static int _InitHmac(Hmac* hmac, int type, void* heap) { int ret = 0; switch (type) { #ifndef NO_MD5 case MD5: ret = wc_InitMd5(&hmac->hash.md5); break; #endif /* !NO_MD5 */ #ifndef NO_SHA case SHA: ret = wc_InitSha(&hmac->hash.sha); break; #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 case SHA224: ret = wc_InitSha224(&hmac->hash.sha224); break; #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 case SHA256: ret = wc_InitSha256(&hmac->hash.sha256); break; #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA384 case SHA384: ret = wc_InitSha384(&hmac->hash.sha384); break; #endif /* WOLFSSL_SHA384 */ case SHA512: ret = wc_InitSha512(&hmac->hash.sha512); break; #endif /* WOLFSSL_SHA512 */ #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); break; #endif /* HAVE_BLAKE2 */ default: ret = BAD_FUNC_ARG; break; } /* default to NULL heap hint or test value */ #ifdef WOLFSSL_HEAP_TEST hmac->heap = (void)WOLFSSL_HEAP_TEST; #else hmac->heap = heap; #endif /* WOLFSSL_HEAP_TEST */ return ret; }
int wc_Sha256Hash(const byte* data, word32 len, byte* hash) { int ret = 0; #ifdef WOLFSSL_SMALL_STACK Sha256* sha256; #else Sha256 sha256[1]; #endif #ifdef WOLFSSL_SMALL_STACK sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sha256 == NULL) return MEMORY_E; #endif if ((ret = wc_InitSha256(sha256)) != 0) { WOLFSSL_MSG("InitSha256 failed"); } else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) { WOLFSSL_MSG("Sha256Update failed"); } else if ((ret = wc_Sha256Final(sha256, hash)) != 0) { WOLFSSL_MSG("Sha256Final failed"); } #ifdef WOLFSSL_SMALL_STACK XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; }
int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type) { int ret = HASH_TYPE_E; /* Default to hash type error */ if (hash == NULL) return BAD_FUNC_ARG; switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 wc_InitMd5(&hash->md5); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_InitSha(&hash->sha); if (ret != 0) return ret; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_InitSha224(&hash->sha224); if (ret != 0) return ret; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_InitSha256(&hash->sha256); if (ret != 0) return ret; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_InitSha384(&hash->sha384); if (ret != 0) return ret; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 ret = wc_InitSha512(&hash->sha512); if (ret != 0) return ret; #endif break; /* not supported */ case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_NONE: default: return BAD_FUNC_ARG; }; return 0; }
/* Sets up the generator, loading the seed from persistent storage if possible*/ int pico_rand_init(void) { int i = 0; pico_rand_generator.key = PICO_ZALLOC(sizeof(uint8_t) * PICO_RAND_ENCRYPT_KEY_SIZE); pico_rand_generator.pool = PICO_ZALLOC(sizeof(Sha256) * PICO_RAND_POOL_COUNT); /* n pools of strings; in practice, hashes iteratively updated */ pico_rand_generator.counter = PICO_ZALLOC(sizeof(struct pico_rand_counter_fortuna)); pico_rand_generator.aes = PICO_ZALLOC(sizeof(Aes)); pico_rand_generator.sha = PICO_ZALLOC(sizeof(Sha256)); if (NULL == pico_rand_generator.key || NULL == pico_rand_generator.pool || NULL == pico_rand_generator.aes || NULL == pico_rand_generator.sha) { return -1; /* Failed to allocate memory! */ } /* Set counter to 0 (also indicates unseeded state) */ pico_rand_init_counter (pico_rand_generator.counter); for (i = 0; i < PICO_RAND_POOL_COUNT; i++) { wc_InitSha256(&(pico_rand_generator.pool[i])); /* TODO right? What does this look like in assembly? */ } #ifdef PICO_RAND_SEED_PERSISTENT pico_rand_seed_load(); /* Set up timer for saving seed */ #endif /* PICO_RAND_SEED_PERSISTENT */ return 0; }
/* Sets up the generator */ int fortuna_init(void) { int i = 0; fortuna_generator.key = kalloc(sizeof(uint8_t) * FORTUNA_ENCRYPT_KEY_SIZE); fortuna_generator.pool = kalloc(sizeof(Sha256) * FORTUNA_POOL_COUNT); /* n pools of strings; in practice, hashes iteratively updated */ fortuna_generator.counter = kalloc(sizeof(struct fortuna_counter)); fortuna_generator.aes = kalloc(sizeof(Aes)); fortuna_generator.sha = kalloc(sizeof(Sha256)); if (NULL == fortuna_generator.key || NULL == fortuna_generator.pool || NULL == fortuna_generator.aes || NULL == fortuna_generator.sha) { return -1; /* Failed to allocate memory! */ } /* Set counter to 0 (also indicates unseeded state) */ fortuna_init_counter(fortuna_generator.counter); for (i = 0; i < FORTUNA_POOL_COUNT; i++) { wc_InitSha256(&(fortuna_generator.pool[i])); /* TODO right? What does this look like in assembly? */ } return 0; }
/* Re-seed the generator. Called when enough data has been used from the current 'run' */ static int pico_rand_reseed(uint8_t* seed, uint8_t seed_size) { uint8_t* sha_input = NULL; sha_input = (uint8_t*) PICO_ZALLOC (seed_size + PICO_RAND_ENCRYPT_KEY_SIZE); /* Seed size + 256b of current SHA hash key */ if (NULL == sha_input) { /* Failed to alloc, don't increment counter */ return 0; } else { memcpy (sha_input, pico_rand_generator.key, PICO_RAND_ENCRYPT_KEY_SIZE); /* Current key */ memcpy (sha_input + PICO_RAND_ENCRYPT_KEY_SIZE, seed, seed_size); /* New seed */ } wc_InitSha256(pico_rand_generator.sha); wc_Sha256Update(pico_rand_generator.sha, sha_input, seed_size + 32); wc_Sha256Final(pico_rand_generator.sha, pico_rand_generator.key); pico_rand_increment_counter(pico_rand_generator.counter); PICO_FREE (sha_input); return 1; }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) { byte data[DRBG_SEED_LEN]; int i; int len; word32 checkBlock; Sha256 sha; byte digest[SHA256_DIGEST_SIZE]; /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for * the continuous test. */ if (outSz == 0) outSz = 1; len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { if (wc_InitSha256(&sha) != 0 || wc_Sha256Update(&sha, data, sizeof(data)) != 0 || wc_Sha256Final(&sha, digest) != 0) { return DRBG_FAILURE; } XMEMCPY(&checkBlock, digest, sizeof(word32)); if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) { if (drbg->matchCount == 1) { return DRBG_CONT_FAILURE; } else { if (i == len) { len++; } drbg->matchCount = 1; } } else { drbg->matchCount = 0; drbg->lastBlock = checkBlock; } if (out != NULL) { if (outSz >= OUTPUT_BLOCK_LEN) { XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); outSz -= OUTPUT_BLOCK_LEN; out += OUTPUT_BLOCK_LEN; array_add_one(data, DRBG_SEED_LEN); } else if (out != NULL && outSz != 0) { XMEMCPY(out, digest, outSz); outSz = 0; } } } ForceZero(data, sizeof(data)); return DRBG_SUCCESS; }
int wc_Sha256Final(Sha256* sha256, byte* hash) { byte* local = (byte*)sha256->buffer; int ret; AddLength(sha256, sha256->buffLen); /* before adding pads */ local[sha256->buffLen++] = 0x80; /* add 1 */ /* pad with zeros */ if (sha256->buffLen > SHA256_PAD_SIZE) { XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen); sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen; #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE); #endif ret = XTRANSFORM(sha256, local); if (ret != 0) return ret; sha256->buffLen = 0; } XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen); /* put lengths in bits */ sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) + (sha256->hiLen << 3); sha256->loLen = sha256->loLen << 3; /* store lengths */ #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE); #endif /* ! length ordering dependent on digest endian type ! */ XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32)); XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen, sizeof(word32)); #ifdef FREESCALE_MMCAU /* Kinetis requires only these bytes reversed */ ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)], &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)], 2 * sizeof(word32)); #endif ret = XTRANSFORM(sha256, local); if (ret != 0) return ret; #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE); #endif XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE); return wc_InitSha256(sha256); /* reset state */ }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, const byte* inA, word32 inASz, const byte* inB, word32 inBSz) { byte ctr; int i; int len; word32 bits = (outSz * 8); /* reverse byte order */ Sha256 sha; byte digest[SHA256_DIGEST_SIZE]; (void)drbg; #ifdef LITTLE_ENDIAN_ORDER bits = ByteReverseWord32(bits); #endif len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); for (i = 0, ctr = 1; i < len; i++, ctr++) { if (wc_InitSha256(&sha) != 0) return DRBG_FAILURE; if (wc_Sha256Update(&sha, &ctr, sizeof(ctr)) != 0) return DRBG_FAILURE; if (wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)) != 0) return DRBG_FAILURE; /* churning V is the only string that doesn't have the type added */ if (type != drbgInitV) if (wc_Sha256Update(&sha, &type, sizeof(type)) != 0) return DRBG_FAILURE; if (wc_Sha256Update(&sha, inA, inASz) != 0) return DRBG_FAILURE; if (inB != NULL && inBSz > 0) if (wc_Sha256Update(&sha, inB, inBSz) != 0) return DRBG_FAILURE; if (wc_Sha256Final(&sha, digest) != 0) return DRBG_FAILURE; if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); outSz -= OUTPUT_BLOCK_LEN; out += OUTPUT_BLOCK_LEN; } else { XMEMCPY(out, digest, outSz); } } ForceZero(digest, sizeof(digest)); return DRBG_SUCCESS; }
/* Initialize SHA-256 */ int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256) { typedef char sha_test[sizeof(CRYPT_SHA256_CTX) >= sizeof(Sha256) ? 1 : -1]; (void)sizeof(sha_test); if (sha256 == NULL) return BAD_FUNC_ARG; return wc_InitSha256((Sha256*)sha256); }
static int InitHmac(Hmac* hmac, int type) { int ret = 0; hmac->innerHashKeyed = 0; hmac->macType = (byte)type; if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384 || type == SHA512 || type == BLAKE2B_ID)) return BAD_FUNC_ARG; switch (type) { #ifndef NO_MD5 case MD5: wc_InitMd5(&hmac->hash.md5); break; #endif #ifndef NO_SHA case SHA: ret = wc_InitSha(&hmac->hash.sha); break; #endif #ifndef NO_SHA256 case SHA256: ret = wc_InitSha256(&hmac->hash.sha256); break; #endif #ifdef WOLFSSL_SHA384 case SHA384: ret = wc_InitSha384(&hmac->hash.sha384); break; #endif #ifdef WOLFSSL_SHA512 case SHA512: ret = wc_InitSha512(&hmac->hash.sha512); break; #endif #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); break; #endif default: return BAD_FUNC_ARG; } return ret; }
int wc_Sha256Final(Sha256 *sha256, byte *hash) { byte *local = (byte *)sha256->buffer; int ret; AddLength(sha256, sha256->buffLen); /* before adding pads */ local[sha256->buffLen++] = 0x80; /* add 1 */ /* pad with zeros */ if (sha256->buffLen > SHA256_PAD_SIZE) { XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen); sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen; ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE); ret = XTRANSFORM(sha256, local); if (ret != 0) return ret; sha256->buffLen = 0; } XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen); /* put lengths in bits */ sha256->hiLen = (sha256->loLen >> (8 * sizeof(sha256->loLen) - 3)) + (sha256->hiLen << 3); sha256->loLen = sha256->loLen << 3; /* store lengths */ ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE); /* ! length ordering dependent on digest endian type ! */ XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32)); XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen, sizeof(word32)); ret = XTRANSFORM(sha256, local); if (ret != 0) return ret; ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE); XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE); return wc_InitSha256(sha256); /* reset state */ }
int sha256_test(void) { Sha256 sha; byte hash[SHA256_DIGEST_SIZE]; testVector a, b; testVector test_sha[2]; int ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; a.input = "abc"; a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; b.inLen = XSTRLEN(b.input); b.outLen = XSTRLEN(b.output); test_sha[0] = a; test_sha[1] = b; ret = wc_InitSha256(&sha); if (ret != 0) return ret; for (i = 0; i < times; ++i) { ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); if (ret != 0) return ret; ret = wc_Sha256Final(&sha, hash); if (ret != 0) return ret; if (XMEMCMP(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0) return -10 - i; } return 0; }
void file_test(const char* file, byte* check) { FILE* f; int i = 0, j, ret; Sha256 sha256; byte buf[1024]; byte shasum[SHA256_DIGEST_SIZE]; ret = wc_InitSha256(&sha256); if (ret != 0) { printf("Can't wc_InitSha256 %d\n", ret); return; } if( !( f = fopen( file, "rb" ) )) { printf("Can't open %s\n", file); return; } while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) { ret = wc_Sha256Update(&sha256, buf, i); if (ret != 0) { printf("Can't wc_Sha256Update %d\n", ret); fclose(f); return; } } ret = wc_Sha256Final(&sha256, shasum); if (ret != 0) { printf("Can't wc_Sha256Final %d\n", ret); fclose(f); return; } memcpy(check, shasum, sizeof(shasum)); for(j = 0; j < SHA256_DIGEST_SIZE; ++j ) printf( "%02x", shasum[j] ); printf(" %s\n", file); fclose(f); }
void sha256_rsa_pubkey ( unsigned char hash[SHA256_DIGEST_SIZE], RsaKey* key ) { // Expect a 2048 bit RSA key. assert(key->n.used == 32); uint8_t buf[1024]; /* SetRsaPublicKey() only exports n and e without wrapping them in additional ASN.1 (PKCS#1). */ int pub_rsa_key_der_len = SetRsaPublicKey(buf, key, sizeof(buf), 0); assert(pub_rsa_key_der_len == 270); Sha256 sha; wc_InitSha256(&sha); wc_Sha256Update(&sha, buf, pub_rsa_key_der_len); wc_Sha256Final(&sha, hash); }
static int SrpHashInit(SrpHash* hash, SrpType type) { hash->type = type; switch (type) { case SRP_TYPE_SHA: #ifndef NO_SHA return wc_InitSha(&hash->data.sha); #else return BAD_FUNC_ARG; #endif case SRP_TYPE_SHA256: #ifndef NO_SHA256 return wc_InitSha256(&hash->data.sha256); #else return BAD_FUNC_ARG; #endif case SRP_TYPE_SHA384: #ifdef WOLFSSL_SHA384 return wc_InitSha384(&hash->data.sha384); #else return BAD_FUNC_ARG; #endif case SRP_TYPE_SHA512: #ifdef WOLFSSL_SHA512 return wc_InitSha512(&hash->data.sha512); #else return BAD_FUNC_ARG; #endif default: return BAD_FUNC_ARG; } }
/* check mcapi sha256 against internal */ static int check_sha256(void) { CRYPT_SHA256_CTX mcSha256; Sha256 defSha256; int ret; byte mcDigest[CRYPT_SHA256_DIGEST_SIZE]; byte defDigest[SHA256_DIGEST_SIZE]; CRYPT_SHA256_Initialize(&mcSha256); ret = wc_InitSha256(&defSha256); if (ret != 0) { printf("sha256 init default failed\n"); return -1; } CRYPT_SHA256_DataAdd(&mcSha256, ourData, OUR_DATA_SIZE); ret = wc_Sha256Update(&defSha256, ourData, OUR_DATA_SIZE); if (ret != 0) { printf("sha256 update default failed\n"); return -1; } CRYPT_SHA256_Finalize(&mcSha256, mcDigest); ret = wc_Sha256Final(&defSha256, defDigest); if (ret != 0) { printf("sha256 final default failed\n"); return -1; } if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) { printf("sha256 final memcmp fialed\n"); return -1; } printf("sha256 mcapi test passed\n"); return 0; }
/* Re-seed the generator. Called when enough data has been used from the current 'run' */ static int fortuna_reseed(uint8_t *seed, uint8_t seed_size) { uint8_t *sha_input = NULL; sha_input = (uint8_t *)kalloc(seed_size + FORTUNA_ENCRYPT_KEY_SIZE); /* Seed size + 256b of current SHA hash key */ if (NULL == sha_input) { /* Failed to alloc, don't increment counter */ return 0; } else { memcpy(sha_input, fortuna_generator.key, FORTUNA_ENCRYPT_KEY_SIZE); /* Current key */ memcpy(sha_input + FORTUNA_ENCRYPT_KEY_SIZE, seed, seed_size); /* New seed */ } wc_InitSha256(fortuna_generator.sha); wc_Sha256Update(fortuna_generator.sha, sha_input, seed_size + 32); wc_Sha256Final(fortuna_generator.sha, fortuna_generator.key); fortuna_increment_counter(fortuna_generator.counter); kfree(sha_input); return 1; }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, const byte* inA, word32 inASz, const byte* inB, word32 inBSz) { int ret = DRBG_FAILURE; byte ctr; int i; int len; word32 bits = (outSz * 8); /* reverse byte order */ Sha256 sha; DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); (void)drbg; #ifdef WOLFSSL_ASYNC_CRYPT if (digest == NULL) return DRBG_FAILURE; #endif #ifdef LITTLE_ENDIAN_ORDER bits = ByteReverseWord32(bits); #endif len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); for (i = 0, ctr = 1; i < len; i++, ctr++) { #ifdef WOLFSSL_ASYNC_CRYPT ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId); #else ret = wc_InitSha256(&sha); #endif if (ret != 0) break; if (ret == 0) ret = wc_Sha256Update(&sha, &ctr, sizeof(ctr)); if (ret == 0) ret = wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)); if (ret == 0) { /* churning V is the only string that doesn't have the type added */ if (type != drbgInitV) ret = wc_Sha256Update(&sha, &type, sizeof(type)); } if (ret == 0) ret = wc_Sha256Update(&sha, inA, inASz); if (ret == 0) { if (inB != NULL && inBSz > 0) ret = wc_Sha256Update(&sha, inB, inBSz); } if (ret == 0) ret = wc_Sha256Final(&sha, digest); wc_Sha256Free(&sha); if (ret == 0) { if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); outSz -= OUTPUT_BLOCK_LEN; out += OUTPUT_BLOCK_LEN; } else { XMEMCPY(out, digest, outSz); } } } ForceZero(digest, SHA256_DIGEST_SIZE); FREE_VAR(digest, drbg->heap); return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; }
/* * benchmarking funciton */ int wolfCLU_benchmark(int timer, int* option) { int i = 0; /* A looping variable */ int loop = 1; /* benchmarking loop */ int64_t blocks = 0; /* blocks used during benchmarking */ #ifndef NO_AES Aes aes; /* aes declaration */ #endif #ifndef NO_DES3 Des3 des3; /* 3des declaration */ #endif RNG rng; /* random number generator */ int ret = 0; /* return variable */ double stop = 0.0; /* stop breaks loop */ double start; /* start time */ double currTime; /* current time*/ ALIGN16 byte* plain; /* plain text */ ALIGN16 byte* cipher; /* cipher */ ALIGN16 byte* key; /* key for testing */ ALIGN16 byte* iv; /* iv for initial encoding */ byte* digest; /* message digest */ wc_InitRng(&rng); signal(SIGALRM, wolfCLU_stop); i = 0; #ifndef NO_AES /* aes test */ if (option[i] == 1) { plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { return MEMORY_E; } cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (cipher == NULL) { wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL); return MEMORY_E; } key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL); return MEMORY_E; } iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (iv == NULL) { wolfCLU_freeBins(plain, cipher, key, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE); start = wolfCLU_getTime(); alarm(timer); wc_AesSetKey(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); while (loop) { wc_AesCbcEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } printf("\n"); printf("AES-CBC "); wolfCLU_stats(start, AES_BLOCK_SIZE, blocks); XMEMSET(plain, 0, AES_BLOCK_SIZE); XMEMSET(cipher, 0, AES_BLOCK_SIZE); XMEMSET(key, 0, AES_BLOCK_SIZE); XMEMSET(iv, 0, AES_BLOCK_SIZE); wolfCLU_freeBins(plain, cipher, key, iv, NULL); blocks = 0; loop = 1; } i++; #endif #ifdef WOLFSSL_AES_COUNTER /* aes-ctr test */ if (option[i] == 1) { plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { return MEMORY_E; } cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (cipher == NULL) { wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL); return MEMORY_E; } key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL); return MEMORY_E; } iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (iv == NULL) { wolfCLU_freeBins(plain, cipher, key, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE); start = wolfCLU_getTime(); alarm(timer); wc_AesSetKeyDirect(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); while (loop) { wc_AesCtrEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } printf("AES-CTR "); wolfCLU_stats(start, AES_BLOCK_SIZE, blocks); XMEMSET(plain, 0, AES_BLOCK_SIZE); XMEMSET(cipher, 0, AES_BLOCK_SIZE); XMEMSET(key, 0, AES_BLOCK_SIZE); XMEMSET(iv, 0, AES_BLOCK_SIZE); wolfCLU_freeBins(plain, cipher, key, iv, NULL); blocks = 0; loop = 1; } i++; #endif #ifndef NO_DES3 /* 3des test */ if (option[i] == 1) { plain = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { return MEMORY_E; } cipher = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (cipher == NULL) { wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL); return MEMORY_E; } key = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL); return MEMORY_E; } iv = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (iv == NULL) { wolfCLU_freeBins(plain, cipher, key, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, DES3_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, cipher, DES3_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, key, DES3_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, iv, DES3_BLOCK_SIZE); start = wolfCLU_getTime(); alarm(timer); wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION); while (loop) { wc_Des3_CbcEncrypt(&des3, cipher, plain, DES3_BLOCK_SIZE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } printf("3DES "); wolfCLU_stats(start, DES3_BLOCK_SIZE, blocks); XMEMSET(plain, 0, DES3_BLOCK_SIZE); XMEMSET(cipher, 0, DES3_BLOCK_SIZE); XMEMSET(key, 0, DES3_BLOCK_SIZE); XMEMSET(iv, 0, DES3_BLOCK_SIZE); wolfCLU_freeBins(plain, cipher, key, iv, NULL); blocks = 0; loop = 1; } i++; #endif #ifdef HAVE_CAMELLIA #define CAM_SZ CAMELLIA_BLOCK_SIZE /* camellia test */ if (option[i] == 1) { Camellia camellia; plain = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { return MEMORY_E; } cipher = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (cipher == NULL) { wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL); return MEMORY_E; } key = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL); return MEMORY_E; } iv = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (iv == NULL) { wolfCLU_freeBins(plain, cipher, key, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, CAMELLIA_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, cipher, CAMELLIA_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, key, CAMELLIA_BLOCK_SIZE); wc_RNG_GenerateBlock(&rng, iv, CAMELLIA_BLOCK_SIZE); start = wolfCLU_getTime(); alarm(timer); wc_CamelliaSetKey(&camellia, key, CAMELLIA_BLOCK_SIZE, iv); while (loop) { wc_CamelliaCbcEncrypt(&camellia, cipher, plain, CAMELLIA_BLOCK_SIZE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } printf("Camellia "); wolfCLU_stats(start, CAMELLIA_BLOCK_SIZE, blocks); XMEMSET(plain, 0, CAMELLIA_BLOCK_SIZE); XMEMSET(cipher, 0, CAMELLIA_BLOCK_SIZE); XMEMSET(key, 0, CAMELLIA_BLOCK_SIZE); XMEMSET(iv, 0, CAMELLIA_BLOCK_SIZE); wolfCLU_freeBins(plain, cipher, key, iv, NULL); blocks = 0; loop = 1; } i++; #endif #ifndef NO_MD5 /* md5 test */ if (option[i] == 1) { Md5 md5; digest = XMALLOC(MD5_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, MEGABYTE); wc_InitMd5(&md5); start = wolfCLU_getTime(); alarm(timer); while (loop) { wc_Md5Update(&md5, plain, MEGABYTE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } wc_Md5Final(&md5, digest); printf("MD5 "); wolfCLU_stats(start, MEGABYTE, blocks); XMEMSET(plain, 0, MEGABYTE); XMEMSET(digest, 0, MD5_DIGEST_SIZE); wolfCLU_freeBins(digest, plain, NULL, NULL, NULL); blocks = 0; loop = 1; } i++; #endif #ifndef NO_SHA /* sha test */ if (option[i] == 1) { Sha sha; digest = XMALLOC(SHA_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, MEGABYTE); wc_InitSha(&sha); start = wolfCLU_getTime(); alarm(timer); while (loop) { wc_ShaUpdate(&sha, plain, MEGABYTE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } wc_ShaFinal(&sha, digest); printf("Sha "); wolfCLU_stats(start, MEGABYTE, blocks); XMEMSET(plain, 0, MEGABYTE); XMEMSET(digest, 0, SHA_DIGEST_SIZE); wolfCLU_freeBins(plain, digest, NULL, NULL, NULL); blocks = 0; loop = 1; } i++; #endif #ifndef NO_SHA256 #define SHA256_SZ SHA256_DIGEST_SIZE /* sha256 test */ if (option[i] == 1) { Sha256 sha256; digest = XMALLOC(SHA256_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, MEGABYTE); wc_InitSha256(&sha256); start = wolfCLU_getTime(); alarm(timer); while (loop) { wc_Sha256Update(&sha256, plain, MEGABYTE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } wc_Sha256Final(&sha256, digest); printf("Sha256 "); wolfCLU_stats(start, MEGABYTE, blocks); XMEMSET(plain, 0, MEGABYTE); XMEMSET(digest, 0, SHA256_DIGEST_SIZE); wolfCLU_freeBins(plain, digest, NULL, NULL, NULL); /* resets used for debug, uncomment if needed */ blocks = 0; loop = 1; } i++; #endif #ifdef WOLFSSL_SHA384 #define SHA384_SZ SHA384_DIGEST_SIZE /* sha384 test */ if (option[i] == 1) { Sha384 sha384; digest = XMALLOC(SHA384_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, MEGABYTE); wc_InitSha384(&sha384); start = wolfCLU_getTime(); alarm(timer); while (loop) { wc_Sha384Update(&sha384, plain, MEGABYTE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } wc_Sha384Final(&sha384, digest); printf("Sha384 "); wolfCLU_stats(start, MEGABYTE, blocks); XMEMSET(plain, 0, MEGABYTE); XMEMSET(digest, 0, SHA384_DIGEST_SIZE); wolfCLU_freeBins(plain, digest, NULL, NULL, NULL); blocks = 0; loop = 1; } i++; #endif #ifdef WOLFSSL_SHA512 #define SHA512_SZ SHA512_DIGEST_SIZE /* sha512 test */ if (option[i] == 1) { Sha512 sha512; digest = XMALLOC(SHA512_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, MEGABYTE); wc_InitSha512(&sha512); start = wolfCLU_getTime(); alarm(timer); while (loop) { wc_Sha512Update(&sha512, plain, MEGABYTE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } wc_Sha512Final(&sha512, digest); printf("Sha512 "); wolfCLU_stats(start, MEGABYTE, blocks); XMEMSET(plain, 0, MEGABYTE); XMEMSET(digest, 0, SHA512_DIGEST_SIZE); wolfCLU_freeBins(plain, digest, NULL, NULL, NULL); blocks = 0; loop = 1; } i++; #endif #ifdef HAVE_BLAKE2 /* blake2b test */ if (option[i] == 1) { Blake2b b2b; digest = XMALLOC(BLAKE_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL); return MEMORY_E; } wc_RNG_GenerateBlock(&rng, plain, MEGABYTE); wc_InitBlake2b(&b2b, BLAKE_DIGEST_SIZE); start = wolfCLU_getTime(); alarm(timer); while (loop) { wc_Blake2bUpdate(&b2b, plain, MEGABYTE); blocks++; currTime = wolfCLU_getTime(); stop = currTime - start; /* if stop >= timer, loop = 0 */ loop = (stop >= timer) ? 0 : 1; } wc_Blake2bFinal(&b2b, digest, BLAKE_DIGEST_SIZE); printf("Blake2b "); wolfCLU_stats(start, MEGABYTE, blocks); XMEMSET(plain, 0, MEGABYTE); XMEMSET(digest, 0, BLAKE_DIGEST_SIZE); wolfCLU_freeBins(digest, plain, NULL, NULL, NULL); } #endif return ret; }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) { int ret = DRBG_FAILURE; byte data[DRBG_SEED_LEN]; int i; int len; word32 checkBlock; Sha256 sha; DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for * the continuous test. */ if (outSz == 0) outSz = 1; len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { #ifdef WOLFSSL_ASYNC_CRYPT ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId); #else ret = wc_InitSha256(&sha); #endif if (ret == 0) ret = wc_Sha256Update(&sha, data, sizeof(data)); if (ret == 0) ret = wc_Sha256Final(&sha, digest); wc_Sha256Free(&sha); if (ret == 0) { XMEMCPY(&checkBlock, digest, sizeof(word32)); if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) { if (drbg->matchCount == 1) { return DRBG_CONT_FAILURE; } else { if (i == len) { len++; } drbg->matchCount = 1; } } else { drbg->matchCount = 0; drbg->lastBlock = checkBlock; } if (out != NULL && outSz != 0) { if (outSz >= OUTPUT_BLOCK_LEN) { XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); outSz -= OUTPUT_BLOCK_LEN; out += OUTPUT_BLOCK_LEN; array_add_one(data, DRBG_SEED_LEN); } else { XMEMCPY(out, digest, outSz); outSz = 0; } } } } ForceZero(data, sizeof(data)); FREE_VAR(digest, drbg->heap); return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; }
/* helper for PKCS12_PBKDF(), does hash operation */ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, byte* Ai, word32 u, int iterations) { int i; int ret = 0; if (buffer == NULL || Ai == NULL) return BAD_FUNC_ARG; switch (hashType) { #ifndef NO_MD5 case MD5: { Md5 md5; wc_InitMd5(&md5); wc_Md5Update(&md5, buffer, totalLen); wc_Md5Final(&md5, Ai); for (i = 1; i < iterations; i++) { wc_Md5Update(&md5, Ai, u); wc_Md5Final(&md5, Ai); } } break; #endif /* NO_MD5 */ #ifndef NO_SHA case SHA: { Sha sha; ret = wc_InitSha(&sha); if (ret != 0) break; wc_ShaUpdate(&sha, buffer, totalLen); wc_ShaFinal(&sha, Ai); for (i = 1; i < iterations; i++) { wc_ShaUpdate(&sha, Ai, u); wc_ShaFinal(&sha, Ai); } } break; #endif /* NO_SHA */ #ifndef NO_SHA256 case SHA256: { Sha256 sha256; ret = wc_InitSha256(&sha256); if (ret != 0) break; ret = wc_Sha256Update(&sha256, buffer, totalLen); if (ret != 0) break; ret = wc_Sha256Final(&sha256, Ai); if (ret != 0) break; for (i = 1; i < iterations; i++) { ret = wc_Sha256Update(&sha256, Ai, u); if (ret != 0) break; ret = wc_Sha256Final(&sha256, Ai); if (ret != 0) break; } } break; #endif /* NO_SHA256 */ #ifdef WOLFSSL_SHA512 case SHA512: { Sha512 sha512; ret = wc_InitSha512(&sha512); if (ret != 0) break; ret = wc_Sha512Update(&sha512, buffer, totalLen); if (ret != 0) break; ret = wc_Sha512Final(&sha512, Ai); if (ret != 0) break; for (i = 1; i < iterations; i++) { ret = wc_Sha512Update(&sha512, Ai, u); if (ret != 0) break; ret = wc_Sha512Final(&sha512, Ai); if (ret != 0) break; } } break; #endif /* WOLFSSL_SHA512 */ default: ret = BAD_FUNC_ARG; break; } return ret; }