Check-in [b536b956a8]
EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA
Overview
Comment:Added key support to digest channel
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | crypto
Files: files | file ages | folders
SHA3-256: b536b956a81f1c7bb081d1db43ce9f33d093a260b56d0e31b46497f4ed4dc0f8
User & Date: bohagan on 2023-11-04 02:08:07
Other Links: branch diff | manifest | tags
Context
2023-11-04
03:14
Added sha512 convenience command check-in: 72569af7c5 user: bohagan tags: crypto
02:08
Added key support to digest channel check-in: b536b956a8 user: bohagan tags: crypto
2023-11-03
22:25
Added command to list available Message Authentication Codes (MAC) check-in: 4bc6ba68a7 user: bohagan tags: crypto
Changes

Modified generic/tlsDigest.c from [5e8cf5527f] to [fe4794bb6a].

34
35
36
37
38
39
40

41



























42
43
44
45
46
47
48
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76







+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







	int flags;		/* Chan config flags */
	int watchMask;		/* Current WatchProc mask */
	int mode;		/* Current mode of parent channel */
	int format;		/* Output format */

	Tcl_Interp *interp;	/* Current interpreter */
	EVP_MD_CTX *ctx;	/* MD Context */
	HMAC_CTX *hctx;		/* HMAC Context */
} DigestState;

/*
 *-------------------------------------------------------------------
 *
 * DigestFree --
 *
 *	This procedure removes a digest state structure
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	Removes structure
 *
 *-------------------------------------------------------------------
 */
void DigestFree (DigestState *statePtr) {
    if (statePtr == (DigestState *) NULL) return;

    if (statePtr->ctx != (EVP_MD_CTX *) NULL) {
	EVP_MD_CTX_free(statePtr->ctx);
    }
    if (statePtr->hctx != (HMAC_CTX *) NULL) {
	HMAC_CTX_free(statePtr->hctx);
    }
    ckfree(statePtr);
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestFile --
104
105
106
107
108
109
110

111
112
113
114
115
116
117
118










119
120
121
122
123
124
125
132
133
134
135
136
137
138
139








140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156







+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+







	Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), NULL);
	goto error;
    }

    /* Read file data and update hash function */
    while (!Tcl_Eof(chan)) {
	int len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
	if (len > 0) {
	if (keyObj == NULL) {
	    res = EVP_DigestUpdate(ctx, &buf, (size_t) len);
	} else {
	    res = HMAC_Update(hctx, &buf[0], (size_t) len);
	}
	if (len > 0 && !res) {
	    Tcl_AppendResult(interp, "Update digest failed: ", REASON(), NULL);
	    goto error;
	    if (keyObj == NULL) {
		res = EVP_DigestUpdate(ctx, &buf, (size_t) len);
	    } else {
		res = HMAC_Update(hctx, &buf[0], (size_t) len);
	    }
	    if (!res) {
		Tcl_AppendResult(interp, "Update digest failed: ", REASON(), NULL);
		res = TCL_ERROR;
		goto error;
	    }
	}
    }

    /* Close channel */
    if (Tcl_Close(interp, chan) == TCL_ERROR) {
	chan = (Tcl_Channel) NULL;
	goto error;
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
230
231
232
233
234
235
236
























237
238
239
240
241
242
243







-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-







    }
    return 0;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestFree --
 *
 *	This procedure removes a digest state structure
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	Removes structure
 *
 *-------------------------------------------------------------------
 */
void DigestFree (DigestState *statePtr) {
    if (statePtr == (DigestState *) NULL) return;
    
    if (statePtr->ctx != NULL) {
	EVP_MD_CTX_free(statePtr->ctx);
    }
    ckfree(statePtr);
}

/*
 *-------------------------------------------------------------------
 *
 * DigestCloseProc --
 *
 *	This procedure is invoked by the generic IO level to perform
 *	channel-type-specific cleanup when digest channel is closed.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
280
281
282
283
284
285
286
287

288
289
290
291
292
293
294
295
296
297
298
299
300
301






302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320







321
322
323
324
325
326
327
287
288
289
290
291
292
293

294
295
296
297
298
299
300
301
302
303
304
305
306


307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329


330
331
332
333
334
335
336
337
338
339
340
341
342
343







-
+












-
-
+
+
+
+
+
+

















-
-
+
+
+
+
+
+
+







 *	Read data from transform and write to buf
 *
 *----------------------------------------------------------------------
 */
int DigestInputProc(ClientData clientData, char *buf, int toRead, int *errorCodePtr) {
    DigestState *statePtr = (DigestState *) clientData;
    Tcl_Channel parent;
    int read;
    int read, res;
    *errorCodePtr = 0;

    if (toRead <= 0 || statePtr->self == (Tcl_Channel) NULL) {
	return 0;
    }

    /* Get bytes from underlying channel */
    parent = Tcl_GetStackedChannel(statePtr->self);
    read = Tcl_ReadRaw(parent, buf, toRead);

    /* Add to message digest */
    if (read > 0) {
	/* OK */
	if (!EVP_DigestUpdate(statePtr->ctx, buf, read)) {
	if (statePtr->ctx != NULL) {
	    res = EVP_DigestUpdate(statePtr->ctx, buf, (size_t) read);
	} else {
	    res = HMAC_Update(statePtr->hctx, buf, (size_t) read);
	}
	if (!res) {
	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
	    *errorCodePtr = EINVAL;
	    return -1;
	}
	*errorCodePtr = EAGAIN;
	read = -1;
	    
    } else if (read < 0) {
	/* Error */
	*errorCodePtr = Tcl_GetErrno();

    } else if (!(statePtr->flags & 0x10)) {
	/* EOF */
	*errorCodePtr = 0;
	unsigned char md_buf[EVP_MAX_MD_SIZE];
	unsigned int md_len = 0;

	/* Get message digest */
	if (!EVP_DigestFinal_ex(statePtr->ctx, md_buf, &md_len)) {
	/* Finalize hash function and calculate message digest */
	if (statePtr->ctx != NULL) {
	    res = EVP_DigestFinal_ex(statePtr->ctx, md_buf, &md_len);
	} else {
	    res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
	}
	if (!res) {
	    *errorCodePtr = EINVAL;

	/* Write message digest to output channel as byte array or hex string */
	} else if (md_len > 0) {
	    if (statePtr->format == BIN_FORMAT) {
		read = md_len;
		memcpy(buf, md_buf, read);
607
608
609
610
611
612
613
614
615



616
617
618


619
620
621
622
623
624
625
626
627
628
629
630
631
632
633

634
635
636

637
638
639
640
641
642
643
644
645



646
647





648









649
650
651
652
653
654
655
656
657
658









659
660

661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
623
624
625
626
627
628
629


630
631
632
633

634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650

651

652

653
654
655
656
657
658
659
660
661

662
663
664
665
666
667
668
669
670
671

672
673
674
675
676
677
678
679
680
681
682
683
684






685
686
687
688
689
690
691
692
693


694

695
696
697
698
699
700
701
702
703
704
705
706
707

708
709
710
711
712
713
714







-
-
+
+
+

-

+
+














-
+
-

-
+








-
+
+
+


+
+
+
+
+
-
+
+
+
+
+
+
+
+
+




-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
-
+
-













-







 *
 * Side effects:
 *	Adds transform to channel and sets result to channel name or error message.
 *
 *----------------------------------------------------------------------
 */
static int
DigestChannel(Tcl_Interp *interp, const char *channel, const EVP_MD *md, int format) {
    int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */
DigestChannel(Tcl_Interp *interp, const char *channel, const EVP_MD *md, int format,
	Tcl_Obj *keyObj) {
    int res, mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */
    Tcl_Channel chan;
    EVP_MD_CTX *ctx;
    DigestState *statePtr;
    EVP_MD_CTX *ctx = (EVP_MD_CTX *) NULL;
    HMAC_CTX *hctx = (HMAC_CTX *) NULL;

    /* Validate args */
    if (channel == (const char *) NULL || md == (const EVP_MD *) NULL) {
	return TCL_ERROR;
    }

    chan = Tcl_GetChannel(interp, channel, &mode);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);

    /* Create internal storage structures */
    /* Create internal storage structure */
    ctx = EVP_MD_CTX_new();
    statePtr = (DigestState *) ckalloc((unsigned) sizeof(DigestState));
    if (ctx != NULL && statePtr != NULL) {
    if (statePtr != NULL) {
	memset(statePtr, 0, sizeof(DigestState));
	statePtr->self	= chan;		/* This socket channel */
	statePtr->timer = (Tcl_TimerToken) NULL;	/* Timer to flush data */
	statePtr->flags = 0;		/* Chan config flags */
	statePtr->watchMask = 0;	/* Current WatchProc mask */
	statePtr->mode	= mode;		/* Current mode of parent channel */
	statePtr->format = format;	/* Output format */
	statePtr->interp = interp;	/* Current interpreter */
	statePtr->ctx = ctx;		/* SSL Context */
	statePtr->ctx = ctx;		/* MD Context */
	statePtr->hctx = hctx;		/* HMAC Context */
	statePtr->mac = NULL;		/* MAC Context */
    } else {
	Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL);
	return TCL_ERROR;
    }

    /* Create message digest context */
    if (keyObj == NULL) {
	EVP_MD_CTX_free(ctx);
	ctx = EVP_MD_CTX_new();
    } else {
	hctx = HMAC_CTX_new();
    }
    if (ctx != NULL || hctx != NULL) {
	statePtr->ctx = ctx;
	statePtr->hctx = hctx;
    } else {
	Tcl_AppendResult(interp, "Create digest context failed: ", REASON(), NULL);
	DigestFree(statePtr);
	return TCL_ERROR;
    }

    /* Initialize digest */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
    if (!EVP_DigestInit_ex(ctx, md, NULL))
#else
    if (!EVP_DigestInit_ex2(ctx, md, NULL))
#endif
    /* Initialize hash function */
    if (keyObj == NULL) {
	res = EVP_DigestInit_ex(ctx, md, NULL);
    } else {
	int key_len;
	unsigned char *key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
	res = HMAC_Init_ex(hctx, (const void *) key, key_len, md, NULL);
    }
    if (!res) {
    {
	Tcl_AppendResult(interp, "Initialize digest error: ", REASON(), (char *) NULL);
	Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), (char *) NULL);
	EVP_MD_CTX_free(ctx);
	DigestFree(statePtr);
	return TCL_ERROR;
    }

    /* Configure channel */
    Tcl_SetChannelOption(interp, chan, "-translation", "binary");
    if (Tcl_GetChannelBufferSize(chan) < EVP_MAX_MD_SIZE * 2) {
	Tcl_SetChannelBufferSize(chan, EVP_MAX_MD_SIZE * 2);
    }

    /* Stack channel */
    statePtr->self = Tcl_StackChannel(interp, &digestChannelType, (ClientData) statePtr, mode, chan);
    if (statePtr->self == (Tcl_Channel) NULL) {
	EVP_MD_CTX_free(ctx);
	DigestFree(statePtr);
	return TCL_ERROR;
    }

    Tcl_SetResult(interp, (char *) Tcl_GetChannelName(chan), TCL_VOLATILE);
    return TCL_OK;
}
766
767
768
769
770
771
772
773

774
775
776

777
778
779
780
781
782
783
798
799
800
801
802
803
804

805
806
807

808
809
810
811
812
813
814
815







-
+


-
+







    data = Tcl_GetByteArrayFromObj(objv[1], &len);
    if (data == NULL || len == 0) {
	Tcl_SetResult(interp, "No data", NULL);
	return TCL_ERROR;
    }

    /* Calculate digest based on hash function */
    if (keyObj == NULL) {
    if (keyObj == (Tcl_Obj *) NULL) {
	res = EVP_Digest(data, (size_t) len, md_buf, &md_len, md, NULL);
    } else {
	unsigned char *key, *hmac;
	unsigned char *key, *hmac = NULL;
	int key_len;

	key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
	hmac = HMAC(md, (const void *) key, key_len, (const unsigned char *) data,
	    (size_t) len, md_buf, &md_len);
	res = (hmac != NULL);
    }
818
819
820
821
822
823
824
825

826
827
828
829
830
831
832
850
851
852
853
854
855
856

857
858
859
860
861
862
863
864







-
+







 * Side effects:
 *	Sets result to message digest or error message
 *
 *-------------------------------------------------------------------
 */
static int
DigestObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    int idx, len, format = HEX_FORMAT, key_len = 0, data_len = 0;
    int idx, len, format = HEX_FORMAT, key_len = 0, data_len = 0, res = TCL_OK;
    const char *digestname, *channel = NULL;
    Tcl_Obj *dataObj = NULL, *fileObj = NULL, *keyObj = NULL;
    unsigned char *key = NULL;
    const EVP_MD *md;

    Tcl_ResetResult(interp);

872
873
874
875
876
877
878
879

880
881

882
883
884
885
886

887
888
889
890

891
892
893
894
895
896
897
904
905
906
907
908
909
910

911
912

913
914
915
916
917

918
919



920
921
922
923
924
925
926
927







-
+

-
+




-
+

-
-
-
+







    /* If no option for last arg, then its the data */
    if (idx < objc) {
	dataObj = objv[idx];
    }

    /* Calc digest on file, stacked channel, or data blob */
    if (fileObj != NULL) {
	return DigestFile(interp, fileObj, md, format, keyObj);
	res = DigestFile(interp, fileObj, md, format, keyObj);
    } else if (channel != NULL) {
	return DigestChannel(interp, channel, md, format);
	res = DigestChannel(interp, channel, md, format, keyObj);
    } else if (dataObj != NULL) {
	Tcl_Obj *objs[2];
	objs[0] = NULL;
	objs[1] = dataObj;
	return DigestHashFunction(interp, 2, objs, md, format, keyObj);
	res = DigestHashFunction(interp, 2, objs, md, format, keyObj);
    }

    Tcl_AppendResult(interp, "No data specified.", NULL);
    return TCL_ERROR;
    return res;
}

/*
 *-------------------------------------------------------------------
 *
 * Message Digest Convenience Commands --
 *

Modified tests/ciphers.csv from [cc62fb24e1] to [ec44d144a5].

79
80
81
82
83
84
85
86

87
88
89
90
91
92
93
79
80
81
82
83
84
85

86
87
88
89
90
91
92
93







-
+







Digest Chan,sha256,,,read_chan sha256 md_data.dat,,,B7DFDDEB0314A74FF56A8AC1E3DC57DF09BB52A96DA50F6549EB62CA61A0A491,,,
Digest Chan,md5 bin,,,string toupper [binary encode hex [read_chan md5 md_data.dat -bin]],,,CCB1BE2E11D8183E843FF73DA8C6D206,,,
Digest Chan,md5 hex,,,read_chan md5 md_data.dat -hex,,,CCB1BE2E11D8183E843FF73DA8C6D206,,,
,,,,,,,,,,
command,# Test HMAC,,,,,,,,,
Digest HMAC,data,,,"tls::digest md5 -key ""Example key"" -data ""Example string for message digest tests.""",,,901DA6E6976A71650C77443C37FF9C7F,,,
Digest HMAC,file,,,"tls::digest md5 -key ""Example key"" -file md_data.dat",,,901DA6E6976A71650C77443C37FF9C7F,,,
Digest HMAC,channel,knownBug,,"read_chan md5 md_data.dat -key ""Example key""",,,901DA6E6976A71650C77443C37FF9C7F,,,
Digest HMAC,channel,,,"read_chan md5 md_data.dat -key ""Example key""",,,901DA6E6976A71650C77443C37FF9C7F,,,
Digest HMAC,data bin,,,"string toupper [binary encode hex [tls::digest md5 -bin -key ""Example key"" -data ""Example string for message digest tests.""]]",,,901DA6E6976A71650C77443C37FF9C7F,,,
,,,,,,,,,,
command,# Test list MACs,,,,,,,,,
MAC List,All,,,lcompare [exec_get_macs] [tls::macs],,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test list protocols,,,,,,,,,
Protocols,All,,,lcompare $protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,,

Modified tests/ciphers.test from [1a154d14c0] to [dea59e87f8].

222
223
224
225
226
227
228
229

230
231
232
233
234
235
236
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236







-
+







	tls::digest md5 -key "Example key" -data "Example string for message digest tests."
    } -result {901DA6E6976A71650C77443C37FF9C7F}

test Digest_HMAC-10.2 {file} -body {
	tls::digest md5 -key "Example key" -file md_data.dat
    } -result {901DA6E6976A71650C77443C37FF9C7F}

test Digest_HMAC-10.3 {channel} -constraints {knownBug} -body {
test Digest_HMAC-10.3 {channel} -body {
	read_chan md5 md_data.dat -key "Example key"
    } -result {901DA6E6976A71650C77443C37FF9C7F}

test Digest_HMAC-10.4 {data bin} -body {
	string toupper [binary encode hex [tls::digest md5 -bin -key "Example key" -data "Example string for message digest tests."]]
    } -result {901DA6E6976A71650C77443C37FF9C7F}
# Test list MACs