search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use libtasn1 v2.4.
[gnutls.git] / lib / gnutls_hash_int.c
blobebbf4bc4807951cf6450487a83ca6444babeb85e
1 /*
2 * Copyright (C) 2000, 2001, 2004, 2005, 2007, 2008, 2010 Free Software
3 * Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GNUTLS.
8 *
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
25
26 /* This file handles all the internal functions that cope with hashes
27 * and HMACs.
28 */
29
30 #include <gnutls_int.h>
31 #include <gnutls_hash_int.h>
32 #include <gnutls_errors.h>
33
34 static int
35 digest_length (gnutls_digest_algorithm_t algo)
36 {
37 switch (algo)
38 {
39 case GNUTLS_DIG_NULL:
40 return 0;
41 case GNUTLS_DIG_MD5:
42 case GNUTLS_DIG_MD2:
43 return 16;
44 case GNUTLS_DIG_SHA1:
45 case GNUTLS_DIG_RMD160:
46 return 20;
47 case GNUTLS_DIG_SHA256:
48 return 32;
49 case GNUTLS_DIG_SHA384:
50 return 48;
51 case GNUTLS_DIG_SHA512:
52 return 64;
53 case GNUTLS_DIG_SHA224:
54 return 28;
55 default:
56 gnutls_assert ();
57 return GNUTLS_E_INTERNAL_ERROR;
58 }
59 }
60
61 int
62 _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
63 {
64 int result;
65 const gnutls_crypto_digest_st *cc = NULL;
66
67 dig->algorithm = algorithm;
68
69 /* check if a digest has been registered
70 */
71 cc = _gnutls_get_crypto_digest (algorithm);
72 if (cc != NULL)
73 {
74 dig->registered = 1;
75 dig->hd.rh.cc = cc;
76 if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
77 {
78 gnutls_assert ();
79 return GNUTLS_E_HASH_FAILED;
80 }
81 dig->active = 1;
82 return 0;
83 }
84
85 dig->registered = 0;
86
87 result = _gnutls_digest_ops.init (algorithm, &dig->hd.gc);
88 if (result < 0)
89 {
90 gnutls_assert ();
91 return result;
92 }
93
94 dig->active = 1;
95 return 0;
96 }
97
98 /* returns the output size of the given hash/mac algorithm
99 */
100 int
101 _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
102 {
103 return digest_length (algorithm);
104 }
105
106 int
107 _gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
108 {
109 if (textlen > 0)
110 {
111 if (handle->registered)
112 {
113 return handle->hd.rh.cc->hash (handle->hd.rh.ctx, text, textlen);
114 }
115 return _gnutls_digest_ops.hash (handle->hd.gc, text, textlen);
116 }
117 return 0;
118 }
119
120 int
121 _gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
122 {
123 int result;
124
125 memset (dst, 0, sizeof (*dst));
126 dst->algorithm = src->algorithm;
127 dst->registered = src->registered;
128 dst->active = 1;
129
130 if (src->registered)
131 {
132 dst->hd.rh.cc = src->hd.rh.cc;
133 return src->hd.rh.cc->copy (&dst->hd.rh.ctx, src->hd.rh.ctx);
134 }
135
136 result = _gnutls_digest_ops.copy (&dst->hd.gc, src->hd.gc);
137 if (result < 0)
138 {
139 gnutls_assert ();
140 return result;
141 }
142
143 return 0;
144 }
145
146 /* when the current output is needed without calling deinit
147 */
148 void
149 _gnutls_hash_output (digest_hd_st * handle, void *digest)
150 {
151 size_t maclen;
152
153 maclen = _gnutls_hash_get_algo_len (handle->algorithm);
154
155 if (handle->registered && handle->hd.rh.ctx != NULL)
156 {
157 if (digest != NULL)
158 handle->hd.rh.cc->output (handle->hd.rh.ctx, digest, maclen);
159 return;
160 }
161
162 if (digest != NULL)
163 {
164 _gnutls_digest_ops.output (handle->hd.gc, digest, maclen);
165 }
166 }
167
168 void
169 _gnutls_hash_deinit (digest_hd_st * handle, void *digest)
170 {
171 if (handle->active != 1)
172 {
173 return;
174 }
175
176 if (digest != NULL)
177 _gnutls_hash_output (handle, digest);
178
179 handle->active = 0;
180
181 if (handle->registered && handle->hd.rh.ctx != NULL)
182 {
183 handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
184 return;
185 }
186
187 _gnutls_digest_ops.deinit (handle->hd.gc);
188 }
189
190 int
191 _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
192 const void *text, size_t textlen, void *digest)
193 {
194 digest_hd_st dig;
195 int ret;
196
197 ret = _gnutls_hash_init (&dig, algorithm);
198 if (ret < 0)
199 {
200 gnutls_assert ();
201 return ret;
202 }
203
204 ret = _gnutls_hash (&dig, text, textlen);
205 if (ret < 0)
206 {
207 gnutls_assert ();
208 _gnutls_hash_deinit (&dig, NULL);
209 return ret;
210 }
211
212 _gnutls_hash_deinit (&dig, digest);
213 return 0;
214 }
215
216
217 /* HMAC interface */
218
219 int
220 _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm)
221 {
222 return digest_length (algorithm);
223 }
224
225 int
226 _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
227 int keylen, const void *text, size_t textlen, void *digest)
228 {
229 digest_hd_st dig;
230 int ret;
231
232 ret = _gnutls_hmac_init (&dig, algorithm, key, keylen);
233 if (ret < 0)
234 {
235 gnutls_assert ();
236 return ret;
237 }
238
239 ret = _gnutls_hmac (&dig, text, textlen);
240 if (ret < 0)
241 {
242 gnutls_assert ();
243 _gnutls_hmac_deinit (&dig, NULL);
244 return ret;
245 }
246
247 _gnutls_hmac_deinit (&dig, digest);
248 return 0;
249 }
250
251 int
252 _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
253 const void *key, int keylen)
254 {
255 int result;
256 const gnutls_crypto_mac_st *cc = NULL;
257
258 dig->algorithm = algorithm;
259 dig->key = key;
260 dig->keysize = keylen;
261
262 /* check if a digest has been registered
263 */
264 cc = _gnutls_get_crypto_mac (algorithm);
265 if (cc != NULL)
266 {
267 dig->registered = 1;
268
269 dig->hd.rh.cc = cc;
270 if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
271 {
272 gnutls_assert ();
273 return GNUTLS_E_HASH_FAILED;
274 }
275
276 if (cc->setkey (dig->hd.rh.ctx, key, keylen) < 0)
277 {
278 gnutls_assert ();
279 cc->deinit (dig->hd.rh.ctx);
280 return GNUTLS_E_HASH_FAILED;
281 }
282
283 dig->active = 1;
284 return 0;
285 }
286
287 dig->registered = 0;
288
289 result = _gnutls_mac_ops.init (algorithm, &dig->hd.gc);
290 if (result < 0)
291 {
292 gnutls_assert ();
293 return result;
294 }
295
296 _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
297
298 dig->active = 1;
299 return 0;
300 }
301
302 int
303 _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen)
304 {
305 if (textlen > 0)
306 {
307 if (handle->registered)
308 {
309 return handle->hd.rh.cc->hash (handle->hd.rh.ctx, text, textlen);
310 }
311 return _gnutls_mac_ops.hash (handle->hd.gc, text, textlen);
312 }
313 return 0;
314 }
315
316 void
317 _gnutls_hmac_output (digest_hd_st * handle, void *digest)
318 {
319 int maclen;
320
321 maclen = _gnutls_hmac_get_algo_len (handle->algorithm);
322
323 if (handle->registered && handle->hd.rh.ctx != NULL)
324 {
325 if (digest != NULL)
326 handle->hd.rh.cc->output (handle->hd.rh.ctx, digest, maclen);
327 return;
328 }
329
330 if (digest != NULL)
331 {
332 _gnutls_mac_ops.output (handle->hd.gc, digest, maclen);
333 }
334 }
335
336 void
337 _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
338 {
339 if (handle->active != 1)
340 {
341 return;
342 }
343
344 if (digest)
345 _gnutls_hmac_output (handle, digest);
346
347 handle->active = 0;
348 if (handle->registered && handle->hd.rh.ctx != NULL)
349 {
350 handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
351 return;
352 }
353
354 _gnutls_mac_ops.deinit (handle->hd.gc);
355 }
356
357 inline static int
358 get_padsize (gnutls_mac_algorithm_t algorithm)
359 {
360 switch (algorithm)
361 {
362 case GNUTLS_MAC_MD5:
363 return 48;
364 case GNUTLS_MAC_SHA1:
365 return 40;
366 default:
367 return 0;
368 }
369 }
370
371
372 /* Special functions for SSL3 MAC
373 */
374
375 int
376 _gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
377 void *key, int keylen)
378 {
379 opaque ipad[48];
380 int padsize, result;
381
382 padsize = get_padsize (algorithm);
383 if (padsize == 0)
384 {
385 gnutls_assert ();
386 return GNUTLS_E_HASH_FAILED;
387 }
388
389 memset (ipad, 0x36, padsize);
390
391 result = _gnutls_hash_init (ret, algorithm);
392 if (result < 0)
393 {
394 gnutls_assert ();
395 return result;
396 }
397
398 ret->key = key;
399 ret->keysize = keylen;
400
401 if (keylen > 0)
402 _gnutls_hash (ret, key, keylen);
403 _gnutls_hash (ret, ipad, padsize);
404
405 return 0;
406 }
407
408 void
409 _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
410 {
411 opaque ret[MAX_HASH_SIZE];
412 digest_hd_st td;
413 opaque opad[48];
414 int padsize;
415 int block, rc;
416
417 padsize = get_padsize (handle->algorithm);
418 if (padsize == 0)
419 {
420 gnutls_assert ();
421 _gnutls_hash_deinit (handle, NULL);
422 return;
423 }
424
425 memset (opad, 0x5C, padsize);
426
427 rc = _gnutls_hash_init (&td, handle->algorithm);
428 if (rc < 0)
429 {
430 gnutls_assert ();
431 _gnutls_hash_deinit (handle, NULL);
432 return;
433 }
434
435 if (handle->keysize > 0)
436 _gnutls_hash (&td, handle->key, handle->keysize);
437
438 _gnutls_hash (&td, opad, padsize);
439 block = _gnutls_hmac_get_algo_len (handle->algorithm);
440 _gnutls_hash_deinit (handle, ret); /* get the previous hash */
441 _gnutls_hash (&td, ret, block);
442
443 _gnutls_hash_deinit (&td, digest);
444
445 return;
446 }
447
448 void
449 _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
450 void *digest, opaque * key,
451 uint32_t key_size)
452 {
453 opaque ret[MAX_HASH_SIZE];
454 digest_hd_st td;
455 opaque opad[48];
456 opaque ipad[48];
457 int padsize;
458 int block, rc;
459
460 padsize = get_padsize (handle->algorithm);
461 if (padsize == 0)
462 {
463 gnutls_assert ();
464 return;
465 }
466
467 memset (opad, 0x5C, padsize);
468 memset (ipad, 0x36, padsize);
469
470 rc = _gnutls_hash_init (&td, handle->algorithm);
471 if (rc < 0)
472 {
473 gnutls_assert ();
474 return;
475 }
476
477 if (key_size > 0)
478 _gnutls_hash (&td, key, key_size);
479
480 _gnutls_hash (&td, opad, padsize);
481 block = _gnutls_hmac_get_algo_len (handle->algorithm);
482
483 if (key_size > 0)
484 _gnutls_hash (handle, key, key_size);
485 _gnutls_hash (handle, ipad, padsize);
486 _gnutls_hash_deinit (handle, ret); /* get the previous hash */
487
488 _gnutls_hash (&td, ret, block);
489
490 _gnutls_hash_deinit (&td, digest);
491
492 return;
493 }
494
495 static int
496 ssl3_sha (int i, opaque * secret, int secret_len,
497 opaque * rnd, int rnd_len, void *digest)
498 {
499 int j, ret;
500 opaque text1[26];
501
502 digest_hd_st td;
503
504 for (j = 0; j < i + 1; j++)
505 {
506 text1[j] = 65 + i; /* A==65 */
507 }
508
509 ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
510 if (ret < 0)
511 {
512 gnutls_assert ();
513 return ret;
514 }
515
516 _gnutls_hash (&td, text1, i + 1);
517 _gnutls_hash (&td, secret, secret_len);
518 _gnutls_hash (&td, rnd, rnd_len);
519
520 _gnutls_hash_deinit (&td, digest);
521 return 0;
522 }
523
524 static int
525 ssl3_md5 (int i, opaque * secret, int secret_len,
526 opaque * rnd, int rnd_len, void *digest)
527 {
528 opaque tmp[MAX_HASH_SIZE];
529 digest_hd_st td;
530 int ret;
531
532 ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
533 if (ret < 0)
534 {
535 gnutls_assert ();
536 return ret;
537 }
538
539 _gnutls_hash (&td, secret, secret_len);
540
541 ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
542 if (ret < 0)
543 {
544 gnutls_assert ();
545 _gnutls_hash_deinit (&td, digest);
546 return ret;
547 }
548
549 _gnutls_hash (&td, tmp, _gnutls_hash_get_algo_len (GNUTLS_MAC_SHA1));
550
551 _gnutls_hash_deinit (&td, digest);
552 return 0;
553 }
554
555 int
556 _gnutls_ssl3_hash_md5 (const void *first, int first_len,
557 const void *second, int second_len,
558 int ret_len, opaque * ret)
559 {
560 opaque digest[MAX_HASH_SIZE];
561 digest_hd_st td;
562 int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
563 int rc;
564
565 rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
566 if (rc < 0)
567 {
568 gnutls_assert ();
569 return rc;
570 }
571
572 _gnutls_hash (&td, first, first_len);
573 _gnutls_hash (&td, second, second_len);
574
575 _gnutls_hash_deinit (&td, digest);
576
577 if (ret_len > block)
578 {
579 gnutls_assert ();
580 return GNUTLS_E_INTERNAL_ERROR;
581 }
582
583 memcpy (ret, digest, ret_len);
584
585 return 0;
586
587 }
588
589 int
590 _gnutls_ssl3_generate_random (void *secret, int secret_len,
591 void *rnd, int rnd_len,
592 int ret_bytes, opaque * ret)
593 {
594 int i = 0, copy, output_bytes;
595 opaque digest[MAX_HASH_SIZE];
596 int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
597 int result, times;
598
599 output_bytes = 0;
600 do
601 {
602 output_bytes += block;
603 }
604 while (output_bytes < ret_bytes);
605
606 times = output_bytes / block;
607
608 for (i = 0; i < times; i++)
609 {
610
611 result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
612 if (result < 0)
613 {
614 gnutls_assert ();
615 return result;
616 }
617
618 if ((1 + i) * block < ret_bytes)
619 {
620 copy = block;
621 }
622 else
623 {
624 copy = ret_bytes - (i) * block;
625 }
626
627 memcpy (&ret[i * block], digest, copy);
628 }
629
630 return 0;
631 }
Implementation of the SSL/TLS protocol