void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
{
*mdlen = mbedtls_md_get_size(ctx->md_info);
mbedtls_md_finish(ctx, md);
mbedtls_md_free(ctx);
SAFE_FREE(ctx);
}
// ESP32 SHA256
void SHA256(uint8_t *dest, const uint8_t *data, size_t dataLength)
{
mbedtls_md_context_t ctx;
mbedtls_md_init(&ctx);
mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
mbedtls_md_starts(&ctx);
mbedtls_md_update(&ctx, (const unsigned char *)data, dataLength);
mbedtls_md_finish(&ctx, dest);
}
int winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output)
{
#if defined(WITH_OPENSSL)
if (EVP_DigestFinal_ex((EVP_MD_CTX*) ctx, output, NULL) != 1)
return -1;
#elif defined(WITH_MBEDTLS)
if (mbedtls_md_finish((mbedtls_md_context_t*) ctx, output) != 0)
return -1;
mbedtls_md_free((mbedtls_md_context_t*) ctx);
#endif
return 0;
}
BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t olen)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
if (EVP_DigestFinal_ex(mdctx, output, NULL) == 1)
return TRUE;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
if (mbedtls_md_finish(mdctx, output) == 0)
return TRUE;
#endif
return FALSE;
}
result_t Digest::digest(obj_ptr<Buffer_base> &retVal)
{
if (m_iAlgo < 0)
return CHECK_ERROR(CALL_E_INVALID_CALL);
std::string strBuf;
strBuf.resize(mbedtls_md_get_size(m_ctx.md_info));
if (m_bMac)
mbedtls_md_hmac_finish(&m_ctx, (unsigned char *) &strBuf[0]);
else
mbedtls_md_finish(&m_ctx, (unsigned char *) &strBuf[0]);
m_iAlgo = -1;
mbedtls_md_hmac_reset(&m_ctx);
retVal = new Buffer(strBuf);
return 0;
}
// Usage example:
// char* hash_in = "Uniform input text";
// uint8_t* hash_out = (uint8_t*) alloca(64);
// if (0 == wrapped_hash((uint8_t*) hash_in, strlen(hash_in), hash_out, 32, Hashes::MBEDTLS_MD_SHA256)) {
// printf("Hash value: ");
// for (uint8_t i = 0; i < 32; i++) printf("0x%02x ", *(hash_out + i));
// printf("\n");
// }
// else {
// printf("Failed to hash.\n");
// }
int8_t __attribute__((weak)) wrapped_hash(uint8_t* in, size_t in_len, uint8_t* out, Hashes h) {
int8_t return_value = -1;
const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type((mbedtls_md_type_t)h);
if (NULL != md_info) {
mbedtls_md_context_t ctx;
mbedtls_md_init(&ctx);
switch (mbedtls_md_setup(&ctx, md_info, 0)) {
case 0:
if (0 == mbedtls_md_starts(&ctx)) {
// Start feeding data...
if (0 == mbedtls_md_update(&ctx, in, in_len)) {
if (0 == mbedtls_md_finish(&ctx, out)) {
return_value = 0;
}
else {
Kernel::log("hash(): Failed during finish.\n");
}
}
else {
Kernel::log("hash(): Failed during digest.\n");
}
}
else {
Kernel::log("hash(): Bad input data.\n");
}
break;
case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
Kernel::log("hash(): Bad parameters.\n");
break;
case MBEDTLS_ERR_MD_ALLOC_FAILED:
Kernel::log("hash(): Allocation failure.\n");
break;
default:
break;
}
mbedtls_md_free(&ctx);
}
return return_value;
}
/**
* Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
*
* \param dst buffer to mask
* \param dlen length of destination buffer
* \param src source of the mask generation
* \param slen length of the source buffer
* \param md_ctx message digest context to use
*/
static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
size_t slen, mbedtls_md_context_t *md_ctx )
{
unsigned char mask[MBEDTLS_MD_MAX_SIZE];
unsigned char counter[4];
unsigned char *p;
unsigned int hlen;
size_t i, use_len;
memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
memset( counter, 0, 4 );
hlen = mbedtls_md_get_size( md_ctx->md_info );
// Generate and apply dbMask
//
p = dst;
while( dlen > 0 )
{
use_len = hlen;
if( dlen < hlen )
use_len = dlen;
mbedtls_md_starts( md_ctx );
mbedtls_md_update( md_ctx, src, slen );
mbedtls_md_update( md_ctx, counter, 4 );
mbedtls_md_finish( md_ctx, mask );
for( i = 0; i < use_len; ++i )
*p++ ^= mask[i];
counter[3]++;
dlen -= use_len;
}
}
int bytes_to_key(const cipher_kt_t *cipher, const digest_type_t *md,
const uint8_t *pass, uint8_t *key, uint8_t *iv)
{
size_t datal;
datal = strlen((const char *)pass);
#if defined(USE_CRYPTO_OPENSSL)
return EVP_BytesToKey(cipher, md, NULL, pass, datal, 1, key, iv);
#elif defined(USE_CRYPTO_POLARSSL)
md_context_t c;
unsigned char md_buf[MAX_MD_SIZE];
int niv;
int nkey;
int addmd;
unsigned int mds;
unsigned int i;
int rv;
nkey = cipher_key_size(cipher);
niv = cipher_iv_size(cipher);
rv = nkey;
if (pass == NULL) {
return nkey;
}
memset(&c, 0, sizeof(md_context_t));
if (md_init_ctx(&c, md)) {
return 0;
}
addmd = 0;
mds = md_get_size(md);
for (;;) {
int error;
do {
error = 1;
if (md_starts(&c)) {
break;
}
if (addmd) {
if (md_update(&c, &(md_buf[0]), mds)) {
break;
}
} else {
addmd = 1;
}
if (md_update(&c, pass, datal)) {
break;
}
if (md_finish(&c, &(md_buf[0]))) {
break;
}
error = 0;
} while (0);
if (error) {
md_free_ctx(&c);
memset(md_buf, 0, MAX_MD_SIZE);
return 0;
}
i = 0;
if (nkey) {
for (;;) {
if (nkey == 0) {
break;
}
if (i == mds) {
break;
}
if (key != NULL) {
*(key++) = md_buf[i];
}
nkey--;
i++;
}
}
if (niv && (i != mds)) {
for (;;) {
if (niv == 0) {
break;
}
if (i == mds) {
break;
}
if (iv != NULL) {
*(iv++) = md_buf[i];
}
niv--;
i++;
}
}
if ((nkey == 0) && (niv == 0)) {
break;
}
}
md_free_ctx(&c);
memset(md_buf, 0, MAX_MD_SIZE);
return rv;
#elif defined(USE_CRYPTO_MBEDTLS)
/*
*
* Generic message digest context.
*
* typedef struct {
* Information about the associated message digest
* const mbedtls_md_info_t *md_info;
*
* Digest-specific context
* void *md_ctx;
*
* HMAC part of the context
* void *hmac_ctx;
* } mbedtls_md_context_t; // mbedtls 2.0.0
*
* typedef struct {
* Information about the associated message digest
* const md_info_t *md_info;
*
* Digest-specific context
* void *md_ctx;
* } md_context_t; //polarssl 1.3
*
*/
// NOTE: different struct body, initialize new param hmac 0 to disable HMAC
mbedtls_md_context_t c;
unsigned char md_buf[MAX_MD_SIZE];
int niv;
int nkey;
int addmd;
unsigned int mds;
unsigned int i;
int rv;
nkey = cipher_key_size(cipher);
niv = cipher_iv_size(cipher);
rv = nkey;
if (pass == NULL) {
return nkey;
}
memset(&c, 0, sizeof(mbedtls_md_context_t));
// XXX: md_init_ctx superseded by mbedtls_md_setup() in 2.0.0
// new param hmac 0 to save some memory if HMAC will not be used,
// non-zero is HMAC is going to be used with this context.
if (mbedtls_md_setup(&c, md, 1)) {
return 0;
}
addmd = 0;
mds = mbedtls_md_get_size(md);
for (;;) {
int error;
do {
error = 1;
if (mbedtls_md_starts(&c)) {
break;
}
if (addmd) {
if (mbedtls_md_update(&c, &(md_buf[0]), mds)) {
break;
}
} else {
addmd = 1;
}
if (mbedtls_md_update(&c, pass, datal)) {
break;
}
if (mbedtls_md_finish(&c, &(md_buf[0]))) {
break;
}
error = 0;
} while (0);
if (error) {
mbedtls_md_free(&c); // md_free_ctx deprecated, Use mbedtls_md_free() instead
memset(md_buf, 0, MAX_MD_SIZE);
return 0;
}
i = 0;
if (nkey) {
for (;;) {
if (nkey == 0) {
break;
}
if (i == mds) {
break;
}
if (key != NULL) {
*(key++) = md_buf[i];
}
nkey--;
i++;
}
}
if (niv && (i != mds)) {
for (;;) {
if (niv == 0) {
break;
}
if (i == mds) {
break;
}
if (iv != NULL) {
*(iv++) = md_buf[i];
}
niv--;
i++;
}
}
if ((nkey == 0) && (niv == 0)) {
break;
}
}
mbedtls_md_free(&c); // NOTE: md_free_ctx deprecated, Use mbedtls_md_free() instead
memset(md_buf, 0, MAX_MD_SIZE);
return rv;
#endif
}
int example(void)
{
printf( "\r\n\r\n" );
/*
* Method 1: use all-in-one function of a specific SHA-xxx module
*/
unsigned char output1[32]; /* SHA-256 outputs 32 bytes */
/* 0 here means use the full SHA-256, not the SHA-224 variant */
mbedtls_sha256(hello_buffer, hello_len, output1, 0);
print_hex("Method 1", output1, sizeof output1);
/*
* Method 2: use the streaming interface of a specific SHA-xxx module
* This is useful if we get our input piecewise.
*/
unsigned char output2[32];
mbedtls_sha256_context ctx2;
mbedtls_sha256_init(&ctx2);
mbedtls_sha256_starts(&ctx2, 0); /* SHA-256, not 224 */
/* Simulating multiple fragments */
mbedtls_sha256_update(&ctx2, hello_buffer, 1);
mbedtls_sha256_update(&ctx2, hello_buffer + 1, 1);
mbedtls_sha256_update(&ctx2, hello_buffer + 2, hello_len - 2);
mbedtls_sha256_finish(&ctx2, output2);
print_hex("Method 2", output2, sizeof output2);
/* Or you could re-use the context by doing mbedtls_sha256_starts() again */
mbedtls_sha256_free(&ctx2);
/*
* Method 3: use all-in-one function of the generice interface
*/
unsigned char output3[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
/* Can easily pick any hash you want, by identifier */
const mbedtls_md_info_t *md_info3 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info3 == NULL)
{
printf("SHA256 not available\r\n");
return 1;
}
int ret3 = mbedtls_md(md_info3, hello_buffer, hello_len, output3);
if (ret3 != 0)
{
printf("md() returned -0x%04X\r\n", -ret3);
return 1;
}
print_hex("Method 3", output3, mbedtls_md_get_size(md_info3));
/*
* Method 4: streaming & generic interface
*/
unsigned char output4[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
const mbedtls_md_info_t *md_info4 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
if (md_info4 == NULL)
{
printf("SHA256 not available\r\n");
return 1;
}
mbedtls_md_context_t ctx4;
mbedtls_md_init(&ctx4);
int ret4 = mbedtls_md_init_ctx(&ctx4, md_info4);
if (ret4 != 0)
{
printf("md_init_ctx() returned -0x%04X\r\n", -ret4);
return 1;
}
mbedtls_md_starts(&ctx4);
/* Simulating multiple fragments */
mbedtls_md_update(&ctx4, hello_buffer, 1);
mbedtls_md_update(&ctx4, hello_buffer + 1, 1);
mbedtls_md_update(&ctx4, hello_buffer + 2, hello_len - 2);
mbedtls_md_finish(&ctx4, output4);
print_hex("Method 4", output4, mbedtls_md_get_size(md_info4));
/* Or you could re-use the context by doing mbedtls_md_starts() again */
mbedtls_md_free(&ctx4);
printf("\r\nDONE\r\n");
return 0;
}
void
md_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
{
ASSERT(0 == mbedtls_md_finish(ctx, dst));
mbedtls_md_free(ctx);
}
void sha1_final(unsigned char *md, SHACTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
{
mbedtls_md_finish(&ctx->ctx, md);
mbedtls_md_free(&ctx->ctx);
SAFE_FREE(ctx);
}
void md5_final(unsigned char *md, MD5CTX c)
{
mbedtls_md_finish(c, md);
mbedtls_md_free(c);
SAFE_FREE(c);
}
