crypto/hmac/hmac.c

   1 /*
   2  * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include <string.h>
  13 #include "internal/cryptlib.h"
  14 #include <openssl/hmac.h>
  15 #include <openssl/opensslconf.h>
  16 #include "hmac_lcl.h"
  17
  18 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
  19                  const EVP_MD *md, ENGINE *impl)
  20 {
  21     int i, j, reset = 0;
  22     unsigned char pad[HMAC_MAX_MD_CBLOCK];
  23
  24     /* If we are changing MD then we must have a key */
  25     if (md != NULL && md != ctx->md && (key == NULL || len < 0))
  26         return 0;
  27
  28     if (md != NULL) {
  29         reset = 1;
  30         ctx->md = md;
  31     } else if (ctx->md) {
  32         md = ctx->md;
  33     } else {
  34         return 0;
  35     }
  36
  37     if (key != NULL) {
  38         reset = 1;
  39         j = EVP_MD_block_size(md);
  40         OPENSSL_assert(j <= (int)sizeof(ctx->key));
  41         if (j < len) {
  42             if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl))
  43                 goto err;
  44             if (!EVP_DigestUpdate(ctx->md_ctx, key, len))
  45                 goto err;
  46             if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
  47                                     &ctx->key_length))
  48                 goto err;
  49         } else {
  50             if (len < 0 || len > (int)sizeof(ctx->key))
  51                 return 0;
  52             memcpy(ctx->key, key, len);
  53             ctx->key_length = len;
  54         }
  55         if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
  56             memset(&ctx->key[ctx->key_length], 0,
  57                    HMAC_MAX_MD_CBLOCK - ctx->key_length);
  58     }
  59
  60     if (reset) {
  61         for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
  62             pad[i] = 0x36 ^ ctx->key[i];
  63         if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl))
  64             goto err;
  65         if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
  66             goto err;
  67
  68         for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
  69             pad[i] = 0x5c ^ ctx->key[i];
  70         if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl))
  71             goto err;
  72         if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
  73             goto err;
  74     }
  75     if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
  76         goto err;
  77     return 1;
  78  err:
  79     return 0;
  80 }
  81
  82 #if OPENSSL_API_COMPAT < 0x10100000L
  83 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
  84 {
  85     if (key && md)
  86         HMAC_CTX_reset(ctx);
  87     return HMAC_Init_ex(ctx, key, len, md, NULL);
  88 }
  89 #endif
  90
  91 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
  92 {
  93     if (!ctx->md)
  94         return 0;
  95     return EVP_DigestUpdate(ctx->md_ctx, data, len);
  96 }
  97
  98 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
  99 {
 100     unsigned int i;
 101     unsigned char buf[EVP_MAX_MD_SIZE];
 102
 103     if (!ctx->md)
 104         goto err;
 105
 106     if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
 107         goto err;
 108     if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
 109         goto err;
 110     if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
 111         goto err;
 112     if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
 113         goto err;
 114     return 1;
 115  err:
 116     return 0;
 117 }
 118
 119 size_t HMAC_size(const HMAC_CTX *ctx)
 120 {
 121     return EVP_MD_size((ctx)->md);
 122 }
 123
 124 HMAC_CTX *HMAC_CTX_new(void)
 125 {
 126     HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
 127
 128     if (ctx != NULL) {
 129         if (!HMAC_CTX_reset(ctx)) {
 130             HMAC_CTX_free(ctx);
 131             return NULL;
 132         }
 133     }
 134     return ctx;
 135 }
 136
 137 static void hmac_ctx_cleanup(HMAC_CTX *ctx)
 138 {
 139     EVP_MD_CTX_reset(ctx->i_ctx);
 140     EVP_MD_CTX_reset(ctx->o_ctx);
 141     EVP_MD_CTX_reset(ctx->md_ctx);
 142     ctx->md = NULL;
 143     ctx->key_length = 0;
 144     memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK));
 145 }
 146
 147 void HMAC_CTX_free(HMAC_CTX *ctx)
 148 {
 149     if (ctx != NULL) {
 150         hmac_ctx_cleanup(ctx);
 151         EVP_MD_CTX_free(ctx->i_ctx);
 152         EVP_MD_CTX_free(ctx->o_ctx);
 153         EVP_MD_CTX_free(ctx->md_ctx);
 154         OPENSSL_free(ctx);
 155     }
 156 }
 157
 158 int HMAC_CTX_reset(HMAC_CTX *ctx)
 159 {
 160     hmac_ctx_cleanup(ctx);
 161     if (ctx->i_ctx == NULL)
 162         ctx->i_ctx = EVP_MD_CTX_new();
 163     if (ctx->i_ctx == NULL)
 164         goto err;
 165     if (ctx->o_ctx == NULL)
 166         ctx->o_ctx = EVP_MD_CTX_new();
 167     if (ctx->o_ctx == NULL)
 168         goto err;
 169     if (ctx->md_ctx == NULL)
 170         ctx->md_ctx = EVP_MD_CTX_new();
 171     if (ctx->md_ctx == NULL)
 172         goto err;
 173     ctx->md = NULL;
 174     return 1;
 175  err:
 176     hmac_ctx_cleanup(ctx);
 177     return 0;
 178 }
 179
 180 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 181 {
 182     if (!HMAC_CTX_reset(dctx))
 183         goto err;
 184     if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
 185         goto err;
 186     if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
 187         goto err;
 188     if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
 189         goto err;
 190     memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
 191     dctx->key_length = sctx->key_length;
 192     dctx->md = sctx->md;
 193     return 1;
 194  err:
 195     hmac_ctx_cleanup(dctx);
 196     return 0;
 197 }
 198
 199 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 200                     const unsigned char *d, size_t n, unsigned char *md,
 201                     unsigned int *md_len)
 202 {
 203     HMAC_CTX *c = NULL;
 204     static unsigned char m[EVP_MAX_MD_SIZE];
 205     static const unsigned char dummy_key[1] = {'\0'};
 206
 207     if (md == NULL)
 208         md = m;
 209     if ((c = HMAC_CTX_new()) == NULL)
 210         goto err;
 211
 212     /* For HMAC_Init_ex, NULL key signals reuse. */
 213     if (key == NULL && key_len == 0) {
 214         key = dummy_key;
 215     }
 216
 217     if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
 218         goto err;
 219     if (!HMAC_Update(c, d, n))
 220         goto err;
 221     if (!HMAC_Final(c, md, md_len))
 222         goto err;
 223     HMAC_CTX_free(c);
 224     return md;
 225  err:
 226     HMAC_CTX_free(c);
 227     return NULL;
 228 }
 229
 230 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
 231 {
 232     EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
 233     EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
 234     EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
 235 }