1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
/* Copyright 2021 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "dcrypto.h"
#include "internal.h"
#include <stdint.h>
#include "cryptoc/util.h"
/**
* Generic software HMAC support for any type of hash.
*/
/* Calculate location of storage for ipad/opad in generic way */
static inline uint32_t *HMAC_opad(union hmac_ctx *const ctx)
{
return (uint32_t *)((uint8_t *)ctx + ctx->f->context_size);
}
/**
* Initialize HMAC for pre-configured hash function.
* This is generic function which can initialize HMAC with any supported
* hash function.
*/
void HMAC_sw_init(union hmac_ctx *const ctx, const void *key, size_t len)
{
uint32_t *const opad = HMAC_opad(ctx);
const size_t block_size = HASH_block_size(&ctx->hash);
size_t i;
/* inner padding with zeros */
memset(opad, 0, block_size);
/**
* HMAC (K, m) = H( (K' ⊕ opad) || H ((K' ⊕ ipad) || m) )
* K' = H(K) if K is longer than block size for H, or
* = K padded with zeroes otherwise
*/
if (len > block_size) {
/* ctx already contains proper vtable for hash functions */
/* But we need to reinit it after use. */
HASH_update(&ctx->hash, key, len);
memcpy(opad, HASH_final(&ctx->hash), HASH_size(&ctx->hash));
HASH_reinit(&ctx->hash);
} else {
memcpy(opad, key, len);
}
/* inner pad is K ⊕ 0x36, computed at word level */
for (i = 0; i < block_size / sizeof(opad[0]); ++i)
opad[i] ^= 0x36363636;
HASH_update(&ctx->hash, opad, block_size); /* hash ipad */
/* compute outer padding from the inner. */
for (i = 0; i < block_size / sizeof(opad[0]); ++i)
opad[i] ^= (0x36363636 ^ 0x5c5c5c5c);
}
const union sha_digests *HMAC_sw_final(union hmac_ctx *const ctx)
{
uint32_t *const opad = HMAC_opad(ctx);
uint32_t *digest; /* storage for intermediate digest */
const size_t block_size = HASH_block_size(&ctx->hash);
const size_t hash_size = HASH_size(&ctx->hash);
/* allocate storage dynamically, just enough for particular hash. */
digest = alloca(hash_size);
memcpy(digest, HASH_final(&ctx->hash), hash_size);
HASH_reinit(&ctx->hash);
HASH_update(&ctx->hash, opad, block_size);
HASH_update(&ctx->hash, digest, hash_size);
memset(opad, 0, block_size); /* wipe key */
return HASH_final(&ctx->hash);
}
|
