"Fossies" - the Fresh Open Source Software Archive

Member "tin-2.6.2/libcanlock/src/hmac.c" (23 Aug 2021, 7835 Bytes) of package /linux/misc/tin-2.6.2.tar.xz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "hmac.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.4.5_vs_2.6.0.

    1 /**************************** hmac.c ***************************/
    2 /***************** See RFC 6234 for details. *******************/
    3 /* Copyright (c) 2011 IETF Trust and the persons identified as */
    4 /* authors of the code.  All rights reserved.                  */
    5 /* See sha.h for terms of use and redistribution.              */
    6 
    7 /*
    8  *  Description:
    9  *      This file implements the HMAC algorithm (Keyed-Hashing for
   10  *      Message Authentication, [RFC 2104]), expressed in terms of
   11  *      the various SHA algorithms.
   12  *
   13  *  Note:
   14  *      Prefix for internal API changed from "hmac" to "RFC2104Hmac"
   15  *      because of namespace clash with NetBSD libc.
   16  */
   17 
   18 #include "canlock-private.h"
   19 #include "sha.h"
   20 
   21 /*
   22  *  RFC2104Hmac
   23  *
   24  *  Description:
   25  *      This function will compute an HMAC message digest.
   26  *
   27  *  Parameters:
   28  *      whichSha: [in]
   29  *          One of SHA1, SHA224, SHA256, SHA384, SHA512
   30  *      message_array[ ]: [in]
   31  *          An array of octets representing the message.
   32  *          Note: in RFC 2104, this parameter is known
   33  *          as 'text'.
   34  *      length: [in]
   35  *          The length of the message in message_array.
   36  *      key[ ]: [in]
   37  *          The secret shared key.
   38  *      key_len: [in]
   39  *          The length of the secret shared key.
   40  *      digest[ ]: [out]
   41  *          Where the digest is to be returned.
   42  *          NOTE: The length of the digest is determined by
   43  *              the value of whichSha.
   44  *
   45  *  Returns:
   46  *      sha Error Code.
   47  *
   48  */
   49 int RFC2104Hmac(SHAversion whichSha,
   50                 const unsigned char *message_array, int length,
   51                 const unsigned char *key, int key_len,
   52                 uint8_t digest[USHAMaxHashSize])
   53 {
   54   int res;
   55   HMACContext context;  /* Security review: Location L1 */
   56 
   57   res = RFC2104HmacReset(&context, whichSha, key, key_len) ||
   58         RFC2104HmacInput(&context, message_array, length) ||
   59         RFC2104HmacResult(&context, digest);
   60   cl_clear_secret((void *) &context, sizeof(HMACContext), sizeof(HMACContext));
   61   return res;
   62 }
   63 
   64 /*
   65  *  RFC2104HmacReset
   66  *
   67  *  Description:
   68  *      This function will initialize the hmacContext in preparation
   69  *      for computing a new HMAC message digest.
   70  *
   71  *  Parameters:
   72  *      context: [in/out]
   73  *          The context to reset.
   74  *      whichSha: [in]
   75  *          One of SHA1, SHA224, SHA256, SHA384, SHA512
   76  *      key[ ]: [in]
   77  *          The secret shared key.
   78  *      key_len: [in]
   79  *          The length of the secret shared key.
   80  *
   81  *  Returns:
   82  *      sha Error Code.
   83  *
   84  */
   85 int RFC2104HmacReset(HMACContext *context, enum SHAversion whichSha,
   86                      const unsigned char *key, int key_len)
   87 {
   88   int i, blocksize, hashsize, ret;
   89 
   90   /* inner padding - key XORd with ipad */
   91   /* Security review: Location L3 */
   92   unsigned char k_ipad[USHA_Max_Message_Block_Size];
   93 
   94   /* temporary buffer when keylen > blocksize */
   95   unsigned char tempkey[USHAMaxHashSize];
   96 
   97   if (!context) return shaNull;
   98   context->Computed = 0;
   99   context->Corrupted = shaSuccess;
  100 
  101   blocksize = context->blockSize = USHABlockSize(whichSha);
  102   hashsize = context->hashSize = USHAHashSize(whichSha);
  103   context->whichSha = whichSha;
  104 
  105   /*
  106    * If key is longer than the hash blocksize,
  107    * reset it to key = HASH(key).
  108    */
  109   if (key_len > blocksize) {
  110     USHAContext tcontext;  /* Security review: Location L2 */
  111     int err = USHAReset(&tcontext, whichSha) ||
  112               USHAInput(&tcontext, key, key_len) ||
  113               USHAResult(&tcontext, tempkey);
  114     if (err != shaSuccess) return err;
  115 
  116     key = tempkey;
  117     key_len = hashsize;
  118     /* tcontext contains a buffer to which key is copied by USHAInput() */
  119     cl_clear_secret((void *) &tcontext,
  120                     sizeof(USHAContext), sizeof(USHAContext));
  121   }
  122 
  123   /*
  124    * The HMAC transform looks like:
  125    *
  126    * SHA(K XOR opad, SHA(K XOR ipad, text))
  127    *
  128    * where K is an n byte key, 0-padded to a total of blocksize bytes,
  129    * ipad is the byte 0x36 repeated blocksize times,
  130    * opad is the byte 0x5c repeated blocksize times,
  131    * and text is the data being protected.
  132    */
  133 
  134   /* store key into the pads, XOR'd with ipad and opad values */
  135   for (i = 0; i < key_len; i++) {
  136     k_ipad[i] = key[i] ^ 0x36;
  137     context->k_opad[i] = key[i] ^ 0x5c;
  138   }
  139   /* remaining pad bytes are '\0' XOR'd with ipad and opad values */
  140   for ( ; i < blocksize; i++) {
  141     k_ipad[i] = 0x36;
  142     context->k_opad[i] = 0x5c;
  143   }
  144 
  145   /* perform inner hash */
  146   /* init context for 1st pass */
  147   ret = USHAReset(&context->shaContext, whichSha) ||
  148         /* and start with inner pad */
  149         USHAInput(&context->shaContext, k_ipad, blocksize);
  150   cl_clear_secret((void *) k_ipad, sizeof(k_ipad), sizeof(k_ipad));
  151   return context->Corrupted = ret;
  152 }
  153 
  154 /*
  155  *  RFC2104HmacInput
  156  *
  157  *  Description:
  158  *      This function accepts an array of octets as the next portion
  159  *      of the message.  It may be called multiple times.
  160  *
  161  *  Parameters:
  162  *      context: [in/out]
  163  *          The HMAC context to update.
  164  *      text[ ]: [in]
  165  *          An array of octets representing the next portion of
  166  *          the message.
  167  *      text_len: [in]
  168  *          The length of the message in text.
  169  *
  170  *  Returns:
  171  *      sha Error Code.
  172  *
  173  */
  174 int RFC2104HmacInput(HMACContext *context, const unsigned char *text,
  175                      int text_len)
  176 {
  177   if (!context) return shaNull;
  178   if (context->Corrupted) return context->Corrupted;
  179   if (context->Computed) return context->Corrupted = shaStateError;
  180   /* then text of datagram */
  181   return context->Corrupted =
  182     USHAInput(&context->shaContext, text, text_len);
  183 }
  184 
  185 /*
  186  * RFC2104HmacFinalBits
  187  *
  188  * Description:
  189  *   This function will add in any final bits of the message.
  190  *
  191  * Parameters:
  192  *   context: [in/out]
  193  *     The HMAC context to update.
  194  *   message_bits: [in]
  195  *     The final bits of the message, in the upper portion of the
  196  *     byte.  (Use 0b###00000 instead of 0b00000### to input the
  197  *     three bits ###.)
  198  *   length: [in]
  199  *     The number of bits in message_bits, between 1 and 7.
  200  *
  201  * Returns:
  202  *   sha Error Code.
  203  */
  204 int RFC2104HmacFinalBits(HMACContext *context,
  205                          uint8_t bits, unsigned int bit_count)
  206 {
  207   if (!context) return shaNull;
  208   if (context->Corrupted) return context->Corrupted;
  209   if (context->Computed) return context->Corrupted = shaStateError;
  210   /* then final bits of datagram */
  211   return context->Corrupted =
  212     USHAFinalBits(&context->shaContext, bits, bit_count);
  213 }
  214 
  215 /*
  216  * RFC2104HmacResult
  217  *
  218  * Description:
  219  *   This function will return the N-byte message digest into the
  220  *   Message_Digest array provided by the caller.
  221  *
  222  * Parameters:
  223  *   context: [in/out]
  224  *     The context to use to calculate the HMAC hash.
  225  *   digest[ ]: [out]
  226  *     Where the digest is returned.
  227  *     NOTE 2: The length of the hash is determined by the value of
  228  *      whichSha that was passed to hmacReset().
  229  *
  230  * Returns:
  231  *   sha Error Code.
  232  *
  233  */
  234 int RFC2104HmacResult(HMACContext *context, uint8_t *digest)
  235 {
  236   int ret;
  237   if (!context) return shaNull;
  238   if (context->Corrupted) return context->Corrupted;
  239   if (context->Computed) return context->Corrupted = shaStateError;
  240 
  241   /* finish up 1st pass */
  242   /* (Use digest here as a temporary buffer.) */
  243   ret =
  244     USHAResult(&context->shaContext, digest) ||
  245          /* perform outer SHA */
  246          /* init context for 2nd pass */
  247          USHAReset(&context->shaContext, context->whichSha) ||
  248 
  249          /* start with outer pad */
  250          USHAInput(&context->shaContext, context->k_opad,
  251                    context->blockSize) ||
  252 
  253          /* then results of 1st hash */
  254          USHAInput(&context->shaContext, digest, context->hashSize) ||
  255          /* finish up 2nd pass */
  256          USHAResult(&context->shaContext, digest);
  257 
  258   context->Computed = 1;
  259   return context->Corrupted = ret;
  260 }