feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

SHA384 fips mode

Browse Source
This commit is contained in:
toddouska
2014-03-27 14:37:37 -07:00
parent e873d7998b
commit 7dd265cf2e
10 changed files with 81 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ctaocrypt/src/asn.c
View File

@ -2721,7 +2721,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
case CTC_SHA384wECDSA:
{
Sha384 sha384;
InitSha384(&sha384);
ret = InitSha384(&sha384);
if (ret != 0) {
CYASSL_MSG("InitSha384 failed");
return 0; /* not confirmed */
}
Sha384Update(&sha384, buf, bufSz);
Sha384Final(&sha384, digest);
typeH = SHA384h;

2
ctaocrypt/src/hmac.c
View File

@ -86,7 +86,7 @@ static int InitHmac(Hmac* hmac, int type)
#ifdef CYASSL_SHA384
case SHA384:
InitSha384(&hmac->hash.sha384);
ret = InitSha384(&hmac->hash.sha384);
break;
#endif

11
ctaocrypt/src/sha512.c
View File

@ -271,7 +271,7 @@ int Sha512Final(Sha512* sha512, byte* hash)
#ifdef CYASSL_SHA384
void InitSha384(Sha384* sha384)
int InitSha384(Sha384* sha384)
{
sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
sha384->digest[1] = W64LIT(0x629a292a367cd507);
@ -285,6 +285,8 @@ void InitSha384(Sha384* sha384)
sha384->buffLen = 0;
sha384->loLen = 0;
sha384->hiLen = 0;
return 0;
}
@ -343,7 +345,7 @@ static INLINE void AddLength384(Sha384* sha384, word32 len)
}
void Sha384Update(Sha384* sha384, const byte* data, word32 len)
int Sha384Update(Sha384* sha384, const byte* data, word32 len)
{
/* do block size increments */
byte* local = (byte*)sha384->buffer;
@ -366,10 +368,11 @@ void Sha384Update(Sha384* sha384, const byte* data, word32 len)
sha384->buffLen = 0;
}
}
return 0;
}
void Sha384Final(Sha384* sha384, byte* hash)
int Sha384Final(Sha384* sha384, byte* hash)
{
byte* local = (byte*)sha384->buffer;
@ -409,7 +412,7 @@ void Sha384Final(Sha384* sha384, byte* hash)
#endif
XMEMCPY(hash, sha384->digest, SHA384_DIGEST_SIZE);
InitSha384(sha384); /* reset state */
return InitSha384(sha384); /* reset state */
}
#endif /* CYASSL_SHA384 */

5
ctaocrypt/test/test.c
View File

@ -1041,6 +1041,7 @@ int sha384_test(void)
{
Sha384 sha;
byte hash[SHA384_DIGEST_SIZE];
int ret;
testVector a, b;
testVector test_sha[2];
@ -1066,7 +1067,9 @@ int sha384_test(void)
test_sha[0] = a;
test_sha[1] = b;
InitSha384(&sha);
ret = InitSha384(&sha);
if (ret != 0)
return -4010;
for (i = 0; i < times; ++i) {
Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);

17
cyassl/ctaocrypt/sha512.h
View File

@ -77,9 +77,9 @@ typedef struct Sha384 {
} Sha384;
CYASSL_API void InitSha384(Sha384*);
CYASSL_API void Sha384Update(Sha384*, const byte*, word32);
CYASSL_API void Sha384Final(Sha384*, byte*);
CYASSL_API int InitSha384(Sha384*);
CYASSL_API int Sha384Update(Sha384*, const byte*, word32);
CYASSL_API int Sha384Final(Sha384*, byte*);
#ifdef HAVE_FIPS
@ -94,6 +94,17 @@ CYASSL_API void Sha384Final(Sha384*, byte*);
#define Sha512Final Sha512Final_fips
#endif /* FIPS_NO_WRAPPERS */
/* fips wrapper calls, user can call direct */
CYASSL_API int InitSha384_fips(Sha384*);
CYASSL_API int Sha384Update_fips(Sha384*, const byte*, word32);
CYASSL_API int Sha384Final_fips(Sha384*, byte*);
#ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */
#define InitSha384 InitSha384_fips
#define Sha384Update Sha384Update_fips
#define Sha384Final Sha384Final_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */

36
mcapi/crypto.c
View File

@ -102,9 +102,7 @@ int CRYPT_SHA_DataAdd(CRYPT_SHA_CTX* sha, const unsigned char* input,
if (sha == NULL || input == NULL)
return BAD_FUNC_ARG;
ShaUpdate((Sha*)sha, input, sz);
return 0;
return ShaUpdate((Sha*)sha, input, sz);
}
@ -114,9 +112,7 @@ int CRYPT_SHA_Finalize(CRYPT_SHA_CTX* sha, unsigned char* digest)
if (sha == NULL || digest == NULL)
return BAD_FUNC_ARG;
ShaFinal((Sha*)sha, digest);
return 0;
return ShaFinal((Sha*)sha, digest);
}
@ -140,9 +136,7 @@ int CRYPT_SHA256_DataAdd(CRYPT_SHA256_CTX* sha256, const unsigned char* input,
if (sha256 == NULL || input == NULL)
return BAD_FUNC_ARG;
Sha256Update((Sha256*)sha256, input, sz);
return 0;
return Sha256Update((Sha256*)sha256, input, sz);
}
@ -152,9 +146,7 @@ int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX* sha256, unsigned char* digest)
if (sha256 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Sha256Final((Sha256*)sha256, digest);
return 0;
return Sha256Final((Sha256*)sha256, digest);
}
@ -167,9 +159,7 @@ int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX* sha384)
if (sha384 == NULL)
return BAD_FUNC_ARG;
InitSha384((Sha384*)sha384);
return 0;
return InitSha384((Sha384*)sha384);
}
@ -180,9 +170,7 @@ int CRYPT_SHA384_DataAdd(CRYPT_SHA384_CTX* sha384, const unsigned char* input,
if (sha384 == NULL || input == NULL)
return BAD_FUNC_ARG;
Sha384Update((Sha384*)sha384, input, sz);
return 0;
return Sha384Update((Sha384*)sha384, input, sz);
}
@ -192,9 +180,7 @@ int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX* sha384, unsigned char* digest)
if (sha384 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Sha384Final((Sha384*)sha384, digest);
return 0;
return Sha384Final((Sha384*)sha384, digest);
}
@ -218,9 +204,7 @@ int CRYPT_SHA512_DataAdd(CRYPT_SHA512_CTX* sha512, const unsigned char* input,
if (sha512 == NULL || input == NULL)
return BAD_FUNC_ARG;
Sha512Update((Sha512*)sha512, input, sz);
return 0;
return Sha512Update((Sha512*)sha512, input, sz);
}
@ -230,9 +214,7 @@ int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
if (sha512 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Sha512Final((Sha512*)sha512, digest);
return 0;
return Sha512Final((Sha512*)sha512, digest);
}

8
mcapi/mcapi_test.c
View File

@ -304,11 +304,16 @@ static int check_sha384(void)
{
CRYPT_SHA384_CTX mcSha384;
Sha384 defSha384;
int ret;
byte mcDigest[CRYPT_SHA384_DIGEST_SIZE];
byte defDigest[SHA384_DIGEST_SIZE];
CRYPT_SHA384_Initialize(&mcSha384);
InitSha384(&defSha384);
ret = InitSha384(&defSha384);
if (ret != 0) {
printf("sha384 init default failed\n");
return -1;
}
CRYPT_SHA384_DataAdd(&mcSha384, ourData, OUR_DATA_SIZE);
Sha384Update(&defSha384, ourData, OUR_DATA_SIZE);
@ -331,6 +336,7 @@ static int check_sha512(void)
{
CRYPT_SHA512_CTX mcSha512;
Sha512 defSha512;
int ret;
byte mcDigest[CRYPT_SHA512_DIGEST_SIZE];
byte defDigest[SHA512_DIGEST_SIZE];

19
src/internal.c
View File

@ -1457,7 +1457,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
}
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
ret = InitSha384(&ssl->hashSha384);
if (ret != 0) {
return ret;
}
#endif
#ifndef NO_RSA
ssl->peerRsaKey = NULL;
@ -4470,7 +4473,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
Sha384 sha384;
int i;
InitSha384(&sha384);
InitSha384(&sha384); /* no error check on purpose, dummy round */
for (i = 0; i < rounds; i++)
Sha384Update(&sha384, data, sz);
@ -8026,7 +8029,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
ret = InitSha384(&sha384);
if (ret != 0)
return ret;
Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
Sha384Update(&sha384, messageVerify, verifySz);
@ -9076,7 +9081,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
ret = InitSha384(&sha384);
if (ret != 0)
return ret;
Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
Sha384Update(&sha384, output + preSigIdx, preSigSz);
@ -9404,7 +9411,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
ret = InitSha384(&sha384);
if (ret != 0)
return ret;
Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
Sha384Update(&sha384, output + preSigIdx, preSigSz);

22
src/ssl.c
View File

@ -4474,7 +4474,11 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
}
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
if ( (ssl->error =
InitSha384(&ssl->hashSha384)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#endif
}
if ( (ssl->error = SendClientHello(ssl)) != 0) {
@ -4745,14 +4749,18 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
if ( (ssl->error =
if ( (ssl->error =
InitSha256(&ssl->hashSha256)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
if ( (ssl->error =
InitSha384(&ssl->hashSha384)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#endif
}
@ -6563,7 +6571,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
(void)sizeof(sha_test);
CYASSL_ENTER("SHA384_Init");
InitSha384((Sha384*)sha);
InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
}

7
tests/hash.c
View File

@ -402,11 +402,11 @@ int sha512_test(void)
{
Sha512 sha;
byte hash[SHA512_DIGEST_SIZE];
int ret;
testVector a, b;
testVector test_sha[2];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
int ret;
a.input = "abc";
a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
@ -455,6 +455,7 @@ int sha384_test()
testVector a, b;
testVector test_sha[2];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
int ret;
a.input = "abc";
a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
@ -476,7 +477,9 @@ int sha384_test()
test_sha[0] = a;
test_sha[1] = b;
InitSha384(&sha);
ret = InitSha384(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);