static int sqlcipher_ltc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
int rc, hash_idx;
hmac_state hmac;
unsigned long outlen;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
hash_idx = find_hash("sha1");
break;
case SQLCIPHER_HMAC_SHA256:
hash_idx = find_hash("sha256");
break;
case SQLCIPHER_HMAC_SHA512:
hash_idx = find_hash("sha512");
break;
default:
return SQLITE_ERROR;
}
if(hash_idx < 0) return SQLITE_ERROR;
outlen = hash_descriptor[hash_idx].hashsize;
if(in == NULL) return SQLITE_ERROR;
if((rc = hmac_init(&hmac, hash_idx, hmac_key, key_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_process(&hmac, in, in_sz)) != CRYPT_OK) return SQLITE_ERROR;
if(in2 != NULL && (rc = hmac_process(&hmac, in2, in2_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_done(&hmac, out, &outlen)) != CRYPT_OK) return SQLITE_ERROR;
return SQLITE_OK;
}
static int sqlcipher_ltc_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
int rc, hash_idx;
hmac_state hmac;
unsigned long outlen = key_sz;
hash_idx = find_hash("sha1");
if((rc = hmac_init(&hmac, hash_idx, hmac_key, key_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_process(&hmac, in, in_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_process(&hmac, in2, in2_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_done(&hmac, out, &outlen)) != CRYPT_OK) return SQLITE_ERROR;
return SQLITE_OK;
}
/* Checks the mac in hashbuf, for the data in readbuf.
* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
static int checkmac(buffer* macbuf, buffer* sourcebuf) {
unsigned char macsize;
hmac_state hmac;
unsigned char tempbuf[MAX_MAC_LEN];
unsigned long hashsize;
int len;
macsize = ses.keys->recv_algo_mac->hashsize;
if (macsize == 0) {
return DROPBEAR_SUCCESS;
}
/* calculate the mac */
if (hmac_init(&hmac,
find_hash(ses.keys->recv_algo_mac->hashdesc->name),
ses.keys->recvmackey,
ses.keys->recv_algo_mac->keysize)
!= CRYPT_OK) {
dropbear_exit("HMAC error");
}
/* sequence number */
STORE32H(ses.recvseq, tempbuf);
if (hmac_process(&hmac, tempbuf, 4) != CRYPT_OK) {
dropbear_exit("HMAC error");
}
buf_setpos(sourcebuf, 0);
len = sourcebuf->len;
if (hmac_process(&hmac, buf_getptr(sourcebuf, len), len) != CRYPT_OK) {
dropbear_exit("HMAC error");
}
hashsize = sizeof(tempbuf);
if (hmac_done(&hmac, tempbuf, &hashsize) != CRYPT_OK) {
dropbear_exit("HMAC error");
}
/* compare the hash */
if (memcmp(tempbuf, buf_getptr(macbuf, macsize), macsize) != 0) {
return DROPBEAR_FAILURE;
} else {
return DROPBEAR_SUCCESS;
}
}
/**
HMAC a file
@param hash The index of the hash you wish to use
@param fname The name of the file you wish to HMAC
@param key The secret key
@param keylen The length of the secret key
@param out [out] The HMAC authentication tag
@param outlen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled
*/
int hmac_file(int hash, const char *fname,
const unsigned char *key, unsigned long keylen,
unsigned char *out, unsigned long *outlen)
{
#ifdef LTC_NO_FILE
return CRYPT_NOP;
#else
hmac_state hmac;
FILE *in;
unsigned char buf[512];
size_t x;
int err;
LTC_ARGCHK(fname != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
return err;
}
in = fopen(fname, "rb");
if (in == NULL) {
return CRYPT_FILE_NOTFOUND;
}
/* process the file contents */
do {
x = fread(buf, 1, sizeof(buf), in);
if ((err = hmac_process(&hmac, buf, (unsigned long)x)) != CRYPT_OK) {
/* we don't trap this error since we're already returning an error! */
fclose(in);
return err;
}
} while (x == sizeof(buf));
if (fclose(in) != 0) {
return CRYPT_ERROR;
}
/* get final hmac */
if ((err = hmac_done(&hmac, out, outlen)) != CRYPT_OK) {
return err;
}
#ifdef LTC_CLEAN_STACK
/* clear memory */
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
#endif
}
/* Create the packet mac, and append H(seqno|clearbuf) to the output */
static void writemac(buffer * outputbuffer, buffer * clearwritebuf) {
int macsize;
unsigned char seqbuf[4];
unsigned long hashsize;
hmac_state hmac;
TRACE(("enter writemac"));
macsize = ses.keys->trans_algo_mac->hashsize;
if (macsize > 0) {
/* calculate the mac */
if (hmac_init(&hmac,
find_hash(ses.keys->trans_algo_mac->hashdesc->name),
ses.keys->transmackey,
ses.keys->trans_algo_mac->keysize) != CRYPT_OK) {
dropbear_exit("HMAC error");
}
/* sequence number */
STORE32H(ses.transseq, seqbuf);
if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) {
dropbear_exit("HMAC error");
}
/* the actual contents */
buf_setpos(clearwritebuf, 0);
if (hmac_process(&hmac,
buf_getptr(clearwritebuf,
clearwritebuf->len),
clearwritebuf->len) != CRYPT_OK) {
dropbear_exit("HMAC error");
}
hashsize = macsize;
if (hmac_done(&hmac, buf_getwriteptr(outputbuffer, macsize), &hashsize)
!= CRYPT_OK) {
dropbear_exit("HMAC error");
}
buf_incrwritepos(outputbuffer, macsize);
}
TRACE(("leave writemac"));
}
void authenticate_decrypt(void* buf, u32 len)
{
#ifdef GLADMAN_HMAC
hmac_sha1_data(buf, len, &hmac);
#else
if (hmac_process(&hmac, buf, len) != CRYPT_OK)
Z_ERROR("Failed to authenticate");
#endif
if (ctr_decrypt(buf, buf, len, &ctr) != CRYPT_OK)
Z_ERROR("Failed to decrypt");
}
/**
HMAC multiple blocks of memory to produce the authentication tag
@param hash The index of the hash to use
@param key The secret key
@param keylen The length of the secret key (octets)
@param out [out] Destination of the authentication tag
@param outlen [in/out] Max size and resulting size of authentication tag
@param in The data to HMAC
@param inlen The length of the data to HMAC (octets)
@param ... tuples of (data,len) pairs to HMAC, terminated with a (NULL,x) (x=don't care)
@return CRYPT_OK if successful
*/
int hmac_memory_multi(int hash,
const unsigned char *key, unsigned long keylen,
unsigned char *out, unsigned long *outlen,
const unsigned char *in, unsigned long inlen, ...)
{
hmac_state *hmac;
int err;
va_list args;
const unsigned char *curptr;
unsigned long curlen;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
/* allocate ram for hmac state */
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL) {
return CRYPT_MEM;
}
if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) {
goto LBL_ERR;
}
va_start(args, inlen);
curptr = in;
curlen = inlen;
for (;;) {
/* process buf */
if ((err = hmac_process(hmac, curptr, curlen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* step to next */
curptr = va_arg(args, const unsigned char*);
if (curptr == NULL) {
break;
}
curlen = va_arg(args, unsigned long);
}
if ((err = hmac_done(hmac, out, outlen)) != CRYPT_OK) {
goto LBL_ERR;
}
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(hmac, sizeof(hmac_state));
#endif
XFREE(hmac);
va_end(args);
return err;
}
/**
HMAC a block of memory to produce the authentication tag
@param hash The index of the hash to use
@param key The secret key
@param keylen The length of the secret key (octets)
@param in The data to HMAC
@param inlen The length of the data to HMAC (octets)
@param out [out] Destination of the authentication tag
@param outlen [in/out] Max size and resulting size of authentication tag
@return CRYPT_OK if successful
*/
int hmac_memory(int hash,
const unsigned char *key, unsigned long keylen,
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
hmac_state *hmac;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
/* make sure hash descriptor is valid */
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* is there a descriptor? */
if (hash_descriptor[hash].hmac_block != NULL) {
return hash_descriptor[hash].hmac_block(key, keylen, in, inlen, out, outlen);
}
/* nope, so call the hmac functions */
/* allocate ram for hmac state */
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL) {
return CRYPT_MEM;
}
if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hmac_process(hmac, in, inlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hmac_done(hmac, out, outlen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(hmac, sizeof(hmac_state));
#endif
XFREE(hmac);
return err;
}
/**
HMAC a block of memory to produce the authentication tag
@param hash The index of the hash to use
@param key The secret key
@param keylen The length of the secret key (octets)
@param in The data to HMAC
@param inlen The length of the data to HMAC (octets)
@param out [out] Destination of the authentication tag
@param outlen [in/out] Max size and resulting size of authentication tag
@return CRYPT_OK if successful
*/
int hmac_memory(int hash,
const unsigned char *key, unsigned long keylen,
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
hmac_state *hmac;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
/* allocate ram for hmac state */
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL) {
return CRYPT_MEM;
}
if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hmac_process(hmac, in, inlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hmac_done(hmac, out, outlen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(hmac, sizeof(hmac_state));
#endif
XFREE(hmac);
return err;
}
int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
const unsigned char *salt, unsigned long salt_len,
int iteration_count, int hash_idx,
unsigned char *out, unsigned long *outlen)
{
int err, itts;
ulong32 blkno;
unsigned long stored, left, x, y;
unsigned char *buf[2];
hmac_state *hmac;
LTC_ARGCHK(password != NULL);
LTC_ARGCHK(salt != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
/* test hash IDX */
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
buf[0] = XMALLOC(MAXBLOCKSIZE * 2);
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL || buf[0] == NULL) {
if (hmac != NULL) {
XFREE(hmac);
}
if (buf[0] != NULL) {
XFREE(buf[0]);
}
return CRYPT_MEM;
}
/* buf[1] points to the second block of MAXBLOCKSIZE bytes */
buf[1] = buf[0] + MAXBLOCKSIZE;
left = *outlen;
blkno = 1;
stored = 0;
while (left != 0) {
/* process block number blkno */
zeromem(buf[0], MAXBLOCKSIZE*2);
/* store current block number and increment for next pass */
STORE32H(blkno, buf[1]);
++blkno;
/* get PRF(P, S||int(blkno)) */
if ((err = hmac_init(hmac, hash_idx, password, password_len)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hmac_process(hmac, salt, salt_len)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = hmac_process(hmac, buf[1], 4)) != CRYPT_OK) {
goto LBL_ERR;
}
x = MAXBLOCKSIZE;
if ((err = hmac_done(hmac, buf[0], &x)) != CRYPT_OK) {
goto LBL_ERR;
}
/* now compute repeated and XOR it in buf[1] */
XMEMCPY(buf[1], buf[0], x);
for (itts = 1; itts < iteration_count; ++itts) {
if ((err = hmac_memory(hash_idx, password, password_len, buf[0], x, buf[0], &x)) != CRYPT_OK) {
goto LBL_ERR;
}
for (y = 0; y < x; y++) {
buf[1][y] ^= buf[0][y];
}
}
/* now emit upto x bytes of buf[1] to output */
for (y = 0; y < x && left != 0; ++y) {
out[stored++] = buf[1][y];
--left;
}
}
*outlen = stored;
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf[0], MAXBLOCKSIZE*2);
zeromem(hmac, sizeof(hmac_state));
#endif
XFREE(hmac);
XFREE(buf[0]);
return err;
}
