From 88247d1a4c38d98b2199d1aae0adb383ee44e735 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Sun, 22 Jun 2025 21:50:27 +0200 Subject: [PATCH] Delete the old "generic" HMAC API. --- ChangeLog | 5 +++ Makefile.in | 2 +- hmac.c | 116 ---------------------------------------------------- hmac.h | 33 --------------- 4 files changed, 6 insertions(+), 150 deletions(-) delete mode 100644 hmac.c diff --git a/ChangeLog b/ChangeLog index 22a55040..2e0ca344 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2025-06-22 Niels Möller + Delete the old "generic" HMAC API. + * hmac.h (HMAC_CTX, HMAC_SET_KEY, HMAC_DIGEST): Deleted macros. + * hmac.c (hmac_set_key, hmac_update, hmac_digest): Deleted file + and functions. + Refactor HMAC. Reduces the size of HMAC contexts, sha256 reduced from 336 bytes to 192, sha512 from 648 to 376, and sha1 from 312 to 168. diff --git a/Makefile.in b/Makefile.in index 7d89bff1..266e6187 100644 --- a/Makefile.in +++ b/Makefile.in @@ -130,7 +130,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt-table.c \ cmac.c cmac64.c cmac-aes128.c cmac-aes256.c cmac-des3.c \ cmac-aes128-meta.c cmac-aes256-meta.c cmac-des3-meta.c \ gost28147.c gosthash94.c gosthash94-meta.c \ - hmac.c hmac-internal.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \ + hmac-internal.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \ hmac-sha1.c hmac-sha224.c hmac-sha256.c hmac-sha384.c \ hmac-sha512.c hmac-streebog.c hmac-sm3.c \ hmac-md5-meta.c hmac-ripemd160-meta.c hmac-sha1-meta.c \ diff --git a/hmac.c b/hmac.c deleted file mode 100644 index c6877cb8..00000000 --- a/hmac.c +++ /dev/null @@ -1,116 +0,0 @@ -/* hmac.c - - HMAC message authentication code (RFC-2104). - - Copyright (C) 2001 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include -#include - -#include "hmac.h" - -#include "memxor.h" -#include "nettle-internal.h" - -#define IPAD 0x36 -#define OPAD 0x5c - -void -hmac_set_key(void *outer, void *inner, void *state, - const struct nettle_hash *hash, - size_t key_length, const uint8_t *key) -{ - TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE); - TMP_ALLOC(pad, hash->block_size); - - hash->init(outer); - hash->init(inner); - - if (key_length > hash->block_size) - { - /* Reduce key to the algorithm's hash size. Use the area pointed - * to by state for the temporary state. */ - - TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE); - TMP_ALLOC(digest, hash->digest_size); - - hash->init(state); - hash->update(state, key_length, key); - hash->digest(state, digest); - - key = digest; - key_length = hash->digest_size; - } - - assert(key_length <= hash->block_size); - - memset(pad, OPAD, hash->block_size); - memxor(pad, key, key_length); - - hash->update(outer, hash->block_size, pad); - - memset(pad, IPAD, hash->block_size); - memxor(pad, key, key_length); - - hash->update(inner, hash->block_size, pad); - - memcpy(state, inner, hash->context_size); -} - -void -hmac_update(void *state, - const struct nettle_hash *hash, - size_t length, const uint8_t *data) -{ - hash->update(state, length, data); -} - -void -hmac_digest(const void *outer, const void *inner, void *state, - const struct nettle_hash *hash, - uint8_t *dst) -{ - /* FIXME: Use dst area instead? */ - TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE); - TMP_ALLOC(digest, hash->digest_size); - - hash->digest(state, digest); - - memcpy(state, outer, hash->context_size); - - hash->update(state, hash->digest_size, digest); - hash->digest(state, dst); - - memcpy(state, inner, hash->context_size); -} diff --git a/hmac.h b/hmac.h index 08c02468..c317b8cc 100644 --- a/hmac.h +++ b/hmac.h @@ -51,9 +51,6 @@ extern "C" { #endif /* Namespace mangling */ -#define hmac_set_key nettle_hmac_set_key -#define hmac_update nettle_hmac_update -#define hmac_digest nettle_hmac_digest #define hmac_md5_set_key nettle_hmac_md5_set_key #define hmac_md5_update nettle_hmac_md5_update #define hmac_md5_digest nettle_hmac_md5_digest @@ -88,36 +85,6 @@ extern "C" { #define hmac_sm3_update nettle_hmac_sm3_update #define hmac_sm3_digest nettle_hmac_sm3_digest -/* Old "generic" hmac support. */ -void -hmac_set_key(void *outer, void *inner, void *state, - const struct nettle_hash *hash, - size_t length, const uint8_t *key); - -/* This function is not strictly needed, it's s just the same as the - * hash update function. */ -void -hmac_update(void *state, - const struct nettle_hash *hash, - size_t length, const uint8_t *data); - -void -hmac_digest(const void *outer, const void *inner, void *state, - const struct nettle_hash *hash, - uint8_t *digest); - - -#define HMAC_CTX(type) \ -{ type outer; type inner; type state; } - -#define HMAC_SET_KEY(ctx, hash, length, key) \ - hmac_set_key( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \ - (hash), (length), (key) ) - -#define HMAC_DIGEST(ctx, hash, digest) \ - hmac_digest( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \ - (hash), (digest) ) - #define _NETTLE_HMAC_CTX(type) { \ alignas(type) char outer[offsetof (type, index)]; \ alignas(type) char inner[offsetof (type, index)]; \ -- 2.47.2