1 | /* hmac.c
|
---|
2 | *
|
---|
3 | * Copyright (C) 2006-2020 wolfSSL Inc.
|
---|
4 | *
|
---|
5 | * This file is part of wolfSSL.
|
---|
6 | *
|
---|
7 | * wolfSSL is free software; you can redistribute it and/or modify
|
---|
8 | * it under the terms of the GNU General Public License as published by
|
---|
9 | * the Free Software Foundation; either version 2 of the License, or
|
---|
10 | * (at your option) any later version.
|
---|
11 | *
|
---|
12 | * wolfSSL is distributed in the hope that it will be useful,
|
---|
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
15 | * GNU General Public License for more details.
|
---|
16 | *
|
---|
17 | * You should have received a copy of the GNU General Public License
|
---|
18 | * along with this program; if not, write to the Free Software
|
---|
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
---|
20 | */
|
---|
21 |
|
---|
22 |
|
---|
23 | #ifdef HAVE_CONFIG_H
|
---|
24 | #include <config.h>
|
---|
25 | #endif
|
---|
26 |
|
---|
27 | #include <wolfssl/wolfcrypt/settings.h>
|
---|
28 | #include <wolfssl/wolfcrypt/error-crypt.h>
|
---|
29 |
|
---|
30 | #ifndef NO_HMAC
|
---|
31 |
|
---|
32 | #if defined(HAVE_FIPS) && \
|
---|
33 | defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
|
---|
34 |
|
---|
35 | /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
|
---|
36 | #define FIPS_NO_WRAPPERS
|
---|
37 |
|
---|
38 | #ifdef USE_WINDOWS_API
|
---|
39 | #pragma code_seg(".fipsA$b")
|
---|
40 | #pragma const_seg(".fipsB$b")
|
---|
41 | #endif
|
---|
42 | #endif
|
---|
43 |
|
---|
44 | #include <wolfssl/wolfcrypt/hmac.h>
|
---|
45 |
|
---|
46 | #ifdef WOLF_CRYPTO_CB
|
---|
47 | #include <wolfssl/wolfcrypt/cryptocb.h>
|
---|
48 | #endif
|
---|
49 |
|
---|
50 | #ifdef NO_INLINE
|
---|
51 | #include <wolfssl/wolfcrypt/misc.h>
|
---|
52 | #else
|
---|
53 | #define WOLFSSL_MISC_INCLUDED
|
---|
54 | #include <wolfcrypt/src/misc.c>
|
---|
55 | #endif
|
---|
56 |
|
---|
57 |
|
---|
58 | /* fips wrapper calls, user can call direct */
|
---|
59 | /* If building for old FIPS. */
|
---|
60 | #if defined(HAVE_FIPS) && \
|
---|
61 | (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
|
---|
62 |
|
---|
63 | /* does init */
|
---|
64 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
|
---|
65 | {
|
---|
66 | if (hmac == NULL || (key == NULL && keySz != 0) ||
|
---|
67 | !(type == WC_MD5 || type == WC_SHA || type == WC_SHA256 ||
|
---|
68 | type == WC_SHA384 || type == WC_SHA512)) {
|
---|
69 | return BAD_FUNC_ARG;
|
---|
70 | }
|
---|
71 |
|
---|
72 | return HmacSetKey_fips(hmac, type, key, keySz);
|
---|
73 | }
|
---|
74 | int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
|
---|
75 | {
|
---|
76 | if (hmac == NULL || (in == NULL && sz > 0)) {
|
---|
77 | return BAD_FUNC_ARG;
|
---|
78 | }
|
---|
79 |
|
---|
80 | return HmacUpdate_fips(hmac, in, sz);
|
---|
81 | }
|
---|
82 | int wc_HmacFinal(Hmac* hmac, byte* out)
|
---|
83 | {
|
---|
84 | if (hmac == NULL) {
|
---|
85 | return BAD_FUNC_ARG;
|
---|
86 | }
|
---|
87 |
|
---|
88 | return HmacFinal_fips(hmac, out);
|
---|
89 | }
|
---|
90 | int wolfSSL_GetHmacMaxSize(void)
|
---|
91 | {
|
---|
92 | return CyaSSL_GetHmacMaxSize();
|
---|
93 | }
|
---|
94 |
|
---|
95 | int wc_HmacInit(Hmac* hmac, void* heap, int devId)
|
---|
96 | {
|
---|
97 | (void)hmac;
|
---|
98 | (void)heap;
|
---|
99 | (void)devId;
|
---|
100 | /* FIPS doesn't support:
|
---|
101 | return HmacInit(hmac, heap, devId); */
|
---|
102 | return 0;
|
---|
103 | }
|
---|
104 | void wc_HmacFree(Hmac* hmac)
|
---|
105 | {
|
---|
106 | (void)hmac;
|
---|
107 | /* FIPS doesn't support:
|
---|
108 | HmacFree(hmac); */
|
---|
109 | }
|
---|
110 |
|
---|
111 | #ifdef HAVE_HKDF
|
---|
112 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
---|
113 | const byte* salt, word32 saltSz,
|
---|
114 | const byte* info, word32 infoSz,
|
---|
115 | byte* out, word32 outSz)
|
---|
116 | {
|
---|
117 | return HKDF(type, inKey, inKeySz, salt, saltSz,
|
---|
118 | info, infoSz, out, outSz);
|
---|
119 | }
|
---|
120 | #endif /* HAVE_HKDF */
|
---|
121 |
|
---|
122 | #else /* else build without fips, or for new fips */
|
---|
123 |
|
---|
124 |
|
---|
125 | int wc_HmacSizeByType(int type)
|
---|
126 | {
|
---|
127 | int ret;
|
---|
128 |
|
---|
129 | if (!(type == WC_MD5 || type == WC_SHA ||
|
---|
130 | type == WC_SHA224 || type == WC_SHA256 ||
|
---|
131 | type == WC_SHA384 || type == WC_SHA512 ||
|
---|
132 | type == WC_SHA3_224 || type == WC_SHA3_256 ||
|
---|
133 | type == WC_SHA3_384 || type == WC_SHA3_512)) {
|
---|
134 | return BAD_FUNC_ARG;
|
---|
135 | }
|
---|
136 |
|
---|
137 | switch (type) {
|
---|
138 | #ifndef NO_MD5
|
---|
139 | case WC_MD5:
|
---|
140 | ret = WC_MD5_DIGEST_SIZE;
|
---|
141 | break;
|
---|
142 | #endif /* !NO_MD5 */
|
---|
143 |
|
---|
144 | #ifndef NO_SHA
|
---|
145 | case WC_SHA:
|
---|
146 | ret = WC_SHA_DIGEST_SIZE;
|
---|
147 | break;
|
---|
148 | #endif /* !NO_SHA */
|
---|
149 |
|
---|
150 | #ifdef WOLFSSL_SHA224
|
---|
151 | case WC_SHA224:
|
---|
152 | ret = WC_SHA224_DIGEST_SIZE;
|
---|
153 | break;
|
---|
154 | #endif /* WOLFSSL_SHA224 */
|
---|
155 |
|
---|
156 | #ifndef NO_SHA256
|
---|
157 | case WC_SHA256:
|
---|
158 | ret = WC_SHA256_DIGEST_SIZE;
|
---|
159 | break;
|
---|
160 | #endif /* !NO_SHA256 */
|
---|
161 |
|
---|
162 | #ifdef WOLFSSL_SHA384
|
---|
163 | case WC_SHA384:
|
---|
164 | ret = WC_SHA384_DIGEST_SIZE;
|
---|
165 | break;
|
---|
166 | #endif /* WOLFSSL_SHA384 */
|
---|
167 | #ifdef WOLFSSL_SHA512
|
---|
168 | case WC_SHA512:
|
---|
169 | ret = WC_SHA512_DIGEST_SIZE;
|
---|
170 | break;
|
---|
171 | #endif /* WOLFSSL_SHA512 */
|
---|
172 |
|
---|
173 | #ifdef WOLFSSL_SHA3
|
---|
174 | case WC_SHA3_224:
|
---|
175 | ret = WC_SHA3_224_DIGEST_SIZE;
|
---|
176 | break;
|
---|
177 |
|
---|
178 | case WC_SHA3_256:
|
---|
179 | ret = WC_SHA3_256_DIGEST_SIZE;
|
---|
180 | break;
|
---|
181 |
|
---|
182 | case WC_SHA3_384:
|
---|
183 | ret = WC_SHA3_384_DIGEST_SIZE;
|
---|
184 | break;
|
---|
185 |
|
---|
186 | case WC_SHA3_512:
|
---|
187 | ret = WC_SHA3_512_DIGEST_SIZE;
|
---|
188 | break;
|
---|
189 |
|
---|
190 | #endif
|
---|
191 |
|
---|
192 | default:
|
---|
193 | ret = BAD_FUNC_ARG;
|
---|
194 | break;
|
---|
195 | }
|
---|
196 |
|
---|
197 | return ret;
|
---|
198 | }
|
---|
199 |
|
---|
200 | int _InitHmac(Hmac* hmac, int type, void* heap)
|
---|
201 | {
|
---|
202 | int ret = 0;
|
---|
203 |
|
---|
204 | switch (type) {
|
---|
205 | #ifndef NO_MD5
|
---|
206 | case WC_MD5:
|
---|
207 | ret = wc_InitMd5(&hmac->hash.md5);
|
---|
208 | break;
|
---|
209 | #endif /* !NO_MD5 */
|
---|
210 |
|
---|
211 | #ifndef NO_SHA
|
---|
212 | case WC_SHA:
|
---|
213 | ret = wc_InitSha(&hmac->hash.sha);
|
---|
214 | break;
|
---|
215 | #endif /* !NO_SHA */
|
---|
216 |
|
---|
217 | #ifdef WOLFSSL_SHA224
|
---|
218 | case WC_SHA224:
|
---|
219 | ret = wc_InitSha224(&hmac->hash.sha224);
|
---|
220 | break;
|
---|
221 | #endif /* WOLFSSL_SHA224 */
|
---|
222 |
|
---|
223 | #ifndef NO_SHA256
|
---|
224 | case WC_SHA256:
|
---|
225 | ret = wc_InitSha256(&hmac->hash.sha256);
|
---|
226 | break;
|
---|
227 | #endif /* !NO_SHA256 */
|
---|
228 |
|
---|
229 | #ifdef WOLFSSL_SHA384
|
---|
230 | case WC_SHA384:
|
---|
231 | ret = wc_InitSha384(&hmac->hash.sha384);
|
---|
232 | break;
|
---|
233 | #endif /* WOLFSSL_SHA384 */
|
---|
234 | #ifdef WOLFSSL_SHA512
|
---|
235 | case WC_SHA512:
|
---|
236 | ret = wc_InitSha512(&hmac->hash.sha512);
|
---|
237 | break;
|
---|
238 | #endif /* WOLFSSL_SHA512 */
|
---|
239 |
|
---|
240 | #ifdef WOLFSSL_SHA3
|
---|
241 | #ifndef WOLFSSL_NOSHA3_224
|
---|
242 | case WC_SHA3_224:
|
---|
243 | ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
|
---|
244 | break;
|
---|
245 | #endif
|
---|
246 | #ifndef WOLFSSL_NOSHA3_256
|
---|
247 | case WC_SHA3_256:
|
---|
248 | ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
|
---|
249 | break;
|
---|
250 | #endif
|
---|
251 | #ifndef WOLFSSL_NOSHA3_384
|
---|
252 | case WC_SHA3_384:
|
---|
253 | ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
|
---|
254 | break;
|
---|
255 | #endif
|
---|
256 | #ifndef WOLFSSL_NOSHA3_512
|
---|
257 | case WC_SHA3_512:
|
---|
258 | ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
|
---|
259 | break;
|
---|
260 | #endif
|
---|
261 | #endif
|
---|
262 |
|
---|
263 | default:
|
---|
264 | ret = BAD_FUNC_ARG;
|
---|
265 | break;
|
---|
266 | }
|
---|
267 |
|
---|
268 | /* default to NULL heap hint or test value */
|
---|
269 | #ifdef WOLFSSL_HEAP_TEST
|
---|
270 | hmac->heap = (void)WOLFSSL_HEAP_TEST;
|
---|
271 | #else
|
---|
272 | hmac->heap = heap;
|
---|
273 | #endif /* WOLFSSL_HEAP_TEST */
|
---|
274 |
|
---|
275 | return ret;
|
---|
276 | }
|
---|
277 |
|
---|
278 |
|
---|
279 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
---|
280 | {
|
---|
281 | byte* ip;
|
---|
282 | byte* op;
|
---|
283 | word32 i, hmac_block_size = 0;
|
---|
284 | int ret = 0;
|
---|
285 | void* heap = NULL;
|
---|
286 |
|
---|
287 | if (hmac == NULL || (key == NULL && length != 0) ||
|
---|
288 | !(type == WC_MD5 || type == WC_SHA ||
|
---|
289 | type == WC_SHA224 || type == WC_SHA256 ||
|
---|
290 | type == WC_SHA384 || type == WC_SHA512 ||
|
---|
291 | type == WC_SHA3_224 || type == WC_SHA3_256 ||
|
---|
292 | type == WC_SHA3_384 || type == WC_SHA3_512)) {
|
---|
293 | return BAD_FUNC_ARG;
|
---|
294 | }
|
---|
295 |
|
---|
296 | #ifndef HAVE_FIPS
|
---|
297 | /* if set key has already been run then make sure and free existing */
|
---|
298 | /* This is for async and PIC32MZ situations, and just normally OK,
|
---|
299 | provided the user calls wc_HmacInit() first. That function is not
|
---|
300 | available in FIPS builds. In current FIPS builds, the hashes are
|
---|
301 | not allocating resources. */
|
---|
302 | if (hmac->macType != WC_HASH_TYPE_NONE) {
|
---|
303 | wc_HmacFree(hmac);
|
---|
304 | }
|
---|
305 | #endif
|
---|
306 |
|
---|
307 | hmac->innerHashKeyed = 0;
|
---|
308 | hmac->macType = (byte)type;
|
---|
309 |
|
---|
310 | ret = _InitHmac(hmac, type, heap);
|
---|
311 | if (ret != 0)
|
---|
312 | return ret;
|
---|
313 |
|
---|
314 | #ifdef HAVE_FIPS
|
---|
315 | if (length < HMAC_FIPS_MIN_KEY)
|
---|
316 | return HMAC_MIN_KEYLEN_E;
|
---|
317 | #endif
|
---|
318 |
|
---|
319 | #ifdef WOLF_CRYPTO_CB
|
---|
320 | hmac->keyRaw = key; /* use buffer directly */
|
---|
321 | hmac->keyLen = length;
|
---|
322 | #endif
|
---|
323 |
|
---|
324 | ip = (byte*)hmac->ipad;
|
---|
325 | op = (byte*)hmac->opad;
|
---|
326 |
|
---|
327 | switch (hmac->macType) {
|
---|
328 | #ifndef NO_MD5
|
---|
329 | case WC_MD5:
|
---|
330 | hmac_block_size = WC_MD5_BLOCK_SIZE;
|
---|
331 | if (length <= WC_MD5_BLOCK_SIZE) {
|
---|
332 | if (key != NULL) {
|
---|
333 | XMEMCPY(ip, key, length);
|
---|
334 | }
|
---|
335 | }
|
---|
336 | else {
|
---|
337 | ret = wc_Md5Update(&hmac->hash.md5, key, length);
|
---|
338 | if (ret != 0)
|
---|
339 | break;
|
---|
340 | ret = wc_Md5Final(&hmac->hash.md5, ip);
|
---|
341 | if (ret != 0)
|
---|
342 | break;
|
---|
343 | length = WC_MD5_DIGEST_SIZE;
|
---|
344 | }
|
---|
345 | break;
|
---|
346 | #endif /* !NO_MD5 */
|
---|
347 |
|
---|
348 | #ifndef NO_SHA
|
---|
349 | case WC_SHA:
|
---|
350 | hmac_block_size = WC_SHA_BLOCK_SIZE;
|
---|
351 | if (length <= WC_SHA_BLOCK_SIZE) {
|
---|
352 | if (key != NULL) {
|
---|
353 | XMEMCPY(ip, key, length);
|
---|
354 | }
|
---|
355 | }
|
---|
356 | else {
|
---|
357 | ret = wc_ShaUpdate(&hmac->hash.sha, key, length);
|
---|
358 | if (ret != 0)
|
---|
359 | break;
|
---|
360 | ret = wc_ShaFinal(&hmac->hash.sha, ip);
|
---|
361 | if (ret != 0)
|
---|
362 | break;
|
---|
363 |
|
---|
364 | length = WC_SHA_DIGEST_SIZE;
|
---|
365 | }
|
---|
366 | break;
|
---|
367 | #endif /* !NO_SHA */
|
---|
368 |
|
---|
369 | #ifdef WOLFSSL_SHA224
|
---|
370 | case WC_SHA224:
|
---|
371 | hmac_block_size = WC_SHA224_BLOCK_SIZE;
|
---|
372 | if (length <= WC_SHA224_BLOCK_SIZE) {
|
---|
373 | if (key != NULL) {
|
---|
374 | XMEMCPY(ip, key, length);
|
---|
375 | }
|
---|
376 | }
|
---|
377 | else {
|
---|
378 | ret = wc_Sha224Update(&hmac->hash.sha224, key, length);
|
---|
379 | if (ret != 0)
|
---|
380 | break;
|
---|
381 | ret = wc_Sha224Final(&hmac->hash.sha224, ip);
|
---|
382 | if (ret != 0)
|
---|
383 | break;
|
---|
384 |
|
---|
385 | length = WC_SHA224_DIGEST_SIZE;
|
---|
386 | }
|
---|
387 | break;
|
---|
388 | #endif /* WOLFSSL_SHA224 */
|
---|
389 | #ifndef NO_SHA256
|
---|
390 | case WC_SHA256:
|
---|
391 | hmac_block_size = WC_SHA256_BLOCK_SIZE;
|
---|
392 | if (length <= WC_SHA256_BLOCK_SIZE) {
|
---|
393 | if (key != NULL) {
|
---|
394 | XMEMCPY(ip, key, length);
|
---|
395 | }
|
---|
396 | }
|
---|
397 | else {
|
---|
398 | ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
|
---|
399 | if (ret != 0)
|
---|
400 | break;
|
---|
401 | ret = wc_Sha256Final(&hmac->hash.sha256, ip);
|
---|
402 | if (ret != 0)
|
---|
403 | break;
|
---|
404 |
|
---|
405 | length = WC_SHA256_DIGEST_SIZE;
|
---|
406 | }
|
---|
407 | break;
|
---|
408 | #endif /* !NO_SHA256 */
|
---|
409 |
|
---|
410 | #ifdef WOLFSSL_SHA384
|
---|
411 | case WC_SHA384:
|
---|
412 | hmac_block_size = WC_SHA384_BLOCK_SIZE;
|
---|
413 | if (length <= WC_SHA384_BLOCK_SIZE) {
|
---|
414 | if (key != NULL) {
|
---|
415 | XMEMCPY(ip, key, length);
|
---|
416 | }
|
---|
417 | }
|
---|
418 | else {
|
---|
419 | ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
|
---|
420 | if (ret != 0)
|
---|
421 | break;
|
---|
422 | ret = wc_Sha384Final(&hmac->hash.sha384, ip);
|
---|
423 | if (ret != 0)
|
---|
424 | break;
|
---|
425 |
|
---|
426 | length = WC_SHA384_DIGEST_SIZE;
|
---|
427 | }
|
---|
428 | break;
|
---|
429 | #endif /* WOLFSSL_SHA384 */
|
---|
430 | #ifdef WOLFSSL_SHA512
|
---|
431 | case WC_SHA512:
|
---|
432 | hmac_block_size = WC_SHA512_BLOCK_SIZE;
|
---|
433 | if (length <= WC_SHA512_BLOCK_SIZE) {
|
---|
434 | if (key != NULL) {
|
---|
435 | XMEMCPY(ip, key, length);
|
---|
436 | }
|
---|
437 | }
|
---|
438 | else {
|
---|
439 | ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
|
---|
440 | if (ret != 0)
|
---|
441 | break;
|
---|
442 | ret = wc_Sha512Final(&hmac->hash.sha512, ip);
|
---|
443 | if (ret != 0)
|
---|
444 | break;
|
---|
445 |
|
---|
446 | length = WC_SHA512_DIGEST_SIZE;
|
---|
447 | }
|
---|
448 | break;
|
---|
449 | #endif /* WOLFSSL_SHA512 */
|
---|
450 |
|
---|
451 | #ifdef WOLFSSL_SHA3
|
---|
452 | #ifndef WOLFSSL_NOSHA3_224
|
---|
453 | case WC_SHA3_224:
|
---|
454 | hmac_block_size = WC_SHA3_224_BLOCK_SIZE;
|
---|
455 | if (length <= WC_SHA3_224_BLOCK_SIZE) {
|
---|
456 | if (key != NULL) {
|
---|
457 | XMEMCPY(ip, key, length);
|
---|
458 | }
|
---|
459 | }
|
---|
460 | else {
|
---|
461 | ret = wc_Sha3_224_Update(&hmac->hash.sha3, key, length);
|
---|
462 | if (ret != 0)
|
---|
463 | break;
|
---|
464 | ret = wc_Sha3_224_Final(&hmac->hash.sha3, ip);
|
---|
465 | if (ret != 0)
|
---|
466 | break;
|
---|
467 |
|
---|
468 | length = WC_SHA3_224_DIGEST_SIZE;
|
---|
469 | }
|
---|
470 | break;
|
---|
471 | #endif
|
---|
472 | #ifndef WOLFSSL_NOSHA3_256
|
---|
473 | case WC_SHA3_256:
|
---|
474 | hmac_block_size = WC_SHA3_256_BLOCK_SIZE;
|
---|
475 | if (length <= WC_SHA3_256_BLOCK_SIZE) {
|
---|
476 | if (key != NULL) {
|
---|
477 | XMEMCPY(ip, key, length);
|
---|
478 | }
|
---|
479 | }
|
---|
480 | else {
|
---|
481 | ret = wc_Sha3_256_Update(&hmac->hash.sha3, key, length);
|
---|
482 | if (ret != 0)
|
---|
483 | break;
|
---|
484 | ret = wc_Sha3_256_Final(&hmac->hash.sha3, ip);
|
---|
485 | if (ret != 0)
|
---|
486 | break;
|
---|
487 |
|
---|
488 | length = WC_SHA3_256_DIGEST_SIZE;
|
---|
489 | }
|
---|
490 | break;
|
---|
491 | #endif
|
---|
492 | #ifndef WOLFSSL_NOSHA3_384
|
---|
493 | case WC_SHA3_384:
|
---|
494 | hmac_block_size = WC_SHA3_384_BLOCK_SIZE;
|
---|
495 | if (length <= WC_SHA3_384_BLOCK_SIZE) {
|
---|
496 | if (key != NULL) {
|
---|
497 | XMEMCPY(ip, key, length);
|
---|
498 | }
|
---|
499 | }
|
---|
500 | else {
|
---|
501 | ret = wc_Sha3_384_Update(&hmac->hash.sha3, key, length);
|
---|
502 | if (ret != 0)
|
---|
503 | break;
|
---|
504 | ret = wc_Sha3_384_Final(&hmac->hash.sha3, ip);
|
---|
505 | if (ret != 0)
|
---|
506 | break;
|
---|
507 |
|
---|
508 | length = WC_SHA3_384_DIGEST_SIZE;
|
---|
509 | }
|
---|
510 | break;
|
---|
511 | #endif
|
---|
512 | #ifndef WOLFSSL_NOSHA3_512
|
---|
513 | case WC_SHA3_512:
|
---|
514 | hmac_block_size = WC_SHA3_512_BLOCK_SIZE;
|
---|
515 | if (length <= WC_SHA3_512_BLOCK_SIZE) {
|
---|
516 | if (key != NULL) {
|
---|
517 | XMEMCPY(ip, key, length);
|
---|
518 | }
|
---|
519 | }
|
---|
520 | else {
|
---|
521 | ret = wc_Sha3_512_Update(&hmac->hash.sha3, key, length);
|
---|
522 | if (ret != 0)
|
---|
523 | break;
|
---|
524 | ret = wc_Sha3_512_Final(&hmac->hash.sha3, ip);
|
---|
525 | if (ret != 0)
|
---|
526 | break;
|
---|
527 |
|
---|
528 | length = WC_SHA3_512_DIGEST_SIZE;
|
---|
529 | }
|
---|
530 | break;
|
---|
531 | #endif
|
---|
532 | #endif /* WOLFSSL_SHA3 */
|
---|
533 |
|
---|
534 | default:
|
---|
535 | return BAD_FUNC_ARG;
|
---|
536 | }
|
---|
537 |
|
---|
538 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
---|
539 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
---|
540 | #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
|
---|
541 | #ifdef HAVE_INTEL_QA
|
---|
542 | if (IntelQaHmacGetType(hmac->macType, NULL) == 0)
|
---|
543 | #endif
|
---|
544 | {
|
---|
545 | if (length > hmac_block_size)
|
---|
546 | length = hmac_block_size;
|
---|
547 | /* update key length */
|
---|
548 | hmac->keyLen = (word16)length;
|
---|
549 |
|
---|
550 | return ret;
|
---|
551 | }
|
---|
552 | /* no need to pad below */
|
---|
553 | #endif
|
---|
554 | }
|
---|
555 | #endif
|
---|
556 |
|
---|
557 | if (ret == 0) {
|
---|
558 | if (length < hmac_block_size)
|
---|
559 | XMEMSET(ip + length, 0, hmac_block_size - length);
|
---|
560 |
|
---|
561 | for(i = 0; i < hmac_block_size; i++) {
|
---|
562 | op[i] = ip[i] ^ OPAD;
|
---|
563 | ip[i] ^= IPAD;
|
---|
564 | }
|
---|
565 | }
|
---|
566 |
|
---|
567 | return ret;
|
---|
568 | }
|
---|
569 |
|
---|
570 |
|
---|
571 | static int HmacKeyInnerHash(Hmac* hmac)
|
---|
572 | {
|
---|
573 | int ret = 0;
|
---|
574 |
|
---|
575 | switch (hmac->macType) {
|
---|
576 | #ifndef NO_MD5
|
---|
577 | case WC_MD5:
|
---|
578 | ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->ipad,
|
---|
579 | WC_MD5_BLOCK_SIZE);
|
---|
580 | break;
|
---|
581 | #endif /* !NO_MD5 */
|
---|
582 |
|
---|
583 | #ifndef NO_SHA
|
---|
584 | case WC_SHA:
|
---|
585 | ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->ipad,
|
---|
586 | WC_SHA_BLOCK_SIZE);
|
---|
587 | break;
|
---|
588 | #endif /* !NO_SHA */
|
---|
589 |
|
---|
590 | #ifdef WOLFSSL_SHA224
|
---|
591 | case WC_SHA224:
|
---|
592 | ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->ipad,
|
---|
593 | WC_SHA224_BLOCK_SIZE);
|
---|
594 | break;
|
---|
595 | #endif /* WOLFSSL_SHA224 */
|
---|
596 | #ifndef NO_SHA256
|
---|
597 | case WC_SHA256:
|
---|
598 | ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->ipad,
|
---|
599 | WC_SHA256_BLOCK_SIZE);
|
---|
600 | break;
|
---|
601 | #endif /* !NO_SHA256 */
|
---|
602 |
|
---|
603 | #ifdef WOLFSSL_SHA384
|
---|
604 | case WC_SHA384:
|
---|
605 | ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->ipad,
|
---|
606 | WC_SHA384_BLOCK_SIZE);
|
---|
607 | break;
|
---|
608 | #endif /* WOLFSSL_SHA384 */
|
---|
609 | #ifdef WOLFSSL_SHA512
|
---|
610 | case WC_SHA512:
|
---|
611 | ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->ipad,
|
---|
612 | WC_SHA512_BLOCK_SIZE);
|
---|
613 | break;
|
---|
614 | #endif /* WOLFSSL_SHA512 */
|
---|
615 |
|
---|
616 | #ifdef WOLFSSL_SHA3
|
---|
617 | #ifndef WOLFSSL_NOSHA3_224
|
---|
618 | case WC_SHA3_224:
|
---|
619 | ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
|
---|
620 | WC_SHA3_224_BLOCK_SIZE);
|
---|
621 | break;
|
---|
622 | #endif
|
---|
623 | #ifndef WOLFSSL_NOSHA3_256
|
---|
624 | case WC_SHA3_256:
|
---|
625 | ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
|
---|
626 | WC_SHA3_256_BLOCK_SIZE);
|
---|
627 | break;
|
---|
628 | #endif
|
---|
629 | #ifndef WOLFSSL_NOSHA3_384
|
---|
630 | case WC_SHA3_384:
|
---|
631 | ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
|
---|
632 | WC_SHA3_384_BLOCK_SIZE);
|
---|
633 | break;
|
---|
634 | #endif
|
---|
635 | #ifndef WOLFSSL_NOSHA3_512
|
---|
636 | case WC_SHA3_512:
|
---|
637 | ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
|
---|
638 | WC_SHA3_512_BLOCK_SIZE);
|
---|
639 | break;
|
---|
640 | #endif
|
---|
641 | #endif /* WOLFSSL_SHA3 */
|
---|
642 |
|
---|
643 | default:
|
---|
644 | break;
|
---|
645 | }
|
---|
646 |
|
---|
647 | if (ret == 0)
|
---|
648 | hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
|
---|
649 |
|
---|
650 | return ret;
|
---|
651 | }
|
---|
652 |
|
---|
653 |
|
---|
654 | int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
|
---|
655 | {
|
---|
656 | int ret = 0;
|
---|
657 |
|
---|
658 | if (hmac == NULL || (msg == NULL && length > 0)) {
|
---|
659 | return BAD_FUNC_ARG;
|
---|
660 | }
|
---|
661 |
|
---|
662 | #ifdef WOLF_CRYPTO_CB
|
---|
663 | if (hmac->devId != INVALID_DEVID) {
|
---|
664 | ret = wc_CryptoCb_Hmac(hmac, hmac->macType, msg, length, NULL);
|
---|
665 | if (ret != CRYPTOCB_UNAVAILABLE)
|
---|
666 | return ret;
|
---|
667 | /* fall-through when unavailable */
|
---|
668 | ret = 0; /* reset error code */
|
---|
669 | }
|
---|
670 | #endif
|
---|
671 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
---|
672 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
---|
673 | #if defined(HAVE_CAVIUM)
|
---|
674 | return NitroxHmacUpdate(hmac, msg, length);
|
---|
675 | #elif defined(HAVE_INTEL_QA)
|
---|
676 | if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
|
---|
677 | return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
---|
678 | (byte*)hmac->ipad, hmac->keyLen, NULL, msg, length);
|
---|
679 | }
|
---|
680 | #endif
|
---|
681 | }
|
---|
682 | #endif /* WOLFSSL_ASYNC_CRYPT */
|
---|
683 |
|
---|
684 | if (!hmac->innerHashKeyed) {
|
---|
685 | ret = HmacKeyInnerHash(hmac);
|
---|
686 | if (ret != 0)
|
---|
687 | return ret;
|
---|
688 | }
|
---|
689 |
|
---|
690 | switch (hmac->macType) {
|
---|
691 | #ifndef NO_MD5
|
---|
692 | case WC_MD5:
|
---|
693 | ret = wc_Md5Update(&hmac->hash.md5, msg, length);
|
---|
694 | break;
|
---|
695 | #endif /* !NO_MD5 */
|
---|
696 |
|
---|
697 | #ifndef NO_SHA
|
---|
698 | case WC_SHA:
|
---|
699 | ret = wc_ShaUpdate(&hmac->hash.sha, msg, length);
|
---|
700 | break;
|
---|
701 | #endif /* !NO_SHA */
|
---|
702 |
|
---|
703 | #ifdef WOLFSSL_SHA224
|
---|
704 | case WC_SHA224:
|
---|
705 | ret = wc_Sha224Update(&hmac->hash.sha224, msg, length);
|
---|
706 | break;
|
---|
707 | #endif /* WOLFSSL_SHA224 */
|
---|
708 |
|
---|
709 | #ifndef NO_SHA256
|
---|
710 | case WC_SHA256:
|
---|
711 | ret = wc_Sha256Update(&hmac->hash.sha256, msg, length);
|
---|
712 | break;
|
---|
713 | #endif /* !NO_SHA256 */
|
---|
714 |
|
---|
715 | #ifdef WOLFSSL_SHA384
|
---|
716 | case WC_SHA384:
|
---|
717 | ret = wc_Sha384Update(&hmac->hash.sha384, msg, length);
|
---|
718 | break;
|
---|
719 | #endif /* WOLFSSL_SHA384 */
|
---|
720 | #ifdef WOLFSSL_SHA512
|
---|
721 | case WC_SHA512:
|
---|
722 | ret = wc_Sha512Update(&hmac->hash.sha512, msg, length);
|
---|
723 | break;
|
---|
724 | #endif /* WOLFSSL_SHA512 */
|
---|
725 |
|
---|
726 | #ifdef WOLFSSL_SHA3
|
---|
727 | #ifndef WOLFSSL_NOSHA3_224
|
---|
728 | case WC_SHA3_224:
|
---|
729 | ret = wc_Sha3_224_Update(&hmac->hash.sha3, msg, length);
|
---|
730 | break;
|
---|
731 | #endif
|
---|
732 | #ifndef WOLFSSL_NOSHA3_256
|
---|
733 | case WC_SHA3_256:
|
---|
734 | ret = wc_Sha3_256_Update(&hmac->hash.sha3, msg, length);
|
---|
735 | break;
|
---|
736 | #endif
|
---|
737 | #ifndef WOLFSSL_NOSHA3_384
|
---|
738 | case WC_SHA3_384:
|
---|
739 | ret = wc_Sha3_384_Update(&hmac->hash.sha3, msg, length);
|
---|
740 | break;
|
---|
741 | #endif
|
---|
742 | #ifndef WOLFSSL_NOSHA3_512
|
---|
743 | case WC_SHA3_512:
|
---|
744 | ret = wc_Sha3_512_Update(&hmac->hash.sha3, msg, length);
|
---|
745 | break;
|
---|
746 | #endif
|
---|
747 | #endif /* WOLFSSL_SHA3 */
|
---|
748 |
|
---|
749 | default:
|
---|
750 | break;
|
---|
751 | }
|
---|
752 |
|
---|
753 | return ret;
|
---|
754 | }
|
---|
755 |
|
---|
756 |
|
---|
757 | int wc_HmacFinal(Hmac* hmac, byte* hash)
|
---|
758 | {
|
---|
759 | int ret;
|
---|
760 |
|
---|
761 | if (hmac == NULL || hash == NULL) {
|
---|
762 | return BAD_FUNC_ARG;
|
---|
763 | }
|
---|
764 |
|
---|
765 | #ifdef WOLF_CRYPTO_CB
|
---|
766 | if (hmac->devId != INVALID_DEVID) {
|
---|
767 | ret = wc_CryptoCb_Hmac(hmac, hmac->macType, NULL, 0, hash);
|
---|
768 | if (ret != CRYPTOCB_UNAVAILABLE)
|
---|
769 | return ret;
|
---|
770 | /* fall-through when unavailable */
|
---|
771 | }
|
---|
772 | #endif
|
---|
773 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
---|
774 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
---|
775 | int hashLen = wc_HmacSizeByType(hmac->macType);
|
---|
776 | if (hashLen <= 0)
|
---|
777 | return hashLen;
|
---|
778 |
|
---|
779 | #if defined(HAVE_CAVIUM)
|
---|
780 | return NitroxHmacFinal(hmac, hash, hashLen);
|
---|
781 | #elif defined(HAVE_INTEL_QA)
|
---|
782 | if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
|
---|
783 | return IntelQaHmac(&hmac->asyncDev, hmac->macType,
|
---|
784 | (byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
|
---|
785 | }
|
---|
786 | #endif
|
---|
787 | }
|
---|
788 | #endif /* WOLFSSL_ASYNC_CRYPT */
|
---|
789 |
|
---|
790 | if (!hmac->innerHashKeyed) {
|
---|
791 | ret = HmacKeyInnerHash(hmac);
|
---|
792 | if (ret != 0)
|
---|
793 | return ret;
|
---|
794 | }
|
---|
795 |
|
---|
796 | switch (hmac->macType) {
|
---|
797 | #ifndef NO_MD5
|
---|
798 | case WC_MD5:
|
---|
799 | ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash);
|
---|
800 | if (ret != 0)
|
---|
801 | break;
|
---|
802 | ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad,
|
---|
803 | WC_MD5_BLOCK_SIZE);
|
---|
804 | if (ret != 0)
|
---|
805 | break;
|
---|
806 | ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash,
|
---|
807 | WC_MD5_DIGEST_SIZE);
|
---|
808 | if (ret != 0)
|
---|
809 | break;
|
---|
810 | ret = wc_Md5Final(&hmac->hash.md5, hash);
|
---|
811 | break;
|
---|
812 | #endif /* !NO_MD5 */
|
---|
813 |
|
---|
814 | #ifndef NO_SHA
|
---|
815 | case WC_SHA:
|
---|
816 | ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash);
|
---|
817 | if (ret != 0)
|
---|
818 | break;
|
---|
819 | ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
|
---|
820 | WC_SHA_BLOCK_SIZE);
|
---|
821 | if (ret != 0)
|
---|
822 | break;
|
---|
823 | ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
|
---|
824 | WC_SHA_DIGEST_SIZE);
|
---|
825 | if (ret != 0)
|
---|
826 | break;
|
---|
827 | ret = wc_ShaFinal(&hmac->hash.sha, hash);
|
---|
828 | break;
|
---|
829 | #endif /* !NO_SHA */
|
---|
830 |
|
---|
831 | #ifdef WOLFSSL_SHA224
|
---|
832 | case WC_SHA224:
|
---|
833 | ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash);
|
---|
834 | if (ret != 0)
|
---|
835 | break;
|
---|
836 | ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad,
|
---|
837 | WC_SHA224_BLOCK_SIZE);
|
---|
838 | if (ret != 0)
|
---|
839 | break;
|
---|
840 | ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash,
|
---|
841 | WC_SHA224_DIGEST_SIZE);
|
---|
842 | if (ret != 0)
|
---|
843 | break;
|
---|
844 | ret = wc_Sha224Final(&hmac->hash.sha224, hash);
|
---|
845 | if (ret != 0)
|
---|
846 | break;
|
---|
847 | break;
|
---|
848 | #endif /* WOLFSSL_SHA224 */
|
---|
849 | #ifndef NO_SHA256
|
---|
850 | case WC_SHA256:
|
---|
851 | ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash);
|
---|
852 | if (ret != 0)
|
---|
853 | break;
|
---|
854 | ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
|
---|
855 | WC_SHA256_BLOCK_SIZE);
|
---|
856 | if (ret != 0)
|
---|
857 | break;
|
---|
858 | ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash,
|
---|
859 | WC_SHA256_DIGEST_SIZE);
|
---|
860 | if (ret != 0)
|
---|
861 | break;
|
---|
862 | ret = wc_Sha256Final(&hmac->hash.sha256, hash);
|
---|
863 | break;
|
---|
864 | #endif /* !NO_SHA256 */
|
---|
865 |
|
---|
866 | #ifdef WOLFSSL_SHA384
|
---|
867 | case WC_SHA384:
|
---|
868 | ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash);
|
---|
869 | if (ret != 0)
|
---|
870 | break;
|
---|
871 | ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
|
---|
872 | WC_SHA384_BLOCK_SIZE);
|
---|
873 | if (ret != 0)
|
---|
874 | break;
|
---|
875 | ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash,
|
---|
876 | WC_SHA384_DIGEST_SIZE);
|
---|
877 | if (ret != 0)
|
---|
878 | break;
|
---|
879 | ret = wc_Sha384Final(&hmac->hash.sha384, hash);
|
---|
880 | break;
|
---|
881 | #endif /* WOLFSSL_SHA384 */
|
---|
882 | #ifdef WOLFSSL_SHA512
|
---|
883 | case WC_SHA512:
|
---|
884 | ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash);
|
---|
885 | if (ret != 0)
|
---|
886 | break;
|
---|
887 | ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad,
|
---|
888 | WC_SHA512_BLOCK_SIZE);
|
---|
889 | if (ret != 0)
|
---|
890 | break;
|
---|
891 | ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash,
|
---|
892 | WC_SHA512_DIGEST_SIZE);
|
---|
893 | if (ret != 0)
|
---|
894 | break;
|
---|
895 | ret = wc_Sha512Final(&hmac->hash.sha512, hash);
|
---|
896 | break;
|
---|
897 | #endif /* WOLFSSL_SHA512 */
|
---|
898 |
|
---|
899 | #ifdef WOLFSSL_SHA3
|
---|
900 | #ifndef WOLFSSL_NOSHA3_224
|
---|
901 | case WC_SHA3_224:
|
---|
902 | ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
|
---|
903 | if (ret != 0)
|
---|
904 | break;
|
---|
905 | ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->opad,
|
---|
906 | WC_SHA3_224_BLOCK_SIZE);
|
---|
907 | if (ret != 0)
|
---|
908 | break;
|
---|
909 | ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
|
---|
910 | WC_SHA3_224_DIGEST_SIZE);
|
---|
911 | if (ret != 0)
|
---|
912 | break;
|
---|
913 | ret = wc_Sha3_224_Final(&hmac->hash.sha3, hash);
|
---|
914 | break;
|
---|
915 | #endif
|
---|
916 | #ifndef WOLFSSL_NOSHA3_256
|
---|
917 | case WC_SHA3_256:
|
---|
918 | ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
|
---|
919 | if (ret != 0)
|
---|
920 | break;
|
---|
921 | ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->opad,
|
---|
922 | WC_SHA3_256_BLOCK_SIZE);
|
---|
923 | if (ret != 0)
|
---|
924 | break;
|
---|
925 | ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
|
---|
926 | WC_SHA3_256_DIGEST_SIZE);
|
---|
927 | if (ret != 0)
|
---|
928 | break;
|
---|
929 | ret = wc_Sha3_256_Final(&hmac->hash.sha3, hash);
|
---|
930 | break;
|
---|
931 | #endif
|
---|
932 | #ifndef WOLFSSL_NOSHA3_384
|
---|
933 | case WC_SHA3_384:
|
---|
934 | ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
|
---|
935 | if (ret != 0)
|
---|
936 | break;
|
---|
937 | ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->opad,
|
---|
938 | WC_SHA3_384_BLOCK_SIZE);
|
---|
939 | if (ret != 0)
|
---|
940 | break;
|
---|
941 | ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
|
---|
942 | WC_SHA3_384_DIGEST_SIZE);
|
---|
943 | if (ret != 0)
|
---|
944 | break;
|
---|
945 | ret = wc_Sha3_384_Final(&hmac->hash.sha3, hash);
|
---|
946 | break;
|
---|
947 | #endif
|
---|
948 | #ifndef WOLFSSL_NOSHA3_512
|
---|
949 | case WC_SHA3_512:
|
---|
950 | ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
|
---|
951 | if (ret != 0)
|
---|
952 | break;
|
---|
953 | ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->opad,
|
---|
954 | WC_SHA3_512_BLOCK_SIZE);
|
---|
955 | if (ret != 0)
|
---|
956 | break;
|
---|
957 | ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
|
---|
958 | WC_SHA3_512_DIGEST_SIZE);
|
---|
959 | if (ret != 0)
|
---|
960 | break;
|
---|
961 | ret = wc_Sha3_512_Final(&hmac->hash.sha3, hash);
|
---|
962 | break;
|
---|
963 | #endif
|
---|
964 | #endif /* WOLFSSL_SHA3 */
|
---|
965 |
|
---|
966 | default:
|
---|
967 | ret = BAD_FUNC_ARG;
|
---|
968 | break;
|
---|
969 | }
|
---|
970 |
|
---|
971 | if (ret == 0) {
|
---|
972 | hmac->innerHashKeyed = 0;
|
---|
973 | }
|
---|
974 |
|
---|
975 | return ret;
|
---|
976 | }
|
---|
977 |
|
---|
978 |
|
---|
979 | /* Initialize Hmac for use with async device */
|
---|
980 | int wc_HmacInit(Hmac* hmac, void* heap, int devId)
|
---|
981 | {
|
---|
982 | int ret = 0;
|
---|
983 |
|
---|
984 | if (hmac == NULL)
|
---|
985 | return BAD_FUNC_ARG;
|
---|
986 |
|
---|
987 | XMEMSET(hmac, 0, sizeof(Hmac));
|
---|
988 | hmac->macType = WC_HASH_TYPE_NONE;
|
---|
989 | hmac->heap = heap;
|
---|
990 | #ifdef WOLF_CRYPTO_CB
|
---|
991 | hmac->devId = devId;
|
---|
992 | hmac->devCtx = NULL;
|
---|
993 | #endif
|
---|
994 |
|
---|
995 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
---|
996 | ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC,
|
---|
997 | hmac->heap, devId);
|
---|
998 | #else
|
---|
999 | (void)devId;
|
---|
1000 | #endif /* WOLFSSL_ASYNC_CRYPT */
|
---|
1001 |
|
---|
1002 | return ret;
|
---|
1003 | }
|
---|
1004 |
|
---|
1005 | #ifdef HAVE_PKCS11
|
---|
1006 | int wc_HmacInit_Id(Hmac* hmac, unsigned char* id, int len, void* heap,
|
---|
1007 | int devId)
|
---|
1008 | {
|
---|
1009 | int ret = 0;
|
---|
1010 |
|
---|
1011 | if (hmac == NULL)
|
---|
1012 | ret = BAD_FUNC_ARG;
|
---|
1013 | if (ret == 0 && (len < 0 || len > HMAC_MAX_ID_LEN))
|
---|
1014 | ret = BUFFER_E;
|
---|
1015 |
|
---|
1016 | if (ret == 0)
|
---|
1017 | ret = wc_HmacInit(hmac, heap, devId);
|
---|
1018 | if (ret == 0) {
|
---|
1019 | XMEMCPY(hmac->id, id, len);
|
---|
1020 | hmac->idLen = len;
|
---|
1021 | }
|
---|
1022 |
|
---|
1023 | return ret;
|
---|
1024 | }
|
---|
1025 | #endif
|
---|
1026 |
|
---|
1027 | /* Free Hmac from use with async device */
|
---|
1028 | void wc_HmacFree(Hmac* hmac)
|
---|
1029 | {
|
---|
1030 | if (hmac == NULL)
|
---|
1031 | return;
|
---|
1032 |
|
---|
1033 | #ifdef WOLF_CRYPTO_CB
|
---|
1034 | /* handle cleanup case where final is not called */
|
---|
1035 | if (hmac->devId != INVALID_DEVID && hmac->devCtx != NULL) {
|
---|
1036 | int ret;
|
---|
1037 | byte finalHash[WC_HMAC_BLOCK_SIZE];
|
---|
1038 | ret = wc_CryptoCb_Hmac(hmac, hmac->macType, NULL, 0, finalHash);
|
---|
1039 | (void)ret; /* must ignore return code here */
|
---|
1040 | (void)finalHash;
|
---|
1041 | }
|
---|
1042 | #endif
|
---|
1043 |
|
---|
1044 | switch (hmac->macType) {
|
---|
1045 | #ifndef NO_MD5
|
---|
1046 | case WC_MD5:
|
---|
1047 | wc_Md5Free(&hmac->hash.md5);
|
---|
1048 | break;
|
---|
1049 | #endif /* !NO_MD5 */
|
---|
1050 |
|
---|
1051 | #ifndef NO_SHA
|
---|
1052 | case WC_SHA:
|
---|
1053 | wc_ShaFree(&hmac->hash.sha);
|
---|
1054 | break;
|
---|
1055 | #endif /* !NO_SHA */
|
---|
1056 |
|
---|
1057 | #ifdef WOLFSSL_SHA224
|
---|
1058 | case WC_SHA224:
|
---|
1059 | wc_Sha224Free(&hmac->hash.sha224);
|
---|
1060 | break;
|
---|
1061 | #endif /* WOLFSSL_SHA224 */
|
---|
1062 | #ifndef NO_SHA256
|
---|
1063 | case WC_SHA256:
|
---|
1064 | wc_Sha256Free(&hmac->hash.sha256);
|
---|
1065 | break;
|
---|
1066 | #endif /* !NO_SHA256 */
|
---|
1067 |
|
---|
1068 | #ifdef WOLFSSL_SHA384
|
---|
1069 | case WC_SHA384:
|
---|
1070 | wc_Sha384Free(&hmac->hash.sha384);
|
---|
1071 | break;
|
---|
1072 | #endif /* WOLFSSL_SHA384 */
|
---|
1073 | #ifdef WOLFSSL_SHA512
|
---|
1074 | case WC_SHA512:
|
---|
1075 | wc_Sha512Free(&hmac->hash.sha512);
|
---|
1076 | break;
|
---|
1077 | #endif /* WOLFSSL_SHA512 */
|
---|
1078 |
|
---|
1079 | #ifdef WOLFSSL_SHA3
|
---|
1080 | #ifndef WOLFSSL_NOSHA3_224
|
---|
1081 | case WC_SHA3_224:
|
---|
1082 | wc_Sha3_224_Free(&hmac->hash.sha3);
|
---|
1083 | break;
|
---|
1084 | #endif
|
---|
1085 | #ifndef WOLFSSL_NOSHA3_256
|
---|
1086 | case WC_SHA3_256:
|
---|
1087 | wc_Sha3_256_Free(&hmac->hash.sha3);
|
---|
1088 | break;
|
---|
1089 | #endif
|
---|
1090 | #ifndef WOLFSSL_NOSHA3_384
|
---|
1091 | case WC_SHA3_384:
|
---|
1092 | wc_Sha3_384_Free(&hmac->hash.sha3);
|
---|
1093 | break;
|
---|
1094 | #endif
|
---|
1095 | #ifndef WOLFSSL_NOSHA3_512
|
---|
1096 | case WC_SHA3_512:
|
---|
1097 | wc_Sha3_512_Free(&hmac->hash.sha3);
|
---|
1098 | break;
|
---|
1099 | #endif
|
---|
1100 | #endif /* WOLFSSL_SHA3 */
|
---|
1101 |
|
---|
1102 | default:
|
---|
1103 | break;
|
---|
1104 | }
|
---|
1105 |
|
---|
1106 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
---|
1107 | wolfAsync_DevCtxFree(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC);
|
---|
1108 | #endif /* WOLFSSL_ASYNC_CRYPT */
|
---|
1109 |
|
---|
1110 | switch (hmac->macType) {
|
---|
1111 | #ifndef NO_MD5
|
---|
1112 | case WC_MD5:
|
---|
1113 | wc_Md5Free(&hmac->hash.md5);
|
---|
1114 | break;
|
---|
1115 | #endif /* !NO_MD5 */
|
---|
1116 |
|
---|
1117 | #ifndef NO_SHA
|
---|
1118 | case WC_SHA:
|
---|
1119 | wc_ShaFree(&hmac->hash.sha);
|
---|
1120 | break;
|
---|
1121 | #endif /* !NO_SHA */
|
---|
1122 |
|
---|
1123 | #ifdef WOLFSSL_SHA224
|
---|
1124 | case WC_SHA224:
|
---|
1125 | wc_Sha224Free(&hmac->hash.sha224);
|
---|
1126 | break;
|
---|
1127 | #endif /* WOLFSSL_SHA224 */
|
---|
1128 | #ifndef NO_SHA256
|
---|
1129 | case WC_SHA256:
|
---|
1130 | wc_Sha256Free(&hmac->hash.sha256);
|
---|
1131 | break;
|
---|
1132 | #endif /* !NO_SHA256 */
|
---|
1133 |
|
---|
1134 | #ifdef WOLFSSL_SHA512
|
---|
1135 | #ifdef WOLFSSL_SHA384
|
---|
1136 | case WC_SHA384:
|
---|
1137 | wc_Sha384Free(&hmac->hash.sha384);
|
---|
1138 | break;
|
---|
1139 | #endif /* WOLFSSL_SHA384 */
|
---|
1140 | case WC_SHA512:
|
---|
1141 | wc_Sha512Free(&hmac->hash.sha512);
|
---|
1142 | break;
|
---|
1143 | #endif /* WOLFSSL_SHA512 */
|
---|
1144 | }
|
---|
1145 | }
|
---|
1146 |
|
---|
1147 | int wolfSSL_GetHmacMaxSize(void)
|
---|
1148 | {
|
---|
1149 | return WC_MAX_DIGEST_SIZE;
|
---|
1150 | }
|
---|
1151 |
|
---|
1152 | #ifdef HAVE_HKDF
|
---|
1153 | /* HMAC-KDF-Extract.
|
---|
1154 | * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
|
---|
1155 | *
|
---|
1156 | * type The hash algorithm type.
|
---|
1157 | * salt The optional salt value.
|
---|
1158 | * saltSz The size of the salt.
|
---|
1159 | * inKey The input keying material.
|
---|
1160 | * inKeySz The size of the input keying material.
|
---|
1161 | * out The pseudorandom key with the length that of the hash.
|
---|
1162 | * returns 0 on success, otherwise failure.
|
---|
1163 | */
|
---|
1164 | int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
|
---|
1165 | const byte* inKey, word32 inKeySz, byte* out)
|
---|
1166 | {
|
---|
1167 | byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
|
---|
1168 | Hmac myHmac;
|
---|
1169 | int ret;
|
---|
1170 | const byte* localSalt; /* either points to user input or tmp */
|
---|
1171 | int hashSz;
|
---|
1172 |
|
---|
1173 | ret = wc_HmacSizeByType(type);
|
---|
1174 | if (ret < 0)
|
---|
1175 | return ret;
|
---|
1176 |
|
---|
1177 | hashSz = ret;
|
---|
1178 | localSalt = salt;
|
---|
1179 | if (localSalt == NULL) {
|
---|
1180 | XMEMSET(tmp, 0, hashSz);
|
---|
1181 | localSalt = tmp;
|
---|
1182 | saltSz = hashSz;
|
---|
1183 | }
|
---|
1184 |
|
---|
1185 | ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
|
---|
1186 | if (ret == 0) {
|
---|
1187 | ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
|
---|
1188 | if (ret == 0)
|
---|
1189 | ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
|
---|
1190 | if (ret == 0)
|
---|
1191 | ret = wc_HmacFinal(&myHmac, out);
|
---|
1192 | wc_HmacFree(&myHmac);
|
---|
1193 | }
|
---|
1194 |
|
---|
1195 | return ret;
|
---|
1196 | }
|
---|
1197 |
|
---|
1198 | /* HMAC-KDF-Expand.
|
---|
1199 | * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
|
---|
1200 | *
|
---|
1201 | * type The hash algorithm type.
|
---|
1202 | * inKey The input key.
|
---|
1203 | * inKeySz The size of the input key.
|
---|
1204 | * info The application specific information.
|
---|
1205 | * infoSz The size of the application specific information.
|
---|
1206 | * out The output keying material.
|
---|
1207 | * returns 0 on success, otherwise failure.
|
---|
1208 | */
|
---|
1209 | int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
|
---|
1210 | const byte* info, word32 infoSz, byte* out, word32 outSz)
|
---|
1211 | {
|
---|
1212 | byte tmp[WC_MAX_DIGEST_SIZE];
|
---|
1213 | Hmac myHmac;
|
---|
1214 | int ret = 0;
|
---|
1215 | word32 outIdx = 0;
|
---|
1216 | word32 hashSz = wc_HmacSizeByType(type);
|
---|
1217 | byte n = 0x1;
|
---|
1218 |
|
---|
1219 | ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
|
---|
1220 | if (ret != 0)
|
---|
1221 | return ret;
|
---|
1222 |
|
---|
1223 | while (outIdx < outSz) {
|
---|
1224 | int tmpSz = (n == 1) ? 0 : hashSz;
|
---|
1225 | word32 left = outSz - outIdx;
|
---|
1226 |
|
---|
1227 | ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz);
|
---|
1228 | if (ret != 0)
|
---|
1229 | break;
|
---|
1230 | ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
|
---|
1231 | if (ret != 0)
|
---|
1232 | break;
|
---|
1233 | ret = wc_HmacUpdate(&myHmac, info, infoSz);
|
---|
1234 | if (ret != 0)
|
---|
1235 | break;
|
---|
1236 | ret = wc_HmacUpdate(&myHmac, &n, 1);
|
---|
1237 | if (ret != 0)
|
---|
1238 | break;
|
---|
1239 | ret = wc_HmacFinal(&myHmac, tmp);
|
---|
1240 | if (ret != 0)
|
---|
1241 | break;
|
---|
1242 |
|
---|
1243 | left = min(left, hashSz);
|
---|
1244 | XMEMCPY(out+outIdx, tmp, left);
|
---|
1245 |
|
---|
1246 | outIdx += hashSz;
|
---|
1247 | n++;
|
---|
1248 | }
|
---|
1249 |
|
---|
1250 | wc_HmacFree(&myHmac);
|
---|
1251 |
|
---|
1252 | return ret;
|
---|
1253 | }
|
---|
1254 |
|
---|
1255 | /* HMAC-KDF.
|
---|
1256 | * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
|
---|
1257 | *
|
---|
1258 | * type The hash algorithm type.
|
---|
1259 | * inKey The input keying material.
|
---|
1260 | * inKeySz The size of the input keying material.
|
---|
1261 | * salt The optional salt value.
|
---|
1262 | * saltSz The size of the salt.
|
---|
1263 | * info The application specific information.
|
---|
1264 | * infoSz The size of the application specific information.
|
---|
1265 | * out The output keying material.
|
---|
1266 | * returns 0 on success, otherwise failure.
|
---|
1267 | */
|
---|
1268 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
---|
1269 | const byte* salt, word32 saltSz,
|
---|
1270 | const byte* info, word32 infoSz,
|
---|
1271 | byte* out, word32 outSz)
|
---|
1272 | {
|
---|
1273 | byte prk[WC_MAX_DIGEST_SIZE];
|
---|
1274 | int hashSz = wc_HmacSizeByType(type);
|
---|
1275 | int ret;
|
---|
1276 |
|
---|
1277 | if (hashSz < 0)
|
---|
1278 | return BAD_FUNC_ARG;
|
---|
1279 |
|
---|
1280 | ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk);
|
---|
1281 | if (ret != 0)
|
---|
1282 | return ret;
|
---|
1283 |
|
---|
1284 | return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz);
|
---|
1285 | }
|
---|
1286 |
|
---|
1287 | #endif /* HAVE_HKDF */
|
---|
1288 |
|
---|
1289 | #endif /* HAVE_FIPS */
|
---|
1290 | #endif /* NO_HMAC */
|
---|