1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include "internal/cryptlib.h" 14 #include <openssl/hmac.h> 15 #include <openssl/opensslconf.h> 16 #include "hmac_lcl.h" 17 18 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, 19 const EVP_MD *md, ENGINE *impl) 20 { 21 int rv = 0; 22 int i, j, reset = 0; 23 unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; 24 25 /* If we are changing MD then we must have a key */ 26 if (md != NULL && md != ctx->md && (key == NULL || len < 0)) 27 return 0; 28 29 if (md != NULL) { 30 reset = 1; 31 ctx->md = md; 32 } else if (ctx->md) { 33 md = ctx->md; 34 } else { 35 return 0; 36 } 37 38 if (key != NULL) { 39 reset = 1; 40 j = EVP_MD_block_size(md); 41 if (!ossl_assert(j <= (int)sizeof(ctx->key))) 42 return 0; 43 if (j < len) { 44 if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) 45 || !EVP_DigestUpdate(ctx->md_ctx, key, len) 46 || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, 47 &ctx->key_length)) 48 return 0; 49 } else { 50 if (len < 0 || len > (int)sizeof(ctx->key)) 51 return 0; 52 memcpy(ctx->key, key, len); 53 ctx->key_length = len; 54 } 55 if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) 56 memset(&ctx->key[ctx->key_length], 0, 57 HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); 58 } 59 60 if (reset) { 61 for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) 62 pad[i] = 0x36 ^ ctx->key[i]; 63 if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) 64 || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) 65 goto err; 66 67 for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) 68 pad[i] = 0x5c ^ ctx->key[i]; 69 if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) 70 || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) 71 goto err; 72 } 73 if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) 74 goto err; 75 rv = 1; 76 err: 77 if (reset) 78 OPENSSL_cleanse(pad, sizeof(pad)); 79 return rv; 80 } 81 82 #if OPENSSL_API_COMPAT < 0x10100000L 83 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) 84 { 85 if (key && md) 86 HMAC_CTX_reset(ctx); 87 return HMAC_Init_ex(ctx, key, len, md, NULL); 88 } 89 #endif 90 91 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) 92 { 93 if (!ctx->md) 94 return 0; 95 return EVP_DigestUpdate(ctx->md_ctx, data, len); 96 } 97 98 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) 99 { 100 unsigned int i; 101 unsigned char buf[EVP_MAX_MD_SIZE]; 102 103 if (!ctx->md) 104 goto err; 105 106 if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) 107 goto err; 108 if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) 109 goto err; 110 if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) 111 goto err; 112 if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) 113 goto err; 114 return 1; 115 err: 116 return 0; 117 } 118 119 size_t HMAC_size(const HMAC_CTX *ctx) 120 { 121 int size = EVP_MD_size((ctx)->md); 122 123 return (size < 0) ? 0 : size; 124 } 125 126 HMAC_CTX *HMAC_CTX_new(void) 127 { 128 HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); 129 130 if (ctx != NULL) { 131 if (!HMAC_CTX_reset(ctx)) { 132 HMAC_CTX_free(ctx); 133 return NULL; 134 } 135 } 136 return ctx; 137 } 138 139 static void hmac_ctx_cleanup(HMAC_CTX *ctx) 140 { 141 EVP_MD_CTX_reset(ctx->i_ctx); 142 EVP_MD_CTX_reset(ctx->o_ctx); 143 EVP_MD_CTX_reset(ctx->md_ctx); 144 ctx->md = NULL; 145 ctx->key_length = 0; 146 OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); 147 } 148 149 void HMAC_CTX_free(HMAC_CTX *ctx) 150 { 151 if (ctx != NULL) { 152 hmac_ctx_cleanup(ctx); 153 EVP_MD_CTX_free(ctx->i_ctx); 154 EVP_MD_CTX_free(ctx->o_ctx); 155 EVP_MD_CTX_free(ctx->md_ctx); 156 OPENSSL_free(ctx); 157 } 158 } 159 160 static int hmac_ctx_alloc_mds(HMAC_CTX *ctx) 161 { 162 if (ctx->i_ctx == NULL) 163 ctx->i_ctx = EVP_MD_CTX_new(); 164 if (ctx->i_ctx == NULL) 165 return 0; 166 if (ctx->o_ctx == NULL) 167 ctx->o_ctx = EVP_MD_CTX_new(); 168 if (ctx->o_ctx == NULL) 169 return 0; 170 if (ctx->md_ctx == NULL) 171 ctx->md_ctx = EVP_MD_CTX_new(); 172 if (ctx->md_ctx == NULL) 173 return 0; 174 return 1; 175 } 176 177 int HMAC_CTX_reset(HMAC_CTX *ctx) 178 { 179 hmac_ctx_cleanup(ctx); 180 if (!hmac_ctx_alloc_mds(ctx)) { 181 hmac_ctx_cleanup(ctx); 182 return 0; 183 } 184 return 1; 185 } 186 187 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) 188 { 189 if (!hmac_ctx_alloc_mds(dctx)) 190 goto err; 191 if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) 192 goto err; 193 if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) 194 goto err; 195 if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) 196 goto err; 197 memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); 198 dctx->key_length = sctx->key_length; 199 dctx->md = sctx->md; 200 return 1; 201 err: 202 hmac_ctx_cleanup(dctx); 203 return 0; 204 } 205 206 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, 207 const unsigned char *d, size_t n, unsigned char *md, 208 unsigned int *md_len) 209 { 210 HMAC_CTX *c = NULL; 211 static unsigned char m[EVP_MAX_MD_SIZE]; 212 static const unsigned char dummy_key[1] = {'\0'}; 213 214 if (md == NULL) 215 md = m; 216 if ((c = HMAC_CTX_new()) == NULL) 217 goto err; 218 219 /* For HMAC_Init_ex, NULL key signals reuse. */ 220 if (key == NULL && key_len == 0) { 221 key = dummy_key; 222 } 223 224 if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) 225 goto err; 226 if (!HMAC_Update(c, d, n)) 227 goto err; 228 if (!HMAC_Final(c, md, md_len)) 229 goto err; 230 HMAC_CTX_free(c); 231 return md; 232 err: 233 HMAC_CTX_free(c); 234 return NULL; 235 } 236 237 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) 238 { 239 EVP_MD_CTX_set_flags(ctx->i_ctx, flags); 240 EVP_MD_CTX_set_flags(ctx->o_ctx, flags); 241 EVP_MD_CTX_set_flags(ctx->md_ctx, flags); 242 } 243 244 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) 245 { 246 return ctx->md; 247 } 248