2008-05-26 19:13:21 +00:00
|
|
|
/* hmac-sha256.c */
|
|
|
|
/*
|
|
|
|
This file is part of the Crypto-avr-lib/microcrypt-lib.
|
|
|
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
2006-07-31 16:04:26 +00:00
|
|
|
/**
|
|
|
|
*
|
|
|
|
* implementation of HMAC as described in RFC2104
|
2008-07-03 04:11:34 +00:00
|
|
|
* Author: Daniel Otte
|
|
|
|
* email: daniel.otte@rub.de
|
|
|
|
* License: GPLv3 or later
|
2006-07-31 16:04:26 +00:00
|
|
|
**/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* hmac = hash ( k^opad , hash( k^ipad , msg))
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <string.h>
|
2007-12-20 02:15:53 +00:00
|
|
|
#include "config.h"
|
2006-07-31 16:04:26 +00:00
|
|
|
#include "sha256.h"
|
|
|
|
|
|
|
|
#define IPAD 0x36
|
|
|
|
#define OPAD 0x5C
|
|
|
|
|
|
|
|
typedef sha256_ctx_t hmac_sha256_ctx_t;
|
|
|
|
|
2007-12-20 02:15:53 +00:00
|
|
|
#ifndef HMAC_SHORTONLY
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
void hmac_sha256_init(hmac_sha256_ctx_t *s, void* key, uint16_t keylength_b){
|
|
|
|
uint8_t buffer[SHA256_HASH_BYTES];
|
2006-07-31 16:04:26 +00:00
|
|
|
uint8_t i;
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
memset(buffer, 0, SHA256_HASH_BYTES);
|
|
|
|
if (keylength_b > SHA256_BLOCK_BITS){
|
|
|
|
sha256((void*)buffer, key, keylength_b);
|
2006-07-31 16:04:26 +00:00
|
|
|
} else {
|
2008-07-09 03:22:58 +00:00
|
|
|
memcpy(buffer, key, (keylength_b+7)/8);
|
2006-07-31 16:04:26 +00:00
|
|
|
}
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
for (i=0; i<SHA256_HASH_BYTES; ++i){
|
2006-07-31 16:04:26 +00:00
|
|
|
buffer[i] ^= IPAD;
|
|
|
|
}
|
|
|
|
|
|
|
|
sha256_init(s);
|
|
|
|
sha256_nextBlock(s, buffer);
|
|
|
|
#if defined SECURE_WIPE_BUFFER
|
2008-07-09 03:22:58 +00:00
|
|
|
memset(buffer, 0, SHA256_HASH_BYTES);
|
2006-07-31 16:04:26 +00:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
void hmac_sha256_final(hmac_sha256_ctx_t *s, void* key, uint16_t keylength_b){
|
|
|
|
uint8_t buffer[SHA256_HASH_BYTES];
|
2006-07-31 16:04:26 +00:00
|
|
|
uint8_t i;
|
|
|
|
sha256_ctx_t a;
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
memset(buffer, 0, SHA256_HASH_BYTES);
|
|
|
|
if (keylength_b > SHA256_BLOCK_BITS){
|
|
|
|
sha256((void*)buffer, key, keylength_b);
|
2006-07-31 16:04:26 +00:00
|
|
|
} else {
|
2008-07-09 03:22:58 +00:00
|
|
|
memcpy(buffer, key, (keylength_b+7)/8);
|
2006-07-31 16:04:26 +00:00
|
|
|
}
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
for (i=0; i<SHA256_HASH_BYTES; ++i){
|
2006-07-31 16:04:26 +00:00
|
|
|
buffer[i] ^= OPAD;
|
|
|
|
}
|
|
|
|
|
|
|
|
sha256_init(&a);
|
|
|
|
sha256_nextBlock(&a, buffer); /* hash key ^ opad */
|
|
|
|
sha256_ctx2hash((void*)buffer, s); /* copy hash(key ^ ipad, msg) to buffer */
|
2008-04-07 02:21:24 +00:00
|
|
|
sha256_lastBlock(&a, buffer, SHA256_HASH_BITS);
|
|
|
|
memcpy(s, &a, sizeof(sha256_ctx_t));
|
2006-07-31 16:04:26 +00:00
|
|
|
#if defined SECURE_WIPE_BUFFER
|
2008-07-09 03:22:58 +00:00
|
|
|
memset(buffer, 0, SHA256_HASH_BYTES);
|
2006-07-31 16:04:26 +00:00
|
|
|
memset(a.h, 0, 8*4);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2007-12-20 02:15:53 +00:00
|
|
|
#endif
|
|
|
|
|
2006-07-31 16:04:26 +00:00
|
|
|
/*
|
|
|
|
void hmac_sha256_nextBlock()
|
|
|
|
void hmac_sha256_lastBlock()
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* keylength in bits!
|
|
|
|
* message length in bits!
|
|
|
|
*/
|
2008-07-09 03:22:58 +00:00
|
|
|
void hmac_sha256(void* dest, void* key, uint16_t keylength_b, void* msg, uint64_t msglength_b){ /* a one-shot*/
|
2006-07-31 16:04:26 +00:00
|
|
|
sha256_ctx_t s;
|
|
|
|
uint8_t i;
|
2008-07-09 03:22:58 +00:00
|
|
|
uint8_t buffer[SHA256_HASH_BYTES];
|
2006-07-31 16:04:26 +00:00
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
memset(buffer, 0, SHA256_HASH_BYTES);
|
2007-02-16 06:16:12 +00:00
|
|
|
|
2006-07-31 16:04:26 +00:00
|
|
|
/* if key is larger than a block we have to hash it*/
|
2008-07-09 03:22:58 +00:00
|
|
|
if (keylength_b > SHA256_BLOCK_BITS){
|
|
|
|
sha256((void*)buffer, key, keylength_b);
|
2006-07-31 16:04:26 +00:00
|
|
|
} else {
|
2008-07-09 03:22:58 +00:00
|
|
|
memcpy(buffer, key, (keylength_b+7)/8);
|
2006-07-31 16:04:26 +00:00
|
|
|
}
|
|
|
|
|
2008-07-09 03:22:58 +00:00
|
|
|
for (i=0; i<SHA256_HASH_BYTES; ++i){
|
2006-07-31 16:04:26 +00:00
|
|
|
buffer[i] ^= IPAD;
|
|
|
|
}
|
|
|
|
sha256_init(&s);
|
|
|
|
sha256_nextBlock(&s, buffer);
|
2008-07-09 03:22:58 +00:00
|
|
|
while (msglength_b >= SHA256_BLOCK_BITS){
|
2006-07-31 16:04:26 +00:00
|
|
|
sha256_nextBlock(&s, msg);
|
2008-07-09 03:22:58 +00:00
|
|
|
msg = (uint8_t*)msg + SHA256_HASH_BYTES;
|
|
|
|
msglength_b -= SHA256_BLOCK_BITS;
|
2006-07-31 16:04:26 +00:00
|
|
|
}
|
2008-07-09 03:22:58 +00:00
|
|
|
sha256_lastBlock(&s, msg, msglength_b);
|
2006-07-31 16:04:26 +00:00
|
|
|
/* since buffer still contains key xor ipad we can do ... */
|
2008-07-09 03:22:58 +00:00
|
|
|
for (i=0; i<SHA256_HASH_BYTES; ++i){
|
2006-07-31 16:04:26 +00:00
|
|
|
buffer[i] ^= IPAD ^ OPAD;
|
|
|
|
}
|
2007-02-16 06:16:12 +00:00
|
|
|
sha256_ctx2hash(dest, &s); /* save inner hash temporary to dest */
|
2006-07-31 16:04:26 +00:00
|
|
|
sha256_init(&s);
|
|
|
|
sha256_nextBlock(&s, buffer);
|
|
|
|
sha256_lastBlock(&s, dest, SHA256_HASH_BITS);
|
2007-02-16 06:16:12 +00:00
|
|
|
sha256_ctx2hash(dest, &s);
|
2006-07-31 16:04:26 +00:00
|
|
|
}
|