From: Niels Möller Date: Mon, 21 Oct 2024 18:11:21 +0000 (+0200) Subject: Rework hmac-sha256. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b1d5244470d1d7cd2ff60f6b0baf5f61b4c32e9;p=thirdparty%2Fnettle.git Rework hmac-sha256. --- diff --git a/ChangeLog b/ChangeLog index 4cfe7966..d38352bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2024-10-21 Niels Möller + + * hmac.h (struct hmac_sha256_ctx): Change outer and inner members + to hold only the sha256 state, no block buffers. + * hmac-sha256.c (hmac_sha256_set_key): Rewrite, without hmac_set_key. + (hmac_sha256_digest): Rewrite, without hmac_digest. + * hmac-sha224.c (hmac_sha224_set_key): Analogous change. + (hmac_sha224_digest): Analogous change. + 2025-06-22 Niels Möller * testsuite/testutils.c (test_mac): Print name of mac algorithm on diff --git a/hmac-sha224.c b/hmac-sha224.c index b1d6e594..1d9af7d7 100644 --- a/hmac-sha224.c +++ b/hmac-sha224.c @@ -35,18 +35,53 @@ # include "config.h" #endif +#include + #include "hmac.h" +#include "memxor.h" + +#define IPAD 0x36 +#define OPAD 0x5c void hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, size_t key_length, const uint8_t *key) { - HMAC_SET_KEY(ctx, &nettle_sha224, key_length, key); + uint8_t digest[SHA224_DIGEST_SIZE]; + + sha224_init (&ctx->state); + if (key_length > SHA224_BLOCK_SIZE) + { + sha224_update (&ctx->state, key_length, key); + sha224_digest (&ctx->state, digest); + key = digest; + key_length = SHA224_DIGEST_SIZE; + } + + memset (ctx->state.block, OPAD, SHA224_BLOCK_SIZE); + memxor (ctx->state.block, key, key_length); + sha224_update (&ctx->state, SHA224_BLOCK_SIZE, ctx->state.block); + memcpy (ctx->outer, ctx->state.state, sizeof(ctx->outer)); + + sha224_init (&ctx->state); + memset (ctx->state.block, IPAD, SHA224_BLOCK_SIZE); + memxor (ctx->state.block, key, key_length); + sha224_update (&ctx->state, SHA224_BLOCK_SIZE, ctx->state.block); + memcpy (ctx->inner, ctx->state.state, sizeof(ctx->outer)); } void hmac_sha224_digest(struct hmac_sha224_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &nettle_sha224, digest); + uint8_t inner_digest[SHA224_DIGEST_SIZE]; + sha224_digest (&ctx->state, inner_digest); + + memcpy (ctx->state.state, ctx->outer, sizeof (ctx->state.state)); + ctx->state.count = 1; + sha224_update (&ctx->state, SHA224_DIGEST_SIZE, inner_digest); + sha224_digest (&ctx->state, digest); + + memcpy (ctx->state.state, ctx->inner, sizeof (ctx->state.state)); + ctx->state.count = 1; } diff --git a/hmac-sha256.c b/hmac-sha256.c index caa55f4d..047dc8f5 100644 --- a/hmac-sha256.c +++ b/hmac-sha256.c @@ -35,13 +35,39 @@ # include "config.h" #endif +#include + #include "hmac.h" +#include "memxor.h" + +#define IPAD 0x36 +#define OPAD 0x5c void hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, size_t key_length, const uint8_t *key) { - HMAC_SET_KEY(ctx, &nettle_sha256, key_length, key); + uint8_t digest[SHA256_DIGEST_SIZE]; + + sha256_init (&ctx->state); + if (key_length > SHA256_BLOCK_SIZE) + { + sha256_update (&ctx->state, key_length, key); + sha256_digest (&ctx->state, digest); + key = digest; + key_length = SHA256_DIGEST_SIZE; + } + + memset (ctx->state.block, OPAD, SHA256_BLOCK_SIZE); + memxor (ctx->state.block, key, key_length); + sha256_update (&ctx->state, SHA256_BLOCK_SIZE, ctx->state.block); + memcpy (ctx->outer, ctx->state.state, sizeof(ctx->outer)); + + sha256_init (&ctx->state); + memset (ctx->state.block, IPAD, SHA256_BLOCK_SIZE); + memxor (ctx->state.block, key, key_length); + sha256_update (&ctx->state, SHA256_BLOCK_SIZE, ctx->state.block); + memcpy (ctx->inner, ctx->state.state, sizeof(ctx->outer)); } void @@ -55,5 +81,14 @@ void hmac_sha256_digest(struct hmac_sha256_ctx *ctx, uint8_t *digest) { - HMAC_DIGEST(ctx, &nettle_sha256, digest); + uint8_t inner_digest[SHA256_DIGEST_SIZE]; + sha256_digest (&ctx->state, inner_digest); + + memcpy (ctx->state.state, ctx->outer, sizeof (ctx->state.state)); + ctx->state.count = 1; + sha256_update (&ctx->state, SHA256_DIGEST_SIZE, inner_digest); + sha256_digest (&ctx->state, digest); + + memcpy (ctx->state.state, ctx->inner, sizeof (ctx->state.state)); + ctx->state.count = 1; } diff --git a/hmac.h b/hmac.h index 7e41b5b4..2abb3b20 100644 --- a/hmac.h +++ b/hmac.h @@ -165,7 +165,11 @@ hmac_sha1_digest(struct hmac_sha1_ctx *ctx, uint8_t *digest); /* hmac-sha256 */ -struct hmac_sha256_ctx HMAC_CTX(struct sha256_ctx); +struct hmac_sha256_ctx { + uint32_t outer[_SHA256_DIGEST_LENGTH]; + uint32_t inner[_SHA256_DIGEST_LENGTH]; + struct sha256_ctx state; +}; void hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,