mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HMAC fips mode

Browse Source
This commit is contained in:
toddouska 2014-03-27 15:43:54 -07:00
parent 7dd265cf2e
commit 05b132ce1c
12 changed files with 194 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ctaocrypt/src/hmac.c
View File

@ -43,6 +43,11 @@
#endif
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/error-crypt.h>
@ -288,7 +293,7 @@ static void HmacKeyInnerHash(Hmac* hmac)
}
void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
@ -339,10 +344,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break;
}
return 0;
}
void HmacFinal(Hmac* hmac, byte* hash)
int HmacFinal(Hmac* hmac, byte* hash)
{
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
@ -445,6 +451,8 @@ void HmacFinal(Hmac* hmac, byte* hash)
}
hmac->innerHashKeyed = 0;
return 0;
}

6
ctaocrypt/src/pwdbased.c
View File

@ -122,7 +122,7 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
{
word32 i = 1;
int hLen;
int j;
int j, ret;
Hmac hmac;
byte buffer[MAX_DIGEST_SIZE];
@ -145,7 +145,9 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
else
return BAD_FUNC_ARG;
HmacSetKey(&hmac, hashType, passwd, pLen);
ret = HmacSetKey(&hmac, hashType, passwd, pLen);
if (ret != 0)
return ret;
while (kLen) {
int currentLen;

31
ctaocrypt/test/test.c
View File

@ -1100,6 +1100,7 @@ int hmac_md5_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -1134,7 +1135,9 @@ int hmac_md5_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20009;
#endif
HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4011;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -1168,6 +1171,7 @@ int hmac_sha_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -1202,7 +1206,9 @@ int hmac_sha_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20010;
#endif
HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4012;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -1237,6 +1243,7 @@ int hmac_sha256_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -1274,7 +1281,9 @@ int hmac_sha256_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4013;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -1309,6 +1318,7 @@ int hmac_blake2b_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -1346,7 +1356,10 @@ int hmac_blake2b_test(void)
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
(word32)strlen(keys[i]));
if (ret != 0)
return -4014;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -1381,6 +1394,7 @@ int hmac_sha384_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -1415,7 +1429,9 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4015;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -1447,6 +1463,7 @@ int hmac_sha512_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -1484,7 +1501,9 @@ int hmac_sha512_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA512, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4016;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);

23
cyassl/ctaocrypt/hmac.h
View File

@ -151,9 +151,9 @@ typedef struct Hmac {
/* does init */
CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
CYASSL_API void HmacUpdate(Hmac*, const byte*, word32);
CYASSL_API void HmacFinal(Hmac*, byte*);
CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
CYASSL_API int HmacUpdate(Hmac*, const byte*, word32);
CYASSL_API int HmacFinal(Hmac*, byte*);
#ifdef HAVE_CAVIUM
CYASSL_API int HmacInitCavium(Hmac*, int);
@ -172,6 +172,23 @@ CYASSL_API int HKDF(int type, const byte* inKey, word32 inKeySz,
#endif /* HAVE_HKDF */
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int HmacSetKey_fips(Hmac*, int type, const byte* key,
word32 keySz);
CYASSL_API int HmacUpdate_fips(Hmac*, const byte*, word32);
CYASSL_API int HmacFinal_fips(Hmac*, byte*);
#ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */
#define HmacSetKey HmacSetKey_fips
#define HmacUpdate HmacUpdate_fips
#define HmacFinal HmacFinal_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus
} /* extern "C" */
#endif

2
cyassl/internal.h
View File

@ -2072,7 +2072,7 @@ CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
#endif
#endif
CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
const byte* sender);
CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);

8
cyassl/test.h
View File

@ -1341,8 +1341,10 @@ static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut,
/* hmac, not needed if aead mode */
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl));
if (ret != 0)
return ret;
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, macIn, macInSz);
HmacFinal(&hmac, macOut);
@ -1448,8 +1450,10 @@ static INLINE int myDecryptVerifyCb(CYASSL* ssl,
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), digestSz);
if (ret != 0)
return ret;
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, decOut + ivExtra, macInSz);
HmacFinal(&hmac, verify);

12
mcapi/crypto.c
View File

@ -233,9 +233,7 @@ int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
return BAD_FUNC_ARG; /* bad hmac type */
}
HmacSetKey((Hmac*)hmac, type, key, sz);
return 0;
return HmacSetKey((Hmac*)hmac, type, key, sz);
}
@ -245,9 +243,7 @@ int CRYPT_HMAC_DataAdd(CRYPT_HMAC_CTX* hmac, const unsigned char* input,
if (hmac == NULL || input == NULL)
return BAD_FUNC_ARG;
HmacUpdate((Hmac*)hmac, input, sz);
return 0;
return HmacUpdate((Hmac*)hmac, input, sz);
}
@ -257,9 +253,7 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX* hmac, unsigned char* digest)
if (hmac == NULL || digest == NULL)
return BAD_FUNC_ARG;
HmacFinal((Hmac*)hmac, digest);
return 0;
return HmacFinal((Hmac*)hmac, digest);
}

25
mcapi/mcapi_test.c
View File

@ -368,6 +368,7 @@ static int check_hmac(void)
{
CRYPT_HMAC_CTX mcHmac;
Hmac defHmac;
int ret;
byte mcDigest[CRYPT_SHA512_DIGEST_SIZE];
byte defDigest[SHA512_DIGEST_SIZE];
@ -375,7 +376,11 @@ static int check_hmac(void)
/* SHA1 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA, key, 4);
HmacSetKey(&defHmac, SHA, key, 4);
ret = HmacSetKey(&defHmac, SHA, key, 4);
if (ret != 0) {
printf("hmac sha setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);
@ -391,7 +396,11 @@ static int check_hmac(void)
/* SHA-256 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA256, key, 4);
HmacSetKey(&defHmac, SHA256, key, 4);
ret = HmacSetKey(&defHmac, SHA256, key, 4);
if (ret != 0) {
printf("hmac sha256 setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);
@ -407,7 +416,11 @@ static int check_hmac(void)
/* SHA-384 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA384, key, 4);
HmacSetKey(&defHmac, SHA384, key, 4);
ret = HmacSetKey(&defHmac, SHA384, key, 4);
if (ret != 0) {
printf("hmac sha384 setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);
@ -423,7 +436,11 @@ static int check_hmac(void)
/* SHA-512 */
CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA512, key, 4);
HmacSetKey(&defHmac, SHA512, key, 4);
ret = HmacSetKey(&defHmac, SHA512, key, 4);
if (ret != 0) {
printf("hmac sha512 setkey default failed\n");
return -1;
}
CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE);
HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE);

25
src/internal.c
View File

@ -2947,7 +2947,7 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
#endif
static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
/* store current states, building requires get_digest which resets state */
#ifndef NO_OLD_TLS
@ -2965,9 +2965,11 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
Sha384 sha384 = ssl->hashSha384;
#endif
int ret = 0;
#ifndef NO_TLS
if (ssl->options.tls) {
BuildTlsFinished(ssl, hashes, sender);
ret = BuildTlsFinished(ssl, hashes, sender);
}
#endif
#ifndef NO_OLD_TLS
@ -2994,6 +2996,8 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
ssl->hashSha384 = sha384;
#endif
}
return ret;
}
@ -5211,10 +5215,12 @@ int ProcessReply(CYASSL* ssl)
#endif
if (ssl->options.resuming && ssl->options.side ==
CYASSL_CLIENT_END)
BuildFinished(ssl, &ssl->verifyHashes, server);
ret = BuildFinished(ssl, &ssl->verifyHashes, server);
else if (!ssl->options.resuming && ssl->options.side ==
CYASSL_SERVER_END)
BuildFinished(ssl, &ssl->verifyHashes, client);
ret = BuildFinished(ssl, &ssl->verifyHashes, client);
if (ret != 0)
return ret;
break;
case application_data:
@ -5636,8 +5642,9 @@ int SendFinished(CYASSL* ssl)
/* make finished hashes */
hashes = (Hashes*)&input[headerSz];
BuildFinished(ssl, hashes, ssl->options.side == CYASSL_CLIENT_END ? client :
server);
ret = BuildFinished(ssl, hashes,
ssl->options.side == CYASSL_CLIENT_END ? client : server);
if (ret != 0) return ret;
sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake);
@ -5656,7 +5663,8 @@ int SendFinished(CYASSL* ssl)
AddSession(ssl); /* just try */
#endif
if (ssl->options.side == CYASSL_CLIENT_END) {
BuildFinished(ssl, &ssl->verifyHashes, server);
ret = BuildFinished(ssl, &ssl->verifyHashes, server);
if (ret != 0) return ret;
}
else {
ssl->options.handShakeState = HANDSHAKE_DONE;
@ -5683,7 +5691,8 @@ int SendFinished(CYASSL* ssl)
#endif
}
else {
BuildFinished(ssl, &ssl->verifyHashes, client);
ret = BuildFinished(ssl, &ssl->verifyHashes, client);
if (ret != 0) return ret;
}
}
#ifdef CYASSL_DTLS

13
src/ssl.c
View File

@ -7304,20 +7304,24 @@ int CyaSSL_set_compression(CYASSL* ssl)
unsigned char* md, unsigned int* md_len)
{
Hmac hmac;
int ret;
CYASSL_ENTER("HMAC");
if (!md) return 0; /* no static buffer support */
if (!md) return NULL; /* no static buffer support */
if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
HmacSetKey(&hmac, MD5, (const byte*)key, key_len);
ret = HmacSetKey(&hmac, MD5, (const byte*)key, key_len);
if (md_len) *md_len = MD5_DIGEST_SIZE;
}
else if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
HmacSetKey(&hmac, SHA, (const byte*)key, key_len);
ret = HmacSetKey(&hmac, SHA, (const byte*)key, key_len);
if (md_len) *md_len = SHA_DIGEST_SIZE;
}
else
return 0;
return NULL;
if (ret != 0)
return NULL;
HmacUpdate(&hmac, d, n);
HmacFinal(&hmac, md);
@ -10778,6 +10782,7 @@ static int initGlobalRNG = 0;
if (key && keylen) {
CYASSL_MSG("keying hmac");
HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
/* OpenSSL compat, no error */
}
}

97
src/tls.c
View File

@ -52,7 +52,7 @@
#endif
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
static void p_hash(byte* result, word32 resLen, const byte* secret,
static int p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash)
{
word32 len = PHASH_MAX_DIGEST_SIZE;
@ -61,6 +61,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
word32 lastTime;
word32 i;
word32 idx = 0;
int ret;
byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */
byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */
@ -107,7 +108,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
if (lastLen) times += 1;
lastTime = times - 1;
HmacSetKey(&hmac, hash, secret, secLen);
ret = HmacSetKey(&hmac, hash, secret, secLen);
if (ret != 0)
return ret;
HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */
HmacFinal(&hmac, previous); /* A1 */
@ -128,6 +131,8 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
XMEMSET(previous, 0, sizeof previous);
XMEMSET(current, 0, sizeof current);
XMEMSET(&hmac, 0, sizeof hmac);
return 0;
}
@ -145,9 +150,11 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
/* compute TLSv1 PRF (pseudo random function using HMAC) */
static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen)
static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
const byte* label, word32 labLen, const byte* seed,
word32 seedLen)
{
int ret;
word32 half = (secLen + 1) / 2;
byte md5_half[MAX_PRF_HALF]; /* half is real size */
@ -157,11 +164,11 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
if (half > MAX_PRF_HALF)
return;
return BUFFER_E;
if (labLen + seedLen > MAX_PRF_LABSEED)
return;
return BUFFER_E;
if (digLen > MAX_PRF_DIG)
return;
return BUFFER_E;
XMEMSET(md5_result, 0, digLen);
XMEMSET(sha_result, 0, digLen);
@ -172,11 +179,17 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen);
p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen,
md5_mac);
p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen,
sha_mac);
ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
labLen + seedLen, md5_mac);
if (ret != 0)
return ret;
ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
labLen + seedLen, sha_mac);
if (ret != 0)
return ret;
get_xor(digest, digLen, md5_result, sha_result);
return 0;
}
#endif
@ -184,15 +197,17 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
use */
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
int useAtLeastSha256, int hash_type)
{
int ret = 0;
if (useAtLeastSha256) {
byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
if (labLen + seedLen > MAX_PRF_LABSEED)
return;
return BUFFER_E;
XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen);
@ -201,13 +216,17 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
* should use better. */
if (hash_type < sha256_mac)
hash_type = sha256_mac;
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
hash_type);
ret = p_hash(digest, digLen, secret, secLen, labelSeed,
labLen + seedLen, hash_type);
}
#ifndef NO_OLD_TLS
else
doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen);
else {
ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
seedLen);
}
#endif
return ret;
}
@ -218,7 +237,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#endif
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
const byte* side;
byte handshake_hash[HSHASH_SZ];
@ -249,9 +268,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
else
side = tls_server;
PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN,
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm);
return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
}
@ -295,6 +314,7 @@ static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
int DeriveTlsKeys(CYASSL* ssl)
{
int ret;
int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
2 * ssl->specs.iv_size;
@ -304,9 +324,11 @@ int DeriveTlsKeys(CYASSL* ssl)
XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN);
PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN, key_label,
KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm);
ret = PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN,
key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm);
if (ret != 0)
return ret;
return StoreKeys(ssl, key_data);
}
@ -314,15 +336,18 @@ int DeriveTlsKeys(CYASSL* ssl)
int MakeTlsMasterSecret(CYASSL* ssl)
{
int ret;
byte seed[SEED_LEN];
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
PRF(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
master_label, MASTER_LABEL_SZ,
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
ret = PRF(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
master_label, MASTER_LABEL_SZ,
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
if (ret != 0)
return ret;
#ifdef SHOW_SECRETS
{
@ -352,12 +377,11 @@ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
PRF((byte*)msk, len,
ssl->arrays->masterSecret, SECRET_LEN,
(const byte *)label, (word32)strlen(label),
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
return PRF((byte*)msk, len,
ssl->arrays->masterSecret, SECRET_LEN,
(const byte *)label, (word32)strlen(label),
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
return 0;
}
@ -502,12 +526,15 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
Hmac hmac;
int ret;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify),
ssl->specs.hash_size);
ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
if (ret != 0)
return ret;
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, in, sz); /* content */
HmacFinal(&hmac, digest);

20
tests/hash.c
View File

@ -564,6 +564,7 @@ int hmac_md5_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -592,7 +593,9 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4014;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -623,6 +626,7 @@ int hmac_sha_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -651,7 +655,9 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4015;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -682,6 +688,7 @@ int hmac_sha256_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -713,7 +720,9 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4016;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
@ -745,6 +754,7 @@ int hmac_sha384_test(void)
testVector a, b, c;
testVector test_hmac[3];
int ret;
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
@ -779,7 +789,9 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4017;
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);