wolfSSL-TLS13-Beta - wolfSSL 3.11.1 for TLS1.3 beta

Users » wolfSSL » Code » wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

wolfcrypt/src/hmac.c@0:d92f9d21154c, 2015-06-26 (annotated)

Committer:: wolfSSL
Date:: Fri Jun 26 00:39:20 2015 +0000
Revision:: 0:d92f9d21154c

wolfSSL 3.6.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	0:d92f9d21154c	1	/* hmac.h
wolfSSL	0:d92f9d21154c	2	*
wolfSSL	0:d92f9d21154c	3	* Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL	0:d92f9d21154c	4	*
wolfSSL	0:d92f9d21154c	5	* This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL	0:d92f9d21154c	6	*
wolfSSL	0:d92f9d21154c	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	0:d92f9d21154c	8	* it under the terms of the GNU General Public License as published by
wolfSSL	0:d92f9d21154c	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	0:d92f9d21154c	10	* (at your option) any later version.
wolfSSL	0:d92f9d21154c	11	*
wolfSSL	0:d92f9d21154c	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	0:d92f9d21154c	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	0:d92f9d21154c	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	0:d92f9d21154c	15	* GNU General Public License for more details.
wolfSSL	0:d92f9d21154c	16	*
wolfSSL	0:d92f9d21154c	17	* You should have received a copy of the GNU General Public License
wolfSSL	0:d92f9d21154c	18	* along with this program; if not, write to the Free Software
wolfSSL	0:d92f9d21154c	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	0:d92f9d21154c	20	*/
wolfSSL	0:d92f9d21154c	21
wolfSSL	0:d92f9d21154c	22	#ifdef HAVE_CONFIG_H
wolfSSL	0:d92f9d21154c	23	#include <config.h>
wolfSSL	0:d92f9d21154c	24	#endif
wolfSSL	0:d92f9d21154c	25
wolfSSL	0:d92f9d21154c	26	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	0:d92f9d21154c	27
wolfSSL	0:d92f9d21154c	28	#ifndef NO_HMAC
wolfSSL	0:d92f9d21154c	29
wolfSSL	0:d92f9d21154c	30	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	0:d92f9d21154c	31
wolfSSL	0:d92f9d21154c	32	#ifdef HAVE_FIPS
wolfSSL	0:d92f9d21154c	33	/* does init */
wolfSSL	0:d92f9d21154c	34	int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
wolfSSL	0:d92f9d21154c	35	{
wolfSSL	0:d92f9d21154c	36	return HmacSetKey_fips(hmac, type, key, keySz);
wolfSSL	0:d92f9d21154c	37	}
wolfSSL	0:d92f9d21154c	38
wolfSSL	0:d92f9d21154c	39
wolfSSL	0:d92f9d21154c	40	int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
wolfSSL	0:d92f9d21154c	41	{
wolfSSL	0:d92f9d21154c	42	return HmacUpdate_fips(hmac, in, sz);
wolfSSL	0:d92f9d21154c	43	}
wolfSSL	0:d92f9d21154c	44
wolfSSL	0:d92f9d21154c	45
wolfSSL	0:d92f9d21154c	46	int wc_HmacFinal(Hmac* hmac, byte* out)
wolfSSL	0:d92f9d21154c	47	{
wolfSSL	0:d92f9d21154c	48	return HmacFinal_fips(hmac, out);
wolfSSL	0:d92f9d21154c	49	}
wolfSSL	0:d92f9d21154c	50
wolfSSL	0:d92f9d21154c	51
wolfSSL	0:d92f9d21154c	52	#ifdef HAVE_CAVIUM
wolfSSL	0:d92f9d21154c	53	int wc_HmacInitCavium(Hmac* hmac, int i)
wolfSSL	0:d92f9d21154c	54	{
wolfSSL	0:d92f9d21154c	55	return HmacInitCavium(hmac, i);
wolfSSL	0:d92f9d21154c	56	}
wolfSSL	0:d92f9d21154c	57
wolfSSL	0:d92f9d21154c	58
wolfSSL	0:d92f9d21154c	59	void wc_HmacFreeCavium(Hmac* hmac)
wolfSSL	0:d92f9d21154c	60	{
wolfSSL	0:d92f9d21154c	61	HmacFreeCavium(hmac);
wolfSSL	0:d92f9d21154c	62	}
wolfSSL	0:d92f9d21154c	63	#endif
wolfSSL	0:d92f9d21154c	64
wolfSSL	0:d92f9d21154c	65	int wolfSSL_GetHmacMaxSize(void)
wolfSSL	0:d92f9d21154c	66	{
wolfSSL	0:d92f9d21154c	67	return CyaSSL_GetHmacMaxSize();
wolfSSL	0:d92f9d21154c	68	}
wolfSSL	0:d92f9d21154c	69
wolfSSL	0:d92f9d21154c	70	#ifdef HAVE_HKDF
wolfSSL	0:d92f9d21154c	71
wolfSSL	0:d92f9d21154c	72	int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
wolfSSL	0:d92f9d21154c	73	const byte* salt, word32 saltSz,
wolfSSL	0:d92f9d21154c	74	const byte* info, word32 infoSz,
wolfSSL	0:d92f9d21154c	75	byte* out, word32 outSz)
wolfSSL	0:d92f9d21154c	76	{
wolfSSL	0:d92f9d21154c	77	return HKDF(type, inKey, inKeySz, salt, saltSz, info, infoSz, out, outSz);
wolfSSL	0:d92f9d21154c	78	}
wolfSSL	0:d92f9d21154c	79
wolfSSL	0:d92f9d21154c	80
wolfSSL	0:d92f9d21154c	81	#endif /* HAVE_HKDF */
wolfSSL	0:d92f9d21154c	82	#else /* else build without fips */
wolfSSL	0:d92f9d21154c	83	#ifdef WOLFSSL_PIC32MZ_HASH
wolfSSL	0:d92f9d21154c	84
wolfSSL	0:d92f9d21154c	85	#define wc_InitMd5 wc_InitMd5_sw
wolfSSL	0:d92f9d21154c	86	#define wc_Md5Update wc_Md5Update_sw
wolfSSL	0:d92f9d21154c	87	#define wc_Md5Final wc_Md5Final_sw
wolfSSL	0:d92f9d21154c	88
wolfSSL	0:d92f9d21154c	89	#define wc_InitSha wc_InitSha_sw
wolfSSL	0:d92f9d21154c	90	#define wc_ShaUpdate wc_ShaUpdate_sw
wolfSSL	0:d92f9d21154c	91	#define wc_ShaFinal wc_ShaFinal_sw
wolfSSL	0:d92f9d21154c	92
wolfSSL	0:d92f9d21154c	93	#define wc_InitSha256 wc_InitSha256_sw
wolfSSL	0:d92f9d21154c	94	#define wc_Sha256Update wc_Sha256Update_sw
wolfSSL	0:d92f9d21154c	95	#define wc_Sha256Final wc_Sha256Final_sw
wolfSSL	0:d92f9d21154c	96
wolfSSL	0:d92f9d21154c	97	#endif
wolfSSL	0:d92f9d21154c	98
wolfSSL	0:d92f9d21154c	99	#ifdef HAVE_FIPS
wolfSSL	0:d92f9d21154c	100	/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
wolfSSL	0:d92f9d21154c	101	#define FIPS_NO_WRAPPERS
wolfSSL	0:d92f9d21154c	102	#endif
wolfSSL	0:d92f9d21154c	103
wolfSSL	0:d92f9d21154c	104	#include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL	0:d92f9d21154c	105
wolfSSL	0:d92f9d21154c	106
wolfSSL	0:d92f9d21154c	107	#ifdef HAVE_CAVIUM
wolfSSL	0:d92f9d21154c	108	static void HmacCaviumFinal(Hmac* hmac, byte* hash);
wolfSSL	0:d92f9d21154c	109	static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length);
wolfSSL	0:d92f9d21154c	110	static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
wolfSSL	0:d92f9d21154c	111	word32 length);
wolfSSL	0:d92f9d21154c	112	#endif
wolfSSL	0:d92f9d21154c	113
wolfSSL	0:d92f9d21154c	114	static int InitHmac(Hmac* hmac, int type)
wolfSSL	0:d92f9d21154c	115	{
wolfSSL	0:d92f9d21154c	116	int ret = 0;
wolfSSL	0:d92f9d21154c	117
wolfSSL	0:d92f9d21154c	118	hmac->innerHashKeyed = 0;
wolfSSL	0:d92f9d21154c	119	hmac->macType = (byte)type;
wolfSSL	0:d92f9d21154c	120
wolfSSL	0:d92f9d21154c	121	if (!(type == MD5 \|\| type == SHA \|\| type == SHA256 \|\| type == SHA384
wolfSSL	0:d92f9d21154c	122	\|\| type == SHA512 \|\| type == BLAKE2B_ID))
wolfSSL	0:d92f9d21154c	123	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	124
wolfSSL	0:d92f9d21154c	125	switch (type) {
wolfSSL	0:d92f9d21154c	126	#ifndef NO_MD5
wolfSSL	0:d92f9d21154c	127	case MD5:
wolfSSL	0:d92f9d21154c	128	wc_InitMd5(&hmac->hash.md5);
wolfSSL	0:d92f9d21154c	129	break;
wolfSSL	0:d92f9d21154c	130	#endif
wolfSSL	0:d92f9d21154c	131
wolfSSL	0:d92f9d21154c	132	#ifndef NO_SHA
wolfSSL	0:d92f9d21154c	133	case SHA:
wolfSSL	0:d92f9d21154c	134	ret = wc_InitSha(&hmac->hash.sha);
wolfSSL	0:d92f9d21154c	135	break;
wolfSSL	0:d92f9d21154c	136	#endif
wolfSSL	0:d92f9d21154c	137
wolfSSL	0:d92f9d21154c	138	#ifndef NO_SHA256
wolfSSL	0:d92f9d21154c	139	case SHA256:
wolfSSL	0:d92f9d21154c	140	ret = wc_InitSha256(&hmac->hash.sha256);
wolfSSL	0:d92f9d21154c	141	break;
wolfSSL	0:d92f9d21154c	142	#endif
wolfSSL	0:d92f9d21154c	143
wolfSSL	0:d92f9d21154c	144	#ifdef WOLFSSL_SHA384
wolfSSL	0:d92f9d21154c	145	case SHA384:
wolfSSL	0:d92f9d21154c	146	ret = wc_InitSha384(&hmac->hash.sha384);
wolfSSL	0:d92f9d21154c	147	break;
wolfSSL	0:d92f9d21154c	148	#endif
wolfSSL	0:d92f9d21154c	149
wolfSSL	0:d92f9d21154c	150	#ifdef WOLFSSL_SHA512
wolfSSL	0:d92f9d21154c	151	case SHA512:
wolfSSL	0:d92f9d21154c	152	ret = wc_InitSha512(&hmac->hash.sha512);
wolfSSL	0:d92f9d21154c	153	break;
wolfSSL	0:d92f9d21154c	154	#endif
wolfSSL	0:d92f9d21154c	155
wolfSSL	0:d92f9d21154c	156	#ifdef HAVE_BLAKE2
wolfSSL	0:d92f9d21154c	157	case BLAKE2B_ID:
wolfSSL	0:d92f9d21154c	158	ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
wolfSSL	0:d92f9d21154c	159	break;
wolfSSL	0:d92f9d21154c	160	#endif
wolfSSL	0:d92f9d21154c	161
wolfSSL	0:d92f9d21154c	162	default:
wolfSSL	0:d92f9d21154c	163	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	164	}
wolfSSL	0:d92f9d21154c	165
wolfSSL	0:d92f9d21154c	166	return ret;
wolfSSL	0:d92f9d21154c	167	}
wolfSSL	0:d92f9d21154c	168
wolfSSL	0:d92f9d21154c	169
wolfSSL	0:d92f9d21154c	170	int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
wolfSSL	0:d92f9d21154c	171	{
wolfSSL	0:d92f9d21154c	172	byte* ip = (byte*) hmac->ipad;
wolfSSL	0:d92f9d21154c	173	byte* op = (byte*) hmac->opad;
wolfSSL	0:d92f9d21154c	174	word32 i, hmac_block_size = 0;
wolfSSL	0:d92f9d21154c	175	int ret;
wolfSSL	0:d92f9d21154c	176
wolfSSL	0:d92f9d21154c	177	#ifdef HAVE_CAVIUM
wolfSSL	0:d92f9d21154c	178	if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
wolfSSL	0:d92f9d21154c	179	return HmacCaviumSetKey(hmac, type, key, length);
wolfSSL	0:d92f9d21154c	180	#endif
wolfSSL	0:d92f9d21154c	181
wolfSSL	0:d92f9d21154c	182	ret = InitHmac(hmac, type);
wolfSSL	0:d92f9d21154c	183	if (ret != 0)
wolfSSL	0:d92f9d21154c	184	return ret;
wolfSSL	0:d92f9d21154c	185
wolfSSL	0:d92f9d21154c	186	#ifdef HAVE_FIPS
wolfSSL	0:d92f9d21154c	187	if (length < HMAC_FIPS_MIN_KEY)
wolfSSL	0:d92f9d21154c	188	return HMAC_MIN_KEYLEN_E;
wolfSSL	0:d92f9d21154c	189	#endif
wolfSSL	0:d92f9d21154c	190
wolfSSL	0:d92f9d21154c	191	switch (hmac->macType) {
wolfSSL	0:d92f9d21154c	192	#ifndef NO_MD5
wolfSSL	0:d92f9d21154c	193	case MD5:
wolfSSL	0:d92f9d21154c	194	{
wolfSSL	0:d92f9d21154c	195	hmac_block_size = MD5_BLOCK_SIZE;
wolfSSL	0:d92f9d21154c	196	if (length <= MD5_BLOCK_SIZE) {
wolfSSL	0:d92f9d21154c	197	XMEMCPY(ip, key, length);
wolfSSL	0:d92f9d21154c	198	}
wolfSSL	0:d92f9d21154c	199	else {
wolfSSL	0:d92f9d21154c	200	wc_Md5Update(&hmac->hash.md5, key, length);
wolfSSL	0:d92f9d21154c	201	wc_Md5Final(&hmac->hash.md5, ip);
wolfSSL	0:d92f9d21154c	202	length = MD5_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	203	}
wolfSSL	0:d92f9d21154c	204	}
wolfSSL	0:d92f9d21154c	205	break;
wolfSSL	0:d92f9d21154c	206	#endif
wolfSSL	0:d92f9d21154c	207
wolfSSL	0:d92f9d21154c	208	#ifndef NO_SHA
wolfSSL	0:d92f9d21154c	209	case SHA:
wolfSSL	0:d92f9d21154c	210	{
wolfSSL	0:d92f9d21154c	211	hmac_block_size = SHA_BLOCK_SIZE;
wolfSSL	0:d92f9d21154c	212	if (length <= SHA_BLOCK_SIZE) {
wolfSSL	0:d92f9d21154c	213	XMEMCPY(ip, key, length);
wolfSSL	0:d92f9d21154c	214	}
wolfSSL	0:d92f9d21154c	215	else {
wolfSSL	0:d92f9d21154c	216	wc_ShaUpdate(&hmac->hash.sha, key, length);
wolfSSL	0:d92f9d21154c	217	wc_ShaFinal(&hmac->hash.sha, ip);
wolfSSL	0:d92f9d21154c	218	length = SHA_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	219	}
wolfSSL	0:d92f9d21154c	220	}
wolfSSL	0:d92f9d21154c	221	break;
wolfSSL	0:d92f9d21154c	222	#endif
wolfSSL	0:d92f9d21154c	223
wolfSSL	0:d92f9d21154c	224	#ifndef NO_SHA256
wolfSSL	0:d92f9d21154c	225	case SHA256:
wolfSSL	0:d92f9d21154c	226	{
wolfSSL	0:d92f9d21154c	227	hmac_block_size = SHA256_BLOCK_SIZE;
wolfSSL	0:d92f9d21154c	228	if (length <= SHA256_BLOCK_SIZE) {
wolfSSL	0:d92f9d21154c	229	XMEMCPY(ip, key, length);
wolfSSL	0:d92f9d21154c	230	}
wolfSSL	0:d92f9d21154c	231	else {
wolfSSL	0:d92f9d21154c	232	ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
wolfSSL	0:d92f9d21154c	233	if (ret != 0)
wolfSSL	0:d92f9d21154c	234	return ret;
wolfSSL	0:d92f9d21154c	235
wolfSSL	0:d92f9d21154c	236	ret = wc_Sha256Final(&hmac->hash.sha256, ip);
wolfSSL	0:d92f9d21154c	237	if (ret != 0)
wolfSSL	0:d92f9d21154c	238	return ret;
wolfSSL	0:d92f9d21154c	239
wolfSSL	0:d92f9d21154c	240	length = SHA256_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	241	}
wolfSSL	0:d92f9d21154c	242	}
wolfSSL	0:d92f9d21154c	243	break;
wolfSSL	0:d92f9d21154c	244	#endif
wolfSSL	0:d92f9d21154c	245
wolfSSL	0:d92f9d21154c	246	#ifdef WOLFSSL_SHA384
wolfSSL	0:d92f9d21154c	247	case SHA384:
wolfSSL	0:d92f9d21154c	248	{
wolfSSL	0:d92f9d21154c	249	hmac_block_size = SHA384_BLOCK_SIZE;
wolfSSL	0:d92f9d21154c	250	if (length <= SHA384_BLOCK_SIZE) {
wolfSSL	0:d92f9d21154c	251	XMEMCPY(ip, key, length);
wolfSSL	0:d92f9d21154c	252	}
wolfSSL	0:d92f9d21154c	253	else {
wolfSSL	0:d92f9d21154c	254	ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
wolfSSL	0:d92f9d21154c	255	if (ret != 0)
wolfSSL	0:d92f9d21154c	256	return ret;
wolfSSL	0:d92f9d21154c	257
wolfSSL	0:d92f9d21154c	258	ret = wc_Sha384Final(&hmac->hash.sha384, ip);
wolfSSL	0:d92f9d21154c	259	if (ret != 0)
wolfSSL	0:d92f9d21154c	260	return ret;
wolfSSL	0:d92f9d21154c	261
wolfSSL	0:d92f9d21154c	262	length = SHA384_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	263	}
wolfSSL	0:d92f9d21154c	264	}
wolfSSL	0:d92f9d21154c	265	break;
wolfSSL	0:d92f9d21154c	266	#endif
wolfSSL	0:d92f9d21154c	267
wolfSSL	0:d92f9d21154c	268	#ifdef WOLFSSL_SHA512
wolfSSL	0:d92f9d21154c	269	case SHA512:
wolfSSL	0:d92f9d21154c	270	{
wolfSSL	0:d92f9d21154c	271	hmac_block_size = SHA512_BLOCK_SIZE;
wolfSSL	0:d92f9d21154c	272	if (length <= SHA512_BLOCK_SIZE) {
wolfSSL	0:d92f9d21154c	273	XMEMCPY(ip, key, length);
wolfSSL	0:d92f9d21154c	274	}
wolfSSL	0:d92f9d21154c	275	else {
wolfSSL	0:d92f9d21154c	276	ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
wolfSSL	0:d92f9d21154c	277	if (ret != 0)
wolfSSL	0:d92f9d21154c	278	return ret;
wolfSSL	0:d92f9d21154c	279
wolfSSL	0:d92f9d21154c	280	ret = wc_Sha512Final(&hmac->hash.sha512, ip);
wolfSSL	0:d92f9d21154c	281	if (ret != 0)
wolfSSL	0:d92f9d21154c	282	return ret;
wolfSSL	0:d92f9d21154c	283
wolfSSL	0:d92f9d21154c	284	length = SHA512_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	285	}
wolfSSL	0:d92f9d21154c	286	}
wolfSSL	0:d92f9d21154c	287	break;
wolfSSL	0:d92f9d21154c	288	#endif
wolfSSL	0:d92f9d21154c	289
wolfSSL	0:d92f9d21154c	290	#ifdef HAVE_BLAKE2
wolfSSL	0:d92f9d21154c	291	case BLAKE2B_ID:
wolfSSL	0:d92f9d21154c	292	{
wolfSSL	0:d92f9d21154c	293	hmac_block_size = BLAKE2B_BLOCKBYTES;
wolfSSL	0:d92f9d21154c	294	if (length <= BLAKE2B_BLOCKBYTES) {
wolfSSL	0:d92f9d21154c	295	XMEMCPY(ip, key, length);
wolfSSL	0:d92f9d21154c	296	}
wolfSSL	0:d92f9d21154c	297	else {
wolfSSL	0:d92f9d21154c	298	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
wolfSSL	0:d92f9d21154c	299	if (ret != 0)
wolfSSL	0:d92f9d21154c	300	return ret;
wolfSSL	0:d92f9d21154c	301
wolfSSL	0:d92f9d21154c	302	ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
wolfSSL	0:d92f9d21154c	303	if (ret != 0)
wolfSSL	0:d92f9d21154c	304	return ret;
wolfSSL	0:d92f9d21154c	305
wolfSSL	0:d92f9d21154c	306	length = BLAKE2B_256;
wolfSSL	0:d92f9d21154c	307	}
wolfSSL	0:d92f9d21154c	308	}
wolfSSL	0:d92f9d21154c	309	break;
wolfSSL	0:d92f9d21154c	310	#endif
wolfSSL	0:d92f9d21154c	311
wolfSSL	0:d92f9d21154c	312	default:
wolfSSL	0:d92f9d21154c	313	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	314	}
wolfSSL	0:d92f9d21154c	315	if (length < hmac_block_size)
wolfSSL	0:d92f9d21154c	316	XMEMSET(ip + length, 0, hmac_block_size - length);
wolfSSL	0:d92f9d21154c	317
wolfSSL	0:d92f9d21154c	318	for(i = 0; i < hmac_block_size; i++) {
wolfSSL	0:d92f9d21154c	319	op[i] = ip[i] ^ OPAD;
wolfSSL	0:d92f9d21154c	320	ip[i] ^= IPAD;
wolfSSL	0:d92f9d21154c	321	}
wolfSSL	0:d92f9d21154c	322	return 0;
wolfSSL	0:d92f9d21154c	323	}
wolfSSL	0:d92f9d21154c	324
wolfSSL	0:d92f9d21154c	325
wolfSSL	0:d92f9d21154c	326	static int HmacKeyInnerHash(Hmac* hmac)
wolfSSL	0:d92f9d21154c	327	{
wolfSSL	0:d92f9d21154c	328	int ret = 0;
wolfSSL	0:d92f9d21154c	329
wolfSSL	0:d92f9d21154c	330	switch (hmac->macType) {
wolfSSL	0:d92f9d21154c	331	#ifndef NO_MD5
wolfSSL	0:d92f9d21154c	332	case MD5:
wolfSSL	0:d92f9d21154c	333	wc_Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	334	break;
wolfSSL	0:d92f9d21154c	335	#endif
wolfSSL	0:d92f9d21154c	336
wolfSSL	0:d92f9d21154c	337	#ifndef NO_SHA
wolfSSL	0:d92f9d21154c	338	case SHA:
wolfSSL	0:d92f9d21154c	339	wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	340	break;
wolfSSL	0:d92f9d21154c	341	#endif
wolfSSL	0:d92f9d21154c	342
wolfSSL	0:d92f9d21154c	343	#ifndef NO_SHA256
wolfSSL	0:d92f9d21154c	344	case SHA256:
wolfSSL	0:d92f9d21154c	345	ret = wc_Sha256Update(&hmac->hash.sha256,
wolfSSL	0:d92f9d21154c	346	(byte*) hmac->ipad, SHA256_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	347	if (ret != 0)
wolfSSL	0:d92f9d21154c	348	return ret;
wolfSSL	0:d92f9d21154c	349	break;
wolfSSL	0:d92f9d21154c	350	#endif
wolfSSL	0:d92f9d21154c	351
wolfSSL	0:d92f9d21154c	352	#ifdef WOLFSSL_SHA384
wolfSSL	0:d92f9d21154c	353	case SHA384:
wolfSSL	0:d92f9d21154c	354	ret = wc_Sha384Update(&hmac->hash.sha384,
wolfSSL	0:d92f9d21154c	355	(byte*) hmac->ipad, SHA384_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	356	if (ret != 0)
wolfSSL	0:d92f9d21154c	357	return ret;
wolfSSL	0:d92f9d21154c	358	break;
wolfSSL	0:d92f9d21154c	359	#endif
wolfSSL	0:d92f9d21154c	360
wolfSSL	0:d92f9d21154c	361	#ifdef WOLFSSL_SHA512
wolfSSL	0:d92f9d21154c	362	case SHA512:
wolfSSL	0:d92f9d21154c	363	ret = wc_Sha512Update(&hmac->hash.sha512,
wolfSSL	0:d92f9d21154c	364	(byte*) hmac->ipad, SHA512_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	365	if (ret != 0)
wolfSSL	0:d92f9d21154c	366	return ret;
wolfSSL	0:d92f9d21154c	367	break;
wolfSSL	0:d92f9d21154c	368	#endif
wolfSSL	0:d92f9d21154c	369
wolfSSL	0:d92f9d21154c	370	#ifdef HAVE_BLAKE2
wolfSSL	0:d92f9d21154c	371	case BLAKE2B_ID:
wolfSSL	0:d92f9d21154c	372	ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
wolfSSL	0:d92f9d21154c	373	(byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
wolfSSL	0:d92f9d21154c	374	if (ret != 0)
wolfSSL	0:d92f9d21154c	375	return ret;
wolfSSL	0:d92f9d21154c	376	break;
wolfSSL	0:d92f9d21154c	377	#endif
wolfSSL	0:d92f9d21154c	378
wolfSSL	0:d92f9d21154c	379	default:
wolfSSL	0:d92f9d21154c	380	break;
wolfSSL	0:d92f9d21154c	381	}
wolfSSL	0:d92f9d21154c	382
wolfSSL	0:d92f9d21154c	383	hmac->innerHashKeyed = 1;
wolfSSL	0:d92f9d21154c	384
wolfSSL	0:d92f9d21154c	385	return ret;
wolfSSL	0:d92f9d21154c	386	}
wolfSSL	0:d92f9d21154c	387
wolfSSL	0:d92f9d21154c	388
wolfSSL	0:d92f9d21154c	389	int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
wolfSSL	0:d92f9d21154c	390	{
wolfSSL	0:d92f9d21154c	391	int ret;
wolfSSL	0:d92f9d21154c	392
wolfSSL	0:d92f9d21154c	393	#ifdef HAVE_CAVIUM
wolfSSL	0:d92f9d21154c	394	if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
wolfSSL	0:d92f9d21154c	395	return HmacCaviumUpdate(hmac, msg, length);
wolfSSL	0:d92f9d21154c	396	#endif
wolfSSL	0:d92f9d21154c	397
wolfSSL	0:d92f9d21154c	398	if (!hmac->innerHashKeyed) {
wolfSSL	0:d92f9d21154c	399	ret = HmacKeyInnerHash(hmac);
wolfSSL	0:d92f9d21154c	400	if (ret != 0)
wolfSSL	0:d92f9d21154c	401	return ret;
wolfSSL	0:d92f9d21154c	402	}
wolfSSL	0:d92f9d21154c	403
wolfSSL	0:d92f9d21154c	404	switch (hmac->macType) {
wolfSSL	0:d92f9d21154c	405	#ifndef NO_MD5
wolfSSL	0:d92f9d21154c	406	case MD5:
wolfSSL	0:d92f9d21154c	407	wc_Md5Update(&hmac->hash.md5, msg, length);
wolfSSL	0:d92f9d21154c	408	break;
wolfSSL	0:d92f9d21154c	409	#endif
wolfSSL	0:d92f9d21154c	410
wolfSSL	0:d92f9d21154c	411	#ifndef NO_SHA
wolfSSL	0:d92f9d21154c	412	case SHA:
wolfSSL	0:d92f9d21154c	413	wc_ShaUpdate(&hmac->hash.sha, msg, length);
wolfSSL	0:d92f9d21154c	414	break;
wolfSSL	0:d92f9d21154c	415	#endif
wolfSSL	0:d92f9d21154c	416
wolfSSL	0:d92f9d21154c	417	#ifndef NO_SHA256
wolfSSL	0:d92f9d21154c	418	case SHA256:
wolfSSL	0:d92f9d21154c	419	ret = wc_Sha256Update(&hmac->hash.sha256, msg, length);
wolfSSL	0:d92f9d21154c	420	if (ret != 0)
wolfSSL	0:d92f9d21154c	421	return ret;
wolfSSL	0:d92f9d21154c	422	break;
wolfSSL	0:d92f9d21154c	423	#endif
wolfSSL	0:d92f9d21154c	424
wolfSSL	0:d92f9d21154c	425	#ifdef WOLFSSL_SHA384
wolfSSL	0:d92f9d21154c	426	case SHA384:
wolfSSL	0:d92f9d21154c	427	ret = wc_Sha384Update(&hmac->hash.sha384, msg, length);
wolfSSL	0:d92f9d21154c	428	if (ret != 0)
wolfSSL	0:d92f9d21154c	429	return ret;
wolfSSL	0:d92f9d21154c	430	break;
wolfSSL	0:d92f9d21154c	431	#endif
wolfSSL	0:d92f9d21154c	432
wolfSSL	0:d92f9d21154c	433	#ifdef WOLFSSL_SHA512
wolfSSL	0:d92f9d21154c	434	case SHA512:
wolfSSL	0:d92f9d21154c	435	ret = wc_Sha512Update(&hmac->hash.sha512, msg, length);
wolfSSL	0:d92f9d21154c	436	if (ret != 0)
wolfSSL	0:d92f9d21154c	437	return ret;
wolfSSL	0:d92f9d21154c	438	break;
wolfSSL	0:d92f9d21154c	439	#endif
wolfSSL	0:d92f9d21154c	440
wolfSSL	0:d92f9d21154c	441	#ifdef HAVE_BLAKE2
wolfSSL	0:d92f9d21154c	442	case BLAKE2B_ID:
wolfSSL	0:d92f9d21154c	443	ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
wolfSSL	0:d92f9d21154c	444	if (ret != 0)
wolfSSL	0:d92f9d21154c	445	return ret;
wolfSSL	0:d92f9d21154c	446	break;
wolfSSL	0:d92f9d21154c	447	#endif
wolfSSL	0:d92f9d21154c	448
wolfSSL	0:d92f9d21154c	449	default:
wolfSSL	0:d92f9d21154c	450	break;
wolfSSL	0:d92f9d21154c	451	}
wolfSSL	0:d92f9d21154c	452
wolfSSL	0:d92f9d21154c	453	return 0;
wolfSSL	0:d92f9d21154c	454	}
wolfSSL	0:d92f9d21154c	455
wolfSSL	0:d92f9d21154c	456
wolfSSL	0:d92f9d21154c	457	int wc_HmacFinal(Hmac* hmac, byte* hash)
wolfSSL	0:d92f9d21154c	458	{
wolfSSL	0:d92f9d21154c	459	int ret;
wolfSSL	0:d92f9d21154c	460
wolfSSL	0:d92f9d21154c	461	#ifdef HAVE_CAVIUM
wolfSSL	0:d92f9d21154c	462	if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
wolfSSL	0:d92f9d21154c	463	return HmacCaviumFinal(hmac, hash);
wolfSSL	0:d92f9d21154c	464	#endif
wolfSSL	0:d92f9d21154c	465
wolfSSL	0:d92f9d21154c	466	if (!hmac->innerHashKeyed) {
wolfSSL	0:d92f9d21154c	467	ret = HmacKeyInnerHash(hmac);
wolfSSL	0:d92f9d21154c	468	if (ret != 0)
wolfSSL	0:d92f9d21154c	469	return ret;
wolfSSL	0:d92f9d21154c	470	}
wolfSSL	0:d92f9d21154c	471
wolfSSL	0:d92f9d21154c	472	switch (hmac->macType) {
wolfSSL	0:d92f9d21154c	473	#ifndef NO_MD5
wolfSSL	0:d92f9d21154c	474	case MD5:
wolfSSL	0:d92f9d21154c	475	{
wolfSSL	0:d92f9d21154c	476	wc_Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
wolfSSL	0:d92f9d21154c	477
wolfSSL	0:d92f9d21154c	478	wc_Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	479	wc_Md5Update(&hmac->hash.md5,
wolfSSL	0:d92f9d21154c	480	(byte*) hmac->innerHash, MD5_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	481
wolfSSL	0:d92f9d21154c	482	wc_Md5Final(&hmac->hash.md5, hash);
wolfSSL	0:d92f9d21154c	483	}
wolfSSL	0:d92f9d21154c	484	break;
wolfSSL	0:d92f9d21154c	485	#endif
wolfSSL	0:d92f9d21154c	486
wolfSSL	0:d92f9d21154c	487	#ifndef NO_SHA
wolfSSL	0:d92f9d21154c	488	case SHA:
wolfSSL	0:d92f9d21154c	489	{
wolfSSL	0:d92f9d21154c	490	wc_ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
wolfSSL	0:d92f9d21154c	491
wolfSSL	0:d92f9d21154c	492	wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	493	wc_ShaUpdate(&hmac->hash.sha,
wolfSSL	0:d92f9d21154c	494	(byte*) hmac->innerHash, SHA_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	495
wolfSSL	0:d92f9d21154c	496	wc_ShaFinal(&hmac->hash.sha, hash);
wolfSSL	0:d92f9d21154c	497	}
wolfSSL	0:d92f9d21154c	498	break;
wolfSSL	0:d92f9d21154c	499	#endif
wolfSSL	0:d92f9d21154c	500
wolfSSL	0:d92f9d21154c	501	#ifndef NO_SHA256
wolfSSL	0:d92f9d21154c	502	case SHA256:
wolfSSL	0:d92f9d21154c	503	{
wolfSSL	0:d92f9d21154c	504	ret = wc_Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
wolfSSL	0:d92f9d21154c	505	if (ret != 0)
wolfSSL	0:d92f9d21154c	506	return ret;
wolfSSL	0:d92f9d21154c	507
wolfSSL	0:d92f9d21154c	508	ret = wc_Sha256Update(&hmac->hash.sha256,
wolfSSL	0:d92f9d21154c	509	(byte*) hmac->opad, SHA256_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	510	if (ret != 0)
wolfSSL	0:d92f9d21154c	511	return ret;
wolfSSL	0:d92f9d21154c	512
wolfSSL	0:d92f9d21154c	513	ret = wc_Sha256Update(&hmac->hash.sha256,
wolfSSL	0:d92f9d21154c	514	(byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	515	if (ret != 0)
wolfSSL	0:d92f9d21154c	516	return ret;
wolfSSL	0:d92f9d21154c	517
wolfSSL	0:d92f9d21154c	518	ret = wc_Sha256Final(&hmac->hash.sha256, hash);
wolfSSL	0:d92f9d21154c	519	if (ret != 0)
wolfSSL	0:d92f9d21154c	520	return ret;
wolfSSL	0:d92f9d21154c	521	}
wolfSSL	0:d92f9d21154c	522	break;
wolfSSL	0:d92f9d21154c	523	#endif
wolfSSL	0:d92f9d21154c	524
wolfSSL	0:d92f9d21154c	525	#ifdef WOLFSSL_SHA384
wolfSSL	0:d92f9d21154c	526	case SHA384:
wolfSSL	0:d92f9d21154c	527	{
wolfSSL	0:d92f9d21154c	528	ret = wc_Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
wolfSSL	0:d92f9d21154c	529	if (ret != 0)
wolfSSL	0:d92f9d21154c	530	return ret;
wolfSSL	0:d92f9d21154c	531
wolfSSL	0:d92f9d21154c	532	ret = wc_Sha384Update(&hmac->hash.sha384,
wolfSSL	0:d92f9d21154c	533	(byte*) hmac->opad, SHA384_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	534	if (ret != 0)
wolfSSL	0:d92f9d21154c	535	return ret;
wolfSSL	0:d92f9d21154c	536
wolfSSL	0:d92f9d21154c	537	ret = wc_Sha384Update(&hmac->hash.sha384,
wolfSSL	0:d92f9d21154c	538	(byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	539	if (ret != 0)
wolfSSL	0:d92f9d21154c	540	return ret;
wolfSSL	0:d92f9d21154c	541
wolfSSL	0:d92f9d21154c	542	ret = wc_Sha384Final(&hmac->hash.sha384, hash);
wolfSSL	0:d92f9d21154c	543	if (ret != 0)
wolfSSL	0:d92f9d21154c	544	return ret;
wolfSSL	0:d92f9d21154c	545	}
wolfSSL	0:d92f9d21154c	546	break;
wolfSSL	0:d92f9d21154c	547	#endif
wolfSSL	0:d92f9d21154c	548
wolfSSL	0:d92f9d21154c	549	#ifdef WOLFSSL_SHA512
wolfSSL	0:d92f9d21154c	550	case SHA512:
wolfSSL	0:d92f9d21154c	551	{
wolfSSL	0:d92f9d21154c	552	ret = wc_Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
wolfSSL	0:d92f9d21154c	553	if (ret != 0)
wolfSSL	0:d92f9d21154c	554	return ret;
wolfSSL	0:d92f9d21154c	555
wolfSSL	0:d92f9d21154c	556	ret = wc_Sha512Update(&hmac->hash.sha512,
wolfSSL	0:d92f9d21154c	557	(byte*) hmac->opad, SHA512_BLOCK_SIZE);
wolfSSL	0:d92f9d21154c	558	if (ret != 0)
wolfSSL	0:d92f9d21154c	559	return ret;
wolfSSL	0:d92f9d21154c	560
wolfSSL	0:d92f9d21154c	561	ret = wc_Sha512Update(&hmac->hash.sha512,
wolfSSL	0:d92f9d21154c	562	(byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	563	if (ret != 0)
wolfSSL	0:d92f9d21154c	564	return ret;
wolfSSL	0:d92f9d21154c	565
wolfSSL	0:d92f9d21154c	566	ret = wc_Sha512Final(&hmac->hash.sha512, hash);
wolfSSL	0:d92f9d21154c	567	if (ret != 0)
wolfSSL	0:d92f9d21154c	568	return ret;
wolfSSL	0:d92f9d21154c	569	}
wolfSSL	0:d92f9d21154c	570	break;
wolfSSL	0:d92f9d21154c	571	#endif
wolfSSL	0:d92f9d21154c	572
wolfSSL	0:d92f9d21154c	573	#ifdef HAVE_BLAKE2
wolfSSL	0:d92f9d21154c	574	case BLAKE2B_ID:
wolfSSL	0:d92f9d21154c	575	{
wolfSSL	0:d92f9d21154c	576	ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
wolfSSL	0:d92f9d21154c	577	BLAKE2B_256);
wolfSSL	0:d92f9d21154c	578	if (ret != 0)
wolfSSL	0:d92f9d21154c	579	return ret;
wolfSSL	0:d92f9d21154c	580
wolfSSL	0:d92f9d21154c	581	ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
wolfSSL	0:d92f9d21154c	582	(byte*) hmac->opad, BLAKE2B_BLOCKBYTES);
wolfSSL	0:d92f9d21154c	583	if (ret != 0)
wolfSSL	0:d92f9d21154c	584	return ret;
wolfSSL	0:d92f9d21154c	585
wolfSSL	0:d92f9d21154c	586	ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
wolfSSL	0:d92f9d21154c	587	(byte*) hmac->innerHash, BLAKE2B_256);
wolfSSL	0:d92f9d21154c	588	if (ret != 0)
wolfSSL	0:d92f9d21154c	589	return ret;
wolfSSL	0:d92f9d21154c	590
wolfSSL	0:d92f9d21154c	591	ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
wolfSSL	0:d92f9d21154c	592	if (ret != 0)
wolfSSL	0:d92f9d21154c	593	return ret;
wolfSSL	0:d92f9d21154c	594	}
wolfSSL	0:d92f9d21154c	595	break;
wolfSSL	0:d92f9d21154c	596	#endif
wolfSSL	0:d92f9d21154c	597
wolfSSL	0:d92f9d21154c	598	default:
wolfSSL	0:d92f9d21154c	599	break;
wolfSSL	0:d92f9d21154c	600	}
wolfSSL	0:d92f9d21154c	601
wolfSSL	0:d92f9d21154c	602	hmac->innerHashKeyed = 0;
wolfSSL	0:d92f9d21154c	603
wolfSSL	0:d92f9d21154c	604	return 0;
wolfSSL	0:d92f9d21154c	605	}
wolfSSL	0:d92f9d21154c	606
wolfSSL	0:d92f9d21154c	607
wolfSSL	0:d92f9d21154c	608	#ifdef HAVE_CAVIUM
wolfSSL	0:d92f9d21154c	609
wolfSSL	0:d92f9d21154c	610	/* Initiliaze Hmac for use with Nitrox device */
wolfSSL	0:d92f9d21154c	611	int wc_HmacInitCavium(Hmac* hmac, int devId)
wolfSSL	0:d92f9d21154c	612	{
wolfSSL	0:d92f9d21154c	613	if (hmac == NULL)
wolfSSL	0:d92f9d21154c	614	return -1;
wolfSSL	0:d92f9d21154c	615
wolfSSL	0:d92f9d21154c	616	if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0)
wolfSSL	0:d92f9d21154c	617	return -1;
wolfSSL	0:d92f9d21154c	618
wolfSSL	0:d92f9d21154c	619	hmac->keyLen = 0;
wolfSSL	0:d92f9d21154c	620	hmac->dataLen = 0;
wolfSSL	0:d92f9d21154c	621	hmac->type = 0;
wolfSSL	0:d92f9d21154c	622	hmac->devId = devId;
wolfSSL	0:d92f9d21154c	623	hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC;
wolfSSL	0:d92f9d21154c	624	hmac->data = NULL; /* buffered input data */
wolfSSL	0:d92f9d21154c	625
wolfSSL	0:d92f9d21154c	626	hmac->innerHashKeyed = 0;
wolfSSL	0:d92f9d21154c	627
wolfSSL	0:d92f9d21154c	628	return 0;
wolfSSL	0:d92f9d21154c	629	}
wolfSSL	0:d92f9d21154c	630
wolfSSL	0:d92f9d21154c	631
wolfSSL	0:d92f9d21154c	632	/* Free Hmac from use with Nitrox device */
wolfSSL	0:d92f9d21154c	633	void wc_HmacFreeCavium(Hmac* hmac)
wolfSSL	0:d92f9d21154c	634	{
wolfSSL	0:d92f9d21154c	635	if (hmac == NULL)
wolfSSL	0:d92f9d21154c	636	return;
wolfSSL	0:d92f9d21154c	637
wolfSSL	0:d92f9d21154c	638	CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId);
wolfSSL	0:d92f9d21154c	639	hmac->magic = 0;
wolfSSL	0:d92f9d21154c	640	XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
wolfSSL	0:d92f9d21154c	641	hmac->data = NULL;
wolfSSL	0:d92f9d21154c	642	}
wolfSSL	0:d92f9d21154c	643
wolfSSL	0:d92f9d21154c	644
wolfSSL	0:d92f9d21154c	645	static void HmacCaviumFinal(Hmac* hmac, byte* hash)
wolfSSL	0:d92f9d21154c	646	{
wolfSSL	0:d92f9d21154c	647	word32 requestId;
wolfSSL	0:d92f9d21154c	648
wolfSSL	0:d92f9d21154c	649	if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
wolfSSL	0:d92f9d21154c	650	(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
wolfSSL	0:d92f9d21154c	651	hmac->devId) != 0) {
wolfSSL	0:d92f9d21154c	652	WOLFSSL_MSG("Cavium Hmac failed");
wolfSSL	0:d92f9d21154c	653	}
wolfSSL	0:d92f9d21154c	654	hmac->innerHashKeyed = 0; /* tell update to start over if used again */
wolfSSL	0:d92f9d21154c	655	}
wolfSSL	0:d92f9d21154c	656
wolfSSL	0:d92f9d21154c	657
wolfSSL	0:d92f9d21154c	658	static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
wolfSSL	0:d92f9d21154c	659	{
wolfSSL	0:d92f9d21154c	660	word16 add = (word16)length;
wolfSSL	0:d92f9d21154c	661	word32 total;
wolfSSL	0:d92f9d21154c	662	byte* tmp;
wolfSSL	0:d92f9d21154c	663
wolfSSL	0:d92f9d21154c	664	if (length > WOLFSSL_MAX_16BIT) {
wolfSSL	0:d92f9d21154c	665	WOLFSSL_MSG("Too big msg for cavium hmac");
wolfSSL	0:d92f9d21154c	666	return;
wolfSSL	0:d92f9d21154c	667	}
wolfSSL	0:d92f9d21154c	668
wolfSSL	0:d92f9d21154c	669	if (hmac->innerHashKeyed == 0) { /* starting new */
wolfSSL	0:d92f9d21154c	670	hmac->dataLen = 0;
wolfSSL	0:d92f9d21154c	671	hmac->innerHashKeyed = 1;
wolfSSL	0:d92f9d21154c	672	}
wolfSSL	0:d92f9d21154c	673
wolfSSL	0:d92f9d21154c	674	total = add + hmac->dataLen;
wolfSSL	0:d92f9d21154c	675	if (total > WOLFSSL_MAX_16BIT) {
wolfSSL	0:d92f9d21154c	676	WOLFSSL_MSG("Too big msg for cavium hmac");
wolfSSL	0:d92f9d21154c	677	return;
wolfSSL	0:d92f9d21154c	678	}
wolfSSL	0:d92f9d21154c	679
wolfSSL	0:d92f9d21154c	680	tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP);
wolfSSL	0:d92f9d21154c	681	if (tmp == NULL) {
wolfSSL	0:d92f9d21154c	682	WOLFSSL_MSG("Out of memory for cavium update");
wolfSSL	0:d92f9d21154c	683	return;
wolfSSL	0:d92f9d21154c	684	}
wolfSSL	0:d92f9d21154c	685	if (hmac->dataLen)
wolfSSL	0:d92f9d21154c	686	XMEMCPY(tmp, hmac->data, hmac->dataLen);
wolfSSL	0:d92f9d21154c	687	XMEMCPY(tmp + hmac->dataLen, msg, add);
wolfSSL	0:d92f9d21154c	688
wolfSSL	0:d92f9d21154c	689	hmac->dataLen += add;
wolfSSL	0:d92f9d21154c	690	XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
wolfSSL	0:d92f9d21154c	691	hmac->data = tmp;
wolfSSL	0:d92f9d21154c	692	}
wolfSSL	0:d92f9d21154c	693
wolfSSL	0:d92f9d21154c	694
wolfSSL	0:d92f9d21154c	695	static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
wolfSSL	0:d92f9d21154c	696	word32 length)
wolfSSL	0:d92f9d21154c	697	{
wolfSSL	0:d92f9d21154c	698	hmac->macType = (byte)type;
wolfSSL	0:d92f9d21154c	699	if (type == MD5)
wolfSSL	0:d92f9d21154c	700	hmac->type = MD5_TYPE;
wolfSSL	0:d92f9d21154c	701	else if (type == SHA)
wolfSSL	0:d92f9d21154c	702	hmac->type = SHA1_TYPE;
wolfSSL	0:d92f9d21154c	703	else if (type == SHA256)
wolfSSL	0:d92f9d21154c	704	hmac->type = SHA256_TYPE;
wolfSSL	0:d92f9d21154c	705	else {
wolfSSL	0:d92f9d21154c	706	WOLFSSL_MSG("unsupported cavium hmac type");
wolfSSL	0:d92f9d21154c	707	}
wolfSSL	0:d92f9d21154c	708
wolfSSL	0:d92f9d21154c	709	hmac->innerHashKeyed = 0; /* should we key Startup flag */
wolfSSL	0:d92f9d21154c	710
wolfSSL	0:d92f9d21154c	711	hmac->keyLen = (word16)length;
wolfSSL	0:d92f9d21154c	712	/* store key in ipad */
wolfSSL	0:d92f9d21154c	713	XMEMCPY(hmac->ipad, key, length);
wolfSSL	0:d92f9d21154c	714	}
wolfSSL	0:d92f9d21154c	715
wolfSSL	0:d92f9d21154c	716	#endif /* HAVE_CAVIUM */
wolfSSL	0:d92f9d21154c	717
wolfSSL	0:d92f9d21154c	718	int wolfSSL_GetHmacMaxSize(void)
wolfSSL	0:d92f9d21154c	719	{
wolfSSL	0:d92f9d21154c	720	return MAX_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	721	}
wolfSSL	0:d92f9d21154c	722
wolfSSL	0:d92f9d21154c	723	#ifdef HAVE_HKDF
wolfSSL	0:d92f9d21154c	724
wolfSSL	0:d92f9d21154c	725	#ifndef WOLFSSL_HAVE_MIN
wolfSSL	0:d92f9d21154c	726	#define WOLFSSL_HAVE_MIN
wolfSSL	0:d92f9d21154c	727
wolfSSL	0:d92f9d21154c	728	static INLINE word32 min(word32 a, word32 b)
wolfSSL	0:d92f9d21154c	729	{
wolfSSL	0:d92f9d21154c	730	return a > b ? b : a;
wolfSSL	0:d92f9d21154c	731	}
wolfSSL	0:d92f9d21154c	732
wolfSSL	0:d92f9d21154c	733	#endif /* WOLFSSL_HAVE_MIN */
wolfSSL	0:d92f9d21154c	734
wolfSSL	0:d92f9d21154c	735
wolfSSL	0:d92f9d21154c	736	static INLINE int GetHashSizeByType(int type)
wolfSSL	0:d92f9d21154c	737	{
wolfSSL	0:d92f9d21154c	738	if (!(type == MD5 \|\| type == SHA \|\| type == SHA256 \|\| type == SHA384
wolfSSL	0:d92f9d21154c	739	\|\| type == SHA512 \|\| type == BLAKE2B_ID))
wolfSSL	0:d92f9d21154c	740	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	741
wolfSSL	0:d92f9d21154c	742	switch (type) {
wolfSSL	0:d92f9d21154c	743	#ifndef NO_MD5
wolfSSL	0:d92f9d21154c	744	case MD5:
wolfSSL	0:d92f9d21154c	745	return MD5_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	746	break;
wolfSSL	0:d92f9d21154c	747	#endif
wolfSSL	0:d92f9d21154c	748
wolfSSL	0:d92f9d21154c	749	#ifndef NO_SHA
wolfSSL	0:d92f9d21154c	750	case SHA:
wolfSSL	0:d92f9d21154c	751	return SHA_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	752	break;
wolfSSL	0:d92f9d21154c	753	#endif
wolfSSL	0:d92f9d21154c	754
wolfSSL	0:d92f9d21154c	755	#ifndef NO_SHA256
wolfSSL	0:d92f9d21154c	756	case SHA256:
wolfSSL	0:d92f9d21154c	757	return SHA256_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	758	break;
wolfSSL	0:d92f9d21154c	759	#endif
wolfSSL	0:d92f9d21154c	760
wolfSSL	0:d92f9d21154c	761	#ifdef WOLFSSL_SHA384
wolfSSL	0:d92f9d21154c	762	case SHA384:
wolfSSL	0:d92f9d21154c	763	return SHA384_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	764	break;
wolfSSL	0:d92f9d21154c	765	#endif
wolfSSL	0:d92f9d21154c	766
wolfSSL	0:d92f9d21154c	767	#ifdef WOLFSSL_SHA512
wolfSSL	0:d92f9d21154c	768	case SHA512:
wolfSSL	0:d92f9d21154c	769	return SHA512_DIGEST_SIZE;
wolfSSL	0:d92f9d21154c	770	break;
wolfSSL	0:d92f9d21154c	771	#endif
wolfSSL	0:d92f9d21154c	772
wolfSSL	0:d92f9d21154c	773	#ifdef HAVE_BLAKE2
wolfSSL	0:d92f9d21154c	774	case BLAKE2B_ID:
wolfSSL	0:d92f9d21154c	775	return BLAKE2B_OUTBYTES;
wolfSSL	0:d92f9d21154c	776	break;
wolfSSL	0:d92f9d21154c	777	#endif
wolfSSL	0:d92f9d21154c	778
wolfSSL	0:d92f9d21154c	779	default:
wolfSSL	0:d92f9d21154c	780	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	781	break;
wolfSSL	0:d92f9d21154c	782	}
wolfSSL	0:d92f9d21154c	783	}
wolfSSL	0:d92f9d21154c	784
wolfSSL	0:d92f9d21154c	785
wolfSSL	0:d92f9d21154c	786	/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
wolfSSL	0:d92f9d21154c	787	int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
wolfSSL	0:d92f9d21154c	788	const byte* salt, word32 saltSz,
wolfSSL	0:d92f9d21154c	789	const byte* info, word32 infoSz,
wolfSSL	0:d92f9d21154c	790	byte* out, word32 outSz)
wolfSSL	0:d92f9d21154c	791	{
wolfSSL	0:d92f9d21154c	792	Hmac myHmac;
wolfSSL	0:d92f9d21154c	793	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	794	byte* tmp;
wolfSSL	0:d92f9d21154c	795	byte* prk;
wolfSSL	0:d92f9d21154c	796	#else
wolfSSL	0:d92f9d21154c	797	byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
wolfSSL	0:d92f9d21154c	798	byte prk[MAX_DIGEST_SIZE];
wolfSSL	0:d92f9d21154c	799	#endif
wolfSSL	0:d92f9d21154c	800	const byte* localSalt; /* either points to user input or tmp */
wolfSSL	0:d92f9d21154c	801	int hashSz = GetHashSizeByType(type);
wolfSSL	0:d92f9d21154c	802	word32 outIdx = 0;
wolfSSL	0:d92f9d21154c	803	byte n = 0x1;
wolfSSL	0:d92f9d21154c	804	int ret;
wolfSSL	0:d92f9d21154c	805
wolfSSL	0:d92f9d21154c	806	if (hashSz < 0)
wolfSSL	0:d92f9d21154c	807	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	808
wolfSSL	0:d92f9d21154c	809	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	810	tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	811	if (tmp == NULL)
wolfSSL	0:d92f9d21154c	812	return MEMORY_E;
wolfSSL	0:d92f9d21154c	813
wolfSSL	0:d92f9d21154c	814	prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	815	if (prk == NULL) {
wolfSSL	0:d92f9d21154c	816	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	817	return MEMORY_E;
wolfSSL	0:d92f9d21154c	818	}
wolfSSL	0:d92f9d21154c	819	#endif
wolfSSL	0:d92f9d21154c	820
wolfSSL	0:d92f9d21154c	821	localSalt = salt;
wolfSSL	0:d92f9d21154c	822	if (localSalt == NULL) {
wolfSSL	0:d92f9d21154c	823	XMEMSET(tmp, 0, hashSz);
wolfSSL	0:d92f9d21154c	824	localSalt = tmp;
wolfSSL	0:d92f9d21154c	825	saltSz = hashSz;
wolfSSL	0:d92f9d21154c	826	}
wolfSSL	0:d92f9d21154c	827
wolfSSL	0:d92f9d21154c	828	do {
wolfSSL	0:d92f9d21154c	829	ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
wolfSSL	0:d92f9d21154c	830	if (ret != 0)
wolfSSL	0:d92f9d21154c	831	break;
wolfSSL	0:d92f9d21154c	832	ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
wolfSSL	0:d92f9d21154c	833	if (ret != 0)
wolfSSL	0:d92f9d21154c	834	break;
wolfSSL	0:d92f9d21154c	835	ret = wc_HmacFinal(&myHmac, prk);
wolfSSL	0:d92f9d21154c	836	} while (0);
wolfSSL	0:d92f9d21154c	837
wolfSSL	0:d92f9d21154c	838	if (ret == 0) {
wolfSSL	0:d92f9d21154c	839	while (outIdx < outSz) {
wolfSSL	0:d92f9d21154c	840	int tmpSz = (n == 1) ? 0 : hashSz;
wolfSSL	0:d92f9d21154c	841	word32 left = outSz - outIdx;
wolfSSL	0:d92f9d21154c	842
wolfSSL	0:d92f9d21154c	843	ret = wc_HmacSetKey(&myHmac, type, prk, hashSz);
wolfSSL	0:d92f9d21154c	844	if (ret != 0)
wolfSSL	0:d92f9d21154c	845	break;
wolfSSL	0:d92f9d21154c	846	ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
wolfSSL	0:d92f9d21154c	847	if (ret != 0)
wolfSSL	0:d92f9d21154c	848	break;
wolfSSL	0:d92f9d21154c	849	ret = wc_HmacUpdate(&myHmac, info, infoSz);
wolfSSL	0:d92f9d21154c	850	if (ret != 0)
wolfSSL	0:d92f9d21154c	851	break;
wolfSSL	0:d92f9d21154c	852	ret = wc_HmacUpdate(&myHmac, &n, 1);
wolfSSL	0:d92f9d21154c	853	if (ret != 0)
wolfSSL	0:d92f9d21154c	854	break;
wolfSSL	0:d92f9d21154c	855	ret = wc_HmacFinal(&myHmac, tmp);
wolfSSL	0:d92f9d21154c	856	if (ret != 0)
wolfSSL	0:d92f9d21154c	857	break;
wolfSSL	0:d92f9d21154c	858
wolfSSL	0:d92f9d21154c	859	left = min(left, (word32)hashSz);
wolfSSL	0:d92f9d21154c	860	XMEMCPY(out+outIdx, tmp, left);
wolfSSL	0:d92f9d21154c	861
wolfSSL	0:d92f9d21154c	862	outIdx += hashSz;
wolfSSL	0:d92f9d21154c	863	n++;
wolfSSL	0:d92f9d21154c	864	}
wolfSSL	0:d92f9d21154c	865	}
wolfSSL	0:d92f9d21154c	866
wolfSSL	0:d92f9d21154c	867	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	868	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	869	XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	870	#endif
wolfSSL	0:d92f9d21154c	871
wolfSSL	0:d92f9d21154c	872	return ret;
wolfSSL	0:d92f9d21154c	873	}
wolfSSL	0:d92f9d21154c	874
wolfSSL	0:d92f9d21154c	875	#endif /* HAVE_HKDF */
wolfSSL	0:d92f9d21154c	876
wolfSSL	0:d92f9d21154c	877	#endif /* HAVE_FIPS */
wolfSSL	0:d92f9d21154c	878	#endif /* NO_HMAC */
wolfSSL	0:d92f9d21154c	879
wolfSSL	0:d92f9d21154c	880

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	30 May 2017
Imports:	0
Forks:	0
Commits:	14
Dependents:	0
Dependencies:	0
Followers:	1

This repository is Public (Unlisted).

wolfcrypt/src/hmac.c@0:d92f9d21154c, 2015-06-26 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning