feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

HMAC fips mode

Browse Source
This commit is contained in:
toddouska
2014-03-27 15:43:54 -07:00
parent 7dd265cf2e
commit 05b132ce1c
12 changed files with 194 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ctaocrypt/src/hmac.c
View File

@@ -43,6 +43,11 @@
#endif #endif
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/hmac.h> #include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/error-crypt.h> #include <cyassl/ctaocrypt/error-crypt.h>
@@ -288,7 +293,7 @@ static void HmacKeyInnerHash(Hmac* hmac)
} }
void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{ {
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
@@ -339,10 +344,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break; break;
} }
return 0;
} }
void HmacFinal(Hmac* hmac, byte* hash) int HmacFinal(Hmac* hmac, byte* hash)
{ {
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
@@ -445,6 +451,8 @@ void HmacFinal(Hmac* hmac, byte* hash)
} }
hmac->innerHashKeyed = 0; hmac->innerHashKeyed = 0;
return 0;
} }

6
ctaocrypt/src/pwdbased.c
View File

@@ -122,7 +122,7 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
{ {
word32 i = 1; word32 i = 1;
int hLen; int hLen;
int j; int j, ret;
Hmac hmac; Hmac hmac;
byte buffer[MAX_DIGEST_SIZE]; byte buffer[MAX_DIGEST_SIZE];
@@ -145,7 +145,9 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
else else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
HmacSetKey(&hmac, hashType, passwd, pLen); ret = HmacSetKey(&hmac, hashType, passwd, pLen);
if (ret != 0)
return ret;
while (kLen) { while (kLen) {
int currentLen; int currentLen;

31
ctaocrypt/test/test.c
View File

@@ -1100,6 +1100,7 @@ int hmac_md5_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -1134,7 +1135,9 @@ int hmac_md5_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20009; return -20009;
#endif #endif
HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4011;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -1168,6 +1171,7 @@ int hmac_sha_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -1202,7 +1206,9 @@ int hmac_sha_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20010; return -20010;
#endif #endif
HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4012;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -1237,6 +1243,7 @@ int hmac_sha256_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -1274,7 +1281,9 @@ int hmac_sha256_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011; return -20011;
#endif #endif
HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4013;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -1309,6 +1318,7 @@ int hmac_blake2b_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -1346,7 +1356,10 @@ int hmac_blake2b_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011; return -20011;
#endif #endif
HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
(word32)strlen(keys[i]));
if (ret != 0)
return -4014;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -1381,6 +1394,7 @@ int hmac_sha384_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -1415,7 +1429,9 @@ int hmac_sha384_test(void)
test_hmac[2] = c; test_hmac[2] = c;
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4015;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -1447,6 +1463,7 @@ int hmac_sha512_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -1484,7 +1501,9 @@ int hmac_sha512_test(void)
test_hmac[2] = c; test_hmac[2] = c;
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA512, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4016;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);

23
cyassl/ctaocrypt/hmac.h
View File

@@ -151,9 +151,9 @@ typedef struct Hmac {
/* does init */ /* does init */
CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
CYASSL_API void HmacUpdate(Hmac*, const byte*, word32); CYASSL_API int HmacUpdate(Hmac*, const byte*, word32);
CYASSL_API void HmacFinal(Hmac*, byte*); CYASSL_API int HmacFinal(Hmac*, byte*);
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
CYASSL_API int HmacInitCavium(Hmac*, int); CYASSL_API int HmacInitCavium(Hmac*, int);
@@ -172,6 +172,23 @@ CYASSL_API int HKDF(int type, const byte* inKey, word32 inKeySz,
#endif /* HAVE_HKDF */ #endif /* HAVE_HKDF */
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int HmacSetKey_fips(Hmac*, int type, const byte* key,
word32 keySz);
CYASSL_API int HmacUpdate_fips(Hmac*, const byte*, word32);
CYASSL_API int HmacFinal_fips(Hmac*, byte*);
#ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */
#define HmacSetKey HmacSetKey_fips
#define HmacUpdate HmacUpdate_fips
#define HmacFinal HmacFinal_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

2
cyassl/internal.h
View File

@@ -2072,7 +2072,7 @@ CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
#endif #endif
#endif #endif
CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
const byte* sender); const byte* sender);
CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep); CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size); CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);

8
cyassl/test.h
View File

@@ -1341,8 +1341,10 @@ static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut,
/* hmac, not needed if aead mode */ /* hmac, not needed if aead mode */
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl)); CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl));
if (ret != 0)
return ret;
HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, macIn, macInSz); HmacUpdate(&hmac, macIn, macInSz);
HmacFinal(&hmac, macOut); HmacFinal(&hmac, macOut);
@@ -1448,8 +1450,10 @@ static INLINE int myDecryptVerifyCb(CYASSL* ssl,
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), digestSz); CyaSSL_GetMacSecret(ssl, macVerify), digestSz);
if (ret != 0)
return ret;
HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, decOut + ivExtra, macInSz); HmacUpdate(&hmac, decOut + ivExtra, macInSz);
HmacFinal(&hmac, verify); HmacFinal(&hmac, verify);

12
mcapi/crypto.c
View File

@@ -233,9 +233,7 @@ int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
return BAD_FUNC_ARG; /* bad hmac type */ return BAD_FUNC_ARG; /* bad hmac type */
} }
HmacSetKey((Hmac*)hmac, type, key, sz); return HmacSetKey((Hmac*)hmac, type, key, sz);
return 0;
} }
@@ -245,9 +243,7 @@ int CRYPT_HMAC_DataAdd(CRYPT_HMAC_CTX* hmac, const unsigned char* input,
if (hmac == NULL || input == NULL) if (hmac == NULL || input == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
HmacUpdate((Hmac*)hmac, input, sz); return HmacUpdate((Hmac*)hmac, input, sz);
return 0;
} }
@@ -257,9 +253,7 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX* hmac, unsigned char* digest)
if (hmac == NULL || digest == NULL) if (hmac == NULL || digest == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
HmacFinal((Hmac*)hmac, digest); return HmacFinal((Hmac*)hmac, digest);
return 0;
} }

25
mcapi/mcapi_test.c
View File

@@ -368,6 +368,7 @@ static int check_hmac(void)
{ {
CRYPT_HMAC_CTX mcHmac; CRYPT_HMAC_CTX mcHmac;
Hmac defHmac; Hmac defHmac;
int ret;
byte mcDigest[CRYPT_SHA512_DIGEST_SIZE]; byte mcDigest[CRYPT_SHA512_DIGEST_SIZE];
byte defDigest[SHA512_DIGEST_SIZE]; byte defDigest[SHA512_DIGEST_SIZE];
@@ -375,7 +376,11 @@ static int check_hmac(void)
/* SHA1 */ /* SHA1 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA, key, 4); CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA, key, 4);
HmacSetKey(&defHmac, SHA, key, 4); ret = HmacSetKey(&defHmac, SHA, key, 4);
if (ret != 0) {
printf("hmac sha setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);
@@ -391,7 +396,11 @@ static int check_hmac(void)
/* SHA-256 */ /* SHA-256 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA256, key, 4); CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA256, key, 4);
HmacSetKey(&defHmac, SHA256, key, 4); ret = HmacSetKey(&defHmac, SHA256, key, 4);
if (ret != 0) {
printf("hmac sha256 setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);
@@ -407,7 +416,11 @@ static int check_hmac(void)
/* SHA-384 */ /* SHA-384 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA384, key, 4); CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA384, key, 4);
HmacSetKey(&defHmac, SHA384, key, 4); ret = HmacSetKey(&defHmac, SHA384, key, 4);
if (ret != 0) {
printf("hmac sha384 setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);
@@ -423,7 +436,11 @@ static int check_hmac(void)
/* SHA-512 */ /* SHA-512 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA512, key, 4); CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA512, key, 4);
HmacSetKey(&defHmac, SHA512, key, 4); ret = HmacSetKey(&defHmac, SHA512, key, 4);
if (ret != 0) {
printf("hmac sha512 setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);

25
src/internal.c
View File

@@ -2947,7 +2947,7 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
#endif #endif
static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{ {
/* store current states, building requires get_digest which resets state */ /* store current states, building requires get_digest which resets state */
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
@@ -2965,9 +2965,11 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
Sha384 sha384 = ssl->hashSha384; Sha384 sha384 = ssl->hashSha384;
#endif #endif
int ret = 0;
#ifndef NO_TLS #ifndef NO_TLS
if (ssl->options.tls) { if (ssl->options.tls) {
BuildTlsFinished(ssl, hashes, sender); ret = BuildTlsFinished(ssl, hashes, sender);
} }
#endif #endif
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
@@ -2994,6 +2996,8 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
ssl->hashSha384 = sha384; ssl->hashSha384 = sha384;
#endif #endif
} }
return ret;
} }
@@ -5211,10 +5215,12 @@ int ProcessReply(CYASSL* ssl)
#endif #endif
if (ssl->options.resuming && ssl->options.side == if (ssl->options.resuming && ssl->options.side ==
CYASSL_CLIENT_END) CYASSL_CLIENT_END)
BuildFinished(ssl, &ssl->verifyHashes, server); ret = BuildFinished(ssl, &ssl->verifyHashes, server);
else if (!ssl->options.resuming && ssl->options.side == else if (!ssl->options.resuming && ssl->options.side ==
CYASSL_SERVER_END) CYASSL_SERVER_END)
BuildFinished(ssl, &ssl->verifyHashes, client); ret = BuildFinished(ssl, &ssl->verifyHashes, client);
if (ret != 0)
return ret;
break; break;
case application_data: case application_data:
@@ -5636,8 +5642,9 @@ int SendFinished(CYASSL* ssl)
/* make finished hashes */ /* make finished hashes */
hashes = (Hashes*)&input[headerSz]; hashes = (Hashes*)&input[headerSz];
BuildFinished(ssl, hashes, ssl->options.side == CYASSL_CLIENT_END ? client : ret = BuildFinished(ssl, hashes,
server); ssl->options.side == CYASSL_CLIENT_END ? client : server);
if (ret != 0) return ret;
sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake);
@@ -5656,7 +5663,8 @@ int SendFinished(CYASSL* ssl)
AddSession(ssl); /* just try */ AddSession(ssl); /* just try */
#endif #endif
if (ssl->options.side == CYASSL_CLIENT_END) { if (ssl->options.side == CYASSL_CLIENT_END) {
BuildFinished(ssl, &ssl->verifyHashes, server); ret = BuildFinished(ssl, &ssl->verifyHashes, server);
if (ret != 0) return ret;
} }
else { else {
ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -5683,7 +5691,8 @@ int SendFinished(CYASSL* ssl)
#endif #endif
} }
else { else {
BuildFinished(ssl, &ssl->verifyHashes, client); ret = BuildFinished(ssl, &ssl->verifyHashes, client);
if (ret != 0) return ret;
} }
} }
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS

13
src/ssl.c
View File

@@ -7304,20 +7304,24 @@ int CyaSSL_set_compression(CYASSL* ssl)
unsigned char* md, unsigned int* md_len) unsigned char* md, unsigned int* md_len)
{ {
Hmac hmac; Hmac hmac;
int ret;
CYASSL_ENTER("HMAC"); CYASSL_ENTER("HMAC");
if (!md) return 0; /* no static buffer support */ if (!md) return NULL; /* no static buffer support */
if (XSTRNCMP(evp_md, "MD5", 3) == 0) { if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
HmacSetKey(&hmac, MD5, (const byte*)key, key_len); ret = HmacSetKey(&hmac, MD5, (const byte*)key, key_len);
if (md_len) *md_len = MD5_DIGEST_SIZE; if (md_len) *md_len = MD5_DIGEST_SIZE;
} }
else if (XSTRNCMP(evp_md, "SHA", 3) == 0) { else if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
HmacSetKey(&hmac, SHA, (const byte*)key, key_len); ret = HmacSetKey(&hmac, SHA, (const byte*)key, key_len);
if (md_len) *md_len = SHA_DIGEST_SIZE; if (md_len) *md_len = SHA_DIGEST_SIZE;
} }
else else
return 0; return NULL;
if (ret != 0)
return NULL;
HmacUpdate(&hmac, d, n); HmacUpdate(&hmac, d, n);
HmacFinal(&hmac, md); HmacFinal(&hmac, md);
@@ -10778,6 +10782,7 @@ static int initGlobalRNG = 0;
if (key && keylen) { if (key && keylen) {
CYASSL_MSG("keying hmac"); CYASSL_MSG("keying hmac");
HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen); HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
/* OpenSSL compat, no error */
} }
} }

97
src/tls.c
View File

@@ -52,7 +52,7 @@
#endif #endif
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
static void p_hash(byte* result, word32 resLen, const byte* secret, static int p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash) word32 secLen, const byte* seed, word32 seedLen, int hash)
{ {
word32 len = PHASH_MAX_DIGEST_SIZE; word32 len = PHASH_MAX_DIGEST_SIZE;
@@ -61,6 +61,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
word32 lastTime; word32 lastTime;
word32 i; word32 i;
word32 idx = 0; word32 idx = 0;
int ret;
byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */ byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */
byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */ byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */
@@ -107,7 +108,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
if (lastLen) times += 1; if (lastLen) times += 1;
lastTime = times - 1; lastTime = times - 1;
HmacSetKey(&hmac, hash, secret, secLen); ret = HmacSetKey(&hmac, hash, secret, secLen);
if (ret != 0)
return ret;
HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */ HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */
HmacFinal(&hmac, previous); /* A1 */ HmacFinal(&hmac, previous); /* A1 */
@@ -128,6 +131,8 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
XMEMSET(previous, 0, sizeof previous); XMEMSET(previous, 0, sizeof previous);
XMEMSET(current, 0, sizeof current); XMEMSET(current, 0, sizeof current);
XMEMSET(&hmac, 0, sizeof hmac); XMEMSET(&hmac, 0, sizeof hmac);
return 0;
} }
@@ -145,9 +150,11 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
/* compute TLSv1 PRF (pseudo random function using HMAC) */ /* compute TLSv1 PRF (pseudo random function using HMAC) */
static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen) const byte* label, word32 labLen, const byte* seed,
word32 seedLen)
{ {
int ret;
word32 half = (secLen + 1) / 2; word32 half = (secLen + 1) / 2;
byte md5_half[MAX_PRF_HALF]; /* half is real size */ byte md5_half[MAX_PRF_HALF]; /* half is real size */
@@ -157,11 +164,11 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
if (half > MAX_PRF_HALF) if (half > MAX_PRF_HALF)
return; return BUFFER_E;
if (labLen + seedLen > MAX_PRF_LABSEED) if (labLen + seedLen > MAX_PRF_LABSEED)
return; return BUFFER_E;
if (digLen > MAX_PRF_DIG) if (digLen > MAX_PRF_DIG)
return; return BUFFER_E;
XMEMSET(md5_result, 0, digLen); XMEMSET(md5_result, 0, digLen);
XMEMSET(sha_result, 0, digLen); XMEMSET(sha_result, 0, digLen);
@@ -172,11 +179,17 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen); XMEMCPY(labelSeed + labLen, seed, seedLen);
p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen, ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
md5_mac); labLen + seedLen, md5_mac);
p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen, if (ret != 0)
sha_mac); return ret;
ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
labLen + seedLen, sha_mac);
if (ret != 0)
return ret;
get_xor(digest, digLen, md5_result, sha_result); get_xor(digest, digLen, md5_result, sha_result);
return 0;
} }
#endif #endif
@@ -184,15 +197,17 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
use */ use */
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen, const byte* label, word32 labLen, const byte* seed, word32 seedLen,
int useAtLeastSha256, int hash_type) int useAtLeastSha256, int hash_type)
{ {
int ret = 0;
if (useAtLeastSha256) { if (useAtLeastSha256) {
byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
if (labLen + seedLen > MAX_PRF_LABSEED) if (labLen + seedLen > MAX_PRF_LABSEED)
return; return BUFFER_E;
XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen); XMEMCPY(labelSeed + labLen, seed, seedLen);
@@ -201,13 +216,17 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
* should use better. */ * should use better. */
if (hash_type < sha256_mac) if (hash_type < sha256_mac)
hash_type = sha256_mac; hash_type = sha256_mac;
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, ret = p_hash(digest, digLen, secret, secLen, labelSeed,
hash_type); labLen + seedLen, hash_type);
} }
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
else else {
doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen); ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
seedLen);
}
#endif #endif
return ret;
} }
@@ -218,7 +237,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#endif #endif
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{ {
const byte* side; const byte* side;
byte handshake_hash[HSHASH_SZ]; byte handshake_hash[HSHASH_SZ];
@@ -249,9 +268,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
else else
side = tls_server; side = tls_server;
PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
ssl->specs.mac_algorithm); IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
} }
@@ -295,6 +314,7 @@ static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
int DeriveTlsKeys(CYASSL* ssl) int DeriveTlsKeys(CYASSL* ssl)
{ {
int ret;
int length = 2 * ssl->specs.hash_size + int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size + 2 * ssl->specs.key_size +
2 * ssl->specs.iv_size; 2 * ssl->specs.iv_size;
@@ -304,9 +324,11 @@ int DeriveTlsKeys(CYASSL* ssl)
XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN);
PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN, key_label, ret = PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN,
KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm); ssl->specs.mac_algorithm);
if (ret != 0)
return ret;
return StoreKeys(ssl, key_data); return StoreKeys(ssl, key_data);
} }
@@ -314,15 +336,18 @@ int DeriveTlsKeys(CYASSL* ssl)
int MakeTlsMasterSecret(CYASSL* ssl) int MakeTlsMasterSecret(CYASSL* ssl)
{ {
int ret;
byte seed[SEED_LEN]; byte seed[SEED_LEN];
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
PRF(ssl->arrays->masterSecret, SECRET_LEN, ret = PRF(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
master_label, MASTER_LABEL_SZ, master_label, MASTER_LABEL_SZ,
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
if (ret != 0)
return ret;
#ifdef SHOW_SECRETS #ifdef SHOW_SECRETS
{ {
@@ -352,12 +377,11 @@ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
PRF((byte*)msk, len, return PRF((byte*)msk, len,
ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->masterSecret, SECRET_LEN,
(const byte *)label, (word32)strlen(label), (const byte *)label, (word32)strlen(label),
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
return 0;
} }
@@ -502,12 +526,15 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify) int content, int verify)
{ {
Hmac hmac; Hmac hmac;
int ret;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify), ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
ssl->specs.hash_size); CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
if (ret != 0)
return ret;
HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, in, sz); /* content */ HmacUpdate(&hmac, in, sz); /* content */
HmacFinal(&hmac, digest); HmacFinal(&hmac, digest);

20
tests/hash.c
View File

@@ -564,6 +564,7 @@ int hmac_md5_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -592,7 +593,9 @@ int hmac_md5_test(void)
test_hmac[2] = c; test_hmac[2] = c;
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4014;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -623,6 +626,7 @@ int hmac_sha_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -651,7 +655,9 @@ int hmac_sha_test(void)
test_hmac[2] = c; test_hmac[2] = c;
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4015;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -682,6 +688,7 @@ int hmac_sha256_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -713,7 +720,9 @@ int hmac_sha256_test(void)
test_hmac[2] = c; test_hmac[2] = c;
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4016;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);
@@ -745,6 +754,7 @@ int hmac_sha384_test(void)
testVector a, b, c; testVector a, b, c;
testVector test_hmac[3]; testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i; int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There"; a.input = "Hi There";
@@ -779,7 +789,9 @@ int hmac_sha384_test(void)
test_hmac[2] = c; test_hmac[2] = c;
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i])); ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4017;
HmacUpdate(&hmac, (byte*)test_hmac[i].input, HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen); (word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash); HmacFinal(&hmac, hash);