1 /* 2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include "internal/cryptlib.h" 14 #include <openssl/hmac.h> 15 #include <openssl/opensslconf.h> 16 #include "hmac_local.h" 17 18 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, 19 const EVP_MD *md, ENGINE *impl) 20 { 21 int rv = 0, reset = 0; 22 int i, j; 23 unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; 24 unsigned int keytmp_length; 25 unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE]; 26 27 /* If we are changing MD then we must have a key */ 28 if (md != NULL && md != ctx->md && (key == NULL || len < 0)) 29 return 0; 30 31 if (md != NULL) { 32 ctx->md = md; 33 } else if (ctx->md) { 34 md = ctx->md; 35 } else { 36 return 0; 37 } 38 39 /* 40 * The HMAC construction is not allowed to be used with the 41 * extendable-output functions (XOF) shake128 and shake256. 42 */ 43 if ((EVP_MD_meth_get_flags(md) & EVP_MD_FLAG_XOF) != 0) 44 return 0; 45 46 if (key != NULL) { 47 reset = 1; 48 49 j = EVP_MD_block_size(md); 50 if (!ossl_assert(j <= (int)sizeof(keytmp))) 51 return 0; 52 if (j < len) { 53 if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) 54 || !EVP_DigestUpdate(ctx->md_ctx, key, len) 55 || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, 56 &keytmp_length)) 57 return 0; 58 } else { 59 if (len < 0 || len > (int)sizeof(keytmp)) 60 return 0; 61 memcpy(keytmp, key, len); 62 keytmp_length = len; 63 } 64 if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) 65 memset(&keytmp[keytmp_length], 0, 66 HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); 67 68 for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) 69 pad[i] = 0x36 ^ keytmp[i]; 70 if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) 71 || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) 72 goto err; 73 74 for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) 75 pad[i] = 0x5c ^ keytmp[i]; 76 if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) 77 || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) 78 goto err; 79 } 80 if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) 81 goto err; 82 rv = 1; 83 err: 84 if (reset) { 85 OPENSSL_cleanse(keytmp, sizeof(keytmp)); 86 OPENSSL_cleanse(pad, sizeof(pad)); 87 } 88 return rv; 89 } 90 91 #if OPENSSL_API_COMPAT < 0x10100000L 92 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) 93 { 94 if (key && md) 95 HMAC_CTX_reset(ctx); 96 return HMAC_Init_ex(ctx, key, len, md, NULL); 97 } 98 #endif 99 100 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) 101 { 102 if (!ctx->md) 103 return 0; 104 return EVP_DigestUpdate(ctx->md_ctx, data, len); 105 } 106 107 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) 108 { 109 unsigned int i; 110 unsigned char buf[EVP_MAX_MD_SIZE]; 111 112 if (!ctx->md) 113 goto err; 114 115 if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) 116 goto err; 117 if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) 118 goto err; 119 if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) 120 goto err; 121 if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) 122 goto err; 123 return 1; 124 err: 125 return 0; 126 } 127 128 size_t HMAC_size(const HMAC_CTX *ctx) 129 { 130 int size = EVP_MD_size((ctx)->md); 131 132 return (size < 0) ? 0 : size; 133 } 134 135 HMAC_CTX *HMAC_CTX_new(void) 136 { 137 HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); 138 139 if (ctx != NULL) { 140 if (!HMAC_CTX_reset(ctx)) { 141 HMAC_CTX_free(ctx); 142 return NULL; 143 } 144 } 145 return ctx; 146 } 147 148 static void hmac_ctx_cleanup(HMAC_CTX *ctx) 149 { 150 EVP_MD_CTX_reset(ctx->i_ctx); 151 EVP_MD_CTX_reset(ctx->o_ctx); 152 EVP_MD_CTX_reset(ctx->md_ctx); 153 ctx->md = NULL; 154 } 155 156 void HMAC_CTX_free(HMAC_CTX *ctx) 157 { 158 if (ctx != NULL) { 159 hmac_ctx_cleanup(ctx); 160 EVP_MD_CTX_free(ctx->i_ctx); 161 EVP_MD_CTX_free(ctx->o_ctx); 162 EVP_MD_CTX_free(ctx->md_ctx); 163 OPENSSL_free(ctx); 164 } 165 } 166 167 static int hmac_ctx_alloc_mds(HMAC_CTX *ctx) 168 { 169 if (ctx->i_ctx == NULL) 170 ctx->i_ctx = EVP_MD_CTX_new(); 171 if (ctx->i_ctx == NULL) 172 return 0; 173 if (ctx->o_ctx == NULL) 174 ctx->o_ctx = EVP_MD_CTX_new(); 175 if (ctx->o_ctx == NULL) 176 return 0; 177 if (ctx->md_ctx == NULL) 178 ctx->md_ctx = EVP_MD_CTX_new(); 179 if (ctx->md_ctx == NULL) 180 return 0; 181 return 1; 182 } 183 184 int HMAC_CTX_reset(HMAC_CTX *ctx) 185 { 186 hmac_ctx_cleanup(ctx); 187 if (!hmac_ctx_alloc_mds(ctx)) { 188 hmac_ctx_cleanup(ctx); 189 return 0; 190 } 191 return 1; 192 } 193 194 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) 195 { 196 if (!hmac_ctx_alloc_mds(dctx)) 197 goto err; 198 if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) 199 goto err; 200 if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) 201 goto err; 202 if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) 203 goto err; 204 dctx->md = sctx->md; 205 return 1; 206 err: 207 hmac_ctx_cleanup(dctx); 208 return 0; 209 } 210 211 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, 212 const unsigned char *d, size_t n, unsigned char *md, 213 unsigned int *md_len) 214 { 215 HMAC_CTX *c = NULL; 216 static unsigned char m[EVP_MAX_MD_SIZE]; 217 static const unsigned char dummy_key[1] = {'\0'}; 218 219 if (md == NULL) 220 md = m; 221 if ((c = HMAC_CTX_new()) == NULL) 222 goto err; 223 224 /* For HMAC_Init_ex, NULL key signals reuse. */ 225 if (key == NULL && key_len == 0) { 226 key = dummy_key; 227 } 228 229 if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) 230 goto err; 231 if (!HMAC_Update(c, d, n)) 232 goto err; 233 if (!HMAC_Final(c, md, md_len)) 234 goto err; 235 HMAC_CTX_free(c); 236 return md; 237 err: 238 HMAC_CTX_free(c); 239 return NULL; 240 } 241 242 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) 243 { 244 EVP_MD_CTX_set_flags(ctx->i_ctx, flags); 245 EVP_MD_CTX_set_flags(ctx->o_ctx, flags); 246 EVP_MD_CTX_set_flags(ctx->md_ctx, flags); 247 } 248 249 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) 250 { 251 return ctx->md; 252 } 253