tor  0.4.1.1-alpha-dev
crypto_digest.c
Go to the documentation of this file.
1 /* Copyright (c) 2001, Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
16 #include "lib/log/log.h"
17 #include "lib/log/util_bug.h"
18 
19 #include "keccak-tiny/keccak-tiny.h"
20 
21 #include <stdlib.h>
22 #include <string.h>
23 
24 #include "lib/arch/bytes.h"
25 
29 int
30 crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
31 {
32  tor_assert(ds_out);
33  memset(ds_out, 0, sizeof(*ds_out));
34  if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
35  return -1;
36  if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0)
37  return -1;
38 
39  return 0;
40 }
41 
43 const char *
44 crypto_digest_algorithm_get_name(digest_algorithm_t alg)
45 {
46  switch (alg) {
47  case DIGEST_SHA1:
48  return "sha1";
49  case DIGEST_SHA256:
50  return "sha256";
51  case DIGEST_SHA512:
52  return "sha512";
53  case DIGEST_SHA3_256:
54  return "sha3-256";
55  case DIGEST_SHA3_512:
56  return "sha3-512";
57  // LCOV_EXCL_START
58  default:
60  return "??unknown_digest??";
61  // LCOV_EXCL_STOP
62  }
63 }
64 
67 int
69 {
70  if (!strcmp(name, "sha1"))
71  return DIGEST_SHA1;
72  else if (!strcmp(name, "sha256"))
73  return DIGEST_SHA256;
74  else if (!strcmp(name, "sha512"))
75  return DIGEST_SHA512;
76  else if (!strcmp(name, "sha3-256"))
77  return DIGEST_SHA3_256;
78  else if (!strcmp(name, "sha3-512"))
79  return DIGEST_SHA3_512;
80  else
81  return -1;
82 }
83 
85 size_t
86 crypto_digest_algorithm_get_length(digest_algorithm_t alg)
87 {
88  switch (alg) {
89  case DIGEST_SHA1:
90  return DIGEST_LEN;
91  case DIGEST_SHA256:
92  return DIGEST256_LEN;
93  case DIGEST_SHA512:
94  return DIGEST512_LEN;
95  case DIGEST_SHA3_256:
96  return DIGEST256_LEN;
97  case DIGEST_SHA3_512:
98  return DIGEST512_LEN;
99  default:
100  tor_assert(0); // LCOV_EXCL_LINE
101  return 0; /* Unreachable */ // LCOV_EXCL_LINE
102  }
103 }
104 
109 void
110 crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
111  const uint8_t *key, size_t key_len,
112  const uint8_t *msg, size_t msg_len)
113 {
114  crypto_digest_t *digest;
115 
116  const uint64_t key_len_netorder = tor_htonll(key_len);
117 
118  tor_assert(mac_out);
119  tor_assert(key);
120  tor_assert(msg);
121 
122  digest = crypto_digest256_new(DIGEST_SHA3_256);
123 
124  /* Order matters here that is any subsystem using this function should
125  * expect this very precise ordering in the MAC construction. */
126  crypto_digest_add_bytes(digest, (const char *) &key_len_netorder,
127  sizeof(key_len_netorder));
128  crypto_digest_add_bytes(digest, (const char *) key, key_len);
129  crypto_digest_add_bytes(digest, (const char *) msg, msg_len);
130  crypto_digest_get_digest(digest, (char *) mac_out, len_out);
131  crypto_digest_free(digest);
132 }
133 
134 /* xof functions */
135 
137 struct crypto_xof_t {
138 #ifdef OPENSSL_HAS_SHAKE3_EVP
139  /* XXXX We can't enable this yet, because OpenSSL's
140  * DigestFinalXOF function can't be called repeatedly on the same
141  * XOF.
142  *
143  * We could in theory use the undocumented SHA3_absorb and SHA3_squeeze
144  * functions, but let's not mess with undocumented OpenSSL internals any
145  * more than we have to.
146  *
147  * We could also revise our XOF code so that it only allows a single
148  * squeeze operation; we don't require streaming squeeze operations
149  * outside the tests yet.
150  */
151  EVP_MD_CTX *ctx;
152 #else
153  keccak_state s;
154 #endif
155 };
156 
162 crypto_xof_t *
164 {
165  crypto_xof_t *xof;
166  xof = tor_malloc(sizeof(crypto_xof_t));
167 #ifdef OPENSSL_HAS_SHAKE256
168  xof->ctx = EVP_MD_CTX_new();
169  tor_assert(xof->ctx);
170  int r = EVP_DigestInit(xof->ctx, EVP_shake256());
171  tor_assert(r == 1);
172 #else
173  keccak_xof_init(&xof->s, 256);
174 #endif
175  return xof;
176 }
177 
182 void
183 crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
184 {
185 #ifdef OPENSSL_HAS_SHAKE256
186  int r = EVP_DigestUpdate(xof->ctx, data, len);
187  tor_assert(r == 1);
188 #else
189  int i = keccak_xof_absorb(&xof->s, data, len);
190  tor_assert(i == 0);
191 #endif
192 }
193 
197 void
198 crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
199 {
200 #ifdef OPENSSL_HAS_SHAKE256
201  int r = EVP_DigestFinalXOF(xof->ctx, out, len);
202  tor_assert(r == 1);
203 #else
204  int i = keccak_xof_squeeze(&xof->s, out, len);
205  tor_assert(i == 0);
206 #endif
207 }
208 
210 void
212 {
213  if (!xof)
214  return;
215 #ifdef OPENSSL_HAS_SHAKE256
216  if (xof->ctx)
217  EVP_MD_CTX_free(xof->ctx);
218 #endif
219  memwipe(xof, 0, sizeof(crypto_xof_t));
220  tor_free(xof);
221 }
222 
225 void
226 crypto_xof(uint8_t *output, size_t output_len,
227  const uint8_t *input, size_t input_len)
228 {
229 #ifdef OPENSSL_HAS_SHA3
230  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
231  tor_assert(ctx);
232  int r = EVP_DigestInit(ctx, EVP_shake256());
233  tor_assert(r == 1);
234  r = EVP_DigestUpdate(ctx, input, input_len);
235  tor_assert(r == 1);
236  r = EVP_DigestFinalXOF(ctx, output, output_len);
237  tor_assert(r == 1);
238  EVP_MD_CTX_free(ctx);
239 #else
240  crypto_xof_t *xof = crypto_xof_new();
241  crypto_xof_add_bytes(xof, input, input_len);
242  crypto_xof_squeeze_bytes(xof, output, output_len);
243  crypto_xof_free(xof);
244 #endif
245 }
Header for smartlist.c.
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
#define DIGEST512_LEN
Definition: digest_sizes.h:25
void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
int crypto_digest_algorithm_parse_name(const char *name)
Definition: crypto_digest.c:68
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
#define tor_free(p)
Definition: malloc.h:52
#define tor_fragile_assert()
Definition: util_bug.h:241
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
#define DIGEST256_LEN
Definition: digest_sizes.h:23
int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
Definition: crypto_digest.c:30
Common functions for cryptographic routines.
tor_assert(buffer)
#define DIGEST_LEN
Definition: digest_sizes.h:20
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:167
Headers for crypto_digest.c.
void crypto_xof(uint8_t *output, size_t output_len, const uint8_t *input, size_t input_len)
const char * crypto_digest_algorithm_get_name(digest_algorithm_t alg)
Definition: crypto_digest.c:44
void crypto_xof_free_(crypto_xof_t *xof)
Inline functions for reading and writing multibyte values from the middle of strings,...
void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, const uint8_t *key, size_t key_len, const uint8_t *msg, size_t msg_len)
size_t crypto_digest_algorithm_get_length(digest_algorithm_t alg)
Definition: crypto_digest.c:86
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
Headers for log.c.
Macros to manage assertions, fatal and non-fatal.
crypto_xof_t * crypto_xof_new(void)