Hello,
Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384.
What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants.
It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases.
Best regards,
Hi Gilles,
Thanks a lot for the details. So does it mean that the code size and memory footprint won't be different after SHA-224 config is separated?
Best regards, Hu Ziji
From: Gilles Peskine Gilles.Peskine@arm.com Sent: Monday, July 19, 2021 9:09 PM To: David Hu David.Hu@arm.com; mbed-tls@lists.trustedfirmware.org Cc: Summer Qin Summer.Qin@arm.com Subject: Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?
Hello,
Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384.
What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants.
It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases.
Best regards,
-- Gilles Peskine Mbed TLS developer On 19/07/2021 14:50, David Hu via mbed-tls wrote: Hi,
It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below:
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" #endif
May I know why SHA224 must be enabled with SHA256? Could you please point me to any reference/document?
Best regards, Hu Ziji
In 3.0, with the just the configuration options separated, there is no difference in code size.
In 3.x, when proper #ifdefs have been introduced for SHA-224, you'll be able to save a little code size by disabling SHA-224.
Best regards,
Thanks Gilles.
Best regards, Hu Ziji
From: Gilles Peskine Gilles.Peskine@arm.com Sent: Wednesday, July 21, 2021 4:06 AM To: David Hu David.Hu@arm.com; mbed-tls@lists.trustedfirmware.org Cc: Summer Qin Summer.Qin@arm.com; nd nd@arm.com Subject: Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?
In 3.0, with the just the configuration options separated, there is no difference in code size.
In 3.x, when proper #ifdefs have been introduced for SHA-224, you'll be able to save a little code size by disabling SHA-224.
Best regards,
-- Gilles Peskine Mbed TLS developer On 20/07/2021 15:46, David Hu wrote: Hi Gilles,
Thanks a lot for the details. So does it mean that the code size and memory footprint won�t be different after SHA-224 config is separated?
Best regards, Hu Ziji
From: Gilles Peskine Gilles.Peskine@arm.commailto:Gilles.Peskine@arm.com Sent: Monday, July 19, 2021 9:09 PM To: David Hu David.Hu@arm.commailto:David.Hu@arm.com; mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org Cc: Summer Qin Summer.Qin@arm.commailto:Summer.Qin@arm.com Subject: Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?
Hello,
Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384.
What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants.
It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases.
Best regards,
-- Gilles Peskine Mbed TLS developer On 19/07/2021 14:50, David Hu via mbed-tls wrote: Hi,
It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below:
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" #endif
May I know why SHA224 must be enabled with SHA256? Could you please point me to any reference/document?
Best regards, Hu Ziji
mbed-tls@lists.trustedfirmware.org
-
David Hu -
Gilles Peskine