tor  0.4.0.0-alpha-dev
crypto_digest.c
Go to the documentation of this file.
1 /* Copyright (c) 2001, Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2018, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
16 #include "lib/log/log.h"
17 #include "lib/log/util_bug.h"
18 
19 #include "keccak-tiny/keccak-tiny.h"
20 
21 #include <stdlib.h>
22 #include <string.h>
23 
24 #include "lib/arch/bytes.h"
25 
26 #ifdef ENABLE_NSS
27 DISABLE_GCC_WARNING(strict-prototypes)
28 #include <pk11pub.h>
29 ENABLE_GCC_WARNING(strict-prototypes)
30 #else
31 
33 
34 DISABLE_GCC_WARNING(redundant-decls)
35 
36 #include <openssl/hmac.h>
37 #include <openssl/sha.h>
38 
39 ENABLE_GCC_WARNING(redundant-decls)
40 #endif
41 
42 #ifdef ENABLE_NSS
43 
46 static SECOidTag
47 digest_alg_to_nss_oid(digest_algorithm_t alg)
48 {
49  switch (alg) {
50  case DIGEST_SHA1: return SEC_OID_SHA1;
51  case DIGEST_SHA256: return SEC_OID_SHA256;
52  case DIGEST_SHA512: return SEC_OID_SHA512;
53  case DIGEST_SHA3_256: /* Fall through */
54  case DIGEST_SHA3_512: /* Fall through */
55  default:
56  return SEC_OID_UNKNOWN;
57  }
58 }
59 
60 /* Helper: get an unkeyed digest via pk11wrap */
61 static int
62 digest_nss_internal(SECOidTag alg,
63  char *digest, unsigned len_out,
64  const char *msg, size_t msg_len)
65 {
66  if (alg == SEC_OID_UNKNOWN)
67  return -1;
68  tor_assert(msg_len <= UINT_MAX);
69 
70  int rv = -1;
71  SECStatus s;
72  PK11Context *ctx = PK11_CreateDigestContext(alg);
73  if (!ctx)
74  return -1;
75 
76  s = PK11_DigestBegin(ctx);
77  if (s != SECSuccess)
78  goto done;
79 
80  s = PK11_DigestOp(ctx, (const unsigned char *)msg, (unsigned int)msg_len);
81  if (s != SECSuccess)
82  goto done;
83 
84  unsigned int len = 0;
85  s = PK11_DigestFinal(ctx, (unsigned char *)digest, &len, len_out);
86  if (s != SECSuccess)
87  goto done;
88 
89  rv = 0;
90  done:
91  PK11_DestroyContext(ctx, PR_TRUE);
92  return rv;
93 }
94 
97 static bool
98 library_supports_digest(digest_algorithm_t alg)
99 {
100  switch (alg) {
101  case DIGEST_SHA1: /* Fall through */
102  case DIGEST_SHA256: /* Fall through */
103  case DIGEST_SHA512: /* Fall through */
104  return true;
105  case DIGEST_SHA3_256: /* Fall through */
106  case DIGEST_SHA3_512: /* Fall through */
107  default:
108  return false;
109  }
110 }
111 #endif
112 
113 /* Crypto digest functions */
114 
120 crypto_digest,(char *digest, const char *m, size_t len))
121 {
122  tor_assert(m);
123  tor_assert(digest);
124 #ifdef ENABLE_NSS
125  return digest_nss_internal(SEC_OID_SHA1, digest, DIGEST_LEN, m, len);
126 #else
127  if (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL) {
128  return -1;
129  }
130 #endif
131  return 0;
132 }
133 
137 int
138 crypto_digest256(char *digest, const char *m, size_t len,
139  digest_algorithm_t algorithm)
140 {
141  tor_assert(m);
142  tor_assert(digest);
143  tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
144 
145  int ret = 0;
146  if (algorithm == DIGEST_SHA256) {
147 #ifdef ENABLE_NSS
148  return digest_nss_internal(SEC_OID_SHA256, digest, DIGEST256_LEN, m, len);
149 #else
150  ret = (SHA256((const uint8_t*)m,len,(uint8_t*)digest) != NULL);
151 #endif
152  } else {
153  ret = (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len)
154  > -1);
155  }
156 
157  if (!ret)
158  return -1;
159  return 0;
160 }
161 
165 int
166 crypto_digest512(char *digest, const char *m, size_t len,
167  digest_algorithm_t algorithm)
168 {
169  tor_assert(m);
170  tor_assert(digest);
171  tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
172 
173  int ret = 0;
174  if (algorithm == DIGEST_SHA512) {
175 #ifdef ENABLE_NSS
176  return digest_nss_internal(SEC_OID_SHA512, digest, DIGEST512_LEN, m, len);
177 #else
178  ret = (SHA512((const unsigned char*)m,len,(unsigned char*)digest)
179  != NULL);
180 #endif
181  } else {
182  ret = (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len)
183  > -1);
184  }
185 
186  if (!ret)
187  return -1;
188  return 0;
189 }
190 
194 int
195 crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
196 {
197  tor_assert(ds_out);
198  memset(ds_out, 0, sizeof(*ds_out));
199  if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
200  return -1;
201  if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0)
202  return -1;
203 
204  return 0;
205 }
206 
208 const char *
209 crypto_digest_algorithm_get_name(digest_algorithm_t alg)
210 {
211  switch (alg) {
212  case DIGEST_SHA1:
213  return "sha1";
214  case DIGEST_SHA256:
215  return "sha256";
216  case DIGEST_SHA512:
217  return "sha512";
218  case DIGEST_SHA3_256:
219  return "sha3-256";
220  case DIGEST_SHA3_512:
221  return "sha3-512";
222  // LCOV_EXCL_START
223  default:
225  return "??unknown_digest??";
226  // LCOV_EXCL_STOP
227  }
228 }
229 
232 int
234 {
235  if (!strcmp(name, "sha1"))
236  return DIGEST_SHA1;
237  else if (!strcmp(name, "sha256"))
238  return DIGEST_SHA256;
239  else if (!strcmp(name, "sha512"))
240  return DIGEST_SHA512;
241  else if (!strcmp(name, "sha3-256"))
242  return DIGEST_SHA3_256;
243  else if (!strcmp(name, "sha3-512"))
244  return DIGEST_SHA3_512;
245  else
246  return -1;
247 }
248 
250 size_t
251 crypto_digest_algorithm_get_length(digest_algorithm_t alg)
252 {
253  switch (alg) {
254  case DIGEST_SHA1:
255  return DIGEST_LEN;
256  case DIGEST_SHA256:
257  return DIGEST256_LEN;
258  case DIGEST_SHA512:
259  return DIGEST512_LEN;
260  case DIGEST_SHA3_256:
261  return DIGEST256_LEN;
262  case DIGEST_SHA3_512:
263  return DIGEST512_LEN;
264  default:
265  tor_assert(0); // LCOV_EXCL_LINE
266  return 0; /* Unreachable */ // LCOV_EXCL_LINE
267  }
268 }
269 
272  digest_algorithm_t algorithm;
277  union {
278 #ifdef ENABLE_NSS
279  PK11Context *ctx;
280 #else
281  SHA_CTX sha1;
282  SHA256_CTX sha2;
283  SHA512_CTX sha512;
284 #endif
285  keccak_state sha3;
286  } d;
287 };
288 
289 #ifdef TOR_UNIT_TESTS
290 
291 digest_algorithm_t
292 crypto_digest_get_algorithm(crypto_digest_t *digest)
293 {
294  tor_assert(digest);
295 
296  return digest->algorithm;
297 }
298 
299 #endif /* defined(TOR_UNIT_TESTS) */
300 
306 static size_t
307 crypto_digest_alloc_bytes(digest_algorithm_t alg)
308 {
309  /* Helper: returns the number of bytes in the 'f' field of 'st' */
310 #define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f ))
311  /* Gives the length of crypto_digest_t through the end of the field 'd' */
312 #define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \
313  STRUCT_FIELD_SIZE(crypto_digest_t, f))
314  switch (alg) {
315 #ifdef ENABLE_NSS
316  case DIGEST_SHA1: /* Fall through */
317  case DIGEST_SHA256: /* Fall through */
318  case DIGEST_SHA512:
319  return END_OF_FIELD(d.ctx);
320 #else
321  case DIGEST_SHA1:
322  return END_OF_FIELD(d.sha1);
323  case DIGEST_SHA256:
324  return END_OF_FIELD(d.sha2);
325  case DIGEST_SHA512:
326  return END_OF_FIELD(d.sha512);
327 #endif
328  case DIGEST_SHA3_256:
329  case DIGEST_SHA3_512:
330  return END_OF_FIELD(d.sha3);
331  default:
332  tor_assert(0); // LCOV_EXCL_LINE
333  return 0; // LCOV_EXCL_LINE
334  }
335 #undef END_OF_FIELD
336 #undef STRUCT_FIELD_SIZE
337 }
338 
343 static crypto_digest_t *
344 crypto_digest_new_internal(digest_algorithm_t algorithm)
345 {
346  crypto_digest_t *r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
347  r->algorithm = algorithm;
348 
349  switch (algorithm)
350  {
351 #ifdef ENABLE_NSS
352  case DIGEST_SHA1: /* fall through */
353  case DIGEST_SHA256: /* fall through */
354  case DIGEST_SHA512:
355  r->d.ctx = PK11_CreateDigestContext(digest_alg_to_nss_oid(algorithm));
356  if (BUG(!r->d.ctx)) {
357  tor_free(r);
358  return NULL;
359  }
360  if (BUG(SECSuccess != PK11_DigestBegin(r->d.ctx))) {
361  crypto_digest_free(r);
362  return NULL;
363  }
364  break;
365 #else
366  case DIGEST_SHA1:
367  SHA1_Init(&r->d.sha1);
368  break;
369  case DIGEST_SHA256:
370  SHA256_Init(&r->d.sha2);
371  break;
372  case DIGEST_SHA512:
373  SHA512_Init(&r->d.sha512);
374  break;
375 #endif
376  case DIGEST_SHA3_256:
377  keccak_digest_init(&r->d.sha3, 256);
378  break;
379  case DIGEST_SHA3_512:
380  keccak_digest_init(&r->d.sha3, 512);
381  break;
382  default:
383  tor_assert_unreached();
384  }
385 
386  return r;
387 }
388 
393 {
394  return crypto_digest_new_internal(DIGEST_SHA1);
395 }
396 
404 crypto_digest256_new(digest_algorithm_t algorithm)
405 {
406  tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
407  return crypto_digest_new_internal(algorithm);
408 }
409 
413 crypto_digest512_new(digest_algorithm_t algorithm)
414 {
415  tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
416  return crypto_digest_new_internal(algorithm);
417 }
418 
421 void
423 {
424  if (!digest)
425  return;
426 #ifdef ENABLE_NSS
427  if (library_supports_digest(digest->algorithm)) {
428  PK11_DestroyContext(digest->d.ctx, PR_TRUE);
429  }
430 #endif
431  size_t bytes = crypto_digest_alloc_bytes(digest->algorithm);
432  memwipe(digest, 0, bytes);
433  tor_free(digest);
434 }
435 
441 void
442 crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
443  size_t len)
444 {
445  tor_assert(digest);
446  tor_assert(data);
447  /* Using the SHA*_*() calls directly means we don't support doing
448  * SHA in hardware. But so far the delay of getting the question
449  * to the hardware, and hearing the answer, is likely higher than
450  * just doing it ourselves. Hashes are fast.
451  */
452  switch (digest->algorithm) {
453 #ifdef ENABLE_NSS
454  case DIGEST_SHA1: /* fall through */
455  case DIGEST_SHA256: /* fall through */
456  case DIGEST_SHA512:
457  tor_assert(len <= UINT_MAX);
458  SECStatus s = PK11_DigestOp(digest->d.ctx,
459  (const unsigned char *)data,
460  (unsigned int)len);
461  tor_assert(s == SECSuccess);
462  break;
463 #else
464  case DIGEST_SHA1:
465  SHA1_Update(&digest->d.sha1, (void*)data, len);
466  break;
467  case DIGEST_SHA256:
468  SHA256_Update(&digest->d.sha2, (void*)data, len);
469  break;
470  case DIGEST_SHA512:
471  SHA512_Update(&digest->d.sha512, (void*)data, len);
472  break;
473 #endif
474  case DIGEST_SHA3_256: /* FALLSTHROUGH */
475  case DIGEST_SHA3_512:
476  keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len);
477  break;
478  default:
479  /* LCOV_EXCL_START */
481  break;
482  /* LCOV_EXCL_STOP */
483  }
484 }
485 
493 void
495  char *out, size_t out_len)
496 {
497  unsigned char r[DIGEST512_LEN];
498  tor_assert(digest);
499  tor_assert(out);
501 
502  /* The SHA-3 code handles copying into a temporary ctx, and also can handle
503  * short output buffers by truncating appropriately. */
504  if (digest->algorithm == DIGEST_SHA3_256 ||
505  digest->algorithm == DIGEST_SHA3_512) {
506  keccak_digest_sum(&digest->d.sha3, (uint8_t *)out, out_len);
507  return;
508  }
509 
510 #ifdef ENABLE_NSS
511  /* Copy into a temporary buffer since DigestFinal (alters) the context */
512  unsigned char buf[1024];
513  unsigned int saved_len = 0;
514  unsigned rlen;
515  unsigned char *saved = PK11_SaveContextAlloc(digest->d.ctx,
516  buf, sizeof(buf),
517  &saved_len);
518  tor_assert(saved);
519  SECStatus s = PK11_DigestFinal(digest->d.ctx, r, &rlen, sizeof(r));
520  tor_assert(s == SECSuccess);
521  tor_assert(rlen >= out_len);
522  s = PK11_RestoreContext(digest->d.ctx, saved, saved_len);
523  tor_assert(s == SECSuccess);
524  if (saved != buf) {
525  PORT_ZFree(saved, saved_len);
526  }
527 #else
528  const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
529  crypto_digest_t tmpenv;
530  /* memcpy into a temporary ctx, since SHA*_Final clears the context */
531  memcpy(&tmpenv, digest, alloc_bytes);
532  switch (digest->algorithm) {
533  case DIGEST_SHA1:
534  SHA1_Final(r, &tmpenv.d.sha1);
535  break;
536  case DIGEST_SHA256:
537  SHA256_Final(r, &tmpenv.d.sha2);
538  break;
539  case DIGEST_SHA512:
540  SHA512_Final(r, &tmpenv.d.sha512);
541  break;
542 //LCOV_EXCL_START
543  case DIGEST_SHA3_256: /* FALLSTHROUGH */
544  case DIGEST_SHA3_512:
545  default:
546  log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm);
547  /* This is fatal, because it should never happen. */
548  tor_assert_unreached();
549  break;
550 //LCOV_EXCL_STOP
551  }
552 #endif
553  memcpy(out, r, out_len);
554  memwipe(r, 0, sizeof(r));
555 }
556 
565 {
566  tor_assert(digest);
567  const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
568  crypto_digest_t *result = tor_memdup(digest, alloc_bytes);
569 #ifdef ENABLE_NSS
570  if (library_supports_digest(digest->algorithm)) {
571  result->d.ctx = PK11_CloneContext(digest->d.ctx);
572  }
573 #endif
574  return result;
575 }
576 
580 void
582  const crypto_digest_t *digest)
583 {
584  const size_t bytes = crypto_digest_alloc_bytes(digest->algorithm);
585  tor_assert(bytes <= sizeof(checkpoint->mem));
586 #ifdef ENABLE_NSS
587  if (library_supports_digest(digest->algorithm)) {
588  unsigned char *allocated;
589  allocated = PK11_SaveContextAlloc(digest->d.ctx,
590  (unsigned char *)checkpoint->mem,
591  sizeof(checkpoint->mem),
592  &checkpoint->bytes_used);
593  /* No allocation is allowed here. */
594  tor_assert(allocated == checkpoint->mem);
595  return;
596  }
597 #endif
598  memcpy(checkpoint->mem, digest, bytes);
599 }
600 
604 void
606  const crypto_digest_checkpoint_t *checkpoint)
607 {
608  const size_t bytes = crypto_digest_alloc_bytes(digest->algorithm);
609 #ifdef ENABLE_NSS
610  if (library_supports_digest(digest->algorithm)) {
611  SECStatus s = PK11_RestoreContext(digest->d.ctx,
612  (unsigned char *)checkpoint->mem,
613  checkpoint->bytes_used);
614  tor_assert(s == SECSuccess);
615  return;
616  }
617 #endif
618  memcpy(digest, checkpoint->mem, bytes);
619 }
620 
625 void
627  const crypto_digest_t *from)
628 {
629  tor_assert(into);
630  tor_assert(from);
631  tor_assert(into->algorithm == from->algorithm);
632  const size_t alloc_bytes = crypto_digest_alloc_bytes(from->algorithm);
633 #ifdef ENABLE_NSS
634  if (library_supports_digest(from->algorithm)) {
635  PK11_DestroyContext(into->d.ctx, PR_TRUE);
636  into->d.ctx = PK11_CloneContext(from->d.ctx);
637  return;
638  }
639 #endif
640  memcpy(into,from,alloc_bytes);
641 }
642 
648 void
649 crypto_digest_smartlist(char *digest_out, size_t len_out,
650  const smartlist_t *lst,
651  const char *append,
652  digest_algorithm_t alg)
653 {
654  crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg);
655 }
656 
663 void
664 crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
665  const char *prepend,
666  const smartlist_t *lst,
667  const char *append,
668  digest_algorithm_t alg)
669 {
671  if (prepend)
672  crypto_digest_add_bytes(d, prepend, strlen(prepend));
673  SMARTLIST_FOREACH(lst, const char *, cp,
674  crypto_digest_add_bytes(d, cp, strlen(cp)));
675  if (append)
676  crypto_digest_add_bytes(d, append, strlen(append));
677  crypto_digest_get_digest(d, digest_out, len_out);
678  crypto_digest_free(d);
679 }
680 
685 void
686 crypto_hmac_sha256(char *hmac_out,
687  const char *key, size_t key_len,
688  const char *msg, size_t msg_len)
689 {
690  /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
691  tor_assert(key_len < INT_MAX);
692  tor_assert(msg_len < INT_MAX);
693  tor_assert(hmac_out);
694 #ifdef ENABLE_NSS
695  PK11SlotInfo *slot = NULL;
696  PK11SymKey *symKey = NULL;
697  PK11Context *hmac = NULL;
698 
699  int ok = 0;
700  SECStatus s;
701  SECItem keyItem, paramItem;
702  keyItem.data = (unsigned char *)key;
703  keyItem.len = (unsigned)key_len;
704  paramItem.type = siBuffer;
705  paramItem.data = NULL;
706  paramItem.len = 0;
707 
708  slot = PK11_GetBestSlot(CKM_SHA256_HMAC, NULL);
709  if (!slot)
710  goto done;
711  symKey = PK11_ImportSymKey(slot, CKM_SHA256_HMAC,
712  PK11_OriginUnwrap, CKA_SIGN, &keyItem, NULL);
713  if (!symKey)
714  goto done;
715 
716  hmac = PK11_CreateContextBySymKey(CKM_SHA256_HMAC, CKA_SIGN, symKey,
717  &paramItem);
718  if (!hmac)
719  goto done;
720  s = PK11_DigestBegin(hmac);
721  if (s != SECSuccess)
722  goto done;
723  s = PK11_DigestOp(hmac, (const unsigned char *)msg, (unsigned int)msg_len);
724  if (s != SECSuccess)
725  goto done;
726  unsigned int len=0;
727  s = PK11_DigestFinal(hmac, (unsigned char *)hmac_out, &len, DIGEST256_LEN);
728  if (s != SECSuccess || len != DIGEST256_LEN)
729  goto done;
730  ok = 1;
731 
732  done:
733  if (hmac)
734  PK11_DestroyContext(hmac, PR_TRUE);
735  if (symKey)
736  PK11_FreeSymKey(symKey);
737  if (slot)
738  PK11_FreeSlot(slot);
739 
740  tor_assert(ok);
741 #else
742  unsigned char *rv = NULL;
743  rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
744  (unsigned char*)hmac_out, NULL);
745  tor_assert(rv);
746 #endif
747 }
748 
753 void
754 crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
755  const uint8_t *key, size_t key_len,
756  const uint8_t *msg, size_t msg_len)
757 {
758  crypto_digest_t *digest;
759 
760  const uint64_t key_len_netorder = tor_htonll(key_len);
761 
762  tor_assert(mac_out);
763  tor_assert(key);
764  tor_assert(msg);
765 
766  digest = crypto_digest256_new(DIGEST_SHA3_256);
767 
768  /* Order matters here that is any subsystem using this function should
769  * expect this very precise ordering in the MAC construction. */
770  crypto_digest_add_bytes(digest, (const char *) &key_len_netorder,
771  sizeof(key_len_netorder));
772  crypto_digest_add_bytes(digest, (const char *) key, key_len);
773  crypto_digest_add_bytes(digest, (const char *) msg, msg_len);
774  crypto_digest_get_digest(digest, (char *) mac_out, len_out);
775  crypto_digest_free(digest);
776 }
777 
778 /* xof functions */
779 
781 struct crypto_xof_t {
782  keccak_state s;
783 };
784 
790 crypto_xof_t *
792 {
793  crypto_xof_t *xof;
794  xof = tor_malloc(sizeof(crypto_xof_t));
795  keccak_xof_init(&xof->s, 256);
796  return xof;
797 }
798 
803 void
804 crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
805 {
806  int i = keccak_xof_absorb(&xof->s, data, len);
807  tor_assert(i == 0);
808 }
809 
813 void
814 crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
815 {
816  int i = keccak_xof_squeeze(&xof->s, out, len);
817  tor_assert(i == 0);
818 }
819 
821 void
823 {
824  if (!xof)
825  return;
826  memwipe(xof, 0, sizeof(crypto_xof_t));
827  tor_free(xof);
828 }
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
crypto_digest_t * crypto_digest512_new(digest_algorithm_t algorithm)
void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *prepend, const smartlist_t *lst, const char *append, digest_algorithm_t alg)
Header for smartlist.c.
void crypto_digest_smartlist(char *digest_out, size_t len_out, const smartlist_t *lst, const char *append, digest_algorithm_t alg)
#define DIGEST512_LEN
Definition: digest_sizes.h:25
digest_algorithm_t algorithm
void crypto_digest_restore(crypto_digest_t *digest, const crypto_digest_checkpoint_t *checkpoint)
void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
Headers for crypto_openssl_mgt.c.
int crypto_digest_algorithm_parse_name(const char *name)
crypto_digest_t * crypto_digest_new(void)
int crypto_digest512(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
#define tor_free(p)
Definition: malloc.h:52
#define tor_fragile_assert()
Definition: util_bug.h:221
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
static crypto_digest_t * crypto_digest_new_internal(digest_algorithm_t algorithm)
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len)
SHA512_CTX sha512
void crypto_digest_checkpoint(crypto_digest_checkpoint_t *checkpoint, const crypto_digest_t *digest)
#define DIGEST256_LEN
Definition: digest_sizes.h:23
int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
void crypto_digest_assign(crypto_digest_t *into, const crypto_digest_t *from)
Common functions for cryptographic routines.
tor_assert(buffer)
MOCK_IMPL(int, crypto_digest,(char *digest, const char *m, size_t len))
#define DIGEST_LEN
Definition: digest_sizes.h:20
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
keccak_state sha3
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:167
Headers for crypto_digest.c.
const char * crypto_digest_algorithm_get_name(digest_algorithm_t alg)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void crypto_xof_free_(crypto_xof_t *xof)
Inline functions for reading and writing multibyte values from the middle of strings, and for manipulating byte order.
void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, const uint8_t *key, size_t key_len, const uint8_t *msg, size_t msg_len)
crypto_digest_t * crypto_digest_dup(const crypto_digest_t *digest)
size_t crypto_digest_algorithm_get_length(digest_algorithm_t alg)
Headers for log.c.
Macros to manage assertions, fatal and non-fatal.
crypto_xof_t * crypto_xof_new(void)
static size_t crypto_digest_alloc_bytes(digest_algorithm_t alg)
#define LD_BUG
Definition: log.h:82
void crypto_digest_free_(crypto_digest_t *digest)
union crypto_digest_t::@3 d
SHA256_CTX sha2
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)