|
|
|
@ -24,11 +24,12 @@
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include "hmac.h"
|
|
|
|
|
#include "options.h"
|
|
|
|
|
#include "macros.h"
|
|
|
|
|
|
|
|
|
|
void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const uint32_t keylen)
|
|
|
|
|
{
|
|
|
|
|
uint8_t i_key_pad[SHA256_BLOCK_LENGTH];
|
|
|
|
|
static CONFIDENTIAL uint8_t i_key_pad[SHA256_BLOCK_LENGTH];
|
|
|
|
|
memset(i_key_pad, 0, SHA256_BLOCK_LENGTH);
|
|
|
|
|
if (keylen > SHA256_BLOCK_LENGTH) {
|
|
|
|
|
sha256_Raw(key, keylen, i_key_pad);
|
|
|
|
@ -51,19 +52,17 @@ void hmac_sha256_Update(HMAC_SHA256_CTX *hctx, const uint8_t *msg, const uint32_
|
|
|
|
|
|
|
|
|
|
void hmac_sha256_Final(HMAC_SHA256_CTX *hctx, uint8_t *hmac)
|
|
|
|
|
{
|
|
|
|
|
uint8_t hash[SHA256_DIGEST_LENGTH];
|
|
|
|
|
sha256_Final(&(hctx->ctx), hash);
|
|
|
|
|
sha256_Final(&(hctx->ctx), hmac);
|
|
|
|
|
sha256_Init(&(hctx->ctx));
|
|
|
|
|
sha256_Update(&(hctx->ctx), hctx->o_key_pad, SHA256_BLOCK_LENGTH);
|
|
|
|
|
sha256_Update(&(hctx->ctx), hash, SHA256_DIGEST_LENGTH);
|
|
|
|
|
sha256_Update(&(hctx->ctx), hmac, SHA256_DIGEST_LENGTH);
|
|
|
|
|
sha256_Final(&(hctx->ctx), hmac);
|
|
|
|
|
MEMSET_BZERO(hash, sizeof(hash));
|
|
|
|
|
MEMSET_BZERO(hctx, sizeof(HMAC_SHA256_CTX));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
|
|
|
|
{
|
|
|
|
|
HMAC_SHA256_CTX hctx;
|
|
|
|
|
static CONFIDENTIAL HMAC_SHA256_CTX hctx;
|
|
|
|
|
hmac_sha256_Init(&hctx, key, keylen);
|
|
|
|
|
hmac_sha256_Update(&hctx, msg, msglen);
|
|
|
|
|
hmac_sha256_Final(&hctx, hmac);
|
|
|
|
@ -71,35 +70,41 @@ void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
|
|
|
|
|
|
|
|
|
|
void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen, uint32_t *opad_digest, uint32_t *ipad_digest)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
uint32_t buf[SHA256_BLOCK_LENGTH/sizeof(uint32_t)];
|
|
|
|
|
uint32_t o_key_pad[16], i_key_pad[16];
|
|
|
|
|
static CONFIDENTIAL uint32_t key_pad[SHA256_BLOCK_LENGTH/sizeof(uint32_t)];
|
|
|
|
|
|
|
|
|
|
memset(buf, 0, SHA256_BLOCK_LENGTH);
|
|
|
|
|
MEMSET_BZERO(key_pad, sizeof(key_pad));
|
|
|
|
|
if (keylen > SHA256_BLOCK_LENGTH) {
|
|
|
|
|
sha256_Raw(key, keylen, (uint8_t*) buf);
|
|
|
|
|
static CONFIDENTIAL SHA256_CTX context;
|
|
|
|
|
sha256_Init(&context);
|
|
|
|
|
sha256_Update(&context, key, keylen);
|
|
|
|
|
sha256_Final(&context, (uint8_t*)key_pad);
|
|
|
|
|
} else {
|
|
|
|
|
memcpy(buf, key, keylen);
|
|
|
|
|
memcpy(key_pad, key, keylen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < 16; i++) {
|
|
|
|
|
/* compute o_key_pad and its digest */
|
|
|
|
|
for (int i = 0; i < SHA256_BLOCK_LENGTH/(int)sizeof(uint32_t); i++) {
|
|
|
|
|
uint32_t data;
|
|
|
|
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
|
|
|
|
REVERSE32(buf[i], data);
|
|
|
|
|
REVERSE32(key_pad[i], data);
|
|
|
|
|
#else
|
|
|
|
|
data = buf[i];
|
|
|
|
|
data = key_pad[i];
|
|
|
|
|
#endif
|
|
|
|
|
o_key_pad[i] = data ^ 0x5c5c5c5c;
|
|
|
|
|
i_key_pad[i] = data ^ 0x36363636;
|
|
|
|
|
key_pad[i] = data ^ 0x5c5c5c5c;
|
|
|
|
|
}
|
|
|
|
|
sha256_Transform(sha256_initial_hash_value, key_pad, opad_digest);
|
|
|
|
|
|
|
|
|
|
sha256_Transform(sha256_initial_hash_value, o_key_pad, opad_digest);
|
|
|
|
|
sha256_Transform(sha256_initial_hash_value, i_key_pad, ipad_digest);
|
|
|
|
|
/* convert o_key_pad to i_key_pad and compute its digest */
|
|
|
|
|
for (int i = 0; i < SHA256_BLOCK_LENGTH/(int)sizeof(uint32_t); i++) {
|
|
|
|
|
key_pad[i] = key_pad[i] ^ 0x5c5c5c5c ^ 0x36363636;
|
|
|
|
|
}
|
|
|
|
|
sha256_Transform(sha256_initial_hash_value, key_pad, ipad_digest);
|
|
|
|
|
MEMSET_BZERO(key_pad, sizeof(key_pad));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, const uint32_t keylen)
|
|
|
|
|
{
|
|
|
|
|
uint8_t i_key_pad[SHA512_BLOCK_LENGTH];
|
|
|
|
|
static CONFIDENTIAL uint8_t i_key_pad[SHA512_BLOCK_LENGTH];
|
|
|
|
|
memset(i_key_pad, 0, SHA512_BLOCK_LENGTH);
|
|
|
|
|
if (keylen > SHA512_BLOCK_LENGTH) {
|
|
|
|
|
sha512_Raw(key, keylen, i_key_pad);
|
|
|
|
@ -122,13 +127,11 @@ void hmac_sha512_Update(HMAC_SHA512_CTX *hctx, const uint8_t *msg, const uint32_
|
|
|
|
|
|
|
|
|
|
void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac)
|
|
|
|
|
{
|
|
|
|
|
uint8_t hash[SHA512_DIGEST_LENGTH];
|
|
|
|
|
sha512_Final(&(hctx->ctx), hash);
|
|
|
|
|
sha512_Final(&(hctx->ctx), hmac);
|
|
|
|
|
sha512_Init(&(hctx->ctx));
|
|
|
|
|
sha512_Update(&(hctx->ctx), hctx->o_key_pad, SHA512_BLOCK_LENGTH);
|
|
|
|
|
sha512_Update(&(hctx->ctx), hash, SHA512_DIGEST_LENGTH);
|
|
|
|
|
sha512_Update(&(hctx->ctx), hmac, SHA512_DIGEST_LENGTH);
|
|
|
|
|
sha512_Final(&(hctx->ctx), hmac);
|
|
|
|
|
MEMSET_BZERO(hash, sizeof(hash));
|
|
|
|
|
MEMSET_BZERO(hctx, sizeof(HMAC_SHA512_CTX));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -142,28 +145,34 @@ void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
|
|
|
|
|
|
|
|
|
|
void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen, uint64_t *opad_digest, uint64_t *ipad_digest)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
uint64_t buf[SHA512_BLOCK_LENGTH/sizeof(uint64_t)];
|
|
|
|
|
uint64_t o_key_pad[16], i_key_pad[16];
|
|
|
|
|
static CONFIDENTIAL uint64_t key_pad[SHA512_BLOCK_LENGTH/sizeof(uint64_t)];
|
|
|
|
|
|
|
|
|
|
memset(buf, 0, SHA512_BLOCK_LENGTH);
|
|
|
|
|
MEMSET_BZERO(key_pad, sizeof(key_pad));
|
|
|
|
|
if (keylen > SHA512_BLOCK_LENGTH) {
|
|
|
|
|
sha512_Raw(key, keylen, (uint8_t*)buf);
|
|
|
|
|
static CONFIDENTIAL SHA512_CTX context;
|
|
|
|
|
sha512_Init(&context);
|
|
|
|
|
sha512_Update(&context, key, keylen);
|
|
|
|
|
sha512_Final(&context, (uint8_t*)key_pad);
|
|
|
|
|
} else {
|
|
|
|
|
memcpy(buf, key, keylen);
|
|
|
|
|
memcpy(key_pad, key, keylen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < 16; i++) {
|
|
|
|
|
/* compute o_key_pad and its digest */
|
|
|
|
|
for (int i = 0; i < SHA512_BLOCK_LENGTH/(int)sizeof(uint64_t); i++) {
|
|
|
|
|
uint64_t data;
|
|
|
|
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
|
|
|
|
REVERSE64(buf[i], data);
|
|
|
|
|
REVERSE64(key_pad[i], data);
|
|
|
|
|
#else
|
|
|
|
|
data = buf[i];
|
|
|
|
|
data = key_pad[i];
|
|
|
|
|
#endif
|
|
|
|
|
o_key_pad[i] = data ^ 0x5c5c5c5c5c5c5c5c;
|
|
|
|
|
i_key_pad[i] = data ^ 0x3636363636363636;
|
|
|
|
|
key_pad[i] = data ^ 0x5c5c5c5c5c5c5c5c;
|
|
|
|
|
}
|
|
|
|
|
sha512_Transform(sha512_initial_hash_value, key_pad, opad_digest);
|
|
|
|
|
|
|
|
|
|
sha512_Transform(sha512_initial_hash_value, o_key_pad, opad_digest);
|
|
|
|
|
sha512_Transform(sha512_initial_hash_value, i_key_pad, ipad_digest);
|
|
|
|
|
/* convert o_key_pad to i_key_pad and compute its digest */
|
|
|
|
|
for (int i = 0; i < SHA512_BLOCK_LENGTH/(int)sizeof(uint64_t); i++) {
|
|
|
|
|
key_pad[i] = key_pad[i] ^ 0x5c5c5c5c5c5c5c5c ^ 0x3636363636363636;
|
|
|
|
|
}
|
|
|
|
|
sha512_Transform(sha512_initial_hash_value, key_pad, ipad_digest);
|
|
|
|
|
MEMSET_BZERO(key_pad, sizeof(key_pad));
|
|
|
|
|
}
|
|
|
|
|