FreeRDP/winpr/libwinpr/crypto/hash.c

525 lines
10 KiB
C
Raw Normal View History

/**
* WinPR: Windows Portable Runtime
*
* Copyright 2015 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <winpr/crt.h>
#include <winpr/crypto.h>
#ifdef WITH_OPENSSL
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#endif
#ifdef WITH_MBEDTLS
#include <mbedtls/md4.h>
#include <mbedtls/md5.h>
#include <mbedtls/sha1.h>
#include <mbedtls/md.h>
#endif
/**
* HMAC
*/
#ifdef WITH_OPENSSL
const EVP_MD* winpr_openssl_get_evp_md(int md)
{
const EVP_MD* evp = NULL;
switch (md)
{
case WINPR_MD_MD2:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("md2");
break;
case WINPR_MD_MD4:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("md4");
break;
case WINPR_MD_MD5:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("md5");
break;
case WINPR_MD_SHA1:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("sha1");
break;
case WINPR_MD_SHA224:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("sha224");
break;
case WINPR_MD_SHA256:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("sha256");
break;
case WINPR_MD_SHA384:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("sha384");
break;
case WINPR_MD_SHA512:
2015-10-13 16:43:26 +03:00
evp = EVP_get_digestbyname("sha512");
break;
case WINPR_MD_RIPEMD160:
evp = EVP_get_digestbyname("ripemd160");
break;
}
return evp;
}
#endif
#ifdef WITH_MBEDTLS
mbedtls_md_type_t winpr_mbedtls_get_md_type(int md)
{
mbedtls_md_type_t type = MBEDTLS_MD_NONE;
switch (md)
{
case WINPR_MD_MD2:
type = MBEDTLS_MD_MD2;
break;
case WINPR_MD_MD4:
type = MBEDTLS_MD_MD4;
break;
case WINPR_MD_MD5:
type = MBEDTLS_MD_MD5;
break;
case WINPR_MD_SHA1:
type = MBEDTLS_MD_SHA1;
break;
case WINPR_MD_SHA224:
type = MBEDTLS_MD_SHA224;
break;
case WINPR_MD_SHA256:
type = MBEDTLS_MD_SHA256;
break;
case WINPR_MD_SHA384:
type = MBEDTLS_MD_SHA384;
break;
case WINPR_MD_SHA512:
type = MBEDTLS_MD_SHA512;
break;
case WINPR_MD_RIPEMD160:
type = MBEDTLS_MD_RIPEMD160;
break;
}
return type;
}
#endif
WINPR_HMAC_CTX* winpr_HMAC_New(void)
{
2016-11-21 19:28:54 +03:00
WINPR_HMAC_CTX* ctx = NULL;
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = NULL;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
2017-11-17 14:41:18 +03:00
if (!(hmac = (HMAC_CTX*) calloc(1, sizeof(HMAC_CTX))))
2016-11-21 19:28:54 +03:00
return NULL;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
HMAC_CTX_init(hmac);
#else
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (!(hmac = HMAC_CTX_new()))
return NULL;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
#endif
ctx = (WINPR_HMAC_CTX*) hmac;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac;
2017-11-17 14:41:18 +03:00
if (!(hmac = (mbedtls_md_context_t*) calloc(1, sizeof(mbedtls_md_context_t))))
return NULL;
mbedtls_md_init(hmac);
ctx = (WINPR_HMAC_CTX*) hmac;
#endif
return ctx;
}
BOOL winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, WINPR_MD_TYPE md, const BYTE* key, size_t keylen)
{
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = (HMAC_CTX*) ctx;
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
if (!evp || !hmac)
return FALSE;
2015-10-13 16:43:26 +03:00
#if (OPENSSL_VERSION_NUMBER < 0x10000000L) || defined(LIBRESSL_VERSION_NUMBER)
HMAC_Init_ex(hmac, key, keylen, evp, NULL); /* no return value on OpenSSL 0.9.x */
return TRUE;
2016-11-21 19:28:54 +03:00
#else
2017-11-17 14:41:18 +03:00
if (HMAC_Init_ex(hmac, key, keylen, evp, NULL) == 1)
return TRUE;
2017-11-17 14:41:18 +03:00
#endif
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac = (mbedtls_md_context_t*) ctx;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
2016-11-21 19:28:54 +03:00
const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md_type);
2015-10-13 16:43:26 +03:00
if (!md_info || !hmac)
return FALSE;
2015-10-13 16:43:26 +03:00
if (hmac->md_info != md_info)
2016-11-21 19:28:54 +03:00
{
mbedtls_md_free(hmac); /* can be called at any time after mbedtls_md_init */
2016-11-21 19:28:54 +03:00
if (mbedtls_md_setup(hmac, md_info, 1) != 0)
return FALSE;
2016-11-21 19:28:54 +03:00
}
if (mbedtls_md_hmac_starts(hmac, key, keylen) == 0)
return TRUE;
2017-11-17 14:41:18 +03:00
#endif
return FALSE;
}
2016-02-24 23:45:09 +03:00
BOOL winpr_HMAC_Update(WINPR_HMAC_CTX* ctx, const BYTE* input, size_t ilen)
{
#if defined(WITH_OPENSSL)
2016-11-21 19:28:54 +03:00
HMAC_CTX* hmac = (HMAC_CTX*) ctx;
#if (OPENSSL_VERSION_NUMBER < 0x10000000L) || defined(LIBRESSL_VERSION_NUMBER)
HMAC_Update(hmac, input, ilen); /* no return value on OpenSSL 0.9.x */
return TRUE;
#else
2017-11-17 14:41:18 +03:00
if (HMAC_Update(hmac, input, ilen) == 1)
return TRUE;
2016-11-21 19:28:54 +03:00
2017-11-17 14:41:18 +03:00
#endif
#elif defined(WITH_MBEDTLS)
2016-11-21 19:28:54 +03:00
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
2017-11-17 14:41:18 +03:00
if (mbedtls_md_hmac_update(mdctx, input, ilen) == 0)
return TRUE;
2017-11-17 14:41:18 +03:00
#endif
return FALSE;
}
2016-02-24 23:45:09 +03:00
BOOL winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output, size_t olen)
{
2016-11-25 13:50:28 +03:00
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx;
#endif
if (!ctx)
2016-02-26 11:28:54 +03:00
return FALSE;
#if defined(WITH_OPENSSL)
2016-11-25 13:50:28 +03:00
hmac = (HMAC_CTX*) ctx;
#if (OPENSSL_VERSION_NUMBER < 0x10000000L) || defined(LIBRESSL_VERSION_NUMBER)
HMAC_Final(hmac, output, NULL); /* no return value on OpenSSL 0.9.x */
return TRUE;
#else
2017-11-17 14:41:18 +03:00
if (HMAC_Final(hmac, output, NULL) == 1)
return TRUE;
2017-11-17 14:41:18 +03:00
#endif
#elif defined(WITH_MBEDTLS)
2016-11-25 13:50:28 +03:00
mdctx = (mbedtls_md_context_t*) ctx;
2017-11-17 14:41:18 +03:00
if (mbedtls_md_hmac_finish(mdctx, output) == 0)
return TRUE;
2016-11-21 19:28:54 +03:00
2017-11-17 14:41:18 +03:00
#endif
return FALSE;
}
void winpr_HMAC_Free(WINPR_HMAC_CTX* ctx)
{
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = (HMAC_CTX*) ctx;
2017-11-17 14:41:18 +03:00
if (hmac)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX_cleanup(hmac);
free(hmac);
2016-11-21 19:28:54 +03:00
#else
HMAC_CTX_free(hmac);
2016-11-21 19:28:54 +03:00
#endif
}
2016-11-21 19:28:54 +03:00
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac = (mbedtls_md_context_t*) ctx;
2017-11-17 14:41:18 +03:00
if (hmac)
{
mbedtls_md_free(hmac);
free(hmac);
}
2017-11-17 14:41:18 +03:00
#endif
}
2016-02-24 23:45:09 +03:00
BOOL winpr_HMAC(WINPR_MD_TYPE md, const BYTE* key, size_t keylen,
2017-11-17 14:41:18 +03:00
const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
2017-11-17 14:41:18 +03:00
WINPR_HMAC_CTX* ctx = winpr_HMAC_New();
2015-10-13 16:43:26 +03:00
2016-11-21 19:28:54 +03:00
if (!ctx)
2016-02-24 23:45:09 +03:00
return FALSE;
2015-10-13 16:43:26 +03:00
if (!winpr_HMAC_Init(ctx, md, key, keylen))
goto out;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (!winpr_HMAC_Update(ctx, input, ilen))
goto out;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (!winpr_HMAC_Final(ctx, output, olen))
goto out;
2015-10-13 16:43:26 +03:00
result = TRUE;
out:
winpr_HMAC_Free(ctx);
return result;
}
/**
* Generic Digest API
*/
WINPR_DIGEST_CTX* winpr_Digest_New(void)
{
2016-11-21 19:28:54 +03:00
WINPR_DIGEST_CTX* ctx = NULL;
#if defined(WITH_OPENSSL)
2016-11-21 19:28:54 +03:00
EVP_MD_CTX* mdctx;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
2016-11-21 19:28:54 +03:00
mdctx = EVP_MD_CTX_create();
#else
mdctx = EVP_MD_CTX_new();
#endif
ctx = (WINPR_DIGEST_CTX*) mdctx;
#elif defined(WITH_MBEDTLS)
2016-11-21 19:28:54 +03:00
mbedtls_md_context_t* mdctx;
mdctx = (mbedtls_md_context_t*) calloc(1, sizeof(mbedtls_md_context_t));
2017-11-17 14:41:18 +03:00
if (mdctx)
mbedtls_md_init(mdctx);
2017-11-17 14:41:18 +03:00
ctx = (WINPR_DIGEST_CTX*) mdctx;
#endif
return ctx;
}
#if defined(WITH_OPENSSL)
2018-02-14 14:44:12 +03:00
static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, const EVP_MD* evp)
{
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
if (!mdctx || !evp)
return FALSE;
if (EVP_DigestInit_ex(mdctx, evp, NULL) != 1)
return FALSE;
return TRUE;
}
#elif defined(WITH_MBEDTLS)
2018-02-14 14:44:12 +03:00
static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
2016-11-21 19:28:54 +03:00
const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md_type);
2015-10-13 16:43:26 +03:00
if (!md_info)
return FALSE;
2015-10-13 16:43:26 +03:00
if (mdctx->md_info != md_info)
2016-11-21 19:28:54 +03:00
{
mbedtls_md_free(mdctx); /* can be called at any time after mbedtls_md_init */
if (mbedtls_md_setup(mdctx, md_info, 0) != 0)
return FALSE;
2016-11-21 19:28:54 +03:00
}
if (mbedtls_md_starts(mdctx) != 0)
return FALSE;
2016-11-21 19:28:54 +03:00
return TRUE;
}
#endif
BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
/* Only MD5 is supported for FIPS allow override */
if (md != WINPR_MD_MD5)
return FALSE;
2017-11-17 14:41:18 +03:00
EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
2018-02-14 14:44:12 +03:00
return winpr_Digest_Init_Internal(ctx, evp);
#elif defined(WITH_MBEDTLS)
2017-11-17 14:41:18 +03:00
/* Only MD5 is supported for FIPS allow override */
if (md != WINPR_MD_MD5)
2017-11-17 14:41:18 +03:00
return FALSE;
return winpr_Digest_Init_Internal(ctx, md);
#endif
}
BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
#if defined(WITH_OPENSSL)
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
2018-02-14 14:44:12 +03:00
return winpr_Digest_Init_Internal(ctx, evp);
#else
return winpr_Digest_Init_Internal(ctx, md);
#endif
}
2016-02-24 23:45:09 +03:00
BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen)
{
#if defined(WITH_OPENSSL)
2016-11-21 19:28:54 +03:00
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (EVP_DigestUpdate(mdctx, input, ilen) != 1)
2016-02-24 23:45:09 +03:00
return FALSE;
2017-11-17 14:41:18 +03:00
#elif defined(WITH_MBEDTLS)
2016-11-21 19:28:54 +03:00
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (mbedtls_md_update(mdctx, input, ilen) != 0)
2016-02-24 23:45:09 +03:00
return FALSE;
2017-11-17 14:41:18 +03:00
#endif
2016-02-24 23:45:09 +03:00
return TRUE;
}
2016-02-24 23:45:09 +03:00
BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t olen)
{
#if defined(WITH_OPENSSL)
2016-11-21 19:28:54 +03:00
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
2017-11-17 14:41:18 +03:00
if (EVP_DigestFinal_ex(mdctx, output, NULL) == 1)
return TRUE;
2016-11-21 19:28:54 +03:00
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
2017-11-17 14:41:18 +03:00
if (mbedtls_md_finish(mdctx, output) == 0)
return TRUE;
2017-11-17 14:41:18 +03:00
#endif
return FALSE;
}
void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
2017-11-17 14:41:18 +03:00
if (mdctx)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_destroy(mdctx);
2016-11-21 19:28:54 +03:00
#else
EVP_MD_CTX_free(mdctx);
2016-11-21 19:28:54 +03:00
#endif
}
2016-11-21 19:28:54 +03:00
#elif defined(WITH_MBEDTLS)
2016-11-21 19:28:54 +03:00
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
2017-11-17 14:41:18 +03:00
if (mdctx)
{
mbedtls_md_free(mdctx);
free(mdctx);
}
2017-11-17 14:41:18 +03:00
#endif
}
2018-02-14 14:44:12 +03:00
BOOL winpr_Digest_Allow_FIPS(WINPR_MD_TYPE md, const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
2017-11-17 14:41:18 +03:00
WINPR_DIGEST_CTX* ctx = winpr_Digest_New();
if (!ctx)
return FALSE;
if (!winpr_Digest_Init_Allow_FIPS(ctx, md))
goto out;
2017-11-17 14:41:18 +03:00
if (!winpr_Digest_Update(ctx, input, ilen))
goto out;
2017-11-17 14:41:18 +03:00
if (!winpr_Digest_Final(ctx, output, olen))
goto out;
result = TRUE;
out:
winpr_Digest_Free(ctx);
return result;
}
2018-02-14 14:44:12 +03:00
BOOL winpr_Digest(WINPR_MD_TYPE md, const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
2017-11-17 14:41:18 +03:00
WINPR_DIGEST_CTX* ctx = winpr_Digest_New();
2015-10-13 16:43:26 +03:00
2016-11-21 19:28:54 +03:00
if (!ctx)
2016-02-24 23:45:09 +03:00
return FALSE;
2015-10-13 16:43:26 +03:00
if (!winpr_Digest_Init(ctx, md))
goto out;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (!winpr_Digest_Update(ctx, input, ilen))
goto out;
2017-11-17 14:41:18 +03:00
2016-11-21 19:28:54 +03:00
if (!winpr_Digest_Final(ctx, output, olen))
goto out;
2015-10-13 16:43:26 +03:00
result = TRUE;
out:
winpr_Digest_Free(ctx);
return result;
}