Overview
| Comment: | Updated error messages and optimized when to add error message to result. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | crypto |
| Files: | files | file ages | folders |
| SHA3-256: |
2b4e85a3ebcf1da1163cc3c7ea90a0ef |
| User & Date: | bohagan on 2023-11-14 00:53:04 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-11-14
| ||
| 03:53 | Split ciphers test file into digest and info test files. Added common.tcl file for common test constraints. Updated HMAC and CMAC test cases Added RFC 4231 HMAC example test cases. check-in: b186ba1b7d user: bohagan tags: crypto | |
| 00:53 | Updated error messages and optimized when to add error message to result. check-in: 2b4e85a3eb user: bohagan tags: crypto | |
|
2023-11-13
| ||
| 03:14 | Changed hex output to use lowercase letters check-in: aef7825f91 user: bohagan tags: crypto | |
Changes
Modified generic/tlsDigest.c from [9e69cd3c7b] to [03763b15bf].
| ︙ | ︙ | |||
133 134 135 136 137 138 139 |
* Side effects:
* No result or error message
*
*-------------------------------------------------------------------
*/
int Tls_DigestInit(Tcl_Interp *interp, DigestState *statePtr, const EVP_MD *md,
const EVP_CIPHER *cipher, Tcl_Obj *keyObj) {
| | | | | > > > > | 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
* Side effects:
* No result or error message
*
*-------------------------------------------------------------------
*/
int Tls_DigestInit(Tcl_Interp *interp, DigestState *statePtr, const EVP_MD *md,
const EVP_CIPHER *cipher, Tcl_Obj *keyObj) {
int key_len = 0, res = 0;
const unsigned char *key;
/* Create message digest context */
if (statePtr->format & TYPE_MD) {
statePtr->ctx = EVP_MD_CTX_new();
res = (statePtr->ctx != NULL);
} else if (statePtr->format & TYPE_HMAC) {
statePtr->hctx = HMAC_CTX_new();
res = (statePtr->hctx != NULL);
} else if (statePtr->format & TYPE_CMAC) {
statePtr->cctx = CMAC_CTX_new();
res = (statePtr->cctx != NULL);
}
if (!res) {
Tcl_AppendResult(interp, "Create context failed: ", REASON(), NULL);
return TCL_ERROR;
}
/* Initialize hash function */
if (statePtr->format & TYPE_MD) {
res = EVP_DigestInit_ex(statePtr->ctx, md, NULL);
} else if (statePtr->format & TYPE_HMAC) {
key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
res = HMAC_Init_ex(statePtr->hctx, (const void *) key, key_len, md, NULL);
} else if (statePtr->format & TYPE_CMAC) {
key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
res = CMAC_Init(statePtr->cctx, (const void *) key, key_len, cipher, NULL);
}
if (!res) {
Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
return TCL_ERROR;
}
return TCL_OK;
}
/*
*-------------------------------------------------------------------
*
* Tls_DigestUpdate --
*
* Update a hash function
*
* Returns:
* 1 if successful or 0 for failure
*
* Side effects:
* Adds buf to hash function
*
*-------------------------------------------------------------------
*/
int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read, int show) {
int res = 0;
if (statePtr->format & TYPE_MD) {
res = EVP_DigestUpdate(statePtr->ctx, buf, read);
} else if (statePtr->format & TYPE_HMAC) {
res = HMAC_Update(statePtr->hctx, buf, read);
} else if (statePtr->format & TYPE_CMAC) {
res = CMAC_Update(statePtr->cctx, buf, read);
}
if (!res && show) {
Tcl_AppendResult(statePtr->interp, "Update failed: ", REASON(), NULL);
return TCL_ERROR;
}
return res;
}
/*
*-------------------------------------------------------------------
*
|
| ︙ | ︙ | |||
230 231 232 233 234 235 236 |
res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
} else if (statePtr->format & TYPE_CMAC) {
size_t len;
res = CMAC_Final(statePtr->cctx, md_buf, &len);
md_len = (unsigned int) len;
}
if (!res) {
| | | 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
} else if (statePtr->format & TYPE_CMAC) {
size_t len;
res = CMAC_Final(statePtr->cctx, md_buf, &len);
md_len = (unsigned int) len;
}
if (!res) {
Tcl_AppendResult(interp, "Finalize failed: ", REASON(), NULL);
return TCL_ERROR;
}
/* Return message digest as either a binary or hex string */
if (statePtr->format & BIN_FORMAT) {
Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(md_buf, md_len));
|
| ︙ | ︙ | |||
289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 |
if ((res = Tcl_SetChannelOption(interp, chan, "-translation", "binary")) == TCL_ERROR) {
goto done;
}
Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
res = TCL_ERROR;
goto done;
}
/* Initialize hash function */
if ((res = Tls_DigestInit(interp, statePtr, md, cipher, keyObj)) != TCL_OK) {
goto done;
}
/* Read file data and update hash function */
while (!Tcl_Eof(chan)) {
len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
if (len > 0) {
| > | < | 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 |
if ((res = Tcl_SetChannelOption(interp, chan, "-translation", "binary")) == TCL_ERROR) {
goto done;
}
Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
res = TCL_ERROR;
goto done;
}
/* Initialize hash function */
if ((res = Tls_DigestInit(interp, statePtr, md, cipher, keyObj)) != TCL_OK) {
goto done;
}
/* Read file data and update hash function */
while (!Tcl_Eof(chan)) {
len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
if (len > 0) {
if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len, 1)) {
res = TCL_ERROR;
goto done;
}
}
}
/* Finalize hash function and calculate message digest */
|
| ︙ | ︙ | |||
431 432 433 434 435 436 437 |
/* Get bytes from underlying channel */
parent = Tcl_GetStackedChannel(statePtr->self);
read = Tcl_ReadRaw(parent, buf, toRead);
/* Update hash function */
if (read > 0) {
| | | | 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 |
/* Get bytes from underlying channel */
parent = Tcl_GetStackedChannel(statePtr->self);
read = Tcl_ReadRaw(parent, buf, toRead);
/* Update hash function */
if (read > 0) {
if (!Tls_DigestUpdate(statePtr, buf, (size_t) read, 0)) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
*errorCodePtr = EINVAL;
return -1;
}
/* This is correct */
read = -1;
*errorCodePtr = EAGAIN;
|
| ︙ | ︙ | |||
460 461 462 463 464 465 466 |
res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
} else if (statePtr->format & TYPE_CMAC) {
size_t len;
res = CMAC_Final(statePtr->cctx, md_buf, &len);
md_len = (unsigned int) len;
}
if (!res) {
| | | 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 |
res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
} else if (statePtr->format & TYPE_CMAC) {
size_t len;
res = CMAC_Final(statePtr->cctx, md_buf, &len);
md_len = (unsigned int) len;
}
if (!res) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", REASON()));
*errorCodePtr = EINVAL;
/* Write message digest to output channel as byte array or hex string */
} else if (md_len > 0) {
if ((statePtr->format & BIN_FORMAT) && toRead >= (int) md_len) {
read = md_len;
memcpy(buf, md_buf, read);
|
| ︙ | ︙ | |||
512 513 514 515 516 517 518 |
/* Abort if nothing to process */
if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
return 0;
}
/* Update hash function */
| | | | 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 |
/* Abort if nothing to process */
if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
return 0;
}
/* Update hash function */
if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite, 0)) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
*errorCodePtr = EINVAL;
return -1;
}
return toWrite;
}
/*
|
| ︙ | ︙ | |||
797 798 799 800 801 802 803 |
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
| | | 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 |
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
statePtr->self = chan;
statePtr->mode = mode;
/* Initialize hash function */
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK) {
|
| ︙ | ︙ | |||
922 923 924 925 926 927 928 |
buf = Tcl_GetByteArrayFromObj(objv[2], &len);
} else {
Tcl_WrongNumArgs(interp, 1, objv, "update data");
return TCL_ERROR;
}
/* Update hash function */
| | < < | 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 |
buf = Tcl_GetByteArrayFromObj(objv[2], &len);
} else {
Tcl_WrongNumArgs(interp, 1, objv, "update data");
return TCL_ERROR;
}
/* Update hash function */
if (!Tls_DigestUpdate(statePtr, buf, (size_t) len, 1)) {
return TCL_ERROR;
}
} else {
/* Finalize hash function and calculate message digest */
if (Tls_DigestFinialize(interp, statePtr) != TCL_OK) {
return TCL_ERROR;
}
Tcl_DeleteCommandFromToken(interp, statePtr->token);
}
return TCL_OK;
}
|
| ︙ | ︙ | |||
983 984 985 986 987 988 989 |
int Tls_DigestInstance(Tcl_Interp *interp, Tcl_Obj *cmdObj, const EVP_MD *md,
const EVP_CIPHER *cipher, int format, Tcl_Obj *keyObj) {
DigestState *statePtr;
char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
| | | 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 |
int Tls_DigestInstance(Tcl_Interp *interp, Tcl_Obj *cmdObj, const EVP_MD *md,
const EVP_CIPHER *cipher, int format, Tcl_Obj *keyObj) {
DigestState *statePtr;
char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
/* Initialize hash function */
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK) {
return TCL_ERROR;
}
|
| ︙ | ︙ | |||
1061 1062 1063 1064 1065 1066 1067 |
DigestState *statePtr;
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK ||
| | | 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 |
DigestState *statePtr;
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK ||
Tls_DigestUpdate(statePtr, data, (size_t) len, 1) == 0 ||
Tls_DigestFinialize(interp, statePtr) != TCL_OK) {
Tls_DigestFree(statePtr);
return TCL_ERROR;
}
Tls_DigestFree(statePtr);
return TCL_OK;
}
|
| ︙ | ︙ |
Modified generic/tlsX509.c from [2979c19145] to [ead2e837f3].
| ︙ | ︙ | |||
430 431 432 433 434 435 436 |
/* Subject identifies the entity associated with the public key stored in
the subject public key field. RFC 5280 section 4.1.2.6 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "subject", buffer, len);
/* SHA1 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha1(), md, &len)) {
| | | | 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 |
/* Subject identifies the entity associated with the public key stored in
the subject public key field. RFC 5280 section 4.1.2.6 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "subject", buffer, len);
/* SHA1 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha1(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, len);
}
/* SHA256 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha256(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, len);
}
/* Subject Public Key Info specifies the public key and identifies the
algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
ASN1_BIT_STRING *key;
|
| ︙ | ︙ | |||
476 477 478 479 480 481 482 |
LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
/* Get extensions flags */
xflags = X509_get_extension_flags(cert);
LAPPEND_INT(interp, certPtr, "extFlags", xflags);
| | | | 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 |
LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
/* Get extensions flags */
xflags = X509_get_extension_flags(cert);
LAPPEND_INT(interp, certPtr, "extFlags", xflags);
/* Check if cert was issued by CA cert issuer or self signed */
LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI);
LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS);
LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY);
LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID);
LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert));
/* The Unique Ids are used to handle the possibility of reuse of subject
and/or issuer names over time. RFC 5280 section 4.1.2.8 */
{
const ASN1_BIT_STRING *iuid, *suid;
X509_get0_uids(cert, &iuid, &suid);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
if (iuid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
|
| ︙ | ︙ | |||
512 513 514 515 516 517 518 |
LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert));
/* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
Tls_x509Identifier(X509_get0_authority_key_id(cert)));
| | | 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 |
LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert));
/* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
Tls_x509Identifier(X509_get0_authority_key_id(cert)));
/* Subject Key Identifier (SKI) is used to identify certificates that contain
a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */
LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier",
Tls_x509Identifier(X509_get0_subject_key_id(cert)));
/* Key usage extension defines the purpose (e.g., encipherment, signature, certificate
signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */
|
| ︙ | ︙ |