virtual void init() {
if (key.size() > 0) {
CCHmacInit(&ctx, kCCHmacAlgSHA1, key.data(), key.size());
} else {
// CommonCrypto will segfault later on if a null key is passed, even if
// key length is 0.
CCHmacInit(&ctx, kCCHmacAlgSHA1, &ctx, 0);
}
}
/* called out from CSPFullPluginSession....
* both generate and verify */
void MacContext::init(const Context &context, bool isSigning)
{
CCHmacAlgorithm ccAlg;
/* obtain key from context */
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
symmetricKeyBits(context, session(), mAlg,
isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
keyData, keyLen);
uint32 minKey = 0;
switch(mAlg) {
case CSSM_ALGID_SHA1HMAC:
minKey = HMAC_SHA_MIN_KEY_SIZE;
mDigestSize = CC_SHA1_DIGEST_LENGTH;
ccAlg = kCCHmacAlgSHA1;
break;
case CSSM_ALGID_MD5HMAC:
minKey = HMAC_MD5_MIN_KEY_SIZE;
mDigestSize = CC_MD5_DIGEST_LENGTH;
ccAlg = kCCHmacAlgMD5;
break;
default:
assert(0); // factory should not have called us
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
CCHmacInit(&hmacCtx, ccAlg, keyData, keyLen);
}
static
void
hmac_sha1(const uint8_t *key, size_t key_len, const uint8_t *text, size_t text_len,
uint8_t digest[CC_SHA1_DIGEST_LENGTH])
{
CCHmacContext hmac_sha1_context;
CCHmacInit(&hmac_sha1_context, kCCHmacAlgSHA1, key, key_len);
CCHmacUpdate(&hmac_sha1_context, text, text_len);
CCHmacFinal(&hmac_sha1_context, digest);
}
extern "C" int AppleCryptoNative_HmacInit(HmacCtx* ctx, uint8_t* pbKey, int32_t cbKey)
{
if (ctx == nullptr || cbKey < 0)
return 0;
if (cbKey != 0 && pbKey == nullptr)
return 0;
// No return value
CCHmacInit(&ctx->hmac, ctx->appleAlgId, pbKey, static_cast<size_t>(cbKey));
return 1;
}
/*
* Stateless, one-shot HMAC function.
* Output is written to caller-spullied buffer, as in CCHmacFinal().
*/
void CCHmac(
CCHmacAlgorithm algorithm, /* kCCHmacSHA1, kCCHmacMD5 */
const void *key,
size_t keyLength, /* length of key in bytes */
const void *data,
size_t dataLength, /* length of data in bytes */
void *macOut) /* MAC written here */
{
CCHmacContext ctx;
CCHmacInit(&ctx, algorithm, key, keyLength);
CCHmacUpdate(&ctx, data, dataLength);
CCHmacFinal(&ctx, macOut);
}
/* Create an HMAC session */
static OSStatus HMAC_Alloc(
const struct HMACReference *hmac,
SSLContext *ctx,
const void *keyPtr,
unsigned keyLen,
HMACContextRef *hmacCtxOut) // RETURNED
{
CCHmacAlgorithm ccAlg;
HMACContextRef hmacCtx = (HMACContextRef)sslMalloc(sizeof(struct HMACContext));
if(hmacCtx == NULL) {
return memFullErr;
}
hmacCtx->ctx = ctx;
hmacCtx->hmac = hmac;
switch(hmac->alg) {
case HA_SHA384:
ccAlg = kCCHmacAlgSHA384;
hmacCtx->macSize = CC_SHA384_DIGEST_LENGTH;
break;
case HA_SHA256:
ccAlg = kCCHmacAlgSHA256;
hmacCtx->macSize = CC_SHA256_DIGEST_LENGTH;
break;
case HA_SHA1:
ccAlg = kCCHmacAlgSHA1;
hmacCtx->macSize = CC_SHA1_DIGEST_LENGTH;
break;
case HA_MD5:
ccAlg = kCCHmacAlgMD5;
hmacCtx->macSize = CC_MD5_DIGEST_LENGTH;
break;
default:
ASSERT(0);
return errSSLInternal;
}
/* create the template from which individual record MAC-ers are cloned */
CCHmacInit(&hmacCtx->ccHmacTemplate, ccAlg, keyPtr, keyLen);
*hmacCtxOut = hmacCtx;
return noErr;
}
void Hmac::Initialize()
{
// initialize
const UInt8* data = NULL;
size_t dataLength = 0;
CFDataRef key = (CFDataRef) mParentTransform->GetAttribute(kSecDigestHMACKeyAttribute);
if (key)
{
data = CFDataGetBytePtr(key);
dataLength = CFDataGetLength(key);
}
CCHmacInit(&mHMACContext, mAlg, data, dataLength);
// make room to hold the result
mDigestBuffer = (UInt8*) malloc(mDigestLength);
mInitialized = true;
}
int32_t mz_crypt_hmac_init(void *handle, const void *key, int32_t key_length)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
CCHmacAlgorithm algorithm = 0;
if (hmac == NULL || key == NULL)
return MZ_PARAM_ERROR;
mz_crypt_hmac_reset(handle);
if (hmac->algorithm == MZ_HASH_SHA1)
algorithm = kCCHmacAlgSHA1;
else if (hmac->algorithm == MZ_HASH_SHA256)
algorithm = kCCHmacAlgSHA256;
else
return MZ_PARAM_ERROR;
CCHmacInit(&hmac->ctx, algorithm, key, key_length);
return MZ_OK;
}
static void
lib_hmac_init(mrb_state *mrb, struct mrb_hmac *hmac, int type, const unsigned char *key, mrb_int keylen)
{
CCHmacAlgorithm algorithm;
#if MRB_INT_MAX > SIZE_MAX
if (len > SIZE_MAX) {
mrb_raise(mrb, E_ARGUMENT_ERROR, "too long key");
}
#endif
switch (type) {
case MD_TYPE_MD5: algorithm = kCCHmacAlgMD5; break;
case MD_TYPE_SHA1: algorithm = kCCHmacAlgSHA1; break;
case MD_TYPE_SHA256: algorithm = kCCHmacAlgSHA256; break;
case MD_TYPE_SHA384: algorithm = kCCHmacAlgSHA384; break;
case MD_TYPE_SHA512: algorithm = kCCHmacAlgSHA512; break;
default:
mrb_raisef(mrb, E_RUNTIME_ERROR, "mruby-digest: internal error: unexpected HMAC type: %S", mrb_fixnum_value(type));
algorithm = 0;
break;
}
hmac->type = type;
CCHmacInit(&hmac->ctx, algorithm, key, keylen);
}
static int
__hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len)
{
CCHmacInit(ctx, kCCHmacAlgSHA1, key, key_len);
return 0;
}
Crypto::MAC Crypto::MACOpen(MACAlgo algo, const StringPiece &k) {
auto m = new CCMAC();
CCHmacInit(&m->ctx, (m->algo = size_t(algo.get())), k.data(), k.size());
return m;
}
int
decryptInit(int (*writerFunc)(void *, size_t), void *h)
{
CCCryptorStatus status;
int rv;
writer = writerFunc;
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
strm.avail_in = 0;
strm.next_in = Z_NULL;
rv = inflateInit(&strm);
if (rv != Z_OK) {
printf("zlib init error\n");
return(-1);
}
getPassword();
memcpy(&header, h, sizeof(header));
if (isZero(encKey, kCCKeySizeAES256) ||
memcmp(header.keySalt, redsideSalts.keySalt, header.keySaltLen)) {
redsideSalts.keySaltLen = header.keySaltLen;
memcpy(redsideSalts.keySalt, header.keySalt, sizeof(header.keySalt));
/* AES KEY DERIVATION */
rv = CCKeyDerivationPBKDF(kCCPBKDF2,
password, strlen(password),
header.keySalt, header.keySaltLen,
kCCPRFHmacAlgSHA512,
kIterations,
encKey, kCCKeySizeAES256);
if (rv < 0) {
printf("Key derivation: error: %d\n", rv);
exit(1);
}
}
if (isZero(hmacKey, kCCKeySizeAES256) ||
memcmp(header.hmacSalt, redsideSalts.hmacSalt, sizeof(header.hmacSalt))) {
redsideSalts.hmacSaltLen = header.hmacSaltLen;
memcpy(redsideSalts.hmacSalt, header.hmacSalt, header.hmacSaltLen);
/* HMAC KEY DERIVATION */
rv = CCKeyDerivationPBKDF(kCCPBKDF2,
password, strlen(password),
header.hmacSalt, header.hmacSaltLen,
kCCPRFHmacAlgSHA512,
kIterations,
hmacKey, kCCKeySizeAES256);
if (rv < 0) {
printf("HMAC Key derivation: error: %d\n", rv);
exit(1);
}
}
CCHmacInit(&hmacContext, kCCHmacAlgSHA512, hmacKey, kCCKeySizeAES256);
CCHmacInit(&hmacContextPlain, kCCHmacAlgSHA512, hmacKey, kCCKeySizeAES256);
status = CCCryptorCreate(kCCDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
encKey, kCCKeySizeAES256,
header.iv,
&cryptorRef);
if (status != kCCSuccess) {
printf("cryptor init error\n");
return(-1);
}
return(0);
}
int
encryptInit(int (*writerFunc)(void *, size_t),
int (*seekerFunc)(size_t))
{
CCCryptorStatus status;
int rv;
writer = writerFunc;
seeker = seekerFunc;
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
rv = deflateInit(&strm, Z_DEFAULT_COMPRESSION);
if (rv != Z_OK) {
printf("zlib init error\n");
return(-1);
}
getPassword();
if (isZero(encKey, kCCKeySizeAES256) || isZero(hmacKey, kCCKeySizeAES256)) {
header.keySaltLen = redsideSalts.keySaltLen;
memcpy(header.keySalt, redsideSalts.keySalt, header.keySaltLen);
/* AES KEY DERIVATION */
rv = CCKeyDerivationPBKDF(kCCPBKDF2,
password, strlen(password),
header.keySalt, header.keySaltLen,
kCCPRFHmacAlgSHA512,
kIterations,
encKey, kCCKeySizeAES256);
if (rv < 0) {
printf("Key derivation: error: %d\n", rv);
exit(1);
}
header.hmacSaltLen = redsideSalts.hmacSaltLen;
memcpy(header.hmacSalt, redsideSalts.hmacSalt, header.hmacSaltLen);
/* HMAC KEY DERIVATION */
rv = CCKeyDerivationPBKDF(kCCPBKDF2,
password, strlen(password),
header.hmacSalt, header.hmacSaltLen,
kCCPRFHmacAlgSHA512,
kIterations,
hmacKey, kCCKeySizeAES256);
if (rv < 0) {
printf("HMAC Key derivation: error: %d\n", rv);
exit(1);
}
}
if (isZero(header.iv, sizeof(header.iv)))
getSalt(header.iv, sizeof(header.iv));
CCHmacInit(&hmacContext, kCCHmacAlgSHA512, hmacKey, kCCKeySizeAES256);
CCHmacInit(&hmacContextPlain, kCCHmacAlgSHA512, hmacKey, kCCKeySizeAES256);
status = CCCryptorCreate(kCCEncrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
encKey, kCCKeySizeAES256,
header.iv,
&cryptorRef);
if (status != kCCSuccess) {
printf("cryptor init error\n");
return(-1);
}
seeker(sizeof(header));
return(0);
}
static int doHMacCloneTest(const uint8_t *ptext,
size_t ptextLen,
CCHmacAlgorithm hmacAlg,
uint32_t keySizeInBytes,
bool stagedOrig,
bool stagedClone,
bool quiet,
bool verbose)
{
uint8_t *keyBytes;
uint8_t hmacOrig[MAX_HMAC_SIZE];
uint8_t hmacClone[MAX_HMAC_SIZE];
int rtn = 1;
CCHmacContext ctxOrig;
CCHmacContext ctxClone;
unsigned die; /* 0..3 indicates when to clone */
unsigned loopNum = 0;
size_t hmacLen;
bool didClone = false;
switch(hmacAlg) {
case kCCHmacAlgSHA1:
if(verbose) diag("hmac-sha1\n");
hmacLen = CC_SHA1_DIGEST_LENGTH;
break;
case kCCHmacAlgMD5:
if(verbose) diag("hmac-md5\n");
hmacLen = CC_MD5_DIGEST_LENGTH;
break;
case kCCHmacAlgSHA224:
if(verbose) diag("hmac-sha224\n");
hmacLen = CC_SHA224_DIGEST_LENGTH;
break;
case kCCHmacAlgSHA256:
if(verbose) diag("hmac-sha256\n");
hmacLen = CC_SHA256_DIGEST_LENGTH;
break;
case kCCHmacAlgSHA384:
if(verbose) diag("hmac-sha384\n");
hmacLen = CC_SHA384_DIGEST_LENGTH;
break;
case kCCHmacAlgSHA512:
if(verbose) diag("hmac-sha512\n");
hmacLen = CC_SHA512_DIGEST_LENGTH;
break;
default:
if(verbose) diag("***BRRRZAP!\n");
return 0;
}
/* random key */
byteBuffer keyBuffer = genRandomByteBuffer(keySizeInBytes, keySizeInBytes);
keyBytes = keyBuffer->bytes;
/* cook up first context */
CCHmacInit(&ctxOrig, hmacAlg, keyBytes, keySizeInBytes);
/* roll the dice */
die = (unsigned) genRandomSize(0, 3);
/*
* In this loop we do updates to the ctxOrig up until we
* clone it, then we use hmacRun to finish both of them.
*/
while(ptextLen) {
if((die == loopNum) || !stagedOrig) {
/* make the clone now */
if(verbose) {
diag(" ...cloning at loop %u\n", loopNum);
}
ctxClone = ctxOrig;
didClone = true;
if(memcmp(&ctxClone, &ctxOrig, CC_HMAC_CONTEXT_SIZE * sizeof(uint32_t))) {
if(verbose) diag("*** context miscompare\n");
} else {
if(verbose) diag("*** context clone worked\n");
}
/* do all of the clone's updates and final here */
hmacRun(&ctxClone, stagedClone, ptext, ptextLen, hmacClone);
/* now do all remaining updates and final for original */
hmacRun(&ctxOrig, stagedOrig, ptext, ptextLen, hmacOrig);
/* we're all done, time to check the HMAC values */
break;
} /* making clone */
/* feed some data into cryptorOrig */
size_t thisMove;
if(stagedOrig) {
thisMove = genRandomSize(1, ptextLen);
}
else {
thisMove = ptextLen;
}
logSize(("###ptext segment (2) len %lu\n", (unsigned long)thisMove));
CCHmacUpdate(&ctxOrig, ptext, thisMove);
ptext += thisMove;
ptextLen -= thisMove;
loopNum++;
}
/*
* It's possible to get here without cloning or doing any finals,
* if we ran thru multiple updates and finished ptextLen for cryptorOrig
* before we hit the cloning spot.
*/
if(!didClone) {
if(verbose) {
diag("...ctxOrig finished before we cloned; skipping test\n");
}
return 1;
}
if(memcmp(hmacOrig, hmacClone, hmacLen)) {
diag("***data miscompare\n");
rtn = 0;
} else {
if(verbose) diag("*** clone worked\n");
rtn = 1;
}
if(keyBuffer) free(keyBuffer);
return rtn;
}