feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation.

Browse Source
This commit is contained in:
Moisés Guimarães
2014-04-14 10:36:17 -03:00
parent 644bb9c524
commit 32e2d7016f
8 changed files with 303 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ctaocrypt/src/ecc.c
View File

@@ -3834,9 +3834,15 @@ int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
if (ret != 0)
return ret;
HmacUpdate(&hmac, out, msgSz);
HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
HmacFinal(&hmac, out+msgSz);
ret = HmacUpdate(&hmac, out, msgSz);
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
if (ret != 0)
return ret;
ret = HmacFinal(&hmac, out+msgSz);
if (ret != 0)
return ret;
}
break;
@@ -3939,9 +3945,15 @@ int ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
if (ret != 0)
return ret;
HmacUpdate(&hmac, msg, msgSz-digestSz);
HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
HmacFinal(&hmac, verify);
ret = HmacUpdate(&hmac, msg, msgSz-digestSz);
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
if (ret != 0)
return ret;
ret = HmacFinal(&hmac, verify);
if (ret != 0)
return ret;
if (memcmp(verify, msg + msgSz - digestSz, digestSz) != 0) {
return -1;

172
ctaocrypt/src/hmac.c
View File

@@ -172,8 +172,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
XMEMCPY(ip, key, length);
}
else {
Sha256Update(&hmac->hash.sha256, key, length);
Sha256Final(&hmac->hash.sha256, ip);
ret = Sha256Update(&hmac->hash.sha256, key, length);
if (ret != 0)
return ret;
ret = Sha256Final(&hmac->hash.sha256, ip);
if (ret != 0)
return ret;
length = SHA256_DIGEST_SIZE;
}
}
@@ -188,8 +194,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
XMEMCPY(ip, key, length);
}
else {
Sha384Update(&hmac->hash.sha384, key, length);
Sha384Final(&hmac->hash.sha384, ip);
ret = Sha384Update(&hmac->hash.sha384, key, length);
if (ret != 0)
return ret;
ret = Sha384Final(&hmac->hash.sha384, ip);
if (ret != 0)
return ret;
length = SHA384_DIGEST_SIZE;
}
}
@@ -204,8 +216,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
XMEMCPY(ip, key, length);
}
else {
Sha512Update(&hmac->hash.sha512, key, length);
Sha512Final(&hmac->hash.sha512, ip);
ret = Sha512Update(&hmac->hash.sha512, key, length);
if (ret != 0)
return ret;
ret = Sha512Final(&hmac->hash.sha512, ip);
if (ret != 0)
return ret;
length = SHA512_DIGEST_SIZE;
}
}
@@ -242,8 +260,10 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
}
static void HmacKeyInnerHash(Hmac* hmac)
static int HmacKeyInnerHash(Hmac* hmac)
{
int ret = 0;
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:
@@ -259,22 +279,28 @@ static void HmacKeyInnerHash(Hmac* hmac)
#ifndef NO_SHA256
case SHA256:
Sha256Update(&hmac->hash.sha256,
ret = Sha256Update(&hmac->hash.sha256,
(byte*) hmac->ipad, SHA256_BLOCK_SIZE);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
Sha384Update(&hmac->hash.sha384,
ret = Sha384Update(&hmac->hash.sha384,
(byte*) hmac->ipad, SHA384_BLOCK_SIZE);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
Sha512Update(&hmac->hash.sha512,
ret = Sha512Update(&hmac->hash.sha512,
(byte*) hmac->ipad, SHA512_BLOCK_SIZE);
if (ret != 0)
return ret;
break;
#endif
@@ -290,18 +316,25 @@ static void HmacKeyInnerHash(Hmac* hmac)
}
hmac->innerHashKeyed = 1;
return ret;
}
int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumUpdate(hmac, msg, length);
#endif
if (!hmac->innerHashKeyed)
HmacKeyInnerHash(hmac);
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
@@ -318,19 +351,25 @@ int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
#ifndef NO_SHA256
case SHA256:
Sha256Update(&hmac->hash.sha256, msg, length);
ret = Sha256Update(&hmac->hash.sha256, msg, length);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
Sha384Update(&hmac->hash.sha384, msg, length);
ret = Sha384Update(&hmac->hash.sha384, msg, length);
if (ret != 0)
return ret;
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
Sha512Update(&hmac->hash.sha512, msg, length);
ret = Sha512Update(&hmac->hash.sha512, msg, length);
if (ret != 0)
return ret;
break;
#endif
@@ -350,13 +389,18 @@ int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
int HmacFinal(Hmac* hmac, byte* hash)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumFinal(hmac, hash);
#endif
if (!hmac->innerHashKeyed)
HmacKeyInnerHash(hmac);
if (!hmac->innerHashKeyed) {
ret = HmacKeyInnerHash(hmac);
if (ret != 0)
return ret;
}
switch (hmac->macType) {
#ifndef NO_MD5
@@ -390,14 +434,23 @@ int HmacFinal(Hmac* hmac, byte* hash)
#ifndef NO_SHA256
case SHA256:
{
Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
ret = Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
Sha256Update(&hmac->hash.sha256,
ret = Sha256Update(&hmac->hash.sha256,
(byte*) hmac->opad, SHA256_BLOCK_SIZE);
Sha256Update(&hmac->hash.sha256,
(byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
if (ret != 0)
return ret;
Sha256Final(&hmac->hash.sha256, hash);
ret = Sha256Update(&hmac->hash.sha256,
(byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = Sha256Final(&hmac->hash.sha256, hash);
if (ret != 0)
return ret;
}
break;
#endif
@@ -405,14 +458,23 @@ int HmacFinal(Hmac* hmac, byte* hash)
#ifdef CYASSL_SHA384
case SHA384:
{
Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
ret = Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
Sha384Update(&hmac->hash.sha384,
ret = Sha384Update(&hmac->hash.sha384,
(byte*) hmac->opad, SHA384_BLOCK_SIZE);
Sha384Update(&hmac->hash.sha384,
(byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
if (ret != 0)
return ret;
Sha384Final(&hmac->hash.sha384, hash);
ret = Sha384Update(&hmac->hash.sha384,
(byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = Sha384Final(&hmac->hash.sha384, hash);
if (ret != 0)
return ret;
}
break;
#endif
@@ -420,14 +482,23 @@ int HmacFinal(Hmac* hmac, byte* hash)
#ifdef CYASSL_SHA512
case SHA512:
{
Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
ret = Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
if (ret != 0)
return ret;
Sha512Update(&hmac->hash.sha512,
ret = Sha512Update(&hmac->hash.sha512,
(byte*) hmac->opad, SHA512_BLOCK_SIZE);
Sha512Update(&hmac->hash.sha512,
(byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
if (ret != 0)
return ret;
Sha512Final(&hmac->hash.sha512, hash);
ret = Sha512Update(&hmac->hash.sha512,
(byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
if (ret != 0)
return ret;
ret = Sha512Final(&hmac->hash.sha512, hash);
if (ret != 0)
return ret;
}
break;
#endif
@@ -646,6 +717,7 @@ int HKDF(int type, const byte* inKey, word32 inKeySz,
int hashSz = GetHashSizeByType(type);
word32 outIdx = 0;
byte n = 0x1;
int ret;
if (hashSz < 0)
return BAD_FUNC_ARG;
@@ -657,23 +729,35 @@ int HKDF(int type, const byte* inKey, word32 inKeySz,
saltSz = hashSz;
}
if (HmacSetKey(&myHmac, type, localSalt, saltSz) != 0)
return BAD_FUNC_ARG;
HmacUpdate(&myHmac, inKey, inKeySz);
HmacFinal(&myHmac, prk);
ret = HmacSetKey(&myHmac, type, localSalt, saltSz);
if (ret != 0)
return ret;
ret = HmacUpdate(&myHmac, inKey, inKeySz);
if (ret != 0)
return ret;
ret = HmacFinal(&myHmac, prk);
if (ret != 0)
return ret;
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;
if (HmacSetKey(&myHmac, type, prk, hashSz) != 0)
return BAD_FUNC_ARG;
HmacUpdate(&myHmac, tmp, tmpSz);
HmacUpdate(&myHmac, info, infoSz);
HmacUpdate(&myHmac, &n, 1);
HmacFinal(&myHmac, tmp);
ret = HmacSetKey(&myHmac, type, prk, hashSz);
if (ret != 0)
return ret;
ret = HmacUpdate(&myHmac, tmp, tmpSz);
if (ret != 0)
return ret;
ret = HmacUpdate(&myHmac, info, infoSz);
if (ret != 0)
return ret;
ret = HmacUpdate(&myHmac, &n, 1);
if (ret != 0)
return ret;
ret = HmacFinal(&myHmac, tmp);
if (ret != 0)
return ret;
left = min(left, (word32)hashSz);
XMEMCPY(out+outIdx, tmp, left);

23
ctaocrypt/src/pwdbased.c
View File

@@ -151,21 +151,34 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
while (kLen) {
int currentLen;
HmacUpdate(&hmac, salt, sLen);
ret = HmacUpdate(&hmac, salt, sLen);
if (ret != 0)
return ret;
/* encode i */
for (j = 0; j < 4; j++) {
byte b = (byte)(i >> ((3-j) * 8));
HmacUpdate(&hmac, &b, 1);
ret = HmacUpdate(&hmac, &b, 1);
if (ret != 0)
return ret;
}
HmacFinal(&hmac, buffer);
ret = HmacFinal(&hmac, buffer);
if (ret != 0)
return ret;
currentLen = min(kLen, hLen);
XMEMCPY(output, buffer, currentLen);
for (j = 1; j < iterations; j++) {
HmacUpdate(&hmac, buffer, hLen);
HmacFinal(&hmac, buffer);
ret = HmacUpdate(&hmac, buffer, hLen);
if (ret != 0)
return ret;
ret = HmacFinal(&hmac, buffer);
if (ret != 0)
return ret;
xorbuf(output, buffer, currentLen);
}