1/* 2 * Copyright (c) 2000-2001,2005-2007,2010-2012,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * tls_digest.c - Hash implementations 26 */ 27 28/* THIS FILE CONTAINS KERNEL CODE */ 29 30#include "tls_digest.h" 31#include "sslTypes.h" 32 33#include <string.h> 34 35#define DIGEST_PRINT 0 36#if DIGEST_PRINT 37#define dgprintf(s) printf s 38#else 39#define dgprintf(s) 40#endif 41 42const uint8_t SSLMACPad1[MAX_MAC_PADDING] = 43{ 44 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 45 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 46 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 47 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 48 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 49 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 50}; 51 52const uint8_t SSLMACPad2[MAX_MAC_PADDING] = 53{ 54 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, 55 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, 56 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, 57 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, 58 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, 59 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C 60}; 61 62/*** NULL ***/ 63static int HashNullInit(SSLBuffer *digestCtx) { 64 return 0; 65} 66static int HashNullUpdate(SSLBuffer *digestCtx, const SSLBuffer *data) { 67 return 0; 68} 69static int HashNullFinal(SSLBuffer *digestCtx, SSLBuffer *digest) { 70 return 0; 71} 72static int HashNullClose(SSLBuffer *digestCtx) { 73 return 0; 74} 75static int HashNullClone(const SSLBuffer *src, SSLBuffer *dest) { 76 return 0; 77} 78 79#ifdef KERNEL 80 81// Kernel based implementation 82#include <corecrypto/ccdigest.h> 83#include <corecrypto/ccmd5.h> 84#include <corecrypto/ccsha1.h> 85#include <corecrypto/ccsha2.h> 86#include <AssertMacros.h> 87 88static int ccHashInit(const struct ccdigest_info *di, SSLBuffer *digestCtx) 89{ 90 ccdigest_ctx_t ctx = (ccdigest_ctx_t)(struct ccdigest_ctx *)digestCtx->data; 91 check(digestCtx->length >= ccdigest_di_size(di)); 92 ccdigest_init(di, ctx); 93 return 0; 94} 95 96static int ccHashUpdate(const struct ccdigest_info *di, SSLBuffer *digestCtx, const SSLBuffer *data) 97{ 98 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ 99 ccdigest_ctx_t ctx = (ccdigest_ctx_t)(struct ccdigest_ctx *)digestCtx->data; 100 check(digestCtx->length >= ccdigest_di_size(di)); 101 ccdigest_update(di, ctx, data->length, data->data); 102 return 0; 103} 104 105static int ccHashFinal(const struct ccdigest_info *di, SSLBuffer *digestCtx, SSLBuffer *digest) 106{ 107 ccdigest_ctx_t ctx = (ccdigest_ctx_t)(struct ccdigest_ctx *)digestCtx->data; 108 check(digestCtx->length >= ccdigest_di_size(di)); 109 check(digest->length >= di->output_size); 110 ccdigest_final(di, ctx, digest->data); 111 digest->length = di->output_size; 112 return 0; 113} 114 115static int ccHashClose(const struct ccdigest_info *di, SSLBuffer *digestCtx) 116{ 117 check(digestCtx->length >= ccdigest_di_size(di)); 118 return 0; 119} 120 121static int ccHashClone(const struct ccdigest_info *di, const SSLBuffer *src, SSLBuffer *dst) 122{ 123 check(src->length >= ccdigest_di_size(di)); 124 check(dst->length >= ccdigest_di_size(di)); 125 memcpy(dst->data, src->data, ccdigest_di_size(di)); 126 return 0; 127 128} 129 130#define SSL_MD5_DIGEST_LENGTH (CCMD5_OUTPUT_SIZE) 131#define SSL_SHA1_DIGEST_LENGTH (CCSHA1_OUTPUT_SIZE) 132#define SSL_SHA256_DIGEST_LENGTH (CCSHA256_OUTPUT_SIZE) 133#define SSL_SHA384_DIGEST_LENGTH (CCSHA384_OUTPUT_SIZE) 134 135#define SSL_MD5_CONTEXT_SIZE (ccdigest_ctx_size(CCMD5_STATE_SIZE, CCMD5_BLOCK_SIZE)) 136#define SSL_SHA1_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA1_STATE_SIZE, CCSHA1_BLOCK_SIZE)) 137#define SSL_SHA256_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA256_STATE_SIZE, CCSHA256_BLOCK_SIZE)) 138#define SSL_SHA384_CONTEXT_SIZE (ccdigest_ctx_size(CCSHA512_STATE_SIZE, CCSHA512_BLOCK_SIZE)) 139 140#define SSL_SHA256_BLOCK_BYTES CCSHA256_BLOCK_SIZE 141#define SSL_SHA384_BLOCK_BYTES CCSHA512_BLOCK_SIZE 142 143/*** MD5 ***/ 144static int HashMD5Init(SSLBuffer *digestCtx) 145{ 146 return ccHashInit(ccmd5_di(), digestCtx); 147} 148 149static int HashMD5Update(SSLBuffer *digestCtx, const SSLBuffer *data) 150{ 151 return ccHashUpdate(ccmd5_di(), digestCtx, data); 152} 153 154static int HashMD5Final(SSLBuffer *digestCtx, SSLBuffer *digest) 155{ 156 return ccHashFinal(ccmd5_di(), digestCtx, digest); 157} 158 159static int HashMD5Close(SSLBuffer *digestCtx) 160{ 161 return ccHashClose(ccmd5_di(), digestCtx); 162} 163 164static int HashMD5Clone(const SSLBuffer *src, SSLBuffer *dst) 165{ 166 return ccHashClone(ccmd5_di(), src, dst); 167} 168 169/*** SHA1 ***/ 170static int HashSHA1Init(SSLBuffer *digestCtx) 171{ 172 return ccHashInit(ccsha1_di(), digestCtx); 173} 174 175static int HashSHA1Update(SSLBuffer *digestCtx, const SSLBuffer *data) 176{ 177 return ccHashUpdate(ccsha1_di(), digestCtx, data); 178} 179 180static int HashSHA1Final(SSLBuffer *digestCtx, SSLBuffer *digest) 181{ 182 return ccHashFinal(ccsha1_di(), digestCtx, digest); 183} 184 185static int HashSHA1Close(SSLBuffer *digestCtx) 186{ 187 return ccHashClose(ccsha1_di(), digestCtx);} 188 189static int HashSHA1Clone(const SSLBuffer *src, SSLBuffer *dst) 190{ 191 return ccHashClone(ccsha1_di(), src, dst); 192} 193 194/*** SHA256 ***/ 195static int HashSHA256Init(SSLBuffer *digestCtx) 196{ 197 return ccHashInit(ccsha256_di(), digestCtx); 198} 199 200static int HashSHA256Update(SSLBuffer *digestCtx, const SSLBuffer *data) 201{ 202 return ccHashUpdate(ccsha256_di(), digestCtx, data); 203} 204 205static int HashSHA256Final(SSLBuffer *digestCtx, SSLBuffer *digest) 206{ 207 return ccHashFinal(ccsha256_di(), digestCtx, digest); 208} 209 210static int HashSHA256Close(SSLBuffer *digestCtx) 211{ 212 return ccHashClose(ccsha256_di(), digestCtx); 213} 214 215static int HashSHA256Clone(const SSLBuffer *src, SSLBuffer *dst) 216{ 217 return ccHashClone(ccsha256_di(), src, dst); 218} 219 220/*** SHA384 ***/ 221static int HashSHA384Init(SSLBuffer *digestCtx) 222{ 223 return ccHashInit(ccsha384_di(), digestCtx); 224} 225 226static int HashSHA384Update(SSLBuffer *digestCtx, const SSLBuffer *data) 227{ 228 return ccHashUpdate(ccsha384_di(), digestCtx, data); 229} 230 231static int HashSHA384Final(SSLBuffer *digestCtx, SSLBuffer *digest) 232{ 233 return ccHashFinal(ccsha384_di(), digestCtx, digest); 234} 235 236static int HashSHA384Close(SSLBuffer *digestCtx) 237{ 238 return ccHashClose(ccsha384_di(), digestCtx); 239} 240 241static int HashSHA384Clone(const SSLBuffer *src, SSLBuffer *dst) 242{ 243 return ccHashClone(ccsha384_di(), src, dst); 244} 245 246#else 247 248// CommonCrypto based implementation 249#include <CommonCrypto/CommonDigest.h> 250#include <assert.h> 251 252#define SSL_MD5_DIGEST_LENGTH CC_MD5_DIGEST_LENGTH 253#define SSL_SHA1_DIGEST_LENGTH CC_SHA1_DIGEST_LENGTH 254#define SSL_SHA256_DIGEST_LENGTH CC_SHA256_DIGEST_LENGTH 255#define SSL_SHA384_DIGEST_LENGTH CC_SHA384_DIGEST_LENGTH 256 257#define SSL_MD5_CONTEXT_SIZE (sizeof(CC_MD5_CTX)) 258#define SSL_SHA1_CONTEXT_SIZE (sizeof(CC_SHA1_CTX)) 259#define SSL_SHA256_CONTEXT_SIZE (sizeof(CC_SHA256_CTX)) 260#define SSL_SHA384_CONTEXT_SIZE (sizeof(CC_SHA512_CTX)) 261 262#define SSL_SHA256_BLOCK_BYTES CC_SHA256_BLOCK_BYTES 263#define SSL_SHA384_BLOCK_BYTES CC_SHA512_BLOCK_BYTES 264 265/*** MD5 ***/ 266static int HashMD5Init(SSLBuffer *digestCtx) 267{ 268 assert(digestCtx->length >= sizeof(CC_MD5_CTX)); 269 CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data; 270 CC_MD5_Init(ctx); 271 dgprintf(("###HashMD5Init ctx %p\n", ctx)); 272 return 0; 273} 274 275static int HashMD5Update(SSLBuffer *digestCtx, const SSLBuffer *data) 276{ 277 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ 278 assert(digestCtx->length >= sizeof(CC_MD5_CTX)); 279 CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data; 280 CC_MD5_Update(ctx, data->data, (CC_LONG)data->length); 281 return 0; 282} 283 284static int HashMD5Final(SSLBuffer *digestCtx, SSLBuffer *digest) 285{ 286 assert(digestCtx->length >= sizeof(CC_MD5_CTX)); 287 CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data; 288 dgprintf(("###HashMD5Final ctx %p\n", ctx)); 289 assert(digest->length >= CC_MD5_DIGEST_LENGTH); 290 //if (digest->length < CC_MD5_DIGEST_LENGTH) 291 // return errSSLCrypto; 292 CC_MD5_Final(digest->data, ctx); 293 digest->length = CC_MD5_DIGEST_LENGTH; 294 return 0; 295} 296 297static int HashMD5Close(SSLBuffer *digestCtx) 298{ 299 assert(digestCtx->length >= sizeof(CC_MD5_CTX)); 300 return 0; 301} 302 303static int HashMD5Clone(const SSLBuffer *src, SSLBuffer *dst) 304{ 305 CC_MD5_CTX *srcCtx; 306 CC_MD5_CTX *dstCtx; 307 308 assert(src->length >= sizeof(CC_MD5_CTX)); 309 assert(dst->length >= sizeof(CC_MD5_CTX)); 310 311 srcCtx = (CC_MD5_CTX *)src->data; 312 dstCtx = (CC_MD5_CTX *)dst->data; 313 dgprintf(("###HashMD5Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); 314 315 memcpy(dstCtx, srcCtx, sizeof(CC_MD5_CTX)); 316 return 0; 317} 318 319/*** SHA1 ***/ 320static int HashSHA1Init(SSLBuffer *digestCtx) 321{ 322 assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); 323 CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data; 324 CC_SHA1_Init(ctx); 325 dgprintf(("###HashSHA1Init ctx %p\n", ctx)); 326 return 0; 327} 328 329static int HashSHA1Update(SSLBuffer *digestCtx, const SSLBuffer *data) 330{ 331 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ 332 assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); 333 CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data; 334 CC_SHA1_Update(ctx, data->data, (CC_LONG)data->length); 335 return 0; 336} 337 338static int HashSHA1Final(SSLBuffer *digestCtx, SSLBuffer *digest) 339{ 340 assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); 341 CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data; 342 dgprintf(("###HashSHA1Final ctx %p\n", ctx)); 343 assert(digest->length >= CC_SHA1_DIGEST_LENGTH); 344 //if (digest->length < CC_SHA1_DIGEST_LENGTH) 345 // return errSSLCrypto; 346 CC_SHA1_Final(digest->data, ctx); 347 digest->length = CC_SHA1_DIGEST_LENGTH; 348 return 0; 349} 350 351static int HashSHA1Close(SSLBuffer *digestCtx) 352{ 353 assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); 354 return 0; 355} 356 357static int HashSHA1Clone(const SSLBuffer *src, SSLBuffer *dst) 358{ 359 CC_SHA1_CTX *srcCtx; 360 CC_SHA1_CTX *dstCtx; 361 362 assert(src->length >= sizeof(CC_SHA1_CTX)); 363 assert(dst->length >= sizeof(CC_SHA1_CTX)); 364 365 srcCtx = (CC_SHA1_CTX *)src->data; 366 dstCtx = (CC_SHA1_CTX *)dst->data; 367 dgprintf(("###HashSHA1Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); 368 369 memcpy(dstCtx, srcCtx, sizeof(CC_SHA1_CTX)); 370 return 0; 371} 372 373/*** SHA256 ***/ 374static int HashSHA256Init(SSLBuffer *digestCtx) 375{ 376 assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); 377 CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data; 378 CC_SHA256_Init(ctx); 379 dgprintf(("###HashSHA256Init ctx %p\n", ctx)); 380 return 0; 381} 382 383static int HashSHA256Update(SSLBuffer *digestCtx, const SSLBuffer *data) 384{ 385 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ 386 assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); 387 CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data; 388 CC_SHA256_Update(ctx, data->data, (CC_LONG)data->length); 389 return 0; 390} 391 392static int HashSHA256Final(SSLBuffer *digestCtx, SSLBuffer *digest) 393{ 394 assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); 395 CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data; 396 dgprintf(("###HashSHA256Final ctx %p\n", ctx)); 397 assert(digest->length >= CC_SHA256_DIGEST_LENGTH); 398 //if (digest->length < CC_SHA256_DIGEST_LENGTH) 399 // return errSSLCrypto; 400 CC_SHA256_Final(digest->data, ctx); 401 digest->length = CC_SHA256_DIGEST_LENGTH; 402 return 0; 403} 404 405static int HashSHA256Close(SSLBuffer *digestCtx) 406{ 407 assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); 408 return 0; 409} 410 411static int HashSHA256Clone(const SSLBuffer *src, SSLBuffer *dst) 412{ 413 CC_SHA256_CTX *srcCtx; 414 CC_SHA256_CTX *dstCtx; 415 416 assert(src->length >= sizeof(CC_SHA256_CTX)); 417 assert(dst->length >= sizeof(CC_SHA256_CTX)); 418 419 srcCtx = (CC_SHA256_CTX *)src->data; 420 dstCtx = (CC_SHA256_CTX *)dst->data; 421 dgprintf(("###HashSHA256Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); 422 423 memcpy(dstCtx, srcCtx, sizeof(CC_SHA256_CTX)); 424 return 0; 425} 426 427/*** SHA384 ***/ 428static int HashSHA384Init(SSLBuffer *digestCtx) 429{ 430 assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); 431 CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data; 432 CC_SHA384_Init(ctx); 433 dgprintf(("###HashSHA384Init ctx %p\n", ctx)); 434 return 0; 435} 436 437static int HashSHA384Update(SSLBuffer *digestCtx, const SSLBuffer *data) 438{ 439 /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ 440 assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); 441 CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data; 442 CC_SHA384_Update(ctx, data->data, (CC_LONG)data->length); 443 return 0; 444} 445 446static int HashSHA384Final(SSLBuffer *digestCtx, SSLBuffer *digest) 447{ 448 assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); 449 CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data; 450 dgprintf(("###HashSHA384Final ctx %p\n", ctx)); 451 assert(digest->length >= CC_SHA384_DIGEST_LENGTH); 452 //if (digest->length < CC_SHA384_DIGEST_LENGTH) 453 // return errSSLCrypto; 454 CC_SHA384_Final(digest->data, ctx); 455 digest->length = CC_SHA384_DIGEST_LENGTH; 456 return 0; 457} 458 459static int HashSHA384Close(SSLBuffer *digestCtx) 460{ 461 assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); 462 return 0; 463} 464 465static int HashSHA384Clone(const SSLBuffer *src, SSLBuffer *dst) 466{ 467 CC_SHA512_CTX *srcCtx; 468 CC_SHA512_CTX *dstCtx; 469 470 assert(src->length >= sizeof(CC_SHA512_CTX)); 471 assert(dst->length >= sizeof(CC_SHA512_CTX)); 472 473 srcCtx = (CC_SHA512_CTX *)src->data; 474 dstCtx = (CC_SHA512_CTX *)dst->data; 475 dgprintf(("###HashSHA384Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); 476 477 memcpy(dstCtx, srcCtx, sizeof(CC_SHA512_CTX)); 478 return 0; 479} 480 481#endif 482 483/* 484 * These are the handles by which the bulk of digesting work 485 * is done. 486 */ 487const HashReference SSLHashNull = 488{ 489 0, 490 0, 491 0, 492 HashNullInit, 493 HashNullUpdate, 494 HashNullFinal, 495 HashNullClose, 496 HashNullClone 497}; 498 499const HashReference SSLHashMD5 = 500{ 501 SSL_MD5_DIGEST_LENGTH, 502 48, 503 SSL_MD5_CONTEXT_SIZE, 504 HashMD5Init, 505 HashMD5Update, 506 HashMD5Final, 507 HashMD5Close, 508 HashMD5Clone 509}; 510 511const HashReference SSLHashSHA1 = 512{ 513 SSL_SHA1_DIGEST_LENGTH, 514 40, 515 SSL_SHA1_CONTEXT_SIZE, 516 HashSHA1Init, 517 HashSHA1Update, 518 HashSHA1Final, 519 HashSHA1Close, 520 HashSHA1Clone 521}; 522 523const HashReference SSLHashSHA256 = 524{ 525 SSL_SHA256_DIGEST_LENGTH, 526 SSL_SHA256_BLOCK_BYTES, 527 SSL_SHA256_CONTEXT_SIZE, 528 HashSHA256Init, 529 HashSHA256Update, 530 HashSHA256Final, 531 HashSHA256Close, 532 HashSHA256Clone 533}; 534 535const HashReference SSLHashSHA384 = 536{ 537 SSL_SHA384_DIGEST_LENGTH, 538 SSL_SHA384_BLOCK_BYTES, 539 SSL_SHA384_CONTEXT_SIZE, 540 HashSHA384Init, 541 HashSHA384Update, 542 HashSHA384Final, 543 HashSHA384Close, 544 HashSHA384Clone 545}; 546