]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_ssl/lib/tls_digest.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / Security / libsecurity_ssl / lib / tls_digest.c
1 /*
2 * Copyright (c) 2000-2001,2005-2007,2010-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * tls_digest.c - Hash implementations
26 */
27
28 /* THIS FILE CONTAINS KERNEL CODE */
29
30 #include "tls_digest.h"
31 #include "sslTypes.h"
32
33 #include <string.h>
34
35 #define DIGEST_PRINT 0
36 #if DIGEST_PRINT
37 #define dgprintf(s) printf s
38 #else
39 #define dgprintf(s)
40 #endif
41
42 const uint8_t SSLMACPad1[MAX_MAC_PADDING] =
43 {
44 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
45 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
46 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
47 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
48 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
49 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36
50 };
51
52 const uint8_t SSLMACPad2[MAX_MAC_PADDING] =
53 {
54 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
55 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
56 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
57 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
58 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
59 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C
60 };
61
62 /*** NULL ***/
63 static int HashNullInit(SSLBuffer *digestCtx) {
64 return 0;
65 }
66 static int HashNullUpdate(SSLBuffer *digestCtx, const SSLBuffer *data) {
67 return 0;
68 }
69 static int HashNullFinal(SSLBuffer *digestCtx, SSLBuffer *digest) {
70 return 0;
71 }
72 static int HashNullClose(SSLBuffer *digestCtx) {
73 return 0;
74 }
75 static int HashNullClone(const SSLBuffer *src, SSLBuffer *dest) {
76 return 0;
77 }
78
79 #ifdef KERNEL
80
81 // Kernel based implementation
82 #include <corecrypto/ccdigest.h>
83 #include <corecrypto/ccmd5.h>
84 #include <corecrypto/ccsha1.h>
85 #include <corecrypto/ccsha2.h>
86 #include <AssertMacros.h>
87
88 static int ccHashInit(const struct ccdigest_info *di, SSLBuffer *digestCtx)
89 {
90 ccdigest_ctx_t ctx = (ccdigest_ctx_t)(struct ccdigest_ctx *)digestCtx->data;
91 check(digestCtx->length >= ccdigest_di_size(di));
92 ccdigest_init(di, ctx);
93 return 0;
94 }
95
96 static int ccHashUpdate(const struct ccdigest_info *di, SSLBuffer *digestCtx, const SSLBuffer *data)
97 {
98 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
99 ccdigest_ctx_t ctx = (ccdigest_ctx_t)(struct ccdigest_ctx *)digestCtx->data;
100 check(digestCtx->length >= ccdigest_di_size(di));
101 ccdigest_update(di, ctx, data->length, data->data);
102 return 0;
103 }
104
105 static int ccHashFinal(const struct ccdigest_info *di, SSLBuffer *digestCtx, SSLBuffer *digest)
106 {
107 ccdigest_ctx_t ctx = (ccdigest_ctx_t)(struct ccdigest_ctx *)digestCtx->data;
108 check(digestCtx->length >= ccdigest_di_size(di));
109 check(digest->length >= di->output_size);
110 ccdigest_final(di, ctx, digest->data);
111 digest->length = di->output_size;
112 return 0;
113 }
114
115 static int ccHashClose(const struct ccdigest_info *di, SSLBuffer *digestCtx)
116 {
117 check(digestCtx->length >= ccdigest_di_size(di));
118 return 0;
119 }
120
121 static int ccHashClone(const struct ccdigest_info *di, const SSLBuffer *src, SSLBuffer *dst)
122 {
123 check(src->length >= ccdigest_di_size(di));
124 check(dst->length >= ccdigest_di_size(di));
125 memcpy(dst->data, src->data, ccdigest_di_size(di));
126 return 0;
127
128 }
129
130 #define SSL_MD5_DIGEST_LENGTH (CCMD5_OUTPUT_SIZE)
131 #define SSL_SHA1_DIGEST_LENGTH (CCSHA1_OUTPUT_SIZE)
132 #define SSL_SHA256_DIGEST_LENGTH (CCSHA256_OUTPUT_SIZE)
133 #define SSL_SHA384_DIGEST_LENGTH (CCSHA384_OUTPUT_SIZE)
134
135 #define SSL_MD5_CONTEXT_SIZE (ccdigest_ctx_size(CCMD5_STATE_SIZE, CCMD5_BLOCK_SIZE))
136 #define SSL_SHA1_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA1_STATE_SIZE, CCSHA1_BLOCK_SIZE))
137 #define SSL_SHA256_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA256_STATE_SIZE, CCSHA256_BLOCK_SIZE))
138 #define SSL_SHA384_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA512_STATE_SIZE, CCSHA512_BLOCK_SIZE))
139
140 #define SSL_SHA256_BLOCK_BYTES CCSHA256_BLOCK_SIZE
141 #define SSL_SHA384_BLOCK_BYTES CCSHA512_BLOCK_SIZE
142
143 /*** MD5 ***/
144 static int HashMD5Init(SSLBuffer *digestCtx)
145 {
146 return ccHashInit(ccmd5_di(), digestCtx);
147 }
148
149 static int HashMD5Update(SSLBuffer *digestCtx, const SSLBuffer *data)
150 {
151 return ccHashUpdate(ccmd5_di(), digestCtx, data);
152 }
153
154 static int HashMD5Final(SSLBuffer *digestCtx, SSLBuffer *digest)
155 {
156 return ccHashFinal(ccmd5_di(), digestCtx, digest);
157 }
158
159 static int HashMD5Close(SSLBuffer *digestCtx)
160 {
161 return ccHashClose(ccmd5_di(), digestCtx);
162 }
163
164 static int HashMD5Clone(const SSLBuffer *src, SSLBuffer *dst)
165 {
166 return ccHashClone(ccmd5_di(), src, dst);
167 }
168
169 /*** SHA1 ***/
170 static int HashSHA1Init(SSLBuffer *digestCtx)
171 {
172 return ccHashInit(ccsha1_di(), digestCtx);
173 }
174
175 static int HashSHA1Update(SSLBuffer *digestCtx, const SSLBuffer *data)
176 {
177 return ccHashUpdate(ccsha1_di(), digestCtx, data);
178 }
179
180 static int HashSHA1Final(SSLBuffer *digestCtx, SSLBuffer *digest)
181 {
182 return ccHashFinal(ccsha1_di(), digestCtx, digest);
183 }
184
185 static int HashSHA1Close(SSLBuffer *digestCtx)
186 {
187 return ccHashClose(ccsha1_di(), digestCtx);}
188
189 static int HashSHA1Clone(const SSLBuffer *src, SSLBuffer *dst)
190 {
191 return ccHashClone(ccsha1_di(), src, dst);
192 }
193
194 /*** SHA256 ***/
195 static int HashSHA256Init(SSLBuffer *digestCtx)
196 {
197 return ccHashInit(ccsha256_di(), digestCtx);
198 }
199
200 static int HashSHA256Update(SSLBuffer *digestCtx, const SSLBuffer *data)
201 {
202 return ccHashUpdate(ccsha256_di(), digestCtx, data);
203 }
204
205 static int HashSHA256Final(SSLBuffer *digestCtx, SSLBuffer *digest)
206 {
207 return ccHashFinal(ccsha256_di(), digestCtx, digest);
208 }
209
210 static int HashSHA256Close(SSLBuffer *digestCtx)
211 {
212 return ccHashClose(ccsha256_di(), digestCtx);
213 }
214
215 static int HashSHA256Clone(const SSLBuffer *src, SSLBuffer *dst)
216 {
217 return ccHashClone(ccsha256_di(), src, dst);
218 }
219
220 /*** SHA384 ***/
221 static int HashSHA384Init(SSLBuffer *digestCtx)
222 {
223 return ccHashInit(ccsha384_di(), digestCtx);
224 }
225
226 static int HashSHA384Update(SSLBuffer *digestCtx, const SSLBuffer *data)
227 {
228 return ccHashUpdate(ccsha384_di(), digestCtx, data);
229 }
230
231 static int HashSHA384Final(SSLBuffer *digestCtx, SSLBuffer *digest)
232 {
233 return ccHashFinal(ccsha384_di(), digestCtx, digest);
234 }
235
236 static int HashSHA384Close(SSLBuffer *digestCtx)
237 {
238 return ccHashClose(ccsha384_di(), digestCtx);
239 }
240
241 static int HashSHA384Clone(const SSLBuffer *src, SSLBuffer *dst)
242 {
243 return ccHashClone(ccsha384_di(), src, dst);
244 }
245
246 #else
247
248 // CommonCrypto based implementation
249 #include <CommonCrypto/CommonDigest.h>
250 #include <assert.h>
251
252 #define SSL_MD5_DIGEST_LENGTH CC_MD5_DIGEST_LENGTH
253 #define SSL_SHA1_DIGEST_LENGTH CC_SHA1_DIGEST_LENGTH
254 #define SSL_SHA256_DIGEST_LENGTH CC_SHA256_DIGEST_LENGTH
255 #define SSL_SHA384_DIGEST_LENGTH CC_SHA384_DIGEST_LENGTH
256
257 #define SSL_MD5_CONTEXT_SIZE (sizeof(CC_MD5_CTX))
258 #define SSL_SHA1_CONTEXT_SIZE (sizeof(CC_SHA1_CTX))
259 #define SSL_SHA256_CONTEXT_SIZE (sizeof(CC_SHA256_CTX))
260 #define SSL_SHA384_CONTEXT_SIZE (sizeof(CC_SHA512_CTX))
261
262 #define SSL_SHA256_BLOCK_BYTES CC_SHA256_BLOCK_BYTES
263 #define SSL_SHA384_BLOCK_BYTES CC_SHA512_BLOCK_BYTES
264
265 /*** MD5 ***/
266 static int HashMD5Init(SSLBuffer *digestCtx)
267 {
268 assert(digestCtx->length >= sizeof(CC_MD5_CTX));
269 CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data;
270 CC_MD5_Init(ctx);
271 dgprintf(("###HashMD5Init ctx %p\n", ctx));
272 return 0;
273 }
274
275 static int HashMD5Update(SSLBuffer *digestCtx, const SSLBuffer *data)
276 {
277 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
278 assert(digestCtx->length >= sizeof(CC_MD5_CTX));
279 CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data;
280 CC_MD5_Update(ctx, data->data, (CC_LONG)data->length);
281 return 0;
282 }
283
284 static int HashMD5Final(SSLBuffer *digestCtx, SSLBuffer *digest)
285 {
286 assert(digestCtx->length >= sizeof(CC_MD5_CTX));
287 CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data;
288 dgprintf(("###HashMD5Final ctx %p\n", ctx));
289 assert(digest->length >= CC_MD5_DIGEST_LENGTH);
290 //if (digest->length < CC_MD5_DIGEST_LENGTH)
291 // return errSSLCrypto;
292 CC_MD5_Final(digest->data, ctx);
293 digest->length = CC_MD5_DIGEST_LENGTH;
294 return 0;
295 }
296
297 static int HashMD5Close(SSLBuffer *digestCtx)
298 {
299 assert(digestCtx->length >= sizeof(CC_MD5_CTX));
300 return 0;
301 }
302
303 static int HashMD5Clone(const SSLBuffer *src, SSLBuffer *dst)
304 {
305 CC_MD5_CTX *srcCtx;
306 CC_MD5_CTX *dstCtx;
307
308 assert(src->length >= sizeof(CC_MD5_CTX));
309 assert(dst->length >= sizeof(CC_MD5_CTX));
310
311 srcCtx = (CC_MD5_CTX *)src->data;
312 dstCtx = (CC_MD5_CTX *)dst->data;
313 dgprintf(("###HashMD5Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx));
314
315 memcpy(dstCtx, srcCtx, sizeof(CC_MD5_CTX));
316 return 0;
317 }
318
319 /*** SHA1 ***/
320 static int HashSHA1Init(SSLBuffer *digestCtx)
321 {
322 assert(digestCtx->length >= sizeof(CC_SHA1_CTX));
323 CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data;
324 CC_SHA1_Init(ctx);
325 dgprintf(("###HashSHA1Init ctx %p\n", ctx));
326 return 0;
327 }
328
329 static int HashSHA1Update(SSLBuffer *digestCtx, const SSLBuffer *data)
330 {
331 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
332 assert(digestCtx->length >= sizeof(CC_SHA1_CTX));
333 CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data;
334 CC_SHA1_Update(ctx, data->data, (CC_LONG)data->length);
335 return 0;
336 }
337
338 static int HashSHA1Final(SSLBuffer *digestCtx, SSLBuffer *digest)
339 {
340 assert(digestCtx->length >= sizeof(CC_SHA1_CTX));
341 CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data;
342 dgprintf(("###HashSHA1Final ctx %p\n", ctx));
343 assert(digest->length >= CC_SHA1_DIGEST_LENGTH);
344 //if (digest->length < CC_SHA1_DIGEST_LENGTH)
345 // return errSSLCrypto;
346 CC_SHA1_Final(digest->data, ctx);
347 digest->length = CC_SHA1_DIGEST_LENGTH;
348 return 0;
349 }
350
351 static int HashSHA1Close(SSLBuffer *digestCtx)
352 {
353 assert(digestCtx->length >= sizeof(CC_SHA1_CTX));
354 return 0;
355 }
356
357 static int HashSHA1Clone(const SSLBuffer *src, SSLBuffer *dst)
358 {
359 CC_SHA1_CTX *srcCtx;
360 CC_SHA1_CTX *dstCtx;
361
362 assert(src->length >= sizeof(CC_SHA1_CTX));
363 assert(dst->length >= sizeof(CC_SHA1_CTX));
364
365 srcCtx = (CC_SHA1_CTX *)src->data;
366 dstCtx = (CC_SHA1_CTX *)dst->data;
367 dgprintf(("###HashSHA1Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx));
368
369 memcpy(dstCtx, srcCtx, sizeof(CC_SHA1_CTX));
370 return 0;
371 }
372
373 /*** SHA256 ***/
374 static int HashSHA256Init(SSLBuffer *digestCtx)
375 {
376 assert(digestCtx->length >= sizeof(CC_SHA256_CTX));
377 CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data;
378 CC_SHA256_Init(ctx);
379 dgprintf(("###HashSHA256Init ctx %p\n", ctx));
380 return 0;
381 }
382
383 static int HashSHA256Update(SSLBuffer *digestCtx, const SSLBuffer *data)
384 {
385 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
386 assert(digestCtx->length >= sizeof(CC_SHA256_CTX));
387 CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data;
388 CC_SHA256_Update(ctx, data->data, (CC_LONG)data->length);
389 return 0;
390 }
391
392 static int HashSHA256Final(SSLBuffer *digestCtx, SSLBuffer *digest)
393 {
394 assert(digestCtx->length >= sizeof(CC_SHA256_CTX));
395 CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data;
396 dgprintf(("###HashSHA256Final ctx %p\n", ctx));
397 assert(digest->length >= CC_SHA256_DIGEST_LENGTH);
398 //if (digest->length < CC_SHA256_DIGEST_LENGTH)
399 // return errSSLCrypto;
400 CC_SHA256_Final(digest->data, ctx);
401 digest->length = CC_SHA256_DIGEST_LENGTH;
402 return 0;
403 }
404
405 static int HashSHA256Close(SSLBuffer *digestCtx)
406 {
407 assert(digestCtx->length >= sizeof(CC_SHA256_CTX));
408 return 0;
409 }
410
411 static int HashSHA256Clone(const SSLBuffer *src, SSLBuffer *dst)
412 {
413 CC_SHA256_CTX *srcCtx;
414 CC_SHA256_CTX *dstCtx;
415
416 assert(src->length >= sizeof(CC_SHA256_CTX));
417 assert(dst->length >= sizeof(CC_SHA256_CTX));
418
419 srcCtx = (CC_SHA256_CTX *)src->data;
420 dstCtx = (CC_SHA256_CTX *)dst->data;
421 dgprintf(("###HashSHA256Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx));
422
423 memcpy(dstCtx, srcCtx, sizeof(CC_SHA256_CTX));
424 return 0;
425 }
426
427 /*** SHA384 ***/
428 static int HashSHA384Init(SSLBuffer *digestCtx)
429 {
430 assert(digestCtx->length >= sizeof(CC_SHA512_CTX));
431 CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data;
432 CC_SHA384_Init(ctx);
433 dgprintf(("###HashSHA384Init ctx %p\n", ctx));
434 return 0;
435 }
436
437 static int HashSHA384Update(SSLBuffer *digestCtx, const SSLBuffer *data)
438 {
439 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */
440 assert(digestCtx->length >= sizeof(CC_SHA512_CTX));
441 CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data;
442 CC_SHA384_Update(ctx, data->data, (CC_LONG)data->length);
443 return 0;
444 }
445
446 static int HashSHA384Final(SSLBuffer *digestCtx, SSLBuffer *digest)
447 {
448 assert(digestCtx->length >= sizeof(CC_SHA512_CTX));
449 CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data;
450 dgprintf(("###HashSHA384Final ctx %p\n", ctx));
451 assert(digest->length >= CC_SHA384_DIGEST_LENGTH);
452 //if (digest->length < CC_SHA384_DIGEST_LENGTH)
453 // return errSSLCrypto;
454 CC_SHA384_Final(digest->data, ctx);
455 digest->length = CC_SHA384_DIGEST_LENGTH;
456 return 0;
457 }
458
459 static int HashSHA384Close(SSLBuffer *digestCtx)
460 {
461 assert(digestCtx->length >= sizeof(CC_SHA512_CTX));
462 return 0;
463 }
464
465 static int HashSHA384Clone(const SSLBuffer *src, SSLBuffer *dst)
466 {
467 CC_SHA512_CTX *srcCtx;
468 CC_SHA512_CTX *dstCtx;
469
470 assert(src->length >= sizeof(CC_SHA512_CTX));
471 assert(dst->length >= sizeof(CC_SHA512_CTX));
472
473 srcCtx = (CC_SHA512_CTX *)src->data;
474 dstCtx = (CC_SHA512_CTX *)dst->data;
475 dgprintf(("###HashSHA384Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx));
476
477 memcpy(dstCtx, srcCtx, sizeof(CC_SHA512_CTX));
478 return 0;
479 }
480
481 #endif
482
483 /*
484 * These are the handles by which the bulk of digesting work
485 * is done.
486 */
487 const HashReference SSLHashNull =
488 {
489 0,
490 0,
491 0,
492 HashNullInit,
493 HashNullUpdate,
494 HashNullFinal,
495 HashNullClose,
496 HashNullClone
497 };
498
499 const HashReference SSLHashMD5 =
500 {
501 SSL_MD5_DIGEST_LENGTH,
502 48,
503 SSL_MD5_CONTEXT_SIZE,
504 HashMD5Init,
505 HashMD5Update,
506 HashMD5Final,
507 HashMD5Close,
508 HashMD5Clone
509 };
510
511 const HashReference SSLHashSHA1 =
512 {
513 SSL_SHA1_DIGEST_LENGTH,
514 40,
515 SSL_SHA1_CONTEXT_SIZE,
516 HashSHA1Init,
517 HashSHA1Update,
518 HashSHA1Final,
519 HashSHA1Close,
520 HashSHA1Clone
521 };
522
523 const HashReference SSLHashSHA256 =
524 {
525 SSL_SHA256_DIGEST_LENGTH,
526 SSL_SHA256_BLOCK_BYTES,
527 SSL_SHA256_CONTEXT_SIZE,
528 HashSHA256Init,
529 HashSHA256Update,
530 HashSHA256Final,
531 HashSHA256Close,
532 HashSHA256Clone
533 };
534
535 const HashReference SSLHashSHA384 =
536 {
537 SSL_SHA384_DIGEST_LENGTH,
538 SSL_SHA384_BLOCK_BYTES,
539 SSL_SHA384_CONTEXT_SIZE,
540 HashSHA384Init,
541 HashSHA384Update,
542 HashSHA384Final,
543 HashSHA384Close,
544 HashSHA384Clone
545 };
mirror of Security