ALG to the desired PSA algorithm to demostrate the ease of swapping algorithms with the PSA API. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 07d0b4fa9..adf547d0b 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,6 +33,8 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" +#define HASH_ALG PSA_ALG_SHA_256 + #define TEST_SHA256_HASH { \ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ @@ -57,7 +59,7 @@ int main(void) { uint8_t buf[] = "Hello World!"; psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(PSA_ALG_SHA_256)]; + uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_size; psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; @@ -73,7 +75,7 @@ int main(void) /* Compute hash using multi-part operation */ - status = psa_hash_setup(&sha256_psa, PSA_ALG_SHA_256); + status = psa_hash_setup(&sha256_psa, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; @@ -110,7 +112,7 @@ int main(void) memset(hash, 0, sizeof(hash)); hash_size = 0; - status = psa_hash_compute(PSA_ALG_SHA_256, + status = psa_hash_compute(HASH_ALG, buf, sizeof(buf), hash, sizeof(hash), &hash_size); From 9520df7580c570c00d6492e706aff234ed98acfa Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jul 2023 10:56:54 +0100 Subject: [PATCH 06/33] Fix code style Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index adf547d0b..6cb0cb834 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -50,7 +50,7 @@ const size_t mbedtls_test_sha256_hash_len = int main(void) { mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" - "not defined.\r\n"); + "not defined.\r\n"); return EXIT_SUCCESS; } #else From 1fd916a1a3e63d69084a0cfd9dabd00819b116b4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jul 2023 16:10:48 +0100 Subject: [PATCH 07/33] Address review comments - make operation name more generic - make use of psa_hash_abort Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 6cb0cb834..47ba2dcf5 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -61,48 +61,60 @@ int main(void) psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_size; - psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t psa_hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_psa_hash_operation = PSA_HASH_OPERATION_INIT; mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_printf("psa_crypto_init failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - /* Compute hash using multi-part operation */ - status = psa_hash_setup(&sha256_psa, HASH_ALG); + status = psa_hash_setup(&psa_hash_operation, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - status = psa_hash_update(&sha256_psa, buf, sizeof(buf)); + status = psa_hash_update(&psa_hash_operation, buf, sizeof(buf)); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - status = psa_hash_clone(&sha256_psa, &cloned_sha256); + status = psa_hash_clone(&psa_hash_operation, &cloned_psa_hash_operation); if (status != PSA_SUCCESS) { mbedtls_printf("PSA hash clone failed"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - status = psa_hash_finish(&sha256_psa, hash, sizeof(hash), &hash_size); + status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_size); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } status = - psa_hash_verify(&cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len); + psa_hash_verify(&cloned_psa_hash_operation, mbedtls_test_sha256_hash, + mbedtls_test_sha256_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } else { mbedtls_printf("Multi-part hash operation successful!\n"); @@ -118,12 +130,16 @@ int main(void) &hash_size); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { if (hash[j] != mbedtls_test_sha256_hash[j]) { mbedtls_printf("One-shot hash operation failed!\n\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } } From 2c872340e859622dc50e99d1d8e98504bc6a04c3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:21:38 +0100 Subject: [PATCH 08/33] Fix erroneous macro guards Replace MBEDTLS_SHA256_C for PSA_WANT_ALG_SHA_256 everywhere, including comments and print statements. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 47ba2dcf5..9cd5a3e00 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -49,7 +49,7 @@ const size_t mbedtls_test_sha256_hash_len = #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { - mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" "not defined.\r\n"); return EXIT_SUCCESS; } @@ -160,4 +160,4 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ From 6fc4ca2d858162d2da5fb58404fb8183f00a3ca6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:31:06 +0100 Subject: [PATCH 09/33] Replace hash_size with hash_length This is to make the variable naming covnention align with the PSA API documentation. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 9cd5a3e00..5c565db2e 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -60,7 +60,7 @@ int main(void) uint8_t buf[] = "Hello World!"; psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_size; + size_t hash_length; psa_hash_operation_t psa_hash_operation = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_psa_hash_operation = PSA_HASH_OPERATION_INIT; @@ -100,7 +100,7 @@ int main(void) return EXIT_FAILURE; } - status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_size); + status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); psa_hash_abort(&psa_hash_operation); @@ -122,12 +122,12 @@ int main(void) /* Compute hash using one-shot function call */ memset(hash, 0, sizeof(hash)); - hash_size = 0; + hash_length = 0; status = psa_hash_compute(HASH_ALG, buf, sizeof(buf), hash, sizeof(hash), - &hash_size); + &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); psa_hash_abort(&psa_hash_operation); From a79f8062257ade6b48a5a450682376b26e2016da Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:33:20 +0100 Subject: [PATCH 10/33] Remove superfluous calls to psa_hash_abort Calls were not required since psa_hash_setup was yet to be called. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 5c565db2e..59375c27e 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -69,8 +69,6 @@ int main(void) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_printf("psa_crypto_init failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } From c050037c08f588d5f87440ba7feb6f8305c51ef9 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:44:25 +0100 Subject: [PATCH 11/33] Remove mbedtls_ and psa_ prefix from var names Remove the mbedtls and psa prefixes from variable names in order to make clearer what is part of the API and what is just part of the demo program. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 58 ++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 59375c27e..abfc19174 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -41,10 +41,10 @@ 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ } -const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; +const uint8_t test_sha256_hash[] = TEST_SHA256_HASH; -const size_t mbedtls_test_sha256_hash_len = - sizeof(mbedtls_test_sha256_hash); +const size_t test_sha256_hash_len = + sizeof(test_sha256_hash); #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) @@ -61,8 +61,8 @@ int main(void) psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_length; - psa_hash_operation_t psa_hash_operation = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_psa_hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT; mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); @@ -74,45 +74,45 @@ int main(void) /* Compute hash using multi-part operation */ - status = psa_hash_setup(&psa_hash_operation, HASH_ALG); + status = psa_hash_setup(&hash_operation, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - status = psa_hash_update(&psa_hash_operation, buf, sizeof(buf)); + status = psa_hash_update(&hash_operation, buf, sizeof(buf)); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - status = psa_hash_clone(&psa_hash_operation, &cloned_psa_hash_operation); + status = psa_hash_clone(&hash_operation, &cloned_hash_operation); if (status != PSA_SUCCESS) { mbedtls_printf("PSA hash clone failed"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_length); + status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } status = - psa_hash_verify(&cloned_psa_hash_operation, mbedtls_test_sha256_hash, - mbedtls_test_sha256_hash_len); + psa_hash_verify(&cloned_hash_operation, test_sha256_hash, + test_sha256_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } else { mbedtls_printf("Multi-part hash operation successful!\n"); @@ -128,16 +128,16 @@ int main(void) &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { - if (hash[j] != mbedtls_test_sha256_hash[j]) { + for (size_t j = 0; j < test_sha256_hash_len; j++) { + if (hash[j] != test_sha256_hash[j]) { mbedtls_printf("One-shot hash operation failed!\n\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } } @@ -146,7 +146,7 @@ int main(void) mbedtls_printf("The SHA-256( '%s' ) is:\n", buf); - for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { + for (size_t j = 0; j < test_sha256_hash_len; j++) { if (j % 8 == 0) { mbedtls_printf("\n "); } @@ -158,4 +158,4 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file From 3071c85835c742e201ac6bd42770fa7d28a8b8f1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:47:47 +0100 Subject: [PATCH 12/33] Clarify comments Clarify comments when moving into one-shot part of demo. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index abfc19174..f7b2f9197 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -118,10 +118,11 @@ int main(void) mbedtls_printf("Multi-part hash operation successful!\n"); } - /* Compute hash using one-shot function call */ + /* Clear local variables prior to one-shot hash demo */ memset(hash, 0, sizeof(hash)); hash_length = 0; + /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, buf, sizeof(buf), hash, sizeof(hash), From c07fa29b58b8ae6a3d1fc79cc14b04649c5c07a0 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:58:55 +0100 Subject: [PATCH 13/33] Change wording in error message Change wording from "failed" since this implied the function had returned an error status instead of producing the wrong result. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index f7b2f9197..95fb61ce8 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -136,7 +136,7 @@ int main(void) for (size_t j = 0; j < test_sha256_hash_len; j++) { if (hash[j] != test_sha256_hash[j]) { - mbedtls_printf("One-shot hash operation failed!\n\n"); + mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; From 9730cb12748eb0dbc4b0b5b586e2c525accade8e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:07:19 +0100 Subject: [PATCH 14/33] Change hash output formatting Change the formatting of the hash output to remove line breaks and spaces. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 95fb61ce8..f09b48c06 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -145,13 +145,10 @@ int main(void) mbedtls_printf("One-shot hash operation successful!\n\n"); - mbedtls_printf("The SHA-256( '%s' ) is:\n", buf); + mbedtls_printf("The SHA-256( '%s' ) is: ", buf); for (size_t j = 0; j < test_sha256_hash_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", hash[j]); + mbedtls_printf("%02x", hash[j]); } mbedtls_printf("\n"); From a2b7519d63871270f2fb656b34be298fe3335164 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:21:46 +0100 Subject: [PATCH 15/33] Use memcmp instead of reinventing it Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index f09b48c06..a2e2731a9 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -134,13 +134,12 @@ int main(void) return EXIT_FAILURE; } - for (size_t j = 0; j < test_sha256_hash_len; j++) { - if (hash[j] != test_sha256_hash[j]) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; - } + if (memcmp(hash, test_sha256_hash, test_sha256_hash_len) != 0) + { + mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; } mbedtls_printf("One-shot hash operation successful!\n\n"); From 1f98736e71c87164a649f715d0349bf162551f3c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:23:06 +0100 Subject: [PATCH 16/33] Add clarifying comment to new program section Mark the beginning of the section that prints the result with a comment. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index a2e2731a9..81110f0b7 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -144,6 +144,7 @@ int main(void) mbedtls_printf("One-shot hash operation successful!\n\n"); + /* Print out result */ mbedtls_printf("The SHA-256( '%s' ) is: ", buf); for (size_t j = 0; j < test_sha256_hash_len; j++) { From 606110fc19602e4ea6ce02ca1e3d309bb97b7623 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:57:10 +0100 Subject: [PATCH 17/33] Restructure start of program Restructure the start of the program to make it clear to a user exactly what this program is for. Add a comment for additional clarity. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 81110f0b7..2afe34de6 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,18 +33,24 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" +/* The algorithm used by this demo is SHA 256. + * Please see include/psa/crypto_values.h to see the other + * algorithms that are supported. If you switch to a different + * algorithm you will need to update the hash data in the + * SAMPLE_HASH_DATA macro below.*/ + #define HASH_ALG PSA_ALG_SHA_256 -#define TEST_SHA256_HASH { \ +#define SAMPLE_HASH_DATA { \ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ } -const uint8_t test_sha256_hash[] = TEST_SHA256_HASH; +const uint8_t sample_message[] = "Hello World!"; -const size_t test_sha256_hash_len = - sizeof(test_sha256_hash); +const uint8_t sample_hash[] = SAMPLE_HASH_DATA; +const size_t sample_hash_len = sizeof(sample_hash); #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) @@ -57,7 +63,6 @@ int main(void) int main(void) { - uint8_t buf[] = "Hello World!"; psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_length; @@ -82,7 +87,7 @@ int main(void) return EXIT_FAILURE; } - status = psa_hash_update(&hash_operation, buf, sizeof(buf)); + status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message)); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); psa_hash_abort(&hash_operation); @@ -107,8 +112,8 @@ int main(void) } status = - psa_hash_verify(&cloned_hash_operation, test_sha256_hash, - test_sha256_hash_len); + psa_hash_verify(&cloned_hash_operation, sample_hash, + sample_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); psa_hash_abort(&hash_operation); @@ -124,7 +129,7 @@ int main(void) /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, - buf, sizeof(buf), + sample_message, sizeof(sample_message), hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { @@ -134,7 +139,7 @@ int main(void) return EXIT_FAILURE; } - if (memcmp(hash, test_sha256_hash, test_sha256_hash_len) != 0) + if (memcmp(hash, sample_hash, sample_hash_len) != 0) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); @@ -145,9 +150,9 @@ int main(void) mbedtls_printf("One-shot hash operation successful!\n\n"); /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", buf); + mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - for (size_t j = 0; j < test_sha256_hash_len; j++) { + for (size_t j = 0; j < sample_hash_len; j++) { mbedtls_printf("%02x", hash[j]); } From ce14124f7c47b3955e43a34408cc7826763e5b4e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 16:14:20 +0100 Subject: [PATCH 18/33] Check result of multipart operation Check that the multi-part operation has produced the correct result. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 2afe34de6..ae4e9a5d2 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -111,6 +111,15 @@ int main(void) return EXIT_FAILURE; } + /* Check the result of the operation against the sample */ + if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) + { + mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; + } + status = psa_hash_verify(&cloned_hash_operation, sample_hash, sample_hash_len); From fbe742b2d0ffe63ea3443b198e96b685bf388ba5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 16:17:38 +0100 Subject: [PATCH 19/33] Add extra check to one-shot operation results Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index ae4e9a5d2..f73e1f3ab 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -148,7 +148,7 @@ int main(void) return EXIT_FAILURE; } - if (memcmp(hash, sample_hash, sample_hash_len) != 0) + if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); From c918c32cc00cf2456cb552d8a40c4be927409c17 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 17:15:03 +0100 Subject: [PATCH 20/33] Stop hashing the null byte Change the hash data to not include the null byte used to terminate the string. Pass sizeof() - 1 to the hash operation API functions so that the null byte can be ignored. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index f73e1f3ab..b5b566c18 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -41,10 +41,10 @@ #define HASH_ALG PSA_ALG_SHA_256 -#define SAMPLE_HASH_DATA { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ +#define SAMPLE_HASH_DATA { \ + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ } const uint8_t sample_message[] = "Hello World!"; @@ -87,7 +87,9 @@ int main(void) return EXIT_FAILURE; } - status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message)); + /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to + * include the null byte in the hash computation */ + status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); psa_hash_abort(&hash_operation); @@ -138,7 +140,7 @@ int main(void) /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, - sample_message, sizeof(sample_message), + sample_message, sizeof(sample_message) - 1, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { From 1ba9744afbddaf1e0016528133485498c70350db Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 17:25:16 +0100 Subject: [PATCH 21/33] Correct code style Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index b5b566c18..9396fb6a9 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -87,7 +87,7 @@ int main(void) return EXIT_FAILURE; } - /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to + /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to * include the null byte in the hash computation */ status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); if (status != PSA_SUCCESS) { @@ -114,8 +114,7 @@ int main(void) } /* Check the result of the operation against the sample */ - if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) - { + if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); psa_hash_abort(&cloned_hash_operation); @@ -150,8 +149,7 @@ int main(void) return EXIT_FAILURE; } - if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) - { + if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); psa_hash_abort(&cloned_hash_operation); @@ -172,4 +170,4 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ From 21fbe4c90e72b7b349e2b6374bb14f477c9e8a63 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 3 Aug 2023 15:39:42 +0100 Subject: [PATCH 22/33] Remove further superfluous call to psa_hash_abort Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 9396fb6a9..1353fb98c 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -82,8 +82,6 @@ int main(void) status = psa_hash_setup(&hash_operation, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } From 5c2dcbd250e91f5c75c14590dfc40c8c8d75f6c7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 3 Aug 2023 16:03:30 +0100 Subject: [PATCH 23/33] Implement cleanup label Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 1353fb98c..ca9a8b32a 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -90,33 +90,25 @@ int main(void) status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } status = psa_hash_clone(&hash_operation, &cloned_hash_operation); if (status != PSA_SUCCESS) { mbedtls_printf("PSA hash clone failed"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } /* Check the result of the operation against the sample */ if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } status = @@ -124,9 +116,7 @@ int main(void) sample_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } else { mbedtls_printf("Multi-part hash operation successful!\n"); } @@ -142,16 +132,12 @@ int main(void) &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } mbedtls_printf("One-shot hash operation successful!\n\n"); @@ -167,5 +153,10 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; + +cleanup: + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file From 102033c38d9cc8300db72285754d173c10a7ed0a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 3 Aug 2023 16:20:09 +0100 Subject: [PATCH 24/33] Add new line at end of file to satisfy code style Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index ca9a8b32a..86a59f147 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -159,4 +159,4 @@ cleanup: psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ From a68ef953948b504bb192138c77c3fcc639426edb Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 7 Aug 2023 11:09:51 +0100 Subject: [PATCH 25/33] Check length before calling memcmp Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 86a59f147..dc698a162 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -106,7 +106,7 @@ int main(void) } /* Check the result of the operation against the sample */ - if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) { + if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); goto cleanup; } @@ -135,7 +135,7 @@ int main(void) goto cleanup; } - if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { + if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); goto cleanup; } From 86f9795b0058c1c81063cbe05a7b6c07e52de6b6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 10 Oct 2023 16:50:49 +0100 Subject: [PATCH 26/33] Update documentation Add further information about PSA hashing to the comment at the beginning of the code. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index dc698a162..b3f3597f0 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,11 +33,15 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -/* The algorithm used by this demo is SHA 256. +/* Information about hashing with the PSA API can be + * found here: + * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html + * + * The algorithm used by this demo is SHA 256. * Please see include/psa/crypto_values.h to see the other - * algorithms that are supported. If you switch to a different - * algorithm you will need to update the hash data in the - * SAMPLE_HASH_DATA macro below.*/ + * algorithms that are supported by Mbed TLS. + * If you switch to a different algorithm you will need to update + * the hash data in the SAMPLE_HASH_DATA macro below. */ #define HASH_ALG PSA_ALG_SHA_256 From 760538885a0c6d07f67c98b11e8a15b8d5f8bfc5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 10 Oct 2023 17:38:53 +0100 Subject: [PATCH 27/33] Inform user when unknown hash algorithm supplied Excplictly inform the user that their hash algorithm selection is invalid. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index b3f3597f0..fc39849cc 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -84,7 +84,11 @@ int main(void) /* Compute hash using multi-part operation */ status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status != PSA_SUCCESS) { + if (status == PSA_ERROR_NOT_SUPPORTED){ + mbedtls_printf("unknown hash algorithm supplied\n"); + return EXIT_FAILURE; + } + else if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; } From 34500874cee2fa1bea3109d71e7dcad764131dfb Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 10:04:54 +0100 Subject: [PATCH 28/33] Remove trailing white space in documentation Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index fc39849cc..a3923628f 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -36,7 +36,7 @@ /* Information about hashing with the PSA API can be * found here: * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html - * + * * The algorithm used by this demo is SHA 256. * Please see include/psa/crypto_values.h to see the other * algorithms that are supported by Mbed TLS. From 1c2378b8b1a64c19d356d255c1238af9a0367750 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 15:19:38 +0100 Subject: [PATCH 29/33] Add variable for message length Add variable to store message length to increase clarity in what the program is doing. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index a3923628f..9b02255cc 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -51,11 +51,15 @@ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ } -const uint8_t sample_message[] = "Hello World!"; - const uint8_t sample_hash[] = SAMPLE_HASH_DATA; const size_t sample_hash_len = sizeof(sample_hash); +const uint8_t sample_message[] = "Hello World!"; +/* sample_message is terminated with a null byte which is not part of + * the message itself so we make sure to subtract it in order to get + * the message length. */ +const size_t sample_message_length = sizeof(sample_message) - 1; + #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { @@ -95,7 +99,7 @@ int main(void) /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to * include the null byte in the hash computation */ - status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); + status = psa_hash_update(&hash_operation, sample_message, sample_message_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); goto cleanup; @@ -135,7 +139,7 @@ int main(void) /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, - sample_message, sizeof(sample_message) - 1, + sample_message, sample_message_length, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { From cd79f77439fc621f09ae1996770c191a2e724fd8 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 15:28:13 +0100 Subject: [PATCH 30/33] Add missing newline Newline character was missing from end of print statement. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 9b02255cc..c75972249 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -107,7 +107,7 @@ int main(void) status = psa_hash_clone(&hash_operation, &cloned_hash_operation); if (status != PSA_SUCCESS) { - mbedtls_printf("PSA hash clone failed"); + mbedtls_printf("PSA hash clone failed\n"); goto cleanup; } From d8453bb1848e8f7575d1447ea342cd5ec817c13c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 15:29:02 +0100 Subject: [PATCH 31/33] Remove superfluous comment Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index c75972249..18fefeddc 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -97,8 +97,6 @@ int main(void) return EXIT_FAILURE; } - /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to - * include the null byte in the hash computation */ status = psa_hash_update(&hash_operation, sample_message, sample_message_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); From a21c97294109b75f2913fffc149541901652135b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 17:17:32 +0100 Subject: [PATCH 32/33] Remove extra blank line Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 18fefeddc..dd3bf7476 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -24,7 +24,6 @@ * limitations under the License. */ - #include "psa/crypto.h" #include #include From 2e67781e932b9e14d98b585b0038eaee5eb1a5b3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 12 Oct 2023 10:46:43 +0100 Subject: [PATCH 33/33] Alter program layout for better clarity Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 56 ++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index dd3bf7476..d3a6bf857 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -40,24 +40,7 @@ * Please see include/psa/crypto_values.h to see the other * algorithms that are supported by Mbed TLS. * If you switch to a different algorithm you will need to update - * the hash data in the SAMPLE_HASH_DATA macro below. */ - -#define HASH_ALG PSA_ALG_SHA_256 - -#define SAMPLE_HASH_DATA { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -const uint8_t sample_hash[] = SAMPLE_HASH_DATA; -const size_t sample_hash_len = sizeof(sample_hash); - -const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -const size_t sample_message_length = sizeof(sample_message) - 1; + * the hash data in the EXAMPLE_HASH_VALUE macro below. */ #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) @@ -68,6 +51,23 @@ int main(void) } #else +#define HASH_ALG PSA_ALG_SHA_256 + +const uint8_t sample_message[] = "Hello World!"; +/* sample_message is terminated with a null byte which is not part of + * the message itself so we make sure to subtract it in order to get + * the message length. */ +const size_t sample_message_length = sizeof(sample_message) - 1; + +#define EXPECTED_HASH_VALUE { \ + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ +} + +const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; +const size_t expected_hash_len = sizeof(expected_hash); + int main(void) { psa_status_t status; @@ -85,13 +85,11 @@ int main(void) } /* Compute hash using multi-part operation */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED){ + if (status == PSA_ERROR_NOT_SUPPORTED) { mbedtls_printf("unknown hash algorithm supplied\n"); return EXIT_FAILURE; - } - else if (status != PSA_SUCCESS) { + } else if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; } @@ -115,14 +113,15 @@ int main(void) } /* Check the result of the operation against the sample */ - if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); goto cleanup; } status = - psa_hash_verify(&cloned_hash_operation, sample_hash, - sample_hash_len); + psa_hash_verify(&cloned_hash_operation, expected_hash, + expected_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); goto cleanup; @@ -144,7 +143,8 @@ int main(void) goto cleanup; } - if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); goto cleanup; } @@ -154,7 +154,7 @@ int main(void) /* Print out result */ mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - for (size_t j = 0; j < sample_hash_len; j++) { + for (size_t j = 0; j < expected_hash_len; j++) { mbedtls_printf("%02x", hash[j]); } @@ -168,4 +168,4 @@ cleanup: psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ +#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */