2 * Copyright (c) 2000-2001,2005-2007,2010-2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * tls_digest.c - Hash implementations
28 /* THIS FILE CONTAINS KERNEL CODE */
30 #include "tls_digest.h"
35 #define DIGEST_PRINT 0
37 #define dgprintf(s) printf s
42 const uint8_t SSLMACPad1
[MAX_MAC_PADDING
] =
44 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
45 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
46 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
47 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
48 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
49 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36
52 const uint8_t SSLMACPad2
[MAX_MAC_PADDING
] =
54 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
55 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
56 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
57 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
58 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
59 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C
63 static int HashNullInit(SSLBuffer
*digestCtx
) {
66 static int HashNullUpdate(SSLBuffer
*digestCtx
, const SSLBuffer
*data
) {
69 static int HashNullFinal(SSLBuffer
*digestCtx
, SSLBuffer
*digest
) {
72 static int HashNullClose(SSLBuffer
*digestCtx
) {
75 static int HashNullClone(const SSLBuffer
*src
, SSLBuffer
*dest
) {
81 // Kernel based implementation
82 #include <corecrypto/ccdigest.h>
83 #include <corecrypto/ccmd5.h>
84 #include <corecrypto/ccsha1.h>
85 #include <corecrypto/ccsha2.h>
86 #include <AssertMacros.h>
88 static int ccHashInit(const struct ccdigest_info
*di
, SSLBuffer
*digestCtx
)
90 ccdigest_ctx_t ctx
= (ccdigest_ctx_t
)(struct ccdigest_ctx
*)digestCtx
->data
;
91 check(digestCtx
->length
>= ccdigest_di_size(di
));
92 ccdigest_init(di
, ctx
);
96 static int ccHashUpdate(const struct ccdigest_info
*di
, SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
98 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
99 ccdigest_ctx_t ctx
= (ccdigest_ctx_t
)(struct ccdigest_ctx
*)digestCtx
->data
;
100 check(digestCtx
->length
>= ccdigest_di_size(di
));
101 ccdigest_update(di
, ctx
, data
->length
, data
->data
);
105 static int ccHashFinal(const struct ccdigest_info
*di
, SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
107 ccdigest_ctx_t ctx
= (ccdigest_ctx_t
)(struct ccdigest_ctx
*)digestCtx
->data
;
108 check(digestCtx
->length
>= ccdigest_di_size(di
));
109 check(digest
->length
>= di
->output_size
);
110 ccdigest_final(di
, ctx
, digest
->data
);
111 digest
->length
= di
->output_size
;
115 static int ccHashClose(const struct ccdigest_info
*di
, SSLBuffer
*digestCtx
)
117 check(digestCtx
->length
>= ccdigest_di_size(di
));
121 static int ccHashClone(const struct ccdigest_info
*di
, const SSLBuffer
*src
, SSLBuffer
*dst
)
123 check(src
->length
>= ccdigest_di_size(di
));
124 check(dst
->length
>= ccdigest_di_size(di
));
125 memcpy(dst
->data
, src
->data
, ccdigest_di_size(di
));
130 #define SSL_MD5_DIGEST_LENGTH (CCMD5_OUTPUT_SIZE)
131 #define SSL_SHA1_DIGEST_LENGTH (CCSHA1_OUTPUT_SIZE)
132 #define SSL_SHA256_DIGEST_LENGTH (CCSHA256_OUTPUT_SIZE)
133 #define SSL_SHA384_DIGEST_LENGTH (CCSHA384_OUTPUT_SIZE)
135 #define SSL_MD5_CONTEXT_SIZE (ccdigest_ctx_size(CCMD5_STATE_SIZE, CCMD5_BLOCK_SIZE))
136 #define SSL_SHA1_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA1_STATE_SIZE, CCSHA1_BLOCK_SIZE))
137 #define SSL_SHA256_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA256_STATE_SIZE, CCSHA256_BLOCK_SIZE))
138 #define SSL_SHA384_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA512_STATE_SIZE, CCSHA512_BLOCK_SIZE))
140 #define SSL_SHA256_BLOCK_BYTES CCSHA256_BLOCK_SIZE
141 #define SSL_SHA384_BLOCK_BYTES CCSHA512_BLOCK_SIZE
144 static int HashMD5Init(SSLBuffer
*digestCtx
)
146 return ccHashInit(ccmd5_di(), digestCtx
);
149 static int HashMD5Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
151 return ccHashUpdate(ccmd5_di(), digestCtx
, data
);
154 static int HashMD5Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
156 return ccHashFinal(ccmd5_di(), digestCtx
, digest
);
159 static int HashMD5Close(SSLBuffer
*digestCtx
)
161 return ccHashClose(ccmd5_di(), digestCtx
);
164 static int HashMD5Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
166 return ccHashClone(ccmd5_di(), src
, dst
);
170 static int HashSHA1Init(SSLBuffer
*digestCtx
)
172 return ccHashInit(ccsha1_di(), digestCtx
);
175 static int HashSHA1Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
177 return ccHashUpdate(ccsha1_di(), digestCtx
, data
);
180 static int HashSHA1Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
182 return ccHashFinal(ccsha1_di(), digestCtx
, digest
);
185 static int HashSHA1Close(SSLBuffer
*digestCtx
)
187 return ccHashClose(ccsha1_di(), digestCtx
);}
189 static int HashSHA1Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
191 return ccHashClone(ccsha1_di(), src
, dst
);
195 static int HashSHA256Init(SSLBuffer
*digestCtx
)
197 return ccHashInit(ccsha256_di(), digestCtx
);
200 static int HashSHA256Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
202 return ccHashUpdate(ccsha256_di(), digestCtx
, data
);
205 static int HashSHA256Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
207 return ccHashFinal(ccsha256_di(), digestCtx
, digest
);
210 static int HashSHA256Close(SSLBuffer
*digestCtx
)
212 return ccHashClose(ccsha256_di(), digestCtx
);
215 static int HashSHA256Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
217 return ccHashClone(ccsha256_di(), src
, dst
);
221 static int HashSHA384Init(SSLBuffer
*digestCtx
)
223 return ccHashInit(ccsha384_di(), digestCtx
);
226 static int HashSHA384Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
228 return ccHashUpdate(ccsha384_di(), digestCtx
, data
);
231 static int HashSHA384Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
233 return ccHashFinal(ccsha384_di(), digestCtx
, digest
);
236 static int HashSHA384Close(SSLBuffer
*digestCtx
)
238 return ccHashClose(ccsha384_di(), digestCtx
);
241 static int HashSHA384Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
243 return ccHashClone(ccsha384_di(), src
, dst
);
248 // CommonCrypto based implementation
249 #include <CommonCrypto/CommonDigest.h>
252 #define SSL_MD5_DIGEST_LENGTH CC_MD5_DIGEST_LENGTH
253 #define SSL_SHA1_DIGEST_LENGTH CC_SHA1_DIGEST_LENGTH
254 #define SSL_SHA256_DIGEST_LENGTH CC_SHA256_DIGEST_LENGTH
255 #define SSL_SHA384_DIGEST_LENGTH CC_SHA384_DIGEST_LENGTH
257 #define SSL_MD5_CONTEXT_SIZE (sizeof(CC_MD5_CTX))
258 #define SSL_SHA1_CONTEXT_SIZE (sizeof(CC_SHA1_CTX))
259 #define SSL_SHA256_CONTEXT_SIZE (sizeof(CC_SHA256_CTX))
260 #define SSL_SHA384_CONTEXT_SIZE (sizeof(CC_SHA512_CTX))
262 #define SSL_SHA256_BLOCK_BYTES CC_SHA256_BLOCK_BYTES
263 #define SSL_SHA384_BLOCK_BYTES CC_SHA512_BLOCK_BYTES
266 static int HashMD5Init(SSLBuffer
*digestCtx
)
268 assert(digestCtx
->length
>= sizeof(CC_MD5_CTX
));
269 CC_MD5_CTX
*ctx
= (CC_MD5_CTX
*)digestCtx
->data
;
271 dgprintf(("###HashMD5Init ctx %p\n", ctx
));
275 static int HashMD5Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
277 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
278 assert(digestCtx
->length
>= sizeof(CC_MD5_CTX
));
279 CC_MD5_CTX
*ctx
= (CC_MD5_CTX
*)digestCtx
->data
;
280 CC_MD5_Update(ctx
, data
->data
, (CC_LONG
)data
->length
);
284 static int HashMD5Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
286 assert(digestCtx
->length
>= sizeof(CC_MD5_CTX
));
287 CC_MD5_CTX
*ctx
= (CC_MD5_CTX
*)digestCtx
->data
;
288 dgprintf(("###HashMD5Final ctx %p\n", ctx
));
289 assert(digest
->length
>= CC_MD5_DIGEST_LENGTH
);
290 //if (digest->length < CC_MD5_DIGEST_LENGTH)
291 // return errSSLCrypto;
292 CC_MD5_Final(digest
->data
, ctx
);
293 digest
->length
= CC_MD5_DIGEST_LENGTH
;
297 static int HashMD5Close(SSLBuffer
*digestCtx
)
299 assert(digestCtx
->length
>= sizeof(CC_MD5_CTX
));
303 static int HashMD5Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
308 assert(src
->length
>= sizeof(CC_MD5_CTX
));
309 assert(dst
->length
>= sizeof(CC_MD5_CTX
));
311 srcCtx
= (CC_MD5_CTX
*)src
->data
;
312 dstCtx
= (CC_MD5_CTX
*)dst
->data
;
313 dgprintf(("###HashMD5Clone srcCtx %p dstCtx %p\n", srcCtx
, dstCtx
));
315 memcpy(dstCtx
, srcCtx
, sizeof(CC_MD5_CTX
));
320 static int HashSHA1Init(SSLBuffer
*digestCtx
)
322 assert(digestCtx
->length
>= sizeof(CC_SHA1_CTX
));
323 CC_SHA1_CTX
*ctx
= (CC_SHA1_CTX
*)digestCtx
->data
;
325 dgprintf(("###HashSHA1Init ctx %p\n", ctx
));
329 static int HashSHA1Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
331 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
332 assert(digestCtx
->length
>= sizeof(CC_SHA1_CTX
));
333 CC_SHA1_CTX
*ctx
= (CC_SHA1_CTX
*)digestCtx
->data
;
334 CC_SHA1_Update(ctx
, data
->data
, (CC_LONG
)data
->length
);
338 static int HashSHA1Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
340 assert(digestCtx
->length
>= sizeof(CC_SHA1_CTX
));
341 CC_SHA1_CTX
*ctx
= (CC_SHA1_CTX
*)digestCtx
->data
;
342 dgprintf(("###HashSHA1Final ctx %p\n", ctx
));
343 assert(digest
->length
>= CC_SHA1_DIGEST_LENGTH
);
344 //if (digest->length < CC_SHA1_DIGEST_LENGTH)
345 // return errSSLCrypto;
346 CC_SHA1_Final(digest
->data
, ctx
);
347 digest
->length
= CC_SHA1_DIGEST_LENGTH
;
351 static int HashSHA1Close(SSLBuffer
*digestCtx
)
353 assert(digestCtx
->length
>= sizeof(CC_SHA1_CTX
));
357 static int HashSHA1Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
362 assert(src
->length
>= sizeof(CC_SHA1_CTX
));
363 assert(dst
->length
>= sizeof(CC_SHA1_CTX
));
365 srcCtx
= (CC_SHA1_CTX
*)src
->data
;
366 dstCtx
= (CC_SHA1_CTX
*)dst
->data
;
367 dgprintf(("###HashSHA1Clone srcCtx %p dstCtx %p\n", srcCtx
, dstCtx
));
369 memcpy(dstCtx
, srcCtx
, sizeof(CC_SHA1_CTX
));
374 static int HashSHA256Init(SSLBuffer
*digestCtx
)
376 assert(digestCtx
->length
>= sizeof(CC_SHA256_CTX
));
377 CC_SHA256_CTX
*ctx
= (CC_SHA256_CTX
*)digestCtx
->data
;
379 dgprintf(("###HashSHA256Init ctx %p\n", ctx
));
383 static int HashSHA256Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
385 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
386 assert(digestCtx
->length
>= sizeof(CC_SHA256_CTX
));
387 CC_SHA256_CTX
*ctx
= (CC_SHA256_CTX
*)digestCtx
->data
;
388 CC_SHA256_Update(ctx
, data
->data
, (CC_LONG
)data
->length
);
392 static int HashSHA256Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
394 assert(digestCtx
->length
>= sizeof(CC_SHA256_CTX
));
395 CC_SHA256_CTX
*ctx
= (CC_SHA256_CTX
*)digestCtx
->data
;
396 dgprintf(("###HashSHA256Final ctx %p\n", ctx
));
397 assert(digest
->length
>= CC_SHA256_DIGEST_LENGTH
);
398 //if (digest->length < CC_SHA256_DIGEST_LENGTH)
399 // return errSSLCrypto;
400 CC_SHA256_Final(digest
->data
, ctx
);
401 digest
->length
= CC_SHA256_DIGEST_LENGTH
;
405 static int HashSHA256Close(SSLBuffer
*digestCtx
)
407 assert(digestCtx
->length
>= sizeof(CC_SHA256_CTX
));
411 static int HashSHA256Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
413 CC_SHA256_CTX
*srcCtx
;
414 CC_SHA256_CTX
*dstCtx
;
416 assert(src
->length
>= sizeof(CC_SHA256_CTX
));
417 assert(dst
->length
>= sizeof(CC_SHA256_CTX
));
419 srcCtx
= (CC_SHA256_CTX
*)src
->data
;
420 dstCtx
= (CC_SHA256_CTX
*)dst
->data
;
421 dgprintf(("###HashSHA256Clone srcCtx %p dstCtx %p\n", srcCtx
, dstCtx
));
423 memcpy(dstCtx
, srcCtx
, sizeof(CC_SHA256_CTX
));
428 static int HashSHA384Init(SSLBuffer
*digestCtx
)
430 assert(digestCtx
->length
>= sizeof(CC_SHA512_CTX
));
431 CC_SHA512_CTX
*ctx
= (CC_SHA512_CTX
*)digestCtx
->data
;
433 dgprintf(("###HashSHA384Init ctx %p\n", ctx
));
437 static int HashSHA384Update(SSLBuffer
*digestCtx
, const SSLBuffer
*data
)
439 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
440 assert(digestCtx
->length
>= sizeof(CC_SHA512_CTX
));
441 CC_SHA512_CTX
*ctx
= (CC_SHA512_CTX
*)digestCtx
->data
;
442 CC_SHA384_Update(ctx
, data
->data
, (CC_LONG
)data
->length
);
446 static int HashSHA384Final(SSLBuffer
*digestCtx
, SSLBuffer
*digest
)
448 assert(digestCtx
->length
>= sizeof(CC_SHA512_CTX
));
449 CC_SHA512_CTX
*ctx
= (CC_SHA512_CTX
*)digestCtx
->data
;
450 dgprintf(("###HashSHA384Final ctx %p\n", ctx
));
451 assert(digest
->length
>= CC_SHA384_DIGEST_LENGTH
);
452 //if (digest->length < CC_SHA384_DIGEST_LENGTH)
453 // return errSSLCrypto;
454 CC_SHA384_Final(digest
->data
, ctx
);
455 digest
->length
= CC_SHA384_DIGEST_LENGTH
;
459 static int HashSHA384Close(SSLBuffer
*digestCtx
)
461 assert(digestCtx
->length
>= sizeof(CC_SHA512_CTX
));
465 static int HashSHA384Clone(const SSLBuffer
*src
, SSLBuffer
*dst
)
467 CC_SHA512_CTX
*srcCtx
;
468 CC_SHA512_CTX
*dstCtx
;
470 assert(src
->length
>= sizeof(CC_SHA512_CTX
));
471 assert(dst
->length
>= sizeof(CC_SHA512_CTX
));
473 srcCtx
= (CC_SHA512_CTX
*)src
->data
;
474 dstCtx
= (CC_SHA512_CTX
*)dst
->data
;
475 dgprintf(("###HashSHA384Clone srcCtx %p dstCtx %p\n", srcCtx
, dstCtx
));
477 memcpy(dstCtx
, srcCtx
, sizeof(CC_SHA512_CTX
));
484 * These are the handles by which the bulk of digesting work
487 const HashReference SSLHashNull
=
499 const HashReference SSLHashMD5
=
501 SSL_MD5_DIGEST_LENGTH
,
503 SSL_MD5_CONTEXT_SIZE
,
511 const HashReference SSLHashSHA1
=
513 SSL_SHA1_DIGEST_LENGTH
,
515 SSL_SHA1_CONTEXT_SIZE
,
523 const HashReference SSLHashSHA256
=
525 SSL_SHA256_DIGEST_LENGTH
,
526 SSL_SHA256_BLOCK_BYTES
,
527 SSL_SHA256_CONTEXT_SIZE
,
535 const HashReference SSLHashSHA384
=
537 SSL_SHA384_DIGEST_LENGTH
,
538 SSL_SHA384_BLOCK_BYTES
,
539 SSL_SHA384_CONTEXT_SIZE
,