Overview
Comment: | Added key support to digest channel |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | crypto |
Files: | files | file ages | folders |
SHA3-256: |
b536b956a81f1c7bb081d1db43ce9f33 |
User & Date: | bohagan on 2023-11-04 02:08:07 |
Other Links: | branch diff | manifest | tags |
Context
2023-11-04
| ||
03:14 | Added sha512 convenience command check-in: 72569af7c5 user: bohagan tags: crypto | |
02:08 | Added key support to digest channel check-in: b536b956a8 user: bohagan tags: crypto | |
2023-11-03
| ||
22:25 | Added command to list available Message Authentication Codes (MAC) check-in: 4bc6ba68a7 user: bohagan tags: crypto | |
Changes
Modified generic/tlsDigest.c
from [5e8cf5527f]
to [fe4794bb6a].
︙ | ︙ | |||
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | int flags; /* Chan config flags */ int watchMask; /* Current WatchProc mask */ int mode; /* Current mode of parent channel */ int format; /* Output format */ Tcl_Interp *interp; /* Current interpreter */ EVP_MD_CTX *ctx; /* MD Context */ } DigestState; /*******************************************************************/ /* *------------------------------------------------------------------- * * DigestFile -- | > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 | int flags; /* Chan config flags */ int watchMask; /* Current WatchProc mask */ int mode; /* Current mode of parent channel */ int format; /* Output format */ Tcl_Interp *interp; /* Current interpreter */ EVP_MD_CTX *ctx; /* MD Context */ HMAC_CTX *hctx; /* HMAC Context */ } DigestState; /* *------------------------------------------------------------------- * * DigestFree -- * * This procedure removes a digest state structure * * Returns: * Nothing * * Side effects: * Removes structure * *------------------------------------------------------------------- */ void DigestFree (DigestState *statePtr) { if (statePtr == (DigestState *) NULL) return; if (statePtr->ctx != (EVP_MD_CTX *) NULL) { EVP_MD_CTX_free(statePtr->ctx); } if (statePtr->hctx != (HMAC_CTX *) NULL) { HMAC_CTX_free(statePtr->hctx); } ckfree(statePtr); } /*******************************************************************/ /* *------------------------------------------------------------------- * * DigestFile -- |
︙ | ︙ | |||
104 105 106 107 108 109 110 | Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), NULL); goto error; } /* Read file data and update hash function */ while (!Tcl_Eof(chan)) { int len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE); | > | | | | | | | > | > | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 | Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), NULL); goto error; } /* Read file data and update hash function */ while (!Tcl_Eof(chan)) { int len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE); if (len > 0) { if (keyObj == NULL) { res = EVP_DigestUpdate(ctx, &buf, (size_t) len); } else { res = HMAC_Update(hctx, &buf[0], (size_t) len); } if (!res) { Tcl_AppendResult(interp, "Update digest failed: ", REASON(), NULL); res = TCL_ERROR; goto error; } } } /* Close channel */ if (Tcl_Close(interp, chan) == TCL_ERROR) { chan = (Tcl_Channel) NULL; goto error; |
︙ | ︙ | |||
199 200 201 202 203 204 205 | } return 0; } /* *------------------------------------------------------------------- * | < < < < < < < < < < < < < < < < < < < < < < < < | 230 231 232 233 234 235 236 237 238 239 240 241 242 243 | } return 0; } /* *------------------------------------------------------------------- * * DigestCloseProc -- * * This procedure is invoked by the generic IO level to perform * channel-type-specific cleanup when digest channel is closed. * * Returns: * TCL_OK or TCL_ERROR |
︙ | ︙ | |||
280 281 282 283 284 285 286 | * Read data from transform and write to buf * *---------------------------------------------------------------------- */ int DigestInputProc(ClientData clientData, char *buf, int toRead, int *errorCodePtr) { DigestState *statePtr = (DigestState *) clientData; Tcl_Channel parent; | | | | > > > > | > | > > > > | 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 | * Read data from transform and write to buf * *---------------------------------------------------------------------- */ int DigestInputProc(ClientData clientData, char *buf, int toRead, int *errorCodePtr) { DigestState *statePtr = (DigestState *) clientData; Tcl_Channel parent; int read, res; *errorCodePtr = 0; if (toRead <= 0 || statePtr->self == (Tcl_Channel) NULL) { return 0; } /* Get bytes from underlying channel */ parent = Tcl_GetStackedChannel(statePtr->self); read = Tcl_ReadRaw(parent, buf, toRead); /* Add to message digest */ if (read > 0) { if (statePtr->ctx != NULL) { res = EVP_DigestUpdate(statePtr->ctx, buf, (size_t) read); } else { res = HMAC_Update(statePtr->hctx, buf, (size_t) read); } if (!res) { Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON())); *errorCodePtr = EINVAL; return -1; } *errorCodePtr = EAGAIN; read = -1; } else if (read < 0) { /* Error */ *errorCodePtr = Tcl_GetErrno(); } else if (!(statePtr->flags & 0x10)) { /* EOF */ *errorCodePtr = 0; unsigned char md_buf[EVP_MAX_MD_SIZE]; unsigned int md_len = 0; /* Finalize hash function and calculate message digest */ if (statePtr->ctx != NULL) { res = EVP_DigestFinal_ex(statePtr->ctx, md_buf, &md_len); } else { res = HMAC_Final(statePtr->hctx, md_buf, &md_len); } if (!res) { *errorCodePtr = EINVAL; /* Write message digest to output channel as byte array or hex string */ } else if (md_len > 0) { if (statePtr->format == BIN_FORMAT) { read = md_len; memcpy(buf, md_buf, read); |
︙ | ︙ | |||
607 608 609 610 611 612 613 | * * Side effects: * Adds transform to channel and sets result to channel name or error message. * *---------------------------------------------------------------------- */ static int | | > | < > > | < | | > > > > > > > | > > > > > > > > | | | | > > | > | < | < < | 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 | * * Side effects: * Adds transform to channel and sets result to channel name or error message. * *---------------------------------------------------------------------- */ static int DigestChannel(Tcl_Interp *interp, const char *channel, const EVP_MD *md, int format, Tcl_Obj *keyObj) { int res, mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */ Tcl_Channel chan; DigestState *statePtr; EVP_MD_CTX *ctx = (EVP_MD_CTX *) NULL; HMAC_CTX *hctx = (HMAC_CTX *) NULL; /* Validate args */ if (channel == (const char *) NULL || md == (const EVP_MD *) NULL) { return TCL_ERROR; } chan = Tcl_GetChannel(interp, channel, &mode); if (chan == (Tcl_Channel) NULL) { return TCL_ERROR; } /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); /* Create internal storage structure */ statePtr = (DigestState *) ckalloc((unsigned) sizeof(DigestState)); if (statePtr != NULL) { memset(statePtr, 0, sizeof(DigestState)); statePtr->self = chan; /* This socket channel */ statePtr->timer = (Tcl_TimerToken) NULL; /* Timer to flush data */ statePtr->flags = 0; /* Chan config flags */ statePtr->watchMask = 0; /* Current WatchProc mask */ statePtr->mode = mode; /* Current mode of parent channel */ statePtr->format = format; /* Output format */ statePtr->interp = interp; /* Current interpreter */ statePtr->ctx = ctx; /* MD Context */ statePtr->hctx = hctx; /* HMAC Context */ statePtr->mac = NULL; /* MAC Context */ } else { Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL); return TCL_ERROR; } /* Create message digest context */ if (keyObj == NULL) { ctx = EVP_MD_CTX_new(); } else { hctx = HMAC_CTX_new(); } if (ctx != NULL || hctx != NULL) { statePtr->ctx = ctx; statePtr->hctx = hctx; } else { Tcl_AppendResult(interp, "Create digest context failed: ", REASON(), NULL); DigestFree(statePtr); return TCL_ERROR; } /* Initialize hash function */ if (keyObj == NULL) { res = EVP_DigestInit_ex(ctx, md, NULL); } else { int key_len; unsigned char *key = Tcl_GetByteArrayFromObj(keyObj, &key_len); res = HMAC_Init_ex(hctx, (const void *) key, key_len, md, NULL); } if (!res) { Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), (char *) NULL); DigestFree(statePtr); return TCL_ERROR; } /* Configure channel */ Tcl_SetChannelOption(interp, chan, "-translation", "binary"); if (Tcl_GetChannelBufferSize(chan) < EVP_MAX_MD_SIZE * 2) { Tcl_SetChannelBufferSize(chan, EVP_MAX_MD_SIZE * 2); } /* Stack channel */ statePtr->self = Tcl_StackChannel(interp, &digestChannelType, (ClientData) statePtr, mode, chan); if (statePtr->self == (Tcl_Channel) NULL) { DigestFree(statePtr); return TCL_ERROR; } Tcl_SetResult(interp, (char *) Tcl_GetChannelName(chan), TCL_VOLATILE); return TCL_OK; } |
︙ | ︙ | |||
766 767 768 769 770 771 772 | data = Tcl_GetByteArrayFromObj(objv[1], &len); if (data == NULL || len == 0) { Tcl_SetResult(interp, "No data", NULL); return TCL_ERROR; } /* Calculate digest based on hash function */ | | | | 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 | data = Tcl_GetByteArrayFromObj(objv[1], &len); if (data == NULL || len == 0) { Tcl_SetResult(interp, "No data", NULL); return TCL_ERROR; } /* Calculate digest based on hash function */ if (keyObj == (Tcl_Obj *) NULL) { res = EVP_Digest(data, (size_t) len, md_buf, &md_len, md, NULL); } else { unsigned char *key, *hmac = NULL; int key_len; key = Tcl_GetByteArrayFromObj(keyObj, &key_len); hmac = HMAC(md, (const void *) key, key_len, (const unsigned char *) data, (size_t) len, md_buf, &md_len); res = (hmac != NULL); } |
︙ | ︙ | |||
818 819 820 821 822 823 824 | * Side effects: * Sets result to message digest or error message * *------------------------------------------------------------------- */ static int DigestObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { | | | 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 | * Side effects: * Sets result to message digest or error message * *------------------------------------------------------------------- */ static int DigestObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { int idx, len, format = HEX_FORMAT, key_len = 0, data_len = 0, res = TCL_OK; const char *digestname, *channel = NULL; Tcl_Obj *dataObj = NULL, *fileObj = NULL, *keyObj = NULL; unsigned char *key = NULL; const EVP_MD *md; Tcl_ResetResult(interp); |
︙ | ︙ | |||
872 873 874 875 876 877 878 | /* If no option for last arg, then its the data */ if (idx < objc) { dataObj = objv[idx]; } /* Calc digest on file, stacked channel, or data blob */ if (fileObj != NULL) { | | | | < < | | 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 | /* If no option for last arg, then its the data */ if (idx < objc) { dataObj = objv[idx]; } /* Calc digest on file, stacked channel, or data blob */ if (fileObj != NULL) { res = DigestFile(interp, fileObj, md, format, keyObj); } else if (channel != NULL) { res = DigestChannel(interp, channel, md, format, keyObj); } else if (dataObj != NULL) { Tcl_Obj *objs[2]; objs[0] = NULL; objs[1] = dataObj; res = DigestHashFunction(interp, 2, objs, md, format, keyObj); } return res; } /* *------------------------------------------------------------------- * * Message Digest Convenience Commands -- * |
︙ | ︙ |
Modified tests/ciphers.csv
from [cc62fb24e1]
to [ec44d144a5].
︙ | ︙ | |||
79 80 81 82 83 84 85 | Digest Chan,sha256,,,read_chan sha256 md_data.dat,,,B7DFDDEB0314A74FF56A8AC1E3DC57DF09BB52A96DA50F6549EB62CA61A0A491,,, Digest Chan,md5 bin,,,string toupper [binary encode hex [read_chan md5 md_data.dat -bin]],,,CCB1BE2E11D8183E843FF73DA8C6D206,,, Digest Chan,md5 hex,,,read_chan md5 md_data.dat -hex,,,CCB1BE2E11D8183E843FF73DA8C6D206,,, ,,,,,,,,,, command,# Test HMAC,,,,,,,,, Digest HMAC,data,,,"tls::digest md5 -key ""Example key"" -data ""Example string for message digest tests.""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,file,,,"tls::digest md5 -key ""Example key"" -file md_data.dat",,,901DA6E6976A71650C77443C37FF9C7F,,, | | | 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | Digest Chan,sha256,,,read_chan sha256 md_data.dat,,,B7DFDDEB0314A74FF56A8AC1E3DC57DF09BB52A96DA50F6549EB62CA61A0A491,,, Digest Chan,md5 bin,,,string toupper [binary encode hex [read_chan md5 md_data.dat -bin]],,,CCB1BE2E11D8183E843FF73DA8C6D206,,, Digest Chan,md5 hex,,,read_chan md5 md_data.dat -hex,,,CCB1BE2E11D8183E843FF73DA8C6D206,,, ,,,,,,,,,, command,# Test HMAC,,,,,,,,, Digest HMAC,data,,,"tls::digest md5 -key ""Example key"" -data ""Example string for message digest tests.""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,file,,,"tls::digest md5 -key ""Example key"" -file md_data.dat",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,channel,,,"read_chan md5 md_data.dat -key ""Example key""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,data bin,,,"string toupper [binary encode hex [tls::digest md5 -bin -key ""Example key"" -data ""Example string for message digest tests.""]]",,,901DA6E6976A71650C77443C37FF9C7F,,, ,,,,,,,,,, command,# Test list MACs,,,,,,,,, MAC List,All,,,lcompare [exec_get_macs] [tls::macs],,,missing {} unexpected {},,, ,,,,,,,,,, command,# Test list protocols,,,,,,,,, Protocols,All,,,lcompare $protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,, |
︙ | ︙ |
Modified tests/ciphers.test
from [1a154d14c0]
to [dea59e87f8].
︙ | ︙ | |||
222 223 224 225 226 227 228 | tls::digest md5 -key "Example key" -data "Example string for message digest tests." } -result {901DA6E6976A71650C77443C37FF9C7F} test Digest_HMAC-10.2 {file} -body { tls::digest md5 -key "Example key" -file md_data.dat } -result {901DA6E6976A71650C77443C37FF9C7F} | | | 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 | tls::digest md5 -key "Example key" -data "Example string for message digest tests." } -result {901DA6E6976A71650C77443C37FF9C7F} test Digest_HMAC-10.2 {file} -body { tls::digest md5 -key "Example key" -file md_data.dat } -result {901DA6E6976A71650C77443C37FF9C7F} test Digest_HMAC-10.3 {channel} -body { read_chan md5 md_data.dat -key "Example key" } -result {901DA6E6976A71650C77443C37FF9C7F} test Digest_HMAC-10.4 {data bin} -body { string toupper [binary encode hex [tls::digest md5 -bin -key "Example key" -data "Example string for message digest tests."]] } -result {901DA6E6976A71650C77443C37FF9C7F} # Test list MACs |
︙ | ︙ |