Add generic wrappers for performing message digest operations.

A DigestContext structure now wraps state for all the SHA* algorithms. Replaced the old SHA*_file functions to use these new wrappers. Also moved the digest utility functions from tests/ to crypto/. BUG=670 TEST=Modified existing tests to use the new wrappers and they pass. Review URL: http://codereview.chromium.org/579007
2026-01-09 17:11:42 +00:00 · 2010-02-05 14:37:30 -08:00
parent e178fd9e34
commit 290e0788fb
8 changed files with 196 additions and 154 deletions
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -2,7 +2,7 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

-SRCS=rsa.c sha1.c sha2.c padding.c rsa_utility.c
+SRCS=rsa.c sha1.c sha2.c padding.c rsa_utility.c sha_utility.c
 OBJS=$(SRCS:.c=.o)

 all:	libcrypto.a
--- a/crypto/sha_utility.c
+++ b/crypto/sha_utility.c
@@ -0,0 +1,133 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Utility functions for message digest functions.
+ */
+
+#include "sha_utility.h"
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "sha.h"
+#include "utility.h"
+
+int digest_type_map[] = {
+  SHA1_DIGEST_ALGORITHM,  /* RSA 1024 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+  SHA1_DIGEST_ALGORITHM,  /* RSA 2048 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+  SHA1_DIGEST_ALGORITHM,  /* RSA 4096 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+  SHA1_DIGEST_ALGORITHM,  /* RSA 8192 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+};
+
+void DigestInit(DigestContext* ctx, int sig_algorithm) {
+  ctx->algorithm = digest_type_map[sig_algorithm];
+  switch(ctx->algorithm) {
+    case SHA1_DIGEST_ALGORITHM:
+      ctx->sha1_ctx = (SHA1_CTX*) Malloc(sizeof(SHA1_CTX));
+      SHA1_init(ctx->sha1_ctx);
+      break;
+    case SHA256_DIGEST_ALGORITHM:
+      ctx->sha256_ctx = (SHA256_CTX*) Malloc(sizeof(SHA256_CTX));
+      SHA256_init(ctx->sha256_ctx);
+      break;
+    case SHA512_DIGEST_ALGORITHM:
+      ctx->sha512_ctx = (SHA512_CTX*) Malloc(sizeof(SHA512_CTX));
+      SHA512_init(ctx->sha512_ctx);
+      break;
+  };
+}
+
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, int len) {
+  switch(ctx->algorithm) {
+    case SHA1_DIGEST_ALGORITHM:
+      SHA1_update(ctx->sha1_ctx, data, len);
+      break;
+    case SHA256_DIGEST_ALGORITHM:
+      SHA256_update(ctx->sha256_ctx, data, len);
+      break;
+    case SHA512_DIGEST_ALGORITHM:
+      SHA512_update(ctx->sha512_ctx, data, len);
+      break;
+  };
+}
+
+uint8_t* DigestFinal(DigestContext* ctx) {
+  uint8_t* digest = NULL;
+  switch(ctx->algorithm) {
+    case SHA1_DIGEST_ALGORITHM:
+      digest = (uint8_t*) Malloc(SHA1_DIGEST_SIZE);
+      Memcpy(digest, SHA1_final(ctx->sha1_ctx), SHA1_DIGEST_SIZE);
+      Free(ctx->sha1_ctx);
+      break;
+    case SHA256_DIGEST_ALGORITHM:
+      digest = (uint8_t*) Malloc(SHA256_DIGEST_SIZE);
+      Memcpy(digest, SHA256_final(ctx->sha256_ctx), SHA256_DIGEST_SIZE);
+      Free(ctx->sha256_ctx);
+      break;
+    case SHA512_DIGEST_ALGORITHM:
+      digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE);
+      Memcpy(digest, SHA512_final(ctx->sha512_ctx), SHA512_DIGEST_SIZE);
+      Free(ctx->sha512_ctx);
+      break;
+  };
+  return digest;
+}
+
+uint8_t* DigestFile(char* input_file, int sig_algorithm) {
+  int input_fd, len;
+  uint8_t data[SHA1_BLOCK_SIZE];
+  uint8_t* digest = NULL;
+  DigestContext ctx;
+
+  if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
+    fprintf(stderr, "Couldn't open input file.\n");
+    return NULL;
+  }
+  DigestInit(&ctx, sig_algorithm);
+  while ( (len = read(input_fd, data, SHA1_BLOCK_SIZE)) ==
+          SHA1_BLOCK_SIZE)
+    DigestUpdate(&ctx, data, len);
+  if (len != -1)
+    DigestUpdate(&ctx, data, len);
+  digest = DigestFinal(&ctx);
+  close(input_fd);
+  return digest;
+}
+
+uint8_t* DigestBuf(uint8_t* buf, int len, int sig_algorithm) {
+  uint8_t* digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE); /* Use the max. */
+  /* Define an array mapping [sig_algorithm] to function pointers to the
+   * SHA{1|256|512} functions.
+   */
+  typedef uint8_t* (*Hash_ptr) (const uint8_t*, int, uint8_t*);
+  Hash_ptr hash[] = {
+    SHA1,  /* RSA 1024 */
+    SHA256,
+    SHA512,
+    SHA1,  /* RSA 2048 */
+    SHA256,
+    SHA512,
+    SHA1,  /* RSA 4096 */
+    SHA256,
+    SHA512,
+    SHA1,  /* RSA 8192 */
+    SHA256,
+    SHA512,
+  };
+  /* Call the appropriate hash function. */
+  return hash[sig_algorithm](buf, len, digest);
+}
--- a/include/sha_utility.h
+++ b/include/sha_utility.h
@@ -0,0 +1,53 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Utility functions for message digests.
+*/
+
+#ifndef VBOOT_REFERENCE_SHA_UTILITY_H_
+#define VBOOT_REFERENCE_SHA_UTILITY_H_
+
+#include <inttypes.h>
+
+#include "sha.h"
+
+#define SHA1_DIGEST_ALGORITHM 0
+#define SHA256_DIGEST_ALGORITHM 1
+#define SHA512_DIGEST_ALGORITHM 2
+
+/* A generic digest context structure which can be used to represent
+ * the SHA*_CTX for multiple digest algorithms.
+ */
+typedef struct DigestContext {
+  SHA1_CTX* sha1_ctx;
+  SHA256_CTX* sha256_ctx;
+  SHA512_CTX* sha512_ctx;
+  int algorithm;  /* Hashing algorithm to use. */
+} DigestContext;
+
+/* Wrappers for message digest algorithms. These are useful when the hashing
+ * operation is being done in parallel with something else. DigestContext tracks
+ * and stores the state of any digest algorithm (one at any given time).
+ */
+
+/* Initialize a digest context for use with signature algorithm [algorithm]. */
+void DigestInit(DigestContext* ctx, int sig_algorithm);
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, int len);
+
+/* Caller owns the returned digest and must free it. */
+uint8_t* DigestFinal(DigestContext* ctx);
+
+/* Returns the appropriate digest for the data in [input_file]
+ * based on the signature [algorithm].
+ * Caller owns the returned digest and must free it.
+ */
+uint8_t* DigestFile(char* input_file, int sig_algorithm);
+
+/* Returns the appropriate digest of [buf] of length
+ * [len] based on the signature [algorithm].
+ * Caller owns the returned digest and must free it.
+ */
+uint8_t* DigestBuf(uint8_t* buf, int len, int sig_algorithm);
+
+#endif  /* VBOOT_REFERENCE_SHA_UTILITY_H_ */
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -2,7 +2,7 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

-SRCS=sha_tests.c verify_data.c digest_utility.c signature_digest.c
+SRCS=sha_tests.c verify_data.c signature_digest.c
 OBJS=$(SRCS:.c=.o)
 LIBS=$(TOP)/crypto/libcrypto.a $(TOP)/common/libcommon.a

@@ -12,12 +12,9 @@ sha_tests:	sha_tests.c
 	$(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ $(LIBS)

 verify_data:	verify_data.c digest_utility.o
-	$(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ digest_utility.o $(LIBS)
+	$(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ $(LIBS)

-signature_digest:	signature_digest.c digest_utility.o
-	$(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ digest_utility.o $(LIBS)
-
-digest_utility.o:	digest_utility.c
-	$(CC) $(CFLAGS) $(INCLUDES) -c $< -o $@ 
+signature_digest:	signature_digest.c
+	$(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ $(LIBS)
 clean:
 	rm -f $(OBJS) sha_tests verify_data signature_digest
--- a/tests/digest_utility.c
+++ b/tests/digest_utility.c
@@ -1,105 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Utility functions for message digest functions.
- */
-
-#include "digest_utility.h"
-#include "sha.h"
-
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-uint8_t* SHA1_file(char* input_file) {
-  int input_fd, len;
-  uint8_t data[ SHA1_BLOCK_SIZE], *digest = NULL, *p = NULL;
-  SHA1_CTX ctx;
-  if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
-    fprintf(stderr, "Couldn't open input file.\n");
-    return NULL;
-  }
-  SHA1_init(&ctx);
-  while ( (len = read(input_fd, data, SHA1_BLOCK_SIZE)) ==
-          SHA1_BLOCK_SIZE)
-    SHA1_update(&ctx, data, len);
-  if (len != -1)
-    SHA1_update(&ctx, data, len);
-  p = SHA1_final(&ctx);
-  close(input_fd);
-  digest = (uint8_t*) malloc(SHA1_DIGEST_SIZE);
-  if (!digest)
-    return NULL;
-  memcpy(digest, p, SHA1_DIGEST_SIZE);
-  return digest;
-}
-
-uint8_t* SHA256_file(char* input_file) {
-  int input_fd, len;
-  uint8_t data[ SHA256_BLOCK_SIZE], *digest = NULL, *p = NULL;
-  SHA256_CTX ctx;
-  if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
-    fprintf(stderr, "Couldn't open input file.\n");
-    return NULL;
-  }
-  SHA256_init(&ctx);
-  while ( (len = read(input_fd, data, SHA256_BLOCK_SIZE)) ==
-          SHA256_BLOCK_SIZE)
-    SHA256_update(&ctx, data, len);
-  if (len != -1)
-    SHA256_update(&ctx, data, len);
-  p = SHA256_final(&ctx);
-  close(input_fd);
-  digest = (uint8_t*) malloc(SHA256_DIGEST_SIZE);
-  if (!digest)
-    return NULL;
-  memcpy(digest, p, SHA256_DIGEST_SIZE);
-  return digest;
-}
-
-uint8_t* SHA512_file(char* input_file) {
-  int input_fd, len;
-  uint8_t data[ SHA512_BLOCK_SIZE], *digest = NULL, *p = NULL;
-  SHA512_CTX ctx;
-  if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
-    fprintf(stderr, "Couldn't open input file.\n");
-    return NULL;
-  }
-  SHA512_init(&ctx);
-  while ( (len = read(input_fd, data, SHA512_BLOCK_SIZE)) ==
-          SHA512_BLOCK_SIZE)
-    SHA512_update(&ctx, data, len);
-  if (len != -1)
-    SHA512_update(&ctx, data, len);
-  p = SHA512_final(&ctx);
-  close(input_fd);
-  digest = (uint8_t*) malloc(SHA512_DIGEST_SIZE);
-  if (!digest)
-    return NULL;
-  memcpy(digest, p, SHA512_DIGEST_SIZE);
-  return digest;
-}
-
-uint8_t* calculate_digest(char *input_file, int algorithm) {
-  typedef uint8_t* (*Hash_file_ptr) (char*);
-  Hash_file_ptr hash_file[] = {
-    SHA1_file,  /* RSA 1024 */
-    SHA256_file,
-    SHA512_file,
-    SHA1_file,  /* RSA 2048 */
-    SHA256_file,
-    SHA512_file,
-    SHA1_file,  /* RSA 4096 */
-    SHA256_file,
-    SHA512_file,
-    SHA1_file,  /* RSA 8192 */
-    SHA256_file,
-    SHA512_file,
-  };
-  return hash_file[algorithm](input_file);
-}
--- a/tests/digest_utility.h
+++ b/tests/digest_utility.h
@@ -1,34 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* Utility functions for message digest functions. */
-
-#ifndef VBOOT_REFERENCE_DIGEST_UTILITY_H_
-#define VBOOT_REFERENCE_DIGEST_UTILITY_H_
-
-#include <inttypes.h>
-
-/* Returns the SHA-1 digest of data in [input_file].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* SHA1_file(char *input_file);
-
-/* Returns the SHA-256 digest of data in [input_file].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* SHA256_file(char *input_file);
-
-/* Returns the SHA-512 digest of data in [input_file].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* SHA512_file(char *input_file);
-
-/* Returns the appropriate digest for the data in [input_file]
- * based on the signature [algorithm].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* calculate_digest(char *input_file, int algorithm);
-
-#endif  /* VBOOT_REFERENCE_DIGEST_UTILITY_H_ */
--- a/tests/signature_digest.c
+++ b/tests/signature_digest.c
@@ -17,9 +17,9 @@
 #include <stdlib.h>
 #include <unistd.h>

-#include "digest_utility.h"
 #include "padding.h"
 #include "sha.h"
+#include "sha_utility.h"

 uint8_t* prepend_digestinfo(int algorithm, uint8_t* digest) {
  const int digest_size = hash_size_map[algorithm];
@@ -52,7 +52,7 @@ int main(int argc, char* argv[]) {
    goto failure;
  }

-  if (!(digest = calculate_digest(argv[2], algorithm)))
+  if (!(digest = DigestFile(argv[2], algorithm)))
    goto failure;

  info_digest = prepend_digestinfo(algorithm, digest);
--- a/tests/verify_data.c
+++ b/tests/verify_data.c
@@ -15,7 +15,7 @@
 #include <sys/types.h>
 #include <unistd.h>

-#include "digest_utility.h"
+#include "sha_utility.h"
 #include "padding.h"
 #include "rsa.h"
 #include "rsa_utility.h"
@@ -23,9 +23,7 @@

 RSAPublicKey* read_RSAkey(char* input_file, int len) {
  int key_fd;
-  int buf_len;
-  struct stat stat_fd;
-  uint8_t* buf = NULL;
+  RSAPublicKey* key = NULL;

  if ((key_fd = open(input_file, O_RDONLY)) == -1) {
    fprintf(stderr, "Couldn't open pre-processed key file\n");
@@ -105,7 +103,7 @@ int main(int argc, char* argv[]) {
    goto failure;
  if (!(signature = read_signature(argv[3], sig_len)))
    goto failure;
-  if (!(digest = calculate_digest(argv[4], algorithm)))
+  if (!(digest = DigestFile(argv[4], algorithm)))
    goto failure;
  if(RSA_verify(key, signature, sig_len, algorithm, digest))
    fprintf(stderr, "Signature Verification SUCCEEDED.\n");