1 /*
2  * HMAC-SHA-224/256/384/512 implementation
3  * Last update: 06/15/2005
4  * Issue date:  06/15/2005
5  *
6  * Copyright (C) 2005 Olivier Gay <olivier.gay@a3.epfl.ch>
7  * All rights reserved.
8  *
9  * Copyright (c) 2016, Linaro Limited
10  * All rights reserved.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions
14  * are met:
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in the
19  *    documentation and/or other materials provided with the distribution.
20  * 3. Neither the name of the project nor the names of its contributors
21  *    may be used to endorse or promote products derived from this software
22  *    without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
25  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
28  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34  * SUCH DAMAGE.
35  */
36 
37 #include <string.h>
38 
39 #include "hmac_sha2.h"
40 
41 /* HMAC-SHA-256 functions */
42 
hmac_sha256_init(hmac_sha256_ctx * ctx,const unsigned char * key,unsigned int key_size)43 void hmac_sha256_init(hmac_sha256_ctx *ctx, const unsigned char *key,
44                       unsigned int key_size)
45 {
46     unsigned int fill = 0;
47     unsigned int num = 0;
48     const unsigned char *key_used = NULL;
49     unsigned char key_temp[SHA256_DIGEST_SIZE] = { 0 };
50     int i = 0;
51 
52     if (key_size == SHA256_BLOCK_SIZE) {
53         key_used = key;
54         num = SHA256_BLOCK_SIZE;
55     } else {
56         if (key_size > SHA256_BLOCK_SIZE){
57             num = SHA256_DIGEST_SIZE;
58             sha256(key, key_size, key_temp);
59             key_used = key_temp;
60         } else { /* key_size > SHA256_BLOCK_SIZE */
61             key_used = key;
62             num = key_size;
63         }
64         fill = SHA256_BLOCK_SIZE - num;
65 
66         memset(ctx->block_ipad + num, 0x36, fill);
67         memset(ctx->block_opad + num, 0x5c, fill);
68     }
69 
70     for (i = 0; i < (int) num; i++) {
71         ctx->block_ipad[i] = key_used[i] ^ 0x36;
72         ctx->block_opad[i] = key_used[i] ^ 0x5c;
73     }
74 
75     sha256_init(&ctx->ctx_inside);
76     sha256_update(&ctx->ctx_inside, ctx->block_ipad, SHA256_BLOCK_SIZE);
77 
78     sha256_init(&ctx->ctx_outside);
79     sha256_update(&ctx->ctx_outside, ctx->block_opad,
80                   SHA256_BLOCK_SIZE);
81 
82     /* for hmac_reinit */
83     memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside,
84            sizeof(sha256_ctx));
85     memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside,
86            sizeof(sha256_ctx));
87 }
88 
hmac_sha256_reinit(hmac_sha256_ctx * ctx)89 void hmac_sha256_reinit(hmac_sha256_ctx *ctx)
90 {
91     memcpy(&ctx->ctx_inside, &ctx->ctx_inside_reinit,
92            sizeof(sha256_ctx));
93     memcpy(&ctx->ctx_outside, &ctx->ctx_outside_reinit,
94            sizeof(sha256_ctx));
95 }
96 
hmac_sha256_update(hmac_sha256_ctx * ctx,const unsigned char * message,unsigned int message_len)97 void hmac_sha256_update(hmac_sha256_ctx *ctx, const unsigned char *message,
98                         unsigned int message_len)
99 {
100     sha256_update(&ctx->ctx_inside, message, message_len);
101 }
102 
hmac_sha256_final(hmac_sha256_ctx * ctx,unsigned char * mac,unsigned int mac_size)103 void hmac_sha256_final(hmac_sha256_ctx *ctx, unsigned char *mac,
104                        unsigned int mac_size)
105 {
106     unsigned char digest_inside[SHA256_DIGEST_SIZE] = { 0 };
107     unsigned char mac_temp[SHA256_DIGEST_SIZE] = { 0 };
108 
109     sha256_final(&ctx->ctx_inside, digest_inside);
110     sha256_update(&ctx->ctx_outside, digest_inside, SHA256_DIGEST_SIZE);
111     sha256_final(&ctx->ctx_outside, mac_temp);
112     memcpy(mac, mac_temp, mac_size);
113 }
114 
hmac_sha256(const unsigned char * key,unsigned int key_size,const unsigned char * message,unsigned int message_len,unsigned char * mac,unsigned mac_size)115 void hmac_sha256(const unsigned char *key, unsigned int key_size,
116           const unsigned char *message, unsigned int message_len,
117           unsigned char *mac, unsigned mac_size)
118 {
119     hmac_sha256_ctx ctx;
120 
121     memset(&ctx, 0, sizeof(ctx));
122 
123     hmac_sha256_init(&ctx, key, key_size);
124     hmac_sha256_update(&ctx, message, message_len);
125     hmac_sha256_final(&ctx, mac, mac_size);
126 }
127