1 /* $NetBSD: hmac.c,v 1.5 2017/10/05 09:59:04 roy Exp $ */
2
3 /*-
4 * Copyright (c) 2016 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Christos Zoulas.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: hmac.c,v 1.5 2017/10/05 09:59:04 roy Exp $");
33
34 #include <string.h>
35 #include <stdlib.h>
36
37 #include <md2.h>
38 #include <md4.h>
39 #include <md5.h>
40 #include <rmd160.h>
41 #include <sha1.h>
42 #include <sha2.h>
43
44 #define HMAC_SIZE 128
45 #define HMAC_IPAD 0x36
46 #define HMAC_OPAD 0x5C
47
48 static const struct hmac {
49 const char *name;
50 size_t ctxsize;
51 size_t digsize;
52 size_t blocksize;
53 void (*init)(void *);
54 void (*update)(void *, const uint8_t *, unsigned int);
55 void (*final)(uint8_t *, void *);
56 } hmacs[] = {
57 {
58 "md2", sizeof(MD2_CTX), MD2_DIGEST_LENGTH, MD2_BLOCK_LENGTH,
59 (void *)MD2Init, (void *)MD2Update, (void *)MD2Final,
60 },
61 {
62 "md4", sizeof(MD4_CTX), MD4_DIGEST_LENGTH, MD4_BLOCK_LENGTH,
63 (void *)MD4Init, (void *)MD4Update, (void *)MD4Final,
64 },
65 {
66 "md5", sizeof(MD5_CTX), MD5_DIGEST_LENGTH, MD5_BLOCK_LENGTH,
67 (void *)MD5Init, (void *)MD5Update, (void *)MD5Final,
68 },
69 {
70 "rmd160", sizeof(RMD160_CTX), RMD160_DIGEST_LENGTH,
71 RMD160_BLOCK_LENGTH,
72 (void *)RMD160Init, (void *)RMD160Update, (void *)RMD160Final,
73 },
74 {
75 "sha1", sizeof(SHA1_CTX), SHA1_DIGEST_LENGTH, SHA1_BLOCK_LENGTH,
76 (void *)SHA1Init, (void *)SHA1Update, (void *)SHA1Final,
77 },
78 {
79 "sha224", sizeof(SHA224_CTX), SHA224_DIGEST_LENGTH,
80 SHA224_BLOCK_LENGTH,
81 (void *)SHA224_Init, (void *)SHA224_Update,
82 (void *)SHA224_Final,
83 },
84 {
85 "sha256", sizeof(SHA256_CTX), SHA256_DIGEST_LENGTH,
86 SHA256_BLOCK_LENGTH,
87 (void *)SHA256_Init, (void *)SHA256_Update,
88 (void *)SHA256_Final,
89 },
90 {
91 "sha384", sizeof(SHA384_CTX), SHA384_DIGEST_LENGTH,
92 SHA384_BLOCK_LENGTH,
93 (void *)SHA384_Init, (void *)SHA384_Update,
94 (void *)SHA384_Final,
95 },
96 {
97 "sha512", sizeof(SHA512_CTX), SHA512_DIGEST_LENGTH,
98 SHA512_BLOCK_LENGTH,
99 (void *)SHA512_Init, (void *)SHA512_Update,
100 (void *)SHA512_Final,
101 },
102 };
103
104 static const struct hmac *
hmac_find(const char * name)105 hmac_find(const char *name)
106 {
107 for (size_t i = 0; i < __arraycount(hmacs); i++) {
108 if (strcmp(hmacs[i].name, name) != 0)
109 continue;
110 return &hmacs[i];
111 }
112 return NULL;
113 }
114
115 ssize_t
hmac(const char * name,const void * key,size_t klen,const void * text,size_t tlen,void * digest,size_t dlen)116 hmac(const char *name,
117 const void *key, size_t klen,
118 const void *text, size_t tlen,
119 void *digest, size_t dlen)
120 {
121 uint8_t ipad[HMAC_SIZE], opad[HMAC_SIZE], d[HMAC_SIZE];
122 const uint8_t *k = key;
123 const struct hmac *h;
124 uint64_t c[32];
125 void *p;
126
127 if ((h = hmac_find(name)) == NULL)
128 return -1;
129
130
131 if (klen > h->blocksize) {
132 (*h->init)(c);
133 (*h->update)(c, k, (unsigned int)klen);
134 (*h->final)(d, c);
135 k = (void *)d;
136 klen = h->digsize;
137 }
138
139 /* Form input and output pads for the digests */
140 for (size_t i = 0; i < sizeof(ipad); i++) {
141 ipad[i] = (i < klen ? k[i] : 0) ^ HMAC_IPAD;
142 opad[i] = (i < klen ? k[i] : 0) ^ HMAC_OPAD;
143 }
144
145 p = dlen >= h->digsize ? digest : d;
146 if (p != digest) {
147 memcpy(p, digest, dlen);
148 memset((char *)p + dlen, 0, h->digsize - dlen);
149 }
150 (*h->init)(c);
151 (*h->update)(c, ipad, (unsigned int)h->blocksize);
152 (*h->update)(c, text, (unsigned int)tlen);
153 (*h->final)(p, c);
154
155 (*h->init)(c);
156 (*h->update)(c, opad, (unsigned int)h->blocksize);
157 (*h->update)(c, digest, (unsigned int)h->digsize);
158 (*h->final)(p, c);
159
160 if (p != digest)
161 memcpy(digest, p, dlen);
162
163 return (ssize_t)h->digsize;
164 }
165