wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/hmac.c@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* hmac.h |
wolfSSL | 13:f67a6c6013ca | 2 | * |
wolfSSL | 13:f67a6c6013ca | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 13:f67a6c6013ca | 4 | * |
wolfSSL | 13:f67a6c6013ca | 5 | * This file is part of wolfSSL. |
wolfSSL | 13:f67a6c6013ca | 6 | * |
wolfSSL | 13:f67a6c6013ca | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 13:f67a6c6013ca | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 13:f67a6c6013ca | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 13:f67a6c6013ca | 10 | * (at your option) any later version. |
wolfSSL | 13:f67a6c6013ca | 11 | * |
wolfSSL | 13:f67a6c6013ca | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 13:f67a6c6013ca | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 13:f67a6c6013ca | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 13:f67a6c6013ca | 15 | * GNU General Public License for more details. |
wolfSSL | 13:f67a6c6013ca | 16 | * |
wolfSSL | 13:f67a6c6013ca | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 13:f67a6c6013ca | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 13:f67a6c6013ca | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 13:f67a6c6013ca | 20 | */ |
wolfSSL | 13:f67a6c6013ca | 21 | |
wolfSSL | 13:f67a6c6013ca | 22 | |
wolfSSL | 13:f67a6c6013ca | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 13:f67a6c6013ca | 24 | #include <config.h> |
wolfSSL | 13:f67a6c6013ca | 25 | #endif |
wolfSSL | 13:f67a6c6013ca | 26 | |
wolfSSL | 13:f67a6c6013ca | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 13:f67a6c6013ca | 28 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 13:f67a6c6013ca | 29 | |
wolfSSL | 13:f67a6c6013ca | 30 | #ifndef NO_HMAC |
wolfSSL | 13:f67a6c6013ca | 31 | |
wolfSSL | 13:f67a6c6013ca | 32 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 13:f67a6c6013ca | 33 | |
wolfSSL | 13:f67a6c6013ca | 34 | #ifdef NO_INLINE |
wolfSSL | 13:f67a6c6013ca | 35 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 13:f67a6c6013ca | 36 | #else |
wolfSSL | 13:f67a6c6013ca | 37 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 13:f67a6c6013ca | 38 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 13:f67a6c6013ca | 39 | #endif |
wolfSSL | 13:f67a6c6013ca | 40 | |
wolfSSL | 13:f67a6c6013ca | 41 | |
wolfSSL | 13:f67a6c6013ca | 42 | /* fips wrapper calls, user can call direct */ |
wolfSSL | 13:f67a6c6013ca | 43 | #ifdef HAVE_FIPS |
wolfSSL | 13:f67a6c6013ca | 44 | /* does init */ |
wolfSSL | 13:f67a6c6013ca | 45 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz) |
wolfSSL | 13:f67a6c6013ca | 46 | { |
wolfSSL | 13:f67a6c6013ca | 47 | if (hmac == NULL || (key == NULL && keySz != 0) || |
wolfSSL | 13:f67a6c6013ca | 48 | !(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
wolfSSL | 13:f67a6c6013ca | 49 | || type == SHA512 || type == BLAKE2B_ID)) { |
wolfSSL | 13:f67a6c6013ca | 50 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 51 | } |
wolfSSL | 13:f67a6c6013ca | 52 | |
wolfSSL | 13:f67a6c6013ca | 53 | return HmacSetKey_fips(hmac, type, key, keySz); |
wolfSSL | 13:f67a6c6013ca | 54 | } |
wolfSSL | 13:f67a6c6013ca | 55 | int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 56 | { |
wolfSSL | 13:f67a6c6013ca | 57 | if (hmac == NULL || in == NULL) { |
wolfSSL | 13:f67a6c6013ca | 58 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 59 | } |
wolfSSL | 13:f67a6c6013ca | 60 | |
wolfSSL | 13:f67a6c6013ca | 61 | return HmacUpdate_fips(hmac, in, sz); |
wolfSSL | 13:f67a6c6013ca | 62 | } |
wolfSSL | 13:f67a6c6013ca | 63 | int wc_HmacFinal(Hmac* hmac, byte* out) |
wolfSSL | 13:f67a6c6013ca | 64 | { |
wolfSSL | 13:f67a6c6013ca | 65 | if (hmac == NULL) { |
wolfSSL | 13:f67a6c6013ca | 66 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 67 | } |
wolfSSL | 13:f67a6c6013ca | 68 | |
wolfSSL | 13:f67a6c6013ca | 69 | return HmacFinal_fips(hmac, out); |
wolfSSL | 13:f67a6c6013ca | 70 | } |
wolfSSL | 13:f67a6c6013ca | 71 | int wolfSSL_GetHmacMaxSize(void) |
wolfSSL | 13:f67a6c6013ca | 72 | { |
wolfSSL | 13:f67a6c6013ca | 73 | return CyaSSL_GetHmacMaxSize(); |
wolfSSL | 13:f67a6c6013ca | 74 | } |
wolfSSL | 13:f67a6c6013ca | 75 | |
wolfSSL | 13:f67a6c6013ca | 76 | int wc_HmacInit(Hmac* hmac, void* heap, int devId) |
wolfSSL | 13:f67a6c6013ca | 77 | { |
wolfSSL | 13:f67a6c6013ca | 78 | (void)hmac; |
wolfSSL | 13:f67a6c6013ca | 79 | (void)heap; |
wolfSSL | 13:f67a6c6013ca | 80 | (void)devId; |
wolfSSL | 13:f67a6c6013ca | 81 | /* FIPS doesn't support: |
wolfSSL | 13:f67a6c6013ca | 82 | return HmacInit(hmac, heap, devId); */ |
wolfSSL | 13:f67a6c6013ca | 83 | return 0; |
wolfSSL | 13:f67a6c6013ca | 84 | } |
wolfSSL | 13:f67a6c6013ca | 85 | void wc_HmacFree(Hmac* hmac) |
wolfSSL | 13:f67a6c6013ca | 86 | { |
wolfSSL | 13:f67a6c6013ca | 87 | (void)hmac; |
wolfSSL | 13:f67a6c6013ca | 88 | /* FIPS doesn't support: |
wolfSSL | 13:f67a6c6013ca | 89 | HmacFree(hmac); */ |
wolfSSL | 13:f67a6c6013ca | 90 | } |
wolfSSL | 13:f67a6c6013ca | 91 | |
wolfSSL | 13:f67a6c6013ca | 92 | #ifdef HAVE_HKDF |
wolfSSL | 13:f67a6c6013ca | 93 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz, |
wolfSSL | 13:f67a6c6013ca | 94 | const byte* salt, word32 saltSz, |
wolfSSL | 13:f67a6c6013ca | 95 | const byte* info, word32 infoSz, |
wolfSSL | 13:f67a6c6013ca | 96 | byte* out, word32 outSz) |
wolfSSL | 13:f67a6c6013ca | 97 | { |
wolfSSL | 13:f67a6c6013ca | 98 | return HKDF(type, inKey, inKeySz, salt, saltSz, |
wolfSSL | 13:f67a6c6013ca | 99 | info, infoSz, out, outSz); |
wolfSSL | 13:f67a6c6013ca | 100 | } |
wolfSSL | 13:f67a6c6013ca | 101 | #endif /* HAVE_HKDF */ |
wolfSSL | 13:f67a6c6013ca | 102 | |
wolfSSL | 13:f67a6c6013ca | 103 | #else /* else build without fips */ |
wolfSSL | 13:f67a6c6013ca | 104 | |
wolfSSL | 13:f67a6c6013ca | 105 | |
wolfSSL | 13:f67a6c6013ca | 106 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 13:f67a6c6013ca | 107 | |
wolfSSL | 13:f67a6c6013ca | 108 | |
wolfSSL | 13:f67a6c6013ca | 109 | int wc_HmacSizeByType(int type) |
wolfSSL | 13:f67a6c6013ca | 110 | { |
wolfSSL | 13:f67a6c6013ca | 111 | int ret; |
wolfSSL | 13:f67a6c6013ca | 112 | |
wolfSSL | 13:f67a6c6013ca | 113 | if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
wolfSSL | 13:f67a6c6013ca | 114 | || type == SHA512 || type == BLAKE2B_ID |
wolfSSL | 13:f67a6c6013ca | 115 | || type == SHA224)) { |
wolfSSL | 13:f67a6c6013ca | 116 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 117 | } |
wolfSSL | 13:f67a6c6013ca | 118 | |
wolfSSL | 13:f67a6c6013ca | 119 | switch (type) { |
wolfSSL | 13:f67a6c6013ca | 120 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 121 | case MD5: |
wolfSSL | 13:f67a6c6013ca | 122 | ret = MD5_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 123 | break; |
wolfSSL | 13:f67a6c6013ca | 124 | #endif /* !NO_MD5 */ |
wolfSSL | 13:f67a6c6013ca | 125 | |
wolfSSL | 13:f67a6c6013ca | 126 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 127 | case SHA: |
wolfSSL | 13:f67a6c6013ca | 128 | ret = SHA_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 129 | break; |
wolfSSL | 13:f67a6c6013ca | 130 | #endif /* !NO_SHA */ |
wolfSSL | 13:f67a6c6013ca | 131 | |
wolfSSL | 13:f67a6c6013ca | 132 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 13:f67a6c6013ca | 133 | case SHA224: |
wolfSSL | 13:f67a6c6013ca | 134 | ret = SHA224_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 135 | break; |
wolfSSL | 13:f67a6c6013ca | 136 | #endif /* WOLFSSL_SHA224 */ |
wolfSSL | 13:f67a6c6013ca | 137 | |
wolfSSL | 13:f67a6c6013ca | 138 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 139 | case SHA256: |
wolfSSL | 13:f67a6c6013ca | 140 | ret = SHA256_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 141 | break; |
wolfSSL | 13:f67a6c6013ca | 142 | #endif /* !NO_SHA256 */ |
wolfSSL | 13:f67a6c6013ca | 143 | |
wolfSSL | 13:f67a6c6013ca | 144 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 145 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 146 | case SHA384: |
wolfSSL | 13:f67a6c6013ca | 147 | ret = SHA384_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 148 | break; |
wolfSSL | 13:f67a6c6013ca | 149 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 13:f67a6c6013ca | 150 | case SHA512: |
wolfSSL | 13:f67a6c6013ca | 151 | ret = SHA512_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 152 | break; |
wolfSSL | 13:f67a6c6013ca | 153 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 13:f67a6c6013ca | 154 | |
wolfSSL | 13:f67a6c6013ca | 155 | #ifdef HAVE_BLAKE2 |
wolfSSL | 13:f67a6c6013ca | 156 | case BLAKE2B_ID: |
wolfSSL | 13:f67a6c6013ca | 157 | ret = BLAKE2B_OUTBYTES; |
wolfSSL | 13:f67a6c6013ca | 158 | break; |
wolfSSL | 13:f67a6c6013ca | 159 | #endif /* HAVE_BLAKE2 */ |
wolfSSL | 13:f67a6c6013ca | 160 | |
wolfSSL | 13:f67a6c6013ca | 161 | default: |
wolfSSL | 13:f67a6c6013ca | 162 | ret = BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 163 | break; |
wolfSSL | 13:f67a6c6013ca | 164 | } |
wolfSSL | 13:f67a6c6013ca | 165 | |
wolfSSL | 13:f67a6c6013ca | 166 | return ret; |
wolfSSL | 13:f67a6c6013ca | 167 | } |
wolfSSL | 13:f67a6c6013ca | 168 | |
wolfSSL | 13:f67a6c6013ca | 169 | static int _InitHmac(Hmac* hmac, int type, void* heap) |
wolfSSL | 13:f67a6c6013ca | 170 | { |
wolfSSL | 13:f67a6c6013ca | 171 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 172 | |
wolfSSL | 13:f67a6c6013ca | 173 | switch (type) { |
wolfSSL | 13:f67a6c6013ca | 174 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 175 | case MD5: |
wolfSSL | 13:f67a6c6013ca | 176 | ret = wc_InitMd5(&hmac->hash.md5); |
wolfSSL | 13:f67a6c6013ca | 177 | break; |
wolfSSL | 13:f67a6c6013ca | 178 | #endif /* !NO_MD5 */ |
wolfSSL | 13:f67a6c6013ca | 179 | |
wolfSSL | 13:f67a6c6013ca | 180 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 181 | case SHA: |
wolfSSL | 13:f67a6c6013ca | 182 | ret = wc_InitSha(&hmac->hash.sha); |
wolfSSL | 13:f67a6c6013ca | 183 | break; |
wolfSSL | 13:f67a6c6013ca | 184 | #endif /* !NO_SHA */ |
wolfSSL | 13:f67a6c6013ca | 185 | |
wolfSSL | 13:f67a6c6013ca | 186 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 13:f67a6c6013ca | 187 | case SHA224: |
wolfSSL | 13:f67a6c6013ca | 188 | ret = wc_InitSha224(&hmac->hash.sha224); |
wolfSSL | 13:f67a6c6013ca | 189 | break; |
wolfSSL | 13:f67a6c6013ca | 190 | #endif /* WOLFSSL_SHA224 */ |
wolfSSL | 13:f67a6c6013ca | 191 | |
wolfSSL | 13:f67a6c6013ca | 192 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 193 | case SHA256: |
wolfSSL | 13:f67a6c6013ca | 194 | ret = wc_InitSha256(&hmac->hash.sha256); |
wolfSSL | 13:f67a6c6013ca | 195 | break; |
wolfSSL | 13:f67a6c6013ca | 196 | #endif /* !NO_SHA256 */ |
wolfSSL | 13:f67a6c6013ca | 197 | |
wolfSSL | 13:f67a6c6013ca | 198 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 199 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 200 | case SHA384: |
wolfSSL | 13:f67a6c6013ca | 201 | ret = wc_InitSha384(&hmac->hash.sha384); |
wolfSSL | 13:f67a6c6013ca | 202 | break; |
wolfSSL | 13:f67a6c6013ca | 203 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 13:f67a6c6013ca | 204 | case SHA512: |
wolfSSL | 13:f67a6c6013ca | 205 | ret = wc_InitSha512(&hmac->hash.sha512); |
wolfSSL | 13:f67a6c6013ca | 206 | break; |
wolfSSL | 13:f67a6c6013ca | 207 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 13:f67a6c6013ca | 208 | |
wolfSSL | 13:f67a6c6013ca | 209 | #ifdef HAVE_BLAKE2 |
wolfSSL | 13:f67a6c6013ca | 210 | case BLAKE2B_ID: |
wolfSSL | 13:f67a6c6013ca | 211 | ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); |
wolfSSL | 13:f67a6c6013ca | 212 | break; |
wolfSSL | 13:f67a6c6013ca | 213 | #endif /* HAVE_BLAKE2 */ |
wolfSSL | 13:f67a6c6013ca | 214 | |
wolfSSL | 13:f67a6c6013ca | 215 | default: |
wolfSSL | 13:f67a6c6013ca | 216 | ret = BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 217 | break; |
wolfSSL | 13:f67a6c6013ca | 218 | } |
wolfSSL | 13:f67a6c6013ca | 219 | |
wolfSSL | 13:f67a6c6013ca | 220 | /* default to NULL heap hint or test value */ |
wolfSSL | 13:f67a6c6013ca | 221 | #ifdef WOLFSSL_HEAP_TEST |
wolfSSL | 13:f67a6c6013ca | 222 | hmac->heap = (void)WOLFSSL_HEAP_TEST; |
wolfSSL | 13:f67a6c6013ca | 223 | #else |
wolfSSL | 13:f67a6c6013ca | 224 | hmac->heap = heap; |
wolfSSL | 13:f67a6c6013ca | 225 | #endif /* WOLFSSL_HEAP_TEST */ |
wolfSSL | 13:f67a6c6013ca | 226 | |
wolfSSL | 13:f67a6c6013ca | 227 | return ret; |
wolfSSL | 13:f67a6c6013ca | 228 | } |
wolfSSL | 13:f67a6c6013ca | 229 | |
wolfSSL | 13:f67a6c6013ca | 230 | |
wolfSSL | 13:f67a6c6013ca | 231 | int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) |
wolfSSL | 13:f67a6c6013ca | 232 | { |
wolfSSL | 13:f67a6c6013ca | 233 | byte* ip; |
wolfSSL | 13:f67a6c6013ca | 234 | byte* op; |
wolfSSL | 13:f67a6c6013ca | 235 | word32 i, hmac_block_size = 0; |
wolfSSL | 13:f67a6c6013ca | 236 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 237 | void* heap = NULL; |
wolfSSL | 13:f67a6c6013ca | 238 | |
wolfSSL | 13:f67a6c6013ca | 239 | if (hmac == NULL || (key == NULL && length != 0) || |
wolfSSL | 13:f67a6c6013ca | 240 | !(type == MD5 || type == SHA || type == SHA256 || type == SHA384 |
wolfSSL | 13:f67a6c6013ca | 241 | || type == SHA512 || type == BLAKE2B_ID |
wolfSSL | 13:f67a6c6013ca | 242 | || type == SHA224)) { |
wolfSSL | 13:f67a6c6013ca | 243 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 244 | } |
wolfSSL | 13:f67a6c6013ca | 245 | |
wolfSSL | 13:f67a6c6013ca | 246 | hmac->innerHashKeyed = 0; |
wolfSSL | 13:f67a6c6013ca | 247 | hmac->macType = (byte)type; |
wolfSSL | 13:f67a6c6013ca | 248 | |
wolfSSL | 13:f67a6c6013ca | 249 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) |
wolfSSL | 13:f67a6c6013ca | 250 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
wolfSSL | 13:f67a6c6013ca | 251 | #if defined(HAVE_CAVIUM) |
wolfSSL | 13:f67a6c6013ca | 252 | if (length > HMAC_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 253 | return WC_KEY_SIZE_E; |
wolfSSL | 13:f67a6c6013ca | 254 | } |
wolfSSL | 13:f67a6c6013ca | 255 | |
wolfSSL | 13:f67a6c6013ca | 256 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 257 | XMEMCPY(hmac->ipad, key, length); |
wolfSSL | 13:f67a6c6013ca | 258 | } |
wolfSSL | 13:f67a6c6013ca | 259 | hmac->keyLen = (word16)length; |
wolfSSL | 13:f67a6c6013ca | 260 | |
wolfSSL | 13:f67a6c6013ca | 261 | return 0; /* nothing to do here */ |
wolfSSL | 13:f67a6c6013ca | 262 | #endif /* HAVE_CAVIUM */ |
wolfSSL | 13:f67a6c6013ca | 263 | } |
wolfSSL | 13:f67a6c6013ca | 264 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 13:f67a6c6013ca | 265 | |
wolfSSL | 13:f67a6c6013ca | 266 | ret = _InitHmac(hmac, type, heap); |
wolfSSL | 13:f67a6c6013ca | 267 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 268 | return ret; |
wolfSSL | 13:f67a6c6013ca | 269 | |
wolfSSL | 13:f67a6c6013ca | 270 | #ifdef HAVE_FIPS |
wolfSSL | 13:f67a6c6013ca | 271 | if (length < HMAC_FIPS_MIN_KEY) |
wolfSSL | 13:f67a6c6013ca | 272 | return HMAC_MIN_KEYLEN_E; |
wolfSSL | 13:f67a6c6013ca | 273 | #endif |
wolfSSL | 13:f67a6c6013ca | 274 | |
wolfSSL | 13:f67a6c6013ca | 275 | ip = (byte*)hmac->ipad; |
wolfSSL | 13:f67a6c6013ca | 276 | op = (byte*)hmac->opad; |
wolfSSL | 13:f67a6c6013ca | 277 | |
wolfSSL | 13:f67a6c6013ca | 278 | switch (hmac->macType) { |
wolfSSL | 13:f67a6c6013ca | 279 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 280 | case MD5: |
wolfSSL | 13:f67a6c6013ca | 281 | hmac_block_size = MD5_BLOCK_SIZE; |
wolfSSL | 13:f67a6c6013ca | 282 | if (length <= MD5_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 283 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 284 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 285 | } |
wolfSSL | 13:f67a6c6013ca | 286 | } |
wolfSSL | 13:f67a6c6013ca | 287 | else { |
wolfSSL | 13:f67a6c6013ca | 288 | ret = wc_Md5Update(&hmac->hash.md5, key, length); |
wolfSSL | 13:f67a6c6013ca | 289 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 290 | break; |
wolfSSL | 13:f67a6c6013ca | 291 | ret = wc_Md5Final(&hmac->hash.md5, ip); |
wolfSSL | 13:f67a6c6013ca | 292 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 293 | break; |
wolfSSL | 13:f67a6c6013ca | 294 | length = MD5_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 295 | } |
wolfSSL | 13:f67a6c6013ca | 296 | break; |
wolfSSL | 13:f67a6c6013ca | 297 | #endif /* !NO_MD5 */ |
wolfSSL | 13:f67a6c6013ca | 298 | |
wolfSSL | 13:f67a6c6013ca | 299 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 300 | case SHA: |
wolfSSL | 13:f67a6c6013ca | 301 | hmac_block_size = SHA_BLOCK_SIZE; |
wolfSSL | 13:f67a6c6013ca | 302 | if (length <= SHA_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 303 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 304 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 305 | } |
wolfSSL | 13:f67a6c6013ca | 306 | } |
wolfSSL | 13:f67a6c6013ca | 307 | else { |
wolfSSL | 13:f67a6c6013ca | 308 | ret = wc_ShaUpdate(&hmac->hash.sha, key, length); |
wolfSSL | 13:f67a6c6013ca | 309 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 310 | break; |
wolfSSL | 13:f67a6c6013ca | 311 | ret = wc_ShaFinal(&hmac->hash.sha, ip); |
wolfSSL | 13:f67a6c6013ca | 312 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 313 | break; |
wolfSSL | 13:f67a6c6013ca | 314 | |
wolfSSL | 13:f67a6c6013ca | 315 | length = SHA_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 316 | } |
wolfSSL | 13:f67a6c6013ca | 317 | break; |
wolfSSL | 13:f67a6c6013ca | 318 | #endif /* !NO_SHA */ |
wolfSSL | 13:f67a6c6013ca | 319 | |
wolfSSL | 13:f67a6c6013ca | 320 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 13:f67a6c6013ca | 321 | case SHA224: |
wolfSSL | 13:f67a6c6013ca | 322 | { |
wolfSSL | 13:f67a6c6013ca | 323 | hmac_block_size = SHA224_BLOCK_SIZE; |
wolfSSL | 13:f67a6c6013ca | 324 | if (length <= SHA224_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 325 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 326 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 327 | } |
wolfSSL | 13:f67a6c6013ca | 328 | } |
wolfSSL | 13:f67a6c6013ca | 329 | else { |
wolfSSL | 13:f67a6c6013ca | 330 | ret = wc_Sha224Update(&hmac->hash.sha224, key, length); |
wolfSSL | 13:f67a6c6013ca | 331 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 332 | break; |
wolfSSL | 13:f67a6c6013ca | 333 | ret = wc_Sha224Final(&hmac->hash.sha224, ip); |
wolfSSL | 13:f67a6c6013ca | 334 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 335 | break; |
wolfSSL | 13:f67a6c6013ca | 336 | |
wolfSSL | 13:f67a6c6013ca | 337 | length = SHA224_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 338 | } |
wolfSSL | 13:f67a6c6013ca | 339 | } |
wolfSSL | 13:f67a6c6013ca | 340 | break; |
wolfSSL | 13:f67a6c6013ca | 341 | #endif /* WOLFSSL_SHA224 */ |
wolfSSL | 13:f67a6c6013ca | 342 | |
wolfSSL | 13:f67a6c6013ca | 343 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 344 | case SHA256: |
wolfSSL | 13:f67a6c6013ca | 345 | hmac_block_size = SHA256_BLOCK_SIZE; |
wolfSSL | 13:f67a6c6013ca | 346 | if (length <= SHA256_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 347 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 348 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 349 | } |
wolfSSL | 13:f67a6c6013ca | 350 | } |
wolfSSL | 13:f67a6c6013ca | 351 | else { |
wolfSSL | 13:f67a6c6013ca | 352 | ret = wc_Sha256Update(&hmac->hash.sha256, key, length); |
wolfSSL | 13:f67a6c6013ca | 353 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 354 | break; |
wolfSSL | 13:f67a6c6013ca | 355 | ret = wc_Sha256Final(&hmac->hash.sha256, ip); |
wolfSSL | 13:f67a6c6013ca | 356 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 357 | break; |
wolfSSL | 13:f67a6c6013ca | 358 | |
wolfSSL | 13:f67a6c6013ca | 359 | length = SHA256_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 360 | } |
wolfSSL | 13:f67a6c6013ca | 361 | break; |
wolfSSL | 13:f67a6c6013ca | 362 | #endif /* !NO_SHA256 */ |
wolfSSL | 13:f67a6c6013ca | 363 | |
wolfSSL | 13:f67a6c6013ca | 364 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 365 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 366 | case SHA384: |
wolfSSL | 13:f67a6c6013ca | 367 | hmac_block_size = SHA384_BLOCK_SIZE; |
wolfSSL | 13:f67a6c6013ca | 368 | if (length <= SHA384_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 369 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 370 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 371 | } |
wolfSSL | 13:f67a6c6013ca | 372 | } |
wolfSSL | 13:f67a6c6013ca | 373 | else { |
wolfSSL | 13:f67a6c6013ca | 374 | ret = wc_Sha384Update(&hmac->hash.sha384, key, length); |
wolfSSL | 13:f67a6c6013ca | 375 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 376 | break; |
wolfSSL | 13:f67a6c6013ca | 377 | ret = wc_Sha384Final(&hmac->hash.sha384, ip); |
wolfSSL | 13:f67a6c6013ca | 378 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 379 | break; |
wolfSSL | 13:f67a6c6013ca | 380 | |
wolfSSL | 13:f67a6c6013ca | 381 | length = SHA384_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 382 | } |
wolfSSL | 13:f67a6c6013ca | 383 | break; |
wolfSSL | 13:f67a6c6013ca | 384 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 13:f67a6c6013ca | 385 | case SHA512: |
wolfSSL | 13:f67a6c6013ca | 386 | hmac_block_size = SHA512_BLOCK_SIZE; |
wolfSSL | 13:f67a6c6013ca | 387 | if (length <= SHA512_BLOCK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 388 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 389 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 390 | } |
wolfSSL | 13:f67a6c6013ca | 391 | } |
wolfSSL | 13:f67a6c6013ca | 392 | else { |
wolfSSL | 13:f67a6c6013ca | 393 | ret = wc_Sha512Update(&hmac->hash.sha512, key, length); |
wolfSSL | 13:f67a6c6013ca | 394 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 395 | break; |
wolfSSL | 13:f67a6c6013ca | 396 | ret = wc_Sha512Final(&hmac->hash.sha512, ip); |
wolfSSL | 13:f67a6c6013ca | 397 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 398 | break; |
wolfSSL | 13:f67a6c6013ca | 399 | |
wolfSSL | 13:f67a6c6013ca | 400 | length = SHA512_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 401 | } |
wolfSSL | 13:f67a6c6013ca | 402 | break; |
wolfSSL | 13:f67a6c6013ca | 403 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 13:f67a6c6013ca | 404 | |
wolfSSL | 13:f67a6c6013ca | 405 | #ifdef HAVE_BLAKE2 |
wolfSSL | 13:f67a6c6013ca | 406 | case BLAKE2B_ID: |
wolfSSL | 13:f67a6c6013ca | 407 | hmac_block_size = BLAKE2B_BLOCKBYTES; |
wolfSSL | 13:f67a6c6013ca | 408 | if (length <= BLAKE2B_BLOCKBYTES) { |
wolfSSL | 13:f67a6c6013ca | 409 | if (key != NULL) { |
wolfSSL | 13:f67a6c6013ca | 410 | XMEMCPY(ip, key, length); |
wolfSSL | 13:f67a6c6013ca | 411 | } |
wolfSSL | 13:f67a6c6013ca | 412 | } |
wolfSSL | 13:f67a6c6013ca | 413 | else { |
wolfSSL | 13:f67a6c6013ca | 414 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, key, length); |
wolfSSL | 13:f67a6c6013ca | 415 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 416 | break; |
wolfSSL | 13:f67a6c6013ca | 417 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256); |
wolfSSL | 13:f67a6c6013ca | 418 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 419 | break; |
wolfSSL | 13:f67a6c6013ca | 420 | |
wolfSSL | 13:f67a6c6013ca | 421 | length = BLAKE2B_256; |
wolfSSL | 13:f67a6c6013ca | 422 | } |
wolfSSL | 13:f67a6c6013ca | 423 | break; |
wolfSSL | 13:f67a6c6013ca | 424 | #endif /* HAVE_BLAKE2 */ |
wolfSSL | 13:f67a6c6013ca | 425 | |
wolfSSL | 13:f67a6c6013ca | 426 | default: |
wolfSSL | 13:f67a6c6013ca | 427 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 428 | } |
wolfSSL | 13:f67a6c6013ca | 429 | |
wolfSSL | 13:f67a6c6013ca | 430 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) |
wolfSSL | 13:f67a6c6013ca | 431 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
wolfSSL | 13:f67a6c6013ca | 432 | #if defined(HAVE_INTEL_QA) |
wolfSSL | 13:f67a6c6013ca | 433 | if (length > hmac_block_size) |
wolfSSL | 13:f67a6c6013ca | 434 | length = hmac_block_size; |
wolfSSL | 13:f67a6c6013ca | 435 | /* update key length */ |
wolfSSL | 13:f67a6c6013ca | 436 | hmac->keyLen = (word16)length; |
wolfSSL | 13:f67a6c6013ca | 437 | |
wolfSSL | 13:f67a6c6013ca | 438 | return ret; |
wolfSSL | 13:f67a6c6013ca | 439 | /* no need to pad below */ |
wolfSSL | 13:f67a6c6013ca | 440 | #endif |
wolfSSL | 13:f67a6c6013ca | 441 | } |
wolfSSL | 13:f67a6c6013ca | 442 | #endif |
wolfSSL | 13:f67a6c6013ca | 443 | |
wolfSSL | 13:f67a6c6013ca | 444 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 445 | if (length < hmac_block_size) |
wolfSSL | 13:f67a6c6013ca | 446 | XMEMSET(ip + length, 0, hmac_block_size - length); |
wolfSSL | 13:f67a6c6013ca | 447 | |
wolfSSL | 13:f67a6c6013ca | 448 | for(i = 0; i < hmac_block_size; i++) { |
wolfSSL | 13:f67a6c6013ca | 449 | op[i] = ip[i] ^ OPAD; |
wolfSSL | 13:f67a6c6013ca | 450 | ip[i] ^= IPAD; |
wolfSSL | 13:f67a6c6013ca | 451 | } |
wolfSSL | 13:f67a6c6013ca | 452 | } |
wolfSSL | 13:f67a6c6013ca | 453 | |
wolfSSL | 13:f67a6c6013ca | 454 | return ret; |
wolfSSL | 13:f67a6c6013ca | 455 | } |
wolfSSL | 13:f67a6c6013ca | 456 | |
wolfSSL | 13:f67a6c6013ca | 457 | |
wolfSSL | 13:f67a6c6013ca | 458 | static int HmacKeyInnerHash(Hmac* hmac) |
wolfSSL | 13:f67a6c6013ca | 459 | { |
wolfSSL | 13:f67a6c6013ca | 460 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 461 | |
wolfSSL | 13:f67a6c6013ca | 462 | switch (hmac->macType) { |
wolfSSL | 13:f67a6c6013ca | 463 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 464 | case MD5: |
wolfSSL | 13:f67a6c6013ca | 465 | ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 466 | MD5_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 467 | break; |
wolfSSL | 13:f67a6c6013ca | 468 | #endif /* !NO_MD5 */ |
wolfSSL | 13:f67a6c6013ca | 469 | |
wolfSSL | 13:f67a6c6013ca | 470 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 471 | case SHA: |
wolfSSL | 13:f67a6c6013ca | 472 | ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 473 | SHA_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 474 | break; |
wolfSSL | 13:f67a6c6013ca | 475 | #endif /* !NO_SHA */ |
wolfSSL | 13:f67a6c6013ca | 476 | |
wolfSSL | 13:f67a6c6013ca | 477 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 13:f67a6c6013ca | 478 | case SHA224: |
wolfSSL | 13:f67a6c6013ca | 479 | ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 480 | SHA224_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 481 | break; |
wolfSSL | 13:f67a6c6013ca | 482 | #endif /* WOLFSSL_SHA224 */ |
wolfSSL | 13:f67a6c6013ca | 483 | |
wolfSSL | 13:f67a6c6013ca | 484 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 485 | case SHA256: |
wolfSSL | 13:f67a6c6013ca | 486 | ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 487 | SHA256_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 488 | break; |
wolfSSL | 13:f67a6c6013ca | 489 | #endif /* !NO_SHA256 */ |
wolfSSL | 13:f67a6c6013ca | 490 | |
wolfSSL | 13:f67a6c6013ca | 491 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 492 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 493 | case SHA384: |
wolfSSL | 13:f67a6c6013ca | 494 | ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 495 | SHA384_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 496 | break; |
wolfSSL | 13:f67a6c6013ca | 497 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 13:f67a6c6013ca | 498 | case SHA512: |
wolfSSL | 13:f67a6c6013ca | 499 | ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 500 | SHA512_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 501 | break; |
wolfSSL | 13:f67a6c6013ca | 502 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 13:f67a6c6013ca | 503 | |
wolfSSL | 13:f67a6c6013ca | 504 | #ifdef HAVE_BLAKE2 |
wolfSSL | 13:f67a6c6013ca | 505 | case BLAKE2B_ID: |
wolfSSL | 13:f67a6c6013ca | 506 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->ipad, |
wolfSSL | 13:f67a6c6013ca | 507 | BLAKE2B_BLOCKBYTES); |
wolfSSL | 13:f67a6c6013ca | 508 | break; |
wolfSSL | 13:f67a6c6013ca | 509 | #endif /* HAVE_BLAKE2 */ |
wolfSSL | 13:f67a6c6013ca | 510 | |
wolfSSL | 13:f67a6c6013ca | 511 | default: |
wolfSSL | 13:f67a6c6013ca | 512 | break; |
wolfSSL | 13:f67a6c6013ca | 513 | } |
wolfSSL | 13:f67a6c6013ca | 514 | |
wolfSSL | 13:f67a6c6013ca | 515 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 516 | hmac->innerHashKeyed = 1; |
wolfSSL | 13:f67a6c6013ca | 517 | |
wolfSSL | 13:f67a6c6013ca | 518 | return ret; |
wolfSSL | 13:f67a6c6013ca | 519 | } |
wolfSSL | 13:f67a6c6013ca | 520 | |
wolfSSL | 13:f67a6c6013ca | 521 | |
wolfSSL | 13:f67a6c6013ca | 522 | int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) |
wolfSSL | 13:f67a6c6013ca | 523 | { |
wolfSSL | 13:f67a6c6013ca | 524 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 525 | |
wolfSSL | 13:f67a6c6013ca | 526 | if (hmac == NULL) { |
wolfSSL | 13:f67a6c6013ca | 527 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 528 | } |
wolfSSL | 13:f67a6c6013ca | 529 | |
wolfSSL | 13:f67a6c6013ca | 530 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) |
wolfSSL | 13:f67a6c6013ca | 531 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
wolfSSL | 13:f67a6c6013ca | 532 | #if defined(HAVE_CAVIUM) |
wolfSSL | 13:f67a6c6013ca | 533 | return NitroxHmacUpdate(hmac, msg, length); |
wolfSSL | 13:f67a6c6013ca | 534 | #elif defined(HAVE_INTEL_QA) |
wolfSSL | 13:f67a6c6013ca | 535 | return IntelQaHmac(&hmac->asyncDev, hmac->macType, |
wolfSSL | 13:f67a6c6013ca | 536 | (byte*)hmac->ipad, hmac->keyLen, NULL, msg, length); |
wolfSSL | 13:f67a6c6013ca | 537 | #endif |
wolfSSL | 13:f67a6c6013ca | 538 | } |
wolfSSL | 13:f67a6c6013ca | 539 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 13:f67a6c6013ca | 540 | |
wolfSSL | 13:f67a6c6013ca | 541 | if (!hmac->innerHashKeyed) { |
wolfSSL | 13:f67a6c6013ca | 542 | ret = HmacKeyInnerHash(hmac); |
wolfSSL | 13:f67a6c6013ca | 543 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 544 | return ret; |
wolfSSL | 13:f67a6c6013ca | 545 | } |
wolfSSL | 13:f67a6c6013ca | 546 | |
wolfSSL | 13:f67a6c6013ca | 547 | switch (hmac->macType) { |
wolfSSL | 13:f67a6c6013ca | 548 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 549 | case MD5: |
wolfSSL | 13:f67a6c6013ca | 550 | ret = wc_Md5Update(&hmac->hash.md5, msg, length); |
wolfSSL | 13:f67a6c6013ca | 551 | break; |
wolfSSL | 13:f67a6c6013ca | 552 | #endif /* !NO_MD5 */ |
wolfSSL | 13:f67a6c6013ca | 553 | |
wolfSSL | 13:f67a6c6013ca | 554 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 555 | case SHA: |
wolfSSL | 13:f67a6c6013ca | 556 | ret = wc_ShaUpdate(&hmac->hash.sha, msg, length); |
wolfSSL | 13:f67a6c6013ca | 557 | break; |
wolfSSL | 13:f67a6c6013ca | 558 | #endif /* !NO_SHA */ |
wolfSSL | 13:f67a6c6013ca | 559 | |
wolfSSL | 13:f67a6c6013ca | 560 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 13:f67a6c6013ca | 561 | case SHA224: |
wolfSSL | 13:f67a6c6013ca | 562 | ret = wc_Sha224Update(&hmac->hash.sha224, msg, length); |
wolfSSL | 13:f67a6c6013ca | 563 | break; |
wolfSSL | 13:f67a6c6013ca | 564 | #endif /* WOLFSSL_SHA224 */ |
wolfSSL | 13:f67a6c6013ca | 565 | |
wolfSSL | 13:f67a6c6013ca | 566 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 567 | case SHA256: |
wolfSSL | 13:f67a6c6013ca | 568 | ret = wc_Sha256Update(&hmac->hash.sha256, msg, length); |
wolfSSL | 13:f67a6c6013ca | 569 | break; |
wolfSSL | 13:f67a6c6013ca | 570 | #endif /* !NO_SHA256 */ |
wolfSSL | 13:f67a6c6013ca | 571 | |
wolfSSL | 13:f67a6c6013ca | 572 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 573 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 574 | case SHA384: |
wolfSSL | 13:f67a6c6013ca | 575 | ret = wc_Sha384Update(&hmac->hash.sha384, msg, length); |
wolfSSL | 13:f67a6c6013ca | 576 | break; |
wolfSSL | 13:f67a6c6013ca | 577 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 13:f67a6c6013ca | 578 | case SHA512: |
wolfSSL | 13:f67a6c6013ca | 579 | ret = wc_Sha512Update(&hmac->hash.sha512, msg, length); |
wolfSSL | 13:f67a6c6013ca | 580 | break; |
wolfSSL | 13:f67a6c6013ca | 581 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 13:f67a6c6013ca | 582 | |
wolfSSL | 13:f67a6c6013ca | 583 | #ifdef HAVE_BLAKE2 |
wolfSSL | 13:f67a6c6013ca | 584 | case BLAKE2B_ID: |
wolfSSL | 13:f67a6c6013ca | 585 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length); |
wolfSSL | 13:f67a6c6013ca | 586 | break; |
wolfSSL | 13:f67a6c6013ca | 587 | #endif /* HAVE_BLAKE2 */ |
wolfSSL | 13:f67a6c6013ca | 588 | |
wolfSSL | 13:f67a6c6013ca | 589 | default: |
wolfSSL | 13:f67a6c6013ca | 590 | break; |
wolfSSL | 13:f67a6c6013ca | 591 | } |
wolfSSL | 13:f67a6c6013ca | 592 | |
wolfSSL | 13:f67a6c6013ca | 593 | return ret; |
wolfSSL | 13:f67a6c6013ca | 594 | } |
wolfSSL | 13:f67a6c6013ca | 595 | |
wolfSSL | 13:f67a6c6013ca | 596 | |
wolfSSL | 13:f67a6c6013ca | 597 | int wc_HmacFinal(Hmac* hmac, byte* hash) |
wolfSSL | 13:f67a6c6013ca | 598 | { |
wolfSSL | 13:f67a6c6013ca | 599 | int ret; |
wolfSSL | 13:f67a6c6013ca | 600 | |
wolfSSL | 13:f67a6c6013ca | 601 | if (hmac == NULL || hash == NULL) { |
wolfSSL | 13:f67a6c6013ca | 602 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 603 | } |
wolfSSL | 13:f67a6c6013ca | 604 | |
wolfSSL | 13:f67a6c6013ca | 605 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) |
wolfSSL | 13:f67a6c6013ca | 606 | if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { |
wolfSSL | 13:f67a6c6013ca | 607 | int hashLen = wc_HmacSizeByType(hmac->macType); |
wolfSSL | 13:f67a6c6013ca | 608 | if (hashLen <= 0) |
wolfSSL | 13:f67a6c6013ca | 609 | return hashLen; |
wolfSSL | 13:f67a6c6013ca | 610 | |
wolfSSL | 13:f67a6c6013ca | 611 | #if defined(HAVE_CAVIUM) |
wolfSSL | 13:f67a6c6013ca | 612 | return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen); |
wolfSSL | 13:f67a6c6013ca | 613 | #elif defined(HAVE_INTEL_QA) |
wolfSSL | 13:f67a6c6013ca | 614 | return IntelQaHmac(&hmac->asyncDev, hmac->macType, |
wolfSSL | 13:f67a6c6013ca | 615 | (byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen); |
wolfSSL | 13:f67a6c6013ca | 616 | #endif |
wolfSSL | 13:f67a6c6013ca | 617 | } |
wolfSSL | 13:f67a6c6013ca | 618 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 13:f67a6c6013ca | 619 | |
wolfSSL | 13:f67a6c6013ca | 620 | if (!hmac->innerHashKeyed) { |
wolfSSL | 13:f67a6c6013ca | 621 | ret = HmacKeyInnerHash(hmac); |
wolfSSL | 13:f67a6c6013ca | 622 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 623 | return ret; |
wolfSSL | 13:f67a6c6013ca | 624 | } |
wolfSSL | 13:f67a6c6013ca | 625 | |
wolfSSL | 13:f67a6c6013ca | 626 | switch (hmac->macType) { |
wolfSSL | 13:f67a6c6013ca | 627 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 628 | case MD5: |
wolfSSL | 13:f67a6c6013ca | 629 | ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash); |
wolfSSL | 13:f67a6c6013ca | 630 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 631 | break; |
wolfSSL | 13:f67a6c6013ca | 632 | ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 633 | MD5_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 634 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 635 | break; |
wolfSSL | 13:f67a6c6013ca | 636 | ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 637 | MD5_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 638 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 639 | break; |
wolfSSL | 13:f67a6c6013ca | 640 | ret = wc_Md5Final(&hmac->hash.md5, hash); |
wolfSSL | 13:f67a6c6013ca | 641 | break; |
wolfSSL | 13:f67a6c6013ca | 642 | #endif /* !NO_MD5 */ |
wolfSSL | 13:f67a6c6013ca | 643 | |
wolfSSL | 13:f67a6c6013ca | 644 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 645 | case SHA: |
wolfSSL | 13:f67a6c6013ca | 646 | ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash); |
wolfSSL | 13:f67a6c6013ca | 647 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 648 | break; |
wolfSSL | 13:f67a6c6013ca | 649 | ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 650 | SHA_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 651 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 652 | break; |
wolfSSL | 13:f67a6c6013ca | 653 | ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 654 | SHA_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 655 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 656 | break; |
wolfSSL | 13:f67a6c6013ca | 657 | ret = wc_ShaFinal(&hmac->hash.sha, hash); |
wolfSSL | 13:f67a6c6013ca | 658 | break; |
wolfSSL | 13:f67a6c6013ca | 659 | #endif /* !NO_SHA */ |
wolfSSL | 13:f67a6c6013ca | 660 | |
wolfSSL | 13:f67a6c6013ca | 661 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 13:f67a6c6013ca | 662 | case SHA224: |
wolfSSL | 13:f67a6c6013ca | 663 | { |
wolfSSL | 13:f67a6c6013ca | 664 | ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash); |
wolfSSL | 13:f67a6c6013ca | 665 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 666 | break; |
wolfSSL | 13:f67a6c6013ca | 667 | ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 668 | SHA224_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 669 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 670 | break; |
wolfSSL | 13:f67a6c6013ca | 671 | ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 672 | SHA224_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 673 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 674 | break; |
wolfSSL | 13:f67a6c6013ca | 675 | ret = wc_Sha224Final(&hmac->hash.sha224, hash); |
wolfSSL | 13:f67a6c6013ca | 676 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 677 | break; |
wolfSSL | 13:f67a6c6013ca | 678 | } |
wolfSSL | 13:f67a6c6013ca | 679 | break; |
wolfSSL | 13:f67a6c6013ca | 680 | #endif /* WOLFSSL_SHA224 */ |
wolfSSL | 13:f67a6c6013ca | 681 | |
wolfSSL | 13:f67a6c6013ca | 682 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 683 | case SHA256: |
wolfSSL | 13:f67a6c6013ca | 684 | ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash); |
wolfSSL | 13:f67a6c6013ca | 685 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 686 | break; |
wolfSSL | 13:f67a6c6013ca | 687 | ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 688 | SHA256_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 689 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 690 | break; |
wolfSSL | 13:f67a6c6013ca | 691 | ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 692 | SHA256_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 693 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 694 | break; |
wolfSSL | 13:f67a6c6013ca | 695 | ret = wc_Sha256Final(&hmac->hash.sha256, hash); |
wolfSSL | 13:f67a6c6013ca | 696 | break; |
wolfSSL | 13:f67a6c6013ca | 697 | #endif /* !NO_SHA256 */ |
wolfSSL | 13:f67a6c6013ca | 698 | |
wolfSSL | 13:f67a6c6013ca | 699 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 700 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 701 | case SHA384: |
wolfSSL | 13:f67a6c6013ca | 702 | ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash); |
wolfSSL | 13:f67a6c6013ca | 703 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 704 | break; |
wolfSSL | 13:f67a6c6013ca | 705 | ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 706 | SHA384_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 707 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 708 | break; |
wolfSSL | 13:f67a6c6013ca | 709 | ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 710 | SHA384_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 711 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 712 | break; |
wolfSSL | 13:f67a6c6013ca | 713 | ret = wc_Sha384Final(&hmac->hash.sha384, hash); |
wolfSSL | 13:f67a6c6013ca | 714 | break; |
wolfSSL | 13:f67a6c6013ca | 715 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 13:f67a6c6013ca | 716 | case SHA512: |
wolfSSL | 13:f67a6c6013ca | 717 | ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash); |
wolfSSL | 13:f67a6c6013ca | 718 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 719 | break; |
wolfSSL | 13:f67a6c6013ca | 720 | ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 721 | SHA512_BLOCK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 722 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 723 | break; |
wolfSSL | 13:f67a6c6013ca | 724 | ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 725 | SHA512_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 726 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 727 | break; |
wolfSSL | 13:f67a6c6013ca | 728 | ret = wc_Sha512Final(&hmac->hash.sha512, hash); |
wolfSSL | 13:f67a6c6013ca | 729 | break; |
wolfSSL | 13:f67a6c6013ca | 730 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 13:f67a6c6013ca | 731 | |
wolfSSL | 13:f67a6c6013ca | 732 | #ifdef HAVE_BLAKE2 |
wolfSSL | 13:f67a6c6013ca | 733 | case BLAKE2B_ID: |
wolfSSL | 13:f67a6c6013ca | 734 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 735 | BLAKE2B_256); |
wolfSSL | 13:f67a6c6013ca | 736 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 737 | break; |
wolfSSL | 13:f67a6c6013ca | 738 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->opad, |
wolfSSL | 13:f67a6c6013ca | 739 | BLAKE2B_BLOCKBYTES); |
wolfSSL | 13:f67a6c6013ca | 740 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 741 | break; |
wolfSSL | 13:f67a6c6013ca | 742 | ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*)hmac->innerHash, |
wolfSSL | 13:f67a6c6013ca | 743 | BLAKE2B_256); |
wolfSSL | 13:f67a6c6013ca | 744 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 745 | break; |
wolfSSL | 13:f67a6c6013ca | 746 | ret = wc_Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256); |
wolfSSL | 13:f67a6c6013ca | 747 | break; |
wolfSSL | 13:f67a6c6013ca | 748 | #endif /* HAVE_BLAKE2 */ |
wolfSSL | 13:f67a6c6013ca | 749 | |
wolfSSL | 13:f67a6c6013ca | 750 | default: |
wolfSSL | 13:f67a6c6013ca | 751 | ret = BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 752 | break; |
wolfSSL | 13:f67a6c6013ca | 753 | } |
wolfSSL | 13:f67a6c6013ca | 754 | |
wolfSSL | 13:f67a6c6013ca | 755 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 756 | hmac->innerHashKeyed = 0; |
wolfSSL | 13:f67a6c6013ca | 757 | } |
wolfSSL | 13:f67a6c6013ca | 758 | |
wolfSSL | 13:f67a6c6013ca | 759 | return ret; |
wolfSSL | 13:f67a6c6013ca | 760 | } |
wolfSSL | 13:f67a6c6013ca | 761 | |
wolfSSL | 13:f67a6c6013ca | 762 | |
wolfSSL | 13:f67a6c6013ca | 763 | /* Initialize Hmac for use with async device */ |
wolfSSL | 13:f67a6c6013ca | 764 | int wc_HmacInit(Hmac* hmac, void* heap, int devId) |
wolfSSL | 13:f67a6c6013ca | 765 | { |
wolfSSL | 13:f67a6c6013ca | 766 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 767 | |
wolfSSL | 13:f67a6c6013ca | 768 | if (hmac == NULL) |
wolfSSL | 13:f67a6c6013ca | 769 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 770 | |
wolfSSL | 13:f67a6c6013ca | 771 | XMEMSET(hmac, 0, sizeof(Hmac)); |
wolfSSL | 13:f67a6c6013ca | 772 | hmac->heap = heap; |
wolfSSL | 13:f67a6c6013ca | 773 | |
wolfSSL | 13:f67a6c6013ca | 774 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) |
wolfSSL | 13:f67a6c6013ca | 775 | hmac->keyLen = 0; |
wolfSSL | 13:f67a6c6013ca | 776 | #ifdef HAVE_CAVIUM |
wolfSSL | 13:f67a6c6013ca | 777 | hmac->dataLen = 0; |
wolfSSL | 13:f67a6c6013ca | 778 | hmac->data = NULL; /* buffered input data */ |
wolfSSL | 13:f67a6c6013ca | 779 | #endif /* HAVE_CAVIUM */ |
wolfSSL | 13:f67a6c6013ca | 780 | |
wolfSSL | 13:f67a6c6013ca | 781 | ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC, |
wolfSSL | 13:f67a6c6013ca | 782 | hmac->heap, devId); |
wolfSSL | 13:f67a6c6013ca | 783 | #else |
wolfSSL | 13:f67a6c6013ca | 784 | (void)devId; |
wolfSSL | 13:f67a6c6013ca | 785 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 13:f67a6c6013ca | 786 | |
wolfSSL | 13:f67a6c6013ca | 787 | return ret; |
wolfSSL | 13:f67a6c6013ca | 788 | } |
wolfSSL | 13:f67a6c6013ca | 789 | |
wolfSSL | 13:f67a6c6013ca | 790 | /* Free Hmac from use with async device */ |
wolfSSL | 13:f67a6c6013ca | 791 | void wc_HmacFree(Hmac* hmac) |
wolfSSL | 13:f67a6c6013ca | 792 | { |
wolfSSL | 13:f67a6c6013ca | 793 | if (hmac == NULL) |
wolfSSL | 13:f67a6c6013ca | 794 | return; |
wolfSSL | 13:f67a6c6013ca | 795 | |
wolfSSL | 13:f67a6c6013ca | 796 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) |
wolfSSL | 13:f67a6c6013ca | 797 | wolfAsync_DevCtxFree(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC); |
wolfSSL | 13:f67a6c6013ca | 798 | |
wolfSSL | 13:f67a6c6013ca | 799 | #ifdef HAVE_CAVIUM |
wolfSSL | 13:f67a6c6013ca | 800 | XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_HMAC); |
wolfSSL | 13:f67a6c6013ca | 801 | hmac->data = NULL; |
wolfSSL | 13:f67a6c6013ca | 802 | #endif /* HAVE_CAVIUM */ |
wolfSSL | 13:f67a6c6013ca | 803 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 13:f67a6c6013ca | 804 | } |
wolfSSL | 13:f67a6c6013ca | 805 | |
wolfSSL | 13:f67a6c6013ca | 806 | int wolfSSL_GetHmacMaxSize(void) |
wolfSSL | 13:f67a6c6013ca | 807 | { |
wolfSSL | 13:f67a6c6013ca | 808 | return MAX_DIGEST_SIZE; |
wolfSSL | 13:f67a6c6013ca | 809 | } |
wolfSSL | 13:f67a6c6013ca | 810 | |
wolfSSL | 13:f67a6c6013ca | 811 | #ifdef HAVE_HKDF |
wolfSSL | 13:f67a6c6013ca | 812 | /* HMAC-KDF-Extract. |
wolfSSL | 13:f67a6c6013ca | 813 | * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). |
wolfSSL | 13:f67a6c6013ca | 814 | * |
wolfSSL | 13:f67a6c6013ca | 815 | * type The hash algorithm type. |
wolfSSL | 13:f67a6c6013ca | 816 | * salt The optional salt value. |
wolfSSL | 13:f67a6c6013ca | 817 | * saltSz The size of the salt. |
wolfSSL | 13:f67a6c6013ca | 818 | * inKey The input keying material. |
wolfSSL | 13:f67a6c6013ca | 819 | * inKeySz The size of the input keying material. |
wolfSSL | 13:f67a6c6013ca | 820 | * out The pseudorandom key with the length that of the hash. |
wolfSSL | 13:f67a6c6013ca | 821 | * returns 0 on success, otherwise failure. |
wolfSSL | 13:f67a6c6013ca | 822 | */ |
wolfSSL | 13:f67a6c6013ca | 823 | int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, |
wolfSSL | 13:f67a6c6013ca | 824 | const byte* inKey, word32 inKeySz, byte* out) |
wolfSSL | 13:f67a6c6013ca | 825 | { |
wolfSSL | 13:f67a6c6013ca | 826 | byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper */ |
wolfSSL | 13:f67a6c6013ca | 827 | Hmac myHmac; |
wolfSSL | 13:f67a6c6013ca | 828 | int ret; |
wolfSSL | 13:f67a6c6013ca | 829 | const byte* localSalt; /* either points to user input or tmp */ |
wolfSSL | 13:f67a6c6013ca | 830 | int hashSz; |
wolfSSL | 13:f67a6c6013ca | 831 | |
wolfSSL | 13:f67a6c6013ca | 832 | ret = wc_HmacSizeByType(type); |
wolfSSL | 13:f67a6c6013ca | 833 | if (ret < 0) |
wolfSSL | 13:f67a6c6013ca | 834 | return ret; |
wolfSSL | 13:f67a6c6013ca | 835 | |
wolfSSL | 13:f67a6c6013ca | 836 | hashSz = ret; |
wolfSSL | 13:f67a6c6013ca | 837 | localSalt = salt; |
wolfSSL | 13:f67a6c6013ca | 838 | if (localSalt == NULL) { |
wolfSSL | 13:f67a6c6013ca | 839 | XMEMSET(tmp, 0, hashSz); |
wolfSSL | 13:f67a6c6013ca | 840 | localSalt = tmp; |
wolfSSL | 13:f67a6c6013ca | 841 | saltSz = hashSz; |
wolfSSL | 13:f67a6c6013ca | 842 | } |
wolfSSL | 13:f67a6c6013ca | 843 | |
wolfSSL | 13:f67a6c6013ca | 844 | ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); |
wolfSSL | 13:f67a6c6013ca | 845 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 846 | ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); |
wolfSSL | 13:f67a6c6013ca | 847 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 848 | ret = wc_HmacFinal(&myHmac, out); |
wolfSSL | 13:f67a6c6013ca | 849 | |
wolfSSL | 13:f67a6c6013ca | 850 | return ret; |
wolfSSL | 13:f67a6c6013ca | 851 | } |
wolfSSL | 13:f67a6c6013ca | 852 | |
wolfSSL | 13:f67a6c6013ca | 853 | /* HMAC-KDF-Expand. |
wolfSSL | 13:f67a6c6013ca | 854 | * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). |
wolfSSL | 13:f67a6c6013ca | 855 | * |
wolfSSL | 13:f67a6c6013ca | 856 | * type The hash algorithm type. |
wolfSSL | 13:f67a6c6013ca | 857 | * inKey The input key. |
wolfSSL | 13:f67a6c6013ca | 858 | * inKeySz The size of the input key. |
wolfSSL | 13:f67a6c6013ca | 859 | * info The application specific information. |
wolfSSL | 13:f67a6c6013ca | 860 | * infoSz The size of the application specific information. |
wolfSSL | 13:f67a6c6013ca | 861 | * out The output keying material. |
wolfSSL | 13:f67a6c6013ca | 862 | * returns 0 on success, otherwise failure. |
wolfSSL | 13:f67a6c6013ca | 863 | */ |
wolfSSL | 13:f67a6c6013ca | 864 | int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, |
wolfSSL | 13:f67a6c6013ca | 865 | const byte* info, word32 infoSz, byte* out, word32 outSz) |
wolfSSL | 13:f67a6c6013ca | 866 | { |
wolfSSL | 13:f67a6c6013ca | 867 | byte tmp[MAX_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 868 | Hmac myHmac; |
wolfSSL | 13:f67a6c6013ca | 869 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 870 | word32 outIdx = 0; |
wolfSSL | 13:f67a6c6013ca | 871 | word32 hashSz = wc_HmacSizeByType(type); |
wolfSSL | 13:f67a6c6013ca | 872 | byte n = 0x1; |
wolfSSL | 13:f67a6c6013ca | 873 | |
wolfSSL | 13:f67a6c6013ca | 874 | while (outIdx < outSz) { |
wolfSSL | 13:f67a6c6013ca | 875 | int tmpSz = (n == 1) ? 0 : hashSz; |
wolfSSL | 13:f67a6c6013ca | 876 | word32 left = outSz - outIdx; |
wolfSSL | 13:f67a6c6013ca | 877 | |
wolfSSL | 13:f67a6c6013ca | 878 | ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz); |
wolfSSL | 13:f67a6c6013ca | 879 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 880 | break; |
wolfSSL | 13:f67a6c6013ca | 881 | ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); |
wolfSSL | 13:f67a6c6013ca | 882 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 883 | break; |
wolfSSL | 13:f67a6c6013ca | 884 | ret = wc_HmacUpdate(&myHmac, info, infoSz); |
wolfSSL | 13:f67a6c6013ca | 885 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 886 | break; |
wolfSSL | 13:f67a6c6013ca | 887 | ret = wc_HmacUpdate(&myHmac, &n, 1); |
wolfSSL | 13:f67a6c6013ca | 888 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 889 | break; |
wolfSSL | 13:f67a6c6013ca | 890 | ret = wc_HmacFinal(&myHmac, tmp); |
wolfSSL | 13:f67a6c6013ca | 891 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 892 | break; |
wolfSSL | 13:f67a6c6013ca | 893 | |
wolfSSL | 13:f67a6c6013ca | 894 | left = min(left, hashSz); |
wolfSSL | 13:f67a6c6013ca | 895 | XMEMCPY(out+outIdx, tmp, left); |
wolfSSL | 13:f67a6c6013ca | 896 | |
wolfSSL | 13:f67a6c6013ca | 897 | outIdx += hashSz; |
wolfSSL | 13:f67a6c6013ca | 898 | n++; |
wolfSSL | 13:f67a6c6013ca | 899 | } |
wolfSSL | 13:f67a6c6013ca | 900 | |
wolfSSL | 13:f67a6c6013ca | 901 | return ret; |
wolfSSL | 13:f67a6c6013ca | 902 | } |
wolfSSL | 13:f67a6c6013ca | 903 | |
wolfSSL | 13:f67a6c6013ca | 904 | /* HMAC-KDF. |
wolfSSL | 13:f67a6c6013ca | 905 | * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). |
wolfSSL | 13:f67a6c6013ca | 906 | * |
wolfSSL | 13:f67a6c6013ca | 907 | * type The hash algorithm type. |
wolfSSL | 13:f67a6c6013ca | 908 | * inKey The input keying material. |
wolfSSL | 13:f67a6c6013ca | 909 | * inKeySz The size of the input keying material. |
wolfSSL | 13:f67a6c6013ca | 910 | * salt The optional salt value. |
wolfSSL | 13:f67a6c6013ca | 911 | * saltSz The size of the salt. |
wolfSSL | 13:f67a6c6013ca | 912 | * info The application specific information. |
wolfSSL | 13:f67a6c6013ca | 913 | * infoSz The size of the application specific information. |
wolfSSL | 13:f67a6c6013ca | 914 | * out The output keying material. |
wolfSSL | 13:f67a6c6013ca | 915 | * returns 0 on success, otherwise failure. |
wolfSSL | 13:f67a6c6013ca | 916 | */ |
wolfSSL | 13:f67a6c6013ca | 917 | int wc_HKDF(int type, const byte* inKey, word32 inKeySz, |
wolfSSL | 13:f67a6c6013ca | 918 | const byte* salt, word32 saltSz, |
wolfSSL | 13:f67a6c6013ca | 919 | const byte* info, word32 infoSz, |
wolfSSL | 13:f67a6c6013ca | 920 | byte* out, word32 outSz) |
wolfSSL | 13:f67a6c6013ca | 921 | { |
wolfSSL | 13:f67a6c6013ca | 922 | byte prk[MAX_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 923 | int hashSz = wc_HmacSizeByType(type); |
wolfSSL | 13:f67a6c6013ca | 924 | int ret; |
wolfSSL | 13:f67a6c6013ca | 925 | |
wolfSSL | 13:f67a6c6013ca | 926 | if (hashSz < 0) |
wolfSSL | 13:f67a6c6013ca | 927 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 928 | |
wolfSSL | 13:f67a6c6013ca | 929 | ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk); |
wolfSSL | 13:f67a6c6013ca | 930 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 931 | return ret; |
wolfSSL | 13:f67a6c6013ca | 932 | |
wolfSSL | 13:f67a6c6013ca | 933 | return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz); |
wolfSSL | 13:f67a6c6013ca | 934 | } |
wolfSSL | 13:f67a6c6013ca | 935 | |
wolfSSL | 13:f67a6c6013ca | 936 | #endif /* HAVE_HKDF */ |
wolfSSL | 13:f67a6c6013ca | 937 | |
wolfSSL | 13:f67a6c6013ca | 938 | #endif /* HAVE_FIPS */ |
wolfSSL | 13:f67a6c6013ca | 939 | #endif /* NO_HMAC */ |
wolfSSL | 13:f67a6c6013ca | 940 |