feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5

Browse Source
This commit is contained in:
Takashi Kojo
2013-11-06 10:22:21 +09:00
parent 31891942b9 fb8c3e0c75
commit f26cf50ff2
25 changed files with 1309 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

288
ctaocrypt/src/asn.c
View File

@@ -289,7 +289,11 @@ time_t pic32_time(time_t* timer)
if (timer == NULL)
timer = &localTime;
#ifdef MICROCHIP_MPLAB_HARMONY
sec = TCPIP_SNTP_UTCSecondsGet();
#else
sec = SNTPGetUTCSeconds();
#endif
*timer = (time_t) sec;
return *timer;
@@ -1250,6 +1254,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->publicKey = 0;
cert->pubKeySize = 0;
cert->pubKeyStored = 0;
cert->version = 0;
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
@@ -1290,11 +1295,15 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->subjectOULen = 0;
cert->subjectEmail = 0;
cert->subjectEmailLen = 0;
cert->beforeDate = 0;
cert->beforeDateLen = 0;
cert->afterDate = 0;
cert->afterDateLen = 0;
#endif /* CYASSL_CERT_GEN */
cert->beforeDate = NULL;
cert->beforeDateLen = 0;
cert->afterDate = NULL;
cert->afterDateLen = 0;
#ifdef OPENSSL_EXTRA
XMEMSET(&cert->issuerName, 0, sizeof(DecodedName));
XMEMSET(&cert->subjectName, 0, sizeof(DecodedName));
#endif /* OPENSSL_EXTRA */
#ifdef CYASSL_SEP
cert->deviceTypeSz = 0;
cert->deviceType = NULL;
@@ -1333,12 +1342,18 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->hwType, cert->heap, 0);
XFREE(cert->hwSerialNum, cert->heap, 0);
#endif /* CYASSL_SEP */
#ifdef OPENSSL_EXTRA
if (cert->issuerName.fullName != NULL)
XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509);
if (cert->subjectName.fullName != NULL)
XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509);
#endif /* OPENSSL_EXTRA */
}
static int GetCertHeader(DecodedCert* cert)
{
int ret = 0, version, len;
int ret = 0, len;
byte serialTmp[EXTERNAL_SERIAL_SIZE];
mp_int mpi;
@@ -1351,7 +1366,7 @@ static int GetCertHeader(DecodedCert* cert)
return ASN_PARSE_E;
cert->sigIndex = len + cert->srcIdx;
if (GetExplicitVersion(cert->source, &cert->srcIdx, &version) < 0)
if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0)
return ASN_PARSE_E;
if (GetInt(&mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0)
@@ -1359,7 +1374,7 @@ static int GetCertHeader(DecodedCert* cert)
len = mp_unsigned_bin_size(&mpi);
if (len < (int)sizeof(serialTmp)) {
if (mp_to_unsigned_bin(&mpi, serialTmp) == MP_OKAY) {
if ( (ret = mp_to_unsigned_bin(&mpi, serialTmp)) == MP_OKAY) {
if (len > EXTERNAL_SERIAL_SIZE)
len = EXTERNAL_SERIAL_SIZE;
XMEMCPY(cert->serial, serialTmp, len);
@@ -1537,6 +1552,10 @@ static int GetName(DecodedCert* cert, int nameType)
int dummy;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
word32 idx;
#ifdef OPENSSL_EXTRA
DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
#endif /* OPENSSL_EXTRA */
CYASSL_MSG("Getting Cert Name");
@@ -1621,6 +1640,10 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4;
copy = TRUE;
}
#ifdef OPENSSL_EXTRA
dName->cnIdx = cert->srcIdx;
dName->cnLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_SUR_NAME) {
if (!tooBig) {
@@ -1628,12 +1651,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4;
copy = TRUE;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectSN = (char*)&cert->source[cert->srcIdx];
cert->subjectSNLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectSN = (char*)&cert->source[cert->srcIdx];
cert->subjectSNLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_COUNTRY_NAME) {
if (!tooBig) {
@@ -1641,12 +1668,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 3;
copy = TRUE;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectC = (char*)&cert->source[cert->srcIdx];
cert->subjectCLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectC = (char*)&cert->source[cert->srcIdx];
cert->subjectCLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->cIdx = cert->srcIdx;
dName->cLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_LOCALITY_NAME) {
if (!tooBig) {
@@ -1654,12 +1685,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 3;
copy = TRUE;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectL = (char*)&cert->source[cert->srcIdx];
cert->subjectLLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectL = (char*)&cert->source[cert->srcIdx];
cert->subjectLLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->lIdx = cert->srcIdx;
dName->lLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_STATE_NAME) {
if (!tooBig) {
@@ -1667,12 +1702,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4;
copy = TRUE;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectST = (char*)&cert->source[cert->srcIdx];
cert->subjectSTLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectST = (char*)&cert->source[cert->srcIdx];
cert->subjectSTLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->stIdx = cert->srcIdx;
dName->stLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORG_NAME) {
if (!tooBig) {
@@ -1680,12 +1719,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 3;
copy = TRUE;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectO = (char*)&cert->source[cert->srcIdx];
cert->subjectOLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectO = (char*)&cert->source[cert->srcIdx];
cert->subjectOLen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->oIdx = cert->srcIdx;
dName->oLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORGUNIT_NAME) {
if (!tooBig) {
@@ -1693,12 +1736,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4;
copy = TRUE;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectOU = (char*)&cert->source[cert->srcIdx];
cert->subjectOULen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectOU = (char*)&cert->source[cert->srcIdx];
cert->subjectOULen = strLen;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->ouIdx = cert->srcIdx;
dName->ouLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_SERIAL_NUMBER) {
if (!tooBig) {
@@ -1706,6 +1753,10 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 14;
copy = TRUE;
}
#ifdef OPENSSL_EXTRA
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */
}
if (copy && !tooBig) {
@@ -1747,12 +1798,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 14;
}
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectEmail = (char*)&cert->source[cert->srcIdx];
cert->subjectEmailLen = adv;
}
#endif /* CYASSL_CERT_GEN */
#ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectEmail = (char*)&cert->source[cert->srcIdx];
cert->subjectEmailLen = adv;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->emailIdx = cert->srcIdx;
dName->emailLen = adv;
#endif /* OPENSSL_EXTRA */
if (!tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
@@ -1772,6 +1827,10 @@ static int GetName(DecodedCert* cert, int nameType)
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv;
}
#ifdef OPENSSL_EXTRA
dName->uidIdx = cert->srcIdx;
dName->uidLen = adv;
#endif /* OPENSSL_EXTRA */
}
cert->srcIdx += adv;
@@ -1779,6 +1838,131 @@ static int GetName(DecodedCert* cert, int nameType)
}
full[idx++] = 0;
#ifdef OPENSSL_EXTRA
{
int totalLen = 0;
if (dName->cnLen != 0)
totalLen += dName->cnLen + 4;
if (dName->snLen != 0)
totalLen += dName->snLen + 4;
if (dName->cLen != 0)
totalLen += dName->cLen + 3;
if (dName->lLen != 0)
totalLen += dName->lLen + 3;
if (dName->stLen != 0)
totalLen += dName->stLen + 4;
if (dName->oLen != 0)
totalLen += dName->oLen + 3;
if (dName->ouLen != 0)
totalLen += dName->ouLen + 4;
if (dName->emailLen != 0)
totalLen += dName->emailLen + 14;
if (dName->uidLen != 0)
totalLen += dName->uidLen + 5;
if (dName->serialLen != 0)
totalLen += dName->serialLen + 14;
dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509);
if (dName->fullName != NULL) {
idx = 0;
if (dName->cnLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/CN=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cnIdx], dName->cnLen);
dName->cnIdx = idx;
idx += dName->cnLen;
}
if (dName->snLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/SN=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->snIdx], dName->snLen);
dName->snIdx = idx;
idx += dName->snLen;
}
if (dName->cLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/C=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cIdx], dName->cLen);
dName->cIdx = idx;
idx += dName->cLen;
}
if (dName->lLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/L=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->lIdx], dName->lLen);
dName->lIdx = idx;
idx += dName->lLen;
}
if (dName->stLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/ST=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->stIdx], dName->stLen);
dName->stIdx = idx;
idx += dName->stLen;
}
if (dName->oLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/O=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->oIdx], dName->oLen);
dName->oIdx = idx;
idx += dName->oLen;
}
if (dName->ouLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/OU=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->ouIdx], dName->ouLen);
dName->ouIdx = idx;
idx += dName->ouLen;
}
if (dName->emailLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->emailIdx], dName->emailLen);
dName->emailIdx = idx;
idx += dName->emailLen;
}
if (dName->uidLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
idx += 5;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->uidIdx], dName->uidLen);
dName->uidIdx = idx;
idx += dName->uidLen;
}
if (dName->serialLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/serialNumber=", 14);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->serialIdx], dName->serialLen);
dName->serialIdx = idx;
idx += dName->serialLen;
}
dName->fullName[idx] = '\0';
dName->fullNameLen = totalLen;
}
}
#endif /* OPENSSL_EXTRA */
return 0;
}
@@ -1878,15 +2062,13 @@ static int GetDate(DecodedCert* cert, int dateType)
int length;
byte date[MAX_DATE_SIZE];
byte b;
#ifdef CYASSL_CERT_GEN
word32 startIdx = 0;
if (dateType == BEFORE)
cert->beforeDate = &cert->source[cert->srcIdx];
else
cert->afterDate = &cert->source[cert->srcIdx];
startIdx = cert->srcIdx;
#endif
b = cert->source[cert->srcIdx++];
if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME)
@@ -1901,12 +2083,10 @@ static int GetDate(DecodedCert* cert, int dateType)
XMEMCPY(date, &cert->source[cert->srcIdx], length);
cert->srcIdx += length;
#ifdef CYASSL_CERT_GEN
if (dateType == BEFORE)
cert->beforeDateLen = cert->srcIdx - startIdx;
else
cert->afterDateLen = cert->srcIdx - startIdx;
#endif
if (!XVALIDATE_DATE(date, b, dateType)) {
if (dateType == BEFORE)

107
ctaocrypt/src/ecc.c
View File

@@ -159,8 +159,10 @@ int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
mp_digit* mp);
static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map);
#ifdef ECC_SHAMIR
static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus);
#endif
/* helper for either lib */
@@ -1514,14 +1516,14 @@ void ecc_free(ecc_key* key)
}
#ifdef ECC_SHAMIR
#ifdef USE_FAST_MATH
#define GEN_MEM_ERR FP_MEM
#else
#define GEN_MEM_ERR MP_MEM
#endif
#ifdef ECC_SHAMIR
/** Computes kA*A + kB*B = C using Shamir's Trick
A First point to multiply
kA What to multiple A by
@@ -1582,20 +1584,23 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
if (err == MP_OKAY) {
/* extract and justify kA */
mp_to_unsigned_bin(kA, (len - lenA) + tA);
err = mp_to_unsigned_bin(kA, (len - lenA) + tA);
/* extract and justify kB */
mp_to_unsigned_bin(kB, (len - lenB) + tB);
if (err == MP_OKAY)
err = mp_to_unsigned_bin(kB, (len - lenB) + tB);
/* allocate the table */
for (x = 0; x < 16; x++) {
precomp[x] = ecc_new_point();
if (precomp[x] == NULL) {
for (y = 0; y < x; ++y) {
ecc_del_point(precomp[y]);
if (err == MP_OKAY) {
for (x = 0; x < 16; x++) {
precomp[x] = ecc_new_point();
if (precomp[x] == NULL) {
for (y = 0; y < x; ++y) {
ecc_del_point(precomp[y]);
}
err = GEN_MEM_ERR;
break;
}
err = GEN_MEM_ERR;
break;
}
}
}
@@ -1943,6 +1948,7 @@ int ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
{
byte buf[ECC_BUFSIZE];
word32 numlen;
int ret = MP_OKAY;
if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E;
@@ -1962,14 +1968,18 @@ int ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
/* pad and store x */
XMEMSET(buf, 0, sizeof(buf));
mp_to_unsigned_bin(&key->pubkey.x,
ret = mp_to_unsigned_bin(&key->pubkey.x,
buf + (numlen - mp_unsigned_bin_size(&key->pubkey.x)));
if (ret != MP_OKAY)
return ret;
XMEMCPY(out+1, buf, numlen);
/* pad and store y */
XMEMSET(buf, 0, sizeof(buf));
mp_to_unsigned_bin(&key->pubkey.y,
ret = mp_to_unsigned_bin(&key->pubkey.y,
buf + (numlen - mp_unsigned_bin_size(&key->pubkey.y)));
if (ret != MP_OKAY)
return ret;
XMEMCPY(out+1+numlen, buf, numlen);
*outLen = 1 + 2*numlen;
@@ -2043,6 +2053,31 @@ int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
}
/* export ecc private key only raw, outLen is in/out size
return MP_OKAY on success */
int ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
{
word32 numlen;
if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E;
if (ecc_is_valid_idx(key->idx) == 0) {
return ECC_BAD_ARG_E;
}
numlen = key->dp->size;
if (*outLen < numlen) {
*outLen = numlen;
return BUFFER_E;
}
*outLen = numlen;
XMEMSET(out, 0, *outLen);
return mp_to_unsigned_bin(&key->k, out + (numlen -
mp_unsigned_bin_size(&key->k)));
}
/* ecc private key import, public key in ANSI X9.63 format, private raw */
int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key)
@@ -2066,14 +2101,15 @@ int ecc_size(ecc_key* key)
}
/* signature size in octets */
/* worst case estimate, check actual return from ecc_sign_hash for actual value
of signature size in octets */
int ecc_sig_size(ecc_key* key)
{
int sz = ecc_size(key);
if (sz < 0)
return sz;
return sz * 2 + SIG_HEADER_SZ;
return sz * 2 + SIG_HEADER_SZ + 4; /* (4) worst case estimate */
}
@@ -2090,9 +2126,17 @@ int ecc_sig_size(ecc_key* key)
#define FP_LUT 8U
#endif
#if (FP_LUT > 12) || (FP_LUT < 2)
#error FP_LUT must be between 2 and 12 inclusively
#endif
#ifdef ECC_SHAMIR
/* Sharmir requires a bigger LUT, TAO */
#if (FP_LUT > 12) || (FP_LUT < 4)
#error FP_LUT must be between 4 and 12 inclusively
#endif
#else
#if (FP_LUT > 12) || (FP_LUT < 2)
#error FP_LUT must be between 2 and 12 inclusively
#endif
#endif
/** Our FP cache */
static struct {
@@ -3223,6 +3267,10 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
initMutex = 1;
}
err = mp_init(&mu);
if (err != MP_OKAY)
return err;
if (LockMutex(&ecc_fp_lock) != 0)
return BAD_MUTEX_E;
@@ -3267,17 +3315,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
if (err == MP_OKAY) {
mpInit = 1;
err = mp_init(&mu);
err = mp_montgomery_calc_normalization(&mu, modulus);
}
if (err == MP_OKAY)
err = mp_montgomery_calc_normalization(&mu, modulus);
if (err == MP_OKAY)
/* compute mu */
err = mp_init(&mu);
if (err == MP_OKAY)
err = mp_montgomery_calc_normalization(&mu, modulus);
if (err == MP_OKAY)
/* build the LUT */
@@ -3289,17 +3328,13 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
/* if it's 2 build the LUT, if it's higher just use the LUT */
if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) {
if (mpInit == 0) {
/* compute mp */
/* compute mp */
err = mp_montgomery_setup(modulus, &mp);
if (err == MP_OKAY)
if (err == MP_OKAY) {
mpInit = 1;
err = mp_montgomery_calc_normalization(&mu, modulus);
}
}
if (err == MP_OKAY)
/* compute mu */
err = mp_init(&mu);
if (err == MP_OKAY)
err = mp_montgomery_calc_normalization(&mu, modulus);
if (err == MP_OKAY)
/* build the LUT */

127
ctaocrypt/src/hmac.c
View File

@@ -85,6 +85,7 @@ static int InitHmac(Hmac* hmac, int type)
#endif
default:
return BAD_FUNC_ARG;
break;
}
@@ -92,18 +93,21 @@ static int InitHmac(Hmac* hmac, int type)
}
void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i, hmac_block_size = 0;
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumSetKey(hmac, type, key, length);
#endif
InitHmac(hmac, type);
ret = InitHmac(hmac, type);
if (ret != 0)
return ret;
switch (hmac->macType) {
#ifndef NO_MD5
@@ -203,7 +207,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#endif
default:
break;
return BAD_FUNC_ARG;
}
if (length < hmac_block_size)
XMEMSET(ip + length, 0, hmac_block_size - length);
@@ -212,6 +216,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
return 0;
}
@@ -541,5 +546,121 @@ int CyaSSL_GetHmacMaxSize(void)
return MAX_DIGEST_SIZE;
}
#ifdef HAVE_HKDF
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* min */
static INLINE int GetHashSizeByType(int type)
{
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID))
return BAD_FUNC_ARG;
switch (type) {
#ifndef NO_MD5
case MD5:
return MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case SHA:
return SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
return SHA256_DIGEST_SIZE;
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
return SHA384_DIGEST_SIZE;
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
return SHA512_DIGEST_SIZE;
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
return BLAKE2B_OUTBYTES;
break;
#endif
default:
return BAD_FUNC_ARG;
break;
}
}
/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
int HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz)
{
Hmac myHmac;
byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
byte prk[MAX_DIGEST_SIZE];
const byte* localSalt; /* either points to user input or tmp */
int hashSz = GetHashSizeByType(type);
word32 outIdx = 0;
byte n = 0x1;
if (hashSz < 0)
return BAD_FUNC_ARG;
localSalt = salt;
if (localSalt == NULL) {
XMEMSET(tmp, 0, hashSz);
localSalt = tmp;
saltSz = hashSz;
}
if (HmacSetKey(&myHmac, type, localSalt, saltSz) != 0)
return BAD_FUNC_ARG;
HmacUpdate(&myHmac, inKey, inKeySz);
HmacFinal(&myHmac, prk);
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;
if (HmacSetKey(&myHmac, type, prk, hashSz) != 0)
return BAD_FUNC_ARG;
HmacUpdate(&myHmac, tmp, tmpSz);
HmacUpdate(&myHmac, info, infoSz);
HmacUpdate(&myHmac, &n, 1);
HmacFinal(&myHmac, tmp);
left = min(left, (word32)hashSz);
XMEMCPY(out+outIdx, tmp, left);
outIdx += hashSz;
n++;
}
return 0;
}
#endif /* HAVE_HKDF */
#endif /* NO_HMAC */

6
ctaocrypt/src/pwdbased.c
View File

@@ -325,15 +325,15 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
if (outSz > (int)v) {
/* take off MSB */
byte tmp[129];
mp_to_unsigned_bin(&res, tmp);
ret = mp_to_unsigned_bin(&res, tmp);
XMEMCPY(I + i, tmp + 1, v);
}
else if (outSz < (int)v) {
XMEMSET(I + i, 0, v - outSz);
mp_to_unsigned_bin(&res, I + i + v - outSz);
ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
}
else
mp_to_unsigned_bin(&res, I + i);
ret = mp_to_unsigned_bin(&res, I + i);
}
mp_clear(&i1);

11
ctaocrypt/src/random.c
View File

@@ -458,18 +458,23 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(MICROCHIP_PIC32)
#include <peripheral/timer.h>
#ifdef MICROCHIP_MPLAB_HARMONY
#define PIC32_SEED_COUNT _CP0_GET_COUNT
#else
#include <peripheral/timer.h>
#define PIC32_SEED_COUNT ReadCoreTimer
#endif
/* uses the core timer, in nanoseconds to seed srand */
int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
srand(ReadCoreTimer() * 25);
srand(PIC32_SEED_COUNT() * 25);
for (i = 0; i < sz; i++ ) {
output[i] = rand() % 256;
if ( (i % 8) == 7)
srand(ReadCoreTimer() * 25);
srand(PIC32_SEED_COUNT() * 25);
}
return 0;