int32 psHmacSha2Final(psHmacContext_t *ctx, unsigned char *hash,
uint32 hashSize)
{
psAssert(ctx != NULL);
if (hash == NULL) {
psTraceCrypto("NULL hash storage passed to psHmacSha256Final\n");
return PS_ARG_FAIL;
}
if (hashSize == SHA384_HASH_SIZE) {
#ifdef USE_SHA384
psSha384Final(&ctx->u.sha512, hash);
psSha384Init(&ctx->u.sha512);
psSha384Update(&ctx->u.sha512, ctx->pad, 128);
psSha384Update(&ctx->u.sha512, hash, SHA384_HASH_SIZE);
psSha384Final(&ctx->u.sha512, hash);
#else
return PS_UNSUPPORTED_FAIL;
#endif
} else {
psSha256Final(&ctx->u.sha256, hash);
psSha256Init(&ctx->u.sha256);
psSha256Update(&ctx->u.sha256, ctx->pad, 64);
psSha256Update(&ctx->u.sha256, hash, SHA256_HASH_SIZE);
psSha256Final(&ctx->u.sha256, hash);
}
memset(ctx->pad, 0x0, sizeof(ctx->pad));
return hashSize;
}
int32_t psHmacSha384Init(psHmacSha384_t *ctx,
const unsigned char *key, uint16_t keyLen)
{
int32_t rc, i, padLen;
padLen = 128;
#ifdef CRYPTO_ASSERT
psAssert(keyLen <= (uint32)padLen);
#endif
for (i = 0; (uint32)i < keyLen; i++) {
ctx->pad[i] = key[i] ^ 0x36;
}
for (i = keyLen; i < padLen; i++) {
ctx->pad[i] = 0x36;
}
if ((rc = psSha384Init(&ctx->sha384)) < 0) {
return rc;
}
psSha384Update(&ctx->sha384, ctx->pad, padLen);
for (i = 0; (uint32)i < keyLen; i++) {
ctx->pad[i] = key[i] ^ 0x5c;
}
for (i = keyLen; i < padLen; i++) {
ctx->pad[i] = 0x5c;
}
return PS_SUCCESS;
}
void psHmacSha2Init(psHmacContext_t *ctx, unsigned char *key, uint32 keyLen,
uint32 hashSize)
{
int32 i, padLen = 64;
#ifdef USE_SHA384
if (hashSize == SHA384_HASH_SIZE) {
padLen = 128;
}
#endif
psAssert(keyLen <= (uint32)padLen);
for (i = 0; (uint32)i < keyLen; i++) {
ctx->pad[i] = key[i] ^ 0x36;
}
for (i = keyLen; i < padLen; i++) {
ctx->pad[i] = 0x36;
}
if (hashSize == SHA384_HASH_SIZE) {
#ifdef USE_SHA384
psSha384Init(&ctx->u.sha512);
psSha384Update(&ctx->u.sha512, ctx->pad, padLen);
#endif
} else {
psSha256Init(&ctx->u.sha256);
psSha256Update(&ctx->u.sha256, ctx->pad, padLen);
}
for (i = 0; (uint32)i < keyLen; i++) {
ctx->pad[i] = key[i] ^ 0x5c;
}
for (i = keyLen; i < padLen; i++) {
ctx->pad[i] = 0x5c;
}
}
int32 psSha384Test(void)
{
psDigestContext_t ctx;
psSha384Init(&ctx.sha384);
runDigestTime(&ctx, TINY_CHUNKS, SHA384_ALG);
runDigestTime(&ctx, SMALL_CHUNKS, SHA384_ALG);
runDigestTime(&ctx, MEDIUM_CHUNKS, SHA384_ALG);
runDigestTime(&ctx, LARGE_CHUNKS, SHA384_ALG);
runDigestTime(&ctx, HUGE_CHUNKS, SHA384_ALG);
return PS_SUCCESS;
}
/*
Initialize the SHA1 and MD5 hash contexts for the handshake messages
*/
int32 sslInitHSHash(ssl_t *ssl)
{
#ifndef USE_ONLY_TLS_1_2
psSha1Init(&ssl->sec.msgHashSha1);
psMd5Init(&ssl->sec.msgHashMd5);
#endif
#ifdef USE_TLS_1_2
psSha256Init(&ssl->sec.msgHashSha256);
#ifdef USE_SHA384
psSha384Init(&ssl->sec.msgHashSha384);
#endif
#endif
return 0;
}
int32 psHmacSha2(unsigned char *key, uint32 keyLen, const unsigned char *buf,
uint32 len, unsigned char *hash, unsigned char *hmacKey,
uint32 *hmacKeyLen, uint32 hashSize)
{
psHmacContext_t ctx;
psDigestContext_t sha;
int32 padLen = 64;
#ifdef USE_SHA384
if (hashSize == SHA384_HASH_SIZE) {
padLen = 128;
}
#endif
/*
Support for keys larger than hash block size. In this case, we take the
hash of the key itself and use that instead. Inform the caller by
updating the hmacKey and hmacKeyLen outputs
*/
if (keyLen > (uint32)padLen) {
if (hashSize == SHA384_HASH_SIZE) {
#ifdef USE_SHA384
psSha384Init(&sha);
psSha384Update(&sha, key, keyLen);
psSha384Final(&sha, hash);
#else
return PS_UNSUPPORTED_FAIL;
#endif
} else {
psSha256Init(&sha);
psSha256Update(&sha, key, keyLen);
psSha256Final(&sha, hash);
}
*hmacKeyLen = hashSize;
memcpy(hmacKey, hash, *hmacKeyLen);
} else {
hmacKey = key;
*hmacKeyLen = keyLen;
}
psHmacSha2Init(&ctx, hmacKey, *hmacKeyLen, hashSize);
psHmacSha2Update(&ctx, buf, len, hashSize);
return psHmacSha2Final(&ctx, hash, hashSize);
}
/*
HMAC-SHA384
*/
int32_t psHmacSha384(const unsigned char *key, uint16_t keyLen,
const unsigned char *buf, uint32_t len,
unsigned char hash[SHA384_HASHLEN],
unsigned char *hmacKey, uint16_t *hmacKeyLen)
{
int32 rc, padLen;
union {
psHmacSha384_t mac;
psSha384_t md;
} u;
psHmacSha384_t *mac = &u.mac;
psSha384_t *md = &u.md;
padLen = 128;
/*
Support for keys larger than hash block size. In this case, we take the
hash of the key itself and use that instead. Inform the caller by
updating the hmacKey and hmacKeyLen outputs
*/
if (keyLen > (uint32)padLen) {
if ((rc = psSha384Init(md)) < 0) {
return rc;
}
psSha384Update(md, key, keyLen);
psSha384Final(md, hash);
memcpy(hmacKey, hash, SHA384_HASHLEN);
*hmacKeyLen = SHA384_HASHLEN;
} else {
hmacKey = (unsigned char *)key; /* @note typecasting from const */
*hmacKeyLen = keyLen;
}
if ((rc = psHmacSha384Init(mac, hmacKey, *hmacKeyLen)) < 0) {
return rc;
}
psHmacSha384Update(mac, buf, len);
psHmacSha384Final(mac, hash);
return PS_SUCCESS;
}
int32_t psHmacSha384(const unsigned char *key, uint16_t keyLen,
const unsigned char *buf, uint32_t len,
unsigned char hash[SHA384_HASHLEN], unsigned char *hmacKey,
uint16_t *hmacKeyLen)
{
psSha384_t sha;
if (keyLen > 64) {
psSha384Init(&sha);
psSha384Update(&sha, key, keyLen);
psSha384Final(&sha, hash);
*hmacKeyLen = SHA384_HASHLEN;
memcpy(hmacKey, hash, *hmacKeyLen);
} else {
hmacKey = (unsigned char*)key;
*hmacKeyLen = keyLen;
}
if (HMAC(EVP_sha384(), hmacKey, *hmacKeyLen, buf, len, hash, NULL) != NULL) {
return PS_SUCCESS;
}
psAssert(0);
return PS_FAIL;
}
void psHmacSha384Final(psHmacSha384_t *ctx,
unsigned char hash[SHA384_HASHLEN])
{
int32_t rc;
#ifdef CRYPTO_ASSERT
psAssert(ctx != NULL);
if (hash == NULL) {
psTraceCrypto("NULL hash storage passed to psHmacSha256Final\n");
return;
}
#endif
psSha384Final(&ctx->sha384, hash);
if ((rc = psSha384Init(&ctx->sha384)) < 0) {
psAssert(rc >= 0);
return;
}
psSha384Update(&ctx->sha384, ctx->pad, 128);
psSha384Update(&ctx->sha384, hash, SHA384_HASHLEN);
psSha384Final(&ctx->sha384, hash);
memset(ctx->pad, 0x0, sizeof(ctx->pad));
}