From 007d3cb800fd0e4b01be8a76f0cce2c795cfc89b Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Sun, 9 Oct 2022 15:14:41 +0100 Subject: [crypto] Simplify internal HMAC API Simplify the internal HMAC API so that the key is provided only at the point of calling hmac_init(), and the (potentially reduced) key is stored as part of the context for later use by hmac_final(). This simplifies the calling code, and avoids the need for callers such as TLS to allocate a potentially variable length block in order to retain a copy of the unmodified key. Signed-off-by: Michael Brown --- src/crypto/hmac.c | 96 ++++++++++++++++------------------------------- src/crypto/hmac_drbg.c | 16 +++----- src/crypto/ntlm.c | 19 ++++------ src/crypto/sha1extra.c | 16 ++++---- src/include/ipxe/hmac.h | 40 +++++++++++++++----- src/include/ipxe/md4.h | 3 ++ src/include/ipxe/md5.h | 3 ++ src/include/ipxe/sha1.h | 3 ++ src/include/ipxe/sha256.h | 3 ++ src/include/ipxe/sha512.h | 3 ++ src/net/80211/wpa_ccmp.c | 11 +++--- src/net/80211/wpa_tkip.c | 9 ++--- src/net/pccrc.c | 9 ++--- src/net/tls.c | 51 +++++++++++-------------- src/tests/hmac_test.c | 14 +++---- src/tests/pccrc_test.c | 9 ++--- 16 files changed, 142 insertions(+), 163 deletions(-) diff --git a/src/crypto/hmac.c b/src/crypto/hmac.c index f898619..7109bbf 100644 --- a/src/crypto/hmac.c +++ b/src/crypto/hmac.c @@ -47,93 +47,61 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include /** - * Reduce HMAC key length - * - * @v digest Digest algorithm to use - * @v digest_ctx Digest context - * @v key Key - * @v key_len Length of key - */ -static void hmac_reduce_key ( struct digest_algorithm *digest, - void *key, size_t *key_len ) { - uint8_t digest_ctx[digest->ctxsize]; - - digest_init ( digest, digest_ctx ); - digest_update ( digest, digest_ctx, key, *key_len ); - digest_final ( digest, digest_ctx, key ); - *key_len = digest->digestsize; -} - -/** * Initialise HMAC * * @v digest Digest algorithm to use - * @v digest_ctx Digest context + * @v ctx HMAC context * @v key Key * @v key_len Length of key - * - * The length of the key should be less than the block size of the - * digest algorithm being used. (If the key length is greater, it - * will be replaced with its own digest, and key_len will be updated - * accordingly). */ -void hmac_init ( struct digest_algorithm *digest, void *digest_ctx, - void *key, size_t *key_len ) { - unsigned char k_ipad[digest->blocksize]; +void hmac_init ( struct digest_algorithm *digest, void *ctx, const void *key, + size_t key_len ) { + hmac_context_t ( digest ) *hctx = ctx; unsigned int i; - /* Reduce key if necessary */ - if ( *key_len > sizeof ( k_ipad ) ) - hmac_reduce_key ( digest, key, key_len ); - /* Construct input pad */ - memset ( k_ipad, 0, sizeof ( k_ipad ) ); - memcpy ( k_ipad, key, *key_len ); - for ( i = 0 ; i < sizeof ( k_ipad ) ; i++ ) { - k_ipad[i] ^= 0x36; + memset ( hctx->pad, 0, sizeof ( hctx->pad ) ); + if ( key_len <= sizeof ( hctx->pad ) ) { + memcpy ( hctx->pad, key, key_len ); + } else { + digest_init ( digest, hctx->ctx ); + digest_update ( digest, hctx->ctx, key, key_len ); + digest_final ( digest, hctx->ctx, hctx->pad ); + } + for ( i = 0 ; i < sizeof ( hctx->pad ) ; i++ ) { + hctx->pad[i] ^= 0x36; } - + /* Start inner hash */ - digest_init ( digest, digest_ctx ); - digest_update ( digest, digest_ctx, k_ipad, sizeof ( k_ipad ) ); + digest_init ( digest, hctx->ctx ); + digest_update ( digest, hctx->ctx, hctx->pad, sizeof ( hctx->pad ) ); } /** * Finalise HMAC * * @v digest Digest algorithm to use - * @v digest_ctx Digest context - * @v key Key - * @v key_len Length of key + * @v ctx HMAC context * @v hmac HMAC digest to fill in - * - * The length of the key should be less than the block size of the - * digest algorithm being used. (If the key length is greater, it - * will be replaced with its own digest, and key_len will be updated - * accordingly). */ -void hmac_final ( struct digest_algorithm *digest, void *digest_ctx, - void *key, size_t *key_len, void *hmac ) { - unsigned char k_opad[digest->blocksize]; +void hmac_final ( struct digest_algorithm *digest, void *ctx, void *hmac ) { + hmac_context_t ( digest ) *hctx = ctx; unsigned int i; - /* Reduce key if necessary */ - if ( *key_len > sizeof ( k_opad ) ) - hmac_reduce_key ( digest, key, key_len ); - - /* Construct output pad */ - memset ( k_opad, 0, sizeof ( k_opad ) ); - memcpy ( k_opad, key, *key_len ); - for ( i = 0 ; i < sizeof ( k_opad ) ; i++ ) { - k_opad[i] ^= 0x5c; + /* Construct output pad from input pad */ + for ( i = 0 ; i < sizeof ( hctx->pad ) ; i++ ) { + hctx->pad[i] ^= 0x6a; } - + /* Finish inner hash */ - digest_final ( digest, digest_ctx, hmac ); + digest_final ( digest, hctx->ctx, hmac ); /* Perform outer hash */ - digest_init ( digest, digest_ctx ); - digest_update ( digest, digest_ctx, k_opad, sizeof ( k_opad ) ); - digest_update ( digest, digest_ctx, hmac, digest->digestsize ); - digest_final ( digest, digest_ctx, hmac ); + digest_init ( digest, hctx->ctx ); + digest_update ( digest, hctx->ctx, hctx->pad, sizeof ( hctx->pad ) ); + digest_update ( digest, hctx->ctx, hmac, digest->digestsize ); + digest_final ( digest, hctx->ctx, hmac ); + + /* Erase output pad (from which the key may be derivable) */ + memset ( hctx->pad, 0, sizeof ( hctx->pad ) ); } diff --git a/src/crypto/hmac_drbg.c b/src/crypto/hmac_drbg.c index 0982977..57bde4d 100644 --- a/src/crypto/hmac_drbg.c +++ b/src/crypto/hmac_drbg.c @@ -79,7 +79,7 @@ static void hmac_drbg_update_key ( struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *data, size_t len, const uint8_t single ) { - uint8_t context[ hash->ctxsize ]; + uint8_t context[ hmac_ctxsize ( hash ) ]; size_t out_len = hash->digestsize; DBGC ( state, "HMAC_DRBG_%s %p provided data :\n", hash->name, state ); @@ -92,13 +92,11 @@ static void hmac_drbg_update_key ( struct digest_algorithm *hash, assert ( ( single == 0x00 ) || ( single == 0x01 ) ); /* K = HMAC ( K, V || single || provided_data ) */ - hmac_init ( hash, context, state->key, &out_len ); - assert ( out_len == hash->digestsize ); + hmac_init ( hash, context, state->key, out_len ); hmac_update ( hash, context, state->value, out_len ); hmac_update ( hash, context, &single, sizeof ( single ) ); hmac_update ( hash, context, data, len ); - hmac_final ( hash, context, state->key, &out_len, state->key ); - assert ( out_len == hash->digestsize ); + hmac_final ( hash, context, state->key ); DBGC ( state, "HMAC_DRBG_%s %p K = HMAC ( K, V || %#02x || " "provided_data ) :\n", hash->name, state, single ); @@ -122,7 +120,7 @@ static void hmac_drbg_update_key ( struct digest_algorithm *hash, */ static void hmac_drbg_update_value ( struct digest_algorithm *hash, struct hmac_drbg_state *state ) { - uint8_t context[ hash->ctxsize ]; + uint8_t context[ hmac_ctxsize ( hash ) ]; size_t out_len = hash->digestsize; /* Sanity checks */ @@ -130,11 +128,9 @@ static void hmac_drbg_update_value ( struct digest_algorithm *hash, assert ( state != NULL ); /* V = HMAC ( K, V ) */ - hmac_init ( hash, context, state->key, &out_len ); - assert ( out_len == hash->digestsize ); + hmac_init ( hash, context, state->key, out_len ); hmac_update ( hash, context, state->value, out_len ); - hmac_final ( hash, context, state->key, &out_len, state->value ); - assert ( out_len == hash->digestsize ); + hmac_final ( hash, context, state->value ); DBGC ( state, "HMAC_DRBG_%s %p V = HMAC ( K, V ) :\n", hash->name, state ); diff --git a/src/crypto/ntlm.c b/src/crypto/ntlm.c index 870af21..fb120f8 100644 --- a/src/crypto/ntlm.c +++ b/src/crypto/ntlm.c @@ -117,10 +117,9 @@ void ntlm_key ( const char *domain, const char *username, struct digest_algorithm *md5 = &md5_algorithm; union { uint8_t md4[MD4_CTX_SIZE]; - uint8_t md5[MD5_CTX_SIZE]; + uint8_t md5[ MD5_CTX_SIZE + MD5_BLOCK_SIZE ]; } ctx; uint8_t digest[MD4_DIGEST_SIZE]; - size_t digest_len; uint8_t c; uint16_t wc; @@ -141,8 +140,7 @@ void ntlm_key ( const char *domain, const char *username, digest_final ( md4, ctx.md4, digest ); /* Construct HMAC-MD5 of (Unicode) upper-case username */ - digest_len = sizeof ( digest ); - hmac_init ( md5, ctx.md5, digest, &digest_len ); + hmac_init ( md5, ctx.md5, digest, sizeof ( digest ) ); while ( ( c = *(username++) ) ) { wc = cpu_to_le16 ( toupper ( c ) ); hmac_update ( md5, ctx.md5, &wc, sizeof ( wc ) ); @@ -151,7 +149,7 @@ void ntlm_key ( const char *domain, const char *username, wc = cpu_to_le16 ( c ); hmac_update ( md5, ctx.md5, &wc, sizeof ( wc ) ); } - hmac_final ( md5, ctx.md5, digest, &digest_len, key->raw ); + hmac_final ( md5, ctx.md5, key->raw ); DBGC ( key, "NTLM key:\n" ); DBGC_HDA ( key, 0, key, sizeof ( *key ) ); } @@ -170,8 +168,7 @@ void ntlm_response ( struct ntlm_challenge_info *info, struct ntlm_key *key, struct ntlm_nt_response *nt ) { struct digest_algorithm *md5 = &md5_algorithm; struct ntlm_nonce tmp_nonce; - uint8_t ctx[MD5_CTX_SIZE]; - size_t key_len = sizeof ( *key ); + uint8_t ctx[ MD5_CTX_SIZE + MD5_BLOCK_SIZE ]; unsigned int i; /* Generate random nonce, if needed */ @@ -183,10 +180,10 @@ void ntlm_response ( struct ntlm_challenge_info *info, struct ntlm_key *key, /* Construct LAN Manager response */ memcpy ( &lm->nonce, nonce, sizeof ( lm->nonce ) ); - hmac_init ( md5, ctx, key->raw, &key_len ); + hmac_init ( md5, ctx, key->raw, sizeof ( *key ) ); hmac_update ( md5, ctx, info->nonce, sizeof ( *info->nonce ) ); hmac_update ( md5, ctx, &lm->nonce, sizeof ( lm->nonce ) ); - hmac_final ( md5, ctx, key->raw, &key_len, lm->digest ); + hmac_final ( md5, ctx, lm->digest ); DBGC ( key, "NTLM LAN Manager response:\n" ); DBGC_HDA ( key, 0, lm, sizeof ( *lm ) ); @@ -195,14 +192,14 @@ void ntlm_response ( struct ntlm_challenge_info *info, struct ntlm_key *key, nt->version = NTLM_VERSION_NTLMV2; nt->high = NTLM_VERSION_NTLMV2; memcpy ( &nt->nonce, nonce, sizeof ( nt->nonce ) ); - hmac_init ( md5, ctx, key->raw, &key_len ); + hmac_init ( md5, ctx, key->raw, sizeof ( *key ) ); hmac_update ( md5, ctx, info->nonce, sizeof ( *info->nonce ) ); hmac_update ( md5, ctx, &nt->version, ( sizeof ( *nt ) - offsetof ( typeof ( *nt ), version ) ) ); hmac_update ( md5, ctx, info->target, info->len ); hmac_update ( md5, ctx, &nt->zero, sizeof ( nt->zero ) ); - hmac_final ( md5, ctx, key->raw, &key_len, nt->digest ); + hmac_final ( md5, ctx, nt->digest ); DBGC ( key, "NTLM NT response prefix:\n" ); DBGC_HDA ( key, 0, nt, sizeof ( *nt ) ); } diff --git a/src/crypto/sha1extra.c b/src/crypto/sha1extra.c index cec0d35..9e296eb 100644 --- a/src/crypto/sha1extra.c +++ b/src/crypto/sha1extra.c @@ -49,7 +49,7 @@ void prf_sha1 ( const void *key, size_t key_len, const char *label, u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */ u8 *in_blknr; /* pointer to last byte of in, block number */ u8 out[SHA1_DIGEST_SIZE]; /* HMAC-SHA1 result */ - u8 sha1_ctx[SHA1_CTX_SIZE]; /* SHA1 context */ + u8 ctx[SHA1_CTX_SIZE + SHA1_BLOCK_SIZE]; /* HMAC-SHA1 context */ const size_t label_len = strlen ( label ); /* The HMAC-SHA-1 is calculated using the given key on the @@ -65,9 +65,9 @@ void prf_sha1 ( const void *key, size_t key_len, const char *label, for ( blk = 0 ;; blk++ ) { *in_blknr = blk; - hmac_init ( &sha1_algorithm, sha1_ctx, keym, &key_len ); - hmac_update ( &sha1_algorithm, sha1_ctx, in, sizeof ( in ) ); - hmac_final ( &sha1_algorithm, sha1_ctx, keym, &key_len, out ); + hmac_init ( &sha1_algorithm, ctx, keym, key_len ); + hmac_update ( &sha1_algorithm, ctx, in, sizeof ( in ) ); + hmac_final ( &sha1_algorithm, ctx, out ); if ( prf_len <= sizeof ( out ) ) { memcpy ( prf, out, prf_len ); @@ -100,7 +100,7 @@ static void pbkdf2_sha1_f ( const void *passphrase, size_t pass_len, u8 pass[pass_len]; /* modifiable passphrase */ u8 in[salt_len + 4]; /* input buffer to first round */ u8 last[SHA1_DIGEST_SIZE]; /* output of round N, input of N+1 */ - u8 sha1_ctx[SHA1_CTX_SIZE]; + u8 ctx[SHA1_CTX_SIZE + SHA1_BLOCK_SIZE]; u8 *next_in = in; /* changed to `last' after first round */ int next_size = sizeof ( in ); int i; @@ -114,9 +114,9 @@ static void pbkdf2_sha1_f ( const void *passphrase, size_t pass_len, memset ( block, 0, sizeof ( last ) ); for ( i = 0; i < iterations; i++ ) { - hmac_init ( &sha1_algorithm, sha1_ctx, pass, &pass_len ); - hmac_update ( &sha1_algorithm, sha1_ctx, next_in, next_size ); - hmac_final ( &sha1_algorithm, sha1_ctx, pass, &pass_len, last ); + hmac_init ( &sha1_algorithm, ctx, pass, pass_len ); + hmac_update ( &sha1_algorithm, ctx, next_in, next_size ); + hmac_final ( &sha1_algorithm, ctx, last ); for ( j = 0; j < sizeof ( last ); j++ ) { block[j] ^= last[j]; diff --git a/src/include/ipxe/hmac.h b/src/include/ipxe/hmac.h index 09d3e27..cf9d086 100644 --- a/src/include/ipxe/hmac.h +++ b/src/include/ipxe/hmac.h @@ -10,23 +10,45 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include +/** HMAC context type */ +#define hmac_context_t( digest ) struct { \ + /** Digest context */ \ + uint8_t ctx[ digest->ctxsize ]; \ + /** HMAC input/output padding */ \ + uint8_t pad[ digest->blocksize ]; \ + } __attribute__ (( packed )) + +/** + * Calculate HMAC context size + * + * @v digest Digest algorithm to use + * @ret len HMAC context size + */ +static inline __attribute__ (( always_inline )) size_t +hmac_ctxsize ( struct digest_algorithm *digest ) { + hmac_context_t ( digest ) *hctx; + + return sizeof ( *hctx ); +} + /** * Update HMAC * * @v digest Digest algorithm to use - * @v digest_ctx Digest context + * @v ctx HMAC context * @v data Data * @v len Length of data */ -static inline void hmac_update ( struct digest_algorithm *digest, - void *digest_ctx, const void *data, - size_t len ) { - digest_update ( digest, digest_ctx, data, len ); +static inline void hmac_update ( struct digest_algorithm *digest, void *ctx, + const void *data, size_t len ) { + hmac_context_t ( digest ) *hctx = ctx; + + digest_update ( digest, hctx->ctx, data, len ); } -extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx, - void *key, size_t *key_len ); -extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx, - void *key, size_t *key_len, void *hmac ); +extern void hmac_init ( struct digest_algorithm *digest, void *ctx, + const void *key, size_t key_len ); +extern void hmac_final ( struct digest_algorithm *digest, void *ctx, + void *hmac ); #endif /* _IPXE_HMAC_H */ diff --git a/src/include/ipxe/md4.h b/src/include/ipxe/md4.h index 8f172e6..9f6cb8a 100644 --- a/src/include/ipxe/md4.h +++ b/src/include/ipxe/md4.h @@ -65,6 +65,9 @@ struct md4_context { /** MD4 context size */ #define MD4_CTX_SIZE sizeof ( struct md4_context ) +/** MD4 block size */ +#define MD4_BLOCK_SIZE sizeof ( union md4_block ) + /** MD4 digest size */ #define MD4_DIGEST_SIZE sizeof ( struct md4_digest ) diff --git a/src/include/ipxe/md5.h b/src/include/ipxe/md5.h index 05c3974..527ad36 100644 --- a/src/include/ipxe/md5.h +++ b/src/include/ipxe/md5.h @@ -65,6 +65,9 @@ struct md5_context { /** MD5 context size */ #define MD5_CTX_SIZE sizeof ( struct md5_context ) +/** MD5 block size */ +#define MD5_BLOCK_SIZE sizeof ( union md5_block ) + /** MD5 digest size */ #define MD5_DIGEST_SIZE sizeof ( struct md5_digest ) diff --git a/src/include/ipxe/sha1.h b/src/include/ipxe/sha1.h index a97035e..9cbbebd 100644 --- a/src/include/ipxe/sha1.h +++ b/src/include/ipxe/sha1.h @@ -65,6 +65,9 @@ struct sha1_context { /** SHA-1 context size */ #define SHA1_CTX_SIZE sizeof ( struct sha1_context ) +/** SHA-1 block size */ +#define SHA1_BLOCK_SIZE sizeof ( union sha1_block ) + /** SHA-1 digest size */ #define SHA1_DIGEST_SIZE sizeof ( struct sha1_digest ) diff --git a/src/include/ipxe/sha256.h b/src/include/ipxe/sha256.h index e234cce..f226ad0 100644 --- a/src/include/ipxe/sha256.h +++ b/src/include/ipxe/sha256.h @@ -70,6 +70,9 @@ struct sha256_context { /** SHA-256 context size */ #define SHA256_CTX_SIZE sizeof ( struct sha256_context ) +/** SHA-256 block size */ +#define SHA256_BLOCK_SIZE sizeof ( union sha256_block ) + /** SHA-256 digest size */ #define SHA256_DIGEST_SIZE sizeof ( struct sha256_digest ) diff --git a/src/include/ipxe/sha512.h b/src/include/ipxe/sha512.h index 8e22d83..82a9e4e 100644 --- a/src/include/ipxe/sha512.h +++ b/src/include/ipxe/sha512.h @@ -72,6 +72,9 @@ struct sha512_context { /** SHA-512 context size */ #define SHA512_CTX_SIZE sizeof ( struct sha512_context ) +/** SHA-512 block size */ +#define SHA512_BLOCK_SIZE sizeof ( union sha512_block ) + /** SHA-512 digest size */ #define SHA512_DIGEST_SIZE sizeof ( struct sha512_digest ) diff --git a/src/net/80211/wpa_ccmp.c b/src/net/80211/wpa_ccmp.c index a073c6a..0abd217 100644 --- a/src/net/80211/wpa_ccmp.c +++ b/src/net/80211/wpa_ccmp.c @@ -478,16 +478,15 @@ struct net80211_crypto ccmp_crypto __net80211_crypto = { static void ccmp_kie_mic ( const void *kck, const void *msg, size_t len, void *mic ) { - u8 sha1_ctx[SHA1_CTX_SIZE]; + u8 ctx[SHA1_CTX_SIZE + SHA1_BLOCK_SIZE]; u8 kckb[16]; u8 hash[SHA1_DIGEST_SIZE]; - size_t kck_len = 16; - memcpy ( kckb, kck, kck_len ); + memcpy ( kckb, kck, sizeof ( kckb ) ); - hmac_init ( &sha1_algorithm, sha1_ctx, kckb, &kck_len ); - hmac_update ( &sha1_algorithm, sha1_ctx, msg, len ); - hmac_final ( &sha1_algorithm, sha1_ctx, kckb, &kck_len, hash ); + hmac_init ( &sha1_algorithm, ctx, kckb, sizeof ( kckb ) ); + hmac_update ( &sha1_algorithm, ctx, msg, len ); + hmac_final ( &sha1_algorithm, ctx, hash ); memcpy ( mic, hash, 16 ); } diff --git a/src/net/80211/wpa_tkip.c b/src/net/80211/wpa_tkip.c index 3b1934b..3bd6515 100644 --- a/src/net/80211/wpa_tkip.c +++ b/src/net/80211/wpa_tkip.c @@ -545,15 +545,14 @@ struct net80211_crypto tkip_crypto __net80211_crypto = { static void tkip_kie_mic ( const void *kck, const void *msg, size_t len, void *mic ) { - uint8_t ctx[MD5_CTX_SIZE]; + uint8_t ctx[MD5_CTX_SIZE + MD5_BLOCK_SIZE]; u8 kckb[16]; - size_t kck_len = 16; - memcpy ( kckb, kck, kck_len ); + memcpy ( kckb, kck, sizeof ( kckb ) ); - hmac_init ( &md5_algorithm, ctx, kckb, &kck_len ); + hmac_init ( &md5_algorithm, ctx, kckb, sizeof ( kckb ) ); hmac_update ( &md5_algorithm, ctx, msg, len ); - hmac_final ( &md5_algorithm, ctx, kckb, &kck_len, mic ); + hmac_final ( &md5_algorithm, ctx, mic ); } /** diff --git a/src/net/pccrc.c b/src/net/pccrc.c index 4cd82cd..a94bc0e 100644 --- a/src/net/pccrc.c +++ b/src/net/pccrc.c @@ -104,9 +104,8 @@ static void peerdist_info_segment_hash ( struct peerdist_info_segment *segment, const void *hash, const void *secret ){ const struct peerdist_info *info = segment->info; struct digest_algorithm *digest = info->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; size_t digestsize = info->digestsize; - size_t secretsize = digestsize; static const uint16_t magic[] = PEERDIST_SEGMENT_ID_MAGIC; /* Sanity check */ @@ -121,12 +120,10 @@ static void peerdist_info_segment_hash ( struct peerdist_info_segment *segment, memcpy ( segment->secret, secret, digestsize ); /* Calculate segment identifier */ - hmac_init ( digest, ctx, segment->secret, &secretsize ); - assert ( secretsize == digestsize ); + hmac_init ( digest, ctx, segment->secret, digestsize ); hmac_update ( digest, ctx, segment->hash, digestsize ); hmac_update ( digest, ctx, magic, sizeof ( magic ) ); - hmac_final ( digest, ctx, segment->secret, &secretsize, segment->id ); - assert ( secretsize == digestsize ); + hmac_final ( digest, ctx, segment->id ); } /****************************************************************************** diff --git a/src/net/tls.c b/src/net/tls.c index 3c41444..21f7073 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -458,17 +458,17 @@ static int tls_generate_random ( struct tls_connection *tls, * Update HMAC with a list of ( data, len ) pairs * * @v digest Hash function to use - * @v digest_ctx Digest context + * @v ctx HMAC context * @v args ( data, len ) pairs of data, terminated by NULL */ static void tls_hmac_update_va ( struct digest_algorithm *digest, - void *digest_ctx, va_list args ) { + void *ctx, va_list args ) { void *data; size_t len; while ( ( data = va_arg ( args, void * ) ) ) { len = va_arg ( args, size_t ); - hmac_update ( digest, digest_ctx, data, len ); + hmac_update ( digest, ctx, data, len ); } } @@ -485,43 +485,38 @@ static void tls_hmac_update_va ( struct digest_algorithm *digest, */ static void tls_p_hash_va ( struct tls_connection *tls, struct digest_algorithm *digest, - void *secret, size_t secret_len, + const void *secret, size_t secret_len, void *out, size_t out_len, va_list seeds ) { - uint8_t secret_copy[secret_len]; - uint8_t digest_ctx[digest->ctxsize]; - uint8_t digest_ctx_partial[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; + uint8_t ctx_partial[ sizeof ( ctx ) ]; uint8_t a[digest->digestsize]; uint8_t out_tmp[digest->digestsize]; size_t frag_len = digest->digestsize; va_list tmp; - /* Copy the secret, in case HMAC modifies it */ - memcpy ( secret_copy, secret, secret_len ); - secret = secret_copy; DBGC2 ( tls, "TLS %p %s secret:\n", tls, digest->name ); DBGC2_HD ( tls, secret, secret_len ); /* Calculate A(1) */ - hmac_init ( digest, digest_ctx, secret, &secret_len ); + hmac_init ( digest, ctx, secret, secret_len ); va_copy ( tmp, seeds ); - tls_hmac_update_va ( digest, digest_ctx, tmp ); + tls_hmac_update_va ( digest, ctx, tmp ); va_end ( tmp ); - hmac_final ( digest, digest_ctx, secret, &secret_len, a ); + hmac_final ( digest, ctx, a ); DBGC2 ( tls, "TLS %p %s A(1):\n", tls, digest->name ); DBGC2_HD ( tls, &a, sizeof ( a ) ); /* Generate as much data as required */ while ( out_len ) { /* Calculate output portion */ - hmac_init ( digest, digest_ctx, secret, &secret_len ); - hmac_update ( digest, digest_ctx, a, sizeof ( a ) ); - memcpy ( digest_ctx_partial, digest_ctx, digest->ctxsize ); + hmac_init ( digest, ctx, secret, secret_len ); + hmac_update ( digest, ctx, a, sizeof ( a ) ); + memcpy ( ctx_partial, ctx, sizeof ( ctx_partial ) ); va_copy ( tmp, seeds ); - tls_hmac_update_va ( digest, digest_ctx, tmp ); + tls_hmac_update_va ( digest, ctx, tmp ); va_end ( tmp ); - hmac_final ( digest, digest_ctx, - secret, &secret_len, out_tmp ); + hmac_final ( digest, ctx, out_tmp ); /* Copy output */ if ( frag_len > out_len ) @@ -531,8 +526,7 @@ static void tls_p_hash_va ( struct tls_connection *tls, DBGC2_HD ( tls, out, frag_len ); /* Calculate A(i) */ - hmac_final ( digest, digest_ctx_partial, - secret, &secret_len, a ); + hmac_final ( digest, ctx_partial, a ); DBGC2 ( tls, "TLS %p %s A(n):\n", tls, digest->name ); DBGC2_HD ( tls, &a, sizeof ( a ) ); @@ -551,13 +545,13 @@ static void tls_p_hash_va ( struct tls_connection *tls, * @v out_len Length of output buffer * @v ... ( data, len ) pairs of seed data, terminated by NULL */ -static void tls_prf ( struct tls_connection *tls, void *secret, +static void tls_prf ( struct tls_connection *tls, const void *secret, size_t secret_len, void *out, size_t out_len, ... ) { va_list seeds; va_list tmp; size_t subsecret_len; - void *md5_secret; - void *sha1_secret; + const void *md5_secret; + const void *sha1_secret; uint8_t buf[out_len]; unsigned int i; @@ -2213,7 +2207,7 @@ static void tls_hmac_init ( struct tls_cipherspec *cipherspec, void *ctx, uint64_t seq, struct tls_header *tlshdr ) { struct digest_algorithm *digest = cipherspec->suite->digest; - hmac_init ( digest, ctx, cipherspec->mac_secret, &digest->digestsize ); + hmac_init ( digest, ctx, cipherspec->mac_secret, digest->digestsize ); seq = cpu_to_be64 ( seq ); hmac_update ( digest, ctx, &seq, sizeof ( seq ) ); hmac_update ( digest, ctx, tlshdr, sizeof ( *tlshdr ) ); @@ -2245,8 +2239,7 @@ static void tls_hmac_final ( struct tls_cipherspec *cipherspec, void *ctx, void *hmac ) { struct digest_algorithm *digest = cipherspec->suite->digest; - hmac_final ( digest, ctx, cipherspec->mac_secret, - &digest->digestsize, hmac ); + hmac_final ( digest, ctx, hmac ); } /** @@ -2263,7 +2256,7 @@ static void tls_hmac ( struct tls_cipherspec *cipherspec, uint64_t seq, struct tls_header *tlshdr, const void *data, size_t len, void *hmac ) { struct digest_algorithm *digest = cipherspec->suite->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; tls_hmac_init ( cipherspec, ctx, seq, tlshdr ); tls_hmac_update ( cipherspec, ctx, data, len ); @@ -2545,7 +2538,7 @@ static int tls_new_ciphertext ( struct tls_connection *tls, struct tls_cipherspec *cipherspec = &tls->rx_cipherspec; struct cipher_algorithm *cipher = cipherspec->suite->cipher; struct digest_algorithm *digest = cipherspec->suite->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; uint8_t verify_mac[digest->digestsize]; struct io_buffer *iobuf; void *mac; diff --git a/src/tests/hmac_test.c b/src/tests/hmac_test.c index 871926f..5267999 100644 --- a/src/tests/hmac_test.c +++ b/src/tests/hmac_test.c @@ -100,26 +100,22 @@ struct hmac_test { static void hmac_okx ( struct hmac_test *test, const char *file, unsigned int line ) { struct digest_algorithm *digest = test->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; uint8_t hmac[digest->digestsize]; - uint8_t key[test->key_len]; - size_t key_len; /* Sanity checks */ + okx ( sizeof ( ctx ) == ( digest->ctxsize + digest->blocksize ), + file, line ); okx ( test->expected_len == digest->digestsize, file, line ); - /* Create modifiable copy of key */ - memcpy ( key, test->key, test->key_len ); - key_len = test->key_len; - /* Calculate HMAC */ DBGC ( test, "HMAC-%s key:\n", digest->name ); DBGC_HDA ( test, 0, test->key, test->key_len ); DBGC ( test, "HMAC-%s data:\n", digest->name ); DBGC_HDA ( test, 0, test->data, test->data_len ); - hmac_init ( digest, ctx, key, &key_len ); + hmac_init ( digest, ctx, test->key, test->key_len ); hmac_update ( digest, ctx, test->data, test->data_len ); - hmac_final ( digest, ctx, key, &key_len, hmac ); + hmac_final ( digest, ctx, hmac ); DBGC ( test, "HMAC-%s result:\n", digest->name ); DBGC_HDA ( test, 0, hmac, sizeof ( hmac ) ); diff --git a/src/tests/pccrc_test.c b/src/tests/pccrc_test.c index f4ab573..e694932 100644 --- a/src/tests/pccrc_test.c +++ b/src/tests/pccrc_test.c @@ -467,11 +467,10 @@ peerdist_info_passphrase_okx ( struct peerdist_info_segment_test *test, uint8_t *pass, size_t pass_len, const char *file, unsigned int line ) { struct digest_algorithm *digest = info->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; uint8_t secret[digest->digestsize]; uint8_t expected[digest->digestsize]; size_t digestsize = info->digestsize; - size_t secretsize = digestsize; /* Calculate server secret */ digest_init ( digest, ctx ); @@ -479,11 +478,9 @@ peerdist_info_passphrase_okx ( struct peerdist_info_segment_test *test, digest_final ( digest, ctx, secret ); /* Calculate expected segment secret */ - hmac_init ( digest, ctx, secret, &secretsize ); - assert ( secretsize == digestsize ); + hmac_init ( digest, ctx, secret, digestsize ); hmac_update ( digest, ctx, test->expected_hash, digestsize ); - hmac_final ( digest, ctx, secret, &secretsize, expected ); - assert ( secretsize == digestsize ); + hmac_final ( digest, ctx, expected ); /* Verify segment secret */ okx ( memcmp ( test->expected_secret, expected, digestsize ) == 0, -- cgit v1.1