feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2594 from ejohnstown/maintenance-BLAKE2

Browse Source 
Maintenance BLAKE2
This commit is contained in:
toddouska
2019-11-18 17:05:01 -08:00
committed by GitHub
parent 7a5c8f4e07 8347d00bf2
commit c6dac64438
10 changed files with 14 additions and 458 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/dox_comments/header_files/hmac.h
View File

@@ -6,7 +6,8 @@
\return 0 Returned on successfully initializing the Hmac object \return 0 Returned on successfully initializing the Hmac object
\return BAD_FUNC_ARG Returned if the input type is invalid. Valid options \return BAD_FUNC_ARG Returned if the input type is invalid. Valid options
are: MD5, SHA, SHA256, SHA384, SHA512, BLAKE2B_ID are: MD5, SHA, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384,
SHA3-512
\return MEMORY_E Returned if there is an error allocating memory for the \return MEMORY_E Returned if there is an error allocating memory for the
structure to use for hashing structure to use for hashing
\return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
@@ -15,7 +16,8 @@
\param hmac pointer to the Hmac object to initialize \param hmac pointer to the Hmac object to initialize
\param type type specifying which encryption method the Hmac object \param type type specifying which encryption method the Hmac object
should use. Valid options are: MD5, SHA, SHA256, SHA384, SHA512, BLAKE2B_ID should use. Valid options are: MD5, SHA, SHA256, SHA384, SHA512, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
\param key pointer to a buffer containing the key with which to \param key pointer to a buffer containing the key with which to
initialize the Hmac object initialize the Hmac object
\param length length of the key \param length length of the key
@@ -131,14 +133,15 @@ WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
\return 0 Returned upon successfully generating a key with the given inputs \return 0 Returned upon successfully generating a key with the given inputs
\return BAD_FUNC_ARG Returned if an invalid hash type is given as \return BAD_FUNC_ARG Returned if an invalid hash type is given as
argument. Valid types are: MD5, SHA, SHA256, SHA384, SHA512, BLAKE2B_ID argument. Valid types are: MD5, SHA, SHA256, SHA384, SHA512, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
\return MEMORY_E Returned if there is an error allocating memory \return MEMORY_E Returned if there is an error allocating memory
\return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
and the key length specified is shorter than the minimum acceptable FIPS and the key length specified is shorter than the minimum acceptable FIPS
standard standard
\param type hash type to use for the HKDF. Valid types are: MD5, SHA, \param type hash type to use for the HKDF. Valid types are: MD5, SHA,
SHA256, SHA384, SHA512, BLAKE2B_ID SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512
\param inKey pointer to the buffer containing the key to use for KDF \param inKey pointer to the buffer containing the key to use for KDF
\param inKeySz length of the input key \param inKeySz length of the input key
\param salt pointer to a buffer containing an optional salt. Use NULL \param salt pointer to a buffer containing an optional salt. Use NULL

46
src/internal.c
View File

@@ -3126,27 +3126,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
if (!dtls && tls && haveRSA) {
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
if (tls && haveRSA) {
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
if (tls && haveRSA) {
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
if (!dtls && tls && haveRSA) { if (!dtls && tls && haveRSA) {
suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = CIPHER_BYTE;
@@ -8678,21 +8657,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
break; break;
case TLS_RSA_WITH_HC_128_B2B256:
if (requirement == REQUIRES_RSA)
return 1;
break;
#endif /* NO_HC128 */ #endif /* NO_HC128 */
#ifdef HAVE_BLAKE2
case TLS_RSA_WITH_AES_128_CBC_B2B256:
case TLS_RSA_WITH_AES_256_CBC_B2B256:
if (requirement == REQUIRES_RSA)
return 1;
break;
#endif /* HAVE_BLAKE2 */
#ifndef NO_RABBIT #ifndef NO_RABBIT
case TLS_RSA_WITH_RABBIT_SHA : case TLS_RSA_WITH_RABBIT_SHA :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
@@ -17486,18 +17452,6 @@ static const CipherSuiteInfo cipher_names[] =
SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA), SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA),
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
SUITE_INFO("HC128-B2B256","TLS_RSA_WITH_HC_128_B2B256",CIPHER_BYTE,TLS_RSA_WITH_HC_128_B2B256),
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
SUITE_INFO("AES128-B2B256","TLS_RSA_WITH_AES_128_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_B2B256),
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
SUITE_INFO("AES256-B2B256","TLS_RSA_WITH_AES_256_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_B2B256),
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA), SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA),
#endif #endif

51
src/keys.c
View File

@@ -1866,57 +1866,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
case TLS_RSA_WITH_HC_128_B2B256:
ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = blake2b_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = BLAKE2B_256;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = HC_128_KEY_SIZE;
ssl->specs.block_size = 0;
ssl->specs.iv_size = HC_128_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
case TLS_RSA_WITH_AES_128_CBC_B2B256:
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = blake2b_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = BLAKE2B_256;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
case TLS_RSA_WITH_AES_256_CBC_B2B256:
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = blake2b_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = BLAKE2B_256;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
case TLS_RSA_WITH_RABBIT_SHA : case TLS_RSA_WITH_RABBIT_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit; ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;

11
src/ssl.c
View File

@@ -21444,11 +21444,6 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
case sha512_mac: case sha512_mac:
macStr = "SHA512"; macStr = "SHA512";
break; break;
#endif
#ifdef HAVE_BLAKE2
case blake2b_mac:
macStr = "BLAKE2b";
break;
#endif #endif
default: default:
macStr = "unknown"; macStr = "unknown";
@@ -29356,12 +29351,6 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
case WC_SHA3_224: case WC_SHA3_224:
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);

72
tests/test-qsh.conf
View File

@@ -875,30 +875,6 @@
-v 1 -v 1
-l QSH:HC128-MD5 -l QSH:HC128-MD5
# server TLSv1 HC128-B2B256
-v 1
-l QSH:HC128-B2B256
# client TLSv1 HC128-B2B256
-v 1
-l QSH:HC128-B2B256
# server TLSv1 AES128-B2B256
-v 1
-l QSH:AES128-B2B256
# client TLSv1 AES128-B2B256
-v 1
-l QSH:AES128-B2B256
# server TLSv1 AES256-B2B256
-v 1
-l QSH:AES256-B2B256
# client TLSv1 AES256-B2B256
-v 1
-l QSH:AES256-B2B256
# server TLSv1.1 HC128-SHA # server TLSv1.1 HC128-SHA
-v 2 -v 2
-l QSH:HC128-SHA -l QSH:HC128-SHA
@@ -915,30 +891,6 @@
-v 2 -v 2
-l QSH:HC128-MD5 -l QSH:HC128-MD5
# server TLSv1.1 HC128-B2B256
-v 2
-l QSH:HC128-B2B256
# client TLSv1.1 HC128-B2B256
-v 2
-l QSH:HC128-B2B256
# server TLSv1.1 AES128-B2B256
-v 2
-l QSH:AES128-B2B256
# client TLSv1.1 AES128-B2B256
-v 2
-l QSH:AES128-B2B256
# server TLSv1.1 AES256-B2B256
-v 2
-l QSH:AES256-B2B256
# client TLSv1.1 AES256-B2B256
-v 2
-l QSH:AES256-B2B256
# server TLSv1.2 HC128-SHA # server TLSv1.2 HC128-SHA
-v 3 -v 3
-l QSH:HC128-SHA -l QSH:HC128-SHA
@@ -955,30 +907,6 @@
-v 3 -v 3
-l QSH:HC128-MD5 -l QSH:HC128-MD5
# server TLSv1.2 HC128-B2B256
-v 3
-l QSH:HC128-B2B256
# client TLSv1.2 HC128-B2B256
-v 3
-l QSH:HC128-B2B256
# server TLSv1.2 AES128-B2B256
-v 3
-l QSH:AES128-B2B256
# client TLSv1.2 AES128-B2B256
-v 3
-l QSH:AES128-B2B256
# server TLSv1.2 AES256-B2B256
-v 3
-l QSH:AES256-B2B256
# client TLSv1.2 AES256-B2B256
-v 3
-l QSH:AES256-B2B256
# server TLSv1 RABBIT-SHA # server TLSv1 RABBIT-SHA
-v 1 -v 1
-l QSH:RABBIT-SHA -l QSH:RABBIT-SHA

72
tests/test.conf
View File

@@ -875,30 +875,6 @@
-v 1 -v 1
-l HC128-MD5 -l HC128-MD5
# server TLSv1 HC128-B2B256
-v 1
-l HC128-B2B256
# client TLSv1 HC128-B2B256
-v 1
-l HC128-B2B256
# server TLSv1 AES128-B2B256
-v 1
-l AES128-B2B256
# client TLSv1 AES128-B2B256
-v 1
-l AES128-B2B256
# server TLSv1 AES256-B2B256
-v 1
-l AES256-B2B256
# client TLSv1 AES256-B2B256
-v 1
-l AES256-B2B256
# server TLSv1.1 HC128-SHA # server TLSv1.1 HC128-SHA
-v 2 -v 2
-l HC128-SHA -l HC128-SHA
@@ -915,30 +891,6 @@
-v 2 -v 2
-l HC128-MD5 -l HC128-MD5
# server TLSv1.1 HC128-B2B256
-v 2
-l HC128-B2B256
# client TLSv1.1 HC128-B2B256
-v 2
-l HC128-B2B256
# server TLSv1.1 AES128-B2B256
-v 2
-l AES128-B2B256
# client TLSv1.1 AES128-B2B256
-v 2
-l AES128-B2B256
# server TLSv1.1 AES256-B2B256
-v 2
-l AES256-B2B256
# client TLSv1.1 AES256-B2B256
-v 2
-l AES256-B2B256
# server TLSv1.2 HC128-SHA # server TLSv1.2 HC128-SHA
-v 3 -v 3
-l HC128-SHA -l HC128-SHA
@@ -955,30 +907,6 @@
-v 3 -v 3
-l HC128-MD5 -l HC128-MD5
# server TLSv1.2 HC128-B2B256
-v 3
-l HC128-B2B256
# client TLSv1.2 HC128-B2B256
-v 3
-l HC128-B2B256
# server TLSv1.2 AES128-B2B256
-v 3
-l AES128-B2B256
# client TLSv1.2 AES128-B2B256
-v 3
-l AES128-B2B256
# server TLSv1.2 AES256-B2B256
-v 3
-l AES256-B2B256
# client TLSv1.2 AES256-B2B256
-v 3
-l AES256-B2B256
# server TLSv1 RABBIT-SHA # server TLSv1 RABBIT-SHA
-v 1 -v 1
-l RABBIT-SHA -l RABBIT-SHA

78
wolfcrypt/src/hmac.c
View File

@@ -65,8 +65,7 @@
{ {
if (hmac == NULL || (key == NULL && keySz != 0) || if (hmac == NULL || (key == NULL && keySz != 0) ||
!(type == WC_MD5 || type == WC_SHA || type == WC_SHA256 || !(type == WC_MD5 || type == WC_SHA || type == WC_SHA256 ||
type == WC_SHA384 || type == WC_SHA512 || type == WC_SHA384 || type == WC_SHA512)) {
type == BLAKE2B_ID)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -131,8 +130,7 @@ int wc_HmacSizeByType(int type)
type == WC_SHA224 || type == WC_SHA256 || type == WC_SHA224 || type == WC_SHA256 ||
type == WC_SHA384 || type == WC_SHA512 || type == WC_SHA384 || type == WC_SHA512 ||
type == WC_SHA3_224 || type == WC_SHA3_256 || type == WC_SHA3_224 || type == WC_SHA3_256 ||
type == WC_SHA3_384 || type == WC_SHA3_512 || type == WC_SHA3_384 || type == WC_SHA3_512)) {
type == BLAKE2B_ID)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -172,12 +170,6 @@ int wc_HmacSizeByType(int type)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = BLAKE2B_OUTBYTES;
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
case WC_SHA3_224: case WC_SHA3_224:
ret = WC_SHA3_224_DIGEST_SIZE; ret = WC_SHA3_224_DIGEST_SIZE;
@@ -245,12 +237,6 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224 #ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224: case WC_SHA3_224:
@@ -303,8 +289,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
type == WC_SHA224 || type == WC_SHA256 || type == WC_SHA224 || type == WC_SHA256 ||
type == WC_SHA384 || type == WC_SHA512 || type == WC_SHA384 || type == WC_SHA512 ||
type == WC_SHA3_224 || type == WC_SHA3_256 || type == WC_SHA3_224 || type == WC_SHA3_256 ||
type == WC_SHA3_384 || type == WC_SHA3_512 || type == WC_SHA3_384 || type == WC_SHA3_512)) {
type == BLAKE2B_ID)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -457,27 +442,6 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
hmac_block_size = BLAKE2B_BLOCKBYTES;
if (length <= BLAKE2B_BLOCKBYTES) {
if (key != NULL) {
XMEMCPY(ip, key, length);
}
}
else {
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
if (ret != 0)
break;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
if (ret != 0)
break;
length = BLAKE2B_256;
}
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224 #ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224: case WC_SHA3_224:
@@ -643,13 +607,6 @@ static int HmacKeyInnerHash(Hmac* hmac)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->ipad,
BLAKE2B_BLOCKBYTES);
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224 #ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224: case WC_SHA3_224:
@@ -760,12 +717,6 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224 #ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224: case WC_SHA3_224:
@@ -939,24 +890,6 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*)hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
break;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->opad,
BLAKE2B_BLOCKBYTES);
if (ret != 0)
break;
ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->innerHash,
BLAKE2B_256);
if (ret != 0)
break;
ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224 #ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224: case WC_SHA3_224:
@@ -1136,11 +1069,6 @@ void wc_HmacFree(Hmac* hmac)
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
break;
#endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224 #ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224: case WC_SHA3_224:

97
wolfcrypt/test/test.c
View File

@@ -289,7 +289,6 @@ int hmac_sha224_test(void);
int hmac_sha256_test(void); int hmac_sha256_test(void);
int hmac_sha384_test(void); int hmac_sha384_test(void);
int hmac_sha512_test(void); int hmac_sha512_test(void);
int hmac_blake2b_test(void);
int hmac_sha3_test(void); int hmac_sha3_test(void);
int hkdf_test(void); int hkdf_test(void);
int x963kdf_test(void); int x963kdf_test(void);
@@ -749,13 +748,6 @@ initDefaultName();
test_pass("HMAC-SHA512 test passed!\n"); test_pass("HMAC-SHA512 test passed!\n");
#endif #endif
#ifdef HAVE_BLAKE2
if ( (ret = hmac_blake2b_test()) != 0)
return err_sys("HMAC-BLAKE2 test failed!\n", ret);
else
test_pass("HMAC-BLAKE2 test passed!\n");
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
!defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
!defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
@@ -3684,95 +3676,6 @@ int hmac_sha256_test(void)
#endif #endif
#if !defined(NO_HMAC) && defined(HAVE_BLAKE2)
int hmac_blake2b_test(void)
{
Hmac hmac;
byte hash[BLAKE2B_256];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
a.output = "\x72\x93\x0d\xdd\xf5\xf7\xe1\x78\x38\x07\x44\x18\x0b\x3f\x51"
"\x37\x25\xb5\x82\xc2\x08\x83\x2f\x1c\x99\xfd\x03\xa0\x16\x75"
"\xac\xfd";
a.inLen = XSTRLEN(a.input);
a.outLen = BLAKE2B_256;
b.input = "what do ya want for nothing?";
b.output = "\x3d\x20\x50\x71\x05\xc0\x8c\x0c\x38\x44\x1e\xf7\xf9\xd1\x67"
"\x21\xff\x64\xf5\x94\x00\xcf\xf9\x75\x41\xda\x88\x61\x9d\x7c"
"\xda\x2b";
b.inLen = XSTRLEN(b.input);
b.outLen = BLAKE2B_256;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\xda\xfe\x2a\x24\xfc\xe7\xea\x36\x34\xbe\x41\x92\xc7\x11\xa7"
"\x00\xae\x53\x9c\x11\x9c\x80\x74\x55\x22\x25\x4a\xb9\x55\xd3"
"\x0f\x87";
c.inLen = XSTRLEN(c.input);
c.outLen = BLAKE2B_256;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#if !defined(HAVE_CAVIUM_V)
/* Blake2 only supported on Cavium Nitrox III */
if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
return -3600;
#endif
ret = wc_HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return -3601;
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return -3602;
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
return -3603;
if (XMEMCMP(hash, test_hmac[i].output, BLAKE2B_256) != 0)
return -3604 - i;
wc_HmacFree(&hmac);
}
#ifndef HAVE_FIPS
if (wc_HmacSizeByType(BLAKE2B_ID) != BLAKE2B_OUTBYTES)
return -3614;
#endif
return 0;
}
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
int hmac_sha384_test(void) int hmac_sha384_test(void)
{ {

19
wolfssl/internal.h
View File

@@ -344,14 +344,6 @@
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
#endif #endif
#endif #endif
#if defined(HAVE_BLAKE2) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
#endif
#ifdef WOLFSSL_AES_256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
#endif
#endif
#endif #endif
#endif #endif
@@ -456,9 +448,6 @@
#if !defined(NO_SHA) #if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_SHA #define BUILD_TLS_RSA_WITH_HC_128_SHA
#endif #endif
#if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_HC_128_B2B256
#endif
#endif #endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
@@ -879,8 +868,7 @@
#endif #endif
#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ defined(BUILD_TLS_RSA_WITH_HC_128_MD5)
defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
#define BUILD_HC128 #define BUILD_HC128
#endif #endif
@@ -991,11 +979,6 @@ enum {
TLS_RSA_WITH_RABBIT_SHA = 0xFD, TLS_RSA_WITH_RABBIT_SHA = 0xFD,
WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
/* wolfSSL extension - Blake2b 256 */
TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
/* wolfSSL extension - NTRU */ /* wolfSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,

15
wolfssl/wolfcrypt/hmac.h
View File

@@ -84,12 +84,6 @@ enum {
#ifndef WOLFSSL_SHA384 #ifndef WOLFSSL_SHA384
WC_SHA384 = WC_HASH_TYPE_SHA384, WC_SHA384 = WC_HASH_TYPE_SHA384,
#endif #endif
#ifndef HAVE_BLAKE2B
BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B,
#endif
#ifndef HAVE_BLAKE2S
BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S,
#endif
#ifndef WOLFSSL_SHA224 #ifndef WOLFSSL_SHA224
WC_SHA224 = WC_HASH_TYPE_SHA224, WC_SHA224 = WC_HASH_TYPE_SHA224,
#endif #endif
@@ -107,9 +101,9 @@ enum {
/* Select the largest available hash for the buffer size. */ /* Select the largest available hash for the buffer size. */
#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE #define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE
#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \ #if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && \
!defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \ !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && \
defined(NO_SHA) && defined(NO_MD5) defined(WOLFSSL_SHA224) && defined(NO_SHA) && defined(NO_MD5)
#error "You have to have some kind of hash if you want to use HMAC." #error "You have to have some kind of hash if you want to use HMAC."
#endif #endif
@@ -134,9 +128,6 @@ typedef union {
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
wc_Sha512 sha512; wc_Sha512 sha512;
#endif #endif
#ifdef HAVE_BLAKE2
Blake2b blake2b;
#endif
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
wc_Sha3 sha3; wc_Sha3 sha3;
#endif #endif