wolf SSL
wolfSSL 3.11.1 for TLS1.3 beta
wolfcrypt/src/hmac.c@7:481bce714567, 2017-05-02 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue May 02 08:44:47 2017 +0000
- Revision:
- 7:481bce714567
wolfSSL3.10.2
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wolfSSL | 7:481bce714567 | 1 | /* hmac.h |
| wolfSSL | 7:481bce714567 | 2 | * |
| wolfSSL | 7:481bce714567 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
| wolfSSL | 7:481bce714567 | 4 | * |
| wolfSSL | 7:481bce714567 | 5 | * This file is part of wolfSSL. |
| wolfSSL | 7:481bce714567 | 6 | * |
| wolfSSL | 7:481bce714567 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| wolfSSL | 7:481bce714567 | 8 | * it under the terms of the GNU General Public License as published by |
| wolfSSL | 7:481bce714567 | 9 | * the Free Software Foundation; either version 2 of the License, or |
| wolfSSL | 7:481bce714567 | 10 | * (at your option) any later version. |
| wolfSSL | 7:481bce714567 | 11 | * |
| wolfSSL | 7:481bce714567 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| wolfSSL | 7:481bce714567 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| wolfSSL | 7:481bce714567 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| wolfSSL | 7:481bce714567 | 15 | * GNU General Public License for more details. |
| wolfSSL | 7:481bce714567 | 16 | * |
| wolfSSL | 7:481bce714567 | 17 | * You should have received a copy of the GNU General Public License |
| wolfSSL | 7:481bce714567 | 18 | * along with this program; if not, write to the Free Software |
| wolfSSL | 7:481bce714567 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| wolfSSL | 7:481bce714567 | 20 | */ |
| wolfSSL | 7:481bce714567 | 21 | |
| wolfSSL | 7:481bce714567 | 22 | |
| wolfSSL | 7:481bce714567 | 23 | #ifdef HAVE_CONFIG_H |
| wolfSSL | 7:481bce714567 | 24 | #include <config.h> |
| wolfSSL | 7:481bce714567 | 25 | #endif |
| wolfSSL | 7:481bce714567 | 26 | |
| wolfSSL | 7:481bce714567 | 27 | #include <wolfssl/wolfcrypt/settings.h> |
| wolfSSL | 7:481bce714567 | 28 | |
| wolfSSL | 7:481bce714567 | 29 | #ifndef NO_HMAC |
| wolfSSL | 7:481bce714567 | 30 | |
| wolfSSL | 7:481bce714567 | 31 | #include <wolfssl/wolfcrypt/hmac.h> |
| wolfSSL | 7:481bce714567 | 32 | |
| wolfSSL | 7:481bce714567 | 33 | #ifdef NO_INLINE |
| wolfSSL | 7:481bce714567 | 34 | #include <wolfssl/wolfcrypt/misc.h> |
| wolfSSL | 7:481bce714567 | 35 | #else |
| wolfSSL | 7:481bce714567 | 36 | #define WOLFSSL_MISC_INCLUDED |
| wolfSSL | 7:481bce714567 | 37 | #include <wolfcrypt/src/misc.c> |
| wolfSSL | 7:481bce714567 | 38 | #endif |
| wolfSSL | 7:481bce714567 | 39 | |
| wolfSSL | 7:481bce714567 | 40 | |
| wolfSSL | 7:481bce714567 | 41 | #ifdef HAVE_FIPS |
| wolfSSL | 7:481bce714567 | 42 | /* does init */ |
| wolfSSL | 7:481bce714567 | 43 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz) |
| wolfSSL | 7:481bce714567 | 44 | { |
| wolfSSL | 7:481bce714567 | 45 | return HmacSetKey_fips(hmac, type, key, keySz); |
| wolfSSL | 7:481bce714567 | 46 | } |
| wolfSSL | 7:481bce714567 | 47 | |
| wolfSSL | 7:481bce714567 | 48 | |
| wolfSSL | 7:481bce714567 | 49 | int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz) |
| wolfSSL | 7:481bce714567 | 50 | { |
| wolfSSL | 7:481bce714567 | 51 | return HmacUpdate_fips(hmac, in, sz); |
| wolfSSL | 7:481bce714567 | 52 | } |
| wolfSSL | 7:481bce714567 | 53 | |
| wolfSSL | 7:481bce714567 | 54 | |
| wolfSSL | 7:481bce714567 | 55 | int wc_HmacFinal(Hmac* hmac, byte* out) |
| wolfSSL | 7:481bce714567 | 56 | { |
| wolfSSL | 7:481bce714567 | 57 | return HmacFinal_fips(hmac, out); |
| wolfSSL | 7:481bce714567 | 58 | } |
| wolfSSL | 7:481bce714567 | 59 | |
| wolfSSL | 7:481bce714567 | 60 | |
| wolfSSL | 7:481bce714567 | 61 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 7:481bce714567 | 62 | int wc_HmacAsyncInit(Hmac* hmac, int i) |
| wolfSSL | 7:481bce714567 | 63 | { |
| wolfSSL | 7:481bce714567 | 64 | return HmacAsyncInit(hmac, i); |
| wolfSSL | 7:481bce714567 | 65 | } |
| wolfSSL | 7:481bce714567 | 66 | |
| wolfSSL | 7:481bce714567 | 67 | |
| wolfSSL | 7:481bce714567 | 68 | void wc_HmacAsyncFree(Hmac* hmac) |
| wolfSSL | 7:481bce714567 | 69 | { |
| wolfSSL | 7:481bce714567 | 70 | HmacAsyncFree(hmac); |
| wolfSSL | 7:481bce714567 | 71 | } |
| wolfSSL | 7:481bce714567 | 72 | #endif |
| wolfSSL | 7:481bce714567 | 73 | |
| wolfSSL | 7:481bce714567 | 74 | int wolfSSL_GetHmacMaxSize(void) |
| wolfSSL | 7:481bce714567 | 75 | { |
| wolfSSL | 7:481bce714567 | 76 | return CyaSSL_GetHmacMaxSize(); |
| wolfSSL | 7:481bce714567 | 77 | } |
| wolfSSL | 7:481bce714567 | 78 | |
| wolfSSL | 7:481bce714567 | 79 | #ifdef HAVE_HKDF |
| wolfSSL | 7:481bce714567 | 80 | |
| wolfSSL | 7:481bce714567 | 81 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz, |
| wolfSSL | 7:481bce714567 | 82 | const byte* salt, word32 saltSz, |
| wolfSSL | 7:481bce714567 | 83 | const byte* info, word32 infoSz, |
| wolfSSL | 7:481bce714567 | 84 | byte* out, word32 outSz) |
| wolfSSL | 7:481bce714567 | 85 | { |
| wolfSSL | 7:481bce714567 | 86 | return HKDF(type, inKey, inKeySz, salt, saltSz, info, infoSz, out, outSz); |
| wolfSSL | 7:481bce714567 | 87 | } |
| wolfSSL | 7:481bce714567 | 88 | |
| wolfSSL | 7:481bce714567 | 89 | |
| wolfSSL | 7:481bce714567 | 90 | #endif /* HAVE_HKDF */ |
| wolfSSL | 7:481bce714567 | 91 | #else /* else build without fips */ |
| wolfSSL | 7:481bce714567 | 92 | #ifdef WOLFSSL_PIC32MZ_HASH |
| wolfSSL | 7:481bce714567 | 93 | |
| wolfSSL | 7:481bce714567 | 94 | #define wc_InitMd5 wc_InitMd5_sw |
| wolfSSL | 7:481bce714567 | 95 | #define wc_Md5Update wc_Md5Update_sw |
| wolfSSL | 7:481bce714567 | 96 | #define wc_Md5Final wc_Md5Final_sw |
| wolfSSL | 7:481bce714567 | 97 | |
| wolfSSL | 7:481bce714567 | 98 | #define wc_InitSha wc_InitSha_sw |
| wolfSSL | 7:481bce714567 | 99 | #define wc_ShaUpdate wc_ShaUpdate_sw |
| wolfSSL | 7:481bce714567 | 100 | #define wc_ShaFinal wc_ShaFinal_sw |
| wolfSSL | 7:481bce714567 | 101 | |
| wolfSSL | 7:481bce714567 | 102 | #define wc_InitSha256 wc_InitSha256_sw |
| wolfSSL | 7:481bce714567 | 103 | #define wc_Sha256Update wc_Sha256Update_sw |
| wolfSSL | 7:481bce714567 | 104 | #define wc_Sha256Final wc_Sha256Final_sw |
| wolfSSL | 7:481bce714567 | 105 | |
| wolfSSL | 7:481bce714567 | 106 | #endif |
| wolfSSL | 7:481bce714567 | 107 | |
| wolfSSL | 7:481bce714567 | 108 | #ifdef HAVE_FIPS |
| wolfSSL | 7:481bce714567 | 109 | /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ |
| wolfSSL | 7:481bce714567 | 110 | #define FIPS_NO_WRAPPERS |
| wolfSSL | 7:481bce714567 | 111 | #endif |
| wolfSSL | 7:481bce714567 | 112 | |
| wolfSSL | 7:481bce714567 | 113 | #include <wolfssl/wolfcrypt/error-crypt.h> |
| wolfSSL | 7:481bce714567 | 114 | |
| wolfSSL | 7:481bce714567 | 115 | |
| wolfSSL | 7:481bce714567 | 116 | int wc_HmacSizeByType(int type) |
| wolfSSL | 7:481bce714567 | 117 | { |
| wolfSSL | 7:481bce714567 | 118 | if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
| wolfSSL | 7:481bce714567 | 119 | || type == SHA512 || type == BLAKE2B_ID |
| wolfSSL | 7:481bce714567 | 120 | || type == SHA224)) { |
| wolfSSL | 7:481bce714567 | 121 | return BAD_FUNC_ARG; |
| wolfSSL | 7:481bce714567 | 122 | } |
| wolfSSL | 7:481bce714567 | 123 | |
| wolfSSL | 7:481bce714567 | 124 | switch (type) { |
| wolfSSL | 7:481bce714567 | 125 | #ifndef NO_MD5 |
| wolfSSL | 7:481bce714567 | 126 | case MD5: |
| wolfSSL | 7:481bce714567 | 127 | return MD5_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 128 | #endif |
| wolfSSL | 7:481bce714567 | 129 | |
| wolfSSL | 7:481bce714567 | 130 | #ifndef NO_SHA |
| wolfSSL | 7:481bce714567 | 131 | case SHA: |
| wolfSSL | 7:481bce714567 | 132 | return SHA_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 133 | #endif |
| wolfSSL | 7:481bce714567 | 134 | |
| wolfSSL | 7:481bce714567 | 135 | #ifdef WOLFSSL_SHA224 |
| wolfSSL | 7:481bce714567 | 136 | case SHA224: |
| wolfSSL | 7:481bce714567 | 137 | return SHA224_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 138 | #endif |
| wolfSSL | 7:481bce714567 | 139 | |
| wolfSSL | 7:481bce714567 | 140 | #ifndef NO_SHA256 |
| wolfSSL | 7:481bce714567 | 141 | case SHA256: |
| wolfSSL | 7:481bce714567 | 142 | return SHA256_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 143 | #endif |
| wolfSSL | 7:481bce714567 | 144 | |
| wolfSSL | 7:481bce714567 | 145 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 7:481bce714567 | 146 | case SHA384: |
| wolfSSL | 7:481bce714567 | 147 | return SHA384_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 148 | #endif |
| wolfSSL | 7:481bce714567 | 149 | |
| wolfSSL | 7:481bce714567 | 150 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 7:481bce714567 | 151 | case SHA512: |
| wolfSSL | 7:481bce714567 | 152 | return SHA512_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 153 | #endif |
| wolfSSL | 7:481bce714567 | 154 | |
| wolfSSL | 7:481bce714567 | 155 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 7:481bce714567 | 156 | case BLAKE2B_ID: |
| wolfSSL | 7:481bce714567 | 157 | return BLAKE2B_OUTBYTES; |
| wolfSSL | 7:481bce714567 | 158 | #endif |
| wolfSSL | 7:481bce714567 | 159 | |
| wolfSSL | 7:481bce714567 | 160 | default: |
| wolfSSL | 7:481bce714567 | 161 | return BAD_FUNC_ARG; |
| wolfSSL | 7:481bce714567 | 162 | } |
| wolfSSL | 7:481bce714567 | 163 | } |
| wolfSSL | 7:481bce714567 | 164 | |
| wolfSSL | 7:481bce714567 | 165 | static int InitHmac(Hmac* hmac, int type) |
| wolfSSL | 7:481bce714567 | 166 | { |
| wolfSSL | 7:481bce714567 | 167 | int ret = 0; |
| wolfSSL | 7:481bce714567 | 168 | |
| wolfSSL | 7:481bce714567 | 169 | hmac->innerHashKeyed = 0; |
| wolfSSL | 7:481bce714567 | 170 | hmac->macType = (byte)type; |
| wolfSSL | 7:481bce714567 | 171 | |
| wolfSSL | 7:481bce714567 | 172 | if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
| wolfSSL | 7:481bce714567 | 173 | || type == SHA512 || type == BLAKE2B_ID |
| wolfSSL | 7:481bce714567 | 174 | || type == SHA224)) |
| wolfSSL | 7:481bce714567 | 175 | return BAD_FUNC_ARG; |
| wolfSSL | 7:481bce714567 | 176 | |
| wolfSSL | 7:481bce714567 | 177 | switch (type) { |
| wolfSSL | 7:481bce714567 | 178 | #ifndef NO_MD5 |
| wolfSSL | 7:481bce714567 | 179 | case MD5: |
| wolfSSL | 7:481bce714567 | 180 | wc_InitMd5(&hmac->hash.md5); |
| wolfSSL | 7:481bce714567 | 181 | break; |
| wolfSSL | 7:481bce714567 | 182 | #endif |
| wolfSSL | 7:481bce714567 | 183 | |
| wolfSSL | 7:481bce714567 | 184 | #ifndef NO_SHA |
| wolfSSL | 7:481bce714567 | 185 | case SHA: |
| wolfSSL | 7:481bce714567 | 186 | ret = wc_InitSha(&hmac->hash.sha); |
| wolfSSL | 7:481bce714567 | 187 | break; |
| wolfSSL | 7:481bce714567 | 188 | #endif |
| wolfSSL | 7:481bce714567 | 189 | |
| wolfSSL | 7:481bce714567 | 190 | #ifdef WOLFSSL_SHA224 |
| wolfSSL | 7:481bce714567 | 191 | case SHA224: |
| wolfSSL | 7:481bce714567 | 192 | ret = wc_InitSha224(&hmac->hash.sha224); |
| wolfSSL | 7:481bce714567 | 193 | break; |
| wolfSSL | 7:481bce714567 | 194 | #endif |
| wolfSSL | 7:481bce714567 | 195 | |
| wolfSSL | 7:481bce714567 | 196 | #ifndef NO_SHA256 |
| wolfSSL | 7:481bce714567 | 197 | case SHA256: |
| wolfSSL | 7:481bce714567 | 198 | ret = wc_InitSha256(&hmac->hash.sha256); |
| wolfSSL | 7:481bce714567 | 199 | break; |
| wolfSSL | 7:481bce714567 | 200 | #endif |
| wolfSSL | 7:481bce714567 | 201 | |
| wolfSSL | 7:481bce714567 | 202 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 7:481bce714567 | 203 | case SHA384: |
| wolfSSL | 7:481bce714567 | 204 | ret = wc_InitSha384(&hmac->hash.sha384); |
| wolfSSL | 7:481bce714567 | 205 | break; |
| wolfSSL | 7:481bce714567 | 206 | #endif |
| wolfSSL | 7:481bce714567 | 207 | |
| wolfSSL | 7:481bce714567 | 208 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 7:481bce714567 | 209 | case SHA512: |
| wolfSSL | 7:481bce714567 | 210 | ret = wc_InitSha512(&hmac->hash.sha512); |
| wolfSSL | 7:481bce714567 | 211 | break; |
| wolfSSL | 7:481bce714567 | 212 | #endif |
| wolfSSL | 7:481bce714567 | 213 | |
| wolfSSL | 7:481bce714567 | 214 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 7:481bce714567 | 215 | case BLAKE2B_ID: |
| wolfSSL | 7:481bce714567 | 216 | ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); |
| wolfSSL | 7:481bce714567 | 217 | break; |
| wolfSSL | 7:481bce714567 | 218 | #endif |
| wolfSSL | 7:481bce714567 | 219 | |
| wolfSSL | 7:481bce714567 | 220 | default: |
| wolfSSL | 7:481bce714567 | 221 | return BAD_FUNC_ARG; |
| wolfSSL | 7:481bce714567 | 222 | } |
| wolfSSL | 7:481bce714567 | 223 | |
| wolfSSL | 7:481bce714567 | 224 | return ret; |
| wolfSSL | 7:481bce714567 | 225 | } |
| wolfSSL | 7:481bce714567 | 226 | |
| wolfSSL | 7:481bce714567 | 227 | |
| wolfSSL | 7:481bce714567 | 228 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) |
| wolfSSL | 7:481bce714567 | 229 | { |
| wolfSSL | 7:481bce714567 | 230 | byte* ip = (byte*) hmac->ipad; |
| wolfSSL | 7:481bce714567 | 231 | byte* op = (byte*) hmac->opad; |
| wolfSSL | 7:481bce714567 | 232 | word32 i, hmac_block_size = 0; |
| wolfSSL | 7:481bce714567 | 233 | int ret; |
| wolfSSL | 7:481bce714567 | 234 | |
| wolfSSL | 7:481bce714567 | 235 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) |
| wolfSSL | 7:481bce714567 | 236 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
| wolfSSL | 7:481bce714567 | 237 | return NitroxHmacSetKey(hmac, type, key, length); |
| wolfSSL | 7:481bce714567 | 238 | } |
| wolfSSL | 7:481bce714567 | 239 | #endif |
| wolfSSL | 7:481bce714567 | 240 | |
| wolfSSL | 7:481bce714567 | 241 | ret = InitHmac(hmac, type); |
| wolfSSL | 7:481bce714567 | 242 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 243 | return ret; |
| wolfSSL | 7:481bce714567 | 244 | |
| wolfSSL | 7:481bce714567 | 245 | #ifdef HAVE_FIPS |
| wolfSSL | 7:481bce714567 | 246 | if (length < HMAC_FIPS_MIN_KEY) |
| wolfSSL | 7:481bce714567 | 247 | return HMAC_MIN_KEYLEN_E; |
| wolfSSL | 7:481bce714567 | 248 | #endif |
| wolfSSL | 7:481bce714567 | 249 | |
| wolfSSL | 7:481bce714567 | 250 | switch (hmac->macType) { |
| wolfSSL | 7:481bce714567 | 251 | #ifndef NO_MD5 |
| wolfSSL | 7:481bce714567 | 252 | case MD5: |
| wolfSSL | 7:481bce714567 | 253 | { |
| wolfSSL | 7:481bce714567 | 254 | hmac_block_size = MD5_BLOCK_SIZE; |
| wolfSSL | 7:481bce714567 | 255 | if (length <= MD5_BLOCK_SIZE) { |
| wolfSSL | 7:481bce714567 | 256 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 257 | } |
| wolfSSL | 7:481bce714567 | 258 | else { |
| wolfSSL | 7:481bce714567 | 259 | wc_Md5Update(&hmac->hash.md5, key, length); |
| wolfSSL | 7:481bce714567 | 260 | wc_Md5Final(&hmac->hash.md5, ip); |
| wolfSSL | 7:481bce714567 | 261 | length = MD5_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 262 | } |
| wolfSSL | 7:481bce714567 | 263 | } |
| wolfSSL | 7:481bce714567 | 264 | break; |
| wolfSSL | 7:481bce714567 | 265 | #endif |
| wolfSSL | 7:481bce714567 | 266 | |
| wolfSSL | 7:481bce714567 | 267 | #ifndef NO_SHA |
| wolfSSL | 7:481bce714567 | 268 | case SHA: |
| wolfSSL | 7:481bce714567 | 269 | { |
| wolfSSL | 7:481bce714567 | 270 | hmac_block_size = SHA_BLOCK_SIZE; |
| wolfSSL | 7:481bce714567 | 271 | if (length <= SHA_BLOCK_SIZE) { |
| wolfSSL | 7:481bce714567 | 272 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 273 | } |
| wolfSSL | 7:481bce714567 | 274 | else { |
| wolfSSL | 7:481bce714567 | 275 | wc_ShaUpdate(&hmac->hash.sha, key, length); |
| wolfSSL | 7:481bce714567 | 276 | wc_ShaFinal(&hmac->hash.sha, ip); |
| wolfSSL | 7:481bce714567 | 277 | length = SHA_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 278 | } |
| wolfSSL | 7:481bce714567 | 279 | } |
| wolfSSL | 7:481bce714567 | 280 | break; |
| wolfSSL | 7:481bce714567 | 281 | #endif |
| wolfSSL | 7:481bce714567 | 282 | |
| wolfSSL | 7:481bce714567 | 283 | #ifdef WOLFSSL_SHA224 |
| wolfSSL | 7:481bce714567 | 284 | case SHA224: |
| wolfSSL | 7:481bce714567 | 285 | { |
| wolfSSL | 7:481bce714567 | 286 | hmac_block_size = SHA224_BLOCK_SIZE; |
| wolfSSL | 7:481bce714567 | 287 | if (length <= SHA224_BLOCK_SIZE) { |
| wolfSSL | 7:481bce714567 | 288 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 289 | } |
| wolfSSL | 7:481bce714567 | 290 | else { |
| wolfSSL | 7:481bce714567 | 291 | ret = wc_Sha224Update(&hmac->hash.sha224, key, length); |
| wolfSSL | 7:481bce714567 | 292 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 293 | return ret; |
| wolfSSL | 7:481bce714567 | 294 | |
| wolfSSL | 7:481bce714567 | 295 | ret = wc_Sha224Final(&hmac->hash.sha224, ip); |
| wolfSSL | 7:481bce714567 | 296 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 297 | return ret; |
| wolfSSL | 7:481bce714567 | 298 | |
| wolfSSL | 7:481bce714567 | 299 | length = SHA224_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 300 | } |
| wolfSSL | 7:481bce714567 | 301 | } |
| wolfSSL | 7:481bce714567 | 302 | break; |
| wolfSSL | 7:481bce714567 | 303 | #endif |
| wolfSSL | 7:481bce714567 | 304 | |
| wolfSSL | 7:481bce714567 | 305 | #ifndef NO_SHA256 |
| wolfSSL | 7:481bce714567 | 306 | case SHA256: |
| wolfSSL | 7:481bce714567 | 307 | { |
| wolfSSL | 7:481bce714567 | 308 | hmac_block_size = SHA256_BLOCK_SIZE; |
| wolfSSL | 7:481bce714567 | 309 | if (length <= SHA256_BLOCK_SIZE) { |
| wolfSSL | 7:481bce714567 | 310 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 311 | } |
| wolfSSL | 7:481bce714567 | 312 | else { |
| wolfSSL | 7:481bce714567 | 313 | ret = wc_Sha256Update(&hmac->hash.sha256, key, length); |
| wolfSSL | 7:481bce714567 | 314 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 315 | return ret; |
| wolfSSL | 7:481bce714567 | 316 | |
| wolfSSL | 7:481bce714567 | 317 | ret = wc_Sha256Final(&hmac->hash.sha256, ip); |
| wolfSSL | 7:481bce714567 | 318 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 319 | return ret; |
| wolfSSL | 7:481bce714567 | 320 | |
| wolfSSL | 7:481bce714567 | 321 | length = SHA256_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 322 | } |
| wolfSSL | 7:481bce714567 | 323 | } |
| wolfSSL | 7:481bce714567 | 324 | break; |
| wolfSSL | 7:481bce714567 | 325 | #endif |
| wolfSSL | 7:481bce714567 | 326 | |
| wolfSSL | 7:481bce714567 | 327 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 7:481bce714567 | 328 | case SHA384: |
| wolfSSL | 7:481bce714567 | 329 | { |
| wolfSSL | 7:481bce714567 | 330 | hmac_block_size = SHA384_BLOCK_SIZE; |
| wolfSSL | 7:481bce714567 | 331 | if (length <= SHA384_BLOCK_SIZE) { |
| wolfSSL | 7:481bce714567 | 332 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 333 | } |
| wolfSSL | 7:481bce714567 | 334 | else { |
| wolfSSL | 7:481bce714567 | 335 | ret = wc_Sha384Update(&hmac->hash.sha384, key, length); |
| wolfSSL | 7:481bce714567 | 336 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 337 | return ret; |
| wolfSSL | 7:481bce714567 | 338 | |
| wolfSSL | 7:481bce714567 | 339 | ret = wc_Sha384Final(&hmac->hash.sha384, ip); |
| wolfSSL | 7:481bce714567 | 340 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 341 | return ret; |
| wolfSSL | 7:481bce714567 | 342 | |
| wolfSSL | 7:481bce714567 | 343 | length = SHA384_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 344 | } |
| wolfSSL | 7:481bce714567 | 345 | } |
| wolfSSL | 7:481bce714567 | 346 | break; |
| wolfSSL | 7:481bce714567 | 347 | #endif |
| wolfSSL | 7:481bce714567 | 348 | |
| wolfSSL | 7:481bce714567 | 349 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 7:481bce714567 | 350 | case SHA512: |
| wolfSSL | 7:481bce714567 | 351 | { |
| wolfSSL | 7:481bce714567 | 352 | hmac_block_size = SHA512_BLOCK_SIZE; |
| wolfSSL | 7:481bce714567 | 353 | if (length <= SHA512_BLOCK_SIZE) { |
| wolfSSL | 7:481bce714567 | 354 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 355 | } |
| wolfSSL | 7:481bce714567 | 356 | else { |
| wolfSSL | 7:481bce714567 | 357 | ret = wc_Sha512Update(&hmac->hash.sha512, key, length); |
| wolfSSL | 7:481bce714567 | 358 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 359 | return ret; |
| wolfSSL | 7:481bce714567 | 360 | |
| wolfSSL | 7:481bce714567 | 361 | ret = wc_Sha512Final(&hmac->hash.sha512, ip); |
| wolfSSL | 7:481bce714567 | 362 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 363 | return ret; |
| wolfSSL | 7:481bce714567 | 364 | |
| wolfSSL | 7:481bce714567 | 365 | length = SHA512_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 366 | } |
| wolfSSL | 7:481bce714567 | 367 | } |
| wolfSSL | 7:481bce714567 | 368 | break; |
| wolfSSL | 7:481bce714567 | 369 | #endif |
| wolfSSL | 7:481bce714567 | 370 | |
| wolfSSL | 7:481bce714567 | 371 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 7:481bce714567 | 372 | case BLAKE2B_ID: |
| wolfSSL | 7:481bce714567 | 373 | { |
| wolfSSL | 7:481bce714567 | 374 | hmac_block_size = BLAKE2B_BLOCKBYTES; |
| wolfSSL | 7:481bce714567 | 375 | if (length <= BLAKE2B_BLOCKBYTES) { |
| wolfSSL | 7:481bce714567 | 376 | XMEMCPY(ip, key, length); |
| wolfSSL | 7:481bce714567 | 377 | } |
| wolfSSL | 7:481bce714567 | 378 | else { |
| wolfSSL | 7:481bce714567 | 379 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length); |
| wolfSSL | 7:481bce714567 | 380 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 381 | return ret; |
| wolfSSL | 7:481bce714567 | 382 | |
| wolfSSL | 7:481bce714567 | 383 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256); |
| wolfSSL | 7:481bce714567 | 384 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 385 | return ret; |
| wolfSSL | 7:481bce714567 | 386 | |
| wolfSSL | 7:481bce714567 | 387 | length = BLAKE2B_256; |
| wolfSSL | 7:481bce714567 | 388 | } |
| wolfSSL | 7:481bce714567 | 389 | } |
| wolfSSL | 7:481bce714567 | 390 | break; |
| wolfSSL | 7:481bce714567 | 391 | #endif |
| wolfSSL | 7:481bce714567 | 392 | |
| wolfSSL | 7:481bce714567 | 393 | default: |
| wolfSSL | 7:481bce714567 | 394 | return BAD_FUNC_ARG; |
| wolfSSL | 7:481bce714567 | 395 | } |
| wolfSSL | 7:481bce714567 | 396 | if (length < hmac_block_size) |
| wolfSSL | 7:481bce714567 | 397 | XMEMSET(ip + length, 0, hmac_block_size - length); |
| wolfSSL | 7:481bce714567 | 398 | |
| wolfSSL | 7:481bce714567 | 399 | for(i = 0; i < hmac_block_size; i++) { |
| wolfSSL | 7:481bce714567 | 400 | op[i] = ip[i] ^ OPAD; |
| wolfSSL | 7:481bce714567 | 401 | ip[i] ^= IPAD; |
| wolfSSL | 7:481bce714567 | 402 | } |
| wolfSSL | 7:481bce714567 | 403 | return 0; |
| wolfSSL | 7:481bce714567 | 404 | } |
| wolfSSL | 7:481bce714567 | 405 | |
| wolfSSL | 7:481bce714567 | 406 | |
| wolfSSL | 7:481bce714567 | 407 | static int HmacKeyInnerHash(Hmac* hmac) |
| wolfSSL | 7:481bce714567 | 408 | { |
| wolfSSL | 7:481bce714567 | 409 | int ret = 0; |
| wolfSSL | 7:481bce714567 | 410 | |
| wolfSSL | 7:481bce714567 | 411 | switch (hmac->macType) { |
| wolfSSL | 7:481bce714567 | 412 | #ifndef NO_MD5 |
| wolfSSL | 7:481bce714567 | 413 | case MD5: |
| wolfSSL | 7:481bce714567 | 414 | wc_Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 415 | break; |
| wolfSSL | 7:481bce714567 | 416 | #endif |
| wolfSSL | 7:481bce714567 | 417 | |
| wolfSSL | 7:481bce714567 | 418 | #ifndef NO_SHA |
| wolfSSL | 7:481bce714567 | 419 | case SHA: |
| wolfSSL | 7:481bce714567 | 420 | wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 421 | break; |
| wolfSSL | 7:481bce714567 | 422 | #endif |
| wolfSSL | 7:481bce714567 | 423 | |
| wolfSSL | 7:481bce714567 | 424 | #ifdef WOLFSSL_SHA224 |
| wolfSSL | 7:481bce714567 | 425 | case SHA224: |
| wolfSSL | 7:481bce714567 | 426 | ret = wc_Sha224Update(&hmac->hash.sha224, |
| wolfSSL | 7:481bce714567 | 427 | (byte*) hmac->ipad, SHA224_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 428 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 429 | return ret; |
| wolfSSL | 7:481bce714567 | 430 | break; |
| wolfSSL | 7:481bce714567 | 431 | #endif |
| wolfSSL | 7:481bce714567 | 432 | |
| wolfSSL | 7:481bce714567 | 433 | #ifndef NO_SHA256 |
| wolfSSL | 7:481bce714567 | 434 | case SHA256: |
| wolfSSL | 7:481bce714567 | 435 | ret = wc_Sha256Update(&hmac->hash.sha256, |
| wolfSSL | 7:481bce714567 | 436 | (byte*) hmac->ipad, SHA256_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 437 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 438 | return ret; |
| wolfSSL | 7:481bce714567 | 439 | break; |
| wolfSSL | 7:481bce714567 | 440 | #endif |
| wolfSSL | 7:481bce714567 | 441 | |
| wolfSSL | 7:481bce714567 | 442 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 7:481bce714567 | 443 | case SHA384: |
| wolfSSL | 7:481bce714567 | 444 | ret = wc_Sha384Update(&hmac->hash.sha384, |
| wolfSSL | 7:481bce714567 | 445 | (byte*) hmac->ipad, SHA384_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 446 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 447 | return ret; |
| wolfSSL | 7:481bce714567 | 448 | break; |
| wolfSSL | 7:481bce714567 | 449 | #endif |
| wolfSSL | 7:481bce714567 | 450 | |
| wolfSSL | 7:481bce714567 | 451 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 7:481bce714567 | 452 | case SHA512: |
| wolfSSL | 7:481bce714567 | 453 | ret = wc_Sha512Update(&hmac->hash.sha512, |
| wolfSSL | 7:481bce714567 | 454 | (byte*) hmac->ipad, SHA512_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 455 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 456 | return ret; |
| wolfSSL | 7:481bce714567 | 457 | break; |
| wolfSSL | 7:481bce714567 | 458 | #endif |
| wolfSSL | 7:481bce714567 | 459 | |
| wolfSSL | 7:481bce714567 | 460 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 7:481bce714567 | 461 | case BLAKE2B_ID: |
| wolfSSL | 7:481bce714567 | 462 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, |
| wolfSSL | 7:481bce714567 | 463 | (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES); |
| wolfSSL | 7:481bce714567 | 464 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 465 | return ret; |
| wolfSSL | 7:481bce714567 | 466 | break; |
| wolfSSL | 7:481bce714567 | 467 | #endif |
| wolfSSL | 7:481bce714567 | 468 | |
| wolfSSL | 7:481bce714567 | 469 | default: |
| wolfSSL | 7:481bce714567 | 470 | break; |
| wolfSSL | 7:481bce714567 | 471 | } |
| wolfSSL | 7:481bce714567 | 472 | |
| wolfSSL | 7:481bce714567 | 473 | hmac->innerHashKeyed = 1; |
| wolfSSL | 7:481bce714567 | 474 | |
| wolfSSL | 7:481bce714567 | 475 | return ret; |
| wolfSSL | 7:481bce714567 | 476 | } |
| wolfSSL | 7:481bce714567 | 477 | |
| wolfSSL | 7:481bce714567 | 478 | |
| wolfSSL | 7:481bce714567 | 479 | int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) |
| wolfSSL | 7:481bce714567 | 480 | { |
| wolfSSL | 7:481bce714567 | 481 | int ret; |
| wolfSSL | 7:481bce714567 | 482 | |
| wolfSSL | 7:481bce714567 | 483 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) |
| wolfSSL | 7:481bce714567 | 484 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
| wolfSSL | 7:481bce714567 | 485 | return NitroxHmacUpdate(hmac, msg, length); |
| wolfSSL | 7:481bce714567 | 486 | } |
| wolfSSL | 7:481bce714567 | 487 | #endif |
| wolfSSL | 7:481bce714567 | 488 | |
| wolfSSL | 7:481bce714567 | 489 | if (!hmac->innerHashKeyed) { |
| wolfSSL | 7:481bce714567 | 490 | ret = HmacKeyInnerHash(hmac); |
| wolfSSL | 7:481bce714567 | 491 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 492 | return ret; |
| wolfSSL | 7:481bce714567 | 493 | } |
| wolfSSL | 7:481bce714567 | 494 | |
| wolfSSL | 7:481bce714567 | 495 | switch (hmac->macType) { |
| wolfSSL | 7:481bce714567 | 496 | #ifndef NO_MD5 |
| wolfSSL | 7:481bce714567 | 497 | case MD5: |
| wolfSSL | 7:481bce714567 | 498 | wc_Md5Update(&hmac->hash.md5, msg, length); |
| wolfSSL | 7:481bce714567 | 499 | break; |
| wolfSSL | 7:481bce714567 | 500 | #endif |
| wolfSSL | 7:481bce714567 | 501 | |
| wolfSSL | 7:481bce714567 | 502 | #ifndef NO_SHA |
| wolfSSL | 7:481bce714567 | 503 | case SHA: |
| wolfSSL | 7:481bce714567 | 504 | wc_ShaUpdate(&hmac->hash.sha, msg, length); |
| wolfSSL | 7:481bce714567 | 505 | break; |
| wolfSSL | 7:481bce714567 | 506 | #endif |
| wolfSSL | 7:481bce714567 | 507 | |
| wolfSSL | 7:481bce714567 | 508 | #ifdef WOLFSSL_SHA224 |
| wolfSSL | 7:481bce714567 | 509 | case SHA224: |
| wolfSSL | 7:481bce714567 | 510 | ret = wc_Sha224Update(&hmac->hash.sha224, msg, length); |
| wolfSSL | 7:481bce714567 | 511 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 512 | return ret; |
| wolfSSL | 7:481bce714567 | 513 | break; |
| wolfSSL | 7:481bce714567 | 514 | #endif |
| wolfSSL | 7:481bce714567 | 515 | |
| wolfSSL | 7:481bce714567 | 516 | #ifndef NO_SHA256 |
| wolfSSL | 7:481bce714567 | 517 | case SHA256: |
| wolfSSL | 7:481bce714567 | 518 | ret = wc_Sha256Update(&hmac->hash.sha256, msg, length); |
| wolfSSL | 7:481bce714567 | 519 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 520 | return ret; |
| wolfSSL | 7:481bce714567 | 521 | break; |
| wolfSSL | 7:481bce714567 | 522 | #endif |
| wolfSSL | 7:481bce714567 | 523 | |
| wolfSSL | 7:481bce714567 | 524 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 7:481bce714567 | 525 | case SHA384: |
| wolfSSL | 7:481bce714567 | 526 | ret = wc_Sha384Update(&hmac->hash.sha384, msg, length); |
| wolfSSL | 7:481bce714567 | 527 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 528 | return ret; |
| wolfSSL | 7:481bce714567 | 529 | break; |
| wolfSSL | 7:481bce714567 | 530 | #endif |
| wolfSSL | 7:481bce714567 | 531 | |
| wolfSSL | 7:481bce714567 | 532 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 7:481bce714567 | 533 | case SHA512: |
| wolfSSL | 7:481bce714567 | 534 | ret = wc_Sha512Update(&hmac->hash.sha512, msg, length); |
| wolfSSL | 7:481bce714567 | 535 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 536 | return ret; |
| wolfSSL | 7:481bce714567 | 537 | break; |
| wolfSSL | 7:481bce714567 | 538 | #endif |
| wolfSSL | 7:481bce714567 | 539 | |
| wolfSSL | 7:481bce714567 | 540 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 7:481bce714567 | 541 | case BLAKE2B_ID: |
| wolfSSL | 7:481bce714567 | 542 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length); |
| wolfSSL | 7:481bce714567 | 543 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 544 | return ret; |
| wolfSSL | 7:481bce714567 | 545 | break; |
| wolfSSL | 7:481bce714567 | 546 | #endif |
| wolfSSL | 7:481bce714567 | 547 | |
| wolfSSL | 7:481bce714567 | 548 | default: |
| wolfSSL | 7:481bce714567 | 549 | break; |
| wolfSSL | 7:481bce714567 | 550 | } |
| wolfSSL | 7:481bce714567 | 551 | |
| wolfSSL | 7:481bce714567 | 552 | return 0; |
| wolfSSL | 7:481bce714567 | 553 | } |
| wolfSSL | 7:481bce714567 | 554 | |
| wolfSSL | 7:481bce714567 | 555 | |
| wolfSSL | 7:481bce714567 | 556 | int wc_HmacFinal(Hmac* hmac, byte* hash) |
| wolfSSL | 7:481bce714567 | 557 | { |
| wolfSSL | 7:481bce714567 | 558 | int ret; |
| wolfSSL | 7:481bce714567 | 559 | |
| wolfSSL | 7:481bce714567 | 560 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) |
| wolfSSL | 7:481bce714567 | 561 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
| wolfSSL | 7:481bce714567 | 562 | return NitroxHmacFinal(hmac, hash); |
| wolfSSL | 7:481bce714567 | 563 | } |
| wolfSSL | 7:481bce714567 | 564 | #endif |
| wolfSSL | 7:481bce714567 | 565 | |
| wolfSSL | 7:481bce714567 | 566 | if (!hmac->innerHashKeyed) { |
| wolfSSL | 7:481bce714567 | 567 | ret = HmacKeyInnerHash(hmac); |
| wolfSSL | 7:481bce714567 | 568 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 569 | return ret; |
| wolfSSL | 7:481bce714567 | 570 | } |
| wolfSSL | 7:481bce714567 | 571 | |
| wolfSSL | 7:481bce714567 | 572 | switch (hmac->macType) { |
| wolfSSL | 7:481bce714567 | 573 | #ifndef NO_MD5 |
| wolfSSL | 7:481bce714567 | 574 | case MD5: |
| wolfSSL | 7:481bce714567 | 575 | { |
| wolfSSL | 7:481bce714567 | 576 | wc_Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash); |
| wolfSSL | 7:481bce714567 | 577 | |
| wolfSSL | 7:481bce714567 | 578 | wc_Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 579 | wc_Md5Update(&hmac->hash.md5, |
| wolfSSL | 7:481bce714567 | 580 | (byte*) hmac->innerHash, MD5_DIGEST_SIZE); |
| wolfSSL | 7:481bce714567 | 581 | |
| wolfSSL | 7:481bce714567 | 582 | wc_Md5Final(&hmac->hash.md5, hash); |
| wolfSSL | 7:481bce714567 | 583 | } |
| wolfSSL | 7:481bce714567 | 584 | break; |
| wolfSSL | 7:481bce714567 | 585 | #endif |
| wolfSSL | 7:481bce714567 | 586 | |
| wolfSSL | 7:481bce714567 | 587 | #ifndef NO_SHA |
| wolfSSL | 7:481bce714567 | 588 | case SHA: |
| wolfSSL | 7:481bce714567 | 589 | { |
| wolfSSL | 7:481bce714567 | 590 | wc_ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash); |
| wolfSSL | 7:481bce714567 | 591 | |
| wolfSSL | 7:481bce714567 | 592 | wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 593 | wc_ShaUpdate(&hmac->hash.sha, |
| wolfSSL | 7:481bce714567 | 594 | (byte*) hmac->innerHash, SHA_DIGEST_SIZE); |
| wolfSSL | 7:481bce714567 | 595 | |
| wolfSSL | 7:481bce714567 | 596 | wc_ShaFinal(&hmac->hash.sha, hash); |
| wolfSSL | 7:481bce714567 | 597 | } |
| wolfSSL | 7:481bce714567 | 598 | break; |
| wolfSSL | 7:481bce714567 | 599 | #endif |
| wolfSSL | 7:481bce714567 | 600 | |
| wolfSSL | 7:481bce714567 | 601 | #ifdef WOLFSSL_SHA224 |
| wolfSSL | 7:481bce714567 | 602 | case SHA224: |
| wolfSSL | 7:481bce714567 | 603 | { |
| wolfSSL | 7:481bce714567 | 604 | ret = wc_Sha224Final(&hmac->hash.sha224, (byte*) hmac->innerHash); |
| wolfSSL | 7:481bce714567 | 605 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 606 | return ret; |
| wolfSSL | 7:481bce714567 | 607 | |
| wolfSSL | 7:481bce714567 | 608 | ret = wc_Sha224Update(&hmac->hash.sha224, |
| wolfSSL | 7:481bce714567 | 609 | (byte*) hmac->opad, SHA224_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 610 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 611 | return ret; |
| wolfSSL | 7:481bce714567 | 612 | |
| wolfSSL | 7:481bce714567 | 613 | ret = wc_Sha224Update(&hmac->hash.sha224, |
| wolfSSL | 7:481bce714567 | 614 | (byte*) hmac->innerHash, SHA224_DIGEST_SIZE); |
| wolfSSL | 7:481bce714567 | 615 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 616 | return ret; |
| wolfSSL | 7:481bce714567 | 617 | |
| wolfSSL | 7:481bce714567 | 618 | ret = wc_Sha224Final(&hmac->hash.sha224, hash); |
| wolfSSL | 7:481bce714567 | 619 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 620 | return ret; |
| wolfSSL | 7:481bce714567 | 621 | } |
| wolfSSL | 7:481bce714567 | 622 | break; |
| wolfSSL | 7:481bce714567 | 623 | #endif |
| wolfSSL | 7:481bce714567 | 624 | |
| wolfSSL | 7:481bce714567 | 625 | #ifndef NO_SHA256 |
| wolfSSL | 7:481bce714567 | 626 | case SHA256: |
| wolfSSL | 7:481bce714567 | 627 | { |
| wolfSSL | 7:481bce714567 | 628 | ret = wc_Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash); |
| wolfSSL | 7:481bce714567 | 629 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 630 | return ret; |
| wolfSSL | 7:481bce714567 | 631 | |
| wolfSSL | 7:481bce714567 | 632 | ret = wc_Sha256Update(&hmac->hash.sha256, |
| wolfSSL | 7:481bce714567 | 633 | (byte*) hmac->opad, SHA256_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 634 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 635 | return ret; |
| wolfSSL | 7:481bce714567 | 636 | |
| wolfSSL | 7:481bce714567 | 637 | ret = wc_Sha256Update(&hmac->hash.sha256, |
| wolfSSL | 7:481bce714567 | 638 | (byte*) hmac->innerHash, SHA256_DIGEST_SIZE); |
| wolfSSL | 7:481bce714567 | 639 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 640 | return ret; |
| wolfSSL | 7:481bce714567 | 641 | |
| wolfSSL | 7:481bce714567 | 642 | ret = wc_Sha256Final(&hmac->hash.sha256, hash); |
| wolfSSL | 7:481bce714567 | 643 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 644 | return ret; |
| wolfSSL | 7:481bce714567 | 645 | } |
| wolfSSL | 7:481bce714567 | 646 | break; |
| wolfSSL | 7:481bce714567 | 647 | #endif |
| wolfSSL | 7:481bce714567 | 648 | |
| wolfSSL | 7:481bce714567 | 649 | #ifdef WOLFSSL_SHA384 |
| wolfSSL | 7:481bce714567 | 650 | case SHA384: |
| wolfSSL | 7:481bce714567 | 651 | { |
| wolfSSL | 7:481bce714567 | 652 | ret = wc_Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash); |
| wolfSSL | 7:481bce714567 | 653 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 654 | return ret; |
| wolfSSL | 7:481bce714567 | 655 | |
| wolfSSL | 7:481bce714567 | 656 | ret = wc_Sha384Update(&hmac->hash.sha384, |
| wolfSSL | 7:481bce714567 | 657 | (byte*) hmac->opad, SHA384_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 658 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 659 | return ret; |
| wolfSSL | 7:481bce714567 | 660 | |
| wolfSSL | 7:481bce714567 | 661 | ret = wc_Sha384Update(&hmac->hash.sha384, |
| wolfSSL | 7:481bce714567 | 662 | (byte*) hmac->innerHash, SHA384_DIGEST_SIZE); |
| wolfSSL | 7:481bce714567 | 663 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 664 | return ret; |
| wolfSSL | 7:481bce714567 | 665 | |
| wolfSSL | 7:481bce714567 | 666 | ret = wc_Sha384Final(&hmac->hash.sha384, hash); |
| wolfSSL | 7:481bce714567 | 667 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 668 | return ret; |
| wolfSSL | 7:481bce714567 | 669 | } |
| wolfSSL | 7:481bce714567 | 670 | break; |
| wolfSSL | 7:481bce714567 | 671 | #endif |
| wolfSSL | 7:481bce714567 | 672 | |
| wolfSSL | 7:481bce714567 | 673 | #ifdef WOLFSSL_SHA512 |
| wolfSSL | 7:481bce714567 | 674 | case SHA512: |
| wolfSSL | 7:481bce714567 | 675 | { |
| wolfSSL | 7:481bce714567 | 676 | ret = wc_Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash); |
| wolfSSL | 7:481bce714567 | 677 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 678 | return ret; |
| wolfSSL | 7:481bce714567 | 679 | |
| wolfSSL | 7:481bce714567 | 680 | ret = wc_Sha512Update(&hmac->hash.sha512, |
| wolfSSL | 7:481bce714567 | 681 | (byte*) hmac->opad, SHA512_BLOCK_SIZE); |
| wolfSSL | 7:481bce714567 | 682 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 683 | return ret; |
| wolfSSL | 7:481bce714567 | 684 | |
| wolfSSL | 7:481bce714567 | 685 | ret = wc_Sha512Update(&hmac->hash.sha512, |
| wolfSSL | 7:481bce714567 | 686 | (byte*) hmac->innerHash, SHA512_DIGEST_SIZE); |
| wolfSSL | 7:481bce714567 | 687 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 688 | return ret; |
| wolfSSL | 7:481bce714567 | 689 | |
| wolfSSL | 7:481bce714567 | 690 | ret = wc_Sha512Final(&hmac->hash.sha512, hash); |
| wolfSSL | 7:481bce714567 | 691 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 692 | return ret; |
| wolfSSL | 7:481bce714567 | 693 | } |
| wolfSSL | 7:481bce714567 | 694 | break; |
| wolfSSL | 7:481bce714567 | 695 | #endif |
| wolfSSL | 7:481bce714567 | 696 | |
| wolfSSL | 7:481bce714567 | 697 | #ifdef HAVE_BLAKE2 |
| wolfSSL | 7:481bce714567 | 698 | case BLAKE2B_ID: |
| wolfSSL | 7:481bce714567 | 699 | { |
| wolfSSL | 7:481bce714567 | 700 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash, |
| wolfSSL | 7:481bce714567 | 701 | BLAKE2B_256); |
| wolfSSL | 7:481bce714567 | 702 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 703 | return ret; |
| wolfSSL | 7:481bce714567 | 704 | |
| wolfSSL | 7:481bce714567 | 705 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, |
| wolfSSL | 7:481bce714567 | 706 | (byte*) hmac->opad, BLAKE2B_BLOCKBYTES); |
| wolfSSL | 7:481bce714567 | 707 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 708 | return ret; |
| wolfSSL | 7:481bce714567 | 709 | |
| wolfSSL | 7:481bce714567 | 710 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, |
| wolfSSL | 7:481bce714567 | 711 | (byte*) hmac->innerHash, BLAKE2B_256); |
| wolfSSL | 7:481bce714567 | 712 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 713 | return ret; |
| wolfSSL | 7:481bce714567 | 714 | |
| wolfSSL | 7:481bce714567 | 715 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256); |
| wolfSSL | 7:481bce714567 | 716 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 717 | return ret; |
| wolfSSL | 7:481bce714567 | 718 | } |
| wolfSSL | 7:481bce714567 | 719 | break; |
| wolfSSL | 7:481bce714567 | 720 | #endif |
| wolfSSL | 7:481bce714567 | 721 | |
| wolfSSL | 7:481bce714567 | 722 | default: |
| wolfSSL | 7:481bce714567 | 723 | break; |
| wolfSSL | 7:481bce714567 | 724 | } |
| wolfSSL | 7:481bce714567 | 725 | |
| wolfSSL | 7:481bce714567 | 726 | hmac->innerHashKeyed = 0; |
| wolfSSL | 7:481bce714567 | 727 | |
| wolfSSL | 7:481bce714567 | 728 | return 0; |
| wolfSSL | 7:481bce714567 | 729 | } |
| wolfSSL | 7:481bce714567 | 730 | |
| wolfSSL | 7:481bce714567 | 731 | |
| wolfSSL | 7:481bce714567 | 732 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 7:481bce714567 | 733 | |
| wolfSSL | 7:481bce714567 | 734 | /* Initialize Hmac for use with Nitrox device */ |
| wolfSSL | 7:481bce714567 | 735 | int wc_HmacAsyncInit(Hmac* hmac, int devId) |
| wolfSSL | 7:481bce714567 | 736 | { |
| wolfSSL | 7:481bce714567 | 737 | int ret = 0; |
| wolfSSL | 7:481bce714567 | 738 | |
| wolfSSL | 7:481bce714567 | 739 | if (hmac == NULL) |
| wolfSSL | 7:481bce714567 | 740 | return -1; |
| wolfSSL | 7:481bce714567 | 741 | |
| wolfSSL | 7:481bce714567 | 742 | ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC, devId); |
| wolfSSL | 7:481bce714567 | 743 | if (ret != 0) { |
| wolfSSL | 7:481bce714567 | 744 | return ret; |
| wolfSSL | 7:481bce714567 | 745 | } |
| wolfSSL | 7:481bce714567 | 746 | |
| wolfSSL | 7:481bce714567 | 747 | #ifdef HAVE_CAVIUM |
| wolfSSL | 7:481bce714567 | 748 | hmac->keyLen = 0; |
| wolfSSL | 7:481bce714567 | 749 | hmac->dataLen = 0; |
| wolfSSL | 7:481bce714567 | 750 | hmac->type = 0; |
| wolfSSL | 7:481bce714567 | 751 | hmac->data = NULL; /* buffered input data */ |
| wolfSSL | 7:481bce714567 | 752 | |
| wolfSSL | 7:481bce714567 | 753 | hmac->innerHashKeyed = 0; |
| wolfSSL | 7:481bce714567 | 754 | #endif /* HAVE_CAVIUM */ |
| wolfSSL | 7:481bce714567 | 755 | |
| wolfSSL | 7:481bce714567 | 756 | /* default to NULL heap hint or test value */ |
| wolfSSL | 7:481bce714567 | 757 | #ifdef WOLFSSL_HEAP_TEST |
| wolfSSL | 7:481bce714567 | 758 | hmac->heap = (void)WOLFSSL_HEAP_TEST; |
| wolfSSL | 7:481bce714567 | 759 | #else |
| wolfSSL | 7:481bce714567 | 760 | hmac->heap = NULL; |
| wolfSSL | 7:481bce714567 | 761 | #endif /* WOLFSSL_HEAP_TEST */ |
| wolfSSL | 7:481bce714567 | 762 | |
| wolfSSL | 7:481bce714567 | 763 | return 0; |
| wolfSSL | 7:481bce714567 | 764 | } |
| wolfSSL | 7:481bce714567 | 765 | |
| wolfSSL | 7:481bce714567 | 766 | |
| wolfSSL | 7:481bce714567 | 767 | /* Free Hmac from use with Nitrox device */ |
| wolfSSL | 7:481bce714567 | 768 | void wc_HmacAsyncFree(Hmac* hmac) |
| wolfSSL | 7:481bce714567 | 769 | { |
| wolfSSL | 7:481bce714567 | 770 | if (hmac == NULL) |
| wolfSSL | 7:481bce714567 | 771 | return; |
| wolfSSL | 7:481bce714567 | 772 | |
| wolfSSL | 7:481bce714567 | 773 | wolfAsync_DevCtxFree(&hmac->asyncDev); |
| wolfSSL | 7:481bce714567 | 774 | |
| wolfSSL | 7:481bce714567 | 775 | #ifdef HAVE_CAVIUM |
| wolfSSL | 7:481bce714567 | 776 | XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_ASYNC_TMP); |
| wolfSSL | 7:481bce714567 | 777 | hmac->data = NULL; |
| wolfSSL | 7:481bce714567 | 778 | #endif |
| wolfSSL | 7:481bce714567 | 779 | } |
| wolfSSL | 7:481bce714567 | 780 | |
| wolfSSL | 7:481bce714567 | 781 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
| wolfSSL | 7:481bce714567 | 782 | |
| wolfSSL | 7:481bce714567 | 783 | |
| wolfSSL | 7:481bce714567 | 784 | int wolfSSL_GetHmacMaxSize(void) |
| wolfSSL | 7:481bce714567 | 785 | { |
| wolfSSL | 7:481bce714567 | 786 | return MAX_DIGEST_SIZE; |
| wolfSSL | 7:481bce714567 | 787 | } |
| wolfSSL | 7:481bce714567 | 788 | |
| wolfSSL | 7:481bce714567 | 789 | #ifdef HAVE_HKDF |
| wolfSSL | 7:481bce714567 | 790 | |
| wolfSSL | 7:481bce714567 | 791 | /* HMAC-KDF with hash type, optional salt and info, return 0 on success */ |
| wolfSSL | 7:481bce714567 | 792 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz, |
| wolfSSL | 7:481bce714567 | 793 | const byte* salt, word32 saltSz, |
| wolfSSL | 7:481bce714567 | 794 | const byte* info, word32 infoSz, |
| wolfSSL | 7:481bce714567 | 795 | byte* out, word32 outSz) |
| wolfSSL | 7:481bce714567 | 796 | { |
| wolfSSL | 7:481bce714567 | 797 | Hmac myHmac; |
| wolfSSL | 7:481bce714567 | 798 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 7:481bce714567 | 799 | byte* tmp; |
| wolfSSL | 7:481bce714567 | 800 | byte* prk; |
| wolfSSL | 7:481bce714567 | 801 | #else |
| wolfSSL | 7:481bce714567 | 802 | byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */ |
| wolfSSL | 7:481bce714567 | 803 | byte prk[MAX_DIGEST_SIZE]; |
| wolfSSL | 7:481bce714567 | 804 | #endif |
| wolfSSL | 7:481bce714567 | 805 | const byte* localSalt; /* either points to user input or tmp */ |
| wolfSSL | 7:481bce714567 | 806 | int hashSz = wc_HmacSizeByType(type); |
| wolfSSL | 7:481bce714567 | 807 | word32 outIdx = 0; |
| wolfSSL | 7:481bce714567 | 808 | byte n = 0x1; |
| wolfSSL | 7:481bce714567 | 809 | int ret; |
| wolfSSL | 7:481bce714567 | 810 | |
| wolfSSL | 7:481bce714567 | 811 | if (hashSz < 0) |
| wolfSSL | 7:481bce714567 | 812 | return BAD_FUNC_ARG; |
| wolfSSL | 7:481bce714567 | 813 | |
| wolfSSL | 7:481bce714567 | 814 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 7:481bce714567 | 815 | tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 7:481bce714567 | 816 | if (tmp == NULL) |
| wolfSSL | 7:481bce714567 | 817 | return MEMORY_E; |
| wolfSSL | 7:481bce714567 | 818 | |
| wolfSSL | 7:481bce714567 | 819 | prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 7:481bce714567 | 820 | if (prk == NULL) { |
| wolfSSL | 7:481bce714567 | 821 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 7:481bce714567 | 822 | return MEMORY_E; |
| wolfSSL | 7:481bce714567 | 823 | } |
| wolfSSL | 7:481bce714567 | 824 | #endif |
| wolfSSL | 7:481bce714567 | 825 | |
| wolfSSL | 7:481bce714567 | 826 | localSalt = salt; |
| wolfSSL | 7:481bce714567 | 827 | if (localSalt == NULL) { |
| wolfSSL | 7:481bce714567 | 828 | XMEMSET(tmp, 0, hashSz); |
| wolfSSL | 7:481bce714567 | 829 | localSalt = tmp; |
| wolfSSL | 7:481bce714567 | 830 | saltSz = hashSz; |
| wolfSSL | 7:481bce714567 | 831 | } |
| wolfSSL | 7:481bce714567 | 832 | |
| wolfSSL | 7:481bce714567 | 833 | do { |
| wolfSSL | 7:481bce714567 | 834 | ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); |
| wolfSSL | 7:481bce714567 | 835 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 836 | break; |
| wolfSSL | 7:481bce714567 | 837 | ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); |
| wolfSSL | 7:481bce714567 | 838 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 839 | break; |
| wolfSSL | 7:481bce714567 | 840 | ret = wc_HmacFinal(&myHmac, prk); |
| wolfSSL | 7:481bce714567 | 841 | } while (0); |
| wolfSSL | 7:481bce714567 | 842 | |
| wolfSSL | 7:481bce714567 | 843 | if (ret == 0) { |
| wolfSSL | 7:481bce714567 | 844 | while (outIdx < outSz) { |
| wolfSSL | 7:481bce714567 | 845 | int tmpSz = (n == 1) ? 0 : hashSz; |
| wolfSSL | 7:481bce714567 | 846 | word32 left = outSz - outIdx; |
| wolfSSL | 7:481bce714567 | 847 | |
| wolfSSL | 7:481bce714567 | 848 | ret = wc_HmacSetKey(&myHmac, type, prk, hashSz); |
| wolfSSL | 7:481bce714567 | 849 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 850 | break; |
| wolfSSL | 7:481bce714567 | 851 | ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); |
| wolfSSL | 7:481bce714567 | 852 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 853 | break; |
| wolfSSL | 7:481bce714567 | 854 | ret = wc_HmacUpdate(&myHmac, info, infoSz); |
| wolfSSL | 7:481bce714567 | 855 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 856 | break; |
| wolfSSL | 7:481bce714567 | 857 | ret = wc_HmacUpdate(&myHmac, &n, 1); |
| wolfSSL | 7:481bce714567 | 858 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 859 | break; |
| wolfSSL | 7:481bce714567 | 860 | ret = wc_HmacFinal(&myHmac, tmp); |
| wolfSSL | 7:481bce714567 | 861 | if (ret != 0) |
| wolfSSL | 7:481bce714567 | 862 | break; |
| wolfSSL | 7:481bce714567 | 863 | |
| wolfSSL | 7:481bce714567 | 864 | left = min(left, (word32)hashSz); |
| wolfSSL | 7:481bce714567 | 865 | XMEMCPY(out+outIdx, tmp, left); |
| wolfSSL | 7:481bce714567 | 866 | |
| wolfSSL | 7:481bce714567 | 867 | outIdx += hashSz; |
| wolfSSL | 7:481bce714567 | 868 | n++; |
| wolfSSL | 7:481bce714567 | 869 | } |
| wolfSSL | 7:481bce714567 | 870 | } |
| wolfSSL | 7:481bce714567 | 871 | |
| wolfSSL | 7:481bce714567 | 872 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 7:481bce714567 | 873 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 7:481bce714567 | 874 | XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 7:481bce714567 | 875 | #endif |
| wolfSSL | 7:481bce714567 | 876 | |
| wolfSSL | 7:481bce714567 | 877 | return ret; |
| wolfSSL | 7:481bce714567 | 878 | } |
| wolfSSL | 7:481bce714567 | 879 | |
| wolfSSL | 7:481bce714567 | 880 | #endif /* HAVE_HKDF */ |
| wolfSSL | 7:481bce714567 | 881 | |
| wolfSSL | 7:481bce714567 | 882 | #endif /* HAVE_FIPS */ |
| wolfSSL | 7:481bce714567 | 883 | #endif /* NO_HMAC */ |
| wolfSSL | 7:481bce714567 | 884 |