Skip to content

Support digest state export for MD5, SHA1, and SHA2 digests #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mamckee merged 10 commits into from
May 21, 2025
Merged

Support digest state export for MD5, SHA1, and SHA2 digests #117

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
37b35dc
Add exportable digests
mamckee May 13, 2025
c53f1b3
Put common functions in macro expansion
mamckee May 14, 2025
d7f8ed8
Update SslPlay to test and validate exported hash states
mamckee May 14, 2025
b8b328d
Update version and fix typo in readme
mamckee May 14, 2025
520bd0b
Turn off optimization for debug builds
mamckee May 14, 2025
98cd232
Cleanup and add SHA3
mamckee May 15, 2025
7761f5f
Use fixed length array for state export
mamckee May 15, 2025
130ec5d
Fix pipeline errors
mamckee May 16, 2025
987bce1
Revert "Turn off optimization for debug builds"
mamckee May 20, 2025
6171334
Fix SslPlay argument parsing
mamckee May 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Cleanup and add SHA3
  • Loading branch information
@mamckee
mamckee committed May 15, 2025
commit 98cd232abf567308b7b51d7a23968f1fc98a8e85
25 changes: 14 additions & 11 deletions SslPlay/SslPlay.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1178,6 +1178,7 @@ bool TestDigest(const char* digestname, const char *expected)
bool TestDigestImportExport(const char *digestname, const char *expected, size_t export_state_size)
{
bool result = false;
EVP_MD *md = NULL;
EVP_MD_CTX *mdctx;
char mess1[] = "Test Message1234567";
char mess2[] = "Hello World";
Expand All @@ -1197,7 +1198,7 @@ bool TestDigestImportExport(const char *digestname, const char *expected, size_t

printf("\nTestDigestImportExport: %s\n\n", digestname);

EVP_MD *md = EVP_MD_fetch(nullptr, digestname, "provider=symcryptprovider");
md = EVP_MD_fetch(nullptr, digestname, "provider=symcryptprovider");
if (md == NULL)
{
printf("No Digest found for %s\n", digestname);
Expand Down Expand Up @@ -1285,6 +1286,8 @@ bool TestDigestImportExport(const char *digestname, const char *expected, size_t
goto end;
}

result = true;

end:
EVP_MD_free(md);

Expand Down Expand Up @@ -1332,13 +1335,13 @@ void TestDigests(bool useEngine)
{"SHA512-256", "036dbd97db1e37aabe6ded8ef9ead203e9adb02ad5596ac5af072dd7374993a0",
SYMCRYPT_SHA512_256_STATE_EXPORT_SIZE},
{"SHA3-224", "489a032b8923a05eca5b40f2ed9838f218c65bd082acc48fa2067213",
0},
SYMCRYPT_SHA3_224_STATE_EXPORT_SIZE},
{"SHA3-256", "375e793a6d4e4947658e78cb697789434b8279feb2ec9595d03e44473ac478f6",
0},
SYMCRYPT_SHA3_256_STATE_EXPORT_SIZE},
{"SHA3-384", "1d47002a9e96d5b6bdd70d476fd2038e50ac3eb0d4202b4eb988f02185fbb9c85cb7ed62804ddaff894e84d62e5832f2",
0},
SYMCRYPT_SHA3_384_STATE_EXPORT_SIZE},
{"SHA3-512", "bf63544ae59243a5419a3ff5f598352eb1409d41dc746c9e9d5f258cddaff4e7f7b9d9ae13e90eb07f27e4e157b3fcf796f6554732a2e78a621f7313aba827f3",
0},
SYMCRYPT_SHA3_512_STATE_EXPORT_SIZE},
#endif
};

Expand Down Expand Up @@ -1556,15 +1559,15 @@ void TestAesXts()
{
unsigned char plaintext[8192];
int plaintext_len = 64;
unsigned char iv[8];
unsigned char iv[16];
unsigned char key[64];

while(!RAND_bytes(key, 64));
while(!RAND_bytes(iv, 8));
while(!RAND_bytes(iv, 16));
while(!RAND_bytes(plaintext, plaintext_len));

TestAesCipher("EVP_aes_128_xts", EVP_aes_128_xts(), key, 32, iv, 8, plaintext, plaintext_len);
TestAesCipher("EVP_aes_256_xts", EVP_aes_256_xts(), key, 64, iv, 8, plaintext, plaintext_len);
TestAesCipher("EVP_aes_128_xts", EVP_aes_128_xts(), key, 32, iv, 16, plaintext, plaintext_len);
TestAesCipher("EVP_aes_256_xts", EVP_aes_256_xts(), key, 64, iv, 16, plaintext, plaintext_len);

printf("%s", SeparatorLine);
return;
Expand Down Expand Up @@ -2363,7 +2366,7 @@ void TestSshKdf(void)
goto end;
}

//f
//
// Test both EVP_KDF_ctrl and EVP_KDF_ctrl_str functions.
// bCtrlStrMode = 0 uses EVP_KDF_ctrl functions and
// bCtrlStrMode = 1 uses EVP_KDF_ctrl_str functions
Expand Down Expand Up @@ -2535,7 +2538,7 @@ int main(int argc, char** argv)
printf(" --err-level <err level> Specify the SCOSSL error logging level\n");
#if OPENSSL_VERSION_MAJOR == 3
printf(" --provider-path <provider path> Specify a directory to locate the symcrypt provider\n");
printf(" --no-engine Disable the SCOSSL engine for testing\n");
printf(" --no-engine Disable the SymCrypt engine for testing\n");
#endif
return 0;
}
Expand Down
95 changes: 39 additions & 56 deletions SymCryptProvider/src/digests/p_scossl_digest_generic.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ const OSSL_PARAM p_scossl_digest_export_settable_param_types[] = {
OSSL_PARAM_END};

const OSSL_PARAM p_scossl_digest_export_gettable_ctx_param_types[] = {
OSSL_PARAM_int(SCOSSL_DIGEST_PARAM_STATE, NULL),
OSSL_PARAM_octet_string(SCOSSL_DIGEST_PARAM_STATE, NULL, 0),
OSSL_PARAM_END};

static const OSSL_PARAM *p_scossl_digest_export_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
Expand Down Expand Up @@ -99,12 +99,6 @@ static SCOSSL_STATUS p_scossl_digest_set_state_internal(_In_ SCOSSL_DIGEST_CTX *
return SCOSSL_SUCCESS;
}

static SCOSSL_STATUS p_scossl_digest_generic_init(_Inout_ SCOSSL_DIGEST_CTX *ctx, ossl_unused const OSSL_PARAM params[])
{
SymCryptHashInit(ctx->pHash, ctx->pState);
return SCOSSL_SUCCESS;
}

static SCOSSL_STATUS p_scossl_digest_generic_final(_In_ SCOSSL_DIGEST_CTX *ctx,
_Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen)
{
Expand All @@ -122,66 +116,55 @@ static SCOSSL_STATUS p_scossl_digest_generic_final(_In_ SCOSSL_DIGEST_CTX *ctx,
return SCOSSL_SUCCESS;
}

#define IMPLEMENT_SCOSSL_DIGEST_EXPORT_FUNCTIONS(state_name, export_func, import_func, state_size) \
static SCOSSL_STATUS p_scossl_digest_get_##state_name(_In_ SCOSSL_DIGEST_CTX *ctx, \
_Inout_ OSSL_PARAM params[]) \
{ \
return p_scossl_digest_get_state_internal(ctx, params, \
(PSYMCRYPT_DIGEST_STATE_EXPORT) export_func, state_size); \
} \
\
static SCOSSL_STATUS p_scossl_digest_set_##state_name(_Inout_ SCOSSL_DIGEST_CTX *ctx, \
_In_ const OSSL_PARAM params[]) \
{ \
return p_scossl_digest_set_state_internal(ctx, params, \
(PSYMCRYPT_DIGEST_STATE_IMPORT) import_func); \
} \
\
static SCOSSL_STATUS p_scossl_digest_##state_name##_init(_Inout_ SCOSSL_DIGEST_CTX *ctx, \
_In_ const OSSL_PARAM params[]) \
{ \
SymCryptHashInit(ctx->pHash, ctx->pState); \
return p_scossl_digest_set_##state_name(ctx, params); \
}

IMPLEMENT_SCOSSL_DIGEST_EXPORT_FUNCTIONS(md5_state, SymCryptMd5StateExport, SymCryptMd5StateImport, SYMCRYPT_MD5_STATE_EXPORT_SIZE)
IMPLEMENT_SCOSSL_DIGEST_EXPORT_FUNCTIONS(sha1_state, SymCryptSha1StateExport, SymCryptSha1StateImport, SYMCRYPT_SHA1_STATE_EXPORT_SIZE)
IMPLEMENT_SCOSSL_DIGEST_EXPORT_FUNCTIONS(sha256_state, SymCryptSha256StateExport, SymCryptSha256StateImport, SYMCRYPT_SHA256_STATE_EXPORT_SIZE)
IMPLEMENT_SCOSSL_DIGEST_EXPORT_FUNCTIONS(sha512_state, SymCryptSha512StateExport, SymCryptSha512StateImport, SYMCRYPT_SHA512_STATE_EXPORT_SIZE)

#define IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(alg, dispatch_name, state_name, flags) \
#define IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(alg, dispatch_name, uc_name, flags) \
static SCOSSL_STATUS p_scossl_digest_set_##dispatch_name##_state(_Inout_ SCOSSL_DIGEST_CTX *ctx, \
_In_ const OSSL_PARAM params[]) \
{ \
return p_scossl_digest_set_state_internal(ctx, params, \
(PSYMCRYPT_DIGEST_STATE_IMPORT) SymCrypt##alg##StateImport); \
} \
\
static SCOSSL_STATUS p_scossl_digest_get_##dispatch_name##_state(_In_ SCOSSL_DIGEST_CTX *ctx, \
_Inout_ OSSL_PARAM params[]) \
{ \
return p_scossl_digest_get_state_internal(ctx, params, \
(PSYMCRYPT_DIGEST_STATE_EXPORT) SymCrypt##alg##StateExport, \
SYMCRYPT_##uc_name##_STATE_EXPORT_SIZE); \
} \
\
static SCOSSL_STATUS p_scossl_digest_##dispatch_name##_init(_Inout_ SCOSSL_DIGEST_CTX *ctx, \
_In_ const OSSL_PARAM params[]) \
{ \
SymCryptHashInit(ctx->pHash, ctx->pState); \
return p_scossl_digest_set_##dispatch_name##_state(ctx, params); \
} \
\
SCOSSL_DIGEST_FUNCTIONS_COMMON(alg, dispatch_name, flags) \
{OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))p_scossl_digest_set_##state_name}, \
{OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))p_scossl_digest_set_##dispatch_name##_state}, \
{OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_digest_export_settable_ctx_params}, \
{OSSL_FUNC_DIGEST_GET_CTX_PARAMS, (void (*)(void))p_scossl_digest_get_##state_name}, \
{OSSL_FUNC_DIGEST_GET_CTX_PARAMS, (void (*)(void))p_scossl_digest_get_##dispatch_name##_state}, \
{OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_digest_export_gettable_ctx_params}, \
{OSSL_FUNC_DIGEST_INIT, (void (*)(void))p_scossl_digest_##state_name##_init}, \
{OSSL_FUNC_DIGEST_INIT, (void (*)(void))p_scossl_digest_##dispatch_name##_init}, \
{OSSL_FUNC_DIGEST_FINAL, (void (*)(void))p_scossl_digest_generic_final}, \
SCOSSL_DIGEST_FUNCTIONS_END

#define IMPLEMENT_SCOSSL_DIGEST_GENERIC(alg, dispatch_name, flags) \
SCOSSL_DIGEST_FUNCTIONS_COMMON(alg, dispatch_name, flags) \
{OSSL_FUNC_DIGEST_INIT, (void (*)(void))p_scossl_digest_generic_init}, \
{OSSL_FUNC_DIGEST_FINAL, (void (*)(void))p_scossl_digest_generic_final}, \
SCOSSL_DIGEST_FUNCTIONS_END

// MD5 and SHA1, supported for compatability
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Md5, md5, md5_state, 0)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha1, sha1, sha1_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Md5, md5, MD5, 0)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha1, sha1, SHA1, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)

// SHA2
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha224, sha224, sha256_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha256, sha256, sha256_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha384, sha384, sha512_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha512, sha512, sha512_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha512_224, sha512_224, sha512_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha512_256, sha512_256, sha512_state, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha224, sha224, SHA224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha256, sha256, SHA256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha384, sha384, SHA384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha512, sha512, SHA512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha512_224, sha512_224, SHA512_224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha512_256, sha512_256, SHA512_256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)

//SHA3
IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_224, sha3_224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_256, sha3_256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_384, sha3_384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_512, sha3_512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha3_224, sha3_224, SHA3_224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha3_256, sha3_256, SHA3_256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha3_384, sha3_384, SHA3_384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)
IMPLEMENT_SCOSSL_DIGEST_EXPORTABLE(Sha3_512, sha3_512, SHA3_512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT)

#ifdef __cplusplus
}
Expand Down