crypto/hmac/hmac.c

   1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   2  * All rights reserved.
   3  *
   4  * This package is an SSL implementation written
   5  * by Eric Young (eay@cryptsoft.com).
   6  * The implementation was written so as to conform with Netscapes SSL.
   7  *
   8  * This library is free for commercial and non-commercial use as long as
   9  * the following conditions are aheared to.  The following conditions
  10  * apply to all code found in this distribution, be it the RC4, RSA,
  11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  12  * included with this distribution is covered by the same copyright terms
  13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  14  *
  15  * Copyright remains Eric Young's, and as such any Copyright notices in
  16  * the code are not to be removed.
  17  * If this package is used in a product, Eric Young should be given attribution
  18  * as the author of the parts of the library used.
  19  * This can be in the form of a textual message at program startup or
  20  * in documentation (online or textual) provided with the package.
  21  *
  22  * Redistribution and use in source and binary forms, with or without
  23  * modification, are permitted provided that the following conditions
  24  * are met:
  25  * 1. Redistributions of source code must retain the copyright
  26  *    notice, this list of conditions and the following disclaimer.
  27  * 2. Redistributions in binary form must reproduce the above copyright
  28  *    notice, this list of conditions and the following disclaimer in the
  29  *    documentation and/or other materials provided with the distribution.
  30  * 3. All advertising materials mentioning features or use of this software
  31  *    must display the following acknowledgement:
  32  *    "This product includes cryptographic software written by
  33  *     Eric Young (eay@cryptsoft.com)"
  34  *    The word 'cryptographic' can be left out if the rouines from the library
  35  *    being used are not cryptographic related :-).
  36  * 4. If you include any Windows specific code (or a derivative thereof) from
  37  *    the apps directory (application code) you must include an acknowledgement:
  38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  50  * SUCH DAMAGE.
  51  *
  52  * The licence and distribution terms for any publically available version or
  53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  54  * copied and put under another distribution licence
  55  * [including the GNU Public Licence.]
  56  */
  57
  58 #include <stdio.h>
  59 #include <stdlib.h>
  60 #include <string.h>
  61 #include "internal/cryptlib.h"
  62 #include <openssl/hmac.h>
  63 #include <openssl/opensslconf.h>
  64 #include "hmac_lcl.h"
  65
  66 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
  67                  const EVP_MD *md, ENGINE *impl)
  68 {
  69     int i, j, reset = 0;
  70     unsigned char pad[HMAC_MAX_MD_CBLOCK];
  71
  72     /* If we are changing MD then we must have a key */
  73     if (md != NULL && md != ctx->md && (key == NULL || len < 0))
  74         return 0;
  75
  76     if (md != NULL) {
  77         reset = 1;
  78         ctx->md = md;
  79     } else if (ctx->md) {
  80         md = ctx->md;
  81     } else {
  82         return 0;
  83     }
  84
  85     if (key != NULL) {
  86         reset = 1;
  87         j = EVP_MD_block_size(md);
  88         OPENSSL_assert(j <= (int)sizeof(ctx->key));
  89         if (j < len) {
  90             if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl))
  91                 goto err;
  92             if (!EVP_DigestUpdate(ctx->md_ctx, key, len))
  93                 goto err;
  94             if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
  95                                     &ctx->key_length))
  96                 goto err;
  97         } else {
  98             if (len < 0 || len > (int)sizeof(ctx->key))
  99                 return 0;
 100             memcpy(ctx->key, key, len);
 101             ctx->key_length = len;
 102         }
 103         if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
 104             memset(&ctx->key[ctx->key_length], 0,
 105                    HMAC_MAX_MD_CBLOCK - ctx->key_length);
 106     }
 107
 108     if (reset) {
 109         for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
 110             pad[i] = 0x36 ^ ctx->key[i];
 111         if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl))
 112             goto err;
 113         if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
 114             goto err;
 115
 116         for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
 117             pad[i] = 0x5c ^ ctx->key[i];
 118         if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl))
 119             goto err;
 120         if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
 121             goto err;
 122     }
 123     if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
 124         goto err;
 125     return 1;
 126  err:
 127     return 0;
 128 }
 129
 130 #if OPENSSL_API_COMPAT < 0x10100000L
 131 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 132 {
 133     if (key && md)
 134         HMAC_CTX_reset(ctx);
 135     return HMAC_Init_ex(ctx, key, len, md, NULL);
 136 }
 137 #endif
 138
 139 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
 140 {
 141     if (!ctx->md)
 142         return 0;
 143     return EVP_DigestUpdate(ctx->md_ctx, data, len);
 144 }
 145
 146 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 147 {
 148     unsigned int i;
 149     unsigned char buf[EVP_MAX_MD_SIZE];
 150
 151     if (!ctx->md)
 152         goto err;
 153
 154     if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
 155         goto err;
 156     if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
 157         goto err;
 158     if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
 159         goto err;
 160     if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
 161         goto err;
 162     return 1;
 163  err:
 164     return 0;
 165 }
 166
 167 size_t HMAC_size(HMAC_CTX *ctx)
 168 {
 169     return EVP_MD_size((ctx)->md);
 170 }
 171
 172 HMAC_CTX *HMAC_CTX_new(void)
 173 {
 174     HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_zalloc(sizeof(HMAC_CTX));
 175     if (ctx)
 176         if (!HMAC_CTX_reset(ctx)) {
 177             HMAC_CTX_free(ctx);
 178             ctx = NULL;
 179         }
 180     return ctx;
 181 }
 182
 183 static void hmac_ctx_cleanup(HMAC_CTX *ctx)
 184 {
 185     EVP_MD_CTX_reset(ctx->i_ctx);
 186     EVP_MD_CTX_reset(ctx->o_ctx);
 187     EVP_MD_CTX_reset(ctx->md_ctx);
 188     ctx->md = NULL;
 189     ctx->key_length = 0;
 190     memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK));
 191 }
 192
 193 void HMAC_CTX_free(HMAC_CTX *ctx)
 194 {
 195     if (ctx != NULL) {
 196         hmac_ctx_cleanup(ctx);
 197         EVP_MD_CTX_free(ctx->i_ctx);
 198         EVP_MD_CTX_free(ctx->o_ctx);
 199         EVP_MD_CTX_free(ctx->md_ctx);
 200         OPENSSL_free(ctx);
 201     }
 202 }
 203
 204 int HMAC_CTX_reset(HMAC_CTX *ctx)
 205 {
 206     hmac_ctx_cleanup(ctx);
 207     if (ctx->i_ctx == NULL)
 208         ctx->i_ctx = EVP_MD_CTX_new();
 209     if (ctx->i_ctx == NULL)
 210         goto err;
 211     if (ctx->o_ctx == NULL)
 212         ctx->o_ctx = EVP_MD_CTX_new();
 213     if (ctx->o_ctx == NULL)
 214         goto err;
 215     if (ctx->md_ctx == NULL)
 216         ctx->md_ctx = EVP_MD_CTX_new();
 217     if (ctx->md_ctx == NULL)
 218         goto err;
 219     ctx->md = NULL;
 220     return 1;
 221  err:
 222     hmac_ctx_cleanup(ctx);
 223     return 0;
 224 }
 225
 226 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 227 {
 228     if (!HMAC_CTX_reset(dctx))
 229         goto err;
 230     if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
 231         goto err;
 232     if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
 233         goto err;
 234     if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
 235         goto err;
 236     memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
 237     dctx->key_length = sctx->key_length;
 238     dctx->md = sctx->md;
 239     return 1;
 240  err:
 241     hmac_ctx_cleanup(dctx);
 242     return 0;
 243 }
 244
 245 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 246                     const unsigned char *d, size_t n, unsigned char *md,
 247                     unsigned int *md_len)
 248 {
 249     HMAC_CTX *c = NULL;
 250     static unsigned char m[EVP_MAX_MD_SIZE];
 251
 252     if (md == NULL)
 253         md = m;
 254     if ((c = HMAC_CTX_new()) == NULL)
 255         goto err;
 256     if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
 257         goto err;
 258     if (!HMAC_Update(c, d, n))
 259         goto err;
 260     if (!HMAC_Final(c, md, md_len))
 261         goto err;
 262     HMAC_CTX_free(c);
 263     return md;
 264  err:
 265     HMAC_CTX_free(c);
 266     return NULL;
 267 }
 268
 269 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
 270 {
 271     EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
 272     EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
 273     EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
 274 }