33
/* A dummy extraspec so that we do not need to tests the extraspec
34
field from the module specification against NULL and instead
35
directly test the respective fields of extraspecs. */
36
static md_extra_spec_t dummy_extra_spec;
39
/* This is the list of the digest implementations included in
34
41
static struct digest_table_entry
36
43
gcry_md_spec_t *digest;
44
md_extra_spec_t *extraspec;
37
45
unsigned int algorithm;
41
{ &_gcry_digest_spec_crc32, GCRY_MD_CRC32 },
42
{ &_gcry_digest_spec_crc32_rfc1510, GCRY_MD_CRC32_RFC1510 },
43
{ &_gcry_digest_spec_crc24_rfc2440, GCRY_MD_CRC24_RFC2440 },
50
/* We allow the CRC algorithms even in FIPS mode because they are
51
actually no cryptographic primitives. */
52
{ &_gcry_digest_spec_crc32,
53
&dummy_extra_spec, GCRY_MD_CRC32, 1 },
54
{ &_gcry_digest_spec_crc32_rfc1510,
55
&dummy_extra_spec, GCRY_MD_CRC32_RFC1510, 1 },
56
{ &_gcry_digest_spec_crc24_rfc2440,
57
&dummy_extra_spec, GCRY_MD_CRC24_RFC2440, 1 },
46
{ &_gcry_digest_spec_md4, GCRY_MD_MD4 },
60
{ &_gcry_digest_spec_md4,
61
&dummy_extra_spec, GCRY_MD_MD4 },
49
{ &_gcry_digest_spec_md5, GCRY_MD_MD5 },
64
{ &_gcry_digest_spec_md5,
65
&dummy_extra_spec, GCRY_MD_MD5, 1 },
52
{ &_gcry_digest_spec_rmd160, GCRY_MD_RMD160 },
68
{ &_gcry_digest_spec_rmd160,
69
&dummy_extra_spec, GCRY_MD_RMD160 },
55
{ &_gcry_digest_spec_sha1, GCRY_MD_SHA1 },
72
{ &_gcry_digest_spec_sha1,
73
&_gcry_digest_extraspec_sha1, GCRY_MD_SHA1, 1 },
58
{ &_gcry_digest_spec_sha256, GCRY_MD_SHA256 },
59
{ &_gcry_digest_spec_sha224, GCRY_MD_SHA224 },
76
{ &_gcry_digest_spec_sha256,
77
&_gcry_digest_extraspec_sha256, GCRY_MD_SHA256, 1 },
78
{ &_gcry_digest_spec_sha224,
79
&_gcry_digest_extraspec_sha224, GCRY_MD_SHA224, 1 },
62
{ &_gcry_digest_spec_sha512, GCRY_MD_SHA512 },
63
{ &_gcry_digest_spec_sha384, GCRY_MD_SHA384 },
82
{ &_gcry_digest_spec_sha512,
83
&_gcry_digest_extraspec_sha512, GCRY_MD_SHA512, 1 },
84
{ &_gcry_digest_spec_sha384,
85
&_gcry_digest_extraspec_sha384, GCRY_MD_SHA384, 1 },
66
{ &_gcry_digest_spec_tiger, GCRY_MD_TIGER },
88
{ &_gcry_digest_spec_tiger,
89
&dummy_extra_spec, GCRY_MD_TIGER },
69
{ &_gcry_digest_spec_whirlpool, GCRY_MD_WHIRLPOOL },
92
{ &_gcry_digest_spec_whirlpool,
93
&dummy_extra_spec, GCRY_MD_WHIRLPOOL },
145
169
/* Internal function. Register all the ciphers included in
146
170
CIPHER_TABLE. Returns zero on success or an error code. */
148
gcry_md_register_default (void)
172
md_register_default (void)
150
174
gcry_err_code_t err = 0;
153
for (i = 0; (! err) && digest_table[i].digest; i++)
154
err = _gcry_module_add (&digests_registered,
155
digest_table[i].algorithm,
156
(void *) digest_table[i].digest,
177
for (i = 0; !err && digest_table[i].digest; i++)
181
if (!digest_table[i].fips_allowed)
183
if (digest_table[i].algorithm == GCRY_MD_MD5
184
&& _gcry_enforced_fips_mode () )
185
continue; /* Do not register in enforced fips mode. */
188
err = _gcry_module_add (&digests_registered,
189
digest_table[i].algorithm,
190
(void *) digest_table[i].digest,
191
(void *) digest_table[i].extraspec,
217
253
DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
218
254
and a pointer representhing this module is stored in MODULE. */
220
gcry_md_register (gcry_md_spec_t *digest,
221
unsigned int *algorithm_id,
222
gcry_module_t *module)
256
_gcry_md_register (gcry_md_spec_t *digest,
257
md_extra_spec_t *extraspec,
258
unsigned int *algorithm_id,
259
gcry_module_t *module)
224
261
gcry_err_code_t err = 0;
225
262
gcry_module_t mod;
264
/* We do not support module loading in fips mode. */
266
return gpg_error (GPG_ERR_NOT_SUPPORTED);
227
268
ath_mutex_lock (&digests_registered_lock);
228
269
err = _gcry_module_add (&digests_registered, 0,
229
(void *) digest, &mod);
271
(void *)(extraspec? extraspec : &dummy_extra_spec),
230
273
ath_mutex_unlock (&digests_registered_lock);
783
848
static gcry_err_code_t
784
prepare_macpads( gcry_md_hd_t hd, const byte *key, size_t keylen)
849
prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
787
int algo = md_get_algo( hd );
788
byte *helpkey = NULL;
792
return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */
852
int algo = md_get_algo (hd);
853
unsigned char *helpkey = NULL;
854
unsigned char *ipad, *opad;
857
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
859
if ( keylen > hd->ctx->macpads_Bsize )
796
helpkey = gcry_malloc_secure ( md_digest_length( algo ) );
861
helpkey = gcry_malloc_secure (md_digest_length (algo));
798
863
return gpg_err_code_from_errno (errno);
799
gcry_md_hash_buffer ( algo, helpkey, key, keylen );
864
gcry_md_hash_buffer (algo, helpkey, key, keylen);
801
keylen = md_digest_length( algo );
802
assert ( keylen <= 64 );
866
keylen = md_digest_length (algo);
867
gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
805
870
memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
906
971
gcry_md_read (gcry_md_hd_t hd, int algo)
973
/* This function is expected to always return a digest, thus we
974
can't return an error which we actually should do in
975
non-operational state. */
908
976
gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);
909
977
return md_read (hd, algo);
913
* This function combines md_final and md_read but keeps the context
914
* intact. This function can be used to calculate intermediate
915
* digests. The digest is copied into buffer and the digestlength is
916
* returned. If buffer is NULL only the needed size for buffer is returned.
917
* buflen gives the max size of buffer. If the buffer is too shourt to
918
* hold the complete digest, the buffer is filled with as many bytes are
919
* possible and this value is returned.
923
md_digest( gcry_md_hd_t a, int algo, byte *buffer, int buflen )
925
struct md_digest_list_s *r = NULL;
930
md_write( a, NULL, 0 );
932
if( !algo ) { /* return digest for the first algorithm */
933
if( (r=a->ctx->list) && r->next )
934
log_debug("more than algorithm in md_digest(0)\n");
937
for(r=a->ctx->list; r; r = r->next )
938
if( r->algo == algo )
947
/* I don't want to change the interface, so I simply work on a copy
948
* of the context (extra overhead - should be fixed)*/
949
context = a->ctx->secure ? gcry_xmalloc_secure( r->contextsize )
950
: gcry_xmalloc( r->contextsize );
951
memcpy( context, r->context.c, r->contextsize );
952
(*r->digest->final)( context );
953
digest = (*r->digest->read)( context );
955
if( buflen > r->mdlen )
957
memcpy( buffer, digest, buflen );
965
* Read out an intermediate digest. Not yet fucntional.
982
* Read out an intermediate digest. Not yet functional.
968
985
gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)
990
1008
if (algo == GCRY_MD_SHA1)
991
1009
_gcry_sha1_hash_buffer (digest, buffer, length);
992
else if (algo == GCRY_MD_RMD160)
1010
else if (algo == GCRY_MD_RMD160 && !fips_mode () )
993
1011
_gcry_rmd160_hash_buffer (digest, buffer, length);
996
1014
/* For the others we do not have a fast function, so we use the
997
1015
normal functions. */
999
gpg_err_code_t err = md_open (&h, algo, 0, 0);
1019
if (algo == GCRY_MD_MD5 && fips_mode ())
1021
_gcry_inactivate_fips_mode ("MD5 used");
1022
if (_gcry_enforced_fips_mode () )
1024
/* We should never get to here because we do not register
1025
MD5 in enforced fips mode. */
1026
_gcry_fips_noreturn ();
1030
err = md_open (&h, algo, 0, 0);
1001
1032
log_bug ("gcry_md_open failed for algo %d: %s",
1002
1033
algo, gpg_strerror (gcry_error(err)));
1340
/* Run the selftests for digest algorithm ALGO with optional reporting
1343
_gcry_md_selftest (int algo, int extended, selftest_report_func_t report)
1345
gcry_module_t module = NULL;
1346
cipher_extra_spec_t *extraspec = NULL;
1347
gcry_err_code_t ec = 0;
1349
REGISTER_DEFAULT_DIGESTS;
1351
ath_mutex_lock (&digests_registered_lock);
1352
module = _gcry_module_lookup_id (digests_registered, algo);
1353
if (module && !(module->flags & FLAG_MODULE_DISABLED))
1354
extraspec = module->extraspec;
1355
ath_mutex_unlock (&digests_registered_lock);
1356
if (extraspec && extraspec->selftest)
1357
ec = extraspec->selftest (algo, extended, report);
1360
ec = GPG_ERR_DIGEST_ALGO;
1362
report ("digest", algo, "module",
1363
module && !(module->flags & FLAG_MODULE_DISABLED)?
1364
"no selftest available" :
1365
module? "algorithm disabled" : "algorithm not found");
1370
ath_mutex_lock (&digests_registered_lock);
1371
_gcry_module_release (module);
1372
ath_mutex_unlock (&digests_registered_lock);
1374
return gpg_error (ec);