1 /* $NetBSD: hmac.c,v 1.5 2017/10/05 09:59:04 roy Exp $ */ 2 3 /*- 4 * Copyright (c) 2016 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <string.h> 33 #include <stdlib.h> 34 35 #include "config.h" 36 37 #if defined(HAVE_MD5_H) && !defined(DEPGEN) 38 #include <md5.h> 39 #endif 40 41 #ifdef SHA2_H 42 # include SHA2_H 43 #endif 44 45 #ifndef __arraycount 46 #define __arraycount(__x) (sizeof(__x) / sizeof(__x[0])) 47 #endif 48 49 #if 0 50 #include <md2.h> 51 #include <md4.h> 52 #include <md5.h> 53 #include <rmd160.h> 54 #include <sha1.h> 55 #include <sha2.h> 56 #endif 57 58 #ifndef MD5_BLOCK_LENGTH 59 #define MD5_BLOCK_LENGTH 64 60 #endif 61 #ifndef SHA256_BLOCK_LENGTH 62 #define SHA256_BLOCK_LENGTH 64 63 #endif 64 65 #define HMAC_SIZE 128 66 #define HMAC_IPAD 0x36 67 #define HMAC_OPAD 0x5C 68 69 static const struct hmac { 70 const char *name; 71 size_t ctxsize; 72 size_t digsize; 73 size_t blocksize; 74 void (*init)(void *); 75 void (*update)(void *, const uint8_t *, unsigned int); 76 void (*final)(uint8_t *, void *); 77 } hmacs[] = { 78 #if 0 79 { 80 "md2", sizeof(MD2_CTX), MD2_DIGEST_LENGTH, MD2_BLOCK_LENGTH, 81 (void *)MD2Init, (void *)MD2Update, (void *)MD2Final, 82 }, 83 { 84 "md4", sizeof(MD4_CTX), MD4_DIGEST_LENGTH, MD4_BLOCK_LENGTH, 85 (void *)MD4Init, (void *)MD4Update, (void *)MD4Final, 86 }, 87 #endif 88 { 89 "md5", sizeof(MD5_CTX), MD5_DIGEST_LENGTH, MD5_BLOCK_LENGTH, 90 (void *)MD5Init, (void *)MD5Update, (void *)MD5Final, 91 }, 92 #if 0 93 { 94 "rmd160", sizeof(RMD160_CTX), RMD160_DIGEST_LENGTH, 95 RMD160_BLOCK_LENGTH, 96 (void *)RMD160Init, (void *)RMD160Update, (void *)RMD160Final, 97 }, 98 { 99 "sha1", sizeof(SHA1_CTX), SHA1_DIGEST_LENGTH, SHA1_BLOCK_LENGTH, 100 (void *)SHA1Init, (void *)SHA1Update, (void *)SHA1Final, 101 }, 102 { 103 "sha224", sizeof(SHA224_CTX), SHA224_DIGEST_LENGTH, 104 SHA224_BLOCK_LENGTH, 105 (void *)SHA224_Init, (void *)SHA224_Update, 106 (void *)SHA224_Final, 107 }, 108 #endif 109 { 110 "sha256", sizeof(SHA256_CTX), SHA256_DIGEST_LENGTH, 111 SHA256_BLOCK_LENGTH, 112 (void *)SHA256_Init, (void *)SHA256_Update, 113 (void *)SHA256_Final, 114 }, 115 #if 0 116 { 117 "sha384", sizeof(SHA384_CTX), SHA384_DIGEST_LENGTH, 118 SHA384_BLOCK_LENGTH, 119 (void *)SHA384_Init, (void *)SHA384_Update, 120 (void *)SHA384_Final, 121 }, 122 { 123 "sha512", sizeof(SHA512_CTX), SHA512_DIGEST_LENGTH, 124 SHA512_BLOCK_LENGTH, 125 (void *)SHA512_Init, (void *)SHA512_Update, 126 (void *)SHA512_Final, 127 }, 128 #endif 129 }; 130 131 static const struct hmac * 132 hmac_find(const char *name) 133 { 134 for (size_t i = 0; i < __arraycount(hmacs); i++) { 135 if (strcmp(hmacs[i].name, name) != 0) 136 continue; 137 return &hmacs[i]; 138 } 139 return NULL; 140 } 141 142 ssize_t 143 hmac(const char *name, 144 const void *key, size_t klen, 145 const void *text, size_t tlen, 146 void *digest, size_t dlen) 147 { 148 uint8_t ipad[HMAC_SIZE], opad[HMAC_SIZE], d[HMAC_SIZE]; 149 const uint8_t *k = key; 150 const struct hmac *h; 151 uint64_t c[32]; 152 void *p; 153 154 if ((h = hmac_find(name)) == NULL) 155 return -1; 156 157 158 if (klen > h->blocksize) { 159 (*h->init)(c); 160 (*h->update)(c, k, (unsigned int)klen); 161 (*h->final)(d, c); 162 k = (void *)d; 163 klen = h->digsize; 164 } 165 166 /* Form input and output pads for the digests */ 167 for (size_t i = 0; i < sizeof(ipad); i++) { 168 ipad[i] = (i < klen ? k[i] : 0) ^ HMAC_IPAD; 169 opad[i] = (i < klen ? k[i] : 0) ^ HMAC_OPAD; 170 } 171 172 p = dlen >= h->digsize ? digest : d; 173 if (p != digest) { 174 memcpy(p, digest, dlen); 175 memset((char *)p + dlen, 0, h->digsize - dlen); 176 } 177 (*h->init)(c); 178 (*h->update)(c, ipad, (unsigned int)h->blocksize); 179 (*h->update)(c, text, (unsigned int)tlen); 180 (*h->final)(p, c); 181 182 (*h->init)(c); 183 (*h->update)(c, opad, (unsigned int)h->blocksize); 184 (*h->update)(c, digest, (unsigned int)h->digsize); 185 (*h->final)(p, c); 186 187 if (p != digest) 188 memcpy(digest, p, dlen); 189 190 return (ssize_t)h->digsize; 191 } 192