int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
{
int ret = HASH_TYPE_E; /* Default to hash type error */
if (hash == NULL || out == NULL)
return BAD_FUNC_ARG;
switch (type) {
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
wc_Md5Final(&hash->md5, out);
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
ret = wc_ShaFinal(&hash->sha, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA224:
#ifdef WOLFSSL_SHA224
ret = wc_Sha224Final(&hash->sha224, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
ret = wc_Sha256Final(&hash->sha256, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
ret = wc_Sha384Final(&hash->sha384, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Final(&hash->sha512, out);
if (ret != 0)
return ret;
#endif
break;
/* not supported */
case WC_HASH_TYPE_MD5_SHA:
case WC_HASH_TYPE_MD2:
case WC_HASH_TYPE_MD4:
case WC_HASH_TYPE_NONE:
default:
return BAD_FUNC_ARG;
};
return 0;
}
/* Get SHA-512 Final into digest */
int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
{
if (sha512 == NULL || digest == NULL)
return BAD_FUNC_ARG;
return wc_Sha512Final((Sha512*)sha512, digest);
}
static int SrpHashFinal(SrpHash* hash, byte* digest)
{
switch (hash->type) {
case SRP_TYPE_SHA:
#ifndef NO_SHA
return wc_ShaFinal(&hash->data.sha, digest);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA256:
#ifndef NO_SHA256
return wc_Sha256Final(&hash->data.sha256, digest);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
return wc_Sha384Final(&hash->data.sha384, digest);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
return wc_Sha512Final(&hash->data.sha512, digest);
#else
return BAD_FUNC_ARG;
#endif
default:
return BAD_FUNC_ARG;
}
}
int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha512* sha512;
#else
Sha512 sha512[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL)
return MEMORY_E;
#endif
if ((ret = wc_InitSha512(sha512)) != 0) {
WOLFSSL_MSG("InitSha512 failed");
}
else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
WOLFSSL_MSG("Sha512Update failed");
}
else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
WOLFSSL_MSG("Sha512Final failed");
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
int sha512_test(void)
{
Sha512 sha;
byte hash[SHA512_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
int ret;
a.input = "abc";
a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
"\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
"\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
"\xa5\x4c\xa4\x9f";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
"\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
"\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
"\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
"\x87\x4b\xe9\x09";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
test_sha[0] = a;
test_sha[1] = b;
ret = wc_InitSha512(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&sha, hash);
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
int wc_Sha512GetHash(Sha512* sha512, byte* hash)
{
int ret;
Sha512 save;
if (sha512 == NULL || hash == NULL)
return BAD_FUNC_ARG;
save= *sha512;
ret = wc_Sha512Final(sha512, hash);
*sha512 = save;
return ret;
}
bool uc_sha512(const unsigned char *in, size_t inlen, unsigned char *hash) {
Sha512 sha512;
wc_InitSha512(&sha512);
int r = wc_Sha512Update(&sha512, in, inlen);
if (r) {
UCERROR("sha512 update", r);
return false;
}
r = wc_Sha512Final(&sha512, hash);
if (r) {
UCERROR("sha512 final", r);
return false;
}
UCDUMP("SHA512", hash, SHA512_DIGEST_SIZE);
return true;
}
int wc_SrpSetKeyH(Srp *srp, byte *secret, word32 size) {
SrpHash hash;
int r = BAD_FUNC_ARG;
srp->key = (byte*) XMALLOC(WC_SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP);
if (!srp->key)
return MEMORY_E;
srp->keySz = WC_SHA512_DIGEST_SIZE;
r = wc_InitSha512(&hash.data.sha512);
if (!r) r = wc_Sha512Update(&hash.data.sha512, secret, size);
if (!r) r = wc_Sha512Final(&hash.data.sha512, srp->key);
// clean up hash data from stack for security
memset(&hash, 0, sizeof(hash));
return r;
}
/* check mcapi sha512 against internal */
static int check_sha512(void)
{
CRYPT_SHA512_CTX mcSha512;
Sha512 defSha512;
int ret;
byte mcDigest[CRYPT_SHA512_DIGEST_SIZE];
byte defDigest[SHA512_DIGEST_SIZE];
CRYPT_SHA512_Initialize(&mcSha512);
ret = wc_InitSha512(&defSha512);
if (ret != 0) {
printf("sha512 init default failed\n");
return -1;
}
CRYPT_SHA512_DataAdd(&mcSha512, ourData, OUR_DATA_SIZE);
ret = wc_Sha512Update(&defSha512, ourData, OUR_DATA_SIZE);
if (ret != 0) {
printf("sha512 update default failed\n");
return -1;
}
CRYPT_SHA512_Finalize(&mcSha512, mcDigest);
ret = wc_Sha512Final(&defSha512, defDigest);
if (ret != 0) {
printf("sha512 final default failed\n");
return -1;
}
if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) {
printf("sha512 final memcmp fialed\n");
return -1;
}
printf("sha512 mcapi test passed\n");
return 0;
}
/* helper for PKCS12_PBKDF(), does hash operation */
int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations)
{
int i;
int ret = 0;
if (buffer == NULL || Ai == NULL)
return BAD_FUNC_ARG;
switch (hashType) {
#ifndef NO_MD5
case MD5:
{
Md5 md5;
wc_InitMd5(&md5);
wc_Md5Update(&md5, buffer, totalLen);
wc_Md5Final(&md5, Ai);
for (i = 1; i < iterations; i++) {
wc_Md5Update(&md5, Ai, u);
wc_Md5Final(&md5, Ai);
}
}
break;
#endif /* NO_MD5 */
#ifndef NO_SHA
case SHA:
{
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
break;
wc_ShaUpdate(&sha, buffer, totalLen);
wc_ShaFinal(&sha, Ai);
for (i = 1; i < iterations; i++) {
wc_ShaUpdate(&sha, Ai, u);
wc_ShaFinal(&sha, Ai);
}
}
break;
#endif /* NO_SHA */
#ifndef NO_SHA256
case SHA256:
{
Sha256 sha256;
ret = wc_InitSha256(&sha256);
if (ret != 0)
break;
ret = wc_Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512
case SHA512:
{
Sha512 sha512;
ret = wc_InitSha512(&sha512);
if (ret != 0)
break;
ret = wc_Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* WOLFSSL_SHA512 */
default:
ret = BAD_FUNC_ARG;
break;
}
return ret;
}
/*
* benchmarking funciton
*/
int wolfCLU_benchmark(int timer, int* option)
{
int i = 0; /* A looping variable */
int loop = 1; /* benchmarking loop */
int64_t blocks = 0; /* blocks used during benchmarking */
#ifndef NO_AES
Aes aes; /* aes declaration */
#endif
#ifndef NO_DES3
Des3 des3; /* 3des declaration */
#endif
RNG rng; /* random number generator */
int ret = 0; /* return variable */
double stop = 0.0; /* stop breaks loop */
double start; /* start time */
double currTime; /* current time*/
ALIGN16 byte* plain; /* plain text */
ALIGN16 byte* cipher; /* cipher */
ALIGN16 byte* key; /* key for testing */
ALIGN16 byte* iv; /* iv for initial encoding */
byte* digest; /* message digest */
wc_InitRng(&rng);
signal(SIGALRM, wolfCLU_stop);
i = 0;
#ifndef NO_AES
/* aes test */
if (option[i] == 1) {
plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_AesSetKey(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
while (loop) {
wc_AesCbcEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("\n");
printf("AES-CBC ");
wolfCLU_stats(start, AES_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(key, 0, AES_BLOCK_SIZE);
XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_AES_COUNTER
/* aes-ctr test */
if (option[i] == 1) {
plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_AesSetKeyDirect(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
while (loop) {
wc_AesCtrEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("AES-CTR ");
wolfCLU_stats(start, AES_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(key, 0, AES_BLOCK_SIZE);
XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_DES3
/* 3des test */
if (option[i] == 1) {
plain = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, DES3_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
while (loop) {
wc_Des3_CbcEncrypt(&des3, cipher, plain, DES3_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("3DES ");
wolfCLU_stats(start, DES3_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, DES3_BLOCK_SIZE);
XMEMSET(cipher, 0, DES3_BLOCK_SIZE);
XMEMSET(key, 0, DES3_BLOCK_SIZE);
XMEMSET(iv, 0, DES3_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef HAVE_CAMELLIA
#define CAM_SZ CAMELLIA_BLOCK_SIZE
/* camellia test */
if (option[i] == 1) {
Camellia camellia;
plain = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, CAMELLIA_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_CamelliaSetKey(&camellia, key, CAMELLIA_BLOCK_SIZE, iv);
while (loop) {
wc_CamelliaCbcEncrypt(&camellia, cipher, plain, CAMELLIA_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("Camellia ");
wolfCLU_stats(start, CAMELLIA_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(cipher, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(key, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(iv, 0, CAMELLIA_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_MD5
/* md5 test */
if (option[i] == 1) {
Md5 md5;
digest = XMALLOC(MD5_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitMd5(&md5);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Md5Update(&md5, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Md5Final(&md5, digest);
printf("MD5 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, MD5_DIGEST_SIZE);
wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_SHA
/* sha test */
if (option[i] == 1) {
Sha sha;
digest = XMALLOC(SHA_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha(&sha);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_ShaUpdate(&sha, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_ShaFinal(&sha, digest);
printf("Sha ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_SHA256
#define SHA256_SZ SHA256_DIGEST_SIZE
/* sha256 test */
if (option[i] == 1) {
Sha256 sha256;
digest = XMALLOC(SHA256_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha256(&sha256);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha256Update(&sha256, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha256Final(&sha256, digest);
printf("Sha256 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA256_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
/* resets used for debug, uncomment if needed */
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_SHA384
#define SHA384_SZ SHA384_DIGEST_SIZE
/* sha384 test */
if (option[i] == 1) {
Sha384 sha384;
digest = XMALLOC(SHA384_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha384(&sha384);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha384Update(&sha384, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha384Final(&sha384, digest);
printf("Sha384 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA384_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_SHA512
#define SHA512_SZ SHA512_DIGEST_SIZE
/* sha512 test */
if (option[i] == 1) {
Sha512 sha512;
digest = XMALLOC(SHA512_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha512(&sha512);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha512Update(&sha512, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha512Final(&sha512, digest);
printf("Sha512 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA512_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef HAVE_BLAKE2
/* blake2b test */
if (option[i] == 1) {
Blake2b b2b;
digest = XMALLOC(BLAKE_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitBlake2b(&b2b, BLAKE_DIGEST_SIZE);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Blake2bUpdate(&b2b, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Blake2bFinal(&b2b, digest, BLAKE_DIGEST_SIZE);
printf("Blake2b ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, BLAKE_DIGEST_SIZE);
wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
}
#endif
return ret;
}
int wc_HmacFinal(Hmac* hmac, byte* hash)
{
int ret;
if (hmac == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (hmac->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Hmac(hmac, hmac->macType, NULL, 0, hash);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code */
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
int hashLen = wc_HmacSizeByType(hmac->macType);
if (hashLen <= 0)
return hashLen;
#if defined(HAVE_CAVIUM)
return NitroxHmacFinal(hmac, hash, hashLen);
#elif defined(HAVE_INTEL_QA)
if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
}
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
case WC_MD5:
ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad,
WC_MD5_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash,
WC_MD5_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Md5Final(&hmac->hash.md5, hash);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
WC_SHA_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
WC_SHA_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_ShaFinal(&hmac->hash.sha, hash);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
{
ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad,
WC_SHA224_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash,
WC_SHA224_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha224Final(&hmac->hash.sha224, hash);
if (ret != 0)
break;
}
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
WC_SHA256_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash,
WC_SHA256_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha256Final(&hmac->hash.sha256, hash);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
WC_SHA384_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash,
WC_SHA384_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha384Final(&hmac->hash.sha384, hash);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad,
WC_SHA512_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash,
WC_SHA512_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha512Final(&hmac->hash.sha512, hash);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*)hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
break;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->opad,
BLAKE2B_BLOCKBYTES);
if (ret != 0)
break;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
break;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224:
ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->opad,
WC_SHA3_224_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
WC_SHA3_224_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_224_Final(&hmac->hash.sha3, hash);
break;
#endif
#ifndef WOLFSSL_NOSHA3_256
case WC_SHA3_256:
ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->opad,
WC_SHA3_256_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
WC_SHA3_256_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_256_Final(&hmac->hash.sha3, hash);
break;
#endif
#ifndef WOLFSSL_NOSHA3_384
case WC_SHA3_384:
ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->opad,
WC_SHA3_384_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
WC_SHA3_384_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_384_Final(&hmac->hash.sha3, hash);
break;
#endif
#ifndef WOLFSSL_NOSHA3_512
case WC_SHA3_512:
ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->opad,
WC_SHA3_512_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
WC_SHA3_512_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha3_512_Final(&hmac->hash.sha3, hash);
break;
#endif
#endif /* WOLFSSL_SHA3 */
default:
ret = BAD_FUNC_ARG;
break;
}
if (ret == 0) {
hmac->innerHashKeyed = 0;
}
return ret;
}
/*
in contains the message to sign
inlen is the length of the message to sign
out is the buffer to write the signature
outLen [in/out] input size of out buf
output gets set as the final length of out
key is the ed25519 key to use when signing
return 0 on success
*/
int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
word32 *outLen, ed25519_key* key)
{
ge_p3 R;
byte nonce[SHA512_DIGEST_SIZE];
byte hram[SHA512_DIGEST_SIZE];
byte az[ED25519_PRV_KEY_SIZE];
Sha512 sha;
int ret;
/* sanity check on arguments */
if (in == NULL || out == NULL || outLen == NULL || key == NULL)
return BAD_FUNC_ARG;
/* check and set up out length */
if (*outLen < ED25519_SIG_SIZE) {
*outLen = ED25519_SIG_SIZE;
return BUFFER_E;
}
*outLen = ED25519_SIG_SIZE;
/* step 1: create nonce to use where nonce is r in
r = H(h_b, ... ,h_2b-1,M) */
ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
if (ret != 0)
return ret;
/* apply clamp */
az[0] &= 248;
az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
az[31] |= 64;
ret = wc_InitSha512(&sha);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, in, inlen);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&sha, nonce);
if (ret != 0)
return ret;
sc_reduce(nonce);
/* step 2: computing R = rB where rB is the scalar multiplication of
r and B */
ge_scalarmult_base(&R,nonce);
ge_p3_tobytes(out,&R);
/* step 3: hash R + public key + message getting H(R,A,M) then
creating S = (r + H(R,A,M)a) mod l */
ret = wc_InitSha512(&sha);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, in, inlen);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&sha, hram);
if (ret != 0)
return ret;
sc_reduce(hram);
sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
return ret;
}
int wc_HmacFinal(Hmac* hmac, byte* hash)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumFinal(hmac, hash);
#endif
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
{
wc_Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
wc_Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
wc_Md5Update(&hmac->hash.md5,
(byte*) hmac->innerHash, MD5_DIGEST_SIZE);
wc_Md5Final(&hmac->hash.md5, hash);
}
break;
#endif
#ifndef NO_SHA
case SHA:
{
wc_ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
wc_ShaUpdate(&hmac->hash.sha,
(byte*) hmac->innerHash, SHA_DIGEST_SIZE);
wc_ShaFinal(&hmac->hash.sha, hash);
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
{
ret = wc_Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
ret = wc_Sha256Update(&hmac->hash.sha256,
(byte*) hmac->opad, SHA256_BLOCK_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha256Update(&hmac->hash.sha256,
(byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha256Final(&hmac->hash.sha256, hash);
if (ret != 0)
return ret;
}
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
{
ret = wc_Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
ret = wc_Sha384Update(&hmac->hash.sha384,
(byte*) hmac->opad, SHA384_BLOCK_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha384Update(&hmac->hash.sha384,
(byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha384Final(&hmac->hash.sha384, hash);
if (ret != 0)
return ret;
}
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
{
ret = wc_Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&hmac->hash.sha512,
(byte*) hmac->opad, SHA512_BLOCK_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&hmac->hash.sha512,
(byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&hmac->hash.sha512, hash);
if (ret != 0)
return ret;
}
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
{
ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
return ret;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
(byte*) hmac->opad, BLAKE2B_BLOCKBYTES);
if (ret != 0)
return ret;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
(byte*) hmac->innerHash, BLAKE2B_256);
if (ret != 0)
return ret;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
if (ret != 0)
return ret;
}
break;
#endif
default:
break;
}
hmac->innerHashKeyed = 0;
return 0;
}
int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i, hmac_block_size = 0;
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumSetKey(hmac, type, key, length);
#endif
ret = InitHmac(hmac, type);
if (ret != 0)
return ret;
#ifdef HAVE_FIPS
if (length < HMAC_FIPS_MIN_KEY)
return HMAC_MIN_KEYLEN_E;
#endif
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
{
hmac_block_size = MD5_BLOCK_SIZE;
if (length <= MD5_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
wc_Md5Update(&hmac->hash.md5, key, length);
wc_Md5Final(&hmac->hash.md5, ip);
length = MD5_DIGEST_SIZE;
}
}
break;
#endif
#ifndef NO_SHA
case SHA:
{
hmac_block_size = SHA_BLOCK_SIZE;
if (length <= SHA_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
wc_ShaUpdate(&hmac->hash.sha, key, length);
wc_ShaFinal(&hmac->hash.sha, ip);
length = SHA_DIGEST_SIZE;
}
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
{
hmac_block_size = SHA256_BLOCK_SIZE;
if (length <= SHA256_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
if (ret != 0)
return ret;
ret = wc_Sha256Final(&hmac->hash.sha256, ip);
if (ret != 0)
return ret;
length = SHA256_DIGEST_SIZE;
}
}
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
{
hmac_block_size = SHA384_BLOCK_SIZE;
if (length <= SHA384_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
if (ret != 0)
return ret;
ret = wc_Sha384Final(&hmac->hash.sha384, ip);
if (ret != 0)
return ret;
length = SHA384_DIGEST_SIZE;
}
}
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
{
hmac_block_size = SHA512_BLOCK_SIZE;
if (length <= SHA512_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&hmac->hash.sha512, ip);
if (ret != 0)
return ret;
length = SHA512_DIGEST_SIZE;
}
}
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
{
hmac_block_size = BLAKE2B_BLOCKBYTES;
if (length <= BLAKE2B_BLOCKBYTES) {
XMEMCPY(ip, key, length);
}
else {
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
if (ret != 0)
return ret;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
if (ret != 0)
return ret;
length = BLAKE2B_256;
}
}
break;
#endif
default:
return BAD_FUNC_ARG;
}
if (length < hmac_block_size)
XMEMSET(ip + length, 0, hmac_block_size - length);
for(i = 0; i < hmac_block_size; i++) {
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
return 0;
}
/*
sig is array of bytes containing the signature
siglen is the length of sig byte array
msg the array of bytes containing the message
msglen length of msg array
stat will be 1 on successful verify and 0 on unsuccessful
*/
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* stat, ed25519_key* key)
{
byte rcheck[ED25519_KEY_SIZE];
byte h[SHA512_DIGEST_SIZE];
ge_p3 A;
ge_p2 R;
int ret;
Sha512 sha;
/* sanity check on arguments */
if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
return BAD_FUNC_ARG;
/* set verification failed by default */
*stat = 0;
/* check on basics needed to verify signature */
if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
return BAD_FUNC_ARG;
/* uncompress A (public key), test if valid, and negate it */
if (ge_frombytes_negate_vartime(&A, key->p) != 0)
return BAD_FUNC_ARG;
/* find H(R,A,M) and store it as h */
ret = wc_InitSha512(&sha);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, sig, ED25519_SIG_SIZE/2);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE);
if (ret != 0)
return ret;
ret = wc_Sha512Update(&sha, msg, msglen);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&sha, h);
if (ret != 0)
return ret;
sc_reduce(h);
/*
Uses a fast single-signature verification SB = R + H(R,A,M)A becomes
SB - H(R,A,M)A saving decompression of R
*/
ret = ge_double_scalarmult_vartime(&R, h, &A, sig + (ED25519_SIG_SIZE/2));
if (ret != 0)
return ret;
ge_tobytes(rcheck, &R);
/* comparison of R created to R in sig */
ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2);
if (ret != 0)
return ret;
/* set the verification status */
*stat = 1;
return ret;
}
int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip;
byte* op;
word32 i, hmac_block_size = 0;
int ret = 0;
void* heap = NULL;
if (hmac == NULL || (key == NULL && length != 0) ||
!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID
|| type == SHA224)) {
return BAD_FUNC_ARG;
}
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
#if defined(HAVE_CAVIUM)
if (length > HMAC_BLOCK_SIZE) {
return WC_KEY_SIZE_E;
}
if (key != NULL) {
XMEMCPY(hmac->ipad, key, length);
}
hmac->keyLen = (word16)length;
return 0; /* nothing to do here */
#endif /* HAVE_CAVIUM */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
ret = _InitHmac(hmac, type, heap);
if (ret != 0)
return ret;
#ifdef HAVE_FIPS
if (length < HMAC_FIPS_MIN_KEY)
return HMAC_MIN_KEYLEN_E;
#endif
ip = (byte*)hmac->ipad;
op = (byte*)hmac->opad;
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
hmac_block_size = MD5_BLOCK_SIZE;
if (length <= MD5_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Md5Update(&hmac->hash.md5, key, length);
if (ret != 0)
break;
ret = wc_Md5Final(&hmac->hash.md5, ip);
if (ret != 0)
break;
length = MD5_DIGEST_SIZE;
}
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case SHA:
hmac_block_size = SHA_BLOCK_SIZE;
if (length <= SHA_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_ShaUpdate(&hmac->hash.sha, key, length);
if (ret != 0)
break;
ret = wc_ShaFinal(&hmac->hash.sha, ip);
if (ret != 0)
break;
length = SHA_DIGEST_SIZE;
}
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case SHA224:
{
hmac_block_size = SHA224_BLOCK_SIZE;
if (length <= SHA224_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha224Update(&hmac->hash.sha224, key, length);
if (ret != 0)
break;
ret = wc_Sha224Final(&hmac->hash.sha224, ip);
if (ret != 0)
break;
length = SHA224_DIGEST_SIZE;
}
}
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case SHA256:
hmac_block_size = SHA256_BLOCK_SIZE;
if (length <= SHA256_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
if (ret != 0)
break;
ret = wc_Sha256Final(&hmac->hash.sha256, ip);
if (ret != 0)
break;
length = SHA256_DIGEST_SIZE;
}
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case SHA384:
hmac_block_size = SHA384_BLOCK_SIZE;
if (length <= SHA384_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
if (ret != 0)
break;
ret = wc_Sha384Final(&hmac->hash.sha384, ip);
if (ret != 0)
break;
length = SHA384_DIGEST_SIZE;
}
break;
#endif /* WOLFSSL_SHA384 */
case SHA512:
hmac_block_size = SHA512_BLOCK_SIZE;
if (length <= SHA512_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
if (ret != 0)
break;
ret = wc_Sha512Final(&hmac->hash.sha512, ip);
if (ret != 0)
break;
length = SHA512_DIGEST_SIZE;
}
break;
#endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
hmac_block_size = BLAKE2B_BLOCKBYTES;
if (length <= BLAKE2B_BLOCKBYTES) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
if (ret != 0)
break;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
if (ret != 0)
break;
length = BLAKE2B_256;
}
break;
#endif /* HAVE_BLAKE2 */
default:
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
#if defined(HAVE_INTEL_QA)
if (length > hmac_block_size)
length = hmac_block_size;
/* update key length */
hmac->keyLen = (word16)length;
return ret;
/* no need to pad below */
#endif
}
#endif
if (ret == 0) {
if (length < hmac_block_size)
XMEMSET(ip + length, 0, hmac_block_size - length);
for(i = 0; i < hmac_block_size; i++) {
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
}
return ret;
}
int wc_HmacFinal(Hmac* hmac, byte* hash)
{
int ret;
if (hmac == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
int hashLen = wc_HmacSizeByType(hmac->macType);
if (hashLen <= 0)
return hashLen;
#if defined(HAVE_CAVIUM)
return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen);
#elif defined(HAVE_INTEL_QA)
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad,
MD5_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash,
MD5_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Md5Final(&hmac->hash.md5, hash);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case SHA:
ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
SHA_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
SHA_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_ShaFinal(&hmac->hash.sha, hash);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case SHA224:
{
ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad,
SHA224_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash,
SHA224_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha224Final(&hmac->hash.sha224, hash);
if (ret != 0)
break;
}
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case SHA256:
ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
SHA256_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash,
SHA256_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha256Final(&hmac->hash.sha256, hash);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case SHA384:
ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
SHA384_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash,
SHA384_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha384Final(&hmac->hash.sha384, hash);
break;
#endif /* WOLFSSL_SHA384 */
case SHA512:
ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash);
if (ret != 0)
break;
ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad,
SHA512_BLOCK_SIZE);
if (ret != 0)
break;
ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash,
SHA512_DIGEST_SIZE);
if (ret != 0)
break;
ret = wc_Sha512Final(&hmac->hash.sha512, hash);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*)hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
break;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->opad,
BLAKE2B_BLOCKBYTES);
if (ret != 0)
break;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
break;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
break;
#endif /* HAVE_BLAKE2 */
default:
ret = BAD_FUNC_ARG;
break;
}
if (ret == 0) {
hmac->innerHashKeyed = 0;
}
return ret;
}
int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip;
byte* op;
word32 i, hmac_block_size = 0;
int ret = 0;
void* heap = NULL;
if (hmac == NULL || (key == NULL && length != 0) ||
!(type == WC_MD5 || type == WC_SHA ||
type == WC_SHA224 || type == WC_SHA256 ||
type == WC_SHA384 || type == WC_SHA512 ||
type == WC_SHA3_224 || type == WC_SHA3_256 ||
type == WC_SHA3_384 || type == WC_SHA3_512 ||
type == BLAKE2B_ID)) {
return BAD_FUNC_ARG;
}
/* if set key has already been run then make sure and free existing */
if (hmac->macType != 0) {
wc_HmacFree(hmac);
}
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
ret = _InitHmac(hmac, type, heap);
if (ret != 0)
return ret;
#ifdef HAVE_FIPS
if (length < HMAC_FIPS_MIN_KEY)
return HMAC_MIN_KEYLEN_E;
#endif
#ifdef WOLF_CRYPTO_CB
hmac->keyRaw = key; /* use buffer directly */
hmac->keyLen = length;
#endif
ip = (byte*)hmac->ipad;
op = (byte*)hmac->opad;
switch (hmac->macType) {
#ifndef NO_MD5
case WC_MD5:
hmac_block_size = WC_MD5_BLOCK_SIZE;
if (length <= WC_MD5_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Md5Update(&hmac->hash.md5, key, length);
if (ret != 0)
break;
ret = wc_Md5Final(&hmac->hash.md5, ip);
if (ret != 0)
break;
length = WC_MD5_DIGEST_SIZE;
}
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
hmac_block_size = WC_SHA_BLOCK_SIZE;
if (length <= WC_SHA_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_ShaUpdate(&hmac->hash.sha, key, length);
if (ret != 0)
break;
ret = wc_ShaFinal(&hmac->hash.sha, ip);
if (ret != 0)
break;
length = WC_SHA_DIGEST_SIZE;
}
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
{
hmac_block_size = WC_SHA224_BLOCK_SIZE;
if (length <= WC_SHA224_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha224Update(&hmac->hash.sha224, key, length);
if (ret != 0)
break;
ret = wc_Sha224Final(&hmac->hash.sha224, ip);
if (ret != 0)
break;
length = WC_SHA224_DIGEST_SIZE;
}
}
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
hmac_block_size = WC_SHA256_BLOCK_SIZE;
if (length <= WC_SHA256_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
if (ret != 0)
break;
ret = wc_Sha256Final(&hmac->hash.sha256, ip);
if (ret != 0)
break;
length = WC_SHA256_DIGEST_SIZE;
}
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
hmac_block_size = WC_SHA384_BLOCK_SIZE;
if (length <= WC_SHA384_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
if (ret != 0)
break;
ret = wc_Sha384Final(&hmac->hash.sha384, ip);
if (ret != 0)
break;
length = WC_SHA384_DIGEST_SIZE;
}
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
hmac_block_size = WC_SHA512_BLOCK_SIZE;
if (length <= WC_SHA512_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
if (ret != 0)
break;
ret = wc_Sha512Final(&hmac->hash.sha512, ip);
if (ret != 0)
break;
length = WC_SHA512_DIGEST_SIZE;
}
break;
#endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
hmac_block_size = BLAKE2B_BLOCKBYTES;
if (length <= BLAKE2B_BLOCKBYTES) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
if (ret != 0)
break;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
if (ret != 0)
break;
length = BLAKE2B_256;
}
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224:
hmac_block_size = WC_SHA3_224_BLOCK_SIZE;
if (length <= WC_SHA3_224_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha3_224_Update(&hmac->hash.sha3, key, length);
if (ret != 0)
break;
ret = wc_Sha3_224_Final(&hmac->hash.sha3, ip);
if (ret != 0)
break;
length = WC_SHA3_224_DIGEST_SIZE;
}
break;
#endif
#ifndef WOLFSSL_NOSHA3_256
case WC_SHA3_256:
hmac_block_size = WC_SHA3_256_BLOCK_SIZE;
if (length <= WC_SHA3_256_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha3_256_Update(&hmac->hash.sha3, key, length);
if (ret != 0)
break;
ret = wc_Sha3_256_Final(&hmac->hash.sha3, ip);
if (ret != 0)
break;
length = WC_SHA3_256_DIGEST_SIZE;
}
break;
#endif
#ifndef WOLFSSL_NOSHA3_384
case WC_SHA3_384:
hmac_block_size = WC_SHA3_384_BLOCK_SIZE;
if (length <= WC_SHA3_384_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha3_384_Update(&hmac->hash.sha3, key, length);
if (ret != 0)
break;
ret = wc_Sha3_384_Final(&hmac->hash.sha3, ip);
if (ret != 0)
break;
length = WC_SHA3_384_DIGEST_SIZE;
}
break;
#endif
#ifndef WOLFSSL_NOSHA3_512
case WC_SHA3_512:
hmac_block_size = WC_SHA3_512_BLOCK_SIZE;
if (length <= WC_SHA3_512_BLOCK_SIZE) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Sha3_512_Update(&hmac->hash.sha3, key, length);
if (ret != 0)
break;
ret = wc_Sha3_512_Final(&hmac->hash.sha3, ip);
if (ret != 0)
break;
length = WC_SHA3_512_DIGEST_SIZE;
}
break;
#endif
#endif /* WOLFSSL_SHA3 */
default:
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
#ifdef HAVE_INTEL_QA
if (IntelQaHmacGetType(hmac->macType, NULL) == 0)
#endif
{
if (length > hmac_block_size)
length = hmac_block_size;
/* update key length */
hmac->keyLen = (word16)length;
return ret;
}
/* no need to pad below */
#endif
}
#endif
if (ret == 0) {
if (length < hmac_block_size)
XMEMSET(ip + length, 0, hmac_block_size - length);
for(i = 0; i < hmac_block_size; i++) {
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
}
return ret;
}
