|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // This is enumeration of EAPOL source code. |
|
20 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
21 #undef EAP_FILE_NUMBER_ENUM |
|
22 #define EAP_FILE_NUMBER_ENUM 578 |
|
23 #undef EAP_FILE_NUMBER_DATE |
|
24 #define EAP_FILE_NUMBER_DATE 1127594498 |
|
25 #endif //#if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
26 |
|
27 |
|
28 |
|
29 #include "eap_am_memory.h" |
|
30 #include "eap_am_crypto_sha_256.h" |
|
31 |
|
32 //-------------------------------------------------- |
|
33 |
|
34 #if 0 |
|
35 #define EAP_SHA_256_TRACE_DEBUG EAP_TRACE_DEBUG |
|
36 #define EAP_SHA_256_TRACE_DATA_DEBUG EAP_TRACE_DATA_DEBUG |
|
37 #else |
|
38 #define EAP_SHA_256_TRACE_DEBUG(tools, flags, params) |
|
39 #define EAP_SHA_256_TRACE_DATA_DEBUG(object_name, flags, _parameter_list_) |
|
40 #endif |
|
41 |
|
42 #if defined(USE_EAP_TRACE) |
|
43 static const u32_t EAP_TRACE_MASK_SHA_256 = TRACE_FLAGS_DEFAULT; |
|
44 #endif //#if defined(USE_EAP_TRACE) |
|
45 |
|
46 |
|
47 const unsigned long eap_am_crypto_sha_256_c::m_K[eap_am_crypto_sha_256_c::EAP_AM_CRYPTO_SHA_256_SCHEDULE_u32_COUNT] = |
|
48 { |
|
49 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, |
|
50 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, |
|
51 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, |
|
52 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, |
|
53 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
|
54 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, |
|
55 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, |
|
56 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 |
|
57 }; |
|
58 |
|
59 //-------------------------------------------------- |
|
60 |
|
61 EAP_FUNC_EXPORT eap_am_crypto_sha_256_c::~eap_am_crypto_sha_256_c() |
|
62 { |
|
63 hash_cleanup(); |
|
64 } |
|
65 |
|
66 //-------------------------------------------------- |
|
67 |
|
68 EAP_FUNC_EXPORT eap_am_crypto_sha_256_c::eap_am_crypto_sha_256_c( |
|
69 abs_eap_am_tools_c * const tools) |
|
70 : m_am_tools(tools) |
|
71 , m_saved_data(tools) |
|
72 , m_full_hashed_data_length(0ul) |
|
73 , m_is_valid(false) |
|
74 { |
|
75 m_H[0] = 0; |
|
76 m_T[0] = 0; |
|
77 m_M_in_host_order[0] = 0; |
|
78 |
|
79 if (m_saved_data.get_is_valid() == false) |
|
80 { |
|
81 #if defined(USE_EAP_TRACE) |
|
82 EAP_UNREFERENCED_PARAMETER(EAP_TRACE_MASK_SHA_256); |
|
83 #endif //#if defined(USE_EAP_TRACE) |
|
84 return; |
|
85 } |
|
86 |
|
87 eap_status_e status = hash_init(); |
|
88 if (status != eap_status_ok) |
|
89 { |
|
90 return; |
|
91 } |
|
92 |
|
93 set_is_valid(); |
|
94 } |
|
95 |
|
96 //------------------------------------------------------------ |
|
97 |
|
98 /** |
|
99 * The set_is_invalid() function sets the state of the eap_am_crypto_sha_256_c |
|
100 * object invalid. |
|
101 * The eap_am_crypto_sha_256_c object calls this function after it is initialized. |
|
102 */ |
|
103 EAP_FUNC_EXPORT void eap_am_crypto_sha_256_c::set_is_invalid() |
|
104 { |
|
105 m_is_valid = false; |
|
106 } |
|
107 |
|
108 //------------------------------------------------------------ |
|
109 |
|
110 /** |
|
111 * The set_is_valid() function sets the state of the eap_am_crypto_sha_256_c |
|
112 * object valid. |
|
113 * The eap_am_crypto_sha_256_c object calls this function after it is initialized. |
|
114 */ |
|
115 EAP_FUNC_EXPORT void eap_am_crypto_sha_256_c::set_is_valid() |
|
116 { |
|
117 m_is_valid = true; |
|
118 } |
|
119 |
|
120 //------------------------------------------------------------ |
|
121 |
|
122 /** |
|
123 * The get_is_valid() function returns the status of the eap_am_crypto_sha_256_c |
|
124 * object. |
|
125 * True indicates the object is allocated successfully. |
|
126 */ |
|
127 EAP_FUNC_EXPORT bool eap_am_crypto_sha_256_c::get_is_valid() |
|
128 { |
|
129 return m_is_valid; |
|
130 } |
|
131 |
|
132 //-------------------------------------------------- |
|
133 |
|
134 inline u32_t eap_am_crypto_sha_256_c::eap_sha_256_rotate( |
|
135 const u32_t value, |
|
136 const u32_t shift |
|
137 ) |
|
138 { |
|
139 return (value >> shift) | (value << (32ul - shift)); |
|
140 } |
|
141 |
|
142 //-------------------------------------------------- |
|
143 |
|
144 EAP_FUNC_EXPORT eap_status_e |
|
145 eap_am_crypto_sha_256_c::eap_sha_256_process_data_host_order( |
|
146 const u32_t * M, |
|
147 u32_t M_count |
|
148 ) |
|
149 { |
|
150 u32_t A; |
|
151 u32_t B; |
|
152 u32_t C; |
|
153 u32_t D; |
|
154 u32_t E; |
|
155 u32_t F; |
|
156 u32_t G; |
|
157 u32_t H; |
|
158 |
|
159 u32_t S0; |
|
160 u32_t S1; |
|
161 u32_t T1; |
|
162 u32_t T2; |
|
163 |
|
164 u32_t W[EAP_AM_CRYPTO_SHA_256_SCHEDULE_u32_COUNT]; |
|
165 |
|
166 if (M == 0 |
|
167 || M_count == 0 |
|
168 || (M_count % EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT) != 0) |
|
169 { |
|
170 EAP_ASSERT_ANYWAY; |
|
171 EAP_SYSTEM_DEBUG_BREAK(); |
|
172 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
173 } |
|
174 |
|
175 |
|
176 do |
|
177 { |
|
178 m_am_tools->memmove(W, M, sizeof(u32_t) * EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT); // Initialize 16 W words. |
|
179 |
|
180 { |
|
181 // Extend 16 W words to 64 W words. |
|
182 for (u32_t ind = EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT; ind != EAP_AM_CRYPTO_SHA_256_SCHEDULE_u32_COUNT; ind++) |
|
183 { |
|
184 S0 = eap_sha_256_rotate(W[ind-15], 7) ^ eap_sha_256_rotate(W[ind-15], 18) ^ (W[ind-15] >> 3); |
|
185 S1 = eap_sha_256_rotate(W[ind-2], 17) ^ eap_sha_256_rotate(W[ind-2], 19) ^ (W[ind-2] >> 10); |
|
186 W[ind] = W[ind-16] + S0 + W[ind-7] + S1; |
|
187 } |
|
188 } |
|
189 |
|
190 |
|
191 #if defined(_DEBUG) |
|
192 { |
|
193 for (u32_t ind = 0ul; ind != M_count; ind++) |
|
194 { |
|
195 EAP_SHA_256_TRACE_DEBUG(m_am_tools, EAP_TRACE_MASK_SHA_256, |
|
196 (EAPL("SHA_256: M[%d]=%08x, W[%d]=%08x\n"), |
|
197 ind, |
|
198 M[ind], |
|
199 ind, |
|
200 W[ind])); |
|
201 } // for() |
|
202 |
|
203 EAP_SHA_256_TRACE_DEBUG(m_am_tools, EAP_TRACE_MASK_SHA_256, |
|
204 (EAPL("SHA_256: H[0]=0x%08x, H[1]=0x%08x, H[2]=0x%08x, H[3]=0x%08x, H[4]=0x%08x, H[5]=0x%08x, H[6]=0x%08x, H[7]=0x%08x\n"), |
|
205 m_H[0], |
|
206 m_H[1], |
|
207 m_H[2], |
|
208 m_H[3], |
|
209 m_H[4], |
|
210 m_H[5], |
|
211 m_H[6], |
|
212 m_H[7])); |
|
213 EAP_SHA_256_TRACE_DEBUG(m_am_tools, EAP_TRACE_MASK_SHA_256, |
|
214 (EAPL("SHA_256:\t% 4s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\t% 8s\n"), |
|
215 "t", "A", "B", "C", "D", "E", "F", "G", "H", "T1", "T2", "S0", "S1")); |
|
216 } |
|
217 #endif //#if defined(_DEBUG) |
|
218 |
|
219 |
|
220 A = m_H[0]; |
|
221 B = m_H[1]; |
|
222 C = m_H[2]; |
|
223 D = m_H[3]; |
|
224 E = m_H[4]; |
|
225 F = m_H[5]; |
|
226 G = m_H[6]; |
|
227 H = m_H[7]; |
|
228 |
|
229 |
|
230 { |
|
231 for(u32_t ind = 0; ind != EAP_AM_CRYPTO_SHA_256_SCHEDULE_u32_COUNT; ind++) |
|
232 { |
|
233 S0 = eap_sha_256_rotate(A, 2) ^ eap_sha_256_rotate(A, 13) ^ eap_sha_256_rotate(A, 22); |
|
234 T2 = S0 + ((A & B) ^ (A & C) ^ (B & C)); |
|
235 S1 = eap_sha_256_rotate(E, 6) ^ eap_sha_256_rotate(E, 11) ^ eap_sha_256_rotate(E, 25); |
|
236 T1 = H + S1 + ((E & F) ^ ((~E) & G)) + m_K[ind] + W[ind]; |
|
237 |
|
238 H = G; |
|
239 G = F; |
|
240 F = E; |
|
241 E = D + T1; |
|
242 D = C; |
|
243 C = B; |
|
244 B = A; |
|
245 A = T1 + T2; |
|
246 |
|
247 EAP_SHA_256_TRACE_DEBUG( |
|
248 m_am_tools, |
|
249 EAP_TRACE_MASK_SHA_256, |
|
250 (EAPL("SHA_256:\tt=%d\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\t%08x\n"), |
|
251 ind, A, B, C, D, E, F, G, H, T1, T2, S0, S1)); |
|
252 } |
|
253 } |
|
254 |
|
255 m_H[0] = m_H[0] + A; |
|
256 m_H[1] = m_H[1] + B; |
|
257 m_H[2] = m_H[2] + C; |
|
258 m_H[3] = m_H[3] + D; |
|
259 m_H[4] = m_H[4] + E; |
|
260 m_H[5] = m_H[5] + F; |
|
261 m_H[6] = m_H[6] + G; |
|
262 m_H[7] = m_H[7] + H; |
|
263 |
|
264 M_count -= EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT; |
|
265 M += EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT; |
|
266 |
|
267 } while(M_count > 0ul); |
|
268 |
|
269 EAP_SHA_256_TRACE_DEBUG(m_am_tools, EAP_TRACE_MASK_SHA_256, |
|
270 (EAPL("SHA_256: digest=%08x %08x %08x %08x %08x %08x %08x %08x\n"), |
|
271 m_H[0], m_H[1], m_H[2], m_H[3], m_H[4], m_H[5], m_H[6], m_H[7])); |
|
272 |
|
273 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
274 } |
|
275 |
|
276 //-------------------------------------------------- |
|
277 |
|
278 EAP_FUNC_EXPORT eap_status_e |
|
279 eap_am_crypto_sha_256_c::eap_sha_256_process_data_network_order( |
|
280 const u32_t * M, |
|
281 u32_t M_count |
|
282 ) |
|
283 { |
|
284 if (M == 0 |
|
285 //|| (reinterpret_cast<u32_t>(M) % sizeof(u32_t)) != 0 |
|
286 || M_count == 0 |
|
287 || (M_count % EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT) != 0) |
|
288 { |
|
289 EAP_ASSERT_ANYWAY; |
|
290 EAP_SYSTEM_DEBUG_BREAK(); |
|
291 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
292 } |
|
293 |
|
294 eap_status_e status = eap_status_ok; |
|
295 |
|
296 // Array of 16 temporary 32-bit unsigned integers. |
|
297 u32_t count = M_count / EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT; |
|
298 |
|
299 for (u32_t ind = 0ul; ind != count; ind++) |
|
300 { |
|
301 for (u32_t ind_M = 0ul; ind_M != EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT |
|
302 ; ind_M++) |
|
303 { |
|
304 // Here we must read data in 8-bit blocks bacause M can be aligned at any position. |
|
305 const u8_t * const data |
|
306 = reinterpret_cast<const u8_t *>( |
|
307 &M[ind*EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT+ind_M]); |
|
308 |
|
309 m_M_in_host_order[ind_M] |
|
310 = (data[0] << 24) |
|
311 | (data[1] << 16) |
|
312 | (data[2] << 8) |
|
313 | (data[3] << 0); |
|
314 } // for() |
|
315 |
|
316 status = eap_sha_256_process_data_host_order( |
|
317 m_M_in_host_order, |
|
318 EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT); |
|
319 if (status != eap_status_ok) |
|
320 { |
|
321 return EAP_STATUS_RETURN(m_am_tools, status); |
|
322 } |
|
323 |
|
324 } // for() |
|
325 |
|
326 return EAP_STATUS_RETURN(m_am_tools, status); |
|
327 } |
|
328 |
|
329 //-------------------------------------------------- |
|
330 |
|
331 EAP_FUNC_EXPORT eap_status_e eap_am_crypto_sha_256_c::copy_message_digest( |
|
332 void * const output, |
|
333 u32_t * const max_output_size) |
|
334 { |
|
335 if (output == 0 |
|
336 || max_output_size == 0 |
|
337 || *max_output_size < EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_BYTE_SIZE) |
|
338 { |
|
339 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
340 } |
|
341 |
|
342 #if defined(EAP_LITTLE_ENDIAN) |
|
343 // We must change the data from host order to network order. |
|
344 u32_t * const tmp_H = static_cast<u32_t *>(output); |
|
345 for (u32_t ind = 0ul; ind != EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_u32_COUNT |
|
346 ; ind++) |
|
347 { |
|
348 tmp_H[ind] = eap_htonl(m_H[ind]); |
|
349 } // for() |
|
350 |
|
351 #elif defined(EAP_BIG_ENDIAN) |
|
352 |
|
353 m_am_tools->memmove( |
|
354 output, |
|
355 m_H, |
|
356 EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_BYTE_SIZE); |
|
357 |
|
358 #else |
|
359 #error ERROR: define EAP_LITTLE_ENDIAN (byte 0 is least significant (i386)) \ |
|
360 or EAP_BIG_ENDIAN (byte 0 is most significant (mc68k)). |
|
361 #endif |
|
362 |
|
363 *max_output_size = EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_BYTE_SIZE; |
|
364 |
|
365 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
366 } |
|
367 |
|
368 //-------------------------------------------------- |
|
369 |
|
370 /** |
|
371 * This function returns the size of message digest of HASH-algorithm. |
|
372 */ |
|
373 EAP_FUNC_EXPORT u32_t eap_am_crypto_sha_256_c::get_digest_length() |
|
374 { |
|
375 return EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_BYTE_SIZE; |
|
376 } |
|
377 |
|
378 //-------------------------------------------------- |
|
379 |
|
380 /** |
|
381 * This function returns the size of block of HASH-algorithm. |
|
382 */ |
|
383 EAP_FUNC_EXPORT u32_t eap_am_crypto_sha_256_c::get_block_size() |
|
384 { |
|
385 return EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE; |
|
386 } |
|
387 |
|
388 //-------------------------------------------------- |
|
389 |
|
390 /** |
|
391 * This function initializes the context of SHA_256-algorithm. |
|
392 */ |
|
393 EAP_FUNC_EXPORT eap_status_e eap_am_crypto_sha_256_c::hash_init() |
|
394 { |
|
395 m_full_hashed_data_length = 0ul; |
|
396 |
|
397 m_H[0] = static_cast<u32_t>(EAP_SHA_256_INIT_H0); |
|
398 m_H[1] = static_cast<u32_t>(EAP_SHA_256_INIT_H1); |
|
399 m_H[2] = static_cast<u32_t>(EAP_SHA_256_INIT_H2); |
|
400 m_H[3] = static_cast<u32_t>(EAP_SHA_256_INIT_H3); |
|
401 m_H[4] = static_cast<u32_t>(EAP_SHA_256_INIT_H4); |
|
402 m_H[5] = static_cast<u32_t>(EAP_SHA_256_INIT_H5); |
|
403 m_H[6] = static_cast<u32_t>(EAP_SHA_256_INIT_H6); |
|
404 m_H[7] = static_cast<u32_t>(EAP_SHA_256_INIT_H7); |
|
405 |
|
406 if (m_saved_data.get_is_valid() == false) |
|
407 { |
|
408 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
409 } |
|
410 |
|
411 eap_status_e status = m_saved_data.set_data_length(0ul); |
|
412 |
|
413 return EAP_STATUS_RETURN(m_am_tools, status); |
|
414 } |
|
415 |
|
416 //-------------------------------------------------- |
|
417 /** |
|
418 * This function updates the context of SHA_256-algorithm with data. |
|
419 */ |
|
420 EAP_FUNC_EXPORT eap_status_e eap_am_crypto_sha_256_c::hash_update( |
|
421 const void * const data, |
|
422 const u32_t data_length) |
|
423 { |
|
424 eap_status_e status = eap_status_ok; |
|
425 u32_t prosessed_data_length = 0ul; |
|
426 |
|
427 |
|
428 m_full_hashed_data_length += data_length; |
|
429 |
|
430 EAP_SHA_256_TRACE_DEBUG(m_am_tools, EAP_TRACE_MASK_SHA_256, |
|
431 (EAPL("SHA_256: Processed data length %u\n"), |
|
432 m_full_hashed_data_length)); |
|
433 |
|
434 if (m_saved_data.get_is_valid_data() == true |
|
435 && m_saved_data.get_data_length() > 0ul) |
|
436 { |
|
437 EAP_SHA_256_TRACE_DATA_DEBUG( |
|
438 m_am_tools, |
|
439 EAP_TRACE_MASK_SHA_256, |
|
440 (EAPL("SHA_256 saved data"), |
|
441 m_saved_data.get_data(m_saved_data.get_data_length()), |
|
442 m_saved_data.get_data_length())); |
|
443 |
|
444 // Here we have remaining data to process from previous call |
|
445 // of hash_update(). |
|
446 u32_t needed_data_length = EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE |
|
447 - m_saved_data.get_data_length(); |
|
448 if (needed_data_length > data_length) |
|
449 { |
|
450 // Not enough input data. |
|
451 needed_data_length = data_length; |
|
452 } |
|
453 |
|
454 prosessed_data_length = needed_data_length; |
|
455 status = m_saved_data.add_data(data, needed_data_length); |
|
456 if (status != eap_status_ok) |
|
457 { |
|
458 return EAP_STATUS_RETURN(m_am_tools, status); |
|
459 } |
|
460 |
|
461 if (m_saved_data.get_data_length() |
|
462 == EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE) |
|
463 { |
|
464 // Enough data to process. |
|
465 // Just one block of integers in W array. |
|
466 |
|
467 status = eap_sha_256_process_data_network_order( |
|
468 reinterpret_cast<const u32_t *>( |
|
469 m_saved_data.get_data( |
|
470 m_saved_data.get_data_length())), |
|
471 EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT |
|
472 ); |
|
473 |
|
474 if (status != eap_status_ok) |
|
475 { |
|
476 return EAP_STATUS_RETURN(m_am_tools, status); |
|
477 } |
|
478 |
|
479 // This is optimization of buffer allocations. |
|
480 status = m_saved_data.set_data_length(0ul); |
|
481 if (status != eap_status_ok) |
|
482 { |
|
483 return EAP_STATUS_RETURN(m_am_tools, status); |
|
484 } |
|
485 } |
|
486 |
|
487 EAP_ASSERT(m_saved_data.get_is_valid_data() == false |
|
488 || m_saved_data.get_data_length() |
|
489 <= EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE); |
|
490 |
|
491 } |
|
492 |
|
493 u32_t remaining_data_length = data_length - prosessed_data_length; |
|
494 u32_t full_block_count = remaining_data_length |
|
495 / EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE; |
|
496 |
|
497 if (full_block_count > 0ul) |
|
498 { |
|
499 // Here we have full blocks to process. |
|
500 status = eap_sha_256_process_data_network_order( |
|
501 reinterpret_cast<const u32_t *>( |
|
502 static_cast<const u8_t *>(data)+prosessed_data_length), |
|
503 full_block_count * EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT |
|
504 ); |
|
505 |
|
506 if (status != eap_status_ok) |
|
507 { |
|
508 return EAP_STATUS_RETURN(m_am_tools, status); |
|
509 } |
|
510 |
|
511 prosessed_data_length += sizeof(u32_t) * full_block_count |
|
512 * EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT; |
|
513 } |
|
514 if (data_length > prosessed_data_length) |
|
515 { |
|
516 // Save the remaining data. |
|
517 status = m_saved_data.add_data( |
|
518 static_cast<const u8_t *>(data)+prosessed_data_length, |
|
519 data_length-prosessed_data_length); |
|
520 if (status != eap_status_ok) |
|
521 { |
|
522 return EAP_STATUS_RETURN(m_am_tools, status); |
|
523 } |
|
524 } |
|
525 |
|
526 return EAP_STATUS_RETURN(m_am_tools, status); |
|
527 } |
|
528 |
|
529 //-------------------------------------------------- |
|
530 |
|
531 /** |
|
532 * This function writes the message digest to buffer. |
|
533 * @param Length is set if md_length_or_null is non-NULL. |
|
534 */ |
|
535 EAP_FUNC_EXPORT eap_status_e eap_am_crypto_sha_256_c::hash_final( |
|
536 void * const message_digest, |
|
537 u32_t *md_length_or_null) |
|
538 { |
|
539 eap_status_e status = eap_status_ok; |
|
540 |
|
541 if (message_digest == 0) |
|
542 { |
|
543 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
|
544 } |
|
545 |
|
546 if (m_saved_data.get_is_valid_data() == true) |
|
547 { |
|
548 EAP_SHA_256_TRACE_DATA_DEBUG( |
|
549 m_am_tools, |
|
550 EAP_TRACE_MASK_SHA_256, |
|
551 (EAPL("SHA_256 saved data"), |
|
552 m_saved_data.get_data(m_saved_data.get_data_length()), |
|
553 m_saved_data.get_data_length())); |
|
554 } |
|
555 |
|
556 // First add the one bit. We use one byte 0x80. |
|
557 u8_t bit_pad = 0x80; |
|
558 status = m_saved_data.add_data(&bit_pad, sizeof(bit_pad)); |
|
559 if (status != eap_status_ok) |
|
560 { |
|
561 return EAP_STATUS_RETURN(m_am_tools, status); |
|
562 } |
|
563 |
|
564 // Here we may have remaining data to process from previous call |
|
565 // of hash_update(). |
|
566 u32_t min_data_length = m_saved_data.get_data_length() + sizeof(u64_t); |
|
567 u32_t padding_zero_count = 0ul; |
|
568 u32_t block_count = min_data_length / EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE; |
|
569 if ((min_data_length % EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE) != 0) |
|
570 { |
|
571 // Last block is not full. |
|
572 ++block_count; |
|
573 } |
|
574 padding_zero_count = (block_count*EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE) |
|
575 - min_data_length; |
|
576 |
|
577 // Now we need to pad the remaining data. |
|
578 u32_t data_length = m_saved_data.get_data_length(); |
|
579 status = m_saved_data.set_buffer_length(data_length+padding_zero_count); |
|
580 if (status != eap_status_ok) |
|
581 { |
|
582 return EAP_STATUS_RETURN(m_am_tools, status); |
|
583 } |
|
584 m_saved_data.set_data_length(data_length+padding_zero_count); |
|
585 |
|
586 u8_t * const padding = m_saved_data.get_data_offset(data_length, padding_zero_count); |
|
587 if (padding == 0) |
|
588 { |
|
589 return EAP_STATUS_RETURN(m_am_tools, eap_status_buffer_too_short); |
|
590 } |
|
591 |
|
592 m_am_tools->memset( |
|
593 padding, |
|
594 0, |
|
595 padding_zero_count); |
|
596 |
|
597 // And finally the length of the hashed data is added to block. |
|
598 // Note the length is in bits. |
|
599 u64_t full_hashed_data_length_in_network_order |
|
600 = eap_htonll(eap_shift_left_64_bit(m_full_hashed_data_length, 3ul)); |
|
601 status = m_saved_data.add_data( |
|
602 &full_hashed_data_length_in_network_order, |
|
603 sizeof(full_hashed_data_length_in_network_order)); |
|
604 if (status != eap_status_ok) |
|
605 { |
|
606 return EAP_STATUS_RETURN(m_am_tools, status); |
|
607 } |
|
608 |
|
609 EAP_ASSERT(m_saved_data.get_data_length() |
|
610 >= EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE |
|
611 && (m_saved_data.get_data_length() |
|
612 % EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE) == 0); |
|
613 |
|
614 u32_t full_block_count = m_saved_data.get_data_length() |
|
615 / EAP_AM_CRYPTO_SHA_256_BLOCK_BYTE_SIZE; |
|
616 |
|
617 status = eap_sha_256_process_data_network_order( |
|
618 reinterpret_cast<const u32_t *>( |
|
619 m_saved_data.get_data( |
|
620 m_saved_data.get_data_length())), |
|
621 full_block_count * EAP_AM_CRYPTO_SHA_256_BLOCK_u32_COUNT |
|
622 ); |
|
623 if (status != eap_status_ok) |
|
624 { |
|
625 return EAP_STATUS_RETURN(m_am_tools, status); |
|
626 } |
|
627 |
|
628 // This is optimization of buffer allocations. |
|
629 status = m_saved_data.set_data_length(0ul); |
|
630 if (status != eap_status_ok) |
|
631 { |
|
632 return EAP_STATUS_RETURN(m_am_tools, status); |
|
633 } |
|
634 |
|
635 |
|
636 u32_t output_length = 0ul; |
|
637 if (md_length_or_null == 0) |
|
638 { |
|
639 // Let's use temporary length variable. |
|
640 output_length = EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_BYTE_SIZE; |
|
641 md_length_or_null = &output_length; |
|
642 } |
|
643 |
|
644 status = copy_message_digest( |
|
645 message_digest, |
|
646 md_length_or_null); |
|
647 if (status != eap_status_ok) |
|
648 { |
|
649 return EAP_STATUS_RETURN(m_am_tools, status); |
|
650 } |
|
651 |
|
652 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
653 } |
|
654 |
|
655 //-------------------------------------------------- |
|
656 |
|
657 /** |
|
658 * This function cleans up the SHA_256 context. |
|
659 */ |
|
660 EAP_FUNC_EXPORT eap_status_e eap_am_crypto_sha_256_c::hash_cleanup() |
|
661 { |
|
662 m_saved_data.reset(); |
|
663 |
|
664 m_full_hashed_data_length = 0ul; |
|
665 |
|
666 m_am_tools->memset(m_H, 0, EAP_AM_CRYPTO_SHA_256_DIGEST_BUFFER_BYTE_SIZE); |
|
667 |
|
668 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
669 } |
|
670 |
|
671 //-------------------------------------------------- |
|
672 |
|
673 /** |
|
674 * This function copies the context of SHA_256. |
|
675 */ |
|
676 EAP_FUNC_EXPORT eap_status_e eap_am_crypto_sha_256_c::copy_context( |
|
677 const eap_variable_data_c * const saved_data, |
|
678 const u64_t full_hashed_data_length, |
|
679 const u32_t * const H, |
|
680 const u32_t * const T, |
|
681 const u32_t * const W_in_host_order) |
|
682 { |
|
683 if (saved_data->get_is_valid_data() == true) |
|
684 { |
|
685 eap_status_e status = m_saved_data.set_copy_of_buffer(saved_data); |
|
686 if (status != eap_status_ok) |
|
687 { |
|
688 return EAP_STATUS_RETURN(m_am_tools, status); |
|
689 } |
|
690 } |
|
691 else |
|
692 { |
|
693 // No saved data. Just reset. |
|
694 m_saved_data.reset(); |
|
695 } |
|
696 |
|
697 m_full_hashed_data_length = full_hashed_data_length; |
|
698 |
|
699 m_am_tools->memmove(m_H, H, sizeof(m_H)); |
|
700 |
|
701 m_am_tools->memmove(m_T, T, sizeof(m_T)); |
|
702 |
|
703 m_am_tools->memmove(m_M_in_host_order, W_in_host_order, sizeof(m_M_in_host_order)); |
|
704 |
|
705 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
706 } |
|
707 |
|
708 //-------------------------------------------------- |
|
709 |
|
710 /** |
|
711 * This function copies the context of SHA_256. |
|
712 */ |
|
713 EAP_FUNC_EXPORT eap_am_crypto_sha_256_c * eap_am_crypto_sha_256_c::copy() |
|
714 { |
|
715 eap_am_crypto_sha_256_c * const sha_256 = new eap_am_crypto_sha_256_c(m_am_tools); |
|
716 if (sha_256 == 0 |
|
717 || sha_256->get_is_valid() == false) |
|
718 { |
|
719 delete sha_256; |
|
720 return 0; |
|
721 } |
|
722 |
|
723 eap_status_e status = sha_256->copy_context( |
|
724 &m_saved_data, |
|
725 m_full_hashed_data_length, |
|
726 m_H, |
|
727 m_T, |
|
728 m_M_in_host_order); |
|
729 if (status != eap_status_ok) |
|
730 { |
|
731 delete sha_256; |
|
732 return 0; |
|
733 } |
|
734 |
|
735 return sha_256; |
|
736 } |
|
737 |
|
738 //-------------------------------------------------- |
|
739 |
|
740 |
|
741 |
|
742 // End. |