1 /*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32 Includes a bugfix from Dr Brian Gladman made on 16/04/2012 for compiling on 64-bit
33
34 This is an implementation of HMAC, the FIPS standard keyed hash function
35 */
36
37
38 #include "hmac.h"
39
40 #define HMAC_IPAD (0x36 * (((unsigned long)-1) / 0xff))
41 #define HMAC_OPAD (0x5c * (((unsigned long)-1) / 0xff))
42
43 /* initialise the HMAC context to zero */
hmac_sha_begin(hmac_ctx cx[1])44 void hmac_sha_begin(hmac_ctx cx[1])
45 {
46 memset(cx, 0, sizeof(hmac_ctx));
47 }
48
49 /* input the HMAC key (can be called multiple times) */
hmac_sha_key(const unsigned char key[],unsigned long key_len,hmac_ctx cx[1])50 int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
51 {
52 if(cx->klen == HMAC_IN_DATA) /* error if further key input */
53 return HMAC_BAD_MODE; /* is attempted in data mode */
54
55 if(cx->klen + key_len > HMAC_HASH_INPUT_SIZE) /* if the key has to be hashed */
56 {
57 if(cx->klen <= HMAC_HASH_INPUT_SIZE) /* if the hash has not yet been */
58 { /* started, initialise it and */
59 sha_begin(cx->ctx); /* hash stored key characters */
60 sha_hash(cx->key, cx->klen, cx->ctx);
61 }
62
63 sha_hash(key, key_len, cx->ctx); /* hash long key data into hash */
64 }
65 else /* otherwise store key data */
66 memcpy(cx->key + cx->klen, key, key_len);
67
68 cx->klen += key_len; /* update the key length count */
69 return HMAC_OK;
70 }
71
72 /* input the HMAC data (can be called multiple times) - */
73 /* note that this call terminates the key input phase */
hmac_sha_data(const unsigned char data[],unsigned long data_len,hmac_ctx cx[1])74 void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
75 { unsigned int i;
76
77 if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
78 {
79 if(cx->klen > HMAC_HASH_INPUT_SIZE) /* if key is being hashed */
80 { /* complete the hash and */
81 sha_end(cx->key, cx->ctx); /* store the result as the */
82 cx->klen = HMAC_HASH_OUTPUT_SIZE; /* key and set new length */
83 }
84
85 /* pad the key if necessary */
86 memset(cx->key + cx->klen, 0, HMAC_HASH_INPUT_SIZE - cx->klen);
87
88 /* xor ipad into key value */
89 for(i = 0; i < HMAC_HASH_INPUT_SIZE / sizeof(unsigned long); ++i)
90 ((unsigned long*)cx->key)[i] ^= HMAC_IPAD;
91
92 /* and start hash operation */
93 sha_begin(cx->ctx);
94 sha_hash(cx->key, HMAC_HASH_INPUT_SIZE, cx->ctx);
95
96 /* mark as now in data mode */
97 cx->klen = HMAC_IN_DATA;
98 }
99
100 /* hash the data (if any) */
101 if(data_len)
102 sha_hash(data, data_len, cx->ctx);
103 }
104
105 /* compute and output the MAC value */
hmac_sha_end(unsigned char mac[],unsigned long mac_len,hmac_ctx cx[1])106 void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
107 { unsigned char dig[HMAC_HASH_OUTPUT_SIZE];
108 unsigned int i;
109
110 /* if no data has been entered perform a null data phase */
111 if(cx->klen != HMAC_IN_DATA)
112 hmac_sha_data((const unsigned char*)0, 0, cx);
113
114 sha_end(dig, cx->ctx); /* complete the inner hash */
115
116 /* set outer key value using opad and removing ipad */
117 for(i = 0; i < HMAC_HASH_INPUT_SIZE / sizeof(unsigned long); ++i)
118 ((unsigned long*)cx->key)[i] ^= HMAC_OPAD ^ HMAC_IPAD;
119
120 /* perform the outer hash operation */
121 sha_begin(cx->ctx);
122 sha_hash(cx->key, HMAC_HASH_INPUT_SIZE, cx->ctx);
123 sha_hash(dig, HMAC_HASH_OUTPUT_SIZE, cx->ctx);
124 sha_end(dig, cx->ctx);
125
126 /* output the hash value */
127 for(i = 0; i < mac_len; ++i)
128 mac[i] = dig[i];
129 }
130
131 /* 'do it all in one go' subroutine */
hmac_sha(const unsigned char key[],unsigned long key_len,const unsigned char data[],unsigned long data_len,unsigned char mac[],unsigned long mac_len)132 void hmac_sha(const unsigned char key[], unsigned long key_len,
133 const unsigned char data[], unsigned long data_len,
134 unsigned char mac[], unsigned long mac_len)
135 { hmac_ctx cx[1];
136
137 hmac_sha_begin(cx);
138 hmac_sha_key(key, key_len, cx);
139 hmac_sha_data(data, data_len, cx);
140 hmac_sha_end(mac, mac_len, cx);
141 }
142
143