static value dgst_sign(value data, value key, value alg){
const mbedtls_md_info_t *md;
int r = -1;
size_t olen = 0;
value out;
unsigned char *buf;
unsigned char hash[32];
val_check(data, string);
val_check_kind(key, k_pkey);
val_check(alg, string);
md = mbedtls_md_info_from_string(val_string(alg));
if( md == NULL ){
val_throw(alloc_string("Invalid hash algorithm"));
return val_null;
}
if( (r = mbedtls_md( md, (const unsigned char *)val_string(data), val_strlen(data), hash )) != 0 )
return ssl_error(r);
out = alloc_empty_string(MBEDTLS_MPI_MAX_SIZE);
buf = (unsigned char *)val_string(out);
if( (r = mbedtls_pk_sign( val_pkey(key), mbedtls_md_get_type(md), hash, 0, buf, &olen, mbedtls_ctr_drbg_random, &ctr_drbg )) != 0 )
return ssl_error(r);
buf[olen] = 0;
val_set_size(out, olen);
return out;
}
static void
aead_cipher_ctx_set_key(cipher_ctx_t *cipher_ctx, int enc)
{
const digest_type_t *md = mbedtls_md_info_from_string("SHA1");
if (md == NULL) {
FATAL("SHA1 Digest not found in crypto library");
}
int err = crypto_hkdf(md,
cipher_ctx->salt, cipher_ctx->cipher->key_len,
cipher_ctx->cipher->key, cipher_ctx->cipher->key_len,
(uint8_t *)SUBKEY_INFO, strlen(SUBKEY_INFO),
cipher_ctx->skey, cipher_ctx->cipher->key_len);
if (err) {
FATAL("Unable to generate subkey");
}
memset(cipher_ctx->nonce, 0, cipher_ctx->cipher->nonce_len);
/* cipher that don't use mbed TLS, just return */
if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) {
return;
}
if (mbedtls_cipher_setkey(cipher_ctx->evp, cipher_ctx->skey,
cipher_ctx->cipher->key_len * 8, enc) != 0) {
FATAL("Cannot set mbed TLS cipher key");
}
if (mbedtls_cipher_reset(cipher_ctx->evp) != 0) {
FATAL("Cannot finish preparation of mbed TLS cipher context");
}
}
Hash(std::string hashstr)
{
std::transform(hashstr.begin(), hashstr.end(), hashstr.begin(), ::toupper);
md = mbedtls_md_info_from_string(hashstr.c_str());
if (!md)
throw Exception("Unknown hash: " + hashstr);
buf.resize(mbedtls_md_get_size(md));
}
const digest_type_t *get_digest_type(const char *digest)
{
if (digest == NULL) {
LOGE("get_digest_type(): Digest name is null");
return NULL;
}
#if defined(USE_CRYPTO_OPENSSL)
return EVP_get_digestbyname(digest);
#elif defined(USE_CRYPTO_POLARSSL)
return md_info_from_string(digest);
#elif defined(USE_CRYPTO_MBEDTLS)
return mbedtls_md_info_from_string(digest);
#endif
}
bool HMAC_Validate(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
mbedtls_md_context_t contx;
const char* md_name;
const struct mbedtls_md_info_t * info;
byte * rgbOut = NULL;
unsigned int cbOut;
bool f = false;
unsigned int i;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
switch (HSize) {
case 256: md_name = "SHA256"; break;
case 384: md_name = "SHA384"; break;
case 512: md_name = "SHA512"; break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
mbedtls_md_init(&contx);
info = mbedtls_md_info_from_string (md_name);
mbedtls_md_setup( &contx, info, 1 );
cbOut = mbedtls_md_get_size(info);
rgbOut = COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!(mbedtls_md_hmac_starts (&contx, (char*)pbKey, cbKey)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_update (&contx, pbAuthData, cbAuthData)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_finish (&contx, rgbOut)), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
if (cn->length > (int) cbOut) return false;
for (i = 0; i < (unsigned int) TSize/8; i++) f |= (cn->v.bytes[i] != rgbOut[i]);
mbedtls_md_free(&contx);
return !f;
errorReturn:
COSE_FREE(rgbOut, context);
mbedtls_md_free(&contx);
return false;
}
static value dgst_make(value data, value alg){
const mbedtls_md_info_t *md;
int r = -1;
value out;
val_check(data, string);
val_check(alg, string);
md = mbedtls_md_info_from_string(val_string(alg));
if( md == NULL ){
val_throw(alloc_string("Invalid hash algorithm"));
return val_null;
}
out = alloc_empty_string( mbedtls_md_get_size(md) );
if( (r = mbedtls_md( md, (const unsigned char *)val_string(data), val_strlen(data), (unsigned char *)val_string(out) )) != 0 )
return ssl_error(r);
return out;
}
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
byte * rgbOut = NULL;
// unsigned int cbOut;
mbedtls_md_context_t contx;
const char* md_name;
const struct mbedtls_md_info_t * info;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
switch (HSize) {
case 256: md_name = "SHA256"; break;
case 384: md_name = "SHA384"; break;
case 512: md_name = "SHA512"; break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
if (0) {
errorReturn:
COSE_FREE(rgbOut, context);
mbedtls_md_free(&contx);
return false;
}
mbedtls_md_init(&contx);
info = mbedtls_md_info_from_string (md_name);
mbedtls_md_setup( &contx, info, 1 );
rgbOut = COSE_CALLOC(mbedtls_md_get_size(info), 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!(mbedtls_md_hmac_starts (&contx, (char*)pbKey, cbKey)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_update (&contx, pbAuthData, cbAuthData)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_finish (&contx, rgbOut)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
mbedtls_md_free(&contx);
return true;
}
const mbedtls_md_info_t *
md_kt_get(const char *digest)
{
const mbedtls_md_info_t *md = NULL;
ASSERT(digest);
md = mbedtls_md_info_from_string(digest);
if (!md)
{
msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
}
if (mbedtls_md_get_size(md) > MAX_HMAC_KEY_LENGTH)
{
msg(M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)",
digest,
mbedtls_md_get_size(md),
MAX_HMAC_KEY_LENGTH);
}
return md;
}
static value dgst_verify( value data, value sign, value key, value alg ){
const mbedtls_md_info_t *md;
int r = -1;
unsigned char hash[32];
val_check(data, string);
val_check(sign, string);
val_check_kind(key, k_pkey);
val_check(alg, string);
md = mbedtls_md_info_from_string(val_string(alg));
if( md == NULL ){
val_throw(alloc_string("Invalid hash algorithm"));
return val_null;
}
if( (r = mbedtls_md( md, (const unsigned char *)val_string(data), val_strlen(data), hash )) != 0 )
return ssl_error(r);
if( (r = mbedtls_pk_verify( val_pkey(key), mbedtls_md_get_type(md), hash, 0, (unsigned char *)val_string(sign), val_strlen(sign) )) != 0 )
return val_false;
return val_true;
}
