xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/hcrypto/hmac.c (revision d3273b5b76f5afaafe308cead5511dbb8df8c5e9) 
1 /*	$NetBSD: hmac.c,v 1.2 2017/01/28 21:31:47 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <config.h>
37 #include <krb5/roken.h>
38 
39 #include <hmac.h>
40 
41 void
HMAC_CTX_init(HMAC_CTX * ctx)42 HMAC_CTX_init(HMAC_CTX *ctx)
43 {
44     memset(ctx, 0, sizeof(*ctx));
45 }
46 
47 void
HMAC_CTX_cleanup(HMAC_CTX * ctx)48 HMAC_CTX_cleanup(HMAC_CTX *ctx)
49 {
50     if (ctx->buf) {
51 	memset(ctx->buf, 0, ctx->key_length);
52 	free(ctx->buf);
53 	ctx->buf = NULL;
54     }
55     if (ctx->opad) {
56 	memset(ctx->opad, 0, EVP_MD_block_size(ctx->md));
57 	free(ctx->opad);
58 	ctx->opad = NULL;
59     }
60     if (ctx->ipad) {
61 	memset(ctx->ipad, 0, EVP_MD_block_size(ctx->md));
62 	free(ctx->ipad);
63 	ctx->ipad = NULL;
64     }
65     if (ctx->ctx) {
66 	EVP_MD_CTX_destroy(ctx->ctx);
67 	ctx->ctx = NULL;
68     }
69 }
70 
71 size_t
HMAC_size(const HMAC_CTX * ctx)72 HMAC_size(const HMAC_CTX *ctx)
73 {
74     return EVP_MD_size(ctx->md);
75 }
76 
77 void
HMAC_Init_ex(HMAC_CTX * ctx,const void * key,size_t keylen,const EVP_MD * md,ENGINE * engine)78 HMAC_Init_ex(HMAC_CTX *ctx,
79 	     const void *key,
80 	     size_t keylen,
81 	     const EVP_MD *md,
82 	     ENGINE *engine)
83 {
84     unsigned char *p;
85     size_t i;
86 
87     if (ctx->md != md) {
88 	ctx->md = md;
89 	if (ctx->buf) {
90 	    memset(ctx->buf, 0, ctx->key_length);
91 	    free (ctx->buf);
92 	}
93 	ctx->key_length = EVP_MD_size(ctx->md);
94 	ctx->buf = malloc(ctx->key_length);
95     }
96 #if 0
97     ctx->engine = engine;
98 #endif
99 
100     if (keylen > EVP_MD_block_size(ctx->md)) {
101 	EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine);
102 	key = ctx->buf;
103 	keylen = EVP_MD_size(ctx->md);
104     }
105 
106     if (ctx->opad) {
107 	memset(ctx->opad, 0, ctx->key_length);
108 	free(ctx->opad);
109     }
110     if (ctx->ipad) {
111 	memset(ctx->ipad, 0, ctx->key_length);
112 	free(ctx->ipad);
113     }
114 
115     ctx->opad = malloc(EVP_MD_block_size(ctx->md));
116     ctx->ipad = malloc(EVP_MD_block_size(ctx->md));
117     memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md));
118     memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md));
119 
120     for (i = 0, p = ctx->ipad; i < keylen; i++)
121 	p[i] ^= ((const unsigned char *)key)[i];
122     for (i = 0, p = ctx->opad; i < keylen; i++)
123 	p[i] ^= ((const unsigned char *)key)[i];
124 
125     if (ctx->ctx == NULL)
126 	ctx->ctx = EVP_MD_CTX_create();
127 
128     EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
129     EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md));
130 }
131 
132 void
HMAC_Update(HMAC_CTX * ctx,const void * data,size_t len)133 HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len)
134 {
135     EVP_DigestUpdate(ctx->ctx, data, len);
136 }
137 
138 void
HMAC_Final(HMAC_CTX * ctx,void * md,unsigned int * len)139 HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len)
140 {
141     EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL);
142 
143     EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
144     EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md));
145     EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length);
146     EVP_DigestFinal_ex(ctx->ctx, md, len);
147 }
148 
149 void *
HMAC(const EVP_MD * md,const void * key,size_t key_size,const void * data,size_t data_size,void * hash,unsigned int * hash_len)150 HMAC(const EVP_MD *md,
151      const void *key, size_t key_size,
152      const void *data, size_t data_size,
153      void *hash, unsigned int *hash_len)
154 {
155     HMAC_CTX ctx;
156 
157     HMAC_CTX_init(&ctx);
158     HMAC_Init_ex(&ctx, key, key_size, md, NULL);
159     HMAC_Update(&ctx, data, data_size);
160     HMAC_Final(&ctx, hash, hash_len);
161     HMAC_CTX_cleanup(&ctx);
162     return hash;
163 }
164