You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

226 lines
7.6 KiB

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  2. * All rights reserved.
  3. *
  4. * This package is an SSL implementation written
  5. * by Eric Young (eay@cryptsoft.com).
  6. * The implementation was written so as to conform with Netscapes SSL.
  7. *
  8. * This library is free for commercial and non-commercial use as long as
  9. * the following conditions are aheared to. The following conditions
  10. * apply to all code found in this distribution, be it the RC4, RSA,
  11. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  12. * included with this distribution is covered by the same copyright terms
  13. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  14. *
  15. * Copyright remains Eric Young's, and as such any Copyright notices in
  16. * the code are not to be removed.
  17. * If this package is used in a product, Eric Young should be given attribution
  18. * as the author of the parts of the library used.
  19. * This can be in the form of a textual message at program startup or
  20. * in documentation (online or textual) provided with the package.
  21. *
  22. * Redistribution and use in source and binary forms, with or without
  23. * modification, are permitted provided that the following conditions
  24. * are met:
  25. * 1. Redistributions of source code must retain the copyright
  26. * notice, this list of conditions and the following disclaimer.
  27. * 2. Redistributions in binary form must reproduce the above copyright
  28. * notice, this list of conditions and the following disclaimer in the
  29. * documentation and/or other materials provided with the distribution.
  30. * 3. All advertising materials mentioning features or use of this software
  31. * must display the following acknowledgement:
  32. * "This product includes cryptographic software written by
  33. * Eric Young (eay@cryptsoft.com)"
  34. * The word 'cryptographic' can be left out if the rouines from the library
  35. * being used are not cryptographic related :-).
  36. * 4. If you include any Windows specific code (or a derivative thereof) from
  37. * the apps directory (application code) you must include an acknowledgement:
  38. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  41. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  43. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  44. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  45. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  46. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  48. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  49. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  50. * SUCH DAMAGE.
  51. *
  52. * The licence and distribution terms for any publically available version or
  53. * derivative of this code cannot be changed. i.e. this code cannot simply be
  54. * copied and put under another distribution licence
  55. * [including the GNU Public Licence.] */
  56. #include <openssl/hmac.h>
  57. #include <assert.h>
  58. #include <string.h>
  59. #include <openssl/mem.h>
  60. uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
  61. const uint8_t *data, size_t data_len, uint8_t *out,
  62. unsigned int *out_len) {
  63. HMAC_CTX ctx;
  64. static uint8_t static_out_buffer[EVP_MAX_MD_SIZE];
  65. /* OpenSSL has traditionally supported using a static buffer if |out| is
  66. * NULL. We maintain that but don't document it. This behaviour should be
  67. * considered to be deprecated. */
  68. if (out == NULL) {
  69. out = static_out_buffer;
  70. }
  71. HMAC_CTX_init(&ctx);
  72. if (!HMAC_Init(&ctx, key, key_len, evp_md) ||
  73. !HMAC_Update(&ctx, data, data_len) ||
  74. !HMAC_Final(&ctx, out, out_len)) {
  75. out = NULL;
  76. }
  77. HMAC_CTX_cleanup(&ctx);
  78. return out;
  79. }
  80. void HMAC_CTX_init(HMAC_CTX *ctx) {
  81. ctx->md = NULL;
  82. ctx->key_length = 0;
  83. EVP_MD_CTX_init(&ctx->i_ctx);
  84. EVP_MD_CTX_init(&ctx->o_ctx);
  85. EVP_MD_CTX_init(&ctx->md_ctx);
  86. }
  87. void HMAC_CTX_cleanup(HMAC_CTX *ctx) {
  88. EVP_MD_CTX_cleanup(&ctx->i_ctx);
  89. EVP_MD_CTX_cleanup(&ctx->o_ctx);
  90. EVP_MD_CTX_cleanup(&ctx->md_ctx);
  91. OPENSSL_cleanse(ctx, sizeof(ctx));
  92. }
  93. int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
  94. const EVP_MD *md, ENGINE *impl) {
  95. unsigned i, reset = 0;
  96. uint8_t pad[HMAC_MAX_MD_CBLOCK];
  97. if (md != NULL) {
  98. if (ctx->md == NULL && key == NULL && ctx->key_length == 0) {
  99. /* TODO(eroman): Change the API instead of this hack.
  100. * If a key hasn't yet been assigned to the context, then default to using
  101. * an all-zero key. This is to work around callers of
  102. * HMAC_Init_ex(key=NULL, key_len=0) intending to set a zero-length key.
  103. * Rather than resulting in uninitialized memory reads, it will
  104. * predictably use a zero key. */
  105. memset(ctx->key, 0, sizeof(ctx->key));
  106. }
  107. reset = 1;
  108. ctx->md = md;
  109. } else {
  110. md = ctx->md;
  111. }
  112. if (key != NULL) {
  113. size_t block_size = EVP_MD_block_size(md);
  114. reset = 1;
  115. assert(block_size <= sizeof(ctx->key));
  116. if (block_size < key_len) {
  117. if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl) ||
  118. !EVP_DigestUpdate(&ctx->md_ctx, key, key_len) ||
  119. !EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length)) {
  120. goto err;
  121. }
  122. } else {
  123. assert(key_len >= 0 && key_len <= sizeof(ctx->key));
  124. memcpy(ctx->key, key, key_len);
  125. ctx->key_length = key_len;
  126. }
  127. if (ctx->key_length != HMAC_MAX_MD_CBLOCK) {
  128. memset(&ctx->key[ctx->key_length], 0, sizeof(ctx->key) - ctx->key_length);
  129. }
  130. }
  131. if (reset) {
  132. for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) {
  133. pad[i] = 0x36 ^ ctx->key[i];
  134. }
  135. if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl) ||
  136. !EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) {
  137. goto err;
  138. }
  139. for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) {
  140. pad[i] = 0x5c ^ ctx->key[i];
  141. }
  142. if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl) ||
  143. !EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) {
  144. goto err;
  145. }
  146. }
  147. if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) {
  148. goto err;
  149. }
  150. return 1;
  151. err:
  152. return 0;
  153. }
  154. int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data, size_t data_len) {
  155. return EVP_DigestUpdate(&ctx->md_ctx, data, data_len);
  156. }
  157. int HMAC_Final(HMAC_CTX *ctx, uint8_t *out, unsigned int *out_len) {
  158. unsigned int i;
  159. uint8_t buf[EVP_MAX_MD_SIZE];
  160. if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i) ||
  161. !EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx) ||
  162. !EVP_DigestUpdate(&ctx->md_ctx, buf, i) ||
  163. !EVP_DigestFinal_ex(&ctx->md_ctx, out, out_len)) {
  164. *out_len = 0;
  165. return 0;
  166. }
  167. return 1;
  168. }
  169. size_t HMAC_size(const HMAC_CTX *ctx) {
  170. return EVP_MD_size(ctx->md);
  171. }
  172. int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src) {
  173. if (!EVP_MD_CTX_copy_ex(&dest->i_ctx, &src->i_ctx) ||
  174. !EVP_MD_CTX_copy_ex(&dest->o_ctx, &src->o_ctx) ||
  175. !EVP_MD_CTX_copy_ex(&dest->md_ctx, &src->md_ctx)) {
  176. return 0;
  177. }
  178. memcpy(dest->key, src->key, HMAC_MAX_MD_CBLOCK);
  179. dest->key_length = src->key_length;
  180. dest->md = src->md;
  181. return 1;
  182. }
  183. void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) {
  184. EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
  185. EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
  186. EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
  187. }
  188. int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md) {
  189. if (key && md) {
  190. HMAC_CTX_init(ctx);
  191. }
  192. return HMAC_Init_ex(ctx, key, key_len, md, NULL);
  193. }
  194. int HMAC_CTX_copy(HMAC_CTX *dest, const HMAC_CTX *src) {
  195. HMAC_CTX_init(dest);
  196. return HMAC_CTX_copy_ex(dest, src);
  197. }