search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
certtool is able to set certificate policies via a template
[gnutls.git] / lib / gnutls_hash_int.c
blob740e13b0862341cc67e0ef954656f8f312e252dc
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* This file handles all the internal functions that cope with hashes
24 * and HMACs.
25 */
26
27 #include <gnutls_int.h>
28 #include <gnutls_hash_int.h>
29 #include <gnutls_errors.h>
30
31 static size_t
32 digest_length (int algo)
33 {
34 switch (algo)
35 {
36 case GNUTLS_DIG_NULL:
37 case GNUTLS_MAC_AEAD:
38 return 0;
39 case GNUTLS_DIG_MD5:
40 case GNUTLS_DIG_MD2:
41 return 16;
42 case GNUTLS_DIG_SHA1:
43 case GNUTLS_DIG_RMD160:
44 return 20;
45 case GNUTLS_DIG_SHA256:
46 return 32;
47 case GNUTLS_DIG_SHA384:
48 return 48;
49 case GNUTLS_DIG_SHA512:
50 return 64;
51 case GNUTLS_DIG_SHA224:
52 return 28;
53 default:
54 gnutls_assert ();
55 return GNUTLS_E_INTERNAL_ERROR;
56 }
57 }
58
59
60 int
61 _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
62 {
63 int result;
64 const gnutls_crypto_digest_st *cc = NULL;
65
66 dig->algorithm = algorithm;
67
68 /* check if a digest has been registered
69 */
70 cc = _gnutls_get_crypto_digest (algorithm);
71 if (cc != NULL && cc->init)
72 {
73 if (cc->init (algorithm, &dig->handle) < 0)
74 {
75 gnutls_assert ();
76 return GNUTLS_E_HASH_FAILED;
77 }
78
79 dig->hash = cc->hash;
80 dig->reset = cc->reset;
81 dig->output = cc->output;
82 dig->deinit = cc->deinit;
83
84 return 0;
85 }
86
87 result = _gnutls_digest_ops.init (algorithm, &dig->handle);
88 if (result < 0)
89 {
90 gnutls_assert ();
91 return result;
92 }
93
94 dig->hash = _gnutls_digest_ops.hash;
95 dig->reset = _gnutls_digest_ops.reset;
96 dig->output = _gnutls_digest_ops.output;
97 dig->deinit = _gnutls_digest_ops.deinit;
98
99 return 0;
100 }
101
102 void
103 _gnutls_hash_deinit (digest_hd_st * handle, void *digest)
104 {
105 if (handle->handle == NULL)
106 {
107 return;
108 }
109
110 if (digest != NULL)
111 _gnutls_hash_output (handle, digest);
112
113 handle->deinit (handle->handle);
114 handle->handle = NULL;
115 }
116
117 /* returns the output size of the given hash/mac algorithm
118 */
119 size_t
120 _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
121 {
122 return digest_length (algorithm);
123 }
124
125 int
126 _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
127 const void *text, size_t textlen, void *digest)
128 {
129 int ret;
130 const gnutls_crypto_digest_st *cc = NULL;
131
132 /* check if a digest has been registered
133 */
134 cc = _gnutls_get_crypto_digest (algorithm);
135 if (cc != NULL)
136 {
137 if (cc->fast (algorithm, text, textlen, digest) < 0)
138 {
139 gnutls_assert ();
140 return GNUTLS_E_HASH_FAILED;
141 }
142
143 return 0;
144 }
145
146 ret = _gnutls_digest_ops.fast (algorithm, text, textlen, digest);
147 if (ret < 0)
148 {
149 gnutls_assert ();
150 return ret;
151 }
152
153 return 0;
154 }
155
156
157 /* HMAC interface */
158
159 int
160 _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
161 int keylen, const void *text, size_t textlen, void *digest)
162 {
163 int ret;
164 const gnutls_crypto_mac_st *cc = NULL;
165
166 /* check if a digest has been registered
167 */
168 cc = _gnutls_get_crypto_mac (algorithm);
169 if (cc != NULL)
170 {
171 if (cc->fast (algorithm, key, keylen, text, textlen, digest) < 0)
172 {
173 gnutls_assert ();
174 return GNUTLS_E_HASH_FAILED;
175 }
176
177 return 0;
178 }
179
180 ret = _gnutls_mac_ops.fast (algorithm, key, keylen, text, textlen, digest);
181 if (ret < 0)
182 {
183 gnutls_assert ();
184 return ret;
185 }
186
187 return 0;
188
189 }
190
191 /* Returns true(non-zero) or false(0) if the
192 * provided hash exists
193 */
194 int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo)
195 {
196 const gnutls_crypto_mac_st *cc = NULL;
197
198 cc = _gnutls_get_crypto_mac (algo);
199 if (cc != NULL) return 1;
200
201 return _gnutls_mac_ops.exists (algo);
202 }
203
204 int
205 _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
206 const void *key, int keylen)
207 {
208 int result;
209 const gnutls_crypto_mac_st *cc = NULL;
210
211 dig->algorithm = (gnutls_digest_algorithm_t)algorithm;
212 dig->key = key;
213 dig->keysize = keylen;
214
215 /* check if a digest has been registered
216 */
217 cc = _gnutls_get_crypto_mac (algorithm);
218 if (cc != NULL && cc->init != NULL)
219 {
220 if (cc->init (algorithm, &dig->handle) < 0)
221 {
222 gnutls_assert ();
223 return GNUTLS_E_HASH_FAILED;
224 }
225
226 if (cc->setkey (dig->handle, key, keylen) < 0)
227 {
228 gnutls_assert ();
229 cc->deinit (dig->handle);
230 return GNUTLS_E_HASH_FAILED;
231 }
232
233 dig->hash = cc->hash;
234 dig->output = cc->output;
235 dig->deinit = cc->deinit;
236 dig->reset = cc->reset;
237
238 return 0;
239 }
240
241 result = _gnutls_mac_ops.init (algorithm, &dig->handle);
242 if (result < 0)
243 {
244 gnutls_assert ();
245 return result;
246 }
247
248 dig->hash = _gnutls_mac_ops.hash;
249 dig->output = _gnutls_mac_ops.output;
250 dig->deinit = _gnutls_mac_ops.deinit;
251 dig->reset = _gnutls_mac_ops.reset;
252
253 if (_gnutls_mac_ops.setkey (dig->handle, key, keylen) < 0)
254 {
255 gnutls_assert();
256 dig->deinit(dig->handle);
257 return GNUTLS_E_HASH_FAILED;
258 }
259
260 return 0;
261 }
262
263 void
264 _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
265 {
266 if (handle->handle == NULL)
267 {
268 return;
269 }
270
271 if (digest)
272 _gnutls_hmac_output (handle, digest);
273
274 handle->deinit (handle->handle);
275 handle->handle = NULL;
276 }
277
278 inline static int
279 get_padsize (gnutls_digest_algorithm_t algorithm)
280 {
281 switch (algorithm)
282 {
283 case GNUTLS_DIG_MD5:
284 return 48;
285 case GNUTLS_DIG_SHA1:
286 return 40;
287 default:
288 return 0;
289 }
290 }
291
292 /* Special functions for SSL3 MAC
293 */
294
295 int
296 _gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
297 void *key, int keylen)
298 {
299 uint8_t ipad[48];
300 int padsize, result;
301
302 padsize = get_padsize ((gnutls_digest_algorithm_t)algorithm);
303 if (padsize == 0)
304 {
305 gnutls_assert ();
306 return GNUTLS_E_HASH_FAILED;
307 }
308
309 memset (ipad, 0x36, padsize);
310
311 result = _gnutls_hash_init (ret, (gnutls_digest_algorithm_t)algorithm);
312 if (result < 0)
313 {
314 gnutls_assert ();
315 return result;
316 }
317
318 ret->key = key;
319 ret->keysize = keylen;
320
321 if (keylen > 0)
322 _gnutls_hash (ret, key, keylen);
323 _gnutls_hash (ret, ipad, padsize);
324
325 return 0;
326 }
327
328 void
329 _gnutls_mac_reset_ssl3 (digest_hd_st * handle)
330 {
331 uint8_t ipad[48];
332 int padsize;
333
334 padsize = get_padsize (handle->algorithm);
335
336 memset (ipad, 0x36, padsize);
337
338 _gnutls_hash_reset(handle);
339
340 if (handle->keysize > 0)
341 _gnutls_hash (handle, handle->key, handle->keysize);
342 _gnutls_hash (handle, ipad, padsize);
343
344 return;
345 }
346
347 int
348 _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest)
349 {
350 uint8_t ret[MAX_HASH_SIZE];
351 digest_hd_st td;
352 uint8_t opad[48];
353 int padsize;
354 int block, rc;
355
356 padsize = get_padsize (handle->algorithm);
357 if (padsize == 0)
358 {
359 gnutls_assert ();
360 return GNUTLS_E_INTERNAL_ERROR;
361 }
362
363 memset (opad, 0x5C, padsize);
364
365 rc = _gnutls_hash_init (&td, handle->algorithm);
366 if (rc < 0)
367 {
368 gnutls_assert ();
369 return rc;
370 }
371
372 if (handle->keysize > 0)
373 _gnutls_hash (&td, handle->key, handle->keysize);
374
375 _gnutls_hash (&td, opad, padsize);
376 block = _gnutls_hmac_get_algo_len (handle->algorithm);
377 _gnutls_hash_output (handle, ret); /* get the previous hash */
378 _gnutls_hash (&td, ret, block);
379
380 _gnutls_hash_deinit (&td, digest);
381
382 return 0;
383 }
384
385 int
386 _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
387 {
388 int ret = 0;
389
390 if (digest != NULL) ret = _gnutls_mac_output_ssl3(handle, digest);
391 _gnutls_hash_deinit(handle, NULL);
392
393 return ret;
394 }
395
396 int
397 _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
398 void *digest, uint8_t * key,
399 uint32_t key_size)
400 {
401 uint8_t ret[MAX_HASH_SIZE];
402 digest_hd_st td;
403 uint8_t opad[48];
404 uint8_t ipad[48];
405 int padsize;
406 int block, rc;
407
408 padsize = get_padsize (handle->algorithm);
409 if (padsize == 0)
410 {
411 gnutls_assert ();
412 rc = GNUTLS_E_INTERNAL_ERROR;
413 goto cleanup;
414 }
415
416 memset (opad, 0x5C, padsize);
417 memset (ipad, 0x36, padsize);
418
419 rc = _gnutls_hash_init (&td, handle->algorithm);
420 if (rc < 0)
421 {
422 gnutls_assert ();
423 goto cleanup;
424 }
425
426 if (key_size > 0)
427 _gnutls_hash (&td, key, key_size);
428
429 _gnutls_hash (&td, opad, padsize);
430 block = _gnutls_hmac_get_algo_len (handle->algorithm);
431
432 if (key_size > 0)
433 _gnutls_hash (handle, key, key_size);
434 _gnutls_hash (handle, ipad, padsize);
435 _gnutls_hash_deinit (handle, ret); /* get the previous hash */
436
437 _gnutls_hash (&td, ret, block);
438
439 _gnutls_hash_deinit (&td, digest);
440
441 return 0;
442
443 cleanup:
444 _gnutls_hash_deinit(handle, NULL);
445 return rc;
446 }
447
448 static int
449 ssl3_sha (int i, uint8_t * secret, int secret_len,
450 uint8_t * rnd, int rnd_len, void *digest)
451 {
452 int j, ret;
453 uint8_t text1[26];
454
455 digest_hd_st td;
456
457 for (j = 0; j < i + 1; j++)
458 {
459 text1[j] = 65 + i; /* A==65 */
460 }
461
462 ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
463 if (ret < 0)
464 {
465 gnutls_assert ();
466 return ret;
467 }
468
469 _gnutls_hash (&td, text1, i + 1);
470 _gnutls_hash (&td, secret, secret_len);
471 _gnutls_hash (&td, rnd, rnd_len);
472
473 _gnutls_hash_deinit (&td, digest);
474 return 0;
475 }
476
477 #define SHA1_DIGEST_OUTPUT 20
478 #define MD5_DIGEST_OUTPUT 16
479
480 static int
481 ssl3_md5 (int i, uint8_t * secret, int secret_len,
482 uint8_t * rnd, int rnd_len, void *digest)
483 {
484 uint8_t tmp[MAX_HASH_SIZE];
485 digest_hd_st td;
486 int ret;
487
488 ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
489 if (ret < 0)
490 {
491 gnutls_assert ();
492 return ret;
493 }
494
495 _gnutls_hash (&td, secret, secret_len);
496
497 ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
498 if (ret < 0)
499 {
500 gnutls_assert ();
501 _gnutls_hash_deinit (&td, digest);
502 return ret;
503 }
504
505 _gnutls_hash (&td, tmp, SHA1_DIGEST_OUTPUT);
506
507 _gnutls_hash_deinit (&td, digest);
508 return 0;
509 }
510
511 int
512 _gnutls_ssl3_hash_md5 (const void *first, int first_len,
513 const void *second, int second_len,
514 int ret_len, uint8_t * ret)
515 {
516 uint8_t digest[MAX_HASH_SIZE];
517 digest_hd_st td;
518 int block = MD5_DIGEST_OUTPUT;
519 int rc;
520
521 rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
522 if (rc < 0)
523 {
524 gnutls_assert ();
525 return rc;
526 }
527
528 _gnutls_hash (&td, first, first_len);
529 _gnutls_hash (&td, second, second_len);
530
531 _gnutls_hash_deinit (&td, digest);
532
533 if (ret_len > block)
534 {
535 gnutls_assert ();
536 return GNUTLS_E_INTERNAL_ERROR;
537 }
538
539 memcpy (ret, digest, ret_len);
540
541 return 0;
542
543 }
544
545 int
546 _gnutls_ssl3_generate_random (void *secret, int secret_len,
547 void *rnd, int rnd_len,
548 int ret_bytes, uint8_t * ret)
549 {
550 int i = 0, copy, output_bytes;
551 uint8_t digest[MAX_HASH_SIZE];
552 int block = MD5_DIGEST_OUTPUT;
553 int result, times;
554
555 output_bytes = 0;
556 do
557 {
558 output_bytes += block;
559 }
560 while (output_bytes < ret_bytes);
561
562 times = output_bytes / block;
563
564 for (i = 0; i < times; i++)
565 {
566
567 result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
568 if (result < 0)
569 {
570 gnutls_assert ();
571 return result;
572 }
573
574 if ((1 + i) * block < ret_bytes)
575 {
576 copy = block;
577 }
578 else
579 {
580 copy = ret_bytes - (i) * block;
581 }
582
583 memcpy (&ret[i * block], digest, copy);
584 }
585
586 return 0;
587 }
Implementation of the SSL/TLS protocol