wolf SSL
/
wolfSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Diff: wolfcrypt/src/hmac.c
- Revision:
- 6:fa3bd0ca5896
- Parent:
- 4:1b0d80432c79
- Child:
- 7:481bce714567
--- a/wolfcrypt/src/hmac.c Thu Apr 28 00:57:21 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,880 +0,0 @@
-/* hmac.h
- *
- * Copyright (C) 2006-2016 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_HMAC
-
-#include <wolfssl/wolfcrypt/hmac.h>
-
-#ifdef HAVE_FIPS
-/* does init */
-int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz)
-{
- return HmacSetKey_fips(hmac, type, key, keySz);
-}
-
-
-int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz)
-{
- return HmacUpdate_fips(hmac, in, sz);
-}
-
-
-int wc_HmacFinal(Hmac* hmac, byte* out)
-{
- return HmacFinal_fips(hmac, out);
-}
-
-
-#ifdef HAVE_CAVIUM
- int wc_HmacInitCavium(Hmac* hmac, int i)
- {
- return HmacInitCavium(hmac, i);
- }
-
-
- void wc_HmacFreeCavium(Hmac* hmac)
- {
- HmacFreeCavium(hmac);
- }
-#endif
-
-int wolfSSL_GetHmacMaxSize(void)
-{
- return CyaSSL_GetHmacMaxSize();
-}
-
-#ifdef HAVE_HKDF
-
-int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
- const byte* salt, word32 saltSz,
- const byte* info, word32 infoSz,
- byte* out, word32 outSz)
-{
- return HKDF(type, inKey, inKeySz, salt, saltSz, info, infoSz, out, outSz);
-}
-
-
-#endif /* HAVE_HKDF */
-#else /* else build without fips */
-#ifdef WOLFSSL_PIC32MZ_HASH
-
-#define wc_InitMd5 wc_InitMd5_sw
-#define wc_Md5Update wc_Md5Update_sw
-#define wc_Md5Final wc_Md5Final_sw
-
-#define wc_InitSha wc_InitSha_sw
-#define wc_ShaUpdate wc_ShaUpdate_sw
-#define wc_ShaFinal wc_ShaFinal_sw
-
-#define wc_InitSha256 wc_InitSha256_sw
-#define wc_Sha256Update wc_Sha256Update_sw
-#define wc_Sha256Final wc_Sha256Final_sw
-
-#endif
-
-#ifdef HAVE_FIPS
- /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
- #define FIPS_NO_WRAPPERS
-#endif
-
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-
-#ifdef HAVE_CAVIUM
- static int HmacCaviumFinal(Hmac* hmac, byte* hash);
- static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length);
- static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
- word32 length);
-#endif
-
-static int InitHmac(Hmac* hmac, int type)
-{
- int ret = 0;
-
- hmac->innerHashKeyed = 0;
- hmac->macType = (byte)type;
-
- if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
- || type == SHA512 || type == BLAKE2B_ID))
- return BAD_FUNC_ARG;
-
- switch (type) {
- #ifndef NO_MD5
- case MD5:
- wc_InitMd5(&hmac->hash.md5);
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- ret = wc_InitSha(&hmac->hash.sha);
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- ret = wc_InitSha256(&hmac->hash.sha256);
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- ret = wc_InitSha384(&hmac->hash.sha384);
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- ret = wc_InitSha512(&hmac->hash.sha512);
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
- break;
- #endif
-
- default:
- return BAD_FUNC_ARG;
- }
-
- return ret;
-}
-
-
-int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
-{
- byte* ip = (byte*) hmac->ipad;
- byte* op = (byte*) hmac->opad;
- word32 i, hmac_block_size = 0;
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
- return HmacCaviumSetKey(hmac, type, key, length);
-#endif
-
- ret = InitHmac(hmac, type);
- if (ret != 0)
- return ret;
-
-#ifdef HAVE_FIPS
- if (length < HMAC_FIPS_MIN_KEY)
- return HMAC_MIN_KEYLEN_E;
-#endif
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- {
- hmac_block_size = MD5_BLOCK_SIZE;
- if (length <= MD5_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- wc_Md5Update(&hmac->hash.md5, key, length);
- wc_Md5Final(&hmac->hash.md5, ip);
- length = MD5_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- {
- hmac_block_size = SHA_BLOCK_SIZE;
- if (length <= SHA_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- wc_ShaUpdate(&hmac->hash.sha, key, length);
- wc_ShaFinal(&hmac->hash.sha, ip);
- length = SHA_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- {
- hmac_block_size = SHA256_BLOCK_SIZE;
- if (length <= SHA256_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Sha256Update(&hmac->hash.sha256, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Final(&hmac->hash.sha256, ip);
- if (ret != 0)
- return ret;
-
- length = SHA256_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- {
- hmac_block_size = SHA384_BLOCK_SIZE;
- if (length <= SHA384_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Sha384Update(&hmac->hash.sha384, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Final(&hmac->hash.sha384, ip);
- if (ret != 0)
- return ret;
-
- length = SHA384_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- {
- hmac_block_size = SHA512_BLOCK_SIZE;
- if (length <= SHA512_BLOCK_SIZE) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Sha512Update(&hmac->hash.sha512, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Final(&hmac->hash.sha512, ip);
- if (ret != 0)
- return ret;
-
- length = SHA512_DIGEST_SIZE;
- }
- }
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- {
- hmac_block_size = BLAKE2B_BLOCKBYTES;
- if (length <= BLAKE2B_BLOCKBYTES) {
- XMEMCPY(ip, key, length);
- }
- else {
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256);
- if (ret != 0)
- return ret;
-
- length = BLAKE2B_256;
- }
- }
- break;
- #endif
-
- default:
- return BAD_FUNC_ARG;
- }
- if (length < hmac_block_size)
- XMEMSET(ip + length, 0, hmac_block_size - length);
-
- for(i = 0; i < hmac_block_size; i++) {
- op[i] = ip[i] ^ OPAD;
- ip[i] ^= IPAD;
- }
- return 0;
-}
-
-
-static int HmacKeyInnerHash(Hmac* hmac)
-{
- int ret = 0;
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- wc_Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- ret = wc_Sha256Update(&hmac->hash.sha256,
- (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- ret = wc_Sha384Update(&hmac->hash.sha384,
- (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- ret = wc_Sha512Update(&hmac->hash.sha512,
- (byte*) hmac->ipad, SHA512_BLOCK_SIZE);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
- (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- default:
- break;
- }
-
- hmac->innerHashKeyed = 1;
-
- return ret;
-}
-
-
-int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
- return HmacCaviumUpdate(hmac, msg, length);
-#endif
-
- if (!hmac->innerHashKeyed) {
- ret = HmacKeyInnerHash(hmac);
- if (ret != 0)
- return ret;
- }
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- wc_Md5Update(&hmac->hash.md5, msg, length);
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- wc_ShaUpdate(&hmac->hash.sha, msg, length);
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- ret = wc_Sha256Update(&hmac->hash.sha256, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- ret = wc_Sha384Update(&hmac->hash.sha384, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- ret = wc_Sha512Update(&hmac->hash.sha512, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
- if (ret != 0)
- return ret;
- break;
- #endif
-
- default:
- break;
- }
-
- return 0;
-}
-
-
-int wc_HmacFinal(Hmac* hmac, byte* hash)
-{
- int ret;
-
-#ifdef HAVE_CAVIUM
- if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
- return HmacCaviumFinal(hmac, hash);
-#endif
-
- if (!hmac->innerHashKeyed) {
- ret = HmacKeyInnerHash(hmac);
- if (ret != 0)
- return ret;
- }
-
- switch (hmac->macType) {
- #ifndef NO_MD5
- case MD5:
- {
- wc_Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
-
- wc_Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
- wc_Md5Update(&hmac->hash.md5,
- (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
-
- wc_Md5Final(&hmac->hash.md5, hash);
- }
- break;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- {
- wc_ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
-
- wc_ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
- wc_ShaUpdate(&hmac->hash.sha,
- (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
-
- wc_ShaFinal(&hmac->hash.sha, hash);
- }
- break;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- {
- ret = wc_Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Update(&hmac->hash.sha256,
- (byte*) hmac->opad, SHA256_BLOCK_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Update(&hmac->hash.sha256,
- (byte*) hmac->innerHash, SHA256_DIGEST_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha256Final(&hmac->hash.sha256, hash);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- {
- ret = wc_Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Update(&hmac->hash.sha384,
- (byte*) hmac->opad, SHA384_BLOCK_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Update(&hmac->hash.sha384,
- (byte*) hmac->innerHash, SHA384_DIGEST_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha384Final(&hmac->hash.sha384, hash);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- {
- ret = wc_Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Update(&hmac->hash.sha512,
- (byte*) hmac->opad, SHA512_BLOCK_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Update(&hmac->hash.sha512,
- (byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
- if (ret != 0)
- return ret;
-
- ret = wc_Sha512Final(&hmac->hash.sha512, hash);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- {
- ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
- BLAKE2B_256);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
- (byte*) hmac->opad, BLAKE2B_BLOCKBYTES);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
- (byte*) hmac->innerHash, BLAKE2B_256);
- if (ret != 0)
- return ret;
-
- ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256);
- if (ret != 0)
- return ret;
- }
- break;
- #endif
-
- default:
- break;
- }
-
- hmac->innerHashKeyed = 0;
-
- return 0;
-}
-
-
-#ifdef HAVE_CAVIUM
-
-/* Initialize Hmac for use with Nitrox device */
-int wc_HmacInitCavium(Hmac* hmac, int devId)
-{
- if (hmac == NULL)
- return -1;
-
- if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0)
- return -1;
-
- hmac->keyLen = 0;
- hmac->dataLen = 0;
- hmac->type = 0;
- hmac->devId = devId;
- hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC;
- hmac->data = NULL; /* buffered input data */
-
- hmac->innerHashKeyed = 0;
-
- return 0;
-}
-
-
-/* Free Hmac from use with Nitrox device */
-void wc_HmacFreeCavium(Hmac* hmac)
-{
- if (hmac == NULL)
- return;
-
- CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId);
- hmac->magic = 0;
- XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
- hmac->data = NULL;
-}
-
-
-static int HmacCaviumFinal(Hmac* hmac, byte* hash)
-{
- word32 requestId;
-
- if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
- (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
- hmac->devId) != 0) {
- WOLFSSL_MSG("Cavium Hmac failed");
- return -1;
- }
- hmac->innerHashKeyed = 0; /* tell update to start over if used again */
-
- return 0;
-}
-
-
-static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
-{
- word16 add = (word16)length;
- word32 total;
- byte* tmp;
-
- if (length > WOLFSSL_MAX_16BIT) {
- WOLFSSL_MSG("Too big msg for cavium hmac");
- return -1;
- }
-
- if (hmac->innerHashKeyed == 0) { /* starting new */
- hmac->dataLen = 0;
- hmac->innerHashKeyed = 1;
- }
-
- total = add + hmac->dataLen;
- if (total > WOLFSSL_MAX_16BIT) {
- WOLFSSL_MSG("Too big msg for cavium hmac");
- return -1;
- }
-
- tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP);
- if (tmp == NULL) {
- WOLFSSL_MSG("Out of memory for cavium update");
- return -1;
- }
- if (hmac->dataLen)
- XMEMCPY(tmp, hmac->data, hmac->dataLen);
- XMEMCPY(tmp + hmac->dataLen, msg, add);
-
- hmac->dataLen += add;
- XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
- hmac->data = tmp;
-
- return 0;
-}
-
-
-static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
- word32 length)
-{
- hmac->macType = (byte)type;
- if (type == MD5)
- hmac->type = MD5_TYPE;
- else if (type == SHA)
- hmac->type = SHA1_TYPE;
- else if (type == SHA256)
- hmac->type = SHA256_TYPE;
- else {
- WOLFSSL_MSG("unsupported cavium hmac type");
- }
-
- hmac->innerHashKeyed = 0; /* should we key Startup flag */
-
- hmac->keyLen = (word16)length;
- /* store key in ipad */
- XMEMCPY(hmac->ipad, key, length);
-
- return 0;
-}
-
-#endif /* HAVE_CAVIUM */
-
-int wolfSSL_GetHmacMaxSize(void)
-{
- return MAX_DIGEST_SIZE;
-}
-
-#ifdef HAVE_HKDF
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
- static INLINE word32 min(word32 a, word32 b)
- {
- return a > b ? b : a;
- }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-static INLINE int GetHashSizeByType(int type)
-{
- if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
- || type == SHA512 || type == BLAKE2B_ID))
- return BAD_FUNC_ARG;
-
- switch (type) {
- #ifndef NO_MD5
- case MD5:
- return MD5_DIGEST_SIZE;
- #endif
-
- #ifndef NO_SHA
- case SHA:
- return SHA_DIGEST_SIZE;
- #endif
-
- #ifndef NO_SHA256
- case SHA256:
- return SHA256_DIGEST_SIZE;
- #endif
-
- #ifdef WOLFSSL_SHA384
- case SHA384:
- return SHA384_DIGEST_SIZE;
- #endif
-
- #ifdef WOLFSSL_SHA512
- case SHA512:
- return SHA512_DIGEST_SIZE;
- #endif
-
- #ifdef HAVE_BLAKE2
- case BLAKE2B_ID:
- return BLAKE2B_OUTBYTES;
- #endif
-
- default:
- return BAD_FUNC_ARG;
- }
-}
-
-
-/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
-int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
- const byte* salt, word32 saltSz,
- const byte* info, word32 infoSz,
- byte* out, word32 outSz)
-{
- Hmac myHmac;
-#ifdef WOLFSSL_SMALL_STACK
- byte* tmp;
- byte* prk;
-#else
- byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
- byte prk[MAX_DIGEST_SIZE];
-#endif
- const byte* localSalt; /* either points to user input or tmp */
- int hashSz = GetHashSizeByType(type);
- word32 outIdx = 0;
- byte n = 0x1;
- int ret;
-
- if (hashSz < 0)
- return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
- tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return MEMORY_E;
-
- prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (prk == NULL) {
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
-#endif
-
- localSalt = salt;
- if (localSalt == NULL) {
- XMEMSET(tmp, 0, hashSz);
- localSalt = tmp;
- saltSz = hashSz;
- }
-
- do {
- ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&myHmac, prk);
- } while (0);
-
- if (ret == 0) {
- while (outIdx < outSz) {
- int tmpSz = (n == 1) ? 0 : hashSz;
- word32 left = outSz - outIdx;
-
- ret = wc_HmacSetKey(&myHmac, type, prk, hashSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, info, infoSz);
- if (ret != 0)
- break;
- ret = wc_HmacUpdate(&myHmac, &n, 1);
- if (ret != 0)
- break;
- ret = wc_HmacFinal(&myHmac, tmp);
- if (ret != 0)
- break;
-
- left = min(left, (word32)hashSz);
- XMEMCPY(out+outIdx, tmp, left);
-
- outIdx += hashSz;
- n++;
- }
- }
-
-#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
- return ret;
-}
-
-#endif /* HAVE_HKDF */
-
-#endif /* HAVE_FIPS */
-#endif /* NO_HMAC */
-