void HmacFinal(Hmac* hmac, byte* hash)
{
if (!hmac->innerHashKeyed)
HmacKeyInnerHash(hmac);
if (hmac->macType == MD5) {
Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
Md5Update(&hmac->hash.md5, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
Md5Final(&hmac->hash.md5, hash);
}
else if (hmac->macType ==SHA) {
ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
ShaFinal(&hmac->hash.sha, hash);
}
#ifndef NO_SHA256
else if (hmac->macType ==SHA256) {
Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
SHA256_DIGEST_SIZE);
Sha256Final(&hmac->hash.sha256, hash);
}
#endif
hmac->innerHashKeyed = 0;
}
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
{
CYASSL* ssl = (CYASSL*)ctx;
int sd = ssl->wfd;
struct sockaddr_storage peer;
socklen_t peerSz = sizeof(peer);
byte cookieSrc[sizeof(struct in6_addr) + sizeof(int)];
int cookieSrcSz = 0;
Sha sha;
getpeername(sd, (struct sockaddr*)&peer, &peerSz);
if (peer.ss_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in*)&peer;
cookieSrcSz = sizeof(struct in_addr) + sizeof(s->sin_port);
XMEMCPY(cookieSrc, &s->sin_port, sizeof(s->sin_port));
XMEMCPY(cookieSrc + sizeof(s->sin_port),
&s->sin_addr, sizeof(struct in_addr));
}
else if (peer.ss_family == AF_INET6) {
struct sockaddr_in6 *s = (struct sockaddr_in6*)&peer;
cookieSrcSz = sizeof(struct in6_addr) + sizeof(s->sin6_port);
XMEMCPY(cookieSrc, &s->sin6_port, sizeof(s->sin6_port));
XMEMCPY(cookieSrc + sizeof(s->sin6_port),
&s->sin6_addr, sizeof(struct in6_addr));
}
InitSha(&sha);
ShaUpdate(&sha, cookieSrc, cookieSrcSz);
ShaFinal(&sha, buf);
return SHA_DIGEST_SIZE;
}
/* check mcapi sha against internal */
static int check_sha(void)
{
CRYPT_SHA_CTX mcSha;
Sha defSha;
int ret = 0;
byte mcDigest[CRYPT_SHA_DIGEST_SIZE];
byte defDigest[SHA_DIGEST_SIZE];
CRYPT_SHA_Initialize(&mcSha);
ret = InitSha(&defSha);
if (ret != 0) {
printf("sha init default failed\n");
return -1;
}
CRYPT_SHA_DataAdd(&mcSha, ourData, OUR_DATA_SIZE);
ShaUpdate(&defSha, ourData, OUR_DATA_SIZE);
CRYPT_SHA_Finalize(&mcSha, mcDigest);
ShaFinal(&defSha, defDigest);
if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) {
printf("sha final memcmp failed\n");
return -1;
}
printf("sha mcapi test passed\n");
return 0;
}
int ShaHash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef CYASSL_SMALL_STACK
Sha* sha;
#else
Sha sha[1];
#endif
#ifdef CYASSL_SMALL_STACK
sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha == NULL)
return MEMORY_E;
#endif
if ((ret = InitSha(sha)) != 0) {
CYASSL_MSG("InitSha failed");
}
else {
ShaUpdate(sha, data, len);
ShaFinal(sha, hash);
}
#ifdef CYASSL_SMALL_STACK
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
void bench_sha(void)
{
Sha hash;
byte digest[SHA_DIGEST_SIZE];
double start, total, persec;
int i, ret;
ret = InitSha(&hash);
if (ret != 0) {
printf("InitSha failed, ret = %d\n", ret);
return;
}
start = current_time(1);
for(i = 0; i < numBlocks; i++)
ShaUpdate(&hash, plain, sizeof(plain));
ShaFinal(&hash, digest);
total = current_time(0) - start;
persec = 1 / total * numBlocks;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
#endif
printf("SHA %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec);
}
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx)
{
int sd = ssl->wfd;
struct sockaddr_storage peer;
XSOCKLENT peerSz = sizeof(peer);
Sha sha;
byte digest[SHA_DIGEST_SIZE];
int ret = 0;
(void)ctx;
XMEMSET(&peer, 0, sizeof(peer));
if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
CYASSL_MSG("getpeername failed in EmbedGenerateCookie");
return GEN_COOKIE_E;
}
ret = InitSha(&sha);
if (ret != 0)
return ret;
ShaUpdate(&sha, (byte*)&peer, peerSz);
ShaFinal(&sha, digest);
if (sz > SHA_DIGEST_SIZE)
sz = SHA_DIGEST_SIZE;
XMEMCPY(buf, digest, sz);
return sz;
}
int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType)
{
Md5 md5;
Sha sha;
int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE;
int i, ret = 0;
byte buffer[SHA_DIGEST_SIZE]; /* max size */
if (hashType != MD5 && hashType != SHA)
return BAD_FUNC_ARG;
if (kLen > hLen)
return BAD_FUNC_ARG;
if (iterations < 1)
return BAD_FUNC_ARG;
if (hashType == MD5) {
InitMd5(&md5);
Md5Update(&md5, passwd, pLen);
Md5Update(&md5, salt, sLen);
Md5Final(&md5, buffer);
}
else {
ret = InitSha(&sha);
if (ret != 0)
return ret;
ShaUpdate(&sha, passwd, pLen);
ShaUpdate(&sha, salt, sLen);
ShaFinal(&sha, buffer);
}
for (i = 1; i < iterations; i++) {
if (hashType == MD5) {
Md5Update(&md5, buffer, hLen);
Md5Final(&md5, buffer);
}
else {
ShaUpdate(&sha, buffer, hLen);
ShaFinal(&sha, buffer);
}
}
XMEMCPY(output, buffer, kLen);
return 0;
}
/* Add data to SHA */
int CRYPT_SHA_DataAdd(CRYPT_SHA_CTX* sha, const unsigned char* input,
unsigned int sz)
{
if (sha == NULL || input == NULL)
return BAD_FUNC_ARG;
return ShaUpdate((Sha*)sha, input, sz);
}
int sha_test(void)
{
Sha sha;
byte hash[SHA_DIGEST_SIZE];
testVector a, b, c, d;
testVector test_sha[4];
int ret = 0;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
"\x6C\x9C\xD0\xD8\x9D";
a.inLen = strlen(a.input);
a.outLen = strlen(a.output);
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
"\xE5\xE5\x46\x70\xF1";
b.inLen = strlen(b.input);
b.outLen = strlen(b.output);
c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaa";
c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
"\x2A\x25\xEC\x64\x4D";
c.inLen = strlen(c.input);
c.outLen = strlen(c.output);
d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa";
d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
"\x53\x99\x5E\x26\xA0";
d.inLen = strlen(d.input);
d.outLen = strlen(d.output);
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
ret = InitSha(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
ShaFinal(&sha, hash);
if (memcmp(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
/* Create and store the master secret see page 32, 6.1 */
int MakeMasterSecret(SSL* ssl)
{
byte shaOutput[SHA_DIGEST_SIZE];
byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
int i;
word32 idx;
word32 pmsSz = ssl->arrays.preMasterSz;
Md5 md5;
Sha sha;
#ifndef NO_TLS
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
#endif
InitMd5(&md5);
InitSha(&sha);
memcpy(md5Input, ssl->arrays.preMasterSecret, pmsSz);
for (i = 0; i < MASTER_ROUNDS; ++i) {
byte prefix[PREFIX];
if (!SetPrefix(prefix, i)) {
return PREFIX_ERROR;
}
idx = 0;
memcpy(shaInput, prefix, i + 1);
idx += i + 1;
memcpy(shaInput + idx, ssl->arrays.preMasterSecret, pmsSz);
idx += pmsSz;
memcpy(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
idx += RAN_LEN;
memcpy(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
idx += RAN_LEN;
ShaUpdate(&sha, shaInput, idx);
ShaFinal(&sha, shaOutput);
idx = pmsSz; /* preSz */
memcpy(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
idx += SHA_DIGEST_SIZE;
Md5Update(&md5, md5Input, idx);
Md5Final(&md5, &ssl->arrays.masterSecret[i * MD5_DIGEST_SIZE]);
}
DeriveKeys(ssl);
CleanPreMaster(ssl);
return 0;
}
static void HmacKeyInnerHash(Hmac* hmac)
{
if (hmac->macType == MD5)
Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
else if (hmac->macType == SHA)
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
#ifndef NO_SHA256
else if (hmac->macType == SHA256)
Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
#endif
hmac->innerHashKeyed = 1;
}
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx)
{
int sd = ssl->wfd;
struct sockaddr_in6 peer;
XSOCKLENT peerSz = sizeof(peer);
Sha sha;
byte digest[SHA_DIGEST_SIZE];
(void)ctx;
if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
CYASSL_MSG("getpeername failed in EmbedGenerateCookie");
return GEN_COOKIE_E;
}
InitSha(&sha);
if (peer.sin6_family == AF_INET6) {
ShaUpdate(&sha, (byte*)&peer.sin6_port, sizeof(peer.sin6_port));
ShaUpdate(&sha, (byte*)&peer.sin6_addr, sizeof(peer.sin6_addr));
}
else if (peer.sin6_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in*)&peer;
ShaUpdate(&sha, (byte*)&s->sin_port, sizeof(s->sin_port));
ShaUpdate(&sha, (byte*)&s->sin_addr, sizeof(s->sin_addr));
}
else {
CYASSL_MSG("peer sin_family unknown type in EmbedGenerateCookie");
return GEN_COOKIE_E;
}
ShaFinal(&sha, digest);
if (sz > SHA_DIGEST_SIZE)
sz = SHA_DIGEST_SIZE;
XMEMCPY(buf, digest, sz);
return sz;
}
bool
tr_sha1_update (tr_sha1_ctx_t handle,
const void * data,
size_t data_length)
{
assert (handle != NULL);
if (data_length == 0)
return true;
assert (data != NULL);
return check_result (ShaUpdate (handle, data, data_length));
}
void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
if (!hmac->innerHashKeyed)
HmacKeyInnerHash(hmac);
if (hmac->macType == MD5)
Md5Update(&hmac->hash.md5, msg, length);
else if (hmac->macType == SHA)
ShaUpdate(&hmac->hash.sha, msg, length);
#ifndef NO_SHA256
else if (hmac->macType == SHA256)
Sha256Update(&hmac->hash.sha256, msg, length);
#endif
}
void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumUpdate(hmac, msg, length);
#endif
if (!hmac->innerHashKeyed)
HmacKeyInnerHash(hmac);
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
Md5Update(&hmac->hash.md5, msg, length);
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, msg, length);
break;
#endif
#ifndef NO_SHA256
case SHA256:
Sha256Update(&hmac->hash.sha256, msg, length);
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
Sha384Update(&hmac->hash.sha384, msg, length);
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
Sha512Update(&hmac->hash.sha512, msg, length);
break;
#endif
default:
break;
}
}
int DeriveKeys(SSL* ssl)
{
int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
2 * ssl->specs.iv_size;
int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
byte shaOutput[SHA_DIGEST_SIZE];
byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
Md5 md5;
Sha sha;
byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; /* max size */
InitMd5(&md5);
InitSha(&sha);
XMEMCPY(md5Input, ssl->arrays.masterSecret, SECRET_LEN);
for (i = 0; i < rounds; ++i) {
int j = i + 1;
int idx = j;
if (!SetPrefix(shaInput, i)) {
return PREFIX_ERROR;
}
XMEMCPY(shaInput + idx, ssl->arrays.masterSecret, SECRET_LEN);
idx += SECRET_LEN;
XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
idx += RAN_LEN;
XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
idx += RAN_LEN;
ShaUpdate(&sha, shaInput, sizeof(shaInput) - KEY_PREFIX + j);
ShaFinal(&sha, shaOutput);
XMEMCPY(&md5Input[SECRET_LEN], shaOutput, SHA_DIGEST_SIZE);
Md5Update(&md5, md5Input, sizeof(md5Input));
Md5Final(&md5, keyData + i * MD5_DIGEST_SIZE);
}
return StoreKeys(ssl, keyData);
}
static void HmacKeyInnerHash(Hmac* hmac)
{
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
break;
#endif
#ifndef NO_SHA256
case SHA256:
Sha256Update(&hmac->hash.sha256,
(byte*) hmac->ipad, SHA256_BLOCK_SIZE);
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
Sha384Update(&hmac->hash.sha384,
(byte*) hmac->ipad, SHA384_BLOCK_SIZE);
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
Sha512Update(&hmac->hash.sha512,
(byte*) hmac->ipad, SHA512_BLOCK_SIZE);
break;
#endif
default:
break;
}
hmac->innerHashKeyed = 1;
}
int dsa_test()
{
int ret, answer;
word32 bytes;
word32 idx = 0;
byte tmp[1024];
DsaKey key;
RNG rng;
FILE* file = fopen(dsaKey, "rb");
Sha sha;
byte hash[SHA_DIGEST_SIZE];
byte signature[40];
if (!file)
return -60;
bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
InitSha(&sha);
ShaUpdate(&sha, tmp, bytes);
ShaFinal(&sha, hash);
InitDsaKey(&key);
ret = DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
if (ret != 0) return -61;
ret = InitRng(&rng);
if (ret != 0) return -62;
ret = DsaSign(hash, signature, &key, &rng);
if (ret != 0) return -63;
ret = DsaVerify(hash, signature, &key, &answer);
if (ret != 0) return -64;
if (answer != 1) return -65;
FreeDsaKey(&key);
fclose(file);
return 0;
}
void bench_sha(void)
{
Sha hash;
byte digest[SHA_DIGEST_SIZE];
double start, total, persec;
int i;
InitSha(&hash);
start = current_time();
for(i = 0; i < megs; i++)
ShaUpdate(&hash, plain, sizeof(plain));
ShaFinal(&hash, digest);
total = current_time() - start;
persec = 1 / total * megs;
printf("SHA %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
/*
* k5_sha1_hash: Hash data buffer using SHA1.
*
* @data Input data structure
* @num_data Number of blocks
* @output Output data structure
*
* Returns 0 on success, krb5_error_code on error
*/
static krb5_error_code
k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
{
Sha sha;
unsigned int i;
if (output->length != SHA_DIGEST_SIZE)
return(KRB5_CRYPTO_INTERNAL);
InitSha(&sha);
for (i = 0; i < num_data; i++) {
const krb5_crypto_iov *iov = &data[i];
if (SIGN_IOV(iov)) {
ShaUpdate(&sha, (unsigned char *) iov->data.data,
iov->data.length);
}
}
ShaFinal(&sha, (unsigned char *) output->data);
return(0);
}
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx)
{
int sd = ssl->wfd;
struct sockaddr_in peer;
XSOCKLENT peerSz = sizeof(peer);
byte cookieSrc[sizeof(struct in_addr) + sizeof(int)];
int cookieSrcSz = 0;
Sha sha;
(void)ctx;
if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
CYASSL_MSG("getpeername failed in EmbedGenerateCookie");
return GEN_COOKIE_E;
}
if (peer.sin_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in*)&peer;
cookieSrcSz = sizeof(struct in_addr) + sizeof(s->sin_port);
XMEMCPY(cookieSrc, &s->sin_port, sizeof(s->sin_port));
XMEMCPY(cookieSrc + sizeof(s->sin_port),
&s->sin_addr, sizeof(struct in_addr));
}
InitSha(&sha);
ShaUpdate(&sha, cookieSrc, cookieSrcSz);
if (sz < SHA_DIGEST_SIZE) {
byte digest[SHA_DIGEST_SIZE];
ShaFinal(&sha, digest);
XMEMCPY(buf, digest, sz);
return sz;
}
ShaFinal(&sha, buf);
return SHA_DIGEST_SIZE;
}
void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i;
InitHmac(hmac, type);
if (length <= HMAC_BLOCK_SIZE)
XMEMCPY(ip, key, length);
else {
if (hmac->macType == MD5) {
Md5Update(&hmac->hash.md5, key, length);
Md5Final(&hmac->hash.md5, ip);
length = MD5_DIGEST_SIZE;
}
else if (hmac->macType == SHA) {
ShaUpdate(&hmac->hash.sha, key, length);
ShaFinal(&hmac->hash.sha, ip);
length = SHA_DIGEST_SIZE;
}
#ifndef NO_SHA256
else if (hmac->macType == SHA256) {
Sha256Update(&hmac->hash.sha256, key, length);
Sha256Final(&hmac->hash.sha256, ip);
length = SHA256_DIGEST_SIZE;
}
#endif
}
XMEMSET(ip + length, 0, HMAC_BLOCK_SIZE - length);
for(i = 0; i < HMAC_BLOCK_SIZE; i++) {
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
}
static int capwap_crypt_createcookie(CYASSL* ssl, unsigned char* buffer, int size, void* context) {
int length;
unsigned char temp[32];
Sha sha;
byte digest[SHA_DIGEST_SIZE];
struct capwap_dtls* dtls = (struct capwap_dtls*)context;
if (size != SHA_DIGEST_SIZE) {
return -1;
}
/* Create buffer with peer's address and port */
if (dtls->peeraddr.ss.ss_family == AF_INET) {
length = sizeof(struct in_addr) + sizeof(in_port_t);
memcpy(temp, &dtls->peeraddr.sin.sin_port, sizeof(in_port_t));
memcpy(temp + sizeof(in_port_t), &dtls->peeraddr.sin.sin_addr, sizeof(struct in_addr));
} else if (dtls->peeraddr.ss.ss_family == AF_INET6) {
length = sizeof(struct in6_addr) + sizeof(in_port_t);
memcpy(temp, &dtls->peeraddr.sin6.sin6_port, sizeof(in_port_t));
memcpy(temp + sizeof(in_port_t), &dtls->peeraddr.sin6.sin6_addr, sizeof(struct in6_addr));
} else {
return -1;
}
/* */
if (InitSha(&sha)) {
return -1;
}
ShaUpdate(&sha, temp, length);
ShaFinal(&sha, digest);
/* */
memcpy(buffer, digest, SHA_DIGEST_SIZE);
return SHA_DIGEST_SIZE;
}
int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
int saltLen, int iterations, int kLen, int hashType, int id)
{
/* all in bytes instead of bits */
word32 u, v, dLen, pLen, iLen, sLen, totalLen;
int dynamic = 0;
int ret = 0;
int i;
byte *D, *S, *P, *I;
#ifdef CYASSL_SMALL_STACK
byte staticBuffer[1]; /* force dynamic usage */
#else
byte staticBuffer[1024];
#endif
byte* buffer = staticBuffer;
#ifdef CYASSL_SMALL_STACK
byte* Ai;
byte* B;
#else
byte Ai[PBKDF_DIGEST_SIZE];
byte B[PBKDF_DIGEST_SIZE];
#endif
if (!iterations)
iterations = 1;
if (hashType == MD5) {
v = MD5_BLOCK_SIZE;
u = MD5_DIGEST_SIZE;
}
else if (hashType == SHA) {
v = SHA_BLOCK_SIZE;
u = SHA_DIGEST_SIZE;
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
v = SHA256_BLOCK_SIZE;
u = SHA256_DIGEST_SIZE;
}
#endif
#ifdef CYASSL_SHA512
else if (hashType == SHA512) {
v = SHA512_BLOCK_SIZE;
u = SHA512_DIGEST_SIZE;
}
#endif
else
return BAD_FUNC_ARG;
#ifdef CYASSL_SMALL_STACK
Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (Ai == NULL)
return MEMORY_E;
B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (B == NULL) {
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
dLen = v;
sLen = v * ((saltLen + v - 1) / v);
if (passLen)
pLen = v * ((passLen + v - 1) / v);
else
pLen = 0;
iLen = sLen + pLen;
totalLen = dLen + sLen + pLen;
if (totalLen > sizeof(staticBuffer)) {
buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
if (buffer == NULL) {
#ifdef CYASSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
dynamic = 1;
}
D = buffer;
S = D + dLen;
P = S + sLen;
I = S;
XMEMSET(D, id, dLen);
for (i = 0; i < (int)sLen; i++)
S[i] = salt[i % saltLen];
for (i = 0; i < (int)pLen; i++)
P[i] = passwd[i % passLen];
while (kLen > 0) {
word32 currentLen;
mp_int B1;
if (hashType == MD5) {
Md5 md5;
InitMd5(&md5);
Md5Update(&md5, buffer, totalLen);
Md5Final(&md5, Ai);
for (i = 1; i < iterations; i++) {
Md5Update(&md5, Ai, u);
Md5Final(&md5, Ai);
}
}
else if (hashType == SHA) {
Sha sha;
ret = InitSha(&sha);
if (ret != 0)
break;
ShaUpdate(&sha, buffer, totalLen);
ShaFinal(&sha, Ai);
for (i = 1; i < iterations; i++) {
ShaUpdate(&sha, Ai, u);
ShaFinal(&sha, Ai);
}
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
Sha256 sha256;
ret = InitSha256(&sha256);
if (ret != 0)
break;
ret = Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
#endif
#ifdef CYASSL_SHA512
else if (hashType == SHA512) {
Sha512 sha512;
ret = InitSha512(&sha512);
if (ret != 0)
break;
ret = Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
#endif
for (i = 0; i < (int)v; i++)
B[i] = Ai[i % u];
if (mp_init(&B1) != MP_OKAY)
ret = MP_INIT_E;
else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
ret = MP_READ_E;
else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
ret = MP_ADD_E;
if (ret != 0) {
mp_clear(&B1);
break;
}
for (i = 0; i < (int)iLen; i += v) {
int outSz;
mp_int i1;
mp_int res;
if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
ret = MP_INIT_E;
break;
}
if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
ret = MP_READ_E;
else if (mp_add(&i1, &B1, &res) != MP_OKAY)
ret = MP_ADD_E;
else if ( (outSz = mp_unsigned_bin_size(&res)) < 0)
ret = MP_TO_E;
else {
if (outSz > (int)v) {
/* take off MSB */
byte tmp[129];
ret = mp_to_unsigned_bin(&res, tmp);
XMEMCPY(I + i, tmp + 1, v);
}
else if (outSz < (int)v) {
XMEMSET(I + i, 0, v - outSz);
ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
}
else
ret = mp_to_unsigned_bin(&res, I + i);
}
mp_clear(&i1);
mp_clear(&res);
if (ret < 0) break;
}
currentLen = min(kLen, (int)u);
XMEMCPY(output, Ai, currentLen);
output += currentLen;
kLen -= currentLen;
mp_clear(&B1);
}
if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
#ifdef CYASSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* build PKCS#7 signedData content type */
int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
{
static const byte outerOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x07, 0x02 };
static const byte innerOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x07, 0x01 };
ESD esd;
word32 signerInfoSz = 0;
word32 totalSz = 0;
int idx = 0, ret = 0;
byte* flatSignedAttribs = NULL;
word32 flatSignedAttribsSz = 0;
word32 innerOidSz = sizeof(innerOid);
word32 outerOidSz = sizeof(outerOid);
if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 ||
pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 ||
pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 ||
output == NULL || outputSz == 0)
return BAD_FUNC_ARG;
XMEMSET(&esd, 0, sizeof(esd));
ret = InitSha(&esd.sha);
if (ret != 0)
return ret;
if (pkcs7->contentSz != 0)
{
ShaUpdate(&esd.sha, pkcs7->content, pkcs7->contentSz);
esd.contentDigest[0] = ASN_OCTET_STRING;
esd.contentDigest[1] = SHA_DIGEST_SIZE;
ShaFinal(&esd.sha, &esd.contentDigest[2]);
}
esd.innerOctetsSz = SetOctetString(pkcs7->contentSz, esd.innerOctets);
esd.innerContSeqSz = SetExplicit(0, esd.innerOctetsSz + pkcs7->contentSz,
esd.innerContSeq);
esd.contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd.innerOctetsSz +
innerOidSz + esd.innerContSeqSz,
esd.contentInfoSeq);
esd.issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
esd.issuerSn);
signerInfoSz += esd.issuerSnSz;
esd.issuerNameSz = SetSequence(pkcs7->issuerSz, esd.issuerName);
signerInfoSz += esd.issuerNameSz + pkcs7->issuerSz;
esd.issuerSnSeqSz = SetSequence(signerInfoSz, esd.issuerSnSeq);
signerInfoSz += esd.issuerSnSeqSz;
esd.signerVersionSz = SetMyVersion(1, esd.signerVersion, 0);
signerInfoSz += esd.signerVersionSz;
esd.signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd.signerDigAlgoId,
hashType, 0);
signerInfoSz += esd.signerDigAlgoIdSz;
esd.digEncAlgoIdSz = SetAlgoID(pkcs7->encryptOID, esd.digEncAlgoId,
keyType, 0);
signerInfoSz += esd.digEncAlgoIdSz;
if (pkcs7->signedAttribsSz != 0) {
byte contentTypeOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01,
0x09, 0x03 };
byte contentType[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01 };
byte messageDigestOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x04 };
PKCS7Attrib cannedAttribs[2] =
{
{ contentTypeOid, sizeof(contentTypeOid),
contentType, sizeof(contentType) },
{ messageDigestOid, sizeof(messageDigestOid),
esd.contentDigest, sizeof(esd.contentDigest) }
};
word32 cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
esd.signedAttribsCount += cannedAttribsCount;
esd.signedAttribsSz += EncodeAttributes(&esd.signedAttribs[0], 2,
cannedAttribs, cannedAttribsCount);
esd.signedAttribsCount += pkcs7->signedAttribsSz;
esd.signedAttribsSz += EncodeAttributes(&esd.signedAttribs[2], 4,
pkcs7->signedAttribs, pkcs7->signedAttribsSz);
flatSignedAttribs = (byte*)XMALLOC(esd.signedAttribsSz, 0, NULL);
flatSignedAttribsSz = esd.signedAttribsSz;
if (flatSignedAttribs == NULL)
return MEMORY_E;
FlattenAttributes(flatSignedAttribs,
esd.signedAttribs, esd.signedAttribsCount);
esd.signedAttribSetSz = SetImplicit(ASN_SET, 0, esd.signedAttribsSz,
esd.signedAttribSet);
}
/* Calculate the final hash and encrypt it. */
{
RsaKey privKey;
int result;
word32 scratch = 0;
byte digestInfo[MAX_SEQ_SZ + MAX_ALGO_SZ +
MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE];
byte digestInfoSeq[MAX_SEQ_SZ];
byte digestStr[MAX_OCTET_STR_SZ];
word32 digestInfoSeqSz, digestStrSz;
int digIdx = 0;
if (pkcs7->signedAttribsSz != 0) {
byte attribSet[MAX_SET_SZ];
word32 attribSetSz;
attribSetSz = SetSet(flatSignedAttribsSz, attribSet);
ret = InitSha(&esd.sha);
if (ret < 0) {
XFREE(flatSignedAttribs, 0, NULL);
return ret;
}
ShaUpdate(&esd.sha, attribSet, attribSetSz);
ShaUpdate(&esd.sha, flatSignedAttribs, flatSignedAttribsSz);
}
ShaFinal(&esd.sha, esd.contentAttribsDigest);
digestStrSz = SetOctetString(SHA_DIGEST_SIZE, digestStr);
digestInfoSeqSz = SetSequence(esd.signerDigAlgoIdSz +
digestStrSz + SHA_DIGEST_SIZE,
digestInfoSeq);
XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
digIdx += digestInfoSeqSz;
XMEMCPY(digestInfo + digIdx,
esd.signerDigAlgoId, esd.signerDigAlgoIdSz);
digIdx += esd.signerDigAlgoIdSz;
XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
digIdx += digestStrSz;
XMEMCPY(digestInfo + digIdx, esd.contentAttribsDigest, SHA_DIGEST_SIZE);
digIdx += SHA_DIGEST_SIZE;
result = InitRsaKey(&privKey, NULL);
if (result == 0)
result = RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, &privKey,
pkcs7->privateKeySz);
if (result < 0) {
XFREE(flatSignedAttribs, 0, NULL);
return PUBLIC_KEY_E;
}
result = RsaSSL_Sign(digestInfo, digIdx,
esd.encContentDigest, sizeof(esd.encContentDigest),
&privKey, pkcs7->rng);
FreeRsaKey(&privKey);
if (result < 0) {
XFREE(flatSignedAttribs, 0, NULL);
return result;
}
esd.encContentDigestSz = (word32)result;
}
signerInfoSz += flatSignedAttribsSz + esd.signedAttribSetSz;
esd.signerDigestSz = SetOctetString(esd.encContentDigestSz,
esd.signerDigest);
signerInfoSz += esd.signerDigestSz + esd.encContentDigestSz;
esd.signerInfoSeqSz = SetSequence(signerInfoSz, esd.signerInfoSeq);
signerInfoSz += esd.signerInfoSeqSz;
esd.signerInfoSetSz = SetSet(signerInfoSz, esd.signerInfoSet);
signerInfoSz += esd.signerInfoSetSz;
esd.certsSetSz = SetImplicit(ASN_SET, 0, pkcs7->singleCertSz, esd.certsSet);
esd.singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd.singleDigAlgoId,
hashType, 0);
esd.digAlgoIdSetSz = SetSet(esd.singleDigAlgoIdSz, esd.digAlgoIdSet);
esd.versionSz = SetMyVersion(1, esd.version, 0);
totalSz = esd.versionSz + esd.singleDigAlgoIdSz + esd.digAlgoIdSetSz +
esd.contentInfoSeqSz + esd.certsSetSz + pkcs7->singleCertSz +
esd.innerOctetsSz + esd.innerContSeqSz +
innerOidSz + pkcs7->contentSz +
signerInfoSz;
esd.innerSeqSz = SetSequence(totalSz, esd.innerSeq);
totalSz += esd.innerSeqSz;
esd.outerContentSz = SetExplicit(0, totalSz, esd.outerContent);
totalSz += esd.outerContentSz + outerOidSz;
esd.outerSeqSz = SetSequence(totalSz, esd.outerSeq);
totalSz += esd.outerSeqSz;
if (outputSz < totalSz)
return BUFFER_E;
idx = 0;
XMEMCPY(output + idx, esd.outerSeq, esd.outerSeqSz);
idx += esd.outerSeqSz;
XMEMCPY(output + idx, outerOid, outerOidSz);
idx += outerOidSz;
XMEMCPY(output + idx, esd.outerContent, esd.outerContentSz);
idx += esd.outerContentSz;
XMEMCPY(output + idx, esd.innerSeq, esd.innerSeqSz);
idx += esd.innerSeqSz;
XMEMCPY(output + idx, esd.version, esd.versionSz);
idx += esd.versionSz;
XMEMCPY(output + idx, esd.digAlgoIdSet, esd.digAlgoIdSetSz);
idx += esd.digAlgoIdSetSz;
XMEMCPY(output + idx, esd.singleDigAlgoId, esd.singleDigAlgoIdSz);
idx += esd.singleDigAlgoIdSz;
XMEMCPY(output + idx, esd.contentInfoSeq, esd.contentInfoSeqSz);
idx += esd.contentInfoSeqSz;
XMEMCPY(output + idx, innerOid, innerOidSz);
idx += innerOidSz;
XMEMCPY(output + idx, esd.innerContSeq, esd.innerContSeqSz);
idx += esd.innerContSeqSz;
XMEMCPY(output + idx, esd.innerOctets, esd.innerOctetsSz);
idx += esd.innerOctetsSz;
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
idx += pkcs7->contentSz;
XMEMCPY(output + idx, esd.certsSet, esd.certsSetSz);
idx += esd.certsSetSz;
XMEMCPY(output + idx, pkcs7->singleCert, pkcs7->singleCertSz);
idx += pkcs7->singleCertSz;
XMEMCPY(output + idx, esd.signerInfoSet, esd.signerInfoSetSz);
idx += esd.signerInfoSetSz;
XMEMCPY(output + idx, esd.signerInfoSeq, esd.signerInfoSeqSz);
idx += esd.signerInfoSeqSz;
XMEMCPY(output + idx, esd.signerVersion, esd.signerVersionSz);
idx += esd.signerVersionSz;
XMEMCPY(output + idx, esd.issuerSnSeq, esd.issuerSnSeqSz);
idx += esd.issuerSnSeqSz;
XMEMCPY(output + idx, esd.issuerName, esd.issuerNameSz);
idx += esd.issuerNameSz;
XMEMCPY(output + idx, pkcs7->issuer, pkcs7->issuerSz);
idx += pkcs7->issuerSz;
XMEMCPY(output + idx, esd.issuerSn, esd.issuerSnSz);
idx += esd.issuerSnSz;
XMEMCPY(output + idx, esd.signerDigAlgoId, esd.signerDigAlgoIdSz);
idx += esd.signerDigAlgoIdSz;
/* SignerInfo:Attributes */
if (pkcs7->signedAttribsSz != 0) {
XMEMCPY(output + idx, esd.signedAttribSet, esd.signedAttribSetSz);
idx += esd.signedAttribSetSz;
XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz);
idx += flatSignedAttribsSz;
XFREE(flatSignedAttribs, 0, NULL);
}
XMEMCPY(output + idx, esd.digEncAlgoId, esd.digEncAlgoIdSz);
idx += esd.digEncAlgoIdSz;
XMEMCPY(output + idx, esd.signerDigest, esd.signerDigestSz);
idx += esd.signerDigestSz;
XMEMCPY(output + idx, esd.encContentDigest, esd.encContentDigestSz);
idx += esd.encContentDigestSz;
return idx;
}
int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i, hmac_block_size = 0;
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumSetKey(hmac, type, key, length);
#endif
ret = InitHmac(hmac, type);
if (ret != 0)
return ret;
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
{
hmac_block_size = MD5_BLOCK_SIZE;
if (length <= MD5_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
Md5Update(&hmac->hash.md5, key, length);
Md5Final(&hmac->hash.md5, ip);
length = MD5_DIGEST_SIZE;
}
}
break;
#endif
#ifndef NO_SHA
case SHA:
{
hmac_block_size = SHA_BLOCK_SIZE;
if (length <= SHA_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ShaUpdate(&hmac->hash.sha, key, length);
ShaFinal(&hmac->hash.sha, ip);
length = SHA_DIGEST_SIZE;
}
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
{
hmac_block_size = SHA256_BLOCK_SIZE;
if (length <= SHA256_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ret = Sha256Update(&hmac->hash.sha256, key, length);
if (ret != 0)
return ret;
ret = Sha256Final(&hmac->hash.sha256, ip);
if (ret != 0)
return ret;
length = SHA256_DIGEST_SIZE;
}
}
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
{
hmac_block_size = SHA384_BLOCK_SIZE;
if (length <= SHA384_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ret = Sha384Update(&hmac->hash.sha384, key, length);
if (ret != 0)
return ret;
ret = Sha384Final(&hmac->hash.sha384, ip);
if (ret != 0)
return ret;
length = SHA384_DIGEST_SIZE;
}
}
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
{
hmac_block_size = SHA512_BLOCK_SIZE;
if (length <= SHA512_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ret = Sha512Update(&hmac->hash.sha512, key, length);
if (ret != 0)
return ret;
ret = Sha512Final(&hmac->hash.sha512, ip);
if (ret != 0)
return ret;
length = SHA512_DIGEST_SIZE;
}
}
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
{
hmac_block_size = BLAKE2B_BLOCKBYTES;
if (length <= BLAKE2B_BLOCKBYTES) {
XMEMCPY(ip, key, length);
}
else {
ret = Blake2bUpdate(&hmac->hash.blake2b, key, length);
if (ret != 0)
return ret;
ret = Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
if (ret != 0)
return ret;
length = BLAKE2B_256;
}
}
break;
#endif
default:
return BAD_FUNC_ARG;
}
if (length < hmac_block_size)
XMEMSET(ip + length, 0, hmac_block_size - length);
for(i = 0; i < hmac_block_size; i++) {
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
return 0;
}
static int HmacKeyInnerHash(Hmac* hmac)
{
int ret = 0;
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
break;
#endif
#ifndef NO_SHA256
case SHA256:
ret = Sha256Update(&hmac->hash.sha256,
(byte*) hmac->ipad, SHA256_BLOCK_SIZE);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
ret = Sha384Update(&hmac->hash.sha384,
(byte*) hmac->ipad, SHA384_BLOCK_SIZE);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
ret = Sha512Update(&hmac->hash.sha512,
(byte*) hmac->ipad, SHA512_BLOCK_SIZE);
if (ret != 0)
return ret;
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = Blake2bUpdate(&hmac->hash.blake2b,
(byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
if (ret != 0)
return ret;
break;
#endif
default:
break;
}
hmac->innerHashKeyed = 1;
return ret;
}
int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumUpdate(hmac, msg, length);
#endif
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
Md5Update(&hmac->hash.md5, msg, length);
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, msg, length);
break;
#endif
#ifndef NO_SHA256
case SHA256:
ret = Sha256Update(&hmac->hash.sha256, msg, length);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
ret = Sha384Update(&hmac->hash.sha384, msg, length);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
ret = Sha512Update(&hmac->hash.sha512, msg, length);
if (ret != 0)
return ret;
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = Blake2bUpdate(&hmac->hash.blake2b, msg, length);
if (ret != 0)
return ret;
break;
#endif
default:
break;
}
return 0;
}
/* Create and store the master secret see page 32, 6.1 */
int MakeMasterSecret(SSL* ssl)
{
byte shaOutput[SHA_DIGEST_SIZE];
byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
int i, ret;
word32 idx;
word32 pmsSz = ssl->arrays.preMasterSz;
Md5 md5;
Sha sha;
#ifdef SHOW_SECRETS
{
int j;
printf("pre master secret: ");
for (j = 0; j < pmsSz; j++)
printf("%02x", ssl->arrays.preMasterSecret[j]);
printf("\n");
}
#endif
#ifndef NO_TLS
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
#endif
InitMd5(&md5);
InitSha(&sha);
XMEMCPY(md5Input, ssl->arrays.preMasterSecret, pmsSz);
for (i = 0; i < MASTER_ROUNDS; ++i) {
byte prefix[PREFIX];
if (!SetPrefix(prefix, i)) {
return PREFIX_ERROR;
}
idx = 0;
XMEMCPY(shaInput, prefix, i + 1);
idx += i + 1;
XMEMCPY(shaInput + idx, ssl->arrays.preMasterSecret, pmsSz);
idx += pmsSz;
XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
idx += RAN_LEN;
XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
idx += RAN_LEN;
ShaUpdate(&sha, shaInput, idx);
ShaFinal(&sha, shaOutput);
idx = pmsSz; /* preSz */
XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
idx += SHA_DIGEST_SIZE;
Md5Update(&md5, md5Input, idx);
Md5Final(&md5, &ssl->arrays.masterSecret[i * MD5_DIGEST_SIZE]);
}
#ifdef SHOW_SECRETS
{
int i;
printf("master secret: ");
for (i = 0; i < SECRET_LEN; i++)
printf("%02x", ssl->arrays.masterSecret[i]);
printf("\n");
}
#endif
ret = DeriveKeys(ssl);
CleanPreMaster(ssl);
return ret;
}
int HmacFinal(Hmac* hmac, byte* hash)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumFinal(hmac, hash);
#endif
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
{
Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
Md5Update(&hmac->hash.md5,
(byte*) hmac->innerHash, MD5_DIGEST_SIZE);
Md5Final(&hmac->hash.md5, hash);
}
break;
#endif
#ifndef NO_SHA
case SHA:
{
ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
ShaUpdate(&hmac->hash.sha,
(byte*) hmac->innerHash, SHA_DIGEST_SIZE);
ShaFinal(&hmac->hash.sha, hash);
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
{
ret = Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
ret = Sha256Update(&hmac->hash.sha256,
(byte*) hmac->opad, SHA256_BLOCK_SIZE);
if (ret != 0)
return ret;
ret = Sha256Update(&hmac->hash.sha256,
(byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = Sha256Final(&hmac->hash.sha256, hash);
if (ret != 0)
return ret;
}
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
{
ret = Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
ret = Sha384Update(&hmac->hash.sha384,
(byte*) hmac->opad, SHA384_BLOCK_SIZE);
if (ret != 0)
return ret;
ret = Sha384Update(&hmac->hash.sha384,
(byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = Sha384Final(&hmac->hash.sha384, hash);
if (ret != 0)
return ret;
}
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
{
ret = Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
ret = Sha512Update(&hmac->hash.sha512,
(byte*) hmac->opad, SHA512_BLOCK_SIZE);
if (ret != 0)
return ret;
ret = Sha512Update(&hmac->hash.sha512,
(byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = Sha512Final(&hmac->hash.sha512, hash);
if (ret != 0)
return ret;
}
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
{
ret = Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
return ret;
ret = Blake2bUpdate(&hmac->hash.blake2b,
(byte*) hmac->opad, BLAKE2B_BLOCKBYTES);
if (ret != 0)
return ret;
ret = Blake2bUpdate(&hmac->hash.blake2b,
(byte*) hmac->innerHash, BLAKE2B_256);
if (ret != 0)
return ret;
ret = Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
if (ret != 0)
return ret;
}
break;
#endif
default:
break;
}
hmac->innerHashKeyed = 0;
return 0;
}
