19 #include "keccak-tiny/keccak-tiny.h"
26 DISABLE_GCC_WARNING(
"-Wstrict-prototypes")
28 ENABLE_GCC_WARNING(
"-Wstrict-prototypes")
37 case DIGEST_SHA1:
return SEC_OID_SHA1;
38 case DIGEST_SHA256:
return SEC_OID_SHA256;
39 case DIGEST_SHA512:
return SEC_OID_SHA512;
40 case DIGEST_SHA3_256: FALLTHROUGH;
41 case DIGEST_SHA3_512: FALLTHROUGH;
43 return SEC_OID_UNKNOWN;
54 char *digest,
unsigned len_out,
55 const char *msg,
size_t msg_len)
57 if (alg == SEC_OID_UNKNOWN)
63 PK11Context *ctx = PK11_CreateDigestContext(alg);
67 s = PK11_DigestBegin(ctx);
71 s = PK11_DigestOp(ctx, (
const unsigned char *)msg, (
unsigned int)msg_len);
76 s = PK11_DigestFinal(ctx, (
unsigned char *)digest, &len, len_out);
82 PK11_DestroyContext(ctx, PR_TRUE);
92 case DIGEST_SHA1: FALLTHROUGH;
93 case DIGEST_SHA256: FALLTHROUGH;
96 case DIGEST_SHA3_256: FALLTHROUGH;
97 case DIGEST_SHA3_512: FALLTHROUGH;
126 tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
129 if (algorithm == DIGEST_SHA256) {
132 ret = (sha3_256((uint8_t *)digest,
DIGEST256_LEN,(
const uint8_t *)m, len)
150 tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
153 if (algorithm == DIGEST_SHA512) {
156 ret = (sha3_512((uint8_t*)digest,
DIGEST512_LEN, (
const uint8_t*)m, len)
178 #ifdef TOR_UNIT_TESTS
199 #define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f ))
201 #define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \
202 STRUCT_FIELD_SIZE(crypto_digest_t, f))
204 case DIGEST_SHA1: FALLTHROUGH;
205 case DIGEST_SHA256: FALLTHROUGH;
207 return END_OF_FIELD(d.ctx);
208 case DIGEST_SHA3_256:
209 case DIGEST_SHA3_512:
210 return END_OF_FIELD(d.sha3);
216 #undef STRUCT_FIELD_SIZE
231 case DIGEST_SHA1: FALLTHROUGH;
232 case DIGEST_SHA256: FALLTHROUGH;
235 if (BUG(!r->
d.ctx)) {
239 if (BUG(SECSuccess != PK11_DigestBegin(r->
d.ctx))) {
244 case DIGEST_SHA3_256:
245 keccak_digest_init(&r->
d.
sha3, 256);
247 case DIGEST_SHA3_512:
248 keccak_digest_init(&r->
d.
sha3, 512);
251 tor_assert_unreached();
274 tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
283 tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
295 PK11_DestroyContext(digest->
d.ctx, PR_TRUE);
319 case DIGEST_SHA1: FALLTHROUGH;
320 case DIGEST_SHA256: FALLTHROUGH;
323 SECStatus s = PK11_DigestOp(digest->
d.ctx,
324 (
const unsigned char *)data,
328 case DIGEST_SHA3_256: FALLTHROUGH;
329 case DIGEST_SHA3_512:
330 keccak_digest_update(&digest->
d.
sha3, (
const uint8_t *)data, len);
349 char *out,
size_t out_len)
358 if (digest->
algorithm == DIGEST_SHA3_256 ||
360 keccak_digest_sum(&digest->
d.
sha3, (uint8_t *)out, out_len);
365 unsigned char buf[1024];
366 unsigned int saved_len = 0;
368 unsigned char *saved = PK11_SaveContextAlloc(digest->
d.ctx,
372 SECStatus s = PK11_DigestFinal(digest->
d.ctx, r, &rlen,
sizeof(r));
375 s = PK11_RestoreContext(digest->
d.ctx, saved, saved_len);
379 PORT_ZFree(saved, saved_len);
381 memcpy(out, r, out_len);
399 result->
d.ctx = PK11_CloneContext(digest->
d.ctx);
415 unsigned char *allocated;
416 allocated = PK11_SaveContextAlloc(digest->
d.ctx,
417 (
unsigned char *)checkpoint->
mem,
418 sizeof(checkpoint->
mem),
419 &checkpoint->bytes_used);
424 memcpy(checkpoint->
mem, digest, bytes);
436 SECStatus s = PK11_RestoreContext(digest->
d.ctx,
437 (
unsigned char *)checkpoint->
mem,
438 checkpoint->bytes_used);
442 memcpy(digest, checkpoint->
mem, bytes);
458 PK11_DestroyContext(into->
d.ctx, PR_TRUE);
459 into->
d.ctx = PK11_CloneContext(from->
d.ctx);
462 memcpy(into,from,alloc_bytes);
509 const char *key,
size_t key_len,
510 const char *msg,
size_t msg_len)
517 PK11SlotInfo *slot = NULL;
518 PK11SymKey *symKey = NULL;
519 PK11Context *hmac = NULL;
523 SECItem keyItem, paramItem;
524 keyItem.data = (
unsigned char *)key;
525 keyItem.len = (unsigned)key_len;
526 paramItem.type = siBuffer;
527 paramItem.data = NULL;
530 slot = PK11_GetBestSlot(CKM_SHA256_HMAC, NULL);
533 symKey = PK11_ImportSymKey(slot, CKM_SHA256_HMAC,
534 PK11_OriginUnwrap, CKA_SIGN, &keyItem, NULL);
538 hmac = PK11_CreateContextBySymKey(CKM_SHA256_HMAC, CKA_SIGN, symKey,
542 s = PK11_DigestBegin(hmac);
545 s = PK11_DigestOp(hmac, (
const unsigned char *)msg, (
unsigned int)msg_len);
549 s = PK11_DigestFinal(hmac, (
unsigned char *)hmac_out, &len,
DIGEST256_LEN);
556 PK11_DestroyContext(hmac, PR_TRUE);
558 PK11_FreeSymKey(symKey);
Inline functions for reading and writing multibyte values from the middle of strings,...
size_t crypto_digest_algorithm_get_length(digest_algorithm_t alg)
Headers for crypto_digest.c.
#define crypto_digest_free(d)
static bool library_supports_digest(digest_algorithm_t alg)
void crypto_digest_checkpoint(crypto_digest_checkpoint_t *checkpoint, const crypto_digest_t *digest)
int crypto_digest512(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
static crypto_digest_t * crypto_digest_new_internal(digest_algorithm_t algorithm)
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len)
void crypto_digest_restore(crypto_digest_t *digest, const crypto_digest_checkpoint_t *checkpoint)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
void crypto_digest_assign(crypto_digest_t *into, const crypto_digest_t *from)
static SECOidTag digest_alg_to_nss_oid(digest_algorithm_t alg)
void crypto_digest_smartlist(char *digest_out, size_t len_out, const smartlist_t *lst, const char *append, digest_algorithm_t alg)
static int digest_nss_internal(SECOidTag alg, char *digest, unsigned len_out, const char *msg, size_t msg_len)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
static size_t crypto_digest_alloc_bytes(digest_algorithm_t alg)
crypto_digest_t * crypto_digest_dup(const crypto_digest_t *digest)
int crypto_digest(char *digest, const char *m, size_t len)
crypto_digest_t * crypto_digest_new(void)
void crypto_digest_free_(crypto_digest_t *digest)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *prepend, const smartlist_t *lst, const char *append, digest_algorithm_t alg)
crypto_digest_t * crypto_digest512_new(digest_algorithm_t algorithm)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
uint8_t mem[DIGEST_CHECKPOINT_BYTES]
digest_algorithm_t algorithm
union crypto_digest_t::@24 d
#define MOCK_IMPL(rv, funcname, arglist)
Macros to manage assertions, fatal and non-fatal.
#define tor_fragile_assert()