1 /* hmac.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /*! 23 \file wolfssl/wolfcrypt/hmac.h 24 */ 25 26 #ifndef NO_HMAC 27 28 #ifndef WOLF_CRYPT_HMAC_H 29 #define WOLF_CRYPT_HMAC_H 30 31 #include <wolfssl/wolfcrypt/hash.h> 32 33 #if defined(HAVE_FIPS) && \ 34 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 35 /* for fips @wc_fips */ 36 #include <cyassl/ctaocrypt/hmac.h> 37 #define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE 38 #endif 39 40 41 #if defined(HAVE_FIPS) && \ 42 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) 43 #include <wolfssl/wolfcrypt/fips.h> 44 #endif 45 46 #ifdef __cplusplus 47 extern "C" { 48 #endif 49 50 /* avoid redefinition of structs */ 51 #if !defined(HAVE_FIPS) || \ 52 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) 53 54 #ifdef WOLFSSL_ASYNC_CRYPT 55 #include <wolfssl/wolfcrypt/async.h> 56 #endif 57 58 #ifndef NO_OLD_WC_NAMES 59 #define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE 60 #endif 61 62 #define WC_HMAC_INNER_HASH_KEYED_SW 1 63 #define WC_HMAC_INNER_HASH_KEYED_DEV 2 64 65 enum { 66 HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */ 67 68 IPAD = 0x36, 69 OPAD = 0x5C, 70 71 /* If any hash is not enabled, add the ID here. */ 72 #ifdef NO_MD5 73 WC_MD5 = WC_HASH_TYPE_MD5, 74 #endif 75 #ifdef NO_SHA 76 WC_SHA = WC_HASH_TYPE_SHA, 77 #endif 78 #ifdef NO_SHA256 79 WC_SHA256 = WC_HASH_TYPE_SHA256, 80 #endif 81 #ifndef WOLFSSL_SHA512 82 WC_SHA512 = WC_HASH_TYPE_SHA512, 83 #ifndef WOLFSSL_NOSHA512_224 84 WC_SHA512_224 = WC_HASH_TYPE_SHA512_224, 85 #endif 86 #ifndef WOLFSSL_NOSHA512_256 87 WC_SHA512_256 = WC_HASH_TYPE_SHA512_256, 88 #endif 89 #endif 90 #ifndef WOLFSSL_SHA384 91 WC_SHA384 = WC_HASH_TYPE_SHA384, 92 #endif 93 #ifndef WOLFSSL_SHA224 94 WC_SHA224 = WC_HASH_TYPE_SHA224, 95 #endif 96 #ifndef WOLFSSL_SHA3 97 WC_SHA3_224 = WC_HASH_TYPE_SHA3_224, 98 WC_SHA3_256 = WC_HASH_TYPE_SHA3_256, 99 WC_SHA3_384 = WC_HASH_TYPE_SHA3_384, 100 WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, 101 #endif 102 #ifdef HAVE_PKCS11 103 HMAC_MAX_ID_LEN = 32, 104 HMAC_MAX_LABEL_LEN = 32, 105 #endif 106 }; 107 108 /* Select the largest available hash for the buffer size. */ 109 #define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE 110 111 #if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && \ 112 !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && \ 113 defined(WOLFSSL_SHA224) && defined(NO_SHA) && defined(NO_MD5) 114 #error "You have to have some kind of hash if you want to use HMAC." 115 #endif 116 117 118 /* hmac hash union */ 119 typedef union { 120 #ifndef NO_MD5 121 wc_Md5 md5; 122 #endif 123 #ifndef NO_SHA 124 wc_Sha sha; 125 #endif 126 #ifdef WOLFSSL_SHA224 127 wc_Sha224 sha224; 128 #endif 129 #ifndef NO_SHA256 130 wc_Sha256 sha256; 131 #endif 132 #ifdef WOLFSSL_SHA384 133 wc_Sha384 sha384; 134 #endif 135 #ifdef WOLFSSL_SHA512 136 wc_Sha512 sha512; 137 #endif 138 #ifdef WOLFSSL_SHA3 139 wc_Sha3 sha3; 140 #endif 141 } wc_HmacHash; 142 143 /* Hmac digest */ 144 struct Hmac { 145 wc_HmacHash hash; 146 word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ 147 word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; 148 word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)]; 149 void* heap; /* heap hint */ 150 byte macType; /* md5 sha or sha256 */ 151 byte innerHashKeyed; /* keyed flag */ 152 #ifdef WOLFSSL_KCAPI_HMAC 153 struct kcapi_handle* handle; 154 #endif 155 #ifdef WOLFSSL_ASYNC_CRYPT 156 WC_ASYNC_DEV asyncDev; 157 #endif /* WOLFSSL_ASYNC_CRYPT */ 158 #ifdef WOLF_CRYPTO_CB 159 int devId; 160 void* devCtx; 161 const byte* keyRaw; 162 #endif 163 #ifdef HAVE_PKCS11 164 byte id[HMAC_MAX_ID_LEN]; 165 int idLen; 166 char label[HMAC_MAX_LABEL_LEN]; 167 int labelLen; 168 #endif 169 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) 170 word16 keyLen; /* hmac key length (key in ipad) */ 171 #endif 172 }; 173 174 #ifndef WC_HMAC_TYPE_DEFINED 175 typedef struct Hmac Hmac; 176 #define WC_HMAC_TYPE_DEFINED 177 #endif 178 179 180 #endif /* HAVE_FIPS */ 181 182 /* does init */ 183 WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); 184 WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32); 185 WOLFSSL_API int wc_HmacFinal(Hmac*, byte*); 186 #ifdef WOLFSSL_KCAPI_HMAC 187 WOLFSSL_API int wc_HmacSetKey_Software(Hmac*, int type, const byte* key, 188 word32 keySz); 189 WOLFSSL_API int wc_HmacUpdate_Software(Hmac*, const byte*, word32); 190 WOLFSSL_API int wc_HmacFinal_Software(Hmac*, byte*); 191 #endif 192 WOLFSSL_API int wc_HmacSizeByType(int type); 193 194 WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId); 195 #ifdef HAVE_PKCS11 196 WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap, 197 int devId); 198 WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap, 199 int devId); 200 #endif 201 WOLFSSL_API void wc_HmacFree(Hmac*); 202 203 WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); 204 205 WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap); 206 207 #ifdef HAVE_HKDF 208 209 WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, 210 const byte* inKey, word32 inKeySz, byte* out); 211 WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, 212 const byte* info, word32 infoSz, 213 byte* out, word32 outSz); 214 215 WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, 216 const byte* salt, word32 saltSz, 217 const byte* info, word32 infoSz, 218 byte* out, word32 outSz); 219 220 #endif /* HAVE_HKDF */ 221 222 #ifdef __cplusplus 223 } /* extern "C" */ 224 #endif 225 226 #endif /* WOLF_CRYPT_HMAC_H */ 227 228 #endif /* NO_HMAC */ 229 230