Make hmac_ctx optional

Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-03-25 16:08:53 +01:00
parent dfb3dc8b53
commit 4063ceb281
16 changed files with 37 additions and 31 deletions

View File

@ -6,6 +6,7 @@ Features
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
* md_init_ctx() gained a new argument for optional hmac usage
* Removed individual mdX_hmac and shaX_hmac functions (use generic
md_hmac functions from md.h)
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).

View File

@ -142,12 +142,14 @@ void md_free( md_context_t *ctx );
* digest-specific context (ctx->md_ctx) must be NULL. It will
* be allocated, and must be freed using md_free() later.
* \param md_info message digest to use.
* \param hmac non-zero if you want to use this context for hmac too,
* zero otherwise (saves some memory).
*
* \returns \c 0 on success, \c POLARSSL_ERR_MD_BAD_INPUT_DATA on
* parameter failure, \c POLARSSL_ERR_MD_ALLOC_FAILED if
* allocation of the digest-specific context failed.
*/
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac );
/**
* \brief Returns the size of the message digest output.

View File

@ -97,7 +97,7 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx,
md_init( &ctx->md_ctx );
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
/*
@ -171,7 +171,7 @@ int hmac_drbg_init( hmac_drbg_context *ctx,
md_init( &ctx->md_ctx );
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
md_size = md_get_size( md_info );

View File

@ -199,7 +199,7 @@ void md_free( md_context_t *ctx )
polarssl_zeroize( ctx, sizeof( md_context_t ) );
}
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac )
{
if( md_info == NULL || ctx == NULL )
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
@ -209,11 +209,14 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
return( POLARSSL_ERR_MD_ALLOC_FAILED );
ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size );
if( ctx->hmac_ctx == NULL )
if( hmac != 0 )
{
md_info->ctx_free_func( ctx->md_ctx );
return( POLARSSL_ERR_MD_ALLOC_FAILED );
ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size );
if( ctx->hmac_ctx == NULL )
{
md_info->ctx_free_func( ctx->md_ctx );
return( POLARSSL_ERR_MD_ALLOC_FAILED );
}
}
ctx->md_info = md_info;
@ -382,7 +385,7 @@ int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
md_init( &ctx );
if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &ctx, md_info, 1 ) ) != 0 )
return( ret );
md_hmac_starts( &ctx, key, keylen );

View File

@ -268,7 +268,7 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
md_init( &md_ctx );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &md_ctx, md_info, 0 ) ) != 0 )
return( ret );
hlen = md_get_size( md_info );

View File

@ -189,7 +189,7 @@ int pkcs5_pbes2( const asn1_buf *pbe_params, int mode,
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &md_ctx, md_info, 1 ) ) != 0 )
goto exit;
if( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
@ -365,7 +365,7 @@ int pkcs5_self_test( int verbose )
goto exit;
}
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1, 1 ) ) != 0 )
{
ret = 1;
goto exit;

View File

@ -556,7 +556,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
memcpy( p, input, ilen );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
md_init_ctx( &md_ctx, md_info, 0 );
// maskedDB: Apply dbMask to DB
//
@ -725,7 +725,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
hlen = md_get_size( md_info );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
md_init_ctx( &md_ctx, md_info, 0 );
/* Generate lHash */
md( md_info, label, label_len, lhash );
@ -969,7 +969,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
p += slen;
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
md_init_ctx( &md_ctx, md_info, 0 );
// Generate H = Hash( M' )
//
@ -1201,7 +1201,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
md_init_ctx( &md_ctx, md_info, 0 );
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );

View File

@ -2173,7 +2173,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
* };
*/
if( ( ret = md_init_ctx( &ctx,
md_info_from_type( md_alg ) ) ) != 0 )
md_info_from_type( md_alg ), 0 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );

View File

@ -104,7 +104,7 @@ int ssl_cookie_setup( ssl_cookie_ctx *ctx,
if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
return( ret );
ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ) );
ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ), 1 );
if( ret != 0 )
return( ret );

View File

@ -3073,7 +3073,7 @@ curve_matching_done:
* ServerDHParams params;
* };
*/
if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &ctx, md_info, 0 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );

View File

@ -658,8 +658,8 @@ int ssl_derive_keys( ssl_context *ssl )
int ret;
/* Initialize HMAC contexts */
if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 ||
( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
( ret = md_init_ctx( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );

View File

@ -101,7 +101,7 @@ int main( int argc, char *argv[] )
aes_init( &aes_ctx );
md_init( &sha_ctx );
ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ) );
ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ), 1 );
if( ret != 0 )
{
polarssl_printf( " ! md_init_ctx() returned -0x%04x\n", -ret );

View File

@ -185,7 +185,7 @@ int main( int argc, char *argv[] )
polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
goto exit;
}
md_init_ctx( &md_ctx, md_info);
md_init_ctx( &md_ctx, md_info, 1 );
/*
* Read the secret key and clean the command line.

View File

@ -204,7 +204,7 @@ int main( int argc, char *argv[] )
polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
return( 1 );
}
if( md_init_ctx( &md_ctx, md_info) )
if( md_init_ctx( &md_ctx, md_info, 0 ) )
{
polarssl_fprintf( stderr, "Failed to initialize context.\n" );
return( 1 );

View File

@ -29,7 +29,7 @@ void md_process( )
{
info = md_info_from_type( *md_type_ptr );
TEST_ASSERT( info != NULL );
TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
TEST_ASSERT( md_init_ctx( &ctx, info, 0 ) == 0 );
TEST_ASSERT( md_process( &ctx, buf ) == 0 );
md_free( &ctx );
}
@ -54,8 +54,8 @@ void md_null_args( )
TEST_ASSERT( md_info_from_string( NULL ) == NULL );
TEST_ASSERT( md_init_ctx( &ctx, NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_init_ctx( NULL, info ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_init_ctx( &ctx, NULL, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_init_ctx( NULL, info, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_starts( NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_starts( &ctx ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
@ -195,7 +195,7 @@ void md_text_multi( char *text_md_name, char *text_src_string,
strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
md_info = md_info_from_string(md_name);
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) );
TEST_ASSERT ( 0 == md_starts( &ctx ) );
TEST_ASSERT ( ctx.md_ctx != NULL );
@ -233,7 +233,7 @@ void md_hex_multi( char *text_md_name, char *hex_src_string,
strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
md_info = md_info_from_string(md_name);
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) );
src_len = unhexify( src_str, hex_src_string );
@ -307,7 +307,7 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
md_info = md_info_from_string( md_name );
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 1 ) );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );

View File

@ -36,7 +36,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
TEST_ASSERT( info != NULL );
if( info == NULL )
return;
TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
TEST_ASSERT( md_init_ctx( &ctx, info, 1 ) == 0 );
TEST_ASSERT( pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
it_cnt, key_len, key ) == 0 );