Fork of CyaSSL for my specific settings

Dependents:   CyaSSL_Example

Fork of CyaSSL by wolf SSL

Committer:
d0773d
Date:
Tue Mar 03 22:52:52 2015 +0000
Revision:
4:28ac50e1d49c
Parent:
0:1239e9b70ca2
CyaSSL example

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* hmac.c
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:1239e9b70ca2 23 #include <config.h>
wolfSSL 0:1239e9b70ca2 24 #endif
wolfSSL 0:1239e9b70ca2 25
wolfSSL 0:1239e9b70ca2 26 #include <cyassl/ctaocrypt/settings.h>
wolfSSL 0:1239e9b70ca2 27
wolfSSL 0:1239e9b70ca2 28 #ifndef NO_HMAC
wolfSSL 0:1239e9b70ca2 29
wolfSSL 0:1239e9b70ca2 30 #ifdef CYASSL_PIC32MZ_HASH
wolfSSL 0:1239e9b70ca2 31
wolfSSL 0:1239e9b70ca2 32 #define InitMd5 InitMd5_sw
wolfSSL 0:1239e9b70ca2 33 #define Md5Update Md5Update_sw
wolfSSL 0:1239e9b70ca2 34 #define Md5Final Md5Final_sw
wolfSSL 0:1239e9b70ca2 35
wolfSSL 0:1239e9b70ca2 36 #define InitSha InitSha_sw
wolfSSL 0:1239e9b70ca2 37 #define ShaUpdate ShaUpdate_sw
wolfSSL 0:1239e9b70ca2 38 #define ShaFinal ShaFinal_sw
wolfSSL 0:1239e9b70ca2 39
wolfSSL 0:1239e9b70ca2 40 #define InitSha256 InitSha256_sw
wolfSSL 0:1239e9b70ca2 41 #define Sha256Update Sha256Update_sw
wolfSSL 0:1239e9b70ca2 42 #define Sha256Final Sha256Final_sw
wolfSSL 0:1239e9b70ca2 43
wolfSSL 0:1239e9b70ca2 44 #endif
wolfSSL 0:1239e9b70ca2 45
wolfSSL 0:1239e9b70ca2 46 #ifdef HAVE_FIPS
wolfSSL 0:1239e9b70ca2 47 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
wolfSSL 0:1239e9b70ca2 48 #define FIPS_NO_WRAPPERS
wolfSSL 0:1239e9b70ca2 49 #endif
wolfSSL 0:1239e9b70ca2 50
wolfSSL 0:1239e9b70ca2 51 #include <cyassl/ctaocrypt/hmac.h>
wolfSSL 0:1239e9b70ca2 52 #include <cyassl/ctaocrypt/error-crypt.h>
wolfSSL 0:1239e9b70ca2 53
wolfSSL 0:1239e9b70ca2 54
wolfSSL 0:1239e9b70ca2 55 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 56 static void HmacCaviumFinal(Hmac* hmac, byte* hash);
wolfSSL 0:1239e9b70ca2 57 static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length);
wolfSSL 0:1239e9b70ca2 58 static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
wolfSSL 0:1239e9b70ca2 59 word32 length);
wolfSSL 0:1239e9b70ca2 60 #endif
wolfSSL 0:1239e9b70ca2 61
wolfSSL 0:1239e9b70ca2 62 static int InitHmac(Hmac* hmac, int type)
wolfSSL 0:1239e9b70ca2 63 {
wolfSSL 0:1239e9b70ca2 64 int ret = 0;
wolfSSL 0:1239e9b70ca2 65
wolfSSL 0:1239e9b70ca2 66 hmac->innerHashKeyed = 0;
wolfSSL 0:1239e9b70ca2 67 hmac->macType = (byte)type;
wolfSSL 0:1239e9b70ca2 68
wolfSSL 0:1239e9b70ca2 69 if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
wolfSSL 0:1239e9b70ca2 70 || type == SHA512 || type == BLAKE2B_ID))
wolfSSL 0:1239e9b70ca2 71 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 72
wolfSSL 0:1239e9b70ca2 73 switch (type) {
wolfSSL 0:1239e9b70ca2 74 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 75 case MD5:
wolfSSL 0:1239e9b70ca2 76 InitMd5(&hmac->hash.md5);
wolfSSL 0:1239e9b70ca2 77 break;
wolfSSL 0:1239e9b70ca2 78 #endif
wolfSSL 0:1239e9b70ca2 79
wolfSSL 0:1239e9b70ca2 80 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 81 case SHA:
wolfSSL 0:1239e9b70ca2 82 ret = InitSha(&hmac->hash.sha);
wolfSSL 0:1239e9b70ca2 83 break;
wolfSSL 0:1239e9b70ca2 84 #endif
wolfSSL 0:1239e9b70ca2 85
wolfSSL 0:1239e9b70ca2 86 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 87 case SHA256:
wolfSSL 0:1239e9b70ca2 88 ret = InitSha256(&hmac->hash.sha256);
wolfSSL 0:1239e9b70ca2 89 break;
wolfSSL 0:1239e9b70ca2 90 #endif
wolfSSL 0:1239e9b70ca2 91
wolfSSL 0:1239e9b70ca2 92 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 93 case SHA384:
wolfSSL 0:1239e9b70ca2 94 ret = InitSha384(&hmac->hash.sha384);
wolfSSL 0:1239e9b70ca2 95 break;
wolfSSL 0:1239e9b70ca2 96 #endif
wolfSSL 0:1239e9b70ca2 97
wolfSSL 0:1239e9b70ca2 98 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 99 case SHA512:
wolfSSL 0:1239e9b70ca2 100 ret = InitSha512(&hmac->hash.sha512);
wolfSSL 0:1239e9b70ca2 101 break;
wolfSSL 0:1239e9b70ca2 102 #endif
wolfSSL 0:1239e9b70ca2 103
wolfSSL 0:1239e9b70ca2 104 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 105 case BLAKE2B_ID:
wolfSSL 0:1239e9b70ca2 106 ret = InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
wolfSSL 0:1239e9b70ca2 107 break;
wolfSSL 0:1239e9b70ca2 108 #endif
wolfSSL 0:1239e9b70ca2 109
wolfSSL 0:1239e9b70ca2 110 default:
wolfSSL 0:1239e9b70ca2 111 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 112 }
wolfSSL 0:1239e9b70ca2 113
wolfSSL 0:1239e9b70ca2 114 return ret;
wolfSSL 0:1239e9b70ca2 115 }
wolfSSL 0:1239e9b70ca2 116
wolfSSL 0:1239e9b70ca2 117
wolfSSL 0:1239e9b70ca2 118 int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
wolfSSL 0:1239e9b70ca2 119 {
wolfSSL 0:1239e9b70ca2 120 byte* ip = (byte*) hmac->ipad;
wolfSSL 0:1239e9b70ca2 121 byte* op = (byte*) hmac->opad;
wolfSSL 0:1239e9b70ca2 122 word32 i, hmac_block_size = 0;
wolfSSL 0:1239e9b70ca2 123 int ret;
wolfSSL 0:1239e9b70ca2 124
wolfSSL 0:1239e9b70ca2 125 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 126 if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
wolfSSL 0:1239e9b70ca2 127 return HmacCaviumSetKey(hmac, type, key, length);
wolfSSL 0:1239e9b70ca2 128 #endif
wolfSSL 0:1239e9b70ca2 129
wolfSSL 0:1239e9b70ca2 130 ret = InitHmac(hmac, type);
wolfSSL 0:1239e9b70ca2 131 if (ret != 0)
wolfSSL 0:1239e9b70ca2 132 return ret;
wolfSSL 0:1239e9b70ca2 133
wolfSSL 0:1239e9b70ca2 134 switch (hmac->macType) {
wolfSSL 0:1239e9b70ca2 135 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 136 case MD5:
wolfSSL 0:1239e9b70ca2 137 {
wolfSSL 0:1239e9b70ca2 138 hmac_block_size = MD5_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 139 if (length <= MD5_BLOCK_SIZE) {
wolfSSL 0:1239e9b70ca2 140 XMEMCPY(ip, key, length);
wolfSSL 0:1239e9b70ca2 141 }
wolfSSL 0:1239e9b70ca2 142 else {
wolfSSL 0:1239e9b70ca2 143 Md5Update(&hmac->hash.md5, key, length);
wolfSSL 0:1239e9b70ca2 144 Md5Final(&hmac->hash.md5, ip);
wolfSSL 0:1239e9b70ca2 145 length = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 146 }
wolfSSL 0:1239e9b70ca2 147 }
wolfSSL 0:1239e9b70ca2 148 break;
wolfSSL 0:1239e9b70ca2 149 #endif
wolfSSL 0:1239e9b70ca2 150
wolfSSL 0:1239e9b70ca2 151 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 152 case SHA:
wolfSSL 0:1239e9b70ca2 153 {
wolfSSL 0:1239e9b70ca2 154 hmac_block_size = SHA_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 155 if (length <= SHA_BLOCK_SIZE) {
wolfSSL 0:1239e9b70ca2 156 XMEMCPY(ip, key, length);
wolfSSL 0:1239e9b70ca2 157 }
wolfSSL 0:1239e9b70ca2 158 else {
wolfSSL 0:1239e9b70ca2 159 ShaUpdate(&hmac->hash.sha, key, length);
wolfSSL 0:1239e9b70ca2 160 ShaFinal(&hmac->hash.sha, ip);
wolfSSL 0:1239e9b70ca2 161 length = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 162 }
wolfSSL 0:1239e9b70ca2 163 }
wolfSSL 0:1239e9b70ca2 164 break;
wolfSSL 0:1239e9b70ca2 165 #endif
wolfSSL 0:1239e9b70ca2 166
wolfSSL 0:1239e9b70ca2 167 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 168 case SHA256:
wolfSSL 0:1239e9b70ca2 169 {
wolfSSL 0:1239e9b70ca2 170 hmac_block_size = SHA256_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 171 if (length <= SHA256_BLOCK_SIZE) {
wolfSSL 0:1239e9b70ca2 172 XMEMCPY(ip, key, length);
wolfSSL 0:1239e9b70ca2 173 }
wolfSSL 0:1239e9b70ca2 174 else {
wolfSSL 0:1239e9b70ca2 175 ret = Sha256Update(&hmac->hash.sha256, key, length);
wolfSSL 0:1239e9b70ca2 176 if (ret != 0)
wolfSSL 0:1239e9b70ca2 177 return ret;
wolfSSL 0:1239e9b70ca2 178
wolfSSL 0:1239e9b70ca2 179 ret = Sha256Final(&hmac->hash.sha256, ip);
wolfSSL 0:1239e9b70ca2 180 if (ret != 0)
wolfSSL 0:1239e9b70ca2 181 return ret;
wolfSSL 0:1239e9b70ca2 182
wolfSSL 0:1239e9b70ca2 183 length = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 184 }
wolfSSL 0:1239e9b70ca2 185 }
wolfSSL 0:1239e9b70ca2 186 break;
wolfSSL 0:1239e9b70ca2 187 #endif
wolfSSL 0:1239e9b70ca2 188
wolfSSL 0:1239e9b70ca2 189 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 190 case SHA384:
wolfSSL 0:1239e9b70ca2 191 {
wolfSSL 0:1239e9b70ca2 192 hmac_block_size = SHA384_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 193 if (length <= SHA384_BLOCK_SIZE) {
wolfSSL 0:1239e9b70ca2 194 XMEMCPY(ip, key, length);
wolfSSL 0:1239e9b70ca2 195 }
wolfSSL 0:1239e9b70ca2 196 else {
wolfSSL 0:1239e9b70ca2 197 ret = Sha384Update(&hmac->hash.sha384, key, length);
wolfSSL 0:1239e9b70ca2 198 if (ret != 0)
wolfSSL 0:1239e9b70ca2 199 return ret;
wolfSSL 0:1239e9b70ca2 200
wolfSSL 0:1239e9b70ca2 201 ret = Sha384Final(&hmac->hash.sha384, ip);
wolfSSL 0:1239e9b70ca2 202 if (ret != 0)
wolfSSL 0:1239e9b70ca2 203 return ret;
wolfSSL 0:1239e9b70ca2 204
wolfSSL 0:1239e9b70ca2 205 length = SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 206 }
wolfSSL 0:1239e9b70ca2 207 }
wolfSSL 0:1239e9b70ca2 208 break;
wolfSSL 0:1239e9b70ca2 209 #endif
wolfSSL 0:1239e9b70ca2 210
wolfSSL 0:1239e9b70ca2 211 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 212 case SHA512:
wolfSSL 0:1239e9b70ca2 213 {
wolfSSL 0:1239e9b70ca2 214 hmac_block_size = SHA512_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 215 if (length <= SHA512_BLOCK_SIZE) {
wolfSSL 0:1239e9b70ca2 216 XMEMCPY(ip, key, length);
wolfSSL 0:1239e9b70ca2 217 }
wolfSSL 0:1239e9b70ca2 218 else {
wolfSSL 0:1239e9b70ca2 219 ret = Sha512Update(&hmac->hash.sha512, key, length);
wolfSSL 0:1239e9b70ca2 220 if (ret != 0)
wolfSSL 0:1239e9b70ca2 221 return ret;
wolfSSL 0:1239e9b70ca2 222
wolfSSL 0:1239e9b70ca2 223 ret = Sha512Final(&hmac->hash.sha512, ip);
wolfSSL 0:1239e9b70ca2 224 if (ret != 0)
wolfSSL 0:1239e9b70ca2 225 return ret;
wolfSSL 0:1239e9b70ca2 226
wolfSSL 0:1239e9b70ca2 227 length = SHA512_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 228 }
wolfSSL 0:1239e9b70ca2 229 }
wolfSSL 0:1239e9b70ca2 230 break;
wolfSSL 0:1239e9b70ca2 231 #endif
wolfSSL 0:1239e9b70ca2 232
wolfSSL 0:1239e9b70ca2 233 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 234 case BLAKE2B_ID:
wolfSSL 0:1239e9b70ca2 235 {
wolfSSL 0:1239e9b70ca2 236 hmac_block_size = BLAKE2B_BLOCKBYTES;
wolfSSL 0:1239e9b70ca2 237 if (length <= BLAKE2B_BLOCKBYTES) {
wolfSSL 0:1239e9b70ca2 238 XMEMCPY(ip, key, length);
wolfSSL 0:1239e9b70ca2 239 }
wolfSSL 0:1239e9b70ca2 240 else {
wolfSSL 0:1239e9b70ca2 241 ret = Blake2bUpdate(&hmac->hash.blake2b, key, length);
wolfSSL 0:1239e9b70ca2 242 if (ret != 0)
wolfSSL 0:1239e9b70ca2 243 return ret;
wolfSSL 0:1239e9b70ca2 244
wolfSSL 0:1239e9b70ca2 245 ret = Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
wolfSSL 0:1239e9b70ca2 246 if (ret != 0)
wolfSSL 0:1239e9b70ca2 247 return ret;
wolfSSL 0:1239e9b70ca2 248
wolfSSL 0:1239e9b70ca2 249 length = BLAKE2B_256;
wolfSSL 0:1239e9b70ca2 250 }
wolfSSL 0:1239e9b70ca2 251 }
wolfSSL 0:1239e9b70ca2 252 break;
wolfSSL 0:1239e9b70ca2 253 #endif
wolfSSL 0:1239e9b70ca2 254
wolfSSL 0:1239e9b70ca2 255 default:
wolfSSL 0:1239e9b70ca2 256 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 257 }
wolfSSL 0:1239e9b70ca2 258 if (length < hmac_block_size)
wolfSSL 0:1239e9b70ca2 259 XMEMSET(ip + length, 0, hmac_block_size - length);
wolfSSL 0:1239e9b70ca2 260
wolfSSL 0:1239e9b70ca2 261 for(i = 0; i < hmac_block_size; i++) {
wolfSSL 0:1239e9b70ca2 262 op[i] = ip[i] ^ OPAD;
wolfSSL 0:1239e9b70ca2 263 ip[i] ^= IPAD;
wolfSSL 0:1239e9b70ca2 264 }
wolfSSL 0:1239e9b70ca2 265 return 0;
wolfSSL 0:1239e9b70ca2 266 }
wolfSSL 0:1239e9b70ca2 267
wolfSSL 0:1239e9b70ca2 268
wolfSSL 0:1239e9b70ca2 269 static int HmacKeyInnerHash(Hmac* hmac)
wolfSSL 0:1239e9b70ca2 270 {
wolfSSL 0:1239e9b70ca2 271 int ret = 0;
wolfSSL 0:1239e9b70ca2 272
wolfSSL 0:1239e9b70ca2 273 switch (hmac->macType) {
wolfSSL 0:1239e9b70ca2 274 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 275 case MD5:
wolfSSL 0:1239e9b70ca2 276 Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 277 break;
wolfSSL 0:1239e9b70ca2 278 #endif
wolfSSL 0:1239e9b70ca2 279
wolfSSL 0:1239e9b70ca2 280 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 281 case SHA:
wolfSSL 0:1239e9b70ca2 282 ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 283 break;
wolfSSL 0:1239e9b70ca2 284 #endif
wolfSSL 0:1239e9b70ca2 285
wolfSSL 0:1239e9b70ca2 286 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 287 case SHA256:
wolfSSL 0:1239e9b70ca2 288 ret = Sha256Update(&hmac->hash.sha256,
wolfSSL 0:1239e9b70ca2 289 (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 290 if (ret != 0)
wolfSSL 0:1239e9b70ca2 291 return ret;
wolfSSL 0:1239e9b70ca2 292 break;
wolfSSL 0:1239e9b70ca2 293 #endif
wolfSSL 0:1239e9b70ca2 294
wolfSSL 0:1239e9b70ca2 295 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 296 case SHA384:
wolfSSL 0:1239e9b70ca2 297 ret = Sha384Update(&hmac->hash.sha384,
wolfSSL 0:1239e9b70ca2 298 (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 299 if (ret != 0)
wolfSSL 0:1239e9b70ca2 300 return ret;
wolfSSL 0:1239e9b70ca2 301 break;
wolfSSL 0:1239e9b70ca2 302 #endif
wolfSSL 0:1239e9b70ca2 303
wolfSSL 0:1239e9b70ca2 304 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 305 case SHA512:
wolfSSL 0:1239e9b70ca2 306 ret = Sha512Update(&hmac->hash.sha512,
wolfSSL 0:1239e9b70ca2 307 (byte*) hmac->ipad, SHA512_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 308 if (ret != 0)
wolfSSL 0:1239e9b70ca2 309 return ret;
wolfSSL 0:1239e9b70ca2 310 break;
wolfSSL 0:1239e9b70ca2 311 #endif
wolfSSL 0:1239e9b70ca2 312
wolfSSL 0:1239e9b70ca2 313 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 314 case BLAKE2B_ID:
wolfSSL 0:1239e9b70ca2 315 ret = Blake2bUpdate(&hmac->hash.blake2b,
wolfSSL 0:1239e9b70ca2 316 (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
wolfSSL 0:1239e9b70ca2 317 if (ret != 0)
wolfSSL 0:1239e9b70ca2 318 return ret;
wolfSSL 0:1239e9b70ca2 319 break;
wolfSSL 0:1239e9b70ca2 320 #endif
wolfSSL 0:1239e9b70ca2 321
wolfSSL 0:1239e9b70ca2 322 default:
wolfSSL 0:1239e9b70ca2 323 break;
wolfSSL 0:1239e9b70ca2 324 }
wolfSSL 0:1239e9b70ca2 325
wolfSSL 0:1239e9b70ca2 326 hmac->innerHashKeyed = 1;
wolfSSL 0:1239e9b70ca2 327
wolfSSL 0:1239e9b70ca2 328 return ret;
wolfSSL 0:1239e9b70ca2 329 }
wolfSSL 0:1239e9b70ca2 330
wolfSSL 0:1239e9b70ca2 331
wolfSSL 0:1239e9b70ca2 332 int HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
wolfSSL 0:1239e9b70ca2 333 {
wolfSSL 0:1239e9b70ca2 334 int ret;
wolfSSL 0:1239e9b70ca2 335
wolfSSL 0:1239e9b70ca2 336 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 337 if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
wolfSSL 0:1239e9b70ca2 338 return HmacCaviumUpdate(hmac, msg, length);
wolfSSL 0:1239e9b70ca2 339 #endif
wolfSSL 0:1239e9b70ca2 340
wolfSSL 0:1239e9b70ca2 341 if (!hmac->innerHashKeyed) {
wolfSSL 0:1239e9b70ca2 342 ret = HmacKeyInnerHash(hmac);
wolfSSL 0:1239e9b70ca2 343 if (ret != 0)
wolfSSL 0:1239e9b70ca2 344 return ret;
wolfSSL 0:1239e9b70ca2 345 }
wolfSSL 0:1239e9b70ca2 346
wolfSSL 0:1239e9b70ca2 347 switch (hmac->macType) {
wolfSSL 0:1239e9b70ca2 348 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 349 case MD5:
wolfSSL 0:1239e9b70ca2 350 Md5Update(&hmac->hash.md5, msg, length);
wolfSSL 0:1239e9b70ca2 351 break;
wolfSSL 0:1239e9b70ca2 352 #endif
wolfSSL 0:1239e9b70ca2 353
wolfSSL 0:1239e9b70ca2 354 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 355 case SHA:
wolfSSL 0:1239e9b70ca2 356 ShaUpdate(&hmac->hash.sha, msg, length);
wolfSSL 0:1239e9b70ca2 357 break;
wolfSSL 0:1239e9b70ca2 358 #endif
wolfSSL 0:1239e9b70ca2 359
wolfSSL 0:1239e9b70ca2 360 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 361 case SHA256:
wolfSSL 0:1239e9b70ca2 362 ret = Sha256Update(&hmac->hash.sha256, msg, length);
wolfSSL 0:1239e9b70ca2 363 if (ret != 0)
wolfSSL 0:1239e9b70ca2 364 return ret;
wolfSSL 0:1239e9b70ca2 365 break;
wolfSSL 0:1239e9b70ca2 366 #endif
wolfSSL 0:1239e9b70ca2 367
wolfSSL 0:1239e9b70ca2 368 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 369 case SHA384:
wolfSSL 0:1239e9b70ca2 370 ret = Sha384Update(&hmac->hash.sha384, msg, length);
wolfSSL 0:1239e9b70ca2 371 if (ret != 0)
wolfSSL 0:1239e9b70ca2 372 return ret;
wolfSSL 0:1239e9b70ca2 373 break;
wolfSSL 0:1239e9b70ca2 374 #endif
wolfSSL 0:1239e9b70ca2 375
wolfSSL 0:1239e9b70ca2 376 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 377 case SHA512:
wolfSSL 0:1239e9b70ca2 378 ret = Sha512Update(&hmac->hash.sha512, msg, length);
wolfSSL 0:1239e9b70ca2 379 if (ret != 0)
wolfSSL 0:1239e9b70ca2 380 return ret;
wolfSSL 0:1239e9b70ca2 381 break;
wolfSSL 0:1239e9b70ca2 382 #endif
wolfSSL 0:1239e9b70ca2 383
wolfSSL 0:1239e9b70ca2 384 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 385 case BLAKE2B_ID:
wolfSSL 0:1239e9b70ca2 386 ret = Blake2bUpdate(&hmac->hash.blake2b, msg, length);
wolfSSL 0:1239e9b70ca2 387 if (ret != 0)
wolfSSL 0:1239e9b70ca2 388 return ret;
wolfSSL 0:1239e9b70ca2 389 break;
wolfSSL 0:1239e9b70ca2 390 #endif
wolfSSL 0:1239e9b70ca2 391
wolfSSL 0:1239e9b70ca2 392 default:
wolfSSL 0:1239e9b70ca2 393 break;
wolfSSL 0:1239e9b70ca2 394 }
wolfSSL 0:1239e9b70ca2 395
wolfSSL 0:1239e9b70ca2 396 return 0;
wolfSSL 0:1239e9b70ca2 397 }
wolfSSL 0:1239e9b70ca2 398
wolfSSL 0:1239e9b70ca2 399
wolfSSL 0:1239e9b70ca2 400 int HmacFinal(Hmac* hmac, byte* hash)
wolfSSL 0:1239e9b70ca2 401 {
wolfSSL 0:1239e9b70ca2 402 int ret;
wolfSSL 0:1239e9b70ca2 403
wolfSSL 0:1239e9b70ca2 404 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 405 if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
wolfSSL 0:1239e9b70ca2 406 return HmacCaviumFinal(hmac, hash);
wolfSSL 0:1239e9b70ca2 407 #endif
wolfSSL 0:1239e9b70ca2 408
wolfSSL 0:1239e9b70ca2 409 if (!hmac->innerHashKeyed) {
wolfSSL 0:1239e9b70ca2 410 ret = HmacKeyInnerHash(hmac);
wolfSSL 0:1239e9b70ca2 411 if (ret != 0)
wolfSSL 0:1239e9b70ca2 412 return ret;
wolfSSL 0:1239e9b70ca2 413 }
wolfSSL 0:1239e9b70ca2 414
wolfSSL 0:1239e9b70ca2 415 switch (hmac->macType) {
wolfSSL 0:1239e9b70ca2 416 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 417 case MD5:
wolfSSL 0:1239e9b70ca2 418 {
wolfSSL 0:1239e9b70ca2 419 Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
wolfSSL 0:1239e9b70ca2 420
wolfSSL 0:1239e9b70ca2 421 Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 422 Md5Update(&hmac->hash.md5,
wolfSSL 0:1239e9b70ca2 423 (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 424
wolfSSL 0:1239e9b70ca2 425 Md5Final(&hmac->hash.md5, hash);
wolfSSL 0:1239e9b70ca2 426 }
wolfSSL 0:1239e9b70ca2 427 break;
wolfSSL 0:1239e9b70ca2 428 #endif
wolfSSL 0:1239e9b70ca2 429
wolfSSL 0:1239e9b70ca2 430 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 431 case SHA:
wolfSSL 0:1239e9b70ca2 432 {
wolfSSL 0:1239e9b70ca2 433 ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
wolfSSL 0:1239e9b70ca2 434
wolfSSL 0:1239e9b70ca2 435 ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 436 ShaUpdate(&hmac->hash.sha,
wolfSSL 0:1239e9b70ca2 437 (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 438
wolfSSL 0:1239e9b70ca2 439 ShaFinal(&hmac->hash.sha, hash);
wolfSSL 0:1239e9b70ca2 440 }
wolfSSL 0:1239e9b70ca2 441 break;
wolfSSL 0:1239e9b70ca2 442 #endif
wolfSSL 0:1239e9b70ca2 443
wolfSSL 0:1239e9b70ca2 444 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 445 case SHA256:
wolfSSL 0:1239e9b70ca2 446 {
wolfSSL 0:1239e9b70ca2 447 ret = Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
wolfSSL 0:1239e9b70ca2 448 if (ret != 0)
wolfSSL 0:1239e9b70ca2 449 return ret;
wolfSSL 0:1239e9b70ca2 450
wolfSSL 0:1239e9b70ca2 451 ret = Sha256Update(&hmac->hash.sha256,
wolfSSL 0:1239e9b70ca2 452 (byte*) hmac->opad, SHA256_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 453 if (ret != 0)
wolfSSL 0:1239e9b70ca2 454 return ret;
wolfSSL 0:1239e9b70ca2 455
wolfSSL 0:1239e9b70ca2 456 ret = Sha256Update(&hmac->hash.sha256,
wolfSSL 0:1239e9b70ca2 457 (byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 458 if (ret != 0)
wolfSSL 0:1239e9b70ca2 459 return ret;
wolfSSL 0:1239e9b70ca2 460
wolfSSL 0:1239e9b70ca2 461 ret = Sha256Final(&hmac->hash.sha256, hash);
wolfSSL 0:1239e9b70ca2 462 if (ret != 0)
wolfSSL 0:1239e9b70ca2 463 return ret;
wolfSSL 0:1239e9b70ca2 464 }
wolfSSL 0:1239e9b70ca2 465 break;
wolfSSL 0:1239e9b70ca2 466 #endif
wolfSSL 0:1239e9b70ca2 467
wolfSSL 0:1239e9b70ca2 468 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 469 case SHA384:
wolfSSL 0:1239e9b70ca2 470 {
wolfSSL 0:1239e9b70ca2 471 ret = Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
wolfSSL 0:1239e9b70ca2 472 if (ret != 0)
wolfSSL 0:1239e9b70ca2 473 return ret;
wolfSSL 0:1239e9b70ca2 474
wolfSSL 0:1239e9b70ca2 475 ret = Sha384Update(&hmac->hash.sha384,
wolfSSL 0:1239e9b70ca2 476 (byte*) hmac->opad, SHA384_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 477 if (ret != 0)
wolfSSL 0:1239e9b70ca2 478 return ret;
wolfSSL 0:1239e9b70ca2 479
wolfSSL 0:1239e9b70ca2 480 ret = Sha384Update(&hmac->hash.sha384,
wolfSSL 0:1239e9b70ca2 481 (byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 482 if (ret != 0)
wolfSSL 0:1239e9b70ca2 483 return ret;
wolfSSL 0:1239e9b70ca2 484
wolfSSL 0:1239e9b70ca2 485 ret = Sha384Final(&hmac->hash.sha384, hash);
wolfSSL 0:1239e9b70ca2 486 if (ret != 0)
wolfSSL 0:1239e9b70ca2 487 return ret;
wolfSSL 0:1239e9b70ca2 488 }
wolfSSL 0:1239e9b70ca2 489 break;
wolfSSL 0:1239e9b70ca2 490 #endif
wolfSSL 0:1239e9b70ca2 491
wolfSSL 0:1239e9b70ca2 492 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 493 case SHA512:
wolfSSL 0:1239e9b70ca2 494 {
wolfSSL 0:1239e9b70ca2 495 ret = Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
wolfSSL 0:1239e9b70ca2 496 if (ret != 0)
wolfSSL 0:1239e9b70ca2 497 return ret;
wolfSSL 0:1239e9b70ca2 498
wolfSSL 0:1239e9b70ca2 499 ret = Sha512Update(&hmac->hash.sha512,
wolfSSL 0:1239e9b70ca2 500 (byte*) hmac->opad, SHA512_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 501 if (ret != 0)
wolfSSL 0:1239e9b70ca2 502 return ret;
wolfSSL 0:1239e9b70ca2 503
wolfSSL 0:1239e9b70ca2 504 ret = Sha512Update(&hmac->hash.sha512,
wolfSSL 0:1239e9b70ca2 505 (byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 506 if (ret != 0)
wolfSSL 0:1239e9b70ca2 507 return ret;
wolfSSL 0:1239e9b70ca2 508
wolfSSL 0:1239e9b70ca2 509 ret = Sha512Final(&hmac->hash.sha512, hash);
wolfSSL 0:1239e9b70ca2 510 if (ret != 0)
wolfSSL 0:1239e9b70ca2 511 return ret;
wolfSSL 0:1239e9b70ca2 512 }
wolfSSL 0:1239e9b70ca2 513 break;
wolfSSL 0:1239e9b70ca2 514 #endif
wolfSSL 0:1239e9b70ca2 515
wolfSSL 0:1239e9b70ca2 516 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 517 case BLAKE2B_ID:
wolfSSL 0:1239e9b70ca2 518 {
wolfSSL 0:1239e9b70ca2 519 ret = Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
wolfSSL 0:1239e9b70ca2 520 BLAKE2B_256);
wolfSSL 0:1239e9b70ca2 521 if (ret != 0)
wolfSSL 0:1239e9b70ca2 522 return ret;
wolfSSL 0:1239e9b70ca2 523
wolfSSL 0:1239e9b70ca2 524 ret = Blake2bUpdate(&hmac->hash.blake2b,
wolfSSL 0:1239e9b70ca2 525 (byte*) hmac->opad, BLAKE2B_BLOCKBYTES);
wolfSSL 0:1239e9b70ca2 526 if (ret != 0)
wolfSSL 0:1239e9b70ca2 527 return ret;
wolfSSL 0:1239e9b70ca2 528
wolfSSL 0:1239e9b70ca2 529 ret = Blake2bUpdate(&hmac->hash.blake2b,
wolfSSL 0:1239e9b70ca2 530 (byte*) hmac->innerHash, BLAKE2B_256);
wolfSSL 0:1239e9b70ca2 531 if (ret != 0)
wolfSSL 0:1239e9b70ca2 532 return ret;
wolfSSL 0:1239e9b70ca2 533
wolfSSL 0:1239e9b70ca2 534 ret = Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
wolfSSL 0:1239e9b70ca2 535 if (ret != 0)
wolfSSL 0:1239e9b70ca2 536 return ret;
wolfSSL 0:1239e9b70ca2 537 }
wolfSSL 0:1239e9b70ca2 538 break;
wolfSSL 0:1239e9b70ca2 539 #endif
wolfSSL 0:1239e9b70ca2 540
wolfSSL 0:1239e9b70ca2 541 default:
wolfSSL 0:1239e9b70ca2 542 break;
wolfSSL 0:1239e9b70ca2 543 }
wolfSSL 0:1239e9b70ca2 544
wolfSSL 0:1239e9b70ca2 545 hmac->innerHashKeyed = 0;
wolfSSL 0:1239e9b70ca2 546
wolfSSL 0:1239e9b70ca2 547 return 0;
wolfSSL 0:1239e9b70ca2 548 }
wolfSSL 0:1239e9b70ca2 549
wolfSSL 0:1239e9b70ca2 550
wolfSSL 0:1239e9b70ca2 551 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 552
wolfSSL 0:1239e9b70ca2 553 /* Initiliaze Hmac for use with Nitrox device */
wolfSSL 0:1239e9b70ca2 554 int HmacInitCavium(Hmac* hmac, int devId)
wolfSSL 0:1239e9b70ca2 555 {
wolfSSL 0:1239e9b70ca2 556 if (hmac == NULL)
wolfSSL 0:1239e9b70ca2 557 return -1;
wolfSSL 0:1239e9b70ca2 558
wolfSSL 0:1239e9b70ca2 559 if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0)
wolfSSL 0:1239e9b70ca2 560 return -1;
wolfSSL 0:1239e9b70ca2 561
wolfSSL 0:1239e9b70ca2 562 hmac->keyLen = 0;
wolfSSL 0:1239e9b70ca2 563 hmac->dataLen = 0;
wolfSSL 0:1239e9b70ca2 564 hmac->type = 0;
wolfSSL 0:1239e9b70ca2 565 hmac->devId = devId;
wolfSSL 0:1239e9b70ca2 566 hmac->magic = CYASSL_HMAC_CAVIUM_MAGIC;
wolfSSL 0:1239e9b70ca2 567 hmac->data = NULL; /* buffered input data */
wolfSSL 0:1239e9b70ca2 568
wolfSSL 0:1239e9b70ca2 569 hmac->innerHashKeyed = 0;
wolfSSL 0:1239e9b70ca2 570
wolfSSL 0:1239e9b70ca2 571 return 0;
wolfSSL 0:1239e9b70ca2 572 }
wolfSSL 0:1239e9b70ca2 573
wolfSSL 0:1239e9b70ca2 574
wolfSSL 0:1239e9b70ca2 575 /* Free Hmac from use with Nitrox device */
wolfSSL 0:1239e9b70ca2 576 void HmacFreeCavium(Hmac* hmac)
wolfSSL 0:1239e9b70ca2 577 {
wolfSSL 0:1239e9b70ca2 578 if (hmac == NULL)
wolfSSL 0:1239e9b70ca2 579 return;
wolfSSL 0:1239e9b70ca2 580
wolfSSL 0:1239e9b70ca2 581 CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId);
wolfSSL 0:1239e9b70ca2 582 hmac->magic = 0;
wolfSSL 0:1239e9b70ca2 583 XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
wolfSSL 0:1239e9b70ca2 584 hmac->data = NULL;
wolfSSL 0:1239e9b70ca2 585 }
wolfSSL 0:1239e9b70ca2 586
wolfSSL 0:1239e9b70ca2 587
wolfSSL 0:1239e9b70ca2 588 static void HmacCaviumFinal(Hmac* hmac, byte* hash)
wolfSSL 0:1239e9b70ca2 589 {
wolfSSL 0:1239e9b70ca2 590 word32 requestId;
wolfSSL 0:1239e9b70ca2 591
wolfSSL 0:1239e9b70ca2 592 if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
wolfSSL 0:1239e9b70ca2 593 (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
wolfSSL 0:1239e9b70ca2 594 hmac->devId) != 0) {
wolfSSL 0:1239e9b70ca2 595 CYASSL_MSG("Cavium Hmac failed");
wolfSSL 0:1239e9b70ca2 596 }
wolfSSL 0:1239e9b70ca2 597 hmac->innerHashKeyed = 0; /* tell update to start over if used again */
wolfSSL 0:1239e9b70ca2 598 }
wolfSSL 0:1239e9b70ca2 599
wolfSSL 0:1239e9b70ca2 600
wolfSSL 0:1239e9b70ca2 601 static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
wolfSSL 0:1239e9b70ca2 602 {
wolfSSL 0:1239e9b70ca2 603 word16 add = (word16)length;
wolfSSL 0:1239e9b70ca2 604 word32 total;
wolfSSL 0:1239e9b70ca2 605 byte* tmp;
wolfSSL 0:1239e9b70ca2 606
wolfSSL 0:1239e9b70ca2 607 if (length > CYASSL_MAX_16BIT) {
wolfSSL 0:1239e9b70ca2 608 CYASSL_MSG("Too big msg for cavium hmac");
wolfSSL 0:1239e9b70ca2 609 return;
wolfSSL 0:1239e9b70ca2 610 }
wolfSSL 0:1239e9b70ca2 611
wolfSSL 0:1239e9b70ca2 612 if (hmac->innerHashKeyed == 0) { /* starting new */
wolfSSL 0:1239e9b70ca2 613 hmac->dataLen = 0;
wolfSSL 0:1239e9b70ca2 614 hmac->innerHashKeyed = 1;
wolfSSL 0:1239e9b70ca2 615 }
wolfSSL 0:1239e9b70ca2 616
wolfSSL 0:1239e9b70ca2 617 total = add + hmac->dataLen;
wolfSSL 0:1239e9b70ca2 618 if (total > CYASSL_MAX_16BIT) {
wolfSSL 0:1239e9b70ca2 619 CYASSL_MSG("Too big msg for cavium hmac");
wolfSSL 0:1239e9b70ca2 620 return;
wolfSSL 0:1239e9b70ca2 621 }
wolfSSL 0:1239e9b70ca2 622
wolfSSL 0:1239e9b70ca2 623 tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP);
wolfSSL 0:1239e9b70ca2 624 if (tmp == NULL) {
wolfSSL 0:1239e9b70ca2 625 CYASSL_MSG("Out of memory for cavium update");
wolfSSL 0:1239e9b70ca2 626 return;
wolfSSL 0:1239e9b70ca2 627 }
wolfSSL 0:1239e9b70ca2 628 if (hmac->dataLen)
wolfSSL 0:1239e9b70ca2 629 XMEMCPY(tmp, hmac->data, hmac->dataLen);
wolfSSL 0:1239e9b70ca2 630 XMEMCPY(tmp + hmac->dataLen, msg, add);
wolfSSL 0:1239e9b70ca2 631
wolfSSL 0:1239e9b70ca2 632 hmac->dataLen += add;
wolfSSL 0:1239e9b70ca2 633 XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
wolfSSL 0:1239e9b70ca2 634 hmac->data = tmp;
wolfSSL 0:1239e9b70ca2 635 }
wolfSSL 0:1239e9b70ca2 636
wolfSSL 0:1239e9b70ca2 637
wolfSSL 0:1239e9b70ca2 638 static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
wolfSSL 0:1239e9b70ca2 639 word32 length)
wolfSSL 0:1239e9b70ca2 640 {
wolfSSL 0:1239e9b70ca2 641 hmac->macType = (byte)type;
wolfSSL 0:1239e9b70ca2 642 if (type == MD5)
wolfSSL 0:1239e9b70ca2 643 hmac->type = MD5_TYPE;
wolfSSL 0:1239e9b70ca2 644 else if (type == SHA)
wolfSSL 0:1239e9b70ca2 645 hmac->type = SHA1_TYPE;
wolfSSL 0:1239e9b70ca2 646 else if (type == SHA256)
wolfSSL 0:1239e9b70ca2 647 hmac->type = SHA256_TYPE;
wolfSSL 0:1239e9b70ca2 648 else {
wolfSSL 0:1239e9b70ca2 649 CYASSL_MSG("unsupported cavium hmac type");
wolfSSL 0:1239e9b70ca2 650 }
wolfSSL 0:1239e9b70ca2 651
wolfSSL 0:1239e9b70ca2 652 hmac->innerHashKeyed = 0; /* should we key Startup flag */
wolfSSL 0:1239e9b70ca2 653
wolfSSL 0:1239e9b70ca2 654 hmac->keyLen = (word16)length;
wolfSSL 0:1239e9b70ca2 655 /* store key in ipad */
wolfSSL 0:1239e9b70ca2 656 XMEMCPY(hmac->ipad, key, length);
wolfSSL 0:1239e9b70ca2 657 }
wolfSSL 0:1239e9b70ca2 658
wolfSSL 0:1239e9b70ca2 659 #endif /* HAVE_CAVIUM */
wolfSSL 0:1239e9b70ca2 660
wolfSSL 0:1239e9b70ca2 661 int CyaSSL_GetHmacMaxSize(void)
wolfSSL 0:1239e9b70ca2 662 {
wolfSSL 0:1239e9b70ca2 663 return MAX_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 664 }
wolfSSL 0:1239e9b70ca2 665
wolfSSL 0:1239e9b70ca2 666 #ifdef HAVE_HKDF
wolfSSL 0:1239e9b70ca2 667
wolfSSL 0:1239e9b70ca2 668 #ifndef min
wolfSSL 0:1239e9b70ca2 669
wolfSSL 0:1239e9b70ca2 670 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 671 {
wolfSSL 0:1239e9b70ca2 672 return a > b ? b : a;
wolfSSL 0:1239e9b70ca2 673 }
wolfSSL 0:1239e9b70ca2 674
wolfSSL 0:1239e9b70ca2 675 #endif /* min */
wolfSSL 0:1239e9b70ca2 676
wolfSSL 0:1239e9b70ca2 677
wolfSSL 0:1239e9b70ca2 678 static INLINE int GetHashSizeByType(int type)
wolfSSL 0:1239e9b70ca2 679 {
wolfSSL 0:1239e9b70ca2 680 if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
wolfSSL 0:1239e9b70ca2 681 || type == SHA512 || type == BLAKE2B_ID))
wolfSSL 0:1239e9b70ca2 682 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 683
wolfSSL 0:1239e9b70ca2 684 switch (type) {
wolfSSL 0:1239e9b70ca2 685 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 686 case MD5:
wolfSSL 0:1239e9b70ca2 687 return MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 688 break;
wolfSSL 0:1239e9b70ca2 689 #endif
wolfSSL 0:1239e9b70ca2 690
wolfSSL 0:1239e9b70ca2 691 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 692 case SHA:
wolfSSL 0:1239e9b70ca2 693 return SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 694 break;
wolfSSL 0:1239e9b70ca2 695 #endif
wolfSSL 0:1239e9b70ca2 696
wolfSSL 0:1239e9b70ca2 697 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 698 case SHA256:
wolfSSL 0:1239e9b70ca2 699 return SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 700 break;
wolfSSL 0:1239e9b70ca2 701 #endif
wolfSSL 0:1239e9b70ca2 702
wolfSSL 0:1239e9b70ca2 703 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 704 case SHA384:
wolfSSL 0:1239e9b70ca2 705 return SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 706 break;
wolfSSL 0:1239e9b70ca2 707 #endif
wolfSSL 0:1239e9b70ca2 708
wolfSSL 0:1239e9b70ca2 709 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 710 case SHA512:
wolfSSL 0:1239e9b70ca2 711 return SHA512_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 712 break;
wolfSSL 0:1239e9b70ca2 713 #endif
wolfSSL 0:1239e9b70ca2 714
wolfSSL 0:1239e9b70ca2 715 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 716 case BLAKE2B_ID:
wolfSSL 0:1239e9b70ca2 717 return BLAKE2B_OUTBYTES;
wolfSSL 0:1239e9b70ca2 718 break;
wolfSSL 0:1239e9b70ca2 719 #endif
wolfSSL 0:1239e9b70ca2 720
wolfSSL 0:1239e9b70ca2 721 default:
wolfSSL 0:1239e9b70ca2 722 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 723 break;
wolfSSL 0:1239e9b70ca2 724 }
wolfSSL 0:1239e9b70ca2 725 }
wolfSSL 0:1239e9b70ca2 726
wolfSSL 0:1239e9b70ca2 727
wolfSSL 0:1239e9b70ca2 728 /* HMAC-KDF with hash type, optional salt and info, return 0 on success */
wolfSSL 0:1239e9b70ca2 729 int HKDF(int type, const byte* inKey, word32 inKeySz,
wolfSSL 0:1239e9b70ca2 730 const byte* salt, word32 saltSz,
wolfSSL 0:1239e9b70ca2 731 const byte* info, word32 infoSz,
wolfSSL 0:1239e9b70ca2 732 byte* out, word32 outSz)
wolfSSL 0:1239e9b70ca2 733 {
wolfSSL 0:1239e9b70ca2 734 Hmac myHmac;
wolfSSL 0:1239e9b70ca2 735 #ifdef CYASSL_SMALL_STACK
wolfSSL 0:1239e9b70ca2 736 byte* tmp;
wolfSSL 0:1239e9b70ca2 737 byte* prk;
wolfSSL 0:1239e9b70ca2 738 #else
wolfSSL 0:1239e9b70ca2 739 byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
wolfSSL 0:1239e9b70ca2 740 byte prk[MAX_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 741 #endif
wolfSSL 0:1239e9b70ca2 742 const byte* localSalt; /* either points to user input or tmp */
wolfSSL 0:1239e9b70ca2 743 int hashSz = GetHashSizeByType(type);
wolfSSL 0:1239e9b70ca2 744 word32 outIdx = 0;
wolfSSL 0:1239e9b70ca2 745 byte n = 0x1;
wolfSSL 0:1239e9b70ca2 746 int ret;
wolfSSL 0:1239e9b70ca2 747
wolfSSL 0:1239e9b70ca2 748 if (hashSz < 0)
wolfSSL 0:1239e9b70ca2 749 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 750
wolfSSL 0:1239e9b70ca2 751 #ifdef CYASSL_SMALL_STACK
wolfSSL 0:1239e9b70ca2 752 tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 753 if (tmp == NULL)
wolfSSL 0:1239e9b70ca2 754 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 755
wolfSSL 0:1239e9b70ca2 756 prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 757 if (prk == NULL) {
wolfSSL 0:1239e9b70ca2 758 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 759 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 760 }
wolfSSL 0:1239e9b70ca2 761 #endif
wolfSSL 0:1239e9b70ca2 762
wolfSSL 0:1239e9b70ca2 763 localSalt = salt;
wolfSSL 0:1239e9b70ca2 764 if (localSalt == NULL) {
wolfSSL 0:1239e9b70ca2 765 XMEMSET(tmp, 0, hashSz);
wolfSSL 0:1239e9b70ca2 766 localSalt = tmp;
wolfSSL 0:1239e9b70ca2 767 saltSz = hashSz;
wolfSSL 0:1239e9b70ca2 768 }
wolfSSL 0:1239e9b70ca2 769
wolfSSL 0:1239e9b70ca2 770 do {
wolfSSL 0:1239e9b70ca2 771 ret = HmacSetKey(&myHmac, type, localSalt, saltSz);
wolfSSL 0:1239e9b70ca2 772 if (ret != 0)
wolfSSL 0:1239e9b70ca2 773 break;
wolfSSL 0:1239e9b70ca2 774 ret = HmacUpdate(&myHmac, inKey, inKeySz);
wolfSSL 0:1239e9b70ca2 775 if (ret != 0)
wolfSSL 0:1239e9b70ca2 776 break;
wolfSSL 0:1239e9b70ca2 777 ret = HmacFinal(&myHmac, prk);
wolfSSL 0:1239e9b70ca2 778 } while (0);
wolfSSL 0:1239e9b70ca2 779
wolfSSL 0:1239e9b70ca2 780 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 781 while (outIdx < outSz) {
wolfSSL 0:1239e9b70ca2 782 int tmpSz = (n == 1) ? 0 : hashSz;
wolfSSL 0:1239e9b70ca2 783 word32 left = outSz - outIdx;
wolfSSL 0:1239e9b70ca2 784
wolfSSL 0:1239e9b70ca2 785 ret = HmacSetKey(&myHmac, type, prk, hashSz);
wolfSSL 0:1239e9b70ca2 786 if (ret != 0)
wolfSSL 0:1239e9b70ca2 787 break;
wolfSSL 0:1239e9b70ca2 788 ret = HmacUpdate(&myHmac, tmp, tmpSz);
wolfSSL 0:1239e9b70ca2 789 if (ret != 0)
wolfSSL 0:1239e9b70ca2 790 break;
wolfSSL 0:1239e9b70ca2 791 ret = HmacUpdate(&myHmac, info, infoSz);
wolfSSL 0:1239e9b70ca2 792 if (ret != 0)
wolfSSL 0:1239e9b70ca2 793 break;
wolfSSL 0:1239e9b70ca2 794 ret = HmacUpdate(&myHmac, &n, 1);
wolfSSL 0:1239e9b70ca2 795 if (ret != 0)
wolfSSL 0:1239e9b70ca2 796 break;
wolfSSL 0:1239e9b70ca2 797 ret = HmacFinal(&myHmac, tmp);
wolfSSL 0:1239e9b70ca2 798 if (ret != 0)
wolfSSL 0:1239e9b70ca2 799 break;
wolfSSL 0:1239e9b70ca2 800
wolfSSL 0:1239e9b70ca2 801 left = min(left, (word32)hashSz);
wolfSSL 0:1239e9b70ca2 802 XMEMCPY(out+outIdx, tmp, left);
wolfSSL 0:1239e9b70ca2 803
wolfSSL 0:1239e9b70ca2 804 outIdx += hashSz;
wolfSSL 0:1239e9b70ca2 805 n++;
wolfSSL 0:1239e9b70ca2 806 }
wolfSSL 0:1239e9b70ca2 807 }
wolfSSL 0:1239e9b70ca2 808
wolfSSL 0:1239e9b70ca2 809 #ifdef CYASSL_SMALL_STACK
wolfSSL 0:1239e9b70ca2 810 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 811 XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 812 #endif
wolfSSL 0:1239e9b70ca2 813
wolfSSL 0:1239e9b70ca2 814 return ret;
wolfSSL 0:1239e9b70ca2 815 }
wolfSSL 0:1239e9b70ca2 816
wolfSSL 0:1239e9b70ca2 817 #endif /* HAVE_HKDF */
wolfSSL 0:1239e9b70ca2 818
wolfSSL 0:1239e9b70ca2 819 #endif /* NO_HMAC */
wolfSSL 0:1239e9b70ca2 820
wolfSSL 0:1239e9b70ca2 821