ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type)
{
ssh_mac_ctx ctx = malloc(sizeof (struct ssh_mac_ctx_struct));
const mbedtls_md_info_t *md_info;
int rc;
if (ctx == NULL) {
return NULL;
}
ctx->mac_type=type;
switch(type) {
case SSH_MAC_SHA1:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
break;
case SSH_MAC_SHA256:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
break;
case SSH_MAC_SHA384:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
break;
case SSH_MAC_SHA512:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
break;
default:
goto error;
}
if (md_info == NULL) {
goto error;
}
mbedtls_md_init(&ctx->ctx);
rc = mbedtls_md_setup(&ctx->ctx, md_info, 0);
if (rc != 0) {
goto error;
}
rc = mbedtls_md_starts(&ctx->ctx);
if (rc != 0) {
goto error;
}
return ctx;
error:
SAFE_FREE(ctx);
return NULL;
}
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type)
{
HMACCTX ctx = NULL;
const mbedtls_md_info_t *md_info = NULL;
int rc;
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
switch (type) {
case SSH_HMAC_SHA1:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
break;
case SSH_HMAC_SHA256:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
break;
case SSH_HMAC_SHA512:
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
break;
default:
goto error;
}
mbedtls_md_init(ctx);
if (md_info == NULL) {
goto error;
}
rc = mbedtls_md_setup(ctx, md_info, 1);
if (rc != 0) {
goto error;
}
rc = mbedtls_md_hmac_starts(ctx, key, len);
if (rc != 0) {
goto error;
}
return ctx;
error:
mbedtls_md_free(ctx);
SAFE_FREE(ctx);
return NULL;
}
/**
* Given the indirected identifier for the hash algorithm return its label.
*
* @param Hashes The hash algorithm in question.
* @return The label for the digest.
*/
const char* get_digest_label(Hashes h) {
const mbedtls_md_info_t* info = mbedtls_md_info_from_type((mbedtls_md_type_t)h);
if (info) {
return info->name;
}
return "<UNKNOWN>";
}
/**
* Given the identifier for the hash algorithm return the output size.
*
* @param Hashes The hash algorithm in question.
* @return The size of the buffer (in bytes) required to hold the digest output.
*/
int get_digest_output_length(Hashes h) {
const mbedtls_md_info_t* info = mbedtls_md_info_from_type((mbedtls_md_type_t)h);
if (info) {
return info->size;
}
return 0;
}
tt_result_t tt_ecdsa_verify(IN tt_ecdsa_t *dsa,
IN tt_u8_t *input,
IN tt_u32_t len,
IN tt_md_type_t md_type,
IN tt_u8_t *sig,
IN tt_u32_t sig_len)
{
mbedtls_ecdsa_context *ctx = &dsa->ctx;
mbedtls_md_type_t t;
const mbedtls_md_info_t *md_type_info;
tt_u8_t hash[MBEDTLS_MD_MAX_SIZE];
tt_u32_t hashlen;
int e;
t = tt_g_md_type_map[md_type];
md_type_info = mbedtls_md_info_from_type(t);
mbedtls_md(md_type_info, input, len, hash);
hashlen = mbedtls_md_get_size(md_type_info);
e = mbedtls_ecdsa_read_signature(ctx, hash, hashlen, sig, sig_len);
if (e != 0) {
tt_crypto_error("ecdsa verify failed");
return TT_FAIL;
}
return TT_SUCCESS;
}
int
ss_onetimeauth(buffer_t *buf, uint8_t *iv, size_t capacity)
{
uint8_t hash[ONETIMEAUTH_BYTES * 2];
uint8_t auth_key[MAX_IV_LENGTH + MAX_KEY_LENGTH];
memcpy(auth_key, iv, enc_iv_len);
memcpy(auth_key + enc_iv_len, enc_key, enc_key_len);
brealloc(buf, ONETIMEAUTH_BYTES + buf->len, capacity);
#if defined(USE_CRYPTO_OPENSSL)
HMAC(EVP_sha1(), auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, buf->len, (uint8_t *)hash, NULL);
#elif defined(USE_CRYPTO_MBEDTLS)
mbedtls_md_hmac(mbedtls_md_info_from_type(
MBEDTLS_MD_SHA1), auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, buf->len,
(uint8_t *)hash);
#else
sha1_hmac(auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, buf->len, (uint8_t *)hash);
#endif
memcpy(buf->array + buf->len, hash, ONETIMEAUTH_BYTES);
buf->len += ONETIMEAUTH_BYTES;
return 0;
}
/*
* Deterministic signature wrapper
*/
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
mbedtls_md_type_t md_alg )
{
int ret;
mbedtls_hmac_drbg_context rng_ctx;
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
size_t grp_len = ( grp->nbits + 7 ) / 8;
const mbedtls_md_info_t *md_info;
mbedtls_mpi h;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
mbedtls_mpi_init( &h );
mbedtls_hmac_drbg_init( &rng_ctx );
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, &rng_ctx );
cleanup:
mbedtls_hmac_drbg_free( &rng_ctx );
mbedtls_mpi_free( &h );
return( ret );
}
result_t crypto_base::pbkdf2(int32_t algo, Buffer_base* password,
Buffer_base* salt, int32_t iterations,
int32_t size, obj_ptr<Buffer_base>& retVal)
{
if (algo < hash_base::_MD2 || algo > hash_base::_RIPEMD160)
return CHECK_ERROR(CALL_E_INVALIDARG);
qstring str_pass;
qstring str_salt;
qstring str_key;
password->toString(str_pass);
salt->toString(str_salt);
str_key.resize(size);
mbedtls_md_context_t ctx;
mbedtls_md_setup(&ctx, mbedtls_md_info_from_type((mbedtls_md_type_t)algo), 1);
mbedtls_pkcs5_pbkdf2_hmac(&ctx, (const unsigned char *)str_pass.c_str(), str_pass.length(),
(const unsigned char *)str_salt.c_str(), str_salt.length(),
iterations, size, (unsigned char *)&str_key[0]);
mbedtls_md_free(&ctx);
retVal = new Buffer(str_key);
return 0;
}
BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
if (!mdctx || !evp)
return FALSE;
if (EVP_DigestInit_ex(mdctx, evp, NULL) != 1)
return FALSE;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md_type);
if (!md_info)
return FALSE;
if (mdctx->md_info != md_info)
{
mbedtls_md_free(mdctx); /* can be called at any time after mbedtls_md_init */
if (mbedtls_md_setup(mdctx, md_info, 0) != 0)
return FALSE;
}
if (mbedtls_md_starts(mdctx) != 0)
return FALSE;
#endif
return TRUE;
}
int winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, int md)
{
#if defined(WITH_OPENSSL)
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
if (!evp)
return -1;
EVP_MD_CTX_init((EVP_MD_CTX*) ctx);
if (EVP_DigestInit_ex((EVP_MD_CTX*) ctx, evp, NULL) != 1)
return -1;
#elif defined(WITH_MBEDTLS)
const mbedtls_md_info_t* md_info;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
md_info = mbedtls_md_info_from_type(md_type);
if (!md_info)
return -1;
mbedtls_md_init((mbedtls_md_context_t*) ctx);
if (mbedtls_md_setup((mbedtls_md_context_t*) ctx, md_info, 0) != 0)
return -1;
if (mbedtls_md_starts((mbedtls_md_context_t*) ctx) != 0)
return -1;
#endif
return 0;
}
void
show_available_digests()
{
const int *digests = mbedtls_md_list();
#ifndef ENABLE_SMALL
printf("The following message digests are available for use with\n"
PACKAGE_NAME ". A message digest is used in conjunction with\n"
"the HMAC function, to authenticate received packets.\n"
"You can specify a message digest as parameter to\n"
"the --auth option.\n\n");
#endif
while (*digests != 0)
{
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*digests);
if (info)
{
printf("%s %d bit default key\n", mbedtls_md_get_name(info),
mbedtls_md_get_size(info) * 8);
}
digests++;
}
printf("\n");
}
SHACTX sha1_init(void)
{
SHACTX ctx = NULL;
int rc;
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
int winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, int md, const BYTE* key, size_t keylen)
{
#if defined(WITH_OPENSSL)
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
if (!evp)
return -1;
HMAC_CTX_init((HMAC_CTX*) ctx);
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
HMAC_Init_ex((HMAC_CTX*) ctx, key, keylen, evp, NULL);
#else
if (HMAC_Init_ex((HMAC_CTX*) ctx, key, keylen, evp, NULL) != 1)
return -1;
#endif
#elif defined(WITH_MBEDTLS)
const mbedtls_md_info_t* md_info;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
md_info = mbedtls_md_info_from_type(md_type);
if (!md_info)
return -1;
mbedtls_md_init((mbedtls_md_context_t*) ctx);
if (mbedtls_md_setup((mbedtls_md_context_t*) ctx, md_info, 1) != 0)
return -1;
if (mbedtls_md_hmac_starts((mbedtls_md_context_t*) ctx, key, keylen) != 0)
return -1;
#endif
return 0;
}
int
complete_auth_fields(uint8_t key_id, const char *key, void *packet, size_t pckt_len,
void *auth_data_pos)
{
const mbedtls_md_info_t *md_info;
mbedtls_md_type_t md_type;
size_t auth_data_len;
switch (key_id) {
case HMAC_SHA_1_96:
md_type = MBEDTLS_MD_SHA1;
auth_data_len = SHA1_AUTH_DATA_LEN;
break;
default:
OOR_LOG(LDBG_2, "complete_auth_fields: HMAC unknown key type: %d", (int)key_id);
return(BAD);
}
md_info = mbedtls_md_info_from_type(md_type);
memset(auth_data_pos,0,auth_data_len);
if (mbedtls_md_hmac(md_info,
(const unsigned char *)key,
strlen(key),
(const unsigned char *)packet,
pckt_len,
(unsigned char *)auth_data_pos) != 0){
OOR_LOG(LDBG_2, "complete_auth_fields: Error using mbedtls");
return (BAD);
}
return (GOOD);
}
int
rb_ssl_get_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN])
{
const mbedtls_x509_crt *peer_cert;
uint8_t hash[RB_SSL_CERTFP_LEN];
const mbedtls_md_info_t *md_info;
int ret;
peer_cert = mbedtls_ssl_get_peer_cert(SSL_P(F));
if (peer_cert == NULL)
return 0;
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info == NULL)
return 0;
if ((ret = mbedtls_md(md_info, peer_cert->raw.p, peer_cert->raw.len, hash)) != 0)
{
rb_lib_log("rb_get_ssl_certfp: unable to get certfp for F: %p, %d", F, ret);
return 0;
}
memcpy(certfp, hash, RB_SSL_CERTFP_LEN);
return 1;
}
EVPCTX evp_init(int nid)
{
EVPCTX ctx = NULL;
int rc;
mbedtls_md_type_t algo = nid_to_md_algo(nid);
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(algo);
if (md_info == NULL) {
return NULL;
}
ctx = malloc(sizeof(mbedtls_md_context_t));
if (ctx == NULL) {
return NULL;
}
mbedtls_md_init(ctx);
rc = mbedtls_md_setup(ctx, md_info, 0);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
rc = mbedtls_md_starts(ctx);
if (rc != 0) {
SAFE_FREE(ctx);
return NULL;
}
return ctx;
}
int ss_gen_hash(buffer_t *buf, uint32_t *counter, enc_ctx_t *ctx, size_t capacity)
{
ssize_t blen = buf->len;
uint16_t chunk_len = htons((uint16_t)blen);
uint8_t hash[ONETIMEAUTH_BYTES * 2];
uint8_t key[MAX_IV_LENGTH + sizeof(uint32_t)];
uint32_t c = htonl(*counter);
brealloc(buf, AUTH_BYTES + blen, capacity);
memcpy(key, ctx->evp.iv, enc_iv_len);
memcpy(key + enc_iv_len, &c, sizeof(uint32_t));
#if defined(USE_CRYPTO_OPENSSL)
HMAC(EVP_sha1(), key, enc_iv_len + sizeof(uint32_t), (uint8_t *)buf->array, blen, hash, NULL);
#elif defined(USE_CRYPTO_MBEDTLS)
mbedtls_md_hmac(mbedtls_md_info_from_type(
MBEDTLS_MD_SHA1), key, enc_iv_len + sizeof(uint32_t), (uint8_t *)buf->array, blen, hash);
#else
sha1_hmac(key, enc_iv_len + sizeof(uint32_t), (uint8_t *)buf->array, blen, hash);
#endif
memmove(buf->array + AUTH_BYTES, buf->array, blen);
memcpy(buf->array + CLEN_BYTES, hash, ONETIMEAUTH_BYTES);
memcpy(buf->array, &chunk_len, CLEN_BYTES);
*counter = *counter + 1;
buf->len = blen + AUTH_BYTES;
return 0;
}
void sha1(unsigned char *digest, int len, unsigned char *hash)
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if (md_info != NULL) {
mbedtls_md(md_info, digest, len, hash);
}
}
int
ss_check_hash(buffer_t *buf, chunk_t *chunk, enc_ctx_t *ctx, size_t capacity)
{
int i, j, k;
ssize_t blen = buf->len;
uint32_t cidx = chunk->idx;
brealloc(chunk->buf, chunk->len + blen, capacity);
brealloc(buf, chunk->len + blen, capacity);
for (i = 0, j = 0, k = 0; i < blen; i++) {
chunk->buf->array[cidx++] = buf->array[k++];
if (cidx == CLEN_BYTES) {
uint16_t clen = ntohs(*((uint16_t *)chunk->buf->array));
brealloc(chunk->buf, clen + AUTH_BYTES, capacity);
chunk->len = clen;
}
if (cidx == chunk->len + AUTH_BYTES) {
// Compare hash
uint8_t hash[ONETIMEAUTH_BYTES * 2];
uint8_t key[MAX_IV_LENGTH + sizeof(uint32_t)];
uint32_t c = htonl(chunk->counter);
memcpy(key, ctx->evp.iv, enc_iv_len);
memcpy(key + enc_iv_len, &c, sizeof(uint32_t));
#if defined(USE_CRYPTO_OPENSSL)
HMAC(EVP_sha1(), key, enc_iv_len + sizeof(uint32_t),
(uint8_t *)chunk->buf->array + AUTH_BYTES, chunk->len, hash, NULL);
#elif defined(USE_CRYPTO_MBEDTLS)
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), key, enc_iv_len + sizeof(uint32_t),
(uint8_t *)chunk->buf->array + AUTH_BYTES, chunk->len, hash);
#else
sha1_hmac(key, enc_iv_len + sizeof(uint32_t),
(uint8_t *)chunk->buf->array + AUTH_BYTES, chunk->len, hash);
#endif
if (safe_memcmp(hash, chunk->buf->array + CLEN_BYTES, ONETIMEAUTH_BYTES) != 0) {
return 0;
}
// Copy chunk back to buffer
memmove(buf->array + j + chunk->len, buf->array + k, blen - i - 1);
memcpy(buf->array + j, chunk->buf->array + AUTH_BYTES, chunk->len);
// Reset the base offset
j += chunk->len;
k = j;
cidx = 0;
chunk->counter++;
}
}
buf->len = j;
chunk->idx = cidx;
return 1;
}
/*
* Checkup routine for HMAC_DRBG with SHA-1
*/
int mbedtls_hmac_drbg_self_test( int verbose )
{
mbedtls_hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
mbedtls_hmac_drbg_init( &ctx );
/*
* PR = True
*/
if( verbose != 0 )
mbedtls_printf( " HMAC_DRBG (PR = True) : " );
test_offset = 0;
CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
hmac_drbg_self_test_entropy, (void *) entropy_pr,
NULL, 0 ) );
mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
mbedtls_hmac_drbg_free( &ctx );
mbedtls_hmac_drbg_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
/*
* PR = False
*/
if( verbose != 0 )
mbedtls_printf( " HMAC_DRBG (PR = False) : " );
mbedtls_hmac_drbg_init( &ctx );
test_offset = 0;
CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
hmac_drbg_self_test_entropy, (void *) entropy_nopr,
NULL, 0 ) );
CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
mbedtls_hmac_drbg_free( &ctx );
mbedtls_hmac_drbg_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
if( verbose != 0 )
mbedtls_printf( "\n" );
return( 0 );
}
Digest::Digest(mbedtls_md_type_t algo, const char *key, int32_t sz)
{
m_bMac = true;
m_iAlgo = algo;
mbedtls_md_init(&m_ctx);
mbedtls_md_setup(&m_ctx, mbedtls_md_info_from_type(algo), 1);
mbedtls_md_hmac_starts(&m_ctx, (unsigned char *)key, sz);
}
// ESP32 SHA256
void SHA256(uint8_t *dest, const uint8_t *data, size_t dataLength)
{
mbedtls_md_context_t ctx;
mbedtls_md_init(&ctx);
mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
mbedtls_md_starts(&ctx);
mbedtls_md_update(&ctx, (const unsigned char *)data, dataLength);
mbedtls_md_finish(&ctx, dest);
}
Digest::Digest(mbedtls_md_type_t algo)
{
m_bMac = false;
m_iAlgo = algo;
mbedtls_md_init(&m_ctx);
mbedtls_md_setup(&m_ctx, mbedtls_md_info_from_type(algo), 0);
mbedtls_md_starts(&m_ctx);
}
/*JSON{
"type" : "staticmethod",
"class" : "crypto",
"name" : "PBKDF2",
"generate" : "jswrap_crypto_PBKDF2",
"params" : [
["passphrase","JsVar","Passphrase"],
["salt","JsVar","Salt for turning passphrase into a key"],
["options","JsVar","Object of Options, `{ keySize: 8 (in 32 bit words), iterations: 10, hasher: 'SHA1'/'SHA224'/'SHA256'/'SHA384'/'SHA512' }`"]
],
"return" : ["JsVar","Returns an ArrayBuffer"],
"return_object" : "ArrayBuffer",
"ifdef" : "USE_TLS"
}
Password-Based Key Derivation Function 2 algorithm, using SHA512
*/
JsVar *jswrap_crypto_PBKDF2(JsVar *passphrase, JsVar *salt, JsVar *options) {
int iterations = 1;
int keySize = 128/32;
mbedtls_md_type_t hasher = MBEDTLS_MD_SHA1;
if (jsvIsObject(options)) {
keySize = jsvGetIntegerAndUnLock(jsvObjectGetChild(options, "keySize", 0));
if (keySize<=0) keySize=128/32;
iterations = jsvGetIntegerAndUnLock(jsvObjectGetChild(options, "iterations", 0));
if (iterations<1) iterations = 1;
JsVar *hashVar = jsvObjectGetChild(options, "hasher", 0);
if (!jsvIsUndefined(hashVar))
hasher = jswrap_crypto_getHasher(hashVar);
jsvUnLock(hashVar);
} else if (!jsvIsUndefined(options))
jsError("Options should be an object or undefined, got %t", options);
if (hasher == MBEDTLS_MD_NONE)
return 0; // already shown an error
JSV_GET_AS_CHAR_ARRAY(passPtr, passLen, passphrase);
if (!passPtr) return 0;
JSV_GET_AS_CHAR_ARRAY(saltPtr, saltLen, salt);
if (!saltPtr) return 0;
int err;
mbedtls_md_context_t ctx;
mbedtls_md_init( &ctx );
err = mbedtls_md_setup( &ctx, mbedtls_md_info_from_type( hasher ), 1 );
assert(err==0);
char *keyPtr = 0;
JsVar *keyArr = jsvNewArrayBufferWithPtr((unsigned)keySize*4, &keyPtr);
if (!keyPtr) {
jsError("Not enough memory for result");
return 0;
}
err = mbedtls_pkcs5_pbkdf2_hmac( &ctx,
(unsigned char*)passPtr, passLen,
(unsigned char*)saltPtr, saltLen,
(unsigned)iterations,
(unsigned)keySize*4, (unsigned char*)keyPtr );
mbedtls_md_free( &ctx );
if (!err) {
return keyArr;
} else {
jswrap_crypto_error(err);
jsvUnLock(keyArr);
return 0;
}
}
void calculate_ciphertext_hmac(const unsigned char *ciphertext,
const unsigned char *hmac_key,
unsigned char *hmac)
{
#ifdef USE_MBEDTLS
mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), hmac_key, 40, ciphertext, 128, hmac);
#else
sha1_hmac(hmac_key, 40, ciphertext, 128, hmac);
#endif
}
/*
* Helper for writing signature algorithms
*/
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts )
{
int ret;
char *p = buf;
size_t n = size;
const char *desc = NULL;
ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
if( ret != 0 )
ret = mbedtls_snprintf( p, n, "???" );
else
ret = mbedtls_snprintf( p, n, "%s", desc );
MBEDTLS_X509_SAFE_SNPRINTF;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
{
const mbedtls_pk_rsassa_pss_options *pss_opts;
const mbedtls_md_info_t *md_info, *mgf_md_info;
pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
md_info = mbedtls_md_info_from_type( md_alg );
mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
md_info ? mbedtls_md_get_name( md_info ) : "???",
mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
pss_opts->expected_salt_len );
MBEDTLS_X509_SAFE_SNPRINTF;
}
#else
((void) pk_alg);
((void) md_alg);
((void) sig_opts);
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
return( (int)( size - n ) );
}
bool ECDSA_Verify(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr)
{
mbedtls_ecp_keypair keypair;
mbedtls_mpi r;
mbedtls_mpi s;
mbedtls_md_type_t mdType;
const mbedtls_md_info_t *pmdInfo;
byte rgbDigest[MBEDTLS_MD_MAX_SIZE];
cn_cbor * pSig;
bool result = false;
mbedtls_ecp_keypair_init(&keypair);
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
if(!ECKey_From(pKey, &keypair, perr)) goto errorReturn;
switch(cbitDigest)
{
case 256:
mdType = MBEDTLS_MD_SHA256;
break;
case 384:
mdType = MBEDTLS_MD_SHA384;
break;
case 512:
mdType = MBEDTLS_MD_SHA512;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
pmdInfo = mbedtls_md_info_from_type(mdType);
CHECK_CONDITION(pmdInfo != NULL, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(mbedtls_md(pmdInfo, rgbToSign, cbToSign, rgbDigest) == 0, COSE_ERR_INVALID_PARAMETER);
pSig = _COSE_arrayget_int(pSigner, index);
CHECK_CONDITION((pSig != NULL) && (pSig->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(mbedtls_mpi_read_binary( &r, pSig->v.bytes, pSig->length / 2 ) == 0, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(mbedtls_mpi_read_binary( &s, pSig->v.bytes + pSig->length / 2, pSig->length / 2 ) == 0, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(mbedtls_ecdsa_verify(&keypair.grp, rgbDigest, mbedtls_md_get_size(pmdInfo), &keypair.Q, &r, &s) == 0, COSE_ERR_CRYPTO_FAIL);
result = true;
errorReturn:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecp_keypair_free(&keypair);
return result;
}
void evp(int nid, unsigned char *digest, int len,
unsigned char *hash, unsigned int *hlen)
{
mbedtls_md_type_t algo = nid_to_md_algo(nid);
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_type(algo);
if (md_info != NULL) {
*hlen = mbedtls_md_get_size(md_info);
mbedtls_md(md_info, digest, len, hash);
}
}
/*
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
*/
static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
{
const mbedtls_md_info_t *md_info;
if( *hash_len != 0 )
return( 0 );
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( -1 );
*hash_len = mbedtls_md_get_size( md_info );
return( 0 );
}
int mbedtls_pkcs5_self_test( int verbose )
{
mbedtls_md_context_t sha1_ctx;
const mbedtls_md_info_t *info_sha1;
int ret, i;
unsigned char key[64];
mbedtls_md_init( &sha1_ctx );
info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
if( info_sha1 == NULL )
{
ret = 1;
goto exit;
}
if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
{
ret = 1;
goto exit;
}
for( i = 0; i < MAX_TESTS; i++ )
{
if( verbose != 0 )
mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i );
ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
slen[i], it_cnt[i], key_len[i], key );
if( ret != 0 ||
memcmp( result_key[i], key, key_len[i] ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
ret = 1;
goto exit;
}
if( verbose != 0 )
mbedtls_printf( "passed\n" );
}
if( verbose != 0 )
mbedtls_printf( "\n" );
exit:
mbedtls_md_free( &sha1_ctx );
return( ret );
}
