/* * hmac_sha1.c * * Version 1.0.0 * * Written by Aaron D. Gifford * * Copyright 1998, 2000 Aaron D. Gifford. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the copyright holder nor the names of contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * The HMAC-SHA256 has is defined as: * * HMAC = SHA256(K XOR opad, SHA256(K XOR ipad, message)) * * "opad" is 64 bytes filled with 0x5c * "ipad" is 64 bytes filled with 0x36 * "K" is the key material * * If the key material "K" is longer than 64 bytes, then the key material * will first be digested (K = SHA1(K)) resulting in a 20-byte hash. * If the key material is shorter than 64 bytes, it is padded with zero * bytes. * * This code precomputes "K XOR ipad" and "K XOR opad" since that just makes * sense. * * This code was heavily influenced by Eric A. Young's in how the interface * was designed and how this file is formatted. */ #ifndef __HMAC_SHA256_H__ #define __HMAC_SHA256_H__ #include "hmac_sha256.h" #include #ifdef __cplusplus extern "C" { #endif /* Filler bytes: */ #define IPAD_BYTE 0x36 #define OPAD_BYTE 0x5c #define ZERO_BYTE 0x00 void HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx) { memset(&(ctx->key[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH); memset(&(ctx->ipad[0]), IPAD_BYTE, HMAC_SHA256_BLOCK_LENGTH); memset(&(ctx->opad[0]), OPAD_BYTE, HMAC_SHA256_BLOCK_LENGTH); ctx->keylen = 0; ctx->hashkey = 0; } void HMAC_SHA256_UpdateKey(HMAC_SHA256_CTX *ctx, unsigned char *key, unsigned int keylen) { /* Do we have anything to work with? If not, return right away. */ if (keylen < 1) return; /* * Is the total key length (current data and any previous data) * longer than the hash block length? */ if (ctx->hashkey !=0 || (keylen + ctx->keylen) > HMAC_SHA256_BLOCK_LENGTH) { /* * Looks like the key data exceeds the hash block length, * so that means we use a hash of the key as the key data * instead. */ if (ctx->hashkey == 0) { /* * Ah, we haven't started hashing the key * data yet, so we must init. the hash * monster to begin feeding it. */ /* Set the hash key flag to true (non-zero) */ ctx->hashkey = 1; /* Init. the hash beastie... */ SHA256_Init(&ctx->shactx); /* If there's any previous key data, use it */ if (ctx->keylen > 0) { SHA256_Update(&ctx->shactx, &(ctx->key[0]), ctx->keylen); } /* * Reset the key length to the future true * key length, HMAC_SHA256_DIGEST_LENGTH */ ctx->keylen = HMAC_SHA256_DIGEST_LENGTH; } /* Now feed the latest key data to the has monster */ SHA256_Update(&ctx->shactx, key, keylen); } else { /* * Key data length hasn't yet exceeded the hash * block length (HMAC_SHA1_BLOCK_LENGTH), so theres * no need to hash the key data (yet). Copy it * into the key buffer. */ memcpy(&(ctx->key[ctx->keylen]), key, keylen); ctx->keylen += keylen; } } void HMAC_SHA256_EndKey(HMAC_SHA256_CTX *ctx) { unsigned char *ipad, *opad, *key; int i; unsigned int j; /* Did we end up hashing the key? */ if (ctx->hashkey) { memset(&(ctx->key[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH); /* Yes, so finish up and copy the key data */ SHA256_Final(&(ctx->key[0]), &ctx->shactx); /* ctx->keylen was already set correctly */ } /* Pad the key if necessary with zero bytes */ if ((i = HMAC_SHA256_BLOCK_LENGTH - ctx->keylen) > 0) { memset(&(ctx->key[ctx->keylen]), ZERO_BYTE, i); } ipad = &(ctx->ipad[0]); opad = &(ctx->opad[0]); /* Precompute the respective pads XORed with the key */ key = &(ctx->key[0]); for (j = 0; j < ctx->keylen; j++, key++) { /* XOR the key byte with the appropriate pad filler byte */ *ipad++ ^= *key; *opad++ ^= *key; } } void HMAC_SHA256_StartMessage(HMAC_SHA256_CTX *ctx) { SHA256_Init(&ctx->shactx); SHA256_Update(&ctx->shactx, &(ctx->ipad[0]), HMAC_SHA256_BLOCK_LENGTH); } void HMAC_SHA256_UpdateMessage(HMAC_SHA256_CTX *ctx, unsigned char *data, unsigned int datalen) { SHA256_Update(&ctx->shactx, data, datalen); } void HMAC_SHA256_EndMessage(unsigned char *out, HMAC_SHA256_CTX *ctx) { unsigned char buf[HMAC_SHA256_DIGEST_LENGTH]; SHA256_CTX *c = &ctx->shactx; SHA256_Final(&(buf[0]), c); SHA256_Init(c); SHA256_Update(c, &(ctx->opad[0]), HMAC_SHA256_BLOCK_LENGTH); SHA256_Update(c, buf, HMAC_SHA256_DIGEST_LENGTH); SHA256_Final(out, c); } void HMAC_SHA256_Done(HMAC_SHA256_CTX *ctx) { /* Just to be safe, toast all context data */ memset(&(ctx->ipad[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH); memset(&(ctx->ipad[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH); memset(&(ctx->key[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH); ctx->keylen = 0; ctx->hashkey = 0; } #ifdef __cplusplus } #endif #endif