A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.
Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL
Diff: cyassl/ctaocrypt/hmac.h
- Revision:
- 0:b86d15c6ba29
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cyassl/ctaocrypt/hmac.h Mon Jan 19 21:45:42 2015 +0000 @@ -0,0 +1,201 @@ +/* hmac.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef NO_HMAC + +#ifndef CTAO_CRYPT_HMAC_H +#define CTAO_CRYPT_HMAC_H + +#include <cyassl/ctaocrypt/types.h> + +#ifndef NO_MD5 + #include <cyassl/ctaocrypt/md5.h> +#endif + +#ifndef NO_SHA + #include <cyassl/ctaocrypt/sha.h> +#endif + +#ifndef NO_SHA256 + #include <cyassl/ctaocrypt/sha256.h> +#endif + +#ifdef CYASSL_SHA512 + #include <cyassl/ctaocrypt/sha512.h> +#endif + +#ifdef HAVE_BLAKE2 + #include <cyassl/ctaocrypt/blake2.h> +#endif + +#ifdef HAVE_CAVIUM + #include <cyassl/ctaocrypt/logging.h> + #include "cavium_common.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005 + +enum { + HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */ + + IPAD = 0x36, + OPAD = 0x5C, + +/* If any hash is not enabled, add the ID here. */ +#ifdef NO_MD5 + MD5 = 0, +#endif +#ifdef NO_SHA + SHA = 1, +#endif +#ifdef NO_SHA256 + SHA256 = 2, +#endif +#ifndef CYASSL_SHA512 + SHA512 = 4, +#endif +#ifndef CYASSL_SHA384 + SHA384 = 5, +#endif +#ifndef HAVE_BLAKE2 + BLAKE2B_ID = 7, +#endif + +/* Select the largest available hash for the buffer size. */ +#if defined(CYASSL_SHA512) + MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE, + HMAC_BLOCK_SIZE = SHA512_BLOCK_SIZE +#elif defined(HAVE_BLAKE2) + MAX_DIGEST_SIZE = BLAKE2B_OUTBYTES, + HMAC_BLOCK_SIZE = BLAKE2B_BLOCKBYTES, +#elif defined(CYASSL_SHA384) + MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE, + HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE +#elif !defined(NO_SHA256) + MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE, + HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE +#elif !defined(NO_SHA) + MAX_DIGEST_SIZE = SHA_DIGEST_SIZE, + HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE +#elif !defined(NO_MD5) + MAX_DIGEST_SIZE = MD5_DIGEST_SIZE, + HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE +#else + #error "You have to have some kind of hash if you want to use HMAC." +#endif +}; + + +/* hash union */ +typedef union { + #ifndef NO_MD5 + Md5 md5; + #endif + #ifndef NO_SHA + Sha sha; + #endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + #endif + #ifdef CYASSL_SHA512 + Sha512 sha512; + #endif + #ifdef HAVE_BLAKE2 + Blake2b blake2b; + #endif +} Hash; + +/* Hmac digest */ +typedef struct Hmac { + Hash hash; + word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)]; + word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)]; + byte macType; /* md5 sha or sha256 */ + byte innerHashKeyed; /* keyed flag */ +#ifdef HAVE_CAVIUM + word16 keyLen; /* hmac key length */ + word16 dataLen; + HashType type; /* hmac key type */ + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ + byte* data; /* buffered input data for one call */ +#endif +} Hmac; + + +/* does init */ +CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); +CYASSL_API int HmacUpdate(Hmac*, const byte*, word32); +CYASSL_API int HmacFinal(Hmac*, byte*); + +#ifdef HAVE_CAVIUM + CYASSL_API int HmacInitCavium(Hmac*, int); + CYASSL_API void HmacFreeCavium(Hmac*); +#endif + +CYASSL_API int CyaSSL_GetHmacMaxSize(void); + + +#ifdef HAVE_HKDF + +CYASSL_API int HKDF(int type, const byte* inKey, word32 inKeySz, + const byte* salt, word32 saltSz, + const byte* info, word32 infoSz, + byte* out, word32 outSz); + +#endif /* HAVE_HKDF */ + + +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int HmacSetKey_fips(Hmac*, int type, const byte* key, + word32 keySz); + CYASSL_API int HmacUpdate_fips(Hmac*, const byte*, word32); + CYASSL_API int HmacFinal_fips(Hmac*, byte*); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define HmacSetKey HmacSetKey_fips + #define HmacUpdate HmacUpdate_fips + #define HmacFinal HmacFinal_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CTAO_CRYPT_HMAC_H */ + +#endif /* NO_HMAC */ +