kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
4666 Incheckningar
12 Grenar
38 MiB
 
 
 
 
 
 
Träd: 23c25d5b3a
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '23c25d5b3a'
${ noResults }
boringssl/crypto/fipsmodule/hmac/hmac.c

229 rader
7.6 KiB
Blame Historik 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/hmac.h>

  58. 

  59. #include <assert.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/digest.h>

  63. #include <openssl/mem.h>

  64. 

  65. #include "../../internal.h"

  66. 

  67. 

  68. uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,

  69.               const uint8_t *data, size_t data_len, uint8_t *out,

  70.               unsigned int *out_len) {

  71.   HMAC_CTX ctx;

  72.   HMAC_CTX_init(&ctx);

  73.   if (!HMAC_Init_ex(&ctx, key, key_len, evp_md, NULL) ||

  74.       !HMAC_Update(&ctx, data, data_len) ||

  75.       !HMAC_Final(&ctx, out, out_len)) {

  76.     out = NULL;

  77.   }

  78. 

  79.   HMAC_CTX_cleanup(&ctx);

  80.   return out;

  81. }

  82. 

  83. void HMAC_CTX_init(HMAC_CTX *ctx) {

  84.   ctx->md = NULL;

  85.   EVP_MD_CTX_init(&ctx->i_ctx);

  86.   EVP_MD_CTX_init(&ctx->o_ctx);

  87.   EVP_MD_CTX_init(&ctx->md_ctx);

  88. }

  89. 

  90. HMAC_CTX *HMAC_CTX_new(void) {

  91.   HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));

  92.   if (ctx != NULL) {

  93.     HMAC_CTX_init(ctx);

  94.   }

  95.   return ctx;

  96. }

  97. 

  98. void HMAC_CTX_cleanup(HMAC_CTX *ctx) {

  99.   EVP_MD_CTX_cleanup(&ctx->i_ctx);

  100.   EVP_MD_CTX_cleanup(&ctx->o_ctx);

  101.   EVP_MD_CTX_cleanup(&ctx->md_ctx);

  102.   OPENSSL_cleanse(ctx, sizeof(HMAC_CTX));

  103. }

  104. 

  105. void HMAC_CTX_free(HMAC_CTX *ctx) {

  106.   if (ctx == NULL) {

  107.     return;

  108.   }

  109. 

  110.   HMAC_CTX_cleanup(ctx);

  111.   OPENSSL_free(ctx);

  112. }

  113. 

  114. int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,

  115.                  const EVP_MD *md, ENGINE *impl) {

  116.   if (md == NULL) {

  117.     md = ctx->md;

  118.   }

  119. 

  120.   // If either |key| is non-NULL or |md| has changed, initialize with a new key

  121.   // rather than rewinding the previous one.

  122.   //

  123.   // TODO(davidben,eroman): Passing the previous |md| with a NULL |key| is

  124.   // ambiguous between using the empty key and reusing the previous key. There

  125.   // exist callers which intend the latter, but the former is an awkward edge

  126.   // case. Fix to API to avoid this.

  127.   if (md != ctx->md || key != NULL) {

  128.     uint8_t pad[EVP_MAX_MD_BLOCK_SIZE];

  129.     uint8_t key_block[EVP_MAX_MD_BLOCK_SIZE];

  130.     unsigned key_block_len;

  131. 

  132.     size_t block_size = EVP_MD_block_size(md);

  133.     assert(block_size <= sizeof(key_block));

  134.     if (block_size < key_len) {

  135.       // Long keys are hashed.

  136.       if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl) ||

  137.           !EVP_DigestUpdate(&ctx->md_ctx, key, key_len) ||

  138.           !EVP_DigestFinal_ex(&ctx->md_ctx, key_block, &key_block_len)) {

  139.         return 0;

  140.       }

  141.     } else {

  142.       assert(key_len <= sizeof(key_block));

  143.       OPENSSL_memcpy(key_block, key, key_len);

  144.       key_block_len = (unsigned)key_len;

  145.     }

  146.     // Keys are then padded with zeros.

  147.     if (key_block_len != EVP_MAX_MD_BLOCK_SIZE) {

  148.       OPENSSL_memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len);

  149.     }

  150. 

  151.     for (size_t i = 0; i < EVP_MAX_MD_BLOCK_SIZE; i++) {

  152.       pad[i] = 0x36 ^ key_block[i];

  153.     }

  154.     if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl) ||

  155.         !EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) {

  156.       return 0;

  157.     }

  158. 

  159.     for (size_t i = 0; i < EVP_MAX_MD_BLOCK_SIZE; i++) {

  160.       pad[i] = 0x5c ^ key_block[i];

  161.     }

  162.     if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl) ||

  163.         !EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) {

  164.       return 0;

  165.     }

  166. 

  167.     ctx->md = md;

  168.   }

  169. 

  170.   if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) {

  171.     return 0;

  172.   }

  173. 

  174.   return 1;

  175. }

  176. 

  177. int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data, size_t data_len) {

  178.   return EVP_DigestUpdate(&ctx->md_ctx, data, data_len);

  179. }

  180. 

  181. int HMAC_Final(HMAC_CTX *ctx, uint8_t *out, unsigned int *out_len) {

  182.   unsigned int i;

  183.   uint8_t buf[EVP_MAX_MD_SIZE];

  184. 

  185.   // TODO(davidben): The only thing that can officially fail here is

  186.   // |EVP_MD_CTX_copy_ex|, but even that should be impossible in this case.

  187.   if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i) ||

  188.       !EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx) ||

  189.       !EVP_DigestUpdate(&ctx->md_ctx, buf, i) ||

  190.       !EVP_DigestFinal_ex(&ctx->md_ctx, out, out_len)) {

  191.     *out_len = 0;

  192.     return 0;

  193.   }

  194. 

  195.   return 1;

  196. }

  197. 

  198. size_t HMAC_size(const HMAC_CTX *ctx) {

  199.   return EVP_MD_size(ctx->md);

  200. }

  201. 

  202. int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src) {

  203.   if (!EVP_MD_CTX_copy_ex(&dest->i_ctx, &src->i_ctx) ||

  204.       !EVP_MD_CTX_copy_ex(&dest->o_ctx, &src->o_ctx) ||

  205.       !EVP_MD_CTX_copy_ex(&dest->md_ctx, &src->md_ctx)) {

  206.     return 0;

  207.   }

  208. 

  209.   dest->md = src->md;

  210.   return 1;

  211. }

  212. 

  213. void HMAC_CTX_reset(HMAC_CTX *ctx) {

  214.   HMAC_CTX_cleanup(ctx);

  215.   HMAC_CTX_init(ctx);

  216. }

  217. 

  218. int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md) {

  219.   if (key && md) {

  220.     HMAC_CTX_init(ctx);

  221.   }

  222.   return HMAC_Init_ex(ctx, key, key_len, md, NULL);

  223. }

  224. 

  225. int HMAC_CTX_copy(HMAC_CTX *dest, const HMAC_CTX *src) {

  226.   HMAC_CTX_init(dest);

  227.   return HMAC_CTX_copy_ex(dest, src);

  228. }