Check-in [94f8408d0d]
Overview
Comment:Moved common get cipher, digest, etc. functions to tlsUtil.c file. Renamed tlsKey.c to tlsKDF.c to better reflect contents. Standardized error messages.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | crypto
Files: files | file ages | folders
SHA3-256: 94f8408d0d20d0089c7a6f8a5bbd6280422e37285c33e6a3f66f10627dfd8482
User & Date: bohagan on 2023-12-24 22:57:35
Other Links: branch diff | manifest | tags
Context
2023-12-25
02:04
Added KDF test cases check-in: 4cc32676a2 user: bohagan tags: crypto
2023-12-24
22:57
Moved common get cipher, digest, etc. functions to tlsUtil.c file. Renamed tlsKey.c to tlsKDF.c to better reflect contents. Standardized error messages. check-in: 94f8408d0d user: bohagan tags: crypto
06:36
Added MAC test vectors. Added all.tcl files to each test subdirectory so all tests run. Updated Hash and KDF test vectors to add missing cleanupTests. Corrected bug with using dash in constraints. Added constraints for ciphers, digests, and kdfs. check-in: feef0d0cef user: bohagan tags: crypto
Changes
Modified configure from [39b72b8793] to [5d330fed91].
5392
5393
5394
5395
5396
5397
5398
5399

5400
5401
5402
5403
5404
5405
5406
5392
5393
5394
5395
5396
5397
5398

5399
5400
5401
5402
5403
5404
5405
5406







-
+







# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
# and PKG_TCL_SOURCES.
#-----------------------------------------------------------------------


    vars="tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKey.c tlsX509.c"
    vars="tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKDF.c tlsUtil.c tlsX509.c"
    for i in $vars; do
	case $i in
	    \$*)
		# allow $-var names
		PKG_SOURCES="$PKG_SOURCES $i"
		PKG_OBJECTS="$PKG_OBJECTS $i"
		;;
67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
67
68
69
70
71
72
73

74
75
76
77
78
79
80
81







-
+







# public headers that need to be installed in TEA_ADD_HEADERS,
# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
# and PKG_TCL_SOURCES.
#-----------------------------------------------------------------------

TEA_ADD_SOURCES([tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKey.c tlsX509.c])
TEA_ADD_SOURCES([tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKDF.c tlsUtil.c tlsX509.c])
TEA_ADD_HEADERS([generic/tls.h])
TEA_ADD_INCLUDES([])
TEA_ADD_LIBS([])
TEA_ADD_CFLAGS([])
TEA_ADD_STUB_SOURCES([])
TEA_ADD_TCL_SOURCES([library/tls.tcl])

145
146
147
148
149
150
151
152

153
154
155
156


157
158


















159
160
161
162
163
164
165
145
146
147
148
149
150
151

152

153
154

155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183







-
+
-


-
+
+


+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







 * Side effects:
 *	No result or error message
 *
 *-------------------------------------------------------------------
 */
int DigestInitialize(Tcl_Interp *interp, DigestState *statePtr, Tcl_Obj *digestObj,
	Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
    int key_len = 0, type = statePtr->format & 0xFF0;
    int res = 0, type = statePtr->format & 0xFF0;
    const char *digestName = NULL, *cipherName = NULL, *macName = NULL;
    const EVP_MD *md = NULL;
    const EVP_CIPHER *cipher = NULL;
    const unsigned char *key = NULL;
    const void *key = NULL, *iv = NULL, *salt = NULL;
    int key_len = 0;

    dprintf("Called");

    /* Get digest */
    md = Util_GetDigest(interp, digestObj, type != TYPE_CMAC);
    if (md == NULL && type != TYPE_CMAC) {
	return TCL_ERROR;
    }

    /* Get cipher */
    cipher = Util_GetCipher(interp, cipherObj, type == TYPE_CMAC);
    if (cipher == NULL && type == TYPE_CMAC) {
	return TCL_ERROR;
    }

    /* Get key */
    key = (const void *) Util_GetKey(interp, keyObj, &key_len, "key", 0, type != TYPE_MD);
    if (key == NULL && type != TYPE_MD) {
	return TCL_ERROR;
    }

    /* Create contexts */
    switch(type) {
    case TYPE_MD:
	statePtr->ctx = EVP_MD_CTX_new();
	res = (statePtr->ctx != NULL);
	break;
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239

240
241
242

243
244
245
246
247
248
249
192
193
194
195
196
197
198




















































199
200
201
202
203
204

205
206
207

208
209
210
211
212
213
214
215







-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-






-
+


-
+







    }

    if (!res) {
	Tcl_AppendResult(interp, "Create context failed", NULL);
	return TCL_ERROR;
    }

    /* Get MAC */
    if (macObj != NULL) {
	macName = Tcl_GetStringFromObj(macObj, NULL);
	if (strcmp(macName, "cmac") == 0) {
	    type = TYPE_CMAC;
	} else if (strcmp(macName, "hmac") == 0) {
	    type = TYPE_HMAC;
	} else {
	    Tcl_AppendResult(interp, "Invalid MAC \"", macName, "\"", NULL);
	    return TCL_ERROR;
	}
    } else if (type == TYPE_MAC) {
	Tcl_AppendResult(interp, "No MAC specified", NULL);
	return TCL_ERROR;
    }

    /* Get digest */
    if (digestObj != NULL) {
	digestName = Tcl_GetStringFromObj(digestObj, NULL);
	md = EVP_get_digestbyname(digestName);
	if (md == NULL) {
	    Tcl_AppendResult(interp, "Invalid digest \"", digestName, "\"", NULL);
	    return TCL_ERROR;
	} else if (md == EVP_shake128() || md == EVP_shake256()) {
	    statePtr->format |= IS_XOF;
	}
    } else if (type != TYPE_CMAC) {
	Tcl_AppendResult(interp, "No digest specified", NULL);
	return TCL_ERROR;
    }

    /* Get cipher */
    if (cipherObj != NULL) {
	cipherName = Tcl_GetStringFromObj(cipherObj, NULL);
	cipher = EVP_get_cipherbyname(cipherName);
	if (cipher == NULL) {
	    Tcl_AppendResult(interp, "Invalid cipher \"", cipherName, "\"", NULL);
	    return TCL_ERROR;
	}
    } else if (type == TYPE_CMAC) {
	Tcl_AppendResult(interp, "No cipher specified", NULL);
	return TCL_ERROR;
    }

    /* Get key */
    if (keyObj != NULL) {
	key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
    } else if (type != TYPE_MD) {
	Tcl_AppendResult(interp, "No key specified", NULL);
	return TCL_ERROR;
    }

    /* Initialize cryptography function */
    switch(type) {
    case TYPE_MD:
	res = EVP_DigestInit_ex(statePtr->ctx, md, NULL);
	break;
    case TYPE_HMAC:
	res = HMAC_Init_ex(statePtr->hctx, (const void *) key, key_len, md, NULL);
	res = HMAC_Init_ex(statePtr->hctx, key, key_len, md, NULL);
	break;
    case TYPE_CMAC:
	res = CMAC_Init(statePtr->cctx, (const void *) key, key_len, cipher, NULL);
	res = CMAC_Init(statePtr->cctx, key, key_len, cipher, NULL);
	break;
    }

    if (!res) {
	Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
	return TCL_ERROR;
    }
1311
1312
1313
1314
1315
1316
1317
1318

1319
1320
1321
1322

1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337

1338
1339
1340
1341
1342
1343
1344
1277
1278
1279
1280
1281
1282
1283

1284
1285
1286
1287

1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302

1303
1304
1305
1306
1307
1308
1309
1310







-
+



-
+














-
+







	if (macObj != NULL) {
	    char *macName = Tcl_GetStringFromObj(macObj, NULL);
	    if (strcmp(macName,"cmac") == 0) {
		type = TYPE_CMAC;
	    } else if (strcmp(macName,"hmac") == 0) {
		type = TYPE_HMAC;
	    } else {
		Tcl_AppendResult(interp, "Invalid MAC \"", macName, "\"", NULL);
		Tcl_AppendResult(interp, "invalid MAC \"", macName, "\"", NULL);
		return TCL_ERROR;
	    }
	} else {
	    Tcl_AppendResult(interp, "No MAC specified", NULL);
	    Tcl_AppendResult(interp, "no MAC", NULL);
	    return TCL_ERROR;
	}
    }

    /* Calc digest on file, stacked channel, using instance command, or data blob */
    if (fileObj != NULL) {
	res = DigestFileHandler(interp, fileObj, digestObj, cipherObj, format | type, keyObj, macObj);
    } else if (channel != NULL) {
	res = DigestChannelHandler(interp, channel, digestObj, cipherObj, format | type, keyObj, macObj);
    } else if (cmdObj != NULL) {
	res = DigestCommandHandler(interp, cmdObj, digestObj, cipherObj, format | type, keyObj, macObj);
    } else if (dataObj != NULL) {
	res = DigestDataHandler(interp, dataObj, digestObj, cipherObj, format | type, keyObj, macObj);
    } else {
	Tcl_AppendResult(interp, "No operation specified: Use -channel, -command, -data, or -file option", NULL);
	Tcl_AppendResult(interp, "No operation: Use -channel, -command, -data, or -file option", NULL);
	res = TCL_ERROR;
    }
    return res;
}

/*
 *-------------------------------------------------------------------
134
135
136
137
138
139
140
141

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

163
164

165
166
167
168
169
170
171
172

173

174
175

176
177

178
179
180
181
182



183
184
185
186
187




188
189
190

191
192
193
194
195
196
197




198
199
200
201



202
203

204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235




236
237
238
239
240
241
242
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148
149
150












151


152



153

154
155
156
157

158


159


160





161
162
163





164
165
166
167



168







169
170
171
172




173
174
175


176
177
178
179
180
181
182

183
184
185
186
187















188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203







-
+









-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
+
-
-
-

-



+
-
+
-
-
+
-
-
+
-
-
-
-
-
+
+
+
-
-
-
-
-
+
+
+
+
-
-
-
+
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
-
-
+






-





-
-
-
-
-
-
-
-
-
-
-
-
-
-
-





+
+
+
+







 *	No result or error message
 *
 *-------------------------------------------------------------------
 */
int EncryptInitialize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX **ctx,
	Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
    const EVP_CIPHER *cipher;
    char *cipherName =  NULL, *keyString = NULL, *ivString = NULL;
    char *keyString = NULL, *ivString = NULL;
    int cipher_len = 0, key_len = 0, iv_len = 0, res, max;
    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

    dprintf("Called");

    /* Init buffers */
    memset(key, 0, EVP_MAX_KEY_LENGTH);
    memset(iv, 0, EVP_MAX_IV_LENGTH);

    /* Get encryption parameters */
    if (cipherObj != NULL) {
	cipherName = Tcl_GetStringFromObj(cipherObj, &cipher_len);
    }
    if (keyObj != NULL) {
	keyString = Tcl_GetByteArrayFromObj(keyObj, &key_len);
    }
    if (ivObj != NULL) {
	ivString = Tcl_GetByteArrayFromObj(ivObj, &iv_len);
    }

    /* Get cipher name */
    /* Get cipher */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
    cipher = EVP_get_cipherbyname(cipherName);
    cipher = Util_GetCipher(interp, cipherObj, 1);
#else
    cipher = EVP_CIPHER_fetch(NULL, cipherName, NULL);
#endif
    if (cipher == NULL) {
	Tcl_AppendResult(interp, "Invalid cipher: \"", cipherName, "\"", NULL);
	return TCL_ERROR;
    }

    /*  Get key - Only support internally defined cipher lengths.
    if (key_len > 0) {
	Custom ciphers can be up to size_t bytes. */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	max = EVP_CIPHER_key_length(cipher);
    max = EVP_CIPHER_key_length(cipher);
#else
	max = EVP_CIPHER_get_key_length(cipher);
    keyString = (const void *) Util_GetKey(interp, keyObj, &key_len, "key", max, FALSE);
#endif
	if (max == 0) {
	} else if (key_len <= max) {
	    memcpy((void *) key, (const void *) keyString, (size_t) key_len);
	} else {
    if (keyString != NULL) {
	memcpy((void *) key, (const void *) keyString, (size_t) key_len);
    } else if (keyObj != NULL)  {
	    Tcl_SetObjResult(interp, Tcl_ObjPrintf("Key too long. Must be <= %d bytes", max));
	    return TCL_ERROR;
	}
    }

	return TCL_ERROR;
    }

    /*  Get IV */
    if (iv_len > 0) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	max = EVP_CIPHER_iv_length(cipher);
    max = EVP_CIPHER_iv_length(cipher);
#else
	max = EVP_CIPHER_get_iv_length(cipher);
#endif
	if (max == 0) {
	} else if (iv_len <= max) {
	    memcpy((void *) iv, (const void *) ivString, (size_t) iv_len);
	} else {
    ivString = (const void *) Util_GetIV(interp, ivObj, &iv_len, max, FALSE);
    if (ivString != NULL) {
	memcpy((void *) iv, (const void *) ivString, (size_t) iv_len);
    } else if (ivObj != NULL) {
	    Tcl_SetObjResult(interp, Tcl_ObjPrintf("IV too long. Must be <= %d bytes", max));
	    return TCL_ERROR;
	}
    }
	return TCL_ERROR;
    }


    /* Create and initialize the context */
    /* Create context */
    if((*ctx = EVP_CIPHER_CTX_new()) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Initialize the operation. Need appropriate key and iv size. */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
    if (type == TYPE_ENCRYPT) {
	res = EVP_EncryptInit_ex(*ctx, cipher, NULL, key, iv);
    } else {
	res = EVP_DecryptInit_ex(*ctx, cipher, NULL, key, iv);
    }
#else
	OSSL_PARAM params[2];
	int index = 0;

	if (iv != NULL) {
	    params[index++] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, (void *) iv, (size_t) iv_len);
	}
	params[index] = OSSL_PARAM_construct_end();

    if (type == TYPE_ENCRYPT) {
	res = EVP_EncryptInit_ex2(ctx, cipher, key, iv, params);
    } else {
	res = EVP_DecryptInit_ex2(ctx, cipher, key, iv, params);
    }
#endif

    if(!res) {
	Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
	return TCL_ERROR;
    }

    /* Erase buffers */
    memset(key, 0, EVP_MAX_KEY_LENGTH);
    memset(iv, 0, EVP_MAX_IV_LENGTH);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptUpdate --
196
197
198
199
200
201
202










203
204
205
206
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216







+
+
+
+
+
+
+
+
+
+




int             Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent);
int             Tls_DigestCommands(Tcl_Interp *interp);
int             Tls_EncryptCommands(Tcl_Interp *interp);
int             Tls_InfoCommands(Tcl_Interp *interp);
int             Tls_KeyCommands(Tcl_Interp *interp);

BIO             *BIO_new_tcl(State* statePtr, int flags);

EVP_CIPHER	*Util_GetCipher(Tcl_Interp *interp, Tcl_Obj *cipherObj, int no_null);
EVP_MD		*Util_GetDigest(Tcl_Interp *interp, Tcl_Obj *digestObj, int no_null);
unsigned char	*Util_GetIV(Tcl_Interp *interp, Tcl_Obj *ivObj, int *len, int max, int no_null);
unsigned char	*Util_GetKey(Tcl_Interp *interp, Tcl_Obj *keyObj, int *len, char *name, int max, int no_null);
unsigned char	*Util_GetSalt(Tcl_Interp *interp, Tcl_Obj *saltObj, int *len, int max, int no_null);
int		Util_GetInt(Tcl_Interp *interp, Tcl_Obj *dataObj, int *value, char *name, int min, int max);
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC		*Util_GetMAC(Tcl_Interp *interp, Tcl_Obj *MacObj, int no_null);
#endif

#define PTR2INT(x) ((int) ((intptr_t) (x)))

#endif /* _TLSINT_H */
Deleted generic/tlsKey.c version [9456e8167e].
27
28
29
30
31
32
33
34


35
36
37
38
39
40
41
27
28
29
30
31
32
33

34
35
36
37
38
39
40
41
42







-
+
+







# defined by rules for object files.
PRJ_OBJS = $(TMP_DIR)\tls.obj \
	$(TMP_DIR)\tlsBIO.obj \
	$(TMP_DIR)\tlsDigest.obj \
	$(TMP_DIR)\tlsEncrypt.obj \
	$(TMP_DIR)\tlsInfo.obj \
	$(TMP_DIR)\tlsIO.obj \
	$(TMP_DIR)\tlsKey.obj \
	$(TMP_DIR)\tlsKDF.obj \
	$(TMP_DIR)\tlsUtil.obj \
	$(TMP_DIR)\tlsX509.obj

# Define any additional project include flags
# SSL_INSTALL_FOLDER = with the OpenSSL installation folder following.
PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include"

# Define any additional compiler flags that might be required for the project