int32 psHmacSha2Final(psHmacContext_t *ctx, unsigned char *hash,
uint32 hashSize)
{
psAssert(ctx != NULL);
if (hash == NULL) {
psTraceCrypto("NULL hash storage passed to psHmacSha256Final\n");
return PS_ARG_FAIL;
}
if (hashSize == SHA384_HASH_SIZE) {
#ifdef USE_SHA384
psSha384Final(&ctx->u.sha512, hash);
psSha384Init(&ctx->u.sha512);
psSha384Update(&ctx->u.sha512, ctx->pad, 128);
psSha384Update(&ctx->u.sha512, hash, SHA384_HASH_SIZE);
psSha384Final(&ctx->u.sha512, hash);
#else
return PS_UNSUPPORTED_FAIL;
#endif
} else {
psSha256Final(&ctx->u.sha256, hash);
psSha256Init(&ctx->u.sha256);
psSha256Update(&ctx->u.sha256, ctx->pad, 64);
psSha256Update(&ctx->u.sha256, hash, SHA256_HASH_SIZE);
psSha256Final(&ctx->u.sha256, hash);
}
memset(ctx->pad, 0x0, sizeof(ctx->pad));
return hashSize;
}
void psHmacSha256Final(psHmacSha256_t *ctx,
unsigned char hash[SHA256_HASHLEN])
{
int32_t rc;
#ifdef CRYPTO_ASSERT
psAssert(ctx != NULL);
if (hash == NULL) {
psTraceCrypto("NULL hash storage passed to psHmacSha256Final\n");
return;
}
#endif
psSha256Final(&ctx->sha256, hash);
if ((rc = psSha256Init(&ctx->sha256)) < 0) {
psAssert(rc >= 0);
return;
}
psSha256Update(&ctx->sha256, ctx->pad, 64);
psSha256Update(&ctx->sha256, hash, SHA256_HASHLEN);
psSha256Final(&ctx->sha256, hash);
memset(ctx->pad, 0x0, sizeof(ctx->pad));
}
void psSha224Final(psSha256_t *sha256, unsigned char out[SHA224_HASHLEN])
{
unsigned char buf[SHA224_HASHLEN];
#ifdef CRYPTO_ASSERT
psAssert(sha256 != NULL);
psAssert(out != NULL);
#endif
psSha256Final(sha256, buf);
memcpy(out, buf, SHA224_HASH_SIZE);
#ifdef USE_BURN_STACK
psBurnStack(sizeof(buf));
#endif
}
int32 psSha224Final(psDigestContext_t *md, unsigned char *out)
{
unsigned char buf[32];
int32 err;
psAssert(md != NULL);
psAssert(out != NULL);
err = psSha256Final(md, buf);
memcpy(out, buf, SHA224_HASH_SIZE);
#ifdef USE_BURN_STACK
psBurnStack(sizeof(buf));
#endif
return err;
}
int32 psHmacSha2(unsigned char *key, uint32 keyLen, const unsigned char *buf,
uint32 len, unsigned char *hash, unsigned char *hmacKey,
uint32 *hmacKeyLen, uint32 hashSize)
{
psHmacContext_t ctx;
psDigestContext_t sha;
int32 padLen = 64;
#ifdef USE_SHA384
if (hashSize == SHA384_HASH_SIZE) {
padLen = 128;
}
#endif
/*
Support for keys larger than hash block size. In this case, we take the
hash of the key itself and use that instead. Inform the caller by
updating the hmacKey and hmacKeyLen outputs
*/
if (keyLen > (uint32)padLen) {
if (hashSize == SHA384_HASH_SIZE) {
#ifdef USE_SHA384
psSha384Init(&sha);
psSha384Update(&sha, key, keyLen);
psSha384Final(&sha, hash);
#else
return PS_UNSUPPORTED_FAIL;
#endif
} else {
psSha256Init(&sha);
psSha256Update(&sha, key, keyLen);
psSha256Final(&sha, hash);
}
*hmacKeyLen = hashSize;
memcpy(hmacKey, hash, *hmacKeyLen);
} else {
hmacKey = key;
*hmacKeyLen = keyLen;
}
psHmacSha2Init(&ctx, hmacKey, *hmacKeyLen, hashSize);
psHmacSha2Update(&ctx, buf, len, hashSize);
return psHmacSha2Final(&ctx, hash, hashSize);
}
/*
HMAC-SHA256
*/
int32_t psHmacSha256(const unsigned char *key, uint16_t keyLen,
const unsigned char *buf, uint32_t len,
unsigned char hash[SHA256_HASHLEN], unsigned char *hmacKey,
uint16_t *hmacKeyLen)
{
int32 rc, padLen;
union {
psHmacSha256_t mac;
psSha256_t md;
} u;
psHmacSha256_t *mac = &u.mac;
psSha256_t *md = &u.md;
padLen = 64;
/*
Support for keys larger than hash block size. In this case, we take the
hash of the key itself and use that instead. Inform the caller by
updating the hmacKey and hmacKeyLen outputs
*/
if (keyLen > (uint32)padLen) {
if ((rc = psSha256Init(md)) < 0) {
return rc;
}
psSha256Update(md, key, keyLen);
psSha256Final(md, hash);
memcpy(hmacKey, hash, SHA256_HASHLEN);
*hmacKeyLen = SHA256_HASHLEN;
} else {
hmacKey = (unsigned char *)key; /* @note typecasting from const */
*hmacKeyLen = keyLen;
}
if ((rc = psHmacSha256Init(mac, hmacKey, *hmacKeyLen)) < 0) {
return rc;
}
psHmacSha256Update(mac, buf, len);
psHmacSha256Final(mac, hash);
return PS_SUCCESS;
}
/**
Add entropy to the PRNG state
@param in The data to add
@param inlen Length of the data to add
@param prng PRNG state to update
*/
int32 psYarrowAddEntropy(unsigned char *in, uint32 inlen, psYarrow_t *prng)
{
psDigestContext_t md;
int32 err;
if (in == NULL || prng == NULL) {
return PS_ARG_FAIL;
}
#ifdef USE_SHA256
/* start the hash */
psSha256Init(&md);
/* hash the current pool */
psSha256Update(&md, prng->pool, SHA256_HASH_SIZE);
/* add the new entropy */
psSha256Update(&md, in, inlen);
/* store result */
if ((err = psSha256Final(&md, prng->pool)) != SHA256_HASH_SIZE) {
return err;
}
#else
/* start the hash */
psSha1Init(&md);
/* hash the current pool */
psSha1Update(&md, prng->pool, SHA1_HASH_SIZE);
/* add the new entropy */
psSha1Update(&md, in, inlen);
/* store result */
if ((err = psSha1Final(&md, prng->pool)) != SHA1_HASH_SIZE) {
return err;
}
#endif
return PS_SUCCESS;
}
int32_t psHmacSha256(const unsigned char *key, uint16_t keyLen,
const unsigned char *buf, uint32_t len,
unsigned char hash[SHA256_HASHLEN], unsigned char *hmacKey,
uint16_t *hmacKeyLen)
{
psSha256_t sha;
if (keyLen > 64) {
psSha256Init(&sha);
psSha256Update(&sha, key, keyLen);
psSha256Final(&sha, hash);
*hmacKeyLen = SHA256_HASHLEN;
memcpy(hmacKey, hash, *hmacKeyLen);
} else {
hmacKey = (unsigned char*)key;
*hmacKeyLen = keyLen;
}
if (HMAC(EVP_sha256(), hmacKey, *hmacKeyLen, buf, len, hash, NULL) != NULL) {
return PS_SUCCESS;
}
psAssert(0);
return PS_FAIL;
}
void runDigestTime(psDigestContext_t *ctx, int32 chunk, int32 alg)
{
psTime_t start, end;
unsigned char *dataChunk;
unsigned char hashout[64];
int32 bytesSent, bytesToSend, round;
#ifdef USE_HIGHRES_TIME
int32 mod;
int64 diffu;
#else
int32 diffm;
#endif
dataChunk = psMalloc(NULL, chunk);
bytesToSend = (DATABYTES_AMOUNT / chunk) * chunk;
bytesSent = 0;
switch (alg) {
#ifdef USE_SHA1
case SHA1_ALG:
psGetTime(&start, NULL);
while (bytesSent < bytesToSend) {
psSha1Update(&ctx->sha1, dataChunk, chunk);
bytesSent += chunk;
}
psSha1Final(&ctx->sha1, hashout);
psGetTime(&end, NULL);
break;
#endif
#ifdef USE_SHA256
case SHA256_ALG:
psGetTime(&start, NULL);
while (bytesSent < bytesToSend) {
psSha256Update(&ctx->sha256, dataChunk, chunk);
bytesSent += chunk;
}
psSha256Final(&ctx->sha256, hashout);
psGetTime(&end, NULL);
break;
#endif
#ifdef USE_SHA384
case SHA384_ALG:
psGetTime(&start, NULL);
while (bytesSent < bytesToSend) {
psSha384Update(&ctx->sha384, dataChunk, chunk);
bytesSent += chunk;
}
psSha384Final(&ctx->sha384, hashout);
psGetTime(&end, NULL);
break;
#endif
#ifdef USE_SHA512
case SHA512_ALG:
psGetTime(&start, NULL);
while (bytesSent < bytesToSend) {
psSha512Update(&ctx->sha512, dataChunk, chunk);
bytesSent += chunk;
}
psSha512Final(&ctx->sha512, hashout);
psGetTime(&end, NULL);
break;
#endif
#ifdef USE_MD5
case MD5_ALG:
psGetTime(&start, NULL);
while (bytesSent < bytesToSend) {
psMd5Update(&ctx->md5, dataChunk, chunk);
bytesSent += chunk;
}
psMd5Final(&ctx->md5, hashout);
psGetTime(&end, NULL);
break;
#endif
default:
printf("Skipping Digest Tests\n");
return;
}
#ifdef USE_HIGHRES_TIME
diffu = psDiffUsecs(start, end);
round = (bytesToSend / diffu);
mod = (bytesToSend % diffu);
printf("%d byte chunks in %lld usecs total for rate of %d.%d MB/sec\n",
chunk, (unsigned long long)diffu, round, mod);
#else
diffm = psDiffMsecs(start, end, NULL);
round = (bytesToSend / diffm) / 1000;
printf("%d byte chunks in %d msecs total for rate of %d MB/sec\n",
chunk, diffm, round);
#endif
}
/*
TLS handshake hash computation
*/
static int32 tlsGenerateFinishedHash(ssl_t *ssl, psDigestContext_t *md5,
psDigestContext_t *sha1, psDigestContext_t *sha256,
psDigestContext_t *sha384, unsigned char *masterSecret,
unsigned char *out, int32 sender)
{
unsigned char tmp[FINISHED_LABEL_SIZE + SHA384_HASH_SIZE];
int32 tlsTmpSize;
if (sender >= 0) {
memcpy(tmp, (sender & SSL_FLAGS_SERVER) ? LABEL_SERVER : LABEL_CLIENT,
FINISHED_LABEL_SIZE);
tlsTmpSize = FINISHED_LABEL_SIZE + SHA1_HASH_SIZE + MD5_HASH_SIZE;
#ifdef USE_TLS_1_2
if (ssl->flags & SSL_FLAGS_TLS_1_2) {
if (ssl->cipher->flags & CRYPTO_FLAGS_SHA3) {
#ifdef USE_SHA384
psSha384Final(sha384, tmp + FINISHED_LABEL_SIZE);
return prf2(masterSecret, SSL_HS_MASTER_SIZE, tmp,
FINISHED_LABEL_SIZE + SHA384_HASH_SIZE, out,
TLS_HS_FINISHED_SIZE, CRYPTO_FLAGS_SHA3);
#endif
} else {
psSha256Final(sha256, tmp + FINISHED_LABEL_SIZE);
return prf2(masterSecret, SSL_HS_MASTER_SIZE, tmp,
FINISHED_LABEL_SIZE + SHA256_HASH_SIZE, out,
TLS_HS_FINISHED_SIZE, CRYPTO_FLAGS_SHA2);
}
#ifndef USE_ONLY_TLS_1_2
} else {
psMd5Final(md5, tmp + FINISHED_LABEL_SIZE);
psSha1Final(sha1, tmp + FINISHED_LABEL_SIZE + MD5_HASH_SIZE);
return prf(masterSecret, SSL_HS_MASTER_SIZE, tmp, tlsTmpSize,
out, TLS_HS_FINISHED_SIZE);
#endif
}
#else
psMd5Final(md5, tmp + FINISHED_LABEL_SIZE);
psSha1Final(sha1, tmp + FINISHED_LABEL_SIZE + MD5_HASH_SIZE);
return prf(masterSecret, SSL_HS_MASTER_SIZE, tmp, tlsTmpSize,
out, TLS_HS_FINISHED_SIZE);
#endif
} else {
/* Overloading this function to handle the client auth needs of
handshake hashing. */
#ifdef USE_TLS_1_2
if (ssl->flags & SSL_FLAGS_TLS_1_2) {
psSha256Final(sha256, out);
#if defined(USE_SERVER_SIDE_SSL) && defined(USE_CLIENT_AUTH)
#ifdef USE_SHA384
psSha384Final(sha384, ssl->sec.sha384Snapshot);
#endif
#ifndef USE_ONLY_TLS_1_2
psSha1Final(sha1, ssl->sec.sha1Snapshot);
#endif
#endif
return SHA256_HASH_SIZE;
#ifndef USE_ONLY_TLS_1_2
} else {
psMd5Final(md5, out);
psSha1Final(sha1, out + MD5_HASH_SIZE);
return MD5_HASH_SIZE + SHA1_HASH_SIZE;
#endif
}
#else
/*
The handshake snapshot for client authentication is simply the
appended MD5 and SHA1 hashes
*/
psMd5Final(md5, out);
psSha1Final(sha1, out + MD5_HASH_SIZE);
return MD5_HASH_SIZE + SHA1_HASH_SIZE;
#endif
}
return PS_FAILURE; /* Should not reach this */
}
