/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
╞══════════════════════════════════════════════════════════════════════════════╡
│ Copyright The Mbed TLS Contributors │
│ │
│ Licensed under the Apache License, Version 2.0 (the "License"); │
│ you may not use this file except in compliance with the License. │
│ You may obtain a copy of the License at │
│ │
│ http://www.apache.org/licenses/LICENSE-2.0 │
│ │
│ Unless required by applicable law or agreed to in writing, software │
│ distributed under the License is distributed on an "AS IS" BASIS, │
│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │
│ See the License for the specific language governing permissions and │
│ limitations under the License. │
╚─────────────────────────────────────────────────────────────────────────────*/
#include "libc/mem/mem.h"
#include "libc/stdio/stdio.h"
#include "libc/str/blake2.h"
#include "libc/str/str.h"
#include "third_party/mbedtls/common.h"
#include "third_party/mbedtls/error.h"
#include "third_party/mbedtls/md.h"
#include "third_party/mbedtls/md5.h"
#include "third_party/mbedtls/platform.h"
#include "third_party/mbedtls/sha1.h"
#include "third_party/mbedtls/sha256.h"
#include "third_party/mbedtls/sha512.h"
/* clang-format off */
asm(".ident\t\"\\n\\n\
Mbed TLS (Apache 2.0)\\n\
Copyright ARM Limited\\n\
Copyright Mbed TLS Contributors\"");
asm(".include \"libc/disclaimer.inc\"");
/**
* \file md.c
*
* \brief Generic message digest wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if defined(MBEDTLS_MD_C)
#define CHECK(f) \
do \
{ \
if( ( ret = (f) ) ) \
goto cleanup; \
} while( 0 )
/*
* Reminder: update profiles in x509_crt.c when adding a new hash!
*/
static const uint8_t supported_digests[] = {
MBEDTLS_MD_BLAKE2B256,
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
#if !defined(MBEDTLS_SHA512_NO_SHA384)
MBEDTLS_MD_SHA384,
#endif
#endif
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA224,
#endif
#if defined(MBEDTLS_SHA1_C)
MBEDTLS_MD_SHA1,
#endif
#if defined(MBEDTLS_MD5_C)
MBEDTLS_MD_MD5,
#endif
#if defined(MBEDTLS_MD4_C)
MBEDTLS_MD_MD4,
#endif
#if defined(MBEDTLS_MD2_C)
MBEDTLS_MD_MD2,
#endif
MBEDTLS_MD_NONE
};
/**
* \brief This function returns the list of digests supported by the
* generic digest module.
*
* \note The list starts with the strongest available hashes.
*
* \return A statically allocated array of digests. Each element
* in the returned list is an integer belonging to the
* message-digest enumeration #mbedtls_md_type_t.
* The last entry is 0.
*/
const uint8_t *mbedtls_md_list( void )
{
return( supported_digests );
}
/**
* \brief This function returns the message-digest information
* associated with the given digest name.
*
* \param md_name The name of the digest to search for.
*
* \return The message-digest information associated with \p md_name.
* \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
{
if( NULL == md_name )
return( NULL );
/* Get the appropriate digest information */
#if defined(MBEDTLS_MD2_C)
if( !strcasecmp( "MD2", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
#endif
#if defined(MBEDTLS_MD4_C)
if( !strcasecmp( "MD4", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
#endif
#if defined(MBEDTLS_MD5_C)
if( !strcasecmp( "MD5", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
#endif
#if defined(MBEDTLS_SHA1_C)
if( !strcasecmp( "SHA1", md_name ) || !strcasecmp( "SHA", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
#endif
#if defined(MBEDTLS_SHA256_C)
if( !strcasecmp( "SHA224", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
if( !strcasecmp( "SHA256", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
if( !strcasecmp( "SHA384", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
#endif
if( !strcasecmp( "SHA512", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
#endif
if( !strcasecmp( "BLAKE2B256", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_BLAKE2B256 );
return( NULL );
}
/**
* \brief This function returns the message-digest information
* associated with the given digest type.
*
* \param md_type The type of digest to search for.
*
* \return The message-digest information associated with \p md_type.
* \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
{
switch( md_type )
{
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return( &mbedtls_md2_info );
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
return( &mbedtls_md4_info );
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return( &mbedtls_md5_info );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
return( &mbedtls_sha1_info );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
return( &mbedtls_sha224_info );
case MBEDTLS_MD_SHA256:
return( &mbedtls_sha256_info );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( &mbedtls_sha384_info );
#endif
case MBEDTLS_MD_SHA512:
return( &mbedtls_sha512_info );
#endif
case MBEDTLS_MD_BLAKE2B256:
return( &mbedtls_blake2b256_info );
default:
return( NULL );
}
}
static int16_t GetMdContextSize(mbedtls_md_type_t t)
{
switch( t )
{
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return sizeof(mbedtls_md2_context);
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
return sizeof(mbedtls_md4_context);
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return sizeof(mbedtls_md5_context);
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
return sizeof(mbedtls_sha1_context);
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
case MBEDTLS_MD_SHA256:
return sizeof(mbedtls_sha256_context);
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
return sizeof(mbedtls_sha512_context);
#endif
case MBEDTLS_MD_BLAKE2B256:
return sizeof(struct Blake2b);
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
}
/**
* \brief This function initializes a message-digest context without
* binding it to a particular message-digest algorithm.
*
* This function should always be called first. It prepares the
* context for mbedtls_md_setup() for binding it to a
* message-digest algorithm.
*/
void mbedtls_md_init( mbedtls_md_context_t *ctx )
{
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
}
/**
* \brief This function clears the internal structure of \p ctx and
* frees any embedded internal structure, but does not free
* \p ctx itself.
*
* If you have called mbedtls_md_setup() on \p ctx, you must
* call mbedtls_md_free() when you are no longer using the
* context.
* Calling this function if you have previously
* called mbedtls_md_init() and nothing else is optional.
* You must not call this function if you have not called
* mbedtls_md_init().
*/
void mbedtls_md_free( mbedtls_md_context_t *ctx )
{
int16_t csize;
if( !ctx || !ctx->md_info )
return;
if( ctx->md_ctx )
{
if ( ( csize = GetMdContextSize( ctx->md_info->type ) ) > 0 )
mbedtls_platform_zeroize( ctx->md_ctx, csize );
mbedtls_free( ctx->md_ctx );
}
if( ctx->hmac_ctx )
{
mbedtls_platform_zeroize( ctx->hmac_ctx,
2 * ctx->md_info->block_size );
mbedtls_free( ctx->hmac_ctx );
}
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
}
/**
* \brief This function clones the state of an message-digest
* context.
*
* \note You must call mbedtls_md_setup() on \c dst before calling
* this function.
*
* \note The two contexts must have the same type,
* for example, both are SHA-256.
*
* \warning This function clones the message-digest state, not the
* HMAC state.
*
* \param dst The destination context.
* \param src The context to be cloned.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
*/
int mbedtls_md_clone( mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src )
{
int16_t csize;
if( !dst || !dst->md_info ||
!src || !src->md_info ||
dst->md_info != src->md_info ||
( csize = GetMdContextSize( src->md_info->type ) ) < 0)
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
memcpy( dst->md_ctx, src->md_ctx, csize );
return( 0 );
}
#define ALLOC( type ) \
do { \
ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \
if( !ctx->md_ctx ) \
return( MBEDTLS_ERR_MD_ALLOC_FAILED ); \
} \
while( 0 )
/**
* \brief This function selects the message digest algorithm to use,
* and allocates internal structures.
*
* It should be called after mbedtls_md_init() or
* mbedtls_md_free(). Makes it necessary to call
* mbedtls_md_free() later.
*
* \param ctx The context to set up.
* \param md_info The information structure of the message-digest algorithm
* to use.
* \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
* or non-zero: HMAC is used with this context.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
{
int16_t csize;
if( !md_info || !ctx )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
ctx->md_info = md_info;
ctx->md_ctx = NULL;
ctx->hmac_ctx = NULL;
if ((csize = GetMdContextSize(md_info->type)) < 0)
return( csize );
if( !( ctx->md_ctx = mbedtls_calloc( 1, csize ) ) )
return( MBEDTLS_ERR_MD_ALLOC_FAILED );
if( hmac )
{
ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
if( !ctx->hmac_ctx )
{
mbedtls_md_free( ctx );
return( MBEDTLS_ERR_MD_ALLOC_FAILED );
}
}
return( 0 );
}
/**
* \brief This function calculates the message-digest checksum
* result of the contents of the provided file.
*
* The result is calculated as
* Output = message_digest(file contents).
*
* \param md_info The information structure of the message-digest algorithm
* to use.
* \param path The input file name.
* \param output The generic message-digest checksum result.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
* the file pointed by \p path.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
{
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
FILE *f;
size_t n;
mbedtls_md_context_t ctx;
unsigned char buf[1024];
if( !md_info )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
if( !( f = fopen( path, "rb" ) ) )
return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
mbedtls_md_init( &ctx );
CHECK( mbedtls_md_setup( &ctx, md_info, 0 ) );
CHECK( mbedtls_md_starts( &ctx ) );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
CHECK( mbedtls_md_update( &ctx, buf, n ) );
if( ferror( f ) )
ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
else
ret = mbedtls_md_finish( &ctx, output );
cleanup:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
mbedtls_md_free( &ctx );
fclose( f );
return( ret );
}
/**
* \brief This function sets the HMAC key and prepares to
* authenticate a new message.
*
* Call this function after mbedtls_md_setup(), to use
* the MD context for an HMAC calculation, then call
* mbedtls_md_hmac_update() to provide the input data, and
* mbedtls_md_hmac_finish() to get the HMAC value.
*
* \param ctx The message digest context containing an embedded HMAC
* context.
* \param key The HMAC secret key.
* \param keylen The length of the HMAC key in Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
{
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
unsigned char *ipad, *opad;
size_t i;
if( !ctx || !ctx->md_info || !ctx->hmac_ctx )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
if( keylen > (size_t) ctx->md_info->block_size )
{
CHECK( mbedtls_md_starts( ctx ) );
CHECK( mbedtls_md_update( ctx, key, keylen ) );
CHECK( mbedtls_md_finish( ctx, sum ) );
keylen = ctx->md_info->size;
key = sum;
}
ipad = (unsigned char *) ctx->hmac_ctx;
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
memset( ipad, 0x36, ctx->md_info->block_size );
memset( opad, 0x5C, ctx->md_info->block_size );
for( i = 0; i < keylen; i++ )
{
ipad[i] = (unsigned char)( ipad[i] ^ key[i] );
opad[i] = (unsigned char)( opad[i] ^ key[i] );
}
CHECK( mbedtls_md_starts( ctx ) );
CHECK( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) );
cleanup:
mbedtls_platform_zeroize( sum, sizeof( sum ) );
return( ret );
}
/**
* \brief This function finishes the HMAC operation, and writes
* the result to the output buffer.
*
* Call this function after mbedtls_md_hmac_starts() and
* mbedtls_md_hmac_update() to get the HMAC value. Afterwards
* you may either call mbedtls_md_free() to clear the context,
* or call mbedtls_md_hmac_reset() to reuse the context with
* the same HMAC key.
*
* \param ctx The message digest context containing an embedded HMAC
* context.
* \param output The generic HMAC checksum result.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
{
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
unsigned char *opad;
if( !ctx || !ctx->md_info || !ctx->hmac_ctx )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
CHECK( mbedtls_md_finish( ctx, tmp ) );
CHECK( mbedtls_md_starts( ctx ) );
CHECK( mbedtls_md_update( ctx, opad, ctx->md_info->block_size ) );
CHECK( mbedtls_md_update( ctx, tmp, ctx->md_info->size ) );
return( mbedtls_md_finish( ctx, output ) );
cleanup:
return( ret );
}
/**
* \brief This function prepares to authenticate a new message with
* the same key as the previous HMAC operation.
*
* You may call this function after mbedtls_md_hmac_finish().
* Afterwards call mbedtls_md_hmac_update() to pass the new
* input.
*
* \param ctx The message digest context containing an embedded HMAC
* context.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
{
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
unsigned char *ipad;
if( !ctx || !ctx->md_info || !ctx->hmac_ctx )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
ipad = (unsigned char *) ctx->hmac_ctx;
if( ( ret = mbedtls_md_starts( ctx ) ) )
return( ret );
return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) );
}
/**
* \brief This function calculates the full generic HMAC
* on the input buffer with the provided key.
*
* The function allocates the context, performs the
* calculation, and frees the context.
*
* The HMAC result is calculated as
* output = generic HMAC(hmac key, input buffer).
*
* \param md_info The information structure of the message-digest algorithm
* to use.
* \param key The HMAC secret key.
* \param keylen The length of the HMAC secret key in Bytes.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
* \param output The generic HMAC result.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output )
{
mbedtls_md_context_t ctx;
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
if( !md_info )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
mbedtls_md_init( &ctx );
CHECK( mbedtls_md_setup( &ctx, md_info, 1 ) );
CHECK( mbedtls_md_hmac_starts( &ctx, key, keylen ) );
CHECK( mbedtls_md_hmac_update( &ctx, input, ilen ) );
CHECK( mbedtls_md_hmac_finish( &ctx, output ) );
cleanup:
mbedtls_md_free( &ctx );
return( ret );
}
#if defined(MBEDTLS_MD2_C)
const mbedtls_md_info_t mbedtls_md2_info = {
"MD2",
MBEDTLS_MD_MD2,
16,
16,
};
#endif
#if defined(MBEDTLS_MD4_C)
const mbedtls_md_info_t mbedtls_md4_info = {
"MD4",
MBEDTLS_MD_MD4,
16,
64,
};
#endif
#endif /* MBEDTLS_MD_C */