1
/* md.c - message digest dispatcher
2
* Copyright (C) 1998, 1999, 2002, 2003, 2006,
3
* 2008 Free Software Foundation, Inc.
5
* This file is part of Libgcrypt.
7
* Libgcrypt is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU Lesser general Public License as
9
* published by the Free Software Foundation; either version 2.1 of
10
* the License, or (at your option) any later version.
12
* Libgcrypt is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU Lesser General Public License for more details.
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
33
/* A dummy extraspec so that we do not need to tests the extraspec
34
field from the module specification against NULL and instead
35
directly test the respective fields of extraspecs. */
36
static md_extra_spec_t dummy_extra_spec;
39
/* This is the list of the digest implementations included in
41
static struct digest_table_entry
43
gcry_md_spec_t *digest;
44
md_extra_spec_t *extraspec;
45
unsigned int algorithm;
50
/* We allow the CRC algorithms even in FIPS mode because they are
51
actually no cryptographic primitives. */
52
{ &_gcry_digest_spec_crc32,
53
&dummy_extra_spec, GCRY_MD_CRC32, 1 },
54
{ &_gcry_digest_spec_crc32_rfc1510,
55
&dummy_extra_spec, GCRY_MD_CRC32_RFC1510, 1 },
56
{ &_gcry_digest_spec_crc24_rfc2440,
57
&dummy_extra_spec, GCRY_MD_CRC24_RFC2440, 1 },
60
{ &_gcry_digest_spec_md4,
61
&dummy_extra_spec, GCRY_MD_MD4 },
64
{ &_gcry_digest_spec_md5,
65
&dummy_extra_spec, GCRY_MD_MD5, 1 },
68
{ &_gcry_digest_spec_rmd160,
69
&dummy_extra_spec, GCRY_MD_RMD160 },
72
{ &_gcry_digest_spec_sha1,
73
&_gcry_digest_extraspec_sha1, GCRY_MD_SHA1, 1 },
76
{ &_gcry_digest_spec_sha256,
77
&_gcry_digest_extraspec_sha256, GCRY_MD_SHA256, 1 },
78
{ &_gcry_digest_spec_sha224,
79
&_gcry_digest_extraspec_sha224, GCRY_MD_SHA224, 1 },
82
{ &_gcry_digest_spec_sha512,
83
&_gcry_digest_extraspec_sha512, GCRY_MD_SHA512, 1 },
84
{ &_gcry_digest_spec_sha384,
85
&_gcry_digest_extraspec_sha384, GCRY_MD_SHA384, 1 },
88
{ &_gcry_digest_spec_tiger,
89
&dummy_extra_spec, GCRY_MD_TIGER },
92
{ &_gcry_digest_spec_whirlpool,
93
&dummy_extra_spec, GCRY_MD_WHIRLPOOL },
98
/* List of registered digests. */
99
static gcry_module_t digests_registered;
101
/* This is the lock protecting DIGESTS_REGISTERED. */
102
static ath_mutex_t digests_registered_lock = ATH_MUTEX_INITIALIZER;
104
/* Flag to check wether the default ciphers have already been
106
static int default_digests_registered;
108
typedef struct gcry_md_list
110
gcry_md_spec_t *digest;
111
gcry_module_t module;
112
struct gcry_md_list *next;
113
size_t actual_struct_size; /* Allocated size of this structure. */
114
PROPERLY_ALIGNED_TYPE context;
117
/* this structure is put right after the gcry_md_hd_t buffer, so that
118
* only one memory block is needed. */
119
struct gcry_md_context
122
size_t actual_handle_size; /* Allocated size of this handle. */
126
GcryDigestEntry *list;
128
int macpads_Bsize; /* Blocksize as used for the HMAC pads. */
132
#define CTX_MAGIC_NORMAL 0x11071961
133
#define CTX_MAGIC_SECURE 0x16917011
135
/* Convenient macro for registering the default digests. */
136
#define REGISTER_DEFAULT_DIGESTS \
139
ath_mutex_lock (&digests_registered_lock); \
140
if (! default_digests_registered) \
142
md_register_default (); \
143
default_digests_registered = 1; \
145
ath_mutex_unlock (&digests_registered_lock); \
150
static const char * digest_algo_to_string( int algo );
151
static gcry_err_code_t check_digest_algo (int algo);
152
static gcry_err_code_t md_open (gcry_md_hd_t *h, int algo,
153
int secure, int hmac);
154
static gcry_err_code_t md_enable (gcry_md_hd_t hd, int algo);
155
static gcry_err_code_t md_copy (gcry_md_hd_t a, gcry_md_hd_t *b);
156
static void md_close (gcry_md_hd_t a);
157
static void md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen);
158
static void md_final(gcry_md_hd_t a);
159
static byte *md_read( gcry_md_hd_t a, int algo );
160
static int md_get_algo( gcry_md_hd_t a );
161
static int md_digest_length( int algo );
162
static const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
163
static void md_start_debug ( gcry_md_hd_t a, const char *suffix );
164
static void md_stop_debug ( gcry_md_hd_t a );
169
/* Internal function. Register all the ciphers included in
170
CIPHER_TABLE. Returns zero on success or an error code. */
172
md_register_default (void)
174
gcry_err_code_t err = 0;
177
for (i = 0; !err && digest_table[i].digest; i++)
181
if (!digest_table[i].fips_allowed)
183
if (digest_table[i].algorithm == GCRY_MD_MD5
184
&& _gcry_enforced_fips_mode () )
185
continue; /* Do not register in enforced fips mode. */
188
err = _gcry_module_add (&digests_registered,
189
digest_table[i].algorithm,
190
(void *) digest_table[i].digest,
191
(void *) digest_table[i].extraspec,
199
/* Internal callback function. */
201
gcry_md_lookup_func_name (void *spec, void *data)
203
gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
204
char *name = (char *) data;
206
return (! stricmp (digest->name, name));
209
/* Internal callback function. Used via _gcry_module_lookup. */
211
gcry_md_lookup_func_oid (void *spec, void *data)
213
gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
214
char *oid = (char *) data;
215
gcry_md_oid_spec_t *oid_specs = digest->oids;
220
for (i = 0; oid_specs[i].oidstring && (! ret); i++)
221
if (! stricmp (oid, oid_specs[i].oidstring))
228
/* Internal function. Lookup a digest entry by it's name. */
230
gcry_md_lookup_name (const char *name)
232
gcry_module_t digest;
234
digest = _gcry_module_lookup (digests_registered, (void *) name,
235
gcry_md_lookup_func_name);
240
/* Internal function. Lookup a cipher entry by it's oid. */
242
gcry_md_lookup_oid (const char *oid)
244
gcry_module_t digest;
246
digest = _gcry_module_lookup (digests_registered, (void *) oid,
247
gcry_md_lookup_func_oid);
252
/* Register a new digest module whose specification can be found in
253
DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
254
and a pointer representhing this module is stored in MODULE. */
256
_gcry_md_register (gcry_md_spec_t *digest,
257
md_extra_spec_t *extraspec,
258
unsigned int *algorithm_id,
259
gcry_module_t *module)
261
gcry_err_code_t err = 0;
264
/* We do not support module loading in fips mode. */
266
return gpg_error (GPG_ERR_NOT_SUPPORTED);
268
ath_mutex_lock (&digests_registered_lock);
269
err = _gcry_module_add (&digests_registered, 0,
271
(void *)(extraspec? extraspec : &dummy_extra_spec),
273
ath_mutex_unlock (&digests_registered_lock);
278
*algorithm_id = mod->mod_id;
281
return gcry_error (err);
284
/* Unregister the digest identified by ID, which must have been
285
registered with gcry_digest_register. */
287
gcry_md_unregister (gcry_module_t module)
289
ath_mutex_lock (&digests_registered_lock);
290
_gcry_module_release (module);
291
ath_mutex_unlock (&digests_registered_lock);
296
search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec)
298
gcry_module_t module;
301
if (oid && ((! strncmp (oid, "oid.", 4))
302
|| (! strncmp (oid, "OID.", 4))))
305
module = gcry_md_lookup_oid (oid);
308
gcry_md_spec_t *digest = module->spec;
311
for (i = 0; digest->oids[i].oidstring && !ret; i++)
312
if (! stricmp (oid, digest->oids[i].oidstring))
315
*algorithm = module->mod_id;
317
*oid_spec = digest->oids[i];
320
_gcry_module_release (module);
327
* Map a string to the digest algo
330
gcry_md_map_name (const char *string)
332
gcry_module_t digest;
333
int ret, algorithm = 0;
338
REGISTER_DEFAULT_DIGESTS;
340
/* If the string starts with a digit (optionally prefixed with
341
either "OID." or "oid."), we first look into our table of ASN.1
342
object identifiers to figure out the algorithm */
344
ath_mutex_lock (&digests_registered_lock);
346
ret = search_oid (string, &algorithm, NULL);
349
/* Not found, search a matching digest name. */
350
digest = gcry_md_lookup_name (string);
353
algorithm = digest->mod_id;
354
_gcry_module_release (digest);
357
ath_mutex_unlock (&digests_registered_lock);
364
* Map a digest algo to a string
367
digest_algo_to_string (int algorithm)
369
const char *name = NULL;
370
gcry_module_t digest;
372
REGISTER_DEFAULT_DIGESTS;
374
ath_mutex_lock (&digests_registered_lock);
375
digest = _gcry_module_lookup_id (digests_registered, algorithm);
378
name = ((gcry_md_spec_t *) digest->spec)->name;
379
_gcry_module_release (digest);
381
ath_mutex_unlock (&digests_registered_lock);
387
* This function simply returns the name of the algorithm or some constant
388
* string when there is no algo. It will never return NULL.
389
* Use the macro gcry_md_test_algo() to check whether the algorithm
393
gcry_md_algo_name (int algorithm)
395
const char *s = digest_algo_to_string (algorithm);
400
static gcry_err_code_t
401
check_digest_algo (int algorithm)
403
gcry_err_code_t rc = 0;
404
gcry_module_t digest;
406
REGISTER_DEFAULT_DIGESTS;
408
ath_mutex_lock (&digests_registered_lock);
409
digest = _gcry_module_lookup_id (digests_registered, algorithm);
411
_gcry_module_release (digest);
413
rc = GPG_ERR_DIGEST_ALGO;
414
ath_mutex_unlock (&digests_registered_lock);
422
* Open a message digest handle for use with algorithm ALGO.
423
* More algorithms may be added by md_enable(). The initial algorithm
426
static gcry_err_code_t
427
md_open (gcry_md_hd_t *h, int algo, int secure, int hmac)
429
gcry_err_code_t err = GPG_ERR_NO_ERROR;
430
int bufsize = secure ? 512 : 1024;
431
struct gcry_md_context *ctx;
435
/* Allocate a memory area to hold the caller visible buffer with it's
436
* control information and the data required by this module. Set the
437
* context pointer at the beginning to this area.
438
* We have to use this strange scheme because we want to hide the
439
* internal data but have a variable sized buffer.
441
* +---+------+---........------+-------------+
442
* !ctx! bctl ! buffer ! private !
443
* +---+------+---........------+-------------+
445
* !---------------------------!
447
* We have to make sure that private is well aligned.
449
n = sizeof (struct gcry_md_handle) + bufsize;
450
n = ((n + sizeof (PROPERLY_ALIGNED_TYPE) - 1)
451
/ sizeof (PROPERLY_ALIGNED_TYPE)) * sizeof (PROPERLY_ALIGNED_TYPE);
453
/* Allocate and set the Context pointer to the private data */
455
hd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
457
hd = gcry_malloc (n + sizeof (struct gcry_md_context));
460
err = gpg_err_code_from_errno (errno);
464
hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n);
465
/* Setup the globally visible data (bctl in the diagram).*/
466
hd->bufsize = n - sizeof (struct gcry_md_handle) + 1;
469
/* Initialize the private data. */
470
memset (hd->ctx, 0, sizeof *hd->ctx);
471
ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
472
ctx->actual_handle_size = n + sizeof (struct gcry_md_context);
473
ctx->secure = secure;
481
ctx->macpads_Bsize = 128;
484
ctx->macpads_Bsize = 64;
487
ctx->macpads = gcry_malloc_secure (2*(ctx->macpads_Bsize));
490
err = gpg_err_code_from_errno (errno);
498
/* Hmmm, should we really do that? - yes [-wk] */
499
_gcry_fast_random_poll ();
503
err = md_enable (hd, algo);
515
/* Create a message digest object for algorithm ALGO. FLAGS may be
516
given as an bitwise OR of the gcry_md_flags values. ALGO may be
517
given as 0 if the algorithms to be used are later set using
518
gcry_md_enable. H is guaranteed to be a valid handle or NULL on
521
gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
523
gcry_err_code_t err = GPG_ERR_NO_ERROR;
526
if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)))
527
err = GPG_ERR_INV_ARG;
530
err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE),
531
(flags & GCRY_MD_FLAG_HMAC));
535
return gcry_error (err);
540
static gcry_err_code_t
541
md_enable (gcry_md_hd_t hd, int algorithm)
543
struct gcry_md_context *h = hd->ctx;
544
gcry_md_spec_t *digest = NULL;
545
GcryDigestEntry *entry;
546
gcry_module_t module;
547
gcry_err_code_t err = 0;
549
for (entry = h->list; entry; entry = entry->next)
550
if (entry->module->mod_id == algorithm)
551
return err; /* already enabled */
553
REGISTER_DEFAULT_DIGESTS;
555
ath_mutex_lock (&digests_registered_lock);
556
module = _gcry_module_lookup_id (digests_registered, algorithm);
557
ath_mutex_unlock (&digests_registered_lock);
560
log_debug ("md_enable: algorithm %d not available\n", algorithm);
561
err = GPG_ERR_DIGEST_ALGO;
564
digest = (gcry_md_spec_t *) module->spec;
567
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
569
_gcry_inactivate_fips_mode ("MD5 used");
570
if (_gcry_enforced_fips_mode () )
572
/* We should never get to here because we do not register
573
MD5 in enforced fips mode. But better throw an error. */
574
err = GPG_ERR_DIGEST_ALGO;
580
size_t size = (sizeof (*entry)
581
+ digest->contextsize
582
- sizeof (entry->context));
584
/* And allocate a new list entry. */
586
entry = gcry_malloc_secure (size);
588
entry = gcry_malloc (size);
591
err = gpg_err_code_from_errno (errno);
594
entry->digest = digest;
595
entry->module = module;
596
entry->next = h->list;
597
entry->actual_struct_size = size;
600
/* And init this instance. */
601
entry->digest->init (&entry->context.c);
609
ath_mutex_lock (&digests_registered_lock);
610
_gcry_module_release (module);
611
ath_mutex_unlock (&digests_registered_lock);
620
gcry_md_enable (gcry_md_hd_t hd, int algorithm)
622
return gcry_error (md_enable (hd, algorithm));
625
static gcry_err_code_t
626
md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
628
gcry_err_code_t err = GPG_ERR_NO_ERROR;
629
struct gcry_md_context *a = ahd->ctx;
630
struct gcry_md_context *b;
631
GcryDigestEntry *ar, *br;
636
md_write (ahd, NULL, 0);
638
n = (char *) ahd->ctx - (char *) ahd;
640
bhd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
642
bhd = gcry_malloc (n + sizeof (struct gcry_md_context));
645
err = gpg_err_code_from_errno (errno);
649
bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n);
650
/* No need to copy the buffer due to the write above. */
651
gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1));
652
bhd->bufsize = ahd->bufsize;
654
gcry_assert (! ahd->bufpos);
655
memcpy (b, a, sizeof *a);
660
b->macpads = gcry_malloc_secure (2*(a->macpads_Bsize));
663
err = gpg_err_code_from_errno (errno);
667
memcpy (b->macpads, a->macpads, (2*(a->macpads_Bsize)));
671
/* Copy the complete list of algorithms. The copied list is
672
reversed, but that doesn't matter. */
675
for (ar = a->list; ar; ar = ar->next)
678
br = gcry_malloc_secure (sizeof *br
679
+ ar->digest->contextsize
680
- sizeof(ar->context));
682
br = gcry_malloc (sizeof *br
683
+ ar->digest->contextsize
684
- sizeof (ar->context));
687
err = gpg_err_code_from_errno (errno);
692
memcpy (br, ar, (sizeof (*br) + ar->digest->contextsize
693
- sizeof (ar->context)));
697
/* Add a reference to the module. */
698
ath_mutex_lock (&digests_registered_lock);
699
_gcry_module_use (br->module);
700
ath_mutex_unlock (&digests_registered_lock);
704
if (a->debug && !err)
705
md_start_debug (bhd, "unknown");
714
gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd)
718
err = md_copy (hd, handle);
721
return gcry_error (err);
725
* Reset all contexts and discard any buffered stuff. This may be used
726
* instead of a md_close(); md_open().
729
gcry_md_reset (gcry_md_hd_t a)
733
/* Note: We allow this even in fips non operational mode. */
735
a->bufpos = a->ctx->finalized = 0;
737
for (r = a->ctx->list; r; r = r->next)
739
memset (r->context.c, 0, r->digest->contextsize);
740
(*r->digest->init) (&r->context.c);
743
md_write (a, a->ctx->macpads, a->ctx->macpads_Bsize); /* inner pad */
747
md_close (gcry_md_hd_t a)
749
GcryDigestEntry *r, *r2;
755
for (r = a->ctx->list; r; r = r2)
758
ath_mutex_lock (&digests_registered_lock);
759
_gcry_module_release (r->module);
760
ath_mutex_unlock (&digests_registered_lock);
761
wipememory (r, r->actual_struct_size);
767
wipememory (a->ctx->macpads, 2*(a->ctx->macpads_Bsize));
768
gcry_free(a->ctx->macpads);
771
wipememory (a, a->ctx->actual_handle_size);
776
gcry_md_close (gcry_md_hd_t hd)
778
/* Note: We allow this even in fips non operational mode. */
783
md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen)
789
if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)
791
if (inlen && fwrite (inbuf, inlen, 1, a->ctx->debug) != 1)
795
for (r = a->ctx->list; r; r = r->next)
798
(*r->digest->write) (&r->context.c, a->buf, a->bufpos);
799
(*r->digest->write) (&r->context.c, inbuf, inlen);
805
gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
807
md_write (hd, inbuf, inlen);
811
md_final (gcry_md_hd_t a)
815
if (a->ctx->finalized)
819
md_write (a, NULL, 0);
821
for (r = a->ctx->list; r; r = r->next)
822
(*r->digest->final) (&r->context.c);
824
a->ctx->finalized = 1;
828
/* Finish the hmac. */
829
int algo = md_get_algo (a);
830
byte *p = md_read (a, algo);
831
size_t dlen = md_digest_length (algo);
833
gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0);
836
_gcry_fatal_error (err, NULL);
838
(a->ctx->macpads)+(a->ctx->macpads_Bsize),
839
a->ctx->macpads_Bsize);
840
md_write (om, p, dlen);
842
/* Replace our digest with the mac (they have the same size). */
843
memcpy (p, md_read (om, algo), dlen);
848
static gcry_err_code_t
849
prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
852
int algo = md_get_algo (hd);
853
unsigned char *helpkey = NULL;
854
unsigned char *ipad, *opad;
857
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
859
if ( keylen > hd->ctx->macpads_Bsize )
861
helpkey = gcry_malloc_secure (md_digest_length (algo));
863
return gpg_err_code_from_errno (errno);
864
gcry_md_hash_buffer (algo, helpkey, key, keylen);
866
keylen = md_digest_length (algo);
867
gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
870
memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
871
ipad = hd->ctx->macpads;
872
opad = (hd->ctx->macpads)+(hd->ctx->macpads_Bsize);
873
memcpy ( ipad, key, keylen );
874
memcpy ( opad, key, keylen );
875
for (i=0; i < hd->ctx->macpads_Bsize; i++ )
882
return GPG_ERR_NO_ERROR;
886
gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
888
gcry_err_code_t rc = 0;
892
case GCRYCTL_FINALIZE:
895
case GCRYCTL_SET_KEY:
896
rc = gcry_err_code (gcry_md_setkey (hd, buffer, buflen));
898
case GCRYCTL_START_DUMP:
899
md_start_debug (hd, buffer);
901
case GCRYCTL_STOP_DUMP:
902
md_stop_debug ( hd );
907
return gcry_error (rc);
911
gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
913
gcry_err_code_t rc = GPG_ERR_NO_ERROR;
915
if (!hd->ctx->macpads)
916
rc = GPG_ERR_CONFLICT;
919
rc = prepare_macpads (hd, key, keylen);
924
return gcry_error (rc);
927
/* The new debug interface. If SUFFIX is a string it creates an debug
928
file for the context HD. IF suffix is NULL, the file is closed and
929
debugging is stopped. */
931
gcry_md_debug (gcry_md_hd_t hd, const char *suffix)
934
md_start_debug (hd, suffix);
942
* if ALGO is null get the digest for the used algo (which should be only one)
945
md_read( gcry_md_hd_t a, int algo )
947
GcryDigestEntry *r = a->ctx->list;
951
/* return the first algorithm */
953
log_debug ("more than one algorithm in md_read(0)\n");
954
return r->digest->read( &r->context.c );
958
for (r = a->ctx->list; r; r = r->next)
959
if (r->module->mod_id == algo)
960
return r->digest->read (&r->context.c);
967
* Read out the complete digest, this function implictly finalizes
971
gcry_md_read (gcry_md_hd_t hd, int algo)
973
/* This function is expected to always return a digest, thus we
974
can't return an error which we actually should do in
975
non-operational state. */
976
gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);
977
return md_read (hd, algo);
982
* Read out an intermediate digest. Not yet functional.
985
gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)
993
fips_signal_error ("unimplemented function called");
994
return GPG_ERR_INTERNAL;
999
* Shortcut function to hash a buffer with a given algo. The only
1000
* guaranteed supported algorithms are RIPE-MD160 and SHA-1. The
1001
* supplied digest buffer must be large enough to store the resulting
1002
* hash. No error is returned, the function will abort on an invalid
1003
* algo. DISABLED_ALGOS are ignored here. */
1005
gcry_md_hash_buffer (int algo, void *digest,
1006
const void *buffer, size_t length)
1008
if (algo == GCRY_MD_SHA1)
1009
_gcry_sha1_hash_buffer (digest, buffer, length);
1010
else if (algo == GCRY_MD_RMD160 && !fips_mode () )
1011
_gcry_rmd160_hash_buffer (digest, buffer, length);
1014
/* For the others we do not have a fast function, so we use the
1015
normal functions. */
1019
if (algo == GCRY_MD_MD5 && fips_mode ())
1021
_gcry_inactivate_fips_mode ("MD5 used");
1022
if (_gcry_enforced_fips_mode () )
1024
/* We should never get to here because we do not register
1025
MD5 in enforced fips mode. */
1026
_gcry_fips_noreturn ();
1030
err = md_open (&h, algo, 0, 0);
1032
log_bug ("gcry_md_open failed for algo %d: %s",
1033
algo, gpg_strerror (gcry_error(err)));
1034
md_write (h, (byte *) buffer, length);
1036
memcpy (digest, md_read (h, algo), md_digest_length (algo));
1042
md_get_algo (gcry_md_hd_t a)
1044
GcryDigestEntry *r = a->ctx->list;
1048
fips_signal_error ("possible usage error");
1049
log_error ("WARNING: more than one algorithm in md_get_algo()\n");
1051
return r ? r->module->mod_id : 0;
1055
gcry_md_get_algo (gcry_md_hd_t hd)
1057
return md_get_algo (hd);
1062
* Return the length of the digest
1065
md_digest_length (int algorithm)
1067
gcry_module_t digest;
1070
REGISTER_DEFAULT_DIGESTS;
1072
ath_mutex_lock (&digests_registered_lock);
1073
digest = _gcry_module_lookup_id (digests_registered, algorithm);
1076
mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
1077
_gcry_module_release (digest);
1079
ath_mutex_unlock (&digests_registered_lock);
1085
* Return the length of the digest in bytes.
1086
* This function will return 0 in case of errors.
1089
gcry_md_get_algo_dlen (int algorithm)
1091
return md_digest_length (algorithm);
1095
/* Hmmm: add a mode to enumerate the OIDs
1096
* to make g10/sig-check.c more portable */
1098
md_asn_oid (int algorithm, size_t *asnlen, size_t *mdlen)
1100
const byte *asnoid = NULL;
1101
gcry_module_t digest;
1103
REGISTER_DEFAULT_DIGESTS;
1105
ath_mutex_lock (&digests_registered_lock);
1106
digest = _gcry_module_lookup_id (digests_registered, algorithm);
1110
*asnlen = ((gcry_md_spec_t *) digest->spec)->asnlen;
1112
*mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
1113
asnoid = ((gcry_md_spec_t *) digest->spec)->asnoid;
1114
_gcry_module_release (digest);
1117
log_bug ("no ASN.1 OID for md algo %d\n", algorithm);
1118
ath_mutex_unlock (&digests_registered_lock);
1126
* Return information about the given cipher algorithm
1127
* WHAT select the kind of information returned:
1128
* GCRYCTL_TEST_ALGO:
1129
* Returns 0 when the specified algorithm is available for use.
1130
* buffer and nbytes must be zero.
1131
* GCRYCTL_GET_ASNOID:
1132
* Return the ASNOID of the algorithm in buffer. if buffer is NULL, only
1133
* the required length is returned.
1135
* Note: Because this function is in most cases used to return an
1136
* integer value, we can make it easier for the caller to just look at
1137
* the return value. The caller will in all cases consult the value
1138
* and thereby detecting whether a error occured or not (i.e. while checking
1142
gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
1144
gcry_err_code_t err = GPG_ERR_NO_ERROR;
1148
case GCRYCTL_TEST_ALGO:
1149
if (buffer || nbytes)
1150
err = GPG_ERR_INV_ARG;
1152
err = check_digest_algo (algo);
1155
case GCRYCTL_GET_ASNOID:
1156
/* We need to check that the algo is available because
1157
md_asn_oid would otherwise raise an assertion. */
1158
err = check_digest_algo (algo);
1161
const char unsigned *asn;
1164
asn = md_asn_oid (algo, &asnlen, NULL);
1165
if (buffer && (*nbytes >= asnlen))
1167
memcpy (buffer, asn, asnlen);
1170
else if (!buffer && nbytes)
1175
err = GPG_ERR_TOO_SHORT;
1177
err = GPG_ERR_INV_ARG;
1183
err = GPG_ERR_INV_OP;
1186
return gcry_error (err);
1191
md_start_debug ( gcry_md_hd_t md, const char *suffix )
1199
if ( md->ctx->debug )
1201
log_debug("Oops: md debug already started\n");
1205
snprintf (buf, DIM(buf)-1, "dbgmd-%05d.%.10s", idx, suffix );
1206
md->ctx->debug = fopen(buf, "w");
1207
if ( !md->ctx->debug )
1208
log_debug("md debug: can't open %s\n", buf );
1212
md_stop_debug( gcry_md_hd_t md )
1214
if ( md->ctx->debug )
1217
md_write ( md, NULL, 0 );
1218
fclose (md->ctx->debug);
1219
md->ctx->debug = NULL;
1222
#ifdef HAVE_U64_TYPEDEF
1223
{ /* a kludge to pull in the __muldi3 for Solaris */
1224
volatile u32 a = (u32)(ulong)md;
1225
volatile u64 b = 42;
1235
* Return information about the digest handle.
1236
* GCRYCTL_IS_SECURE:
1237
* Returns 1 when the handle works on secured memory
1238
* otherwise 0 is returned. There is no error return.
1239
* GCRYCTL_IS_ALGO_ENABLED:
1240
* Returns 1 if the algo is enabled for that handle.
1241
* The algo must be passed as the address of an int.
1244
gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes)
1246
gcry_err_code_t err = GPG_ERR_NO_ERROR;
1250
case GCRYCTL_IS_SECURE:
1251
*nbytes = h->ctx->secure;
1254
case GCRYCTL_IS_ALGO_ENABLED:
1259
if ( !buffer || (nbytes && (*nbytes != sizeof (int))))
1260
err = GPG_ERR_INV_ARG;
1263
algo = *(int*)buffer;
1266
for(r=h->ctx->list; r; r = r->next ) {
1267
if (r->module->mod_id == algo)
1278
err = GPG_ERR_INV_OP;
1281
return gcry_error (err);
1285
/* Explicitly initialize this module. */
1287
_gcry_md_init (void)
1289
gcry_err_code_t err = GPG_ERR_NO_ERROR;
1291
REGISTER_DEFAULT_DIGESTS;
1298
gcry_md_is_secure (gcry_md_hd_t a)
1302
if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value))
1303
value = 1; /* It seems to be better to assume secure memory on
1310
gcry_md_is_enabled (gcry_md_hd_t a, int algo)
1314
value = sizeof algo;
1315
if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value))
1320
/* Get a list consisting of the IDs of the loaded message digest
1321
modules. If LIST is zero, write the number of loaded message
1322
digest modules to LIST_LENGTH and return. If LIST is non-zero, the
1323
first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
1324
of according size. In case there are less message digest modules
1325
than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
1328
gcry_md_list (int *list, int *list_length)
1330
gcry_err_code_t err = GPG_ERR_NO_ERROR;
1332
ath_mutex_lock (&digests_registered_lock);
1333
err = _gcry_module_list (digests_registered, list, list_length);
1334
ath_mutex_unlock (&digests_registered_lock);
1340
/* Run the selftests for digest algorithm ALGO with optional reporting
1343
_gcry_md_selftest (int algo, int extended, selftest_report_func_t report)
1345
gcry_module_t module = NULL;
1346
cipher_extra_spec_t *extraspec = NULL;
1347
gcry_err_code_t ec = 0;
1349
REGISTER_DEFAULT_DIGESTS;
1351
ath_mutex_lock (&digests_registered_lock);
1352
module = _gcry_module_lookup_id (digests_registered, algo);
1353
if (module && !(module->flags & FLAG_MODULE_DISABLED))
1354
extraspec = module->extraspec;
1355
ath_mutex_unlock (&digests_registered_lock);
1356
if (extraspec && extraspec->selftest)
1357
ec = extraspec->selftest (algo, extended, report);
1360
ec = GPG_ERR_DIGEST_ALGO;
1362
report ("digest", algo, "module",
1363
module && !(module->flags & FLAG_MODULE_DISABLED)?
1364
"no selftest available" :
1365
module? "algorithm disabled" : "algorithm not found");
1370
ath_mutex_lock (&digests_registered_lock);
1371
_gcry_module_release (module);
1372
ath_mutex_unlock (&digests_registered_lock);
1374
return gpg_error (ec);