Xuyi Wang
/
wolfSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
wolfcrypt/src/hmac.c@4:1b0d80432c79, 2016-04-28 (annotated)
- Committer:
- wolfSSL
- Date:
- Thu Apr 28 00:57:21 2016 +0000
- Revision:
- 4:1b0d80432c79
wolfSSL 3.9.0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wolfSSL | 4:1b0d80432c79 | 1 | /* hmac.h |
| wolfSSL | 4:1b0d80432c79 | 2 | * |
| wolfSSL | 4:1b0d80432c79 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
| wolfSSL | 4:1b0d80432c79 | 4 | * |
| wolfSSL | 4:1b0d80432c79 | 5 | * This file is part of wolfSSL. |
| wolfSSL | 4:1b0d80432c79 | 6 | * |
| wolfSSL | 4:1b0d80432c79 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| wolfSSL | 4:1b0d80432c79 | 8 | * it under the terms of the GNU General Public License as published by |
| wolfSSL | 4:1b0d80432c79 | 9 | * the Free Software Foundation; either version 2 of the License, or |
| wolfSSL | 4:1b0d80432c79 | 10 | * (at your option) any later version. |
| wolfSSL | 4:1b0d80432c79 | 11 | * |
| wolfSSL | 4:1b0d80432c79 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| wolfSSL | 4:1b0d80432c79 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| wolfSSL | 4:1b0d80432c79 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| wolfSSL | 4:1b0d80432c79 | 15 | * GNU General Public License for more details. |
| wolfSSL | 4:1b0d80432c79 | 16 | * |
| wolfSSL | 4:1b0d80432c79 | 17 | * You should have received a copy of the GNU General Public License |
| wolfSSL | 4:1b0d80432c79 | 18 | * along with this program; if not, write to the Free Software |
| wolfSSL | 4:1b0d80432c79 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| wolfSSL | 4:1b0d80432c79 | 20 | */ |
| wolfSSL | 4:1b0d80432c79 | 21 | |
| wolfSSL | 4:1b0d80432c79 | 22 | |
| wolfSSL | 4:1b0d80432c79 | 23 | #ifdef HAVE_CONFIG_H |
| wolfSSL | 4:1b0d80432c79 | 24 | #include <config.h> |
| wolfSSL | 4:1b0d80432c79 | 25 | #endif |
| wolfSSL | 4:1b0d80432c79 | 26 | |
| wolfSSL | 4:1b0d80432c79 | 27 | #include <wolfssl/wolfcrypt/settings.h> |
| wolfSSL | 4:1b0d80432c79 | 28 | |
| wolfSSL | 4:1b0d80432c79 | 29 | #ifndef NO_HMAC |
| wolfSSL | 4:1b0d80432c79 | 30 | |
| wolfSSL | 4:1b0d80432c79 | 31 | #include <wolfssl/wolfcrypt/hmac.h> |
| wolfSSL | 4:1b0d80432c79 | 32 | |
| wolfSSL | 4:1b0d80432c79 | 33 | #ifdef HAVE_FIPS |
| wolfSSL | 4:1b0d80432c79 | 34 | /* does init */ |
| wolfSSL | 4:1b0d80432c79 | 35 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz) |
| wolfSSL | 4:1b0d80432c79 | 36 | { |
| wolfSSL | 4:1b0d80432c79 | 37 | return HmacSetKey_fips(hmac, type, key, keySz); |
| wolfSSL | 4:1b0d80432c79 | 38 | } |
| wolfSSL | 4:1b0d80432c79 | 39 | |
| wolfSSL | 4:1b0d80432c79 | 40 | |
| wolfSSL | 4:1b0d80432c79 | 41 | int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz) |
| wolfSSL | 4:1b0d80432c79 | 42 | { |
| wolfSSL | 4:1b0d80432c79 | 43 | return HmacUpdate_fips(hmac, in, sz); |
| wolfSSL | 4:1b0d80432c79 | 44 | } |
| wolfSSL | 4:1b0d80432c79 | 45 | |
| wolfSSL | 4:1b0d80432c79 | 46 | |
| wolfSSL | 4:1b0d80432c79 | 47 | int wc_HmacFinal(Hmac* hmac, byte* out) |
| wolfSSL | 4:1b0d80432c79 | 48 | { |
| wolfSSL | 4:1b0d80432c79 | 49 | return HmacFinal_fips(hmac, out); |
| wolfSSL | 4:1b0d80432c79 | 50 | } |
| wolfSSL | 4:1b0d80432c79 | 51 | |
| wolfSSL | 4:1b0d80432c79 | 52 | |
| wolfSSL | 4:1b0d80432c79 | 53 | #ifdef HAVE_CAVIUM |
| wolfSSL | 4:1b0d80432c79 | 54 | int wc_HmacInitCavium(Hmac* hmac, int i) |
| wolfSSL | 4:1b0d80432c79 | 55 | { |
| wolfSSL | 4:1b0d80432c79 | 56 | return HmacInitCavium(hmac, i); |
| wolfSSL | 4:1b0d80432c79 | 57 | } |
| wolfSSL | 4:1b0d80432c79 | 58 | |
| wolfSSL | 4:1b0d80432c79 | 59 | |
| wolfSSL | 4:1b0d80432c79 | 60 | void wc_HmacFreeCavium(Hmac* hmac) |
| wolfSSL | 4:1b0d80432c79 | 61 | { |
| wolfSSL | 4:1b0d80432c79 | 62 | HmacFreeCavium(hmac); |
| wolfSSL | 4:1b0d80432c79 | 63 | } |
| wolfSSL | 4:1b0d80432c79 | 64 | #endif |
| wolfSSL | 4:1b0d80432c79 | 65 | |
| wolfSSL | 4:1b0d80432c79 | 66 | int wolfSSL_GetHmacMaxSize(void) |
| wolfSSL | 4:1b0d80432c79 | 67 | { |
| wolfSSL | 4:1b0d80432c79 | 68 | return CyaSSL_GetHmacMaxSize(); |
| wolfSSL | 4:1b0d80432c79 | 69 | } |
| wolfSSL | 4:1b0d80432c79 | 70 | |
| wolfSSL | 4:1b0d80432c79 | 71 | #ifdef HAVE_HKDF |
| wolfSSL | 4:1b0d80432c79 | 72 | |
| wolfSSL | 4:1b0d80432c79 | 73 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz, |
| wolfSSL | 4:1b0d80432c79 | 74 | const byte* salt, word32 saltSz, |
| wolfSSL | 4:1b0d80432c79 | 75 | const byte* info, word32 infoSz, |
| wolfSSL | 4:1b0d80432c79 | 76 | byte* out, word32 outSz) |
| wolfSSL | 4:1b0d80432c79 | 77 | { |
| wolfSSL | 4:1b0d80432c79 | 78 | return HKDF(type, inKey, inKeySz, salt, saltSz, info, infoSz, out, outSz); |
| wolfSSL | 4:1b0d80432c79 | 79 | } |
| wolfSSL | 4:1b0d80432c79 | 80 | |
| wolfSSL | 4:1b0d80432c79 | 81 | |
| wolfSSL | 4:1b0d80432c79 | 82 | #endif /* HAVE_HKDF */ |
| wolfSSL | 4:1b0d80432c79 | 83 | #else /* else build without fips */ |
| wolfSSL | 4:1b0d80432c79 | 84 | #ifdef WOLFSSL_PIC32MZ_HASH |
| wolfSSL | 4:1b0d80432c79 | 85 | |
| wolfSSL | 4:1b0d80432c79 | 86 | #define wc_InitMd5 wc_InitMd5_sw |
| wolfSSL | 4:1b0d80432c79 | 87 | #define wc_Md5Update wc_Md5Update_sw |
| wolfSSL | 4:1b0d80432c79 | 88 | #define wc_Md5Final wc_Md5Final_sw |
| wolfSSL | 4:1b0d80432c79 | 89 | |
| wolfSSL | 4:1b0d80432c79 | 90 | #define wc_InitSha wc_InitSha_sw |
| wolfSSL | 4:1b0d80432c79 | 91 | #define wc_ShaUpdate wc_ShaUpdate_sw |
| wolfSSL | 4:1b0d80432c79 | 92 | #define wc_ShaFinal wc_ShaFinal_sw |
| wolfSSL | 4:1b0d80432c79 | 93 | |
| wolfSSL | 4:1b0d80432c79 | 94 | #define wc_InitSha256 wc_InitSha256_sw |
| wolfSSL | 4:1b0d80432c79 | 95 | #define wc_Sha256Update wc_Sha256Update_sw |
| wolfSSL | 4:1b0d80432c79 | 96 | #define wc_Sha256Final wc_Sha256Final_sw |
| wolfSSL | 4:1b0d80432c79 | 97 | |
| wolfSSL | 4:1b0d80432c79 | 98 | #endif |
| wolfSSL | 4:1b0d80432c79 | 99 | |
| wolfSSL | 4:1b0d80432c79 | 100 | #ifdef HAVE_FIPS |
| wolfSSL | 4:1b0d80432c79 | 101 | /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ |
| wolfSSL | 4:1b0d80432c79 | 102 | #define FIPS_NO_WRAPPERS |
| wolfSSL | 4:1b0d80432c79 | 103 | #endif |
| wolfSSL | 4:1b0d80432c79 | 104 | |
| wolfSSL | 4:1b0d80432c79 | 105 | #include <wolfssl/wolfcrypt/error-crypt.h> |
| wolfSSL | 4:1b0d80432c79 | 106 | |
| wolfSSL | 4:1b0d80432c79 | 107 | |
| wolfSSL | 4:1b0d80432c79 | 108 | #ifdef HAVE_CAVIUM |
| wolfSSL | 4:1b0d80432c79 | 109 | static int HmacCaviumFinal(Hmac* hmac, byte* hash); |
| wolfSSL | 4:1b0d80432c79 | 110 | static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length); |
| wolfSSL | 4:1b0d80432c79 | 111 | static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, |
| wolfSSL | 4:1b0d80432c79 | 112 | word32 length); |
| wolfSSL | 4:1b0d80432c79 | 113 | #endif |
| wolfSSL | 4:1b0d80432c79 | 114 | |
| wolfSSL | 4:1b0d80432c79 | 115 | static int InitHmac(Hmac* hmac, int type) |
| wolfSSL | 4:1b0d80432c79 | 116 | { |
| wolfSSL | 4:1b0d80432c79 | 117 | int ret = 0; |
| wolfSSL | 4:1b0d80432c79 | 118 | |
| wolfSSL | 4:1b0d80432c79 | 119 | hmac->innerHashKeyed = 0; |
| wolfSSL | 4:1b0d80432c79 | 120 | hmac->macType = (byte)type; |
| wolfSSL | 4:1b0d80432c79 | 121 | |
| wolfSSL | 4:1b0d80432c79 | 122 | if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
| wolfSSL | 4:1b0d80432c79 | 123 | || type == SHA512 || type == BLAKE2B_ID)) |
| wolfSSL | 4:1b0d80432c79 | 124 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 125 | |
| wolfSSL | 4:1b0d80432c79 | 126 | switch (type) { |
| wolfSSL | 4:1b0d80432c79 | 127 | #ifndef NO_MD5 |
| wolfSSL | 4:1b0d80432c79 | 128 | case MD5: |
| wolfSSL | 4:1b0d80432c79 | 129 | wc_InitMd5(&hmac->hash.md5); |
| wolfSSL | 4:1b0d80432c79 | 130 | break; |
| wolfSSL | 4:1b0d80432c79 | 131 | #endif |
| wolfSSL | 4:1b0d80432c79 | 132 | |
| wolfSSL | 4:1b0d80432c79 | 133 | #ifndef NO_SHA |
| wolfSSL | 4:1b0d80432c79 | 134 | case SHA: |
| wolfSSL | 4:1b0d80432c79 | 135 | ret = wc_InitSha(&hmac->hash.sha); |
| wolfSSL | 4:1b0d80432c79 | 136 | break; |
| wolfSSL | 4:1b0d80432c79 | 137 | #endif |
| wolfSSL | 4:1b0d80432c79 | 138 | |
| wolfSSL | 4:1b0d80432c79 | 139 | #ifndef NO_SHA256 |
| wolfSSL | 4:1b0d80432c79 | 140 | case SHA256: |
| wolfSSL | 4:1b0d80432c79 | 141 | ret = wc_InitSha256(&hmac->hash.sha256); |
| wolfSSL | 4:1b0d80432c79 | 142 | break; |
| wolfSSL | 4:1b0d80432c79 | 143 | #endif |
| wolfSSL | 4:1b0d80432c79 | 144 | |
| wolfSSL | 4:1b0d80432c79 | 145 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 4:1b0d80432c79 | 146 | case SHA384: |
| wolfSSL | 4:1b0d80432c79 | 147 | ret = wc_InitSha384(&hmac->hash.sha384); |
| wolfSSL | 4:1b0d80432c79 | 148 | break; |
| wolfSSL | 4:1b0d80432c79 | 149 | #endif |
| wolfSSL | 4:1b0d80432c79 | 150 | |
| wolfSSL | 4:1b0d80432c79 | 151 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 4:1b0d80432c79 | 152 | case SHA512: |
| wolfSSL | 4:1b0d80432c79 | 153 | ret = wc_InitSha512(&hmac->hash.sha512); |
| wolfSSL | 4:1b0d80432c79 | 154 | break; |
| wolfSSL | 4:1b0d80432c79 | 155 | #endif |
| wolfSSL | 4:1b0d80432c79 | 156 | |
| wolfSSL | 4:1b0d80432c79 | 157 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 4:1b0d80432c79 | 158 | case BLAKE2B_ID: |
| wolfSSL | 4:1b0d80432c79 | 159 | ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); |
| wolfSSL | 4:1b0d80432c79 | 160 | break; |
| wolfSSL | 4:1b0d80432c79 | 161 | #endif |
| wolfSSL | 4:1b0d80432c79 | 162 | |
| wolfSSL | 4:1b0d80432c79 | 163 | default: |
| wolfSSL | 4:1b0d80432c79 | 164 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 165 | } |
| wolfSSL | 4:1b0d80432c79 | 166 | |
| wolfSSL | 4:1b0d80432c79 | 167 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 168 | } |
| wolfSSL | 4:1b0d80432c79 | 169 | |
| wolfSSL | 4:1b0d80432c79 | 170 | |
| wolfSSL | 4:1b0d80432c79 | 171 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) |
| wolfSSL | 4:1b0d80432c79 | 172 | { |
| wolfSSL | 4:1b0d80432c79 | 173 | byte* ip = (byte*) hmac->ipad; |
| wolfSSL | 4:1b0d80432c79 | 174 | byte* op = (byte*) hmac->opad; |
| wolfSSL | 4:1b0d80432c79 | 175 | word32 i, hmac_block_size = 0; |
| wolfSSL | 4:1b0d80432c79 | 176 | int ret; |
| wolfSSL | 4:1b0d80432c79 | 177 | |
| wolfSSL | 4:1b0d80432c79 | 178 | #ifdef HAVE_CAVIUM |
| wolfSSL | 4:1b0d80432c79 | 179 | if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC) |
| wolfSSL | 4:1b0d80432c79 | 180 | return HmacCaviumSetKey(hmac, type, key, length); |
| wolfSSL | 4:1b0d80432c79 | 181 | #endif |
| wolfSSL | 4:1b0d80432c79 | 182 | |
| wolfSSL | 4:1b0d80432c79 | 183 | ret = InitHmac(hmac, type); |
| wolfSSL | 4:1b0d80432c79 | 184 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 185 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 186 | |
| wolfSSL | 4:1b0d80432c79 | 187 | #ifdef HAVE_FIPS |
| wolfSSL | 4:1b0d80432c79 | 188 | if (length < HMAC_FIPS_MIN_KEY) |
| wolfSSL | 4:1b0d80432c79 | 189 | return HMAC_MIN_KEYLEN_E; |
| wolfSSL | 4:1b0d80432c79 | 190 | #endif |
| wolfSSL | 4:1b0d80432c79 | 191 | |
| wolfSSL | 4:1b0d80432c79 | 192 | switch (hmac->macType) { |
| wolfSSL | 4:1b0d80432c79 | 193 | #ifndef NO_MD5 |
| wolfSSL | 4:1b0d80432c79 | 194 | case MD5: |
| wolfSSL | 4:1b0d80432c79 | 195 | { |
| wolfSSL | 4:1b0d80432c79 | 196 | hmac_block_size = MD5_BLOCK_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 197 | if (length <= MD5_BLOCK_SIZE) { |
| wolfSSL | 4:1b0d80432c79 | 198 | XMEMCPY(ip, key, length); |
| wolfSSL | 4:1b0d80432c79 | 199 | } |
| wolfSSL | 4:1b0d80432c79 | 200 | else { |
| wolfSSL | 4:1b0d80432c79 | 201 | wc_Md5Update(&hmac->hash.md5, key, length); |
| wolfSSL | 4:1b0d80432c79 | 202 | wc_Md5Final(&hmac->hash.md5, ip); |
| wolfSSL | 4:1b0d80432c79 | 203 | length = MD5_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 204 | } |
| wolfSSL | 4:1b0d80432c79 | 205 | } |
| wolfSSL | 4:1b0d80432c79 | 206 | break; |
| wolfSSL | 4:1b0d80432c79 | 207 | #endif |
| wolfSSL | 4:1b0d80432c79 | 208 | |
| wolfSSL | 4:1b0d80432c79 | 209 | #ifndef NO_SHA |
| wolfSSL | 4:1b0d80432c79 | 210 | case SHA: |
| wolfSSL | 4:1b0d80432c79 | 211 | { |
| wolfSSL | 4:1b0d80432c79 | 212 | hmac_block_size = SHA_BLOCK_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 213 | if (length <= SHA_BLOCK_SIZE) { |
| wolfSSL | 4:1b0d80432c79 | 214 | XMEMCPY(ip, key, length); |
| wolfSSL | 4:1b0d80432c79 | 215 | } |
| wolfSSL | 4:1b0d80432c79 | 216 | else { |
| wolfSSL | 4:1b0d80432c79 | 217 | wc_ShaUpdate(&hmac->hash.sha, key, length); |
| wolfSSL | 4:1b0d80432c79 | 218 | wc_ShaFinal(&hmac->hash.sha, ip); |
| wolfSSL | 4:1b0d80432c79 | 219 | length = SHA_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 220 | } |
| wolfSSL | 4:1b0d80432c79 | 221 | } |
| wolfSSL | 4:1b0d80432c79 | 222 | break; |
| wolfSSL | 4:1b0d80432c79 | 223 | #endif |
| wolfSSL | 4:1b0d80432c79 | 224 | |
| wolfSSL | 4:1b0d80432c79 | 225 | #ifndef NO_SHA256 |
| wolfSSL | 4:1b0d80432c79 | 226 | case SHA256: |
| wolfSSL | 4:1b0d80432c79 | 227 | { |
| wolfSSL | 4:1b0d80432c79 | 228 | hmac_block_size = SHA256_BLOCK_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 229 | if (length <= SHA256_BLOCK_SIZE) { |
| wolfSSL | 4:1b0d80432c79 | 230 | XMEMCPY(ip, key, length); |
| wolfSSL | 4:1b0d80432c79 | 231 | } |
| wolfSSL | 4:1b0d80432c79 | 232 | else { |
| wolfSSL | 4:1b0d80432c79 | 233 | ret = wc_Sha256Update(&hmac->hash.sha256, key, length); |
| wolfSSL | 4:1b0d80432c79 | 234 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 235 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 236 | |
| wolfSSL | 4:1b0d80432c79 | 237 | ret = wc_Sha256Final(&hmac->hash.sha256, ip); |
| wolfSSL | 4:1b0d80432c79 | 238 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 239 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 240 | |
| wolfSSL | 4:1b0d80432c79 | 241 | length = SHA256_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 242 | } |
| wolfSSL | 4:1b0d80432c79 | 243 | } |
| wolfSSL | 4:1b0d80432c79 | 244 | break; |
| wolfSSL | 4:1b0d80432c79 | 245 | #endif |
| wolfSSL | 4:1b0d80432c79 | 246 | |
| wolfSSL | 4:1b0d80432c79 | 247 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 4:1b0d80432c79 | 248 | case SHA384: |
| wolfSSL | 4:1b0d80432c79 | 249 | { |
| wolfSSL | 4:1b0d80432c79 | 250 | hmac_block_size = SHA384_BLOCK_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 251 | if (length <= SHA384_BLOCK_SIZE) { |
| wolfSSL | 4:1b0d80432c79 | 252 | XMEMCPY(ip, key, length); |
| wolfSSL | 4:1b0d80432c79 | 253 | } |
| wolfSSL | 4:1b0d80432c79 | 254 | else { |
| wolfSSL | 4:1b0d80432c79 | 255 | ret = wc_Sha384Update(&hmac->hash.sha384, key, length); |
| wolfSSL | 4:1b0d80432c79 | 256 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 257 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 258 | |
| wolfSSL | 4:1b0d80432c79 | 259 | ret = wc_Sha384Final(&hmac->hash.sha384, ip); |
| wolfSSL | 4:1b0d80432c79 | 260 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 261 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 262 | |
| wolfSSL | 4:1b0d80432c79 | 263 | length = SHA384_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 264 | } |
| wolfSSL | 4:1b0d80432c79 | 265 | } |
| wolfSSL | 4:1b0d80432c79 | 266 | break; |
| wolfSSL | 4:1b0d80432c79 | 267 | #endif |
| wolfSSL | 4:1b0d80432c79 | 268 | |
| wolfSSL | 4:1b0d80432c79 | 269 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 4:1b0d80432c79 | 270 | case SHA512: |
| wolfSSL | 4:1b0d80432c79 | 271 | { |
| wolfSSL | 4:1b0d80432c79 | 272 | hmac_block_size = SHA512_BLOCK_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 273 | if (length <= SHA512_BLOCK_SIZE) { |
| wolfSSL | 4:1b0d80432c79 | 274 | XMEMCPY(ip, key, length); |
| wolfSSL | 4:1b0d80432c79 | 275 | } |
| wolfSSL | 4:1b0d80432c79 | 276 | else { |
| wolfSSL | 4:1b0d80432c79 | 277 | ret = wc_Sha512Update(&hmac->hash.sha512, key, length); |
| wolfSSL | 4:1b0d80432c79 | 278 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 279 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 280 | |
| wolfSSL | 4:1b0d80432c79 | 281 | ret = wc_Sha512Final(&hmac->hash.sha512, ip); |
| wolfSSL | 4:1b0d80432c79 | 282 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 283 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 284 | |
| wolfSSL | 4:1b0d80432c79 | 285 | length = SHA512_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 286 | } |
| wolfSSL | 4:1b0d80432c79 | 287 | } |
| wolfSSL | 4:1b0d80432c79 | 288 | break; |
| wolfSSL | 4:1b0d80432c79 | 289 | #endif |
| wolfSSL | 4:1b0d80432c79 | 290 | |
| wolfSSL | 4:1b0d80432c79 | 291 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 4:1b0d80432c79 | 292 | case BLAKE2B_ID: |
| wolfSSL | 4:1b0d80432c79 | 293 | { |
| wolfSSL | 4:1b0d80432c79 | 294 | hmac_block_size = BLAKE2B_BLOCKBYTES; |
| wolfSSL | 4:1b0d80432c79 | 295 | if (length <= BLAKE2B_BLOCKBYTES) { |
| wolfSSL | 4:1b0d80432c79 | 296 | XMEMCPY(ip, key, length); |
| wolfSSL | 4:1b0d80432c79 | 297 | } |
| wolfSSL | 4:1b0d80432c79 | 298 | else { |
| wolfSSL | 4:1b0d80432c79 | 299 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length); |
| wolfSSL | 4:1b0d80432c79 | 300 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 301 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 302 | |
| wolfSSL | 4:1b0d80432c79 | 303 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256); |
| wolfSSL | 4:1b0d80432c79 | 304 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 305 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 306 | |
| wolfSSL | 4:1b0d80432c79 | 307 | length = BLAKE2B_256; |
| wolfSSL | 4:1b0d80432c79 | 308 | } |
| wolfSSL | 4:1b0d80432c79 | 309 | } |
| wolfSSL | 4:1b0d80432c79 | 310 | break; |
| wolfSSL | 4:1b0d80432c79 | 311 | #endif |
| wolfSSL | 4:1b0d80432c79 | 312 | |
| wolfSSL | 4:1b0d80432c79 | 313 | default: |
| wolfSSL | 4:1b0d80432c79 | 314 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 315 | } |
| wolfSSL | 4:1b0d80432c79 | 316 | if (length < hmac_block_size) |
| wolfSSL | 4:1b0d80432c79 | 317 | XMEMSET(ip + length, 0, hmac_block_size - length); |
| wolfSSL | 4:1b0d80432c79 | 318 | |
| wolfSSL | 4:1b0d80432c79 | 319 | for(i = 0; i < hmac_block_size; i++) { |
| wolfSSL | 4:1b0d80432c79 | 320 | op[i] = ip[i] ^ OPAD; |
| wolfSSL | 4:1b0d80432c79 | 321 | ip[i] ^= IPAD; |
| wolfSSL | 4:1b0d80432c79 | 322 | } |
| wolfSSL | 4:1b0d80432c79 | 323 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 324 | } |
| wolfSSL | 4:1b0d80432c79 | 325 | |
| wolfSSL | 4:1b0d80432c79 | 326 | |
| wolfSSL | 4:1b0d80432c79 | 327 | static int HmacKeyInnerHash(Hmac* hmac) |
| wolfSSL | 4:1b0d80432c79 | 328 | { |
| wolfSSL | 4:1b0d80432c79 | 329 | int ret = 0; |
| wolfSSL | 4:1b0d80432c79 | 330 | |
| wolfSSL | 4:1b0d80432c79 | 331 | switch (hmac->macType) { |
| wolfSSL | 4:1b0d80432c79 | 332 | #ifndef NO_MD5 |
| wolfSSL | 4:1b0d80432c79 | 333 | case MD5: |
| wolfSSL | 4:1b0d80432c79 | 334 | wc_Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 335 | break; |
| wolfSSL | 4:1b0d80432c79 | 336 | #endif |
| wolfSSL | 4:1b0d80432c79 | 337 | |
| wolfSSL | 4:1b0d80432c79 | 338 | #ifndef NO_SHA |
| wolfSSL | 4:1b0d80432c79 | 339 | case SHA: |
| wolfSSL | 4:1b0d80432c79 | 340 | wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 341 | break; |
| wolfSSL | 4:1b0d80432c79 | 342 | #endif |
| wolfSSL | 4:1b0d80432c79 | 343 | |
| wolfSSL | 4:1b0d80432c79 | 344 | #ifndef NO_SHA256 |
| wolfSSL | 4:1b0d80432c79 | 345 | case SHA256: |
| wolfSSL | 4:1b0d80432c79 | 346 | ret = wc_Sha256Update(&hmac->hash.sha256, |
| wolfSSL | 4:1b0d80432c79 | 347 | (byte*) hmac->ipad, SHA256_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 348 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 349 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 350 | break; |
| wolfSSL | 4:1b0d80432c79 | 351 | #endif |
| wolfSSL | 4:1b0d80432c79 | 352 | |
| wolfSSL | 4:1b0d80432c79 | 353 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 4:1b0d80432c79 | 354 | case SHA384: |
| wolfSSL | 4:1b0d80432c79 | 355 | ret = wc_Sha384Update(&hmac->hash.sha384, |
| wolfSSL | 4:1b0d80432c79 | 356 | (byte*) hmac->ipad, SHA384_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 357 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 358 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 359 | break; |
| wolfSSL | 4:1b0d80432c79 | 360 | #endif |
| wolfSSL | 4:1b0d80432c79 | 361 | |
| wolfSSL | 4:1b0d80432c79 | 362 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 4:1b0d80432c79 | 363 | case SHA512: |
| wolfSSL | 4:1b0d80432c79 | 364 | ret = wc_Sha512Update(&hmac->hash.sha512, |
| wolfSSL | 4:1b0d80432c79 | 365 | (byte*) hmac->ipad, SHA512_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 366 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 367 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 368 | break; |
| wolfSSL | 4:1b0d80432c79 | 369 | #endif |
| wolfSSL | 4:1b0d80432c79 | 370 | |
| wolfSSL | 4:1b0d80432c79 | 371 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 4:1b0d80432c79 | 372 | case BLAKE2B_ID: |
| wolfSSL | 4:1b0d80432c79 | 373 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, |
| wolfSSL | 4:1b0d80432c79 | 374 | (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES); |
| wolfSSL | 4:1b0d80432c79 | 375 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 376 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 377 | break; |
| wolfSSL | 4:1b0d80432c79 | 378 | #endif |
| wolfSSL | 4:1b0d80432c79 | 379 | |
| wolfSSL | 4:1b0d80432c79 | 380 | default: |
| wolfSSL | 4:1b0d80432c79 | 381 | break; |
| wolfSSL | 4:1b0d80432c79 | 382 | } |
| wolfSSL | 4:1b0d80432c79 | 383 | |
| wolfSSL | 4:1b0d80432c79 | 384 | hmac->innerHashKeyed = 1; |
| wolfSSL | 4:1b0d80432c79 | 385 | |
| wolfSSL | 4:1b0d80432c79 | 386 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 387 | } |
| wolfSSL | 4:1b0d80432c79 | 388 | |
| wolfSSL | 4:1b0d80432c79 | 389 | |
| wolfSSL | 4:1b0d80432c79 | 390 | int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) |
| wolfSSL | 4:1b0d80432c79 | 391 | { |
| wolfSSL | 4:1b0d80432c79 | 392 | int ret; |
| wolfSSL | 4:1b0d80432c79 | 393 | |
| wolfSSL | 4:1b0d80432c79 | 394 | #ifdef HAVE_CAVIUM |
| wolfSSL | 4:1b0d80432c79 | 395 | if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC) |
| wolfSSL | 4:1b0d80432c79 | 396 | return HmacCaviumUpdate(hmac, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 397 | #endif |
| wolfSSL | 4:1b0d80432c79 | 398 | |
| wolfSSL | 4:1b0d80432c79 | 399 | if (!hmac->innerHashKeyed) { |
| wolfSSL | 4:1b0d80432c79 | 400 | ret = HmacKeyInnerHash(hmac); |
| wolfSSL | 4:1b0d80432c79 | 401 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 402 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 403 | } |
| wolfSSL | 4:1b0d80432c79 | 404 | |
| wolfSSL | 4:1b0d80432c79 | 405 | switch (hmac->macType) { |
| wolfSSL | 4:1b0d80432c79 | 406 | #ifndef NO_MD5 |
| wolfSSL | 4:1b0d80432c79 | 407 | case MD5: |
| wolfSSL | 4:1b0d80432c79 | 408 | wc_Md5Update(&hmac->hash.md5, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 409 | break; |
| wolfSSL | 4:1b0d80432c79 | 410 | #endif |
| wolfSSL | 4:1b0d80432c79 | 411 | |
| wolfSSL | 4:1b0d80432c79 | 412 | #ifndef NO_SHA |
| wolfSSL | 4:1b0d80432c79 | 413 | case SHA: |
| wolfSSL | 4:1b0d80432c79 | 414 | wc_ShaUpdate(&hmac->hash.sha, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 415 | break; |
| wolfSSL | 4:1b0d80432c79 | 416 | #endif |
| wolfSSL | 4:1b0d80432c79 | 417 | |
| wolfSSL | 4:1b0d80432c79 | 418 | #ifndef NO_SHA256 |
| wolfSSL | 4:1b0d80432c79 | 419 | case SHA256: |
| wolfSSL | 4:1b0d80432c79 | 420 | ret = wc_Sha256Update(&hmac->hash.sha256, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 421 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 422 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 423 | break; |
| wolfSSL | 4:1b0d80432c79 | 424 | #endif |
| wolfSSL | 4:1b0d80432c79 | 425 | |
| wolfSSL | 4:1b0d80432c79 | 426 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 4:1b0d80432c79 | 427 | case SHA384: |
| wolfSSL | 4:1b0d80432c79 | 428 | ret = wc_Sha384Update(&hmac->hash.sha384, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 429 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 430 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 431 | break; |
| wolfSSL | 4:1b0d80432c79 | 432 | #endif |
| wolfSSL | 4:1b0d80432c79 | 433 | |
| wolfSSL | 4:1b0d80432c79 | 434 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 4:1b0d80432c79 | 435 | case SHA512: |
| wolfSSL | 4:1b0d80432c79 | 436 | ret = wc_Sha512Update(&hmac->hash.sha512, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 437 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 438 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 439 | break; |
| wolfSSL | 4:1b0d80432c79 | 440 | #endif |
| wolfSSL | 4:1b0d80432c79 | 441 | |
| wolfSSL | 4:1b0d80432c79 | 442 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 4:1b0d80432c79 | 443 | case BLAKE2B_ID: |
| wolfSSL | 4:1b0d80432c79 | 444 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length); |
| wolfSSL | 4:1b0d80432c79 | 445 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 446 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 447 | break; |
| wolfSSL | 4:1b0d80432c79 | 448 | #endif |
| wolfSSL | 4:1b0d80432c79 | 449 | |
| wolfSSL | 4:1b0d80432c79 | 450 | default: |
| wolfSSL | 4:1b0d80432c79 | 451 | break; |
| wolfSSL | 4:1b0d80432c79 | 452 | } |
| wolfSSL | 4:1b0d80432c79 | 453 | |
| wolfSSL | 4:1b0d80432c79 | 454 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 455 | } |
| wolfSSL | 4:1b0d80432c79 | 456 | |
| wolfSSL | 4:1b0d80432c79 | 457 | |
| wolfSSL | 4:1b0d80432c79 | 458 | int wc_HmacFinal(Hmac* hmac, byte* hash) |
| wolfSSL | 4:1b0d80432c79 | 459 | { |
| wolfSSL | 4:1b0d80432c79 | 460 | int ret; |
| wolfSSL | 4:1b0d80432c79 | 461 | |
| wolfSSL | 4:1b0d80432c79 | 462 | #ifdef HAVE_CAVIUM |
| wolfSSL | 4:1b0d80432c79 | 463 | if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC) |
| wolfSSL | 4:1b0d80432c79 | 464 | return HmacCaviumFinal(hmac, hash); |
| wolfSSL | 4:1b0d80432c79 | 465 | #endif |
| wolfSSL | 4:1b0d80432c79 | 466 | |
| wolfSSL | 4:1b0d80432c79 | 467 | if (!hmac->innerHashKeyed) { |
| wolfSSL | 4:1b0d80432c79 | 468 | ret = HmacKeyInnerHash(hmac); |
| wolfSSL | 4:1b0d80432c79 | 469 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 470 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 471 | } |
| wolfSSL | 4:1b0d80432c79 | 472 | |
| wolfSSL | 4:1b0d80432c79 | 473 | switch (hmac->macType) { |
| wolfSSL | 4:1b0d80432c79 | 474 | #ifndef NO_MD5 |
| wolfSSL | 4:1b0d80432c79 | 475 | case MD5: |
| wolfSSL | 4:1b0d80432c79 | 476 | { |
| wolfSSL | 4:1b0d80432c79 | 477 | wc_Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash); |
| wolfSSL | 4:1b0d80432c79 | 478 | |
| wolfSSL | 4:1b0d80432c79 | 479 | wc_Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 480 | wc_Md5Update(&hmac->hash.md5, |
| wolfSSL | 4:1b0d80432c79 | 481 | (byte*) hmac->innerHash, MD5_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 482 | |
| wolfSSL | 4:1b0d80432c79 | 483 | wc_Md5Final(&hmac->hash.md5, hash); |
| wolfSSL | 4:1b0d80432c79 | 484 | } |
| wolfSSL | 4:1b0d80432c79 | 485 | break; |
| wolfSSL | 4:1b0d80432c79 | 486 | #endif |
| wolfSSL | 4:1b0d80432c79 | 487 | |
| wolfSSL | 4:1b0d80432c79 | 488 | #ifndef NO_SHA |
| wolfSSL | 4:1b0d80432c79 | 489 | case SHA: |
| wolfSSL | 4:1b0d80432c79 | 490 | { |
| wolfSSL | 4:1b0d80432c79 | 491 | wc_ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash); |
| wolfSSL | 4:1b0d80432c79 | 492 | |
| wolfSSL | 4:1b0d80432c79 | 493 | wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 494 | wc_ShaUpdate(&hmac->hash.sha, |
| wolfSSL | 4:1b0d80432c79 | 495 | (byte*) hmac->innerHash, SHA_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 496 | |
| wolfSSL | 4:1b0d80432c79 | 497 | wc_ShaFinal(&hmac->hash.sha, hash); |
| wolfSSL | 4:1b0d80432c79 | 498 | } |
| wolfSSL | 4:1b0d80432c79 | 499 | break; |
| wolfSSL | 4:1b0d80432c79 | 500 | #endif |
| wolfSSL | 4:1b0d80432c79 | 501 | |
| wolfSSL | 4:1b0d80432c79 | 502 | #ifndef NO_SHA256 |
| wolfSSL | 4:1b0d80432c79 | 503 | case SHA256: |
| wolfSSL | 4:1b0d80432c79 | 504 | { |
| wolfSSL | 4:1b0d80432c79 | 505 | ret = wc_Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash); |
| wolfSSL | 4:1b0d80432c79 | 506 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 507 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 508 | |
| wolfSSL | 4:1b0d80432c79 | 509 | ret = wc_Sha256Update(&hmac->hash.sha256, |
| wolfSSL | 4:1b0d80432c79 | 510 | (byte*) hmac->opad, SHA256_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 511 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 512 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 513 | |
| wolfSSL | 4:1b0d80432c79 | 514 | ret = wc_Sha256Update(&hmac->hash.sha256, |
| wolfSSL | 4:1b0d80432c79 | 515 | (byte*) hmac->innerHash, SHA256_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 516 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 517 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 518 | |
| wolfSSL | 4:1b0d80432c79 | 519 | ret = wc_Sha256Final(&hmac->hash.sha256, hash); |
| wolfSSL | 4:1b0d80432c79 | 520 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 521 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 522 | } |
| wolfSSL | 4:1b0d80432c79 | 523 | break; |
| wolfSSL | 4:1b0d80432c79 | 524 | #endif |
| wolfSSL | 4:1b0d80432c79 | 525 | |
| wolfSSL | 4:1b0d80432c79 | 526 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 4:1b0d80432c79 | 527 | case SHA384: |
| wolfSSL | 4:1b0d80432c79 | 528 | { |
| wolfSSL | 4:1b0d80432c79 | 529 | ret = wc_Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash); |
| wolfSSL | 4:1b0d80432c79 | 530 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 531 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 532 | |
| wolfSSL | 4:1b0d80432c79 | 533 | ret = wc_Sha384Update(&hmac->hash.sha384, |
| wolfSSL | 4:1b0d80432c79 | 534 | (byte*) hmac->opad, SHA384_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 535 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 536 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 537 | |
| wolfSSL | 4:1b0d80432c79 | 538 | ret = wc_Sha384Update(&hmac->hash.sha384, |
| wolfSSL | 4:1b0d80432c79 | 539 | (byte*) hmac->innerHash, SHA384_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 540 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 541 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 542 | |
| wolfSSL | 4:1b0d80432c79 | 543 | ret = wc_Sha384Final(&hmac->hash.sha384, hash); |
| wolfSSL | 4:1b0d80432c79 | 544 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 545 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 546 | } |
| wolfSSL | 4:1b0d80432c79 | 547 | break; |
| wolfSSL | 4:1b0d80432c79 | 548 | #endif |
| wolfSSL | 4:1b0d80432c79 | 549 | |
| wolfSSL | 4:1b0d80432c79 | 550 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 4:1b0d80432c79 | 551 | case SHA512: |
| wolfSSL | 4:1b0d80432c79 | 552 | { |
| wolfSSL | 4:1b0d80432c79 | 553 | ret = wc_Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash); |
| wolfSSL | 4:1b0d80432c79 | 554 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 555 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 556 | |
| wolfSSL | 4:1b0d80432c79 | 557 | ret = wc_Sha512Update(&hmac->hash.sha512, |
| wolfSSL | 4:1b0d80432c79 | 558 | (byte*) hmac->opad, SHA512_BLOCK_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 559 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 560 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 561 | |
| wolfSSL | 4:1b0d80432c79 | 562 | ret = wc_Sha512Update(&hmac->hash.sha512, |
| wolfSSL | 4:1b0d80432c79 | 563 | (byte*) hmac->innerHash, SHA512_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 564 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 565 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 566 | |
| wolfSSL | 4:1b0d80432c79 | 567 | ret = wc_Sha512Final(&hmac->hash.sha512, hash); |
| wolfSSL | 4:1b0d80432c79 | 568 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 569 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 570 | } |
| wolfSSL | 4:1b0d80432c79 | 571 | break; |
| wolfSSL | 4:1b0d80432c79 | 572 | #endif |
| wolfSSL | 4:1b0d80432c79 | 573 | |
| wolfSSL | 4:1b0d80432c79 | 574 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 4:1b0d80432c79 | 575 | case BLAKE2B_ID: |
| wolfSSL | 4:1b0d80432c79 | 576 | { |
| wolfSSL | 4:1b0d80432c79 | 577 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash, |
| wolfSSL | 4:1b0d80432c79 | 578 | BLAKE2B_256); |
| wolfSSL | 4:1b0d80432c79 | 579 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 580 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 581 | |
| wolfSSL | 4:1b0d80432c79 | 582 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, |
| wolfSSL | 4:1b0d80432c79 | 583 | (byte*) hmac->opad, BLAKE2B_BLOCKBYTES); |
| wolfSSL | 4:1b0d80432c79 | 584 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 585 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 586 | |
| wolfSSL | 4:1b0d80432c79 | 587 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, |
| wolfSSL | 4:1b0d80432c79 | 588 | (byte*) hmac->innerHash, BLAKE2B_256); |
| wolfSSL | 4:1b0d80432c79 | 589 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 590 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 591 | |
| wolfSSL | 4:1b0d80432c79 | 592 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256); |
| wolfSSL | 4:1b0d80432c79 | 593 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 594 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 595 | } |
| wolfSSL | 4:1b0d80432c79 | 596 | break; |
| wolfSSL | 4:1b0d80432c79 | 597 | #endif |
| wolfSSL | 4:1b0d80432c79 | 598 | |
| wolfSSL | 4:1b0d80432c79 | 599 | default: |
| wolfSSL | 4:1b0d80432c79 | 600 | break; |
| wolfSSL | 4:1b0d80432c79 | 601 | } |
| wolfSSL | 4:1b0d80432c79 | 602 | |
| wolfSSL | 4:1b0d80432c79 | 603 | hmac->innerHashKeyed = 0; |
| wolfSSL | 4:1b0d80432c79 | 604 | |
| wolfSSL | 4:1b0d80432c79 | 605 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 606 | } |
| wolfSSL | 4:1b0d80432c79 | 607 | |
| wolfSSL | 4:1b0d80432c79 | 608 | |
| wolfSSL | 4:1b0d80432c79 | 609 | #ifdef HAVE_CAVIUM |
| wolfSSL | 4:1b0d80432c79 | 610 | |
| wolfSSL | 4:1b0d80432c79 | 611 | /* Initialize Hmac for use with Nitrox device */ |
| wolfSSL | 4:1b0d80432c79 | 612 | int wc_HmacInitCavium(Hmac* hmac, int devId) |
| wolfSSL | 4:1b0d80432c79 | 613 | { |
| wolfSSL | 4:1b0d80432c79 | 614 | if (hmac == NULL) |
| wolfSSL | 4:1b0d80432c79 | 615 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 616 | |
| wolfSSL | 4:1b0d80432c79 | 617 | if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0) |
| wolfSSL | 4:1b0d80432c79 | 618 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 619 | |
| wolfSSL | 4:1b0d80432c79 | 620 | hmac->keyLen = 0; |
| wolfSSL | 4:1b0d80432c79 | 621 | hmac->dataLen = 0; |
| wolfSSL | 4:1b0d80432c79 | 622 | hmac->type = 0; |
| wolfSSL | 4:1b0d80432c79 | 623 | hmac->devId = devId; |
| wolfSSL | 4:1b0d80432c79 | 624 | hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC; |
| wolfSSL | 4:1b0d80432c79 | 625 | hmac->data = NULL; /* buffered input data */ |
| wolfSSL | 4:1b0d80432c79 | 626 | |
| wolfSSL | 4:1b0d80432c79 | 627 | hmac->innerHashKeyed = 0; |
| wolfSSL | 4:1b0d80432c79 | 628 | |
| wolfSSL | 4:1b0d80432c79 | 629 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 630 | } |
| wolfSSL | 4:1b0d80432c79 | 631 | |
| wolfSSL | 4:1b0d80432c79 | 632 | |
| wolfSSL | 4:1b0d80432c79 | 633 | /* Free Hmac from use with Nitrox device */ |
| wolfSSL | 4:1b0d80432c79 | 634 | void wc_HmacFreeCavium(Hmac* hmac) |
| wolfSSL | 4:1b0d80432c79 | 635 | { |
| wolfSSL | 4:1b0d80432c79 | 636 | if (hmac == NULL) |
| wolfSSL | 4:1b0d80432c79 | 637 | return; |
| wolfSSL | 4:1b0d80432c79 | 638 | |
| wolfSSL | 4:1b0d80432c79 | 639 | CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId); |
| wolfSSL | 4:1b0d80432c79 | 640 | hmac->magic = 0; |
| wolfSSL | 4:1b0d80432c79 | 641 | XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 4:1b0d80432c79 | 642 | hmac->data = NULL; |
| wolfSSL | 4:1b0d80432c79 | 643 | } |
| wolfSSL | 4:1b0d80432c79 | 644 | |
| wolfSSL | 4:1b0d80432c79 | 645 | |
| wolfSSL | 4:1b0d80432c79 | 646 | static int HmacCaviumFinal(Hmac* hmac, byte* hash) |
| wolfSSL | 4:1b0d80432c79 | 647 | { |
| wolfSSL | 4:1b0d80432c79 | 648 | word32 requestId; |
| wolfSSL | 4:1b0d80432c79 | 649 | |
| wolfSSL | 4:1b0d80432c79 | 650 | if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen, |
| wolfSSL | 4:1b0d80432c79 | 651 | (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId, |
| wolfSSL | 4:1b0d80432c79 | 652 | hmac->devId) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 653 | WOLFSSL_MSG("Cavium Hmac failed"); |
| wolfSSL | 4:1b0d80432c79 | 654 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 655 | } |
| wolfSSL | 4:1b0d80432c79 | 656 | hmac->innerHashKeyed = 0; /* tell update to start over if used again */ |
| wolfSSL | 4:1b0d80432c79 | 657 | |
| wolfSSL | 4:1b0d80432c79 | 658 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 659 | } |
| wolfSSL | 4:1b0d80432c79 | 660 | |
| wolfSSL | 4:1b0d80432c79 | 661 | |
| wolfSSL | 4:1b0d80432c79 | 662 | static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) |
| wolfSSL | 4:1b0d80432c79 | 663 | { |
| wolfSSL | 4:1b0d80432c79 | 664 | word16 add = (word16)length; |
| wolfSSL | 4:1b0d80432c79 | 665 | word32 total; |
| wolfSSL | 4:1b0d80432c79 | 666 | byte* tmp; |
| wolfSSL | 4:1b0d80432c79 | 667 | |
| wolfSSL | 4:1b0d80432c79 | 668 | if (length > WOLFSSL_MAX_16BIT) { |
| wolfSSL | 4:1b0d80432c79 | 669 | WOLFSSL_MSG("Too big msg for cavium hmac"); |
| wolfSSL | 4:1b0d80432c79 | 670 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 671 | } |
| wolfSSL | 4:1b0d80432c79 | 672 | |
| wolfSSL | 4:1b0d80432c79 | 673 | if (hmac->innerHashKeyed == 0) { /* starting new */ |
| wolfSSL | 4:1b0d80432c79 | 674 | hmac->dataLen = 0; |
| wolfSSL | 4:1b0d80432c79 | 675 | hmac->innerHashKeyed = 1; |
| wolfSSL | 4:1b0d80432c79 | 676 | } |
| wolfSSL | 4:1b0d80432c79 | 677 | |
| wolfSSL | 4:1b0d80432c79 | 678 | total = add + hmac->dataLen; |
| wolfSSL | 4:1b0d80432c79 | 679 | if (total > WOLFSSL_MAX_16BIT) { |
| wolfSSL | 4:1b0d80432c79 | 680 | WOLFSSL_MSG("Too big msg for cavium hmac"); |
| wolfSSL | 4:1b0d80432c79 | 681 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 682 | } |
| wolfSSL | 4:1b0d80432c79 | 683 | |
| wolfSSL | 4:1b0d80432c79 | 684 | tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 4:1b0d80432c79 | 685 | if (tmp == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 686 | WOLFSSL_MSG("Out of memory for cavium update"); |
| wolfSSL | 4:1b0d80432c79 | 687 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 688 | } |
| wolfSSL | 4:1b0d80432c79 | 689 | if (hmac->dataLen) |
| wolfSSL | 4:1b0d80432c79 | 690 | XMEMCPY(tmp, hmac->data, hmac->dataLen); |
| wolfSSL | 4:1b0d80432c79 | 691 | XMEMCPY(tmp + hmac->dataLen, msg, add); |
| wolfSSL | 4:1b0d80432c79 | 692 | |
| wolfSSL | 4:1b0d80432c79 | 693 | hmac->dataLen += add; |
| wolfSSL | 4:1b0d80432c79 | 694 | XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 4:1b0d80432c79 | 695 | hmac->data = tmp; |
| wolfSSL | 4:1b0d80432c79 | 696 | |
| wolfSSL | 4:1b0d80432c79 | 697 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 698 | } |
| wolfSSL | 4:1b0d80432c79 | 699 | |
| wolfSSL | 4:1b0d80432c79 | 700 | |
| wolfSSL | 4:1b0d80432c79 | 701 | static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, |
| wolfSSL | 4:1b0d80432c79 | 702 | word32 length) |
| wolfSSL | 4:1b0d80432c79 | 703 | { |
| wolfSSL | 4:1b0d80432c79 | 704 | hmac->macType = (byte)type; |
| wolfSSL | 4:1b0d80432c79 | 705 | if (type == MD5) |
| wolfSSL | 4:1b0d80432c79 | 706 | hmac->type = MD5_TYPE; |
| wolfSSL | 4:1b0d80432c79 | 707 | else if (type == SHA) |
| wolfSSL | 4:1b0d80432c79 | 708 | hmac->type = SHA1_TYPE; |
| wolfSSL | 4:1b0d80432c79 | 709 | else if (type == SHA256) |
| wolfSSL | 4:1b0d80432c79 | 710 | hmac->type = SHA256_TYPE; |
| wolfSSL | 4:1b0d80432c79 | 711 | else { |
| wolfSSL | 4:1b0d80432c79 | 712 | WOLFSSL_MSG("unsupported cavium hmac type"); |
| wolfSSL | 4:1b0d80432c79 | 713 | } |
| wolfSSL | 4:1b0d80432c79 | 714 | |
| wolfSSL | 4:1b0d80432c79 | 715 | hmac->innerHashKeyed = 0; /* should we key Startup flag */ |
| wolfSSL | 4:1b0d80432c79 | 716 | |
| wolfSSL | 4:1b0d80432c79 | 717 | hmac->keyLen = (word16)length; |
| wolfSSL | 4:1b0d80432c79 | 718 | /* store key in ipad */ |
| wolfSSL | 4:1b0d80432c79 | 719 | XMEMCPY(hmac->ipad, key, length); |
| wolfSSL | 4:1b0d80432c79 | 720 | |
| wolfSSL | 4:1b0d80432c79 | 721 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 722 | } |
| wolfSSL | 4:1b0d80432c79 | 723 | |
| wolfSSL | 4:1b0d80432c79 | 724 | #endif /* HAVE_CAVIUM */ |
| wolfSSL | 4:1b0d80432c79 | 725 | |
| wolfSSL | 4:1b0d80432c79 | 726 | int wolfSSL_GetHmacMaxSize(void) |
| wolfSSL | 4:1b0d80432c79 | 727 | { |
| wolfSSL | 4:1b0d80432c79 | 728 | return MAX_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 729 | } |
| wolfSSL | 4:1b0d80432c79 | 730 | |
| wolfSSL | 4:1b0d80432c79 | 731 | #ifdef HAVE_HKDF |
| wolfSSL | 4:1b0d80432c79 | 732 | |
| wolfSSL | 4:1b0d80432c79 | 733 | #ifndef WOLFSSL_HAVE_MIN |
| wolfSSL | 4:1b0d80432c79 | 734 | #define WOLFSSL_HAVE_MIN |
| wolfSSL | 4:1b0d80432c79 | 735 | |
| wolfSSL | 4:1b0d80432c79 | 736 | static INLINE word32 min(word32 a, word32 b) |
| wolfSSL | 4:1b0d80432c79 | 737 | { |
| wolfSSL | 4:1b0d80432c79 | 738 | return a > b ? b : a; |
| wolfSSL | 4:1b0d80432c79 | 739 | } |
| wolfSSL | 4:1b0d80432c79 | 740 | |
| wolfSSL | 4:1b0d80432c79 | 741 | #endif /* WOLFSSL_HAVE_MIN */ |
| wolfSSL | 4:1b0d80432c79 | 742 | |
| wolfSSL | 4:1b0d80432c79 | 743 | |
| wolfSSL | 4:1b0d80432c79 | 744 | static INLINE int GetHashSizeByType(int type) |
| wolfSSL | 4:1b0d80432c79 | 745 | { |
| wolfSSL | 4:1b0d80432c79 | 746 | if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
| wolfSSL | 4:1b0d80432c79 | 747 | || type == SHA512 || type == BLAKE2B_ID)) |
| wolfSSL | 4:1b0d80432c79 | 748 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 749 | |
| wolfSSL | 4:1b0d80432c79 | 750 | switch (type) { |
| wolfSSL | 4:1b0d80432c79 | 751 | #ifndef NO_MD5 |
| wolfSSL | 4:1b0d80432c79 | 752 | case MD5: |
| wolfSSL | 4:1b0d80432c79 | 753 | return MD5_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 754 | #endif |
| wolfSSL | 4:1b0d80432c79 | 755 | |
| wolfSSL | 4:1b0d80432c79 | 756 | #ifndef NO_SHA |
| wolfSSL | 4:1b0d80432c79 | 757 | case SHA: |
| wolfSSL | 4:1b0d80432c79 | 758 | return SHA_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 759 | #endif |
| wolfSSL | 4:1b0d80432c79 | 760 | |
| wolfSSL | 4:1b0d80432c79 | 761 | #ifndef NO_SHA256 |
| wolfSSL | 4:1b0d80432c79 | 762 | case SHA256: |
| wolfSSL | 4:1b0d80432c79 | 763 | return SHA256_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 764 | #endif |
| wolfSSL | 4:1b0d80432c79 | 765 | |
| wolfSSL | 4:1b0d80432c79 | 766 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 4:1b0d80432c79 | 767 | case SHA384: |
| wolfSSL | 4:1b0d80432c79 | 768 | return SHA384_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 769 | #endif |
| wolfSSL | 4:1b0d80432c79 | 770 | |
| wolfSSL | 4:1b0d80432c79 | 771 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 4:1b0d80432c79 | 772 | case SHA512: |
| wolfSSL | 4:1b0d80432c79 | 773 | return SHA512_DIGEST_SIZE; |
| wolfSSL | 4:1b0d80432c79 | 774 | #endif |
| wolfSSL | 4:1b0d80432c79 | 775 | |
| wolfSSL | 4:1b0d80432c79 | 776 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 4:1b0d80432c79 | 777 | case BLAKE2B_ID: |
| wolfSSL | 4:1b0d80432c79 | 778 | return BLAKE2B_OUTBYTES; |
| wolfSSL | 4:1b0d80432c79 | 779 | #endif |
| wolfSSL | 4:1b0d80432c79 | 780 | |
| wolfSSL | 4:1b0d80432c79 | 781 | default: |
| wolfSSL | 4:1b0d80432c79 | 782 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 783 | } |
| wolfSSL | 4:1b0d80432c79 | 784 | } |
| wolfSSL | 4:1b0d80432c79 | 785 | |
| wolfSSL | 4:1b0d80432c79 | 786 | |
| wolfSSL | 4:1b0d80432c79 | 787 | /* HMAC-KDF with hash type, optional salt and info, return 0 on success */ |
| wolfSSL | 4:1b0d80432c79 | 788 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz, |
| wolfSSL | 4:1b0d80432c79 | 789 | const byte* salt, word32 saltSz, |
| wolfSSL | 4:1b0d80432c79 | 790 | const byte* info, word32 infoSz, |
| wolfSSL | 4:1b0d80432c79 | 791 | byte* out, word32 outSz) |
| wolfSSL | 4:1b0d80432c79 | 792 | { |
| wolfSSL | 4:1b0d80432c79 | 793 | Hmac myHmac; |
| wolfSSL | 4:1b0d80432c79 | 794 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 795 | byte* tmp; |
| wolfSSL | 4:1b0d80432c79 | 796 | byte* prk; |
| wolfSSL | 4:1b0d80432c79 | 797 | #else |
| wolfSSL | 4:1b0d80432c79 | 798 | byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */ |
| wolfSSL | 4:1b0d80432c79 | 799 | byte prk[MAX_DIGEST_SIZE]; |
| wolfSSL | 4:1b0d80432c79 | 800 | #endif |
| wolfSSL | 4:1b0d80432c79 | 801 | const byte* localSalt; /* either points to user input or tmp */ |
| wolfSSL | 4:1b0d80432c79 | 802 | int hashSz = GetHashSizeByType(type); |
| wolfSSL | 4:1b0d80432c79 | 803 | word32 outIdx = 0; |
| wolfSSL | 4:1b0d80432c79 | 804 | byte n = 0x1; |
| wolfSSL | 4:1b0d80432c79 | 805 | int ret; |
| wolfSSL | 4:1b0d80432c79 | 806 | |
| wolfSSL | 4:1b0d80432c79 | 807 | if (hashSz < 0) |
| wolfSSL | 4:1b0d80432c79 | 808 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 809 | |
| wolfSSL | 4:1b0d80432c79 | 810 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 811 | tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 812 | if (tmp == NULL) |
| wolfSSL | 4:1b0d80432c79 | 813 | return MEMORY_E; |
| wolfSSL | 4:1b0d80432c79 | 814 | |
| wolfSSL | 4:1b0d80432c79 | 815 | prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 816 | if (prk == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 817 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 818 | return MEMORY_E; |
| wolfSSL | 4:1b0d80432c79 | 819 | } |
| wolfSSL | 4:1b0d80432c79 | 820 | #endif |
| wolfSSL | 4:1b0d80432c79 | 821 | |
| wolfSSL | 4:1b0d80432c79 | 822 | localSalt = salt; |
| wolfSSL | 4:1b0d80432c79 | 823 | if (localSalt == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 824 | XMEMSET(tmp, 0, hashSz); |
| wolfSSL | 4:1b0d80432c79 | 825 | localSalt = tmp; |
| wolfSSL | 4:1b0d80432c79 | 826 | saltSz = hashSz; |
| wolfSSL | 4:1b0d80432c79 | 827 | } |
| wolfSSL | 4:1b0d80432c79 | 828 | |
| wolfSSL | 4:1b0d80432c79 | 829 | do { |
| wolfSSL | 4:1b0d80432c79 | 830 | ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); |
| wolfSSL | 4:1b0d80432c79 | 831 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 832 | break; |
| wolfSSL | 4:1b0d80432c79 | 833 | ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); |
| wolfSSL | 4:1b0d80432c79 | 834 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 835 | break; |
| wolfSSL | 4:1b0d80432c79 | 836 | ret = wc_HmacFinal(&myHmac, prk); |
| wolfSSL | 4:1b0d80432c79 | 837 | } while (0); |
| wolfSSL | 4:1b0d80432c79 | 838 | |
| wolfSSL | 4:1b0d80432c79 | 839 | if (ret == 0) { |
| wolfSSL | 4:1b0d80432c79 | 840 | while (outIdx < outSz) { |
| wolfSSL | 4:1b0d80432c79 | 841 | int tmpSz = (n == 1) ? 0 : hashSz; |
| wolfSSL | 4:1b0d80432c79 | 842 | word32 left = outSz - outIdx; |
| wolfSSL | 4:1b0d80432c79 | 843 | |
| wolfSSL | 4:1b0d80432c79 | 844 | ret = wc_HmacSetKey(&myHmac, type, prk, hashSz); |
| wolfSSL | 4:1b0d80432c79 | 845 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 846 | break; |
| wolfSSL | 4:1b0d80432c79 | 847 | ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); |
| wolfSSL | 4:1b0d80432c79 | 848 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 849 | break; |
| wolfSSL | 4:1b0d80432c79 | 850 | ret = wc_HmacUpdate(&myHmac, info, infoSz); |
| wolfSSL | 4:1b0d80432c79 | 851 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 852 | break; |
| wolfSSL | 4:1b0d80432c79 | 853 | ret = wc_HmacUpdate(&myHmac, &n, 1); |
| wolfSSL | 4:1b0d80432c79 | 854 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 855 | break; |
| wolfSSL | 4:1b0d80432c79 | 856 | ret = wc_HmacFinal(&myHmac, tmp); |
| wolfSSL | 4:1b0d80432c79 | 857 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 858 | break; |
| wolfSSL | 4:1b0d80432c79 | 859 | |
| wolfSSL | 4:1b0d80432c79 | 860 | left = min(left, (word32)hashSz); |
| wolfSSL | 4:1b0d80432c79 | 861 | XMEMCPY(out+outIdx, tmp, left); |
| wolfSSL | 4:1b0d80432c79 | 862 | |
| wolfSSL | 4:1b0d80432c79 | 863 | outIdx += hashSz; |
| wolfSSL | 4:1b0d80432c79 | 864 | n++; |
| wolfSSL | 4:1b0d80432c79 | 865 | } |
| wolfSSL | 4:1b0d80432c79 | 866 | } |
| wolfSSL | 4:1b0d80432c79 | 867 | |
| wolfSSL | 4:1b0d80432c79 | 868 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 869 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 870 | XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 871 | #endif |
| wolfSSL | 4:1b0d80432c79 | 872 | |
| wolfSSL | 4:1b0d80432c79 | 873 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 874 | } |
| wolfSSL | 4:1b0d80432c79 | 875 | |
| wolfSSL | 4:1b0d80432c79 | 876 | #endif /* HAVE_HKDF */ |
| wolfSSL | 4:1b0d80432c79 | 877 | |
| wolfSSL | 4:1b0d80432c79 | 878 | #endif /* HAVE_FIPS */ |
| wolfSSL | 4:1b0d80432c79 | 879 | #endif /* NO_HMAC */ |
| wolfSSL | 4:1b0d80432c79 | 880 |