"Fossies" - the Fresh Open Source Software Archive

Member "tin-2.4.5/libcanlock/src/hmac.c" (5 Jan 2018, 7518 Bytes) of package /linux/misc/tin-2.4.5.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "hmac.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.4.2_vs_2.4.3.

    1 /**************************** hmac.c ***************************/
    2 /***************** See RFC 6234 for details. *******************/
    3 /* Copyright (c) 2011 IETF Trust and the persons identified as */
    4 /* authors of the code.  All rights reserved.                  */
    5 /* See sha.h for terms of use and redistribution.              */
    6 
    7 /*
    8  *  Description:
    9  *      This file implements the HMAC algorithm (Keyed-Hashing for
   10  *      Message Authentication, [RFC 2104]), expressed in terms of
   11  *      the various SHA algorithms.
   12  */
   13 
   14 #include "canlock-private.h"
   15 #include "sha.h"
   16 
   17 /*
   18  *  hmac
   19  *
   20  *  Description:
   21  *      This function will compute an HMAC message digest.
   22  *
   23  *  Parameters:
   24  *      whichSha: [in]
   25  *          One of SHA1, SHA224, SHA256, SHA384, SHA512
   26  *      message_array[ ]: [in]
   27  *          An array of octets representing the message.
   28  *          Note: in RFC 2104, this parameter is known
   29  *          as 'text'.
   30  *      length: [in]
   31  *          The length of the message in message_array.
   32  *      key[ ]: [in]
   33  *          The secret shared key.
   34  *      key_len: [in]
   35  *          The length of the secret shared key.
   36  *      digest[ ]: [out]
   37  *          Where the digest is to be returned.
   38  *          NOTE: The length of the digest is determined by
   39  *              the value of whichSha.
   40  *
   41  *  Returns:
   42  *      sha Error Code.
   43  *
   44  */
   45 int hmac(SHAversion whichSha,
   46     const unsigned char *message_array, int length,
   47     const unsigned char *key, int key_len,
   48     uint8_t digest[USHAMaxHashSize])
   49 {
   50   int res;
   51   HMACContext context;  /* Security review: Location L1 */
   52 
   53   res = hmacReset(&context, whichSha, key, key_len) ||
   54         hmacInput(&context, message_array, length) ||
   55         hmacResult(&context, digest);
   56   cl_clear_secret((void *) &context, sizeof(HMACContext), sizeof(HMACContext));
   57   return res;
   58 }
   59 
   60 /*
   61  *  hmacReset
   62  *
   63  *  Description:
   64  *      This function will initialize the hmacContext in preparation
   65  *      for computing a new HMAC message digest.
   66  *
   67  *  Parameters:
   68  *      context: [in/out]
   69  *          The context to reset.
   70  *      whichSha: [in]
   71  *          One of SHA1, SHA224, SHA256, SHA384, SHA512
   72  *      key[ ]: [in]
   73  *          The secret shared key.
   74  *      key_len: [in]
   75  *          The length of the secret shared key.
   76  *
   77  *  Returns:
   78  *      sha Error Code.
   79  *
   80  */
   81 int hmacReset(HMACContext *context, enum SHAversion whichSha,
   82     const unsigned char *key, int key_len)
   83 {
   84   int i, blocksize, hashsize, ret;
   85 
   86   /* inner padding - key XORd with ipad */
   87   /* Security review: Location L3 */
   88   unsigned char k_ipad[USHA_Max_Message_Block_Size];
   89 
   90   /* temporary buffer when keylen > blocksize */
   91   unsigned char tempkey[USHAMaxHashSize];
   92 
   93   if (!context) return shaNull;
   94   context->Computed = 0;
   95   context->Corrupted = shaSuccess;
   96 
   97   blocksize = context->blockSize = USHABlockSize(whichSha);
   98   hashsize = context->hashSize = USHAHashSize(whichSha);
   99   context->whichSha = whichSha;
  100 
  101   /*
  102    * If key is longer than the hash blocksize,
  103    * reset it to key = HASH(key).
  104    */
  105   if (key_len > blocksize) {
  106     USHAContext tcontext;  /* Security review: Location L2 */
  107     int err = USHAReset(&tcontext, whichSha) ||
  108               USHAInput(&tcontext, key, key_len) ||
  109               USHAResult(&tcontext, tempkey);
  110     if (err != shaSuccess) return err;
  111 
  112     key = tempkey;
  113     key_len = hashsize;
  114     /* tcontext contains a buffer to which key is copied by USHAInput() */
  115     cl_clear_secret((void *) &tcontext,
  116                     sizeof(USHAContext), sizeof(USHAContext));
  117   }
  118 
  119   /*
  120    * The HMAC transform looks like:
  121    *
  122    * SHA(K XOR opad, SHA(K XOR ipad, text))
  123    *
  124    * where K is an n byte key, 0-padded to a total of blocksize bytes,
  125    * ipad is the byte 0x36 repeated blocksize times,
  126    * opad is the byte 0x5c repeated blocksize times,
  127    * and text is the data being protected.
  128    */
  129 
  130   /* store key into the pads, XOR'd with ipad and opad values */
  131   for (i = 0; i < key_len; i++) {
  132     k_ipad[i] = key[i] ^ 0x36;
  133     context->k_opad[i] = key[i] ^ 0x5c;
  134   }
  135   /* remaining pad bytes are '\0' XOR'd with ipad and opad values */
  136   for ( ; i < blocksize; i++) {
  137     k_ipad[i] = 0x36;
  138     context->k_opad[i] = 0x5c;
  139   }
  140 
  141   /* perform inner hash */
  142   /* init context for 1st pass */
  143   ret = USHAReset(&context->shaContext, whichSha) ||
  144         /* and start with inner pad */
  145         USHAInput(&context->shaContext, k_ipad, blocksize);
  146   cl_clear_secret((void *) k_ipad, sizeof(k_ipad), sizeof(k_ipad));
  147   return context->Corrupted = ret;
  148 }
  149 
  150 /*
  151  *  hmacInput
  152  *
  153  *  Description:
  154  *      This function accepts an array of octets as the next portion
  155  *      of the message.  It may be called multiple times.
  156  *
  157  *  Parameters:
  158  *      context: [in/out]
  159  *          The HMAC context to update.
  160  *      text[ ]: [in]
  161  *          An array of octets representing the next portion of
  162  *          the message.
  163  *      text_len: [in]
  164  *          The length of the message in text.
  165  *
  166  *  Returns:
  167  *      sha Error Code.
  168  *
  169  */
  170 int hmacInput(HMACContext *context, const unsigned char *text,
  171     int text_len)
  172 {
  173   if (!context) return shaNull;
  174   if (context->Corrupted) return context->Corrupted;
  175   if (context->Computed) return context->Corrupted = shaStateError;
  176   /* then text of datagram */
  177   return context->Corrupted =
  178     USHAInput(&context->shaContext, text, text_len);
  179 }
  180 
  181 /*
  182  * hmacFinalBits
  183  *
  184  * Description:
  185  *   This function will add in any final bits of the message.
  186  *
  187  * Parameters:
  188  *   context: [in/out]
  189  *     The HMAC context to update.
  190  *   message_bits: [in]
  191  *     The final bits of the message, in the upper portion of the
  192  *     byte.  (Use 0b###00000 instead of 0b00000### to input the
  193  *     three bits ###.)
  194  *   length: [in]
  195  *     The number of bits in message_bits, between 1 and 7.
  196  *
  197  * Returns:
  198  *   sha Error Code.
  199  */
  200 int hmacFinalBits(HMACContext *context,
  201     uint8_t bits, unsigned int bit_count)
  202 {
  203   if (!context) return shaNull;
  204   if (context->Corrupted) return context->Corrupted;
  205   if (context->Computed) return context->Corrupted = shaStateError;
  206   /* then final bits of datagram */
  207   return context->Corrupted =
  208     USHAFinalBits(&context->shaContext, bits, bit_count);
  209 }
  210 
  211 /*
  212  * hmacResult
  213  *
  214  * Description:
  215  *   This function will return the N-byte message digest into the
  216  *   Message_Digest array provided by the caller.
  217  *
  218  * Parameters:
  219  *   context: [in/out]
  220  *     The context to use to calculate the HMAC hash.
  221  *   digest[ ]: [out]
  222  *     Where the digest is returned.
  223  *     NOTE 2: The length of the hash is determined by the value of
  224  *      whichSha that was passed to hmacReset().
  225  *
  226  * Returns:
  227  *   sha Error Code.
  228  *
  229  */
  230 int hmacResult(HMACContext *context, uint8_t *digest)
  231 {
  232   int ret;
  233   if (!context) return shaNull;
  234   if (context->Corrupted) return context->Corrupted;
  235   if (context->Computed) return context->Corrupted = shaStateError;
  236 
  237   /* finish up 1st pass */
  238   /* (Use digest here as a temporary buffer.) */
  239   ret =
  240     USHAResult(&context->shaContext, digest) ||
  241          /* perform outer SHA */
  242          /* init context for 2nd pass */
  243          USHAReset(&context->shaContext, context->whichSha) ||
  244 
  245          /* start with outer pad */
  246          USHAInput(&context->shaContext, context->k_opad,
  247                    context->blockSize) ||
  248 
  249          /* then results of 1st hash */
  250          USHAInput(&context->shaContext, digest, context->hashSize) ||
  251          /* finish up 2nd pass */
  252          USHAResult(&context->shaContext, digest);
  253 
  254   context->Computed = 1;
  255   return context->Corrupted = ret;
  256 }