int32 psHmacSha2Final(psHmacContext_t *ctx, unsigned char *hash, uint32 hashSize) { psAssert(ctx != NULL); if (hash == NULL) { psTraceCrypto("NULL hash storage passed to psHmacSha256Final\n"); return PS_ARG_FAIL; } if (hashSize == SHA384_HASH_SIZE) { #ifdef USE_SHA384 psSha384Final(&ctx->u.sha512, hash); psSha384Init(&ctx->u.sha512); psSha384Update(&ctx->u.sha512, ctx->pad, 128); psSha384Update(&ctx->u.sha512, hash, SHA384_HASH_SIZE); psSha384Final(&ctx->u.sha512, hash); #else return PS_UNSUPPORTED_FAIL; #endif } else { psSha256Final(&ctx->u.sha256, hash); psSha256Init(&ctx->u.sha256); psSha256Update(&ctx->u.sha256, ctx->pad, 64); psSha256Update(&ctx->u.sha256, hash, SHA256_HASH_SIZE); psSha256Final(&ctx->u.sha256, hash); } memset(ctx->pad, 0x0, sizeof(ctx->pad)); return hashSize; }
int32_t psHmacSha384Init(psHmacSha384_t *ctx, const unsigned char *key, uint16_t keyLen) { int32_t rc, i, padLen; padLen = 128; #ifdef CRYPTO_ASSERT psAssert(keyLen <= (uint32)padLen); #endif for (i = 0; (uint32)i < keyLen; i++) { ctx->pad[i] = key[i] ^ 0x36; } for (i = keyLen; i < padLen; i++) { ctx->pad[i] = 0x36; } if ((rc = psSha384Init(&ctx->sha384)) < 0) { return rc; } psSha384Update(&ctx->sha384, ctx->pad, padLen); for (i = 0; (uint32)i < keyLen; i++) { ctx->pad[i] = key[i] ^ 0x5c; } for (i = keyLen; i < padLen; i++) { ctx->pad[i] = 0x5c; } return PS_SUCCESS; }
void psHmacSha2Init(psHmacContext_t *ctx, unsigned char *key, uint32 keyLen, uint32 hashSize) { int32 i, padLen = 64; #ifdef USE_SHA384 if (hashSize == SHA384_HASH_SIZE) { padLen = 128; } #endif psAssert(keyLen <= (uint32)padLen); for (i = 0; (uint32)i < keyLen; i++) { ctx->pad[i] = key[i] ^ 0x36; } for (i = keyLen; i < padLen; i++) { ctx->pad[i] = 0x36; } if (hashSize == SHA384_HASH_SIZE) { #ifdef USE_SHA384 psSha384Init(&ctx->u.sha512); psSha384Update(&ctx->u.sha512, ctx->pad, padLen); #endif } else { psSha256Init(&ctx->u.sha256); psSha256Update(&ctx->u.sha256, ctx->pad, padLen); } for (i = 0; (uint32)i < keyLen; i++) { ctx->pad[i] = key[i] ^ 0x5c; } for (i = keyLen; i < padLen; i++) { ctx->pad[i] = 0x5c; } }
/* Add the given data to the running hash of the handshake messages */ int32 sslUpdateHSHash(ssl_t *ssl, unsigned char *in, uint32 len) { #ifdef USE_TLS_1_2 /* Keep a running total of each for greatest RFC support when it comes to the CertificateVerify message. Although, trying to be smart about MD5 and SHA-2 based on protocol version */ if ((ssl->majVer == 0 && ssl->minVer == 0) || ssl->minVer == TLS_1_2_MIN_VER) { psSha256Update(&ssl->sec.msgHashSha256, in, len); #ifdef USE_SHA384 psSha384Update(&ssl->sec.msgHashSha384, in, len); #endif } #ifndef USE_ONLY_TLS_1_2 if (ssl->reqMinVer == 0 || ssl->minVer != TLS_1_2_MIN_VER) { psMd5Update(&ssl->sec.msgHashMd5, in, len); } psSha1Update(&ssl->sec.msgHashSha1, in, len); #endif #else psMd5Update(&ssl->sec.msgHashMd5, in, len); psSha1Update(&ssl->sec.msgHashSha1, in, len); #endif return 0; }
void psHmacSha384Update(psHmacSha384_t *ctx, const unsigned char *buf, uint32_t len) { #ifdef CRYPTO_ASSERT psAssert(ctx != NULL && buf != NULL); #endif psSha384Update(&ctx->sha384, buf, len); }
void psHmacSha2Update(psHmacContext_t *ctx, const unsigned char *buf, uint32 len, uint32 hashSize) { psAssert(ctx != NULL && buf != NULL); if (hashSize == SHA384_HASH_SIZE) { #ifdef USE_SHA384 psSha384Update(&ctx->u.sha512, buf, len); #endif } else { psSha256Update(&ctx->u.sha256, buf, len); } }
void psHmacSha384Final(psHmacSha384_t *ctx, unsigned char hash[SHA384_HASHLEN]) { int32_t rc; #ifdef CRYPTO_ASSERT psAssert(ctx != NULL); if (hash == NULL) { psTraceCrypto("NULL hash storage passed to psHmacSha256Final\n"); return; } #endif psSha384Final(&ctx->sha384, hash); if ((rc = psSha384Init(&ctx->sha384)) < 0) { psAssert(rc >= 0); return; } psSha384Update(&ctx->sha384, ctx->pad, 128); psSha384Update(&ctx->sha384, hash, SHA384_HASHLEN); psSha384Final(&ctx->sha384, hash); memset(ctx->pad, 0x0, sizeof(ctx->pad)); }
int32 psHmacSha2(unsigned char *key, uint32 keyLen, const unsigned char *buf, uint32 len, unsigned char *hash, unsigned char *hmacKey, uint32 *hmacKeyLen, uint32 hashSize) { psHmacContext_t ctx; psDigestContext_t sha; int32 padLen = 64; #ifdef USE_SHA384 if (hashSize == SHA384_HASH_SIZE) { padLen = 128; } #endif /* Support for keys larger than hash block size. In this case, we take the hash of the key itself and use that instead. Inform the caller by updating the hmacKey and hmacKeyLen outputs */ if (keyLen > (uint32)padLen) { if (hashSize == SHA384_HASH_SIZE) { #ifdef USE_SHA384 psSha384Init(&sha); psSha384Update(&sha, key, keyLen); psSha384Final(&sha, hash); #else return PS_UNSUPPORTED_FAIL; #endif } else { psSha256Init(&sha); psSha256Update(&sha, key, keyLen); psSha256Final(&sha, hash); } *hmacKeyLen = hashSize; memcpy(hmacKey, hash, *hmacKeyLen); } else { hmacKey = key; *hmacKeyLen = keyLen; } psHmacSha2Init(&ctx, hmacKey, *hmacKeyLen, hashSize); psHmacSha2Update(&ctx, buf, len, hashSize); return psHmacSha2Final(&ctx, hash, hashSize); }
/* HMAC-SHA384 */ int32_t psHmacSha384(const unsigned char *key, uint16_t keyLen, const unsigned char *buf, uint32_t len, unsigned char hash[SHA384_HASHLEN], unsigned char *hmacKey, uint16_t *hmacKeyLen) { int32 rc, padLen; union { psHmacSha384_t mac; psSha384_t md; } u; psHmacSha384_t *mac = &u.mac; psSha384_t *md = &u.md; padLen = 128; /* Support for keys larger than hash block size. In this case, we take the hash of the key itself and use that instead. Inform the caller by updating the hmacKey and hmacKeyLen outputs */ if (keyLen > (uint32)padLen) { if ((rc = psSha384Init(md)) < 0) { return rc; } psSha384Update(md, key, keyLen); psSha384Final(md, hash); memcpy(hmacKey, hash, SHA384_HASHLEN); *hmacKeyLen = SHA384_HASHLEN; } else { hmacKey = (unsigned char *)key; /* @note typecasting from const */ *hmacKeyLen = keyLen; } if ((rc = psHmacSha384Init(mac, hmacKey, *hmacKeyLen)) < 0) { return rc; } psHmacSha384Update(mac, buf, len); psHmacSha384Final(mac, hash); return PS_SUCCESS; }
int32_t psHmacSha384(const unsigned char *key, uint16_t keyLen, const unsigned char *buf, uint32_t len, unsigned char hash[SHA384_HASHLEN], unsigned char *hmacKey, uint16_t *hmacKeyLen) { psSha384_t sha; if (keyLen > 64) { psSha384Init(&sha); psSha384Update(&sha, key, keyLen); psSha384Final(&sha, hash); *hmacKeyLen = SHA384_HASHLEN; memcpy(hmacKey, hash, *hmacKeyLen); } else { hmacKey = (unsigned char*)key; *hmacKeyLen = keyLen; } if (HMAC(EVP_sha384(), hmacKey, *hmacKeyLen, buf, len, hash, NULL) != NULL) { return PS_SUCCESS; } psAssert(0); return PS_FAIL; }
void runDigestTime(psDigestContext_t *ctx, int32 chunk, int32 alg) { psTime_t start, end; unsigned char *dataChunk; unsigned char hashout[64]; int32 bytesSent, bytesToSend, round; #ifdef USE_HIGHRES_TIME int32 mod; int64 diffu; #else int32 diffm; #endif dataChunk = psMalloc(NULL, chunk); bytesToSend = (DATABYTES_AMOUNT / chunk) * chunk; bytesSent = 0; switch (alg) { #ifdef USE_SHA1 case SHA1_ALG: psGetTime(&start, NULL); while (bytesSent < bytesToSend) { psSha1Update(&ctx->sha1, dataChunk, chunk); bytesSent += chunk; } psSha1Final(&ctx->sha1, hashout); psGetTime(&end, NULL); break; #endif #ifdef USE_SHA256 case SHA256_ALG: psGetTime(&start, NULL); while (bytesSent < bytesToSend) { psSha256Update(&ctx->sha256, dataChunk, chunk); bytesSent += chunk; } psSha256Final(&ctx->sha256, hashout); psGetTime(&end, NULL); break; #endif #ifdef USE_SHA384 case SHA384_ALG: psGetTime(&start, NULL); while (bytesSent < bytesToSend) { psSha384Update(&ctx->sha384, dataChunk, chunk); bytesSent += chunk; } psSha384Final(&ctx->sha384, hashout); psGetTime(&end, NULL); break; #endif #ifdef USE_SHA512 case SHA512_ALG: psGetTime(&start, NULL); while (bytesSent < bytesToSend) { psSha512Update(&ctx->sha512, dataChunk, chunk); bytesSent += chunk; } psSha512Final(&ctx->sha512, hashout); psGetTime(&end, NULL); break; #endif #ifdef USE_MD5 case MD5_ALG: psGetTime(&start, NULL); while (bytesSent < bytesToSend) { psMd5Update(&ctx->md5, dataChunk, chunk); bytesSent += chunk; } psMd5Final(&ctx->md5, hashout); psGetTime(&end, NULL); break; #endif default: printf("Skipping Digest Tests\n"); return; } #ifdef USE_HIGHRES_TIME diffu = psDiffUsecs(start, end); round = (bytesToSend / diffu); mod = (bytesToSend % diffu); printf("%d byte chunks in %lld usecs total for rate of %d.%d MB/sec\n", chunk, (unsigned long long)diffu, round, mod); #else diffm = psDiffMsecs(start, end, NULL); round = (bytesToSend / diffm) / 1000; printf("%d byte chunks in %d msecs total for rate of %d MB/sec\n", chunk, diffm, round); #endif }