Xuyi Wang
/
wolfcrypt
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
evp.c
00001 /* evp.c 00002 * 00003 * Copyright (C) 2006-2017 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 #if !defined(WOLFSSL_EVP_INCLUDED) 00023 #ifndef WOLFSSL_IGNORE_FILE_WARN 00024 #warning evp.c does not need to be compiled seperatly from ssl.c 00025 #endif 00026 #else 00027 00028 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); 00029 00030 00031 /* Getter function for cipher key length 00032 * 00033 * c WOLFSSL_EVP_CIPHER structure to get key length from 00034 * 00035 * NOTE: OpenSSL_add_all_ciphers() should be called first before using this 00036 * function 00037 * 00038 * Returns size of key in bytes 00039 */ 00040 int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) 00041 { 00042 WOLFSSL_ENTER("wolfSSL_EVP_Cipher_key_length"); 00043 00044 if (c == NULL) { 00045 return 0; 00046 } 00047 00048 switch (cipherType(c)) { 00049 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 00050 case AES_128_CBC_TYPE: return 16; 00051 case AES_192_CBC_TYPE: return 24; 00052 case AES_256_CBC_TYPE: return 32; 00053 #endif 00054 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) 00055 case AES_128_CTR_TYPE: return 16; 00056 case AES_192_CTR_TYPE: return 24; 00057 case AES_256_CTR_TYPE: return 32; 00058 #endif 00059 #if !defined(NO_AES) && defined(HAVE_AES_ECB) 00060 case AES_128_ECB_TYPE: return 16; 00061 case AES_192_ECB_TYPE: return 24; 00062 case AES_256_ECB_TYPE: return 32; 00063 #endif 00064 #ifndef NO_DES3 00065 case DES_CBC_TYPE: return 8; 00066 case DES_EDE3_CBC_TYPE: return 24; 00067 case DES_ECB_TYPE: return 8; 00068 case DES_EDE3_ECB_TYPE: return 24; 00069 #endif 00070 default: 00071 return 0; 00072 } 00073 } 00074 00075 00076 WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, 00077 const WOLFSSL_EVP_CIPHER* type, 00078 const unsigned char* key, 00079 const unsigned char* iv) 00080 { 00081 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1); 00082 } 00083 00084 WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, 00085 const WOLFSSL_EVP_CIPHER* type, 00086 WOLFSSL_ENGINE *impl, 00087 const unsigned char* key, 00088 const unsigned char* iv) 00089 { 00090 (void) impl; 00091 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1); 00092 } 00093 00094 WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, 00095 const WOLFSSL_EVP_CIPHER* type, 00096 const unsigned char* key, 00097 const unsigned char* iv) 00098 { 00099 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); 00100 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0); 00101 } 00102 00103 WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, 00104 const WOLFSSL_EVP_CIPHER* type, 00105 WOLFSSL_ENGINE *impl, 00106 const unsigned char* key, 00107 const unsigned char* iv) 00108 { 00109 (void) impl; 00110 WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit"); 00111 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0); 00112 } 00113 00114 00115 WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void) 00116 { 00117 WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx, 00118 NULL, DYNAMIC_TYPE_TMP_BUFFER); 00119 if (ctx) { 00120 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new"); 00121 wolfSSL_EVP_CIPHER_CTX_init(ctx); 00122 } 00123 return ctx; 00124 } 00125 00126 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) 00127 { 00128 if (ctx) { 00129 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_free"); 00130 wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); 00131 XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); 00132 } 00133 } 00134 00135 WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx) 00136 { 00137 if (ctx == NULL) return 0; 00138 return ctx->flags & WOLFSSL_EVP_CIPH_MODE; 00139 } 00140 00141 WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, 00142 unsigned char *out, int *outl) 00143 { 00144 if (ctx && ctx->enc) { 00145 WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal"); 00146 return wolfSSL_EVP_CipherFinal(ctx, out, outl); 00147 } 00148 else 00149 return WOLFSSL_FAILURE; 00150 } 00151 00152 00153 WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, 00154 const WOLFSSL_EVP_CIPHER* type, 00155 WOLFSSL_ENGINE *impl, 00156 const unsigned char* key, 00157 const unsigned char* iv, 00158 int enc) 00159 { 00160 (void)impl; 00161 return wolfSSL_EVP_CipherInit(ctx, type, key, iv, enc); 00162 } 00163 00164 WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, 00165 unsigned char *out, int *outl) 00166 { 00167 if (ctx && ctx->enc) { 00168 WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex"); 00169 return wolfSSL_EVP_CipherFinal(ctx, out, outl); 00170 } 00171 else 00172 return WOLFSSL_FAILURE; 00173 } 00174 00175 WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, 00176 unsigned char *out, int *outl) 00177 { 00178 if (ctx && ctx->enc) 00179 return WOLFSSL_FAILURE; 00180 else { 00181 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal"); 00182 return wolfSSL_EVP_CipherFinal(ctx, out, outl); 00183 } 00184 } 00185 00186 WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, 00187 unsigned char *out, int *outl) 00188 { 00189 if (ctx && ctx->enc) 00190 return WOLFSSL_FAILURE; 00191 else { 00192 WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal_ex"); 00193 return wolfSSL_EVP_CipherFinal(ctx, out, outl); 00194 } 00195 } 00196 00197 00198 WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, 00199 const WOLFSSL_EVP_MD* type, 00200 WOLFSSL_ENGINE *impl) 00201 { 00202 (void) impl; 00203 WOLFSSL_ENTER("wolfSSL_EVP_DigestInit_ex"); 00204 return wolfSSL_EVP_DigestInit(ctx, type); 00205 } 00206 00207 #ifdef DEBUG_WOLFSSL_EVP 00208 #define PRINT_BUF(b, sz) { int _i; for(_i=0; _i<(sz); _i++) { \ 00209 printf("%02x(%c),", (b)[_i], (b)[_i]); if ((_i+1)%8==0)printf("\n");}} 00210 #else 00211 #define PRINT_BUF(b, sz) 00212 #endif 00213 00214 static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz) 00215 { 00216 int fill; 00217 00218 if (sz > 0) { 00219 if ((sz+ctx->bufUsed) > ctx->block_size) { 00220 fill = ctx->block_size - ctx->bufUsed; 00221 } else { 00222 fill = sz; 00223 } 00224 XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill); 00225 ctx->bufUsed += fill; 00226 return fill; 00227 } else return 0; 00228 } 00229 00230 static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, 00231 unsigned char *out, 00232 const unsigned char *in, int inl) 00233 { 00234 int ret = 0; 00235 00236 switch (ctx->cipherType) { 00237 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 00238 case AES_128_CBC_TYPE: 00239 case AES_192_CBC_TYPE: 00240 case AES_256_CBC_TYPE: 00241 if (ctx->enc) 00242 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); 00243 else 00244 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl); 00245 break; 00246 #endif 00247 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) 00248 case AES_128_CTR_TYPE: 00249 case AES_192_CTR_TYPE: 00250 case AES_256_CTR_TYPE: 00251 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); 00252 break; 00253 #endif 00254 #if !defined(NO_AES) && defined(HAVE_AES_ECB) 00255 case AES_128_ECB_TYPE: 00256 case AES_192_ECB_TYPE: 00257 case AES_256_ECB_TYPE: 00258 if (ctx->enc) 00259 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); 00260 else 00261 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl); 00262 break; 00263 #endif 00264 #ifndef NO_DES3 00265 case DES_CBC_TYPE: 00266 if (ctx->enc) 00267 ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); 00268 else 00269 ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); 00270 break; 00271 case DES_EDE3_CBC_TYPE: 00272 if (ctx->enc) 00273 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); 00274 else 00275 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); 00276 break; 00277 #if defined(WOLFSSL_DES_ECB) 00278 case DES_ECB_TYPE: 00279 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); 00280 break; 00281 case DES_EDE3_ECB_TYPE: 00282 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); 00283 break; 00284 #endif 00285 #endif 00286 #ifndef NO_RC4 00287 case ARC4_TYPE: 00288 wc_Arc4Process(&ctx->cipher.arc4, out, in, inl); 00289 break; 00290 #endif 00291 default: 00292 return WOLFSSL_FAILURE; 00293 } 00294 00295 if (ret != 0) 00296 return WOLFSSL_FAILURE; /* failure */ 00297 00298 (void)in; 00299 (void)inl; 00300 (void)out; 00301 00302 return WOLFSSL_SUCCESS; /* success */ 00303 } 00304 00305 WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, 00306 unsigned char *out, int *outl, 00307 const unsigned char *in, int inl) 00308 { 00309 int blocks; 00310 int fill; 00311 00312 if ((ctx == NULL) || (inl < 0) || 00313 (outl == NULL)|| (out == NULL) || (in == NULL)) return BAD_FUNC_ARG; 00314 WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); 00315 00316 *outl = 0; 00317 if (inl == 0) return WOLFSSL_SUCCESS; 00318 00319 if (ctx->bufUsed > 0) { /* concatinate them if there is anything */ 00320 fill = fillBuff(ctx, in, inl); 00321 inl -= fill; 00322 in += fill; 00323 } 00324 if ((ctx->enc == 0)&& (ctx->lastUsed == 1)) { 00325 PRINT_BUF(ctx->lastBlock, ctx->block_size); 00326 XMEMCPY(out, ctx->lastBlock, ctx->block_size); 00327 *outl+= ctx->block_size; 00328 out += ctx->block_size; 00329 } 00330 if (ctx->bufUsed == ctx->block_size) { 00331 /* the buff is full, flash out */ 00332 PRINT_BUF(ctx->buf, ctx->block_size); 00333 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) 00334 return WOLFSSL_FAILURE; 00335 PRINT_BUF(out, ctx->block_size); 00336 if (ctx->enc == 0) { 00337 ctx->lastUsed = 1; 00338 XMEMCPY(ctx->lastBlock, out, ctx->block_size); 00339 } else { 00340 *outl+= ctx->block_size; 00341 out += ctx->block_size; 00342 } 00343 ctx->bufUsed = 0; 00344 } 00345 00346 blocks = inl / ctx->block_size; 00347 if (blocks > 0) { 00348 /* process blocks */ 00349 if (evpCipherBlock(ctx, out, in, blocks * ctx->block_size) == 0) 00350 return WOLFSSL_FAILURE; 00351 PRINT_BUF(in, ctx->block_size*blocks); 00352 PRINT_BUF(out,ctx->block_size*blocks); 00353 inl -= ctx->block_size * blocks; 00354 in += ctx->block_size * blocks; 00355 if (ctx->enc == 0) { 00356 if ((ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) || 00357 (ctx->block_size == 1)) { 00358 ctx->lastUsed = 0; 00359 XMEMCPY(ctx->lastBlock, &out[ctx->block_size * blocks], ctx->block_size); 00360 *outl+= ctx->block_size * blocks; 00361 } else { 00362 ctx->lastUsed = 1; 00363 XMEMCPY(ctx->lastBlock, &out[ctx->block_size * (blocks-1)], ctx->block_size); 00364 *outl+= ctx->block_size * (blocks-1); 00365 } 00366 } else { 00367 *outl+= ctx->block_size * blocks; 00368 } 00369 } 00370 if (inl > 0) { 00371 /* put fraction into buff */ 00372 fillBuff(ctx, in, inl); 00373 /* no increase of outl */ 00374 } 00375 00376 (void)out; /* silence warning in case not read */ 00377 00378 return WOLFSSL_SUCCESS; 00379 } 00380 00381 static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx) 00382 { 00383 int i; 00384 for (i = ctx->bufUsed; i < ctx->block_size; i++) 00385 ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed); 00386 } 00387 00388 static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff) 00389 { 00390 int i; 00391 int n; 00392 n = buff[ctx->block_size-1]; 00393 if (n > ctx->block_size) return -1; 00394 for (i = 0; i < n; i++) { 00395 if (buff[ctx->block_size-i-1] != n) 00396 return -1; 00397 } 00398 return ctx->block_size - n; 00399 } 00400 00401 WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, 00402 unsigned char *out, int *outl) 00403 { 00404 int fl; 00405 if (ctx == NULL || out == NULL) return BAD_FUNC_ARG; 00406 WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal"); 00407 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { 00408 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE; 00409 *outl = 0; 00410 return WOLFSSL_SUCCESS; 00411 } 00412 if (ctx->enc) { 00413 if (ctx->block_size == 1) { 00414 *outl = 0; 00415 return WOLFSSL_SUCCESS; 00416 } 00417 if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) { 00418 padBlock(ctx); 00419 PRINT_BUF(ctx->buf, ctx->block_size); 00420 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) 00421 return WOLFSSL_FAILURE; 00422 00423 PRINT_BUF(out, ctx->block_size); 00424 *outl = ctx->block_size; 00425 } 00426 } else { 00427 if (ctx->block_size == 1) { 00428 *outl = 0; 00429 return WOLFSSL_SUCCESS; 00430 } 00431 if (ctx->lastUsed) { 00432 PRINT_BUF(ctx->lastBlock, ctx->block_size); 00433 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { 00434 XMEMCPY(out, ctx->lastBlock, fl); 00435 *outl = fl; 00436 } else return 0; 00437 } 00438 } 00439 return WOLFSSL_SUCCESS; 00440 } 00441 00442 WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) 00443 { 00444 if (ctx == NULL) return BAD_FUNC_ARG; 00445 switch (ctx->cipherType) { 00446 #if !defined(NO_AES) || !defined(NO_DES3) 00447 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 00448 case AES_128_CBC_TYPE: 00449 case AES_192_CBC_TYPE: 00450 case AES_256_CBC_TYPE: 00451 #endif 00452 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) 00453 case AES_128_CTR_TYPE: 00454 case AES_192_CTR_TYPE: 00455 case AES_256_CTR_TYPE: 00456 #endif 00457 #if !defined(NO_AES) 00458 case AES_128_ECB_TYPE: 00459 case AES_192_ECB_TYPE: 00460 case AES_256_ECB_TYPE: 00461 #endif 00462 #ifndef NO_DES3 00463 case DES_CBC_TYPE: 00464 case DES_ECB_TYPE: 00465 case DES_EDE3_CBC_TYPE: 00466 case DES_EDE3_ECB_TYPE: 00467 #endif 00468 return ctx->block_size; 00469 #endif /* !NO_AES || !NO_DES3 */ 00470 default: 00471 return 0; 00472 } 00473 } 00474 00475 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) 00476 { 00477 if (cipher == NULL) return 0; /* dummy for #ifdef */ 00478 #ifndef NO_DES3 00479 else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) 00480 return DES_CBC_TYPE; 00481 else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) 00482 return DES_EDE3_CBC_TYPE; 00483 #if !defined(NO_DES3) 00484 else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) 00485 return DES_ECB_TYPE; 00486 else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) 00487 return DES_EDE3_ECB_TYPE; 00488 #endif /* NO_DES3 && HAVE_AES_ECB */ 00489 #endif 00490 00491 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 00492 #ifdef WOLFSSL_AES_128 00493 else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) 00494 return AES_128_CBC_TYPE; 00495 #endif 00496 #ifdef WOLFSSL_AES_192 00497 else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) 00498 return AES_192_CBC_TYPE; 00499 #endif 00500 #ifdef WOLFSSL_AES_256 00501 else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) 00502 return AES_256_CBC_TYPE; 00503 #endif 00504 #endif /* !NO_AES && HAVE_AES_CBC */ 00505 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) 00506 #ifdef WOLFSSL_AES_128 00507 else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) 00508 return AES_128_CTR_TYPE; 00509 #endif 00510 #ifdef WOLFSSL_AES_192 00511 else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) 00512 return AES_192_CTR_TYPE; 00513 #endif 00514 #ifdef WOLFSSL_AES_256 00515 else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) 00516 return AES_256_CTR_TYPE; 00517 #endif 00518 #endif /* !NO_AES && HAVE_AES_CBC */ 00519 #if !defined(NO_AES) && defined(HAVE_AES_ECB) 00520 #ifdef WOLFSSL_AES_128 00521 else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) 00522 return AES_128_ECB_TYPE; 00523 #endif 00524 #ifdef WOLFSSL_AES_192 00525 else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) 00526 return AES_192_ECB_TYPE; 00527 #endif 00528 #ifdef WOLFSSL_AES_256 00529 else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) 00530 return AES_256_ECB_TYPE; 00531 #endif 00532 #endif /* !NO_AES && HAVE_AES_CBC */ 00533 else return 0; 00534 } 00535 00536 WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) 00537 { 00538 if (cipher == NULL) return BAD_FUNC_ARG; 00539 switch (cipherType(cipher)) { 00540 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 00541 case AES_128_CBC_TYPE: 00542 case AES_192_CBC_TYPE: 00543 case AES_256_CBC_TYPE: 00544 return AES_BLOCK_SIZE; 00545 #endif 00546 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) 00547 case AES_128_CTR_TYPE: 00548 case AES_192_CTR_TYPE: 00549 case AES_256_CTR_TYPE: 00550 return AES_BLOCK_SIZE; 00551 #endif 00552 #if !defined(NO_AES) && defined(HAVE_AES_ECB) 00553 case AES_128_ECB_TYPE: 00554 case AES_192_ECB_TYPE: 00555 case AES_256_ECB_TYPE: 00556 return AES_BLOCK_SIZE; 00557 #endif 00558 #ifndef NO_DES3 00559 case DES_CBC_TYPE: return 8; 00560 case DES_EDE3_CBC_TYPE: return 8; 00561 case DES_ECB_TYPE: return 8; 00562 case DES_EDE3_ECB_TYPE: return 8; 00563 #endif 00564 default: 00565 return 0; 00566 } 00567 } 00568 00569 unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) 00570 { 00571 switch (cipherType(cipher)) { 00572 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 00573 case AES_128_CBC_TYPE: 00574 case AES_192_CBC_TYPE: 00575 case AES_256_CBC_TYPE: 00576 return WOLFSSL_EVP_CIPH_CBC_MODE; 00577 #endif 00578 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) 00579 case AES_128_CTR_TYPE: 00580 case AES_192_CTR_TYPE: 00581 case AES_256_CTR_TYPE: 00582 return WOLFSSL_EVP_CIPH_CTR_MODE; 00583 #endif 00584 #if !defined(NO_AES) 00585 case AES_128_ECB_TYPE: 00586 case AES_192_ECB_TYPE: 00587 case AES_256_ECB_TYPE: 00588 return WOLFSSL_EVP_CIPH_ECB_MODE; 00589 #endif 00590 #ifndef NO_DES3 00591 case DES_CBC_TYPE: 00592 case DES_EDE3_CBC_TYPE: 00593 return WOLFSSL_EVP_CIPH_CBC_MODE; 00594 case DES_ECB_TYPE: 00595 case DES_EDE3_ECB_TYPE: 00596 return WOLFSSL_EVP_CIPH_ECB_MODE; 00597 #endif 00598 #ifndef NO_RC4 00599 case ARC4_TYPE: 00600 return EVP_CIPH_STREAM_CIPHER; 00601 #endif 00602 default: 00603 return 0; 00604 } 00605 } 00606 00607 WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) 00608 { 00609 if (cipher == NULL) return 0; 00610 return WOLFSSL_CIPHER_mode(cipher); 00611 } 00612 00613 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) 00614 { 00615 if (ctx != NULL) { 00616 ctx->flags = flags; 00617 } 00618 } 00619 00620 WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) 00621 { 00622 if (cipher == NULL) return 0; 00623 return WOLFSSL_CIPHER_mode(cipher); 00624 } 00625 00626 WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) 00627 { 00628 if (ctx == NULL) return BAD_FUNC_ARG; 00629 if (padding) { 00630 ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; 00631 } 00632 else { 00633 ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; 00634 } 00635 return 1; 00636 } 00637 00638 WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) 00639 { 00640 (void)digest; 00641 /* nothing to do */ 00642 return 0; 00643 } 00644 00645 00646 /* Frees the WOLFSSL_EVP_PKEY_CTX passed in. 00647 * 00648 * return WOLFSSL_SUCCESS on success 00649 */ 00650 WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx) 00651 { 00652 if (ctx == NULL) return 0; 00653 WOLFSSL_ENTER("EVP_PKEY_CTX_free"); 00654 XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 00655 return WOLFSSL_SUCCESS; 00656 } 00657 00658 00659 /* Creates a new WOLFSSL_EVP_PKEY_CTX structure. 00660 * 00661 * pkey key structure to use with new WOLFSSL_EVP_PEKY_CTX 00662 * e engine to use. It should be NULL at this time. 00663 * 00664 * return the new structure on success and NULL if failed. 00665 */ 00666 WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e) 00667 { 00668 WOLFSSL_EVP_PKEY_CTX* ctx; 00669 00670 if (pkey == NULL) return 0; 00671 if (e != NULL) return 0; 00672 WOLFSSL_ENTER("EVP_PKEY_CTX_new"); 00673 00674 ctx = (WOLFSSL_EVP_PKEY_CTX*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY_CTX), NULL, 00675 DYNAMIC_TYPE_PUBLIC_KEY); 00676 if (ctx == NULL) return NULL; 00677 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX)); 00678 ctx->pkey = pkey; 00679 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 00680 ctx->padding = RSA_PKCS1_PADDING; 00681 #endif 00682 00683 return ctx; 00684 } 00685 00686 00687 /* Sets the type of RSA padding to use. 00688 * 00689 * ctx structure to set padding in. 00690 * padding RSA padding type 00691 * 00692 * returns WOLFSSL_SUCCESS on success. 00693 */ 00694 WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding) 00695 { 00696 if (ctx == NULL) return 0; 00697 WOLFSSL_ENTER("EVP_PKEY_CTX_set_rsa_padding"); 00698 ctx->padding = padding; 00699 return WOLFSSL_SUCCESS; 00700 } 00701 00702 00703 /* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer. 00704 * 00705 * ctx structure to decrypt with 00706 * out buffer to hold the results 00707 * outlen initially holds size of out buffer and gets set to decrypt result size 00708 * in buffer decrypt 00709 * inlen length of in buffer 00710 * 00711 * returns WOLFSSL_SUCCESS on success. 00712 */ 00713 WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, 00714 unsigned char *out, size_t *outlen, 00715 const unsigned char *in, size_t inlen) 00716 { 00717 int len; 00718 00719 if (ctx == NULL) return 0; 00720 WOLFSSL_ENTER("EVP_PKEY_decrypt"); 00721 00722 (void)out; 00723 (void)outlen; 00724 (void)in; 00725 (void)inlen; 00726 (void)len; 00727 00728 switch (ctx->pkey->type) { 00729 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 00730 case EVP_PKEY_RSA: 00731 len = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out, 00732 ctx->pkey->rsa, ctx->padding); 00733 if (len < 0) break; 00734 else { 00735 *outlen = len; 00736 return WOLFSSL_SUCCESS; 00737 } 00738 #endif /* NO_RSA */ 00739 00740 case EVP_PKEY_EC: 00741 WOLFSSL_MSG("not implemented"); 00742 FALL_THROUGH; 00743 default: 00744 break; 00745 } 00746 return WOLFSSL_FAILURE; 00747 } 00748 00749 00750 /* Initialize a WOLFSSL_EVP_PKEY_CTX structure for decryption 00751 * 00752 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with decryption 00753 * 00754 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success 00755 */ 00756 WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) 00757 { 00758 if (ctx == NULL) return WOLFSSL_FAILURE; 00759 WOLFSSL_ENTER("EVP_PKEY_decrypt_init"); 00760 switch (ctx->pkey->type) { 00761 case EVP_PKEY_RSA: 00762 ctx->op = EVP_PKEY_OP_DECRYPT; 00763 return WOLFSSL_SUCCESS; 00764 case EVP_PKEY_EC: 00765 WOLFSSL_MSG("not implemented"); 00766 FALL_THROUGH; 00767 default: 00768 break; 00769 } 00770 return WOLFSSL_FAILURE; 00771 } 00772 00773 00774 /* Use a WOLFSSL_EVP_PKEY_CTX structure to encrypt data 00775 * 00776 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption 00777 * out buffer to hold encrypted data 00778 * outlen length of out buffer 00779 * in data to be encrypted 00780 * inlen length of in buffer 00781 * 00782 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success 00783 */ 00784 WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, 00785 unsigned char *out, size_t *outlen, 00786 const unsigned char *in, size_t inlen) 00787 { 00788 int len; 00789 if (ctx == NULL) return WOLFSSL_FAILURE; 00790 WOLFSSL_ENTER("EVP_PKEY_encrypt"); 00791 if (ctx->op != EVP_PKEY_OP_ENCRYPT) return WOLFSSL_FAILURE; 00792 00793 (void)out; 00794 (void)outlen; 00795 (void)in; 00796 (void)inlen; 00797 (void)len; 00798 switch (ctx->pkey->type) { 00799 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 00800 case EVP_PKEY_RSA: 00801 len = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char *)in, out, 00802 ctx->pkey->rsa, ctx->padding); 00803 if (len < 0) 00804 break; 00805 else { 00806 *outlen = len; 00807 return WOLFSSL_SUCCESS; 00808 } 00809 #endif /* NO_RSA */ 00810 00811 case EVP_PKEY_EC: 00812 WOLFSSL_MSG("not implemented"); 00813 FALL_THROUGH; 00814 default: 00815 break; 00816 } 00817 return WOLFSSL_FAILURE; 00818 } 00819 00820 00821 /* Initialize a WOLFSSL_EVP_PKEY_CTX structure to encrypt data 00822 * 00823 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption 00824 * 00825 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success 00826 */ 00827 WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) 00828 { 00829 if (ctx == NULL) return WOLFSSL_FAILURE; 00830 WOLFSSL_ENTER("EVP_PKEY_encrypt_init"); 00831 00832 switch (ctx->pkey->type) { 00833 case EVP_PKEY_RSA: 00834 ctx->op = EVP_PKEY_OP_ENCRYPT; 00835 return WOLFSSL_SUCCESS; 00836 case EVP_PKEY_EC: 00837 WOLFSSL_MSG("not implemented"); 00838 FALL_THROUGH; 00839 default: 00840 break; 00841 } 00842 return WOLFSSL_FAILURE; 00843 } 00844 00845 00846 /* Get the size in bits for WOLFSSL_EVP_PKEY key 00847 * 00848 * pkey WOLFSSL_EVP_PKEY structure to get key size of 00849 * 00850 * returns the size in bits of key on success 00851 */ 00852 WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey) 00853 { 00854 int bytes; 00855 00856 if (pkey == NULL) return 0; 00857 WOLFSSL_ENTER("EVP_PKEY_bits"); 00858 if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0; 00859 return bytes*8; 00860 } 00861 00862 00863 /* Get the size in bytes for WOLFSSL_EVP_PKEY key 00864 * 00865 * pkey WOLFSSL_EVP_PKEY structure to get key size of 00866 * 00867 * returns the size of a key on success which is the maximum size of a 00868 * signature 00869 */ 00870 WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) 00871 { 00872 if (pkey == NULL) return 0; 00873 WOLFSSL_ENTER("EVP_PKEY_size"); 00874 00875 switch (pkey->type) { 00876 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 00877 case EVP_PKEY_RSA: 00878 return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); 00879 #endif /* NO_RSA */ 00880 00881 #ifdef HAVE_ECC 00882 case EVP_PKEY_EC: 00883 if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { 00884 WOLFSSL_MSG("No ECC key has been set"); 00885 break; 00886 } 00887 return wc_ecc_size((ecc_key*)(pkey->ecc->internal)); 00888 #endif /* HAVE_ECC */ 00889 00890 default: 00891 break; 00892 } 00893 return 0; 00894 } 00895 00896 00897 /* Initialize structure for signing 00898 * 00899 * ctx WOLFSSL_EVP_MD_CTX structure to initialize 00900 * type is the type of message digest to use 00901 * 00902 * returns WOLFSSL_SUCCESS on success 00903 */ 00904 WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type) 00905 { 00906 if (ctx == NULL) return WOLFSSL_FAILURE; 00907 WOLFSSL_ENTER("EVP_SignInit"); 00908 return wolfSSL_EVP_DigestInit(ctx,type); 00909 } 00910 00911 00912 /* Update structure with data for signing 00913 * 00914 * ctx WOLFSSL_EVP_MD_CTX structure to update 00915 * data buffer holding data to update with for sign 00916 * len length of data buffer 00917 * 00918 * returns WOLFSSL_SUCCESS on success 00919 */ 00920 WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len) 00921 { 00922 if (ctx == NULL) return 0; 00923 WOLFSSL_ENTER("EVP_SignUpdate("); 00924 return wolfSSL_EVP_DigestUpdate(ctx, data, len); 00925 } 00926 00927 /* macro gaurd because currently only used with RSA */ 00928 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 00929 /* Helper function for getting the NID value from md 00930 * 00931 * returns the NID value associated with md on success */ 00932 static int md2nid(int md) 00933 { 00934 const char * d; 00935 d = (const char *)wolfSSL_EVP_get_md((const unsigned char)md); 00936 if (XSTRNCMP(d, "SHA", 3) == 0) { 00937 if (XSTRLEN(d) > 3) { 00938 if (XSTRNCMP(d, "SHA256", 6) == 0) { 00939 return NID_sha256; 00940 } 00941 if (XSTRNCMP(d, "SHA384", 6) == 0) { 00942 return NID_sha384; 00943 } 00944 if (XSTRNCMP(d, "SHA512", 6) == 0) { 00945 return NID_sha512; 00946 } 00947 WOLFSSL_MSG("Unknown SHA type"); 00948 return 0; 00949 } 00950 else { 00951 return NID_sha1; 00952 } 00953 } 00954 if (XSTRNCMP(d, "MD5", 3) == 0) 00955 return NID_md5; 00956 return 0; 00957 } 00958 #endif /* NO_RSA */ 00959 00960 /* Finalize structure for signing 00961 * 00962 * ctx WOLFSSL_EVP_MD_CTX structure to finalize 00963 * sigret buffer to hold resulting signature 00964 * siglen length of sigret buffer 00965 * pkey key to sign with 00966 * 00967 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure 00968 */ 00969 WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, 00970 unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey) 00971 { 00972 unsigned int mdsize; 00973 unsigned char md[WC_MAX_DIGEST_SIZE]; 00974 int ret; 00975 if (ctx == NULL) return WOLFSSL_FAILURE; 00976 WOLFSSL_ENTER("EVP_SignFinal"); 00977 00978 ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); 00979 if (ret <= 0) return ret; 00980 00981 (void)sigret; 00982 (void)siglen; 00983 00984 switch (pkey->type) { 00985 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 00986 case EVP_PKEY_RSA: { 00987 int nid = md2nid(ctx->macType); 00988 if (nid < 0) break; 00989 return wolfSSL_RSA_sign(nid, md, mdsize, sigret, 00990 siglen, pkey->rsa); 00991 } 00992 #endif /* NO_RSA */ 00993 00994 case EVP_PKEY_DSA: 00995 case EVP_PKEY_EC: 00996 WOLFSSL_MSG("not implemented"); 00997 FALL_THROUGH; 00998 default: 00999 break; 01000 } 01001 return WOLFSSL_FAILURE; 01002 } 01003 01004 01005 /* Initialize structure for verifying signature 01006 * 01007 * ctx WOLFSSL_EVP_MD_CTX structure to initialize 01008 * type is the type of message digest to use 01009 * 01010 * returns WOLFSSL_SUCCESS on success 01011 */ 01012 WOLFSSL_API int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type) 01013 { 01014 if (ctx == NULL) return WOLFSSL_FAILURE; 01015 WOLFSSL_ENTER("EVP_VerifyInit"); 01016 return wolfSSL_EVP_DigestInit(ctx,type); 01017 } 01018 01019 01020 /* Update structure for verifying signature 01021 * 01022 * ctx WOLFSSL_EVP_MD_CTX structure to update 01023 * data buffer holding data to update with for verify 01024 * len length of data buffer 01025 * 01026 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure 01027 */ 01028 WOLFSSL_API int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len) 01029 { 01030 if (ctx == NULL) return WOLFSSL_FAILURE; 01031 WOLFSSL_ENTER("EVP_VerifyUpdate"); 01032 return wolfSSL_EVP_DigestUpdate(ctx, data, len); 01033 } 01034 01035 01036 /* Finalize structure for verifying signature 01037 * 01038 * ctx WOLFSSL_EVP_MD_CTX structure to finalize 01039 * sig buffer holding signature 01040 * siglen length of sig buffer 01041 * pkey key to verify with 01042 * 01043 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure 01044 */ 01045 WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, 01046 unsigned char*sig, unsigned int siglen, WOLFSSL_EVP_PKEY *pkey) 01047 { 01048 int ret; 01049 unsigned char md[WC_MAX_DIGEST_SIZE]; 01050 unsigned int mdsize; 01051 01052 if (ctx == NULL) return WOLFSSL_FAILURE; 01053 WOLFSSL_ENTER("EVP_VerifyFinal"); 01054 ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); 01055 if (ret <= 0) return ret; 01056 01057 (void)sig; 01058 (void)siglen; 01059 01060 switch (pkey->type) { 01061 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 01062 case EVP_PKEY_RSA: { 01063 int nid = md2nid(ctx->macType); 01064 if (nid < 0) break; 01065 return wolfSSL_RSA_verify(nid, md, mdsize, sig, 01066 (unsigned int)siglen, pkey->rsa); 01067 } 01068 #endif /* NO_RSA */ 01069 01070 case EVP_PKEY_DSA: 01071 case EVP_PKEY_EC: 01072 WOLFSSL_MSG("not implemented"); 01073 FALL_THROUGH; 01074 default: 01075 break; 01076 } 01077 return WOLFSSL_FAILURE; 01078 } 01079 01080 WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher) 01081 { 01082 (void)cipher; 01083 /* nothing to do */ 01084 return 0; 01085 } 01086 01087 01088 WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, 01089 const unsigned char* key, int keylen) 01090 { 01091 WOLFSSL_EVP_PKEY* pkey; 01092 01093 (void)e; 01094 01095 if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0)) 01096 return NULL; 01097 01098 pkey = wolfSSL_PKEY_new(); 01099 if (pkey != NULL) { 01100 pkey->pkey.ptr = (char*)XMALLOC(keylen, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 01101 if (pkey->pkey.ptr == NULL && keylen > 0) { 01102 wolfSSL_EVP_PKEY_free(pkey); 01103 pkey = NULL; 01104 } 01105 else { 01106 XMEMCPY(pkey->pkey.ptr, key, keylen); 01107 pkey->pkey_sz = keylen; 01108 pkey->type = pkey->save_type = type; 01109 } 01110 } 01111 01112 return pkey; 01113 } 01114 01115 01116 const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey, 01117 size_t* len) 01118 { 01119 if (pkey == NULL || len == NULL) 01120 return NULL; 01121 01122 *len = (size_t)pkey->pkey_sz; 01123 01124 return (const unsigned char*)pkey->pkey.ptr; 01125 } 01126 01127 01128 int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, 01129 WOLFSSL_EVP_PKEY_CTX **pctx, 01130 const WOLFSSL_EVP_MD *type, 01131 WOLFSSL_ENGINE *e, 01132 WOLFSSL_EVP_PKEY *pkey) 01133 { 01134 int hashType; 01135 const unsigned char* key; 01136 size_t keySz; 01137 01138 /* Unused parameters */ 01139 (void)pctx; 01140 (void)e; 01141 01142 WOLFSSL_ENTER("EVP_DigestSignInit"); 01143 01144 if (ctx == NULL || type == NULL || pkey == NULL) 01145 return BAD_FUNC_ARG; 01146 01147 #ifdef WOLFSSL_ASYNC_CRYPT 01148 /* compile-time validation of ASYNC_CTX_SIZE */ 01149 typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? 01150 1 : -1]; 01151 (void)sizeof(async_test); 01152 #endif 01153 01154 if (XSTRNCMP(type, "SHA256", 6) == 0) { 01155 hashType = WC_SHA256; 01156 } 01157 #ifdef WOLFSSL_SHA224 01158 else if (XSTRNCMP(type, "SHA224", 6) == 0) { 01159 hashType = WC_SHA224; 01160 } 01161 #endif 01162 #ifdef WOLFSSL_SHA384 01163 else if (XSTRNCMP(type, "SHA384", 6) == 0) { 01164 hashType = WC_SHA384; 01165 } 01166 #endif 01167 #ifdef WOLFSSL_SHA512 01168 else if (XSTRNCMP(type, "SHA512", 6) == 0) { 01169 hashType = WC_SHA512; 01170 } 01171 #endif 01172 #ifndef NO_MD5 01173 else if (XSTRNCMP(type, "MD5", 3) == 0) { 01174 hashType = WC_MD5; 01175 } 01176 #endif 01177 #ifndef NO_SHA 01178 /* has to be last since would pick or 224, 256, 384, or 512 too */ 01179 else if (XSTRNCMP(type, "SHA", 3) == 0) { 01180 hashType = WC_SHA; 01181 } 01182 #endif /* NO_SHA */ 01183 else 01184 return BAD_FUNC_ARG; 01185 01186 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); 01187 01188 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0) 01189 return WOLFSSL_FAILURE; 01190 01191 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) 01192 return WOLFSSL_FAILURE; 01193 01194 ctx->macType = NID_hmac & 0xFF; 01195 01196 return WOLFSSL_SUCCESS; 01197 } 01198 01199 01200 int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, 01201 const void *d, unsigned int cnt) 01202 { 01203 WOLFSSL_ENTER("EVP_DigestSignFinal"); 01204 01205 if (ctx->macType != (NID_hmac & 0xFF)) 01206 return WOLFSSL_FAILURE; 01207 01208 if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0) 01209 return WOLFSSL_FAILURE; 01210 01211 return WOLFSSL_SUCCESS; 01212 } 01213 01214 01215 int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, 01216 unsigned char *sig, size_t *siglen) 01217 { 01218 unsigned char digest[WC_MAX_DIGEST_SIZE]; 01219 Hmac hmacCopy; 01220 int hashLen, ret; 01221 01222 WOLFSSL_ENTER("EVP_DigestSignFinal"); 01223 01224 if (ctx == NULL || siglen == NULL) 01225 return WOLFSSL_FAILURE; 01226 01227 if (ctx->macType != (NID_hmac & 0xFF)) 01228 return WOLFSSL_FAILURE; 01229 01230 switch (ctx->hash.hmac.macType) { 01231 #ifndef NO_MD5 01232 case WC_MD5: 01233 hashLen = WC_MD5_DIGEST_SIZE; 01234 break; 01235 #endif /* !NO_MD5 */ 01236 01237 #ifndef NO_SHA 01238 case WC_SHA: 01239 hashLen = WC_SHA_DIGEST_SIZE; 01240 break; 01241 #endif /* !NO_SHA */ 01242 01243 #ifdef WOLFSSL_SHA224 01244 case WC_SHA224: 01245 hashLen = WC_SHA224_DIGEST_SIZE; 01246 break; 01247 #endif /* WOLFSSL_SHA224 */ 01248 01249 #ifndef NO_SHA256 01250 case WC_SHA256: 01251 hashLen = WC_SHA256_DIGEST_SIZE; 01252 break; 01253 #endif /* !NO_SHA256 */ 01254 01255 #ifdef WOLFSSL_SHA512 01256 #ifdef WOLFSSL_SHA384 01257 case WC_SHA384: 01258 hashLen = WC_SHA384_DIGEST_SIZE; 01259 break; 01260 #endif /* WOLFSSL_SHA384 */ 01261 case WC_SHA512: 01262 hashLen = WC_SHA512_DIGEST_SIZE; 01263 break; 01264 #endif /* WOLFSSL_SHA512 */ 01265 01266 #ifdef HAVE_BLAKE2 01267 case BLAKE2B_ID: 01268 hashLen = BLAKE2B_OUTBYTES; 01269 break; 01270 #endif /* HAVE_BLAKE2 */ 01271 01272 default: 01273 return 0; 01274 } 01275 01276 if (sig == NULL) { 01277 *siglen = hashLen; 01278 return WOLFSSL_SUCCESS; 01279 } 01280 01281 if ((int)(*siglen) > hashLen) 01282 *siglen = hashLen; 01283 01284 XMEMCPY(&hmacCopy, &ctx->hash.hmac, sizeof(hmacCopy)); 01285 ret = wc_HmacFinal(&hmacCopy, digest) == 0; 01286 if (ret == 1) 01287 XMEMCPY(sig, digest, *siglen); 01288 01289 ForceZero(&hmacCopy, sizeof(hmacCopy)); 01290 ForceZero(digest, sizeof(digest)); 01291 return ret; 01292 } 01293 #endif /* WOLFSSL_EVP_INCLUDED */ 01294 01295 #if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) && !defined(NO_SHA) 01296 WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 01297 const unsigned char *salt, 01298 int saltlen, int iter, 01299 int keylen, unsigned char *out) 01300 { 01301 const char *nostring = ""; 01302 int ret = 0; 01303 01304 if (pass == NULL) { 01305 passlen = 0; 01306 pass = nostring; 01307 } else if (passlen == -1) { 01308 passlen = (int)XSTRLEN(pass); 01309 } 01310 01311 ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, 01312 iter, keylen, WC_SHA); 01313 if (ret == 0) 01314 return WOLFSSL_SUCCESS; 01315 else 01316 return WOLFSSL_FAILURE; 01317 } 01318 #endif /* OPENSSL_EXTRA && !NO_PWDBASED !NO_SHA*/ 01319
Generated on Tue Jul 12 2022 16:58:06 by
1.7.2