Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: azure_iot_hub/trunk/wolfssl-3.15.7/wolfcrypt/src/hmac.c@ 388

Last change on this file since 388 was 388, checked in by coas-nagasima, 5 years ago
Azure IoT Hub Device C SDK を使ったサンプルの追加
Property svn:eol-style set to `native` Property svn:keywords set to `Id` Property svn:mime-type set to `text/x-csrc`
File size: 36.7 KB

Line
1	/* hmac.c
2	*
3	* Copyright (C) 2006-2017 wolfSSL Inc.
4	*
5	* This file is part of wolfSSL.
6	*
7	* wolfSSL is free software; you can redistribute it and/or modify
8	* it under the terms of the GNU General Public License as published by
9	* the Free Software Foundation; either version 2 of the License, or
10	* (at your option) any later version.
11	*
12	* wolfSSL is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	* GNU General Public License for more details.
16	*
17	* You should have received a copy of the GNU General Public License
18	* along with this program; if not, write to the Free Software
19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20	*/
21
22
23	#ifdef HAVE_CONFIG_H
24	#include <config.h>
25	#endif
26
27	#include <wolfssl/wolfcrypt/settings.h>
28	#include <wolfssl/wolfcrypt/error-crypt.h>
29
30	#ifndef NO_HMAC
31
32	#if defined(HAVE_FIPS) && \
33	defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
34
35	/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
36	#define FIPS_NO_WRAPPERS
37
38	#ifdef USE_WINDOWS_API
39	#pragma code_seg(".fipsA$b")
40	#pragma const_seg(".fipsB$b")
41	#endif
42	#endif
43
44	#include <wolfssl/wolfcrypt/hmac.h>
45
46	#ifdef NO_INLINE
47	#include <wolfssl/wolfcrypt/misc.h>
48	#else
49	#define WOLFSSL_MISC_INCLUDED
50	#include <wolfcrypt/src/misc.c>
51	#endif
52
53
54	/* fips wrapper calls, user can call direct */
55	/* If building for old FIPS. */
56	#if defined(HAVE_FIPS) && \
57	(!defined(HAVE_FIPS_VERSION) \|\| (HAVE_FIPS_VERSION < 2))
58
59	/* does init */
60	int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
61	{
62	if (hmac == NULL \|\| (key == NULL && keySz != 0) \|\|
63	!(type == WC_MD5 \|\| type == WC_SHA \|\| type == WC_SHA256 \|\|
64	type == WC_SHA384 \|\| type == WC_SHA512 \|\|
65	type == BLAKE2B_ID)) {
66	return BAD_FUNC_ARG;
67	}
68
69	return HmacSetKey_fips(hmac, type, key, keySz);
70	}
71	int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
72	{
73	if (hmac == NULL \|\| (in == NULL && sz > 0)) {
74	return BAD_FUNC_ARG;
75	}
76
77	return HmacUpdate_fips(hmac, in, sz);
78	}
79	int wc_HmacFinal(Hmac* hmac, byte* out)
80	{
81	if (hmac == NULL) {
82	return BAD_FUNC_ARG;
83	}
84
85	return HmacFinal_fips(hmac, out);
86	}
87	int wolfSSL_GetHmacMaxSize(void)
88	{
89	return CyaSSL_GetHmacMaxSize();
90	}
91
92	int wc_HmacInit(Hmac* hmac, void* heap, int devId)
93	{
94	(void)hmac;
95	(void)heap;
96	(void)devId;
97	/* FIPS doesn't support:
98	return HmacInit(hmac, heap, devId); */
99	return 0;
100	}
101	void wc_HmacFree(Hmac* hmac)
102	{
103	(void)hmac;
104	/* FIPS doesn't support:
105	HmacFree(hmac); */
106	}
107
108	#ifdef HAVE_HKDF
109	int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
110	const byte* salt, word32 saltSz,
111	const byte* info, word32 infoSz,
112	byte* out, word32 outSz)
113	{
114	return HKDF(type, inKey, inKeySz, salt, saltSz,
115	info, infoSz, out, outSz);
116	}
117	#endif /* HAVE_HKDF */
118
119	#else /* else build without fips, or for new fips */
120
121
122	int wc_HmacSizeByType(int type)
123	{
124	int ret;
125
126	if (!(type == WC_MD5 \|\| type == WC_SHA \|\|
127	type == WC_SHA224 \|\| type == WC_SHA256 \|\|
128	type == WC_SHA384 \|\| type == WC_SHA512 \|\|
129	type == WC_SHA3_224 \|\| type == WC_SHA3_256 \|\|
130	type == WC_SHA3_384 \|\| type == WC_SHA3_512 \|\|
131	type == BLAKE2B_ID)) {
132	return BAD_FUNC_ARG;
133	}
134
135	switch (type) {
136	#ifndef NO_MD5
137	case WC_MD5:
138	ret = WC_MD5_DIGEST_SIZE;
139	break;
140	#endif /* !NO_MD5 */
141
142	#ifndef NO_SHA
143	case WC_SHA:
144	ret = WC_SHA_DIGEST_SIZE;
145	break;
146	#endif /* !NO_SHA */
147
148	#ifdef WOLFSSL_SHA224
149	case WC_SHA224:
150	ret = WC_SHA224_DIGEST_SIZE;
151	break;
152	#endif /* WOLFSSL_SHA224 */
153
154	#ifndef NO_SHA256
155	case WC_SHA256:
156	ret = WC_SHA256_DIGEST_SIZE;
157	break;
158	#endif /* !NO_SHA256 */
159
160	#ifdef WOLFSSL_SHA384
161	case WC_SHA384:
162	ret = WC_SHA384_DIGEST_SIZE;
163	break;
164	#endif /* WOLFSSL_SHA384 */
165	#ifdef WOLFSSL_SHA512
166	case WC_SHA512:
167	ret = WC_SHA512_DIGEST_SIZE;
168	break;
169	#endif /* WOLFSSL_SHA512 */
170
171	#ifdef HAVE_BLAKE2
172	case BLAKE2B_ID:
173	ret = BLAKE2B_OUTBYTES;
174	break;
175	#endif /* HAVE_BLAKE2 */
176
177	#ifdef WOLFSSL_SHA3
178	case WC_SHA3_224:
179	ret = WC_SHA3_224_DIGEST_SIZE;
180	break;
181
182	case WC_SHA3_256:
183	ret = WC_SHA3_256_DIGEST_SIZE;
184	break;
185
186	case WC_SHA3_384:
187	ret = WC_SHA3_384_DIGEST_SIZE;
188	break;
189
190	case WC_SHA3_512:
191	ret = WC_SHA3_512_DIGEST_SIZE;
192	break;
193
194	#endif
195
196	default:
197	ret = BAD_FUNC_ARG;
198	break;
199	}
200
201	return ret;
202	}
203
204	int _InitHmac(Hmac* hmac, int type, void* heap)
205	{
206	int ret = 0;
207
208	switch (type) {
209	#ifndef NO_MD5
210	case WC_MD5:
211	ret = wc_InitMd5(&hmac->hash.md5);
212	break;
213	#endif /* !NO_MD5 */
214
215	#ifndef NO_SHA
216	case WC_SHA:
217	ret = wc_InitSha(&hmac->hash.sha);
218	break;
219	#endif /* !NO_SHA */
220
221	#ifdef WOLFSSL_SHA224
222	case WC_SHA224:
223	ret = wc_InitSha224(&hmac->hash.sha224);
224	break;
225	#endif /* WOLFSSL_SHA224 */
226
227	#ifndef NO_SHA256
228	case WC_SHA256:
229	ret = wc_InitSha256(&hmac->hash.sha256);
230	break;
231	#endif /* !NO_SHA256 */
232
233	#ifdef WOLFSSL_SHA384
234	case WC_SHA384:
235	ret = wc_InitSha384(&hmac->hash.sha384);
236	break;
237	#endif /* WOLFSSL_SHA384 */
238	#ifdef WOLFSSL_SHA512
239	case WC_SHA512:
240	ret = wc_InitSha512(&hmac->hash.sha512);
241	break;
242	#endif /* WOLFSSL_SHA512 */
243
244	#ifdef HAVE_BLAKE2
245	case BLAKE2B_ID:
246	ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
247	break;
248	#endif /* HAVE_BLAKE2 */
249
250	#ifdef WOLFSSL_SHA3
251	case WC_SHA3_224:
252	ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
253	break;
254	case WC_SHA3_256:
255	ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
256	break;
257	case WC_SHA3_384:
258	ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
259	break;
260	case WC_SHA3_512:
261	ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
262	break;
263	#endif
264
265	default:
266	ret = BAD_FUNC_ARG;
267	break;
268	}
269
270	/* default to NULL heap hint or test value */
271	#ifdef WOLFSSL_HEAP_TEST
272	hmac->heap = (void)WOLFSSL_HEAP_TEST;
273	#else
274	hmac->heap = heap;
275	#endif /* WOLFSSL_HEAP_TEST */
276
277	return ret;
278	}
279
280
281	int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
282	{
283	byte* ip;
284	byte* op;
285	word32 i, hmac_block_size = 0;
286	int ret = 0;
287	void* heap = NULL;
288
289	if (hmac == NULL \|\| (key == NULL && length != 0) \|\|
290	!(type == WC_MD5 \|\| type == WC_SHA \|\|
291	type == WC_SHA224 \|\| type == WC_SHA256 \|\|
292	type == WC_SHA384 \|\| type == WC_SHA512 \|\|
293	type == WC_SHA3_224 \|\| type == WC_SHA3_256 \|\|
294	type == WC_SHA3_384 \|\| type == WC_SHA3_512 \|\|
295	type == BLAKE2B_ID)) {
296	return BAD_FUNC_ARG;
297	}
298
299	/* if set key has already been run then make sure and free existing */
300	if (hmac->macType != 0) {
301	wc_HmacFree(hmac);
302	}
303
304	hmac->innerHashKeyed = 0;
305	hmac->macType = (byte)type;
306
307	ret = _InitHmac(hmac, type, heap);
308	if (ret != 0)
309	return ret;
310
311	#ifdef HAVE_FIPS
312	if (length < HMAC_FIPS_MIN_KEY)
313	return HMAC_MIN_KEYLEN_E;
314	#endif
315
316	ip = (byte*)hmac->ipad;
317	op = (byte*)hmac->opad;
318
319	switch (hmac->macType) {
320	#ifndef NO_MD5
321	case WC_MD5:
322	hmac_block_size = WC_MD5_BLOCK_SIZE;
323	if (length <= WC_MD5_BLOCK_SIZE) {
324	if (key != NULL) {
325	XMEMCPY(ip, key, length);
326	}
327	}
328	else {
329	ret = wc_Md5Update(&hmac->hash.md5, key, length);
330	if (ret != 0)
331	break;
332	ret = wc_Md5Final(&hmac->hash.md5, ip);
333	if (ret != 0)
334	break;
335	length = WC_MD5_DIGEST_SIZE;
336	}
337	break;
338	#endif /* !NO_MD5 */
339
340	#ifndef NO_SHA
341	case WC_SHA:
342	hmac_block_size = WC_SHA_BLOCK_SIZE;
343	if (length <= WC_SHA_BLOCK_SIZE) {
344	if (key != NULL) {
345	XMEMCPY(ip, key, length);
346	}
347	}
348	else {
349	ret = wc_ShaUpdate(&hmac->hash.sha, key, length);
350	if (ret != 0)
351	break;
352	ret = wc_ShaFinal(&hmac->hash.sha, ip);
353	if (ret != 0)
354	break;
355
356	length = WC_SHA_DIGEST_SIZE;
357	}
358	break;
359	#endif /* !NO_SHA */
360
361	#ifdef WOLFSSL_SHA224
362	case WC_SHA224:
363	{
364	hmac_block_size = WC_SHA224_BLOCK_SIZE;
365	if (length <= WC_SHA224_BLOCK_SIZE) {
366	if (key != NULL) {
367	XMEMCPY(ip, key, length);
368	}
369	}
370	else {
371	ret = wc_Sha224Update(&hmac->hash.sha224, key, length);
372	if (ret != 0)
373	break;
374	ret = wc_Sha224Final(&hmac->hash.sha224, ip);
375	if (ret != 0)
376	break;
377
378	length = WC_SHA224_DIGEST_SIZE;
379	}
380	}
381	break;
382	#endif /* WOLFSSL_SHA224 */
383
384	#ifndef NO_SHA256
385	case WC_SHA256:
386	hmac_block_size = WC_SHA256_BLOCK_SIZE;
387	if (length <= WC_SHA256_BLOCK_SIZE) {
388	if (key != NULL) {
389	XMEMCPY(ip, key, length);
390	}
391	}
392	else {
393	ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
394	if (ret != 0)
395	break;
396	ret = wc_Sha256Final(&hmac->hash.sha256, ip);
397	if (ret != 0)
398	break;
399
400	length = WC_SHA256_DIGEST_SIZE;
401	}
402	break;
403	#endif /* !NO_SHA256 */
404
405	#ifdef WOLFSSL_SHA384
406	case WC_SHA384:
407	hmac_block_size = WC_SHA384_BLOCK_SIZE;
408	if (length <= WC_SHA384_BLOCK_SIZE) {
409	if (key != NULL) {
410	XMEMCPY(ip, key, length);
411	}
412	}
413	else {
414	ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
415	if (ret != 0)
416	break;
417	ret = wc_Sha384Final(&hmac->hash.sha384, ip);
418	if (ret != 0)
419	break;
420
421	length = WC_SHA384_DIGEST_SIZE;
422	}
423	break;
424	#endif /* WOLFSSL_SHA384 */
425	#ifdef WOLFSSL_SHA512
426	case WC_SHA512:
427	hmac_block_size = WC_SHA512_BLOCK_SIZE;
428	if (length <= WC_SHA512_BLOCK_SIZE) {
429	if (key != NULL) {
430	XMEMCPY(ip, key, length);
431	}
432	}
433	else {
434	ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
435	if (ret != 0)
436	break;
437	ret = wc_Sha512Final(&hmac->hash.sha512, ip);
438	if (ret != 0)
439	break;
440
441	length = WC_SHA512_DIGEST_SIZE;
442	}
443	break;
444	#endif /* WOLFSSL_SHA512 */
445
446	#ifdef HAVE_BLAKE2
447	case BLAKE2B_ID:
448	hmac_block_size = BLAKE2B_BLOCKBYTES;
449	if (length <= BLAKE2B_BLOCKBYTES) {
450	if (key != NULL) {
451	XMEMCPY(ip, key, length);
452	}
453	}
454	else {
455	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
456	if (ret != 0)
457	break;
458	ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
459	if (ret != 0)
460	break;
461
462	length = BLAKE2B_256;
463	}
464	break;
465	#endif /* HAVE_BLAKE2 */
466
467	#ifdef WOLFSSL_SHA3
468	case WC_SHA3_224:
469	hmac_block_size = WC_SHA3_224_BLOCK_SIZE;
470	if (length <= WC_SHA3_224_BLOCK_SIZE) {
471	if (key != NULL) {
472	XMEMCPY(ip, key, length);
473	}
474	}
475	else {
476	ret = wc_Sha3_224_Update(&hmac->hash.sha3, key, length);
477	if (ret != 0)
478	break;
479	ret = wc_Sha3_224_Final(&hmac->hash.sha3, ip);
480	if (ret != 0)
481	break;
482
483	length = WC_SHA3_224_DIGEST_SIZE;
484	}
485	break;
486	case WC_SHA3_256:
487	hmac_block_size = WC_SHA3_256_BLOCK_SIZE;
488	if (length <= WC_SHA3_256_BLOCK_SIZE) {
489	if (key != NULL) {
490	XMEMCPY(ip, key, length);
491	}
492	}
493	else {
494	ret = wc_Sha3_256_Update(&hmac->hash.sha3, key, length);
495	if (ret != 0)
496	break;
497	ret = wc_Sha3_256_Final(&hmac->hash.sha3, ip);
498	if (ret != 0)
499	break;
500
501	length = WC_SHA3_256_DIGEST_SIZE;
502	}
503	break;
504	case WC_SHA3_384:
505	hmac_block_size = WC_SHA3_384_BLOCK_SIZE;
506	if (length <= WC_SHA3_384_BLOCK_SIZE) {
507	if (key != NULL) {
508	XMEMCPY(ip, key, length);
509	}
510	}
511	else {
512	ret = wc_Sha3_384_Update(&hmac->hash.sha3, key, length);
513	if (ret != 0)
514	break;
515	ret = wc_Sha3_384_Final(&hmac->hash.sha3, ip);
516	if (ret != 0)
517	break;
518
519	length = WC_SHA3_384_DIGEST_SIZE;
520	}
521	break;
522	case WC_SHA3_512:
523	hmac_block_size = WC_SHA3_512_BLOCK_SIZE;
524	if (length <= WC_SHA3_512_BLOCK_SIZE) {
525	if (key != NULL) {
526	XMEMCPY(ip, key, length);
527	}
528	}
529	else {
530	ret = wc_Sha3_512_Update(&hmac->hash.sha3, key, length);
531	if (ret != 0)
532	break;
533	ret = wc_Sha3_512_Final(&hmac->hash.sha3, ip);
534	if (ret != 0)
535	break;
536
537	length = WC_SHA3_512_DIGEST_SIZE;
538	}
539	break;
540	#endif /* WOLFSSL_SHA3 */
541
542	default:
543	return BAD_FUNC_ARG;
544	}
545
546	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
547	if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
548	#if defined(HAVE_INTEL_QA) \|\| defined(HAVE_CAVIUM)
549	#ifdef HAVE_INTEL_QA
550	if (IntelQaHmacGetType(hmac->macType, NULL) == 0)
551	#endif
552	{
553	if (length > hmac_block_size)
554	length = hmac_block_size;
555	/* update key length */
556	hmac->keyLen = (word16)length;
557
558	return ret;
559	}
560	/* no need to pad below */
561	#endif
562	}
563	#endif
564
565	if (ret == 0) {
566	if (length < hmac_block_size)
567	XMEMSET(ip + length, 0, hmac_block_size - length);
568
569	for(i = 0; i < hmac_block_size; i++) {
570	op[i] = ip[i] ^ OPAD;
571	ip[i] ^= IPAD;
572	}
573	}
574
575	return ret;
576	}
577
578
579	static int HmacKeyInnerHash(Hmac* hmac)
580	{
581	int ret = 0;
582
583	switch (hmac->macType) {
584	#ifndef NO_MD5
585	case WC_MD5:
586	ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->ipad,
587	WC_MD5_BLOCK_SIZE);
588	break;
589	#endif /* !NO_MD5 */
590
591	#ifndef NO_SHA
592	case WC_SHA:
593	ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->ipad,
594	WC_SHA_BLOCK_SIZE);
595	break;
596	#endif /* !NO_SHA */
597
598	#ifdef WOLFSSL_SHA224
599	case WC_SHA224:
600	ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->ipad,
601	WC_SHA224_BLOCK_SIZE);
602	break;
603	#endif /* WOLFSSL_SHA224 */
604
605	#ifndef NO_SHA256
606	case WC_SHA256:
607	ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->ipad,
608	WC_SHA256_BLOCK_SIZE);
609	break;
610	#endif /* !NO_SHA256 */
611
612	#ifdef WOLFSSL_SHA384
613	case WC_SHA384:
614	ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->ipad,
615	WC_SHA384_BLOCK_SIZE);
616	break;
617	#endif /* WOLFSSL_SHA384 */
618	#ifdef WOLFSSL_SHA512
619	case WC_SHA512:
620	ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->ipad,
621	WC_SHA512_BLOCK_SIZE);
622	break;
623	#endif /* WOLFSSL_SHA512 */
624
625	#ifdef HAVE_BLAKE2
626	case BLAKE2B_ID:
627	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->ipad,
628	BLAKE2B_BLOCKBYTES);
629	break;
630	#endif /* HAVE_BLAKE2 */
631
632	#ifdef WOLFSSL_SHA3
633	case WC_SHA3_224:
634	ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
635	WC_SHA3_224_BLOCK_SIZE);
636	break;
637	case WC_SHA3_256:
638	ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
639	WC_SHA3_256_BLOCK_SIZE);
640	break;
641	case WC_SHA3_384:
642	ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
643	WC_SHA3_384_BLOCK_SIZE);
644	break;
645	case WC_SHA3_512:
646	ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
647	WC_SHA3_512_BLOCK_SIZE);
648	break;
649	#endif /* WOLFSSL_SHA3 */
650
651	default:
652	break;
653	}
654
655	if (ret == 0)
656	hmac->innerHashKeyed = 1;
657
658	return ret;
659	}
660
661
662	int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
663	{
664	int ret = 0;
665
666	if (hmac == NULL \|\| (msg == NULL && length > 0)) {
667	return BAD_FUNC_ARG;
668	}
669
670	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
671	if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
672	#if defined(HAVE_CAVIUM)
673	return NitroxHmacUpdate(hmac, msg, length);
674	#elif defined(HAVE_INTEL_QA)
675	if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
676	return IntelQaHmac(&hmac->asyncDev, hmac->macType,
677	(byte*)hmac->ipad, hmac->keyLen, NULL, msg, length);
678	}
679	#endif
680	}
681	#endif /* WOLFSSL_ASYNC_CRYPT */
682
683	if (!hmac->innerHashKeyed) {
684	ret = HmacKeyInnerHash(hmac);
685	if (ret != 0)
686	return ret;
687	}
688
689	switch (hmac->macType) {
690	#ifndef NO_MD5
691	case WC_MD5:
692	ret = wc_Md5Update(&hmac->hash.md5, msg, length);
693	break;
694	#endif /* !NO_MD5 */
695
696	#ifndef NO_SHA
697	case WC_SHA:
698	ret = wc_ShaUpdate(&hmac->hash.sha, msg, length);
699	break;
700	#endif /* !NO_SHA */
701
702	#ifdef WOLFSSL_SHA224
703	case WC_SHA224:
704	ret = wc_Sha224Update(&hmac->hash.sha224, msg, length);
705	break;
706	#endif /* WOLFSSL_SHA224 */
707
708	#ifndef NO_SHA256
709	case WC_SHA256:
710	ret = wc_Sha256Update(&hmac->hash.sha256, msg, length);
711	break;
712	#endif /* !NO_SHA256 */
713
714	#ifdef WOLFSSL_SHA384
715	case WC_SHA384:
716	ret = wc_Sha384Update(&hmac->hash.sha384, msg, length);
717	break;
718	#endif /* WOLFSSL_SHA384 */
719	#ifdef WOLFSSL_SHA512
720	case WC_SHA512:
721	ret = wc_Sha512Update(&hmac->hash.sha512, msg, length);
722	break;
723	#endif /* WOLFSSL_SHA512 */
724
725	#ifdef HAVE_BLAKE2
726	case BLAKE2B_ID:
727	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
728	break;
729	#endif /* HAVE_BLAKE2 */
730
731	#ifdef WOLFSSL_SHA3
732	case WC_SHA3_224:
733	ret = wc_Sha3_224_Update(&hmac->hash.sha3, msg, length);
734	break;
735	case WC_SHA3_256:
736	ret = wc_Sha3_256_Update(&hmac->hash.sha3, msg, length);
737	break;
738	case WC_SHA3_384:
739	ret = wc_Sha3_384_Update(&hmac->hash.sha3, msg, length);
740	break;
741	case WC_SHA3_512:
742	ret = wc_Sha3_512_Update(&hmac->hash.sha3, msg, length);
743	break;
744	#endif /* WOLFSSL_SHA3 */
745
746	default:
747	break;
748	}
749
750	return ret;
751	}
752
753
754	int wc_HmacFinal(Hmac* hmac, byte* hash)
755	{
756	int ret;
757
758	if (hmac == NULL \|\| hash == NULL) {
759	return BAD_FUNC_ARG;
760	}
761
762	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
763	if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
764	int hashLen = wc_HmacSizeByType(hmac->macType);
765	if (hashLen <= 0)
766	return hashLen;
767
768	#if defined(HAVE_CAVIUM)
769	return NitroxHmacFinal(hmac, hash, hashLen);
770	#elif defined(HAVE_INTEL_QA)
771	if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
772	return IntelQaHmac(&hmac->asyncDev, hmac->macType,
773	(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
774	}
775	#endif
776	}
777	#endif /* WOLFSSL_ASYNC_CRYPT */
778
779	if (!hmac->innerHashKeyed) {
780	ret = HmacKeyInnerHash(hmac);
781	if (ret != 0)
782	return ret;
783	}
784
785	switch (hmac->macType) {
786	#ifndef NO_MD5
787	case WC_MD5:
788	ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash);
789	if (ret != 0)
790	break;
791	ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad,
792	WC_MD5_BLOCK_SIZE);
793	if (ret != 0)
794	break;
795	ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash,
796	WC_MD5_DIGEST_SIZE);
797	if (ret != 0)
798	break;
799	ret = wc_Md5Final(&hmac->hash.md5, hash);
800	break;
801	#endif /* !NO_MD5 */
802
803	#ifndef NO_SHA
804	case WC_SHA:
805	ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash);
806	if (ret != 0)
807	break;
808	ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
809	WC_SHA_BLOCK_SIZE);
810	if (ret != 0)
811	break;
812	ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
813	WC_SHA_DIGEST_SIZE);
814	if (ret != 0)
815	break;
816	ret = wc_ShaFinal(&hmac->hash.sha, hash);
817	break;
818	#endif /* !NO_SHA */
819
820	#ifdef WOLFSSL_SHA224
821	case WC_SHA224:
822	{
823	ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash);
824	if (ret != 0)
825	break;
826	ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad,
827	WC_SHA224_BLOCK_SIZE);
828	if (ret != 0)
829	break;
830	ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash,
831	WC_SHA224_DIGEST_SIZE);
832	if (ret != 0)
833	break;
834	ret = wc_Sha224Final(&hmac->hash.sha224, hash);
835	if (ret != 0)
836	break;
837	}
838	break;
839	#endif /* WOLFSSL_SHA224 */
840
841	#ifndef NO_SHA256
842	case WC_SHA256:
843	ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash);
844	if (ret != 0)
845	break;
846	ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
847	WC_SHA256_BLOCK_SIZE);
848	if (ret != 0)
849	break;
850	ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash,
851	WC_SHA256_DIGEST_SIZE);
852	if (ret != 0)
853	break;
854	ret = wc_Sha256Final(&hmac->hash.sha256, hash);
855	break;
856	#endif /* !NO_SHA256 */
857
858	#ifdef WOLFSSL_SHA384
859	case WC_SHA384:
860	ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash);
861	if (ret != 0)
862	break;
863	ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
864	WC_SHA384_BLOCK_SIZE);
865	if (ret != 0)
866	break;
867	ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash,
868	WC_SHA384_DIGEST_SIZE);
869	if (ret != 0)
870	break;
871	ret = wc_Sha384Final(&hmac->hash.sha384, hash);
872	break;
873	#endif /* WOLFSSL_SHA384 */
874	#ifdef WOLFSSL_SHA512
875	case WC_SHA512:
876	ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash);
877	if (ret != 0)
878	break;
879	ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad,
880	WC_SHA512_BLOCK_SIZE);
881	if (ret != 0)
882	break;
883	ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash,
884	WC_SHA512_DIGEST_SIZE);
885	if (ret != 0)
886	break;
887	ret = wc_Sha512Final(&hmac->hash.sha512, hash);
888	break;
889	#endif /* WOLFSSL_SHA512 */
890
891	#ifdef HAVE_BLAKE2
892	case BLAKE2B_ID:
893	ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*)hmac->innerHash,
894	BLAKE2B_256);
895	if (ret != 0)
896	break;
897	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->opad,
898	BLAKE2B_BLOCKBYTES);
899	if (ret != 0)
900	break;
901	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->innerHash,
902	BLAKE2B_256);
903	if (ret != 0)
904	break;
905	ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
906	break;
907	#endif /* HAVE_BLAKE2 */
908
909	#ifdef WOLFSSL_SHA3
910	case WC_SHA3_224:
911	ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
912	if (ret != 0)
913	break;
914	ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->opad,
915	WC_SHA3_224_BLOCK_SIZE);
916	if (ret != 0)
917	break;
918	ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
919	WC_SHA3_224_DIGEST_SIZE);
920	if (ret != 0)
921	break;
922	ret = wc_Sha3_224_Final(&hmac->hash.sha3, hash);
923	break;
924	case WC_SHA3_256:
925	ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
926	if (ret != 0)
927	break;
928	ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->opad,
929	WC_SHA3_256_BLOCK_SIZE);
930	if (ret != 0)
931	break;
932	ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
933	WC_SHA3_256_DIGEST_SIZE);
934	if (ret != 0)
935	break;
936	ret = wc_Sha3_256_Final(&hmac->hash.sha3, hash);
937	break;
938	case WC_SHA3_384:
939	ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
940	if (ret != 0)
941	break;
942	ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->opad,
943	WC_SHA3_384_BLOCK_SIZE);
944	if (ret != 0)
945	break;
946	ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
947	WC_SHA3_384_DIGEST_SIZE);
948	if (ret != 0)
949	break;
950	ret = wc_Sha3_384_Final(&hmac->hash.sha3, hash);
951	break;
952	case WC_SHA3_512:
953	ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
954	if (ret != 0)
955	break;
956	ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->opad,
957	WC_SHA3_512_BLOCK_SIZE);
958	if (ret != 0)
959	break;
960	ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
961	WC_SHA3_512_DIGEST_SIZE);
962	if (ret != 0)
963	break;
964	ret = wc_Sha3_512_Final(&hmac->hash.sha3, hash);
965	break;
966	#endif /* WOLFSSL_SHA3 */
967
968	default:
969	ret = BAD_FUNC_ARG;
970	break;
971	}
972
973	if (ret == 0) {
974	hmac->innerHashKeyed = 0;
975	}
976
977	return ret;
978	}
979
980
981	/* Initialize Hmac for use with async device */
982	int wc_HmacInit(Hmac* hmac, void* heap, int devId)
983	{
984	int ret = 0;
985
986	if (hmac == NULL)
987	return BAD_FUNC_ARG;
988
989	XMEMSET(hmac, 0, sizeof(Hmac));
990	hmac->heap = heap;
991
992	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
993	hmac->keyLen = 0;
994
995	ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC,
996	hmac->heap, devId);
997	#else
998	(void)devId;
999	#endif /* WOLFSSL_ASYNC_CRYPT */
1000
1001	return ret;
1002	}
1003
1004	/* Free Hmac from use with async device */
1005	void wc_HmacFree(Hmac* hmac)
1006	{
1007	if (hmac == NULL)
1008	return;
1009
1010	switch (hmac->macType) {
1011	#ifndef NO_MD5
1012	case WC_MD5:
1013	wc_Md5Free(&hmac->hash.md5);
1014	break;
1015	#endif /* !NO_MD5 */
1016
1017	#ifndef NO_SHA
1018	case WC_SHA:
1019	wc_ShaFree(&hmac->hash.sha);
1020	break;
1021	#endif /* !NO_SHA */
1022
1023	#ifdef WOLFSSL_SHA224
1024	case WC_SHA224:
1025	wc_Sha224Free(&hmac->hash.sha224);
1026	break;
1027	#endif /* WOLFSSL_SHA224 */
1028
1029	#ifndef NO_SHA256
1030	case WC_SHA256:
1031	wc_Sha256Free(&hmac->hash.sha256);
1032	break;
1033	#endif /* !NO_SHA256 */
1034
1035	#ifdef WOLFSSL_SHA384
1036	case WC_SHA384:
1037	wc_Sha384Free(&hmac->hash.sha384);
1038	break;
1039	#endif /* WOLFSSL_SHA384 */
1040	#ifdef WOLFSSL_SHA512
1041	case WC_SHA512:
1042	wc_Sha512Free(&hmac->hash.sha512);
1043	break;
1044	#endif /* WOLFSSL_SHA512 */
1045
1046	#ifdef HAVE_BLAKE2
1047	case BLAKE2B_ID:
1048	break;
1049	#endif /* HAVE_BLAKE2 */
1050
1051	#ifdef WOLFSSL_SHA3
1052	case WC_SHA3_224:
1053	wc_Sha3_224_Free(&hmac->hash.sha3);
1054	break;
1055	case WC_SHA3_256:
1056	wc_Sha3_256_Free(&hmac->hash.sha3);
1057	break;
1058	case WC_SHA3_384:
1059	wc_Sha3_384_Free(&hmac->hash.sha3);
1060	break;
1061	case WC_SHA3_512:
1062	wc_Sha3_512_Free(&hmac->hash.sha3);
1063	break;
1064	#endif /* WOLFSSL_SHA3 */
1065
1066	default:
1067	break;
1068	}
1069
1070	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
1071	wolfAsync_DevCtxFree(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC);
1072	#endif /* WOLFSSL_ASYNC_CRYPT */
1073
1074	switch (hmac->macType) {
1075	#ifndef NO_MD5
1076	case WC_MD5:
1077	wc_Md5Free(&hmac->hash.md5);
1078	break;
1079	#endif /* !NO_MD5 */
1080
1081	#ifndef NO_SHA
1082	case WC_SHA:
1083	wc_ShaFree(&hmac->hash.sha);
1084	break;
1085	#endif /* !NO_SHA */
1086
1087	#ifdef WOLFSSL_SHA224
1088	case WC_SHA224:
1089	wc_Sha224Free(&hmac->hash.sha224);
1090	break;
1091	#endif /* WOLFSSL_SHA224 */
1092
1093	#ifndef NO_SHA256
1094	case WC_SHA256:
1095	wc_Sha256Free(&hmac->hash.sha256);
1096	break;
1097	#endif /* !NO_SHA256 */
1098
1099	#ifdef WOLFSSL_SHA512
1100	#ifdef WOLFSSL_SHA384
1101	case WC_SHA384:
1102	wc_Sha384Free(&hmac->hash.sha384);
1103	break;
1104	#endif /* WOLFSSL_SHA384 */
1105	case WC_SHA512:
1106	wc_Sha512Free(&hmac->hash.sha512);
1107	break;
1108	#endif /* WOLFSSL_SHA512 */
1109	}
1110	}
1111
1112	int wolfSSL_GetHmacMaxSize(void)
1113	{
1114	return WC_MAX_DIGEST_SIZE;
1115	}
1116
1117	#ifdef HAVE_HKDF
1118	/* HMAC-KDF-Extract.
1119	* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
1120	*
1121	* type The hash algorithm type.
1122	* salt The optional salt value.
1123	* saltSz The size of the salt.
1124	* inKey The input keying material.
1125	* inKeySz The size of the input keying material.
1126	* out The pseudorandom key with the length that of the hash.
1127	* returns 0 on success, otherwise failure.
1128	*/
1129	int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
1130	const byte* inKey, word32 inKeySz, byte* out)
1131	{
1132	byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
1133	Hmac myHmac;
1134	int ret;
1135	const byte* localSalt; /* either points to user input or tmp */
1136	int hashSz;
1137
1138	ret = wc_HmacSizeByType(type);
1139	if (ret < 0)
1140	return ret;
1141
1142	hashSz = ret;
1143	localSalt = salt;
1144	if (localSalt == NULL) {
1145	XMEMSET(tmp, 0, hashSz);
1146	localSalt = tmp;
1147	saltSz = hashSz;
1148	}
1149
1150	ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
1151	if (ret == 0) {
1152	ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
1153	if (ret == 0)
1154	ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
1155	if (ret == 0)
1156	ret = wc_HmacFinal(&myHmac, out);
1157	wc_HmacFree(&myHmac);
1158	}
1159
1160	return ret;
1161	}
1162
1163	/* HMAC-KDF-Expand.
1164	* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
1165	*
1166	* type The hash algorithm type.
1167	* inKey The input key.
1168	* inKeySz The size of the input key.
1169	* info The application specific information.
1170	* infoSz The size of the application specific information.
1171	* out The output keying material.
1172	* returns 0 on success, otherwise failure.
1173	*/
1174	int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
1175	const byte* info, word32 infoSz, byte* out, word32 outSz)
1176	{
1177	byte tmp[WC_MAX_DIGEST_SIZE];
1178	Hmac myHmac;
1179	int ret = 0;
1180	word32 outIdx = 0;
1181	word32 hashSz = wc_HmacSizeByType(type);
1182	byte n = 0x1;
1183
1184	ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
1185	if (ret != 0)
1186	return ret;
1187
1188	while (outIdx < outSz) {
1189	int tmpSz = (n == 1) ? 0 : hashSz;
1190	word32 left = outSz - outIdx;
1191
1192	ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz);
1193	if (ret != 0)
1194	break;
1195	ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
1196	if (ret != 0)
1197	break;
1198	ret = wc_HmacUpdate(&myHmac, info, infoSz);
1199	if (ret != 0)
1200	break;
1201	ret = wc_HmacUpdate(&myHmac, &n, 1);
1202	if (ret != 0)
1203	break;
1204	ret = wc_HmacFinal(&myHmac, tmp);
1205	if (ret != 0)
1206	break;
1207
1208	left = min(left, hashSz);
1209	XMEMCPY(out+outIdx, tmp, left);
1210
1211	outIdx += hashSz;
1212	n++;
1213	}
1214
1215	wc_HmacFree(&myHmac);
1216
1217	return ret;
1218	}
1219
1220	/* HMAC-KDF.
1221	* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
1222	*
1223	* type The hash algorithm type.
1224	* inKey The input keying material.
1225	* inKeySz The size of the input keying material.
1226	* salt The optional salt value.
1227	* saltSz The size of the salt.
1228	* info The application specific information.
1229	* infoSz The size of the application specific information.
1230	* out The output keying material.
1231	* returns 0 on success, otherwise failure.
1232	*/
1233	int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
1234	const byte* salt, word32 saltSz,
1235	const byte* info, word32 infoSz,
1236	byte* out, word32 outSz)
1237	{
1238	byte prk[WC_MAX_DIGEST_SIZE];
1239	int hashSz = wc_HmacSizeByType(type);
1240	int ret;
1241
1242	if (hashSz < 0)
1243	return BAD_FUNC_ARG;
1244
1245	ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk);
1246	if (ret != 0)
1247	return ret;
1248
1249	return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz);
1250	}
1251
1252	#endif /* HAVE_HKDF */
1253
1254	#endif /* HAVE_FIPS */
1255	#endif /* NO_HMAC */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: