1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/srtp/src/crypto/hash/hmac.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,268 @@
1.4 +/*
1.5 + * hmac.c
1.6 + *
1.7 + * implementation of hmac auth_type_t
1.8 + *
1.9 + * David A. McGrew
1.10 + * Cisco Systems, Inc.
1.11 + */
1.12 +/*
1.13 + *
1.14 + * Copyright(c) 2001-2006 Cisco Systems, Inc.
1.15 + * All rights reserved.
1.16 + *
1.17 + * Redistribution and use in source and binary forms, with or without
1.18 + * modification, are permitted provided that the following conditions
1.19 + * are met:
1.20 + *
1.21 + * Redistributions of source code must retain the above copyright
1.22 + * notice, this list of conditions and the following disclaimer.
1.23 + *
1.24 + * Redistributions in binary form must reproduce the above
1.25 + * copyright notice, this list of conditions and the following
1.26 + * disclaimer in the documentation and/or other materials provided
1.27 + * with the distribution.
1.28 + *
1.29 + * Neither the name of the Cisco Systems, Inc. nor the names of its
1.30 + * contributors may be used to endorse or promote products derived
1.31 + * from this software without specific prior written permission.
1.32 + *
1.33 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.34 + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.35 + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
1.36 + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
1.37 + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
1.38 + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1.39 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1.40 + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.41 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.42 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.43 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.44 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.45 + *
1.46 + */
1.47 +
1.48 +#include "hmac.h"
1.49 +#include "alloc.h"
1.50 +
1.51 +/* the debug module for authentiation */
1.52 +
1.53 +debug_module_t mod_hmac = {
1.54 + 0, /* debugging is off by default */
1.55 + "hmac sha-1" /* printable name for module */
1.56 +};
1.57 +
1.58 +
1.59 +err_status_t
1.60 +hmac_alloc(auth_t **a, int key_len, int out_len) {
1.61 + extern auth_type_t hmac;
1.62 + uint8_t *pointer;
1.63 +
1.64 + debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
1.65 + debug_print(mod_hmac, " tag length %d", out_len);
1.66 +
1.67 + /*
1.68 + * check key length - note that we don't support keys larger
1.69 + * than 20 bytes yet
1.70 + */
1.71 + if (key_len > 20)
1.72 + return err_status_bad_param;
1.73 +
1.74 + /* check output length - should be less than 20 bytes */
1.75 + if (out_len > 20)
1.76 + return err_status_bad_param;
1.77 +
1.78 + /* allocate memory for auth and hmac_ctx_t structures */
1.79 + pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
1.80 + if (pointer == NULL)
1.81 + return err_status_alloc_fail;
1.82 +
1.83 + /* set pointers */
1.84 + *a = (auth_t *)pointer;
1.85 + (*a)->type = &hmac;
1.86 + (*a)->state = pointer + sizeof(auth_t);
1.87 + (*a)->out_len = out_len;
1.88 + (*a)->key_len = key_len;
1.89 + (*a)->prefix_len = 0;
1.90 +
1.91 + /* increment global count of all hmac uses */
1.92 + hmac.ref_count++;
1.93 +
1.94 + return err_status_ok;
1.95 +}
1.96 +
1.97 +err_status_t
1.98 +hmac_dealloc(auth_t *a) {
1.99 + extern auth_type_t hmac;
1.100 +
1.101 + /* zeroize entire state*/
1.102 + octet_string_set_to_zero((uint8_t *)a,
1.103 + sizeof(hmac_ctx_t) + sizeof(auth_t));
1.104 +
1.105 + /* free memory */
1.106 + crypto_free(a);
1.107 +
1.108 + /* decrement global count of all hmac uses */
1.109 + hmac.ref_count--;
1.110 +
1.111 + return err_status_ok;
1.112 +}
1.113 +
1.114 +err_status_t
1.115 +hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
1.116 + int i;
1.117 + uint8_t ipad[64];
1.118 +
1.119 + /*
1.120 + * check key length - note that we don't support keys larger
1.121 + * than 20 bytes yet
1.122 + */
1.123 + if (key_len > 20)
1.124 + return err_status_bad_param;
1.125 +
1.126 + /*
1.127 + * set values of ipad and opad by exoring the key into the
1.128 + * appropriate constant values
1.129 + */
1.130 + for (i=0; i < key_len; i++) {
1.131 + ipad[i] = key[i] ^ 0x36;
1.132 + state->opad[i] = key[i] ^ 0x5c;
1.133 + }
1.134 + /* set the rest of ipad, opad to constant values */
1.135 + for ( ; i < 64; i++) {
1.136 + ipad[i] = 0x36;
1.137 + ((uint8_t *)state->opad)[i] = 0x5c;
1.138 + }
1.139 +
1.140 + debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
1.141 +
1.142 + /* initialize sha1 context */
1.143 + sha1_init(&state->init_ctx);
1.144 +
1.145 + /* hash ipad ^ key */
1.146 + sha1_update(&state->init_ctx, ipad, 64);
1.147 + memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
1.148 +
1.149 + return err_status_ok;
1.150 +}
1.151 +
1.152 +err_status_t
1.153 +hmac_start(hmac_ctx_t *state) {
1.154 +
1.155 + memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
1.156 +
1.157 + return err_status_ok;
1.158 +}
1.159 +
1.160 +err_status_t
1.161 +hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
1.162 +
1.163 + debug_print(mod_hmac, "input: %s",
1.164 + octet_string_hex_string(message, msg_octets));
1.165 +
1.166 + /* hash message into sha1 context */
1.167 + sha1_update(&state->ctx, message, msg_octets);
1.168 +
1.169 + return err_status_ok;
1.170 +}
1.171 +
1.172 +err_status_t
1.173 +hmac_compute(hmac_ctx_t *state, const void *message,
1.174 + int msg_octets, int tag_len, uint8_t *result) {
1.175 + uint32_t hash_value[5];
1.176 + uint32_t H[5];
1.177 + int i;
1.178 +
1.179 + /* check tag length, return error if we can't provide the value expected */
1.180 + if (tag_len > 20)
1.181 + return err_status_bad_param;
1.182 +
1.183 + /* hash message, copy output into H */
1.184 + hmac_update(state, (const uint8_t*)message, msg_octets);
1.185 + sha1_final(&state->ctx, H);
1.186 +
1.187 + /*
1.188 + * note that we don't need to debug_print() the input, since the
1.189 + * function hmac_update() already did that for us
1.190 + */
1.191 + debug_print(mod_hmac, "intermediate state: %s",
1.192 + octet_string_hex_string((uint8_t *)H, 20));
1.193 +
1.194 + /* re-initialize hash context */
1.195 + sha1_init(&state->ctx);
1.196 +
1.197 + /* hash opad ^ key */
1.198 + sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
1.199 +
1.200 + /* hash the result of the inner hash */
1.201 + sha1_update(&state->ctx, (uint8_t *)H, 20);
1.202 +
1.203 + /* the result is returned in the array hash_value[] */
1.204 + sha1_final(&state->ctx, hash_value);
1.205 +
1.206 + /* copy hash_value to *result */
1.207 + for (i=0; i < tag_len; i++)
1.208 + result[i] = ((uint8_t *)hash_value)[i];
1.209 +
1.210 + debug_print(mod_hmac, "output: %s",
1.211 + octet_string_hex_string((uint8_t *)hash_value, tag_len));
1.212 +
1.213 + return err_status_ok;
1.214 +}
1.215 +
1.216 +
1.217 +/* begin test case 0 */
1.218 +
1.219 +uint8_t
1.220 +hmac_test_case_0_key[20] = {
1.221 + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1.222 + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1.223 + 0x0b, 0x0b, 0x0b, 0x0b
1.224 +};
1.225 +
1.226 +uint8_t
1.227 +hmac_test_case_0_data[8] = {
1.228 + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
1.229 +};
1.230 +
1.231 +uint8_t
1.232 +hmac_test_case_0_tag[20] = {
1.233 + 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
1.234 + 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
1.235 + 0xf1, 0x46, 0xbe, 0x00
1.236 +};
1.237 +
1.238 +auth_test_case_t
1.239 +hmac_test_case_0 = {
1.240 + 20, /* octets in key */
1.241 + hmac_test_case_0_key, /* key */
1.242 + 8, /* octets in data */
1.243 + hmac_test_case_0_data, /* data */
1.244 + 20, /* octets in tag */
1.245 + hmac_test_case_0_tag, /* tag */
1.246 + NULL /* pointer to next testcase */
1.247 +};
1.248 +
1.249 +/* end test case 0 */
1.250 +
1.251 +char hmac_description[] = "hmac sha-1 authentication function";
1.252 +
1.253 +/*
1.254 + * auth_type_t hmac is the hmac metaobject
1.255 + */
1.256 +
1.257 +auth_type_t
1.258 +hmac = {
1.259 + (auth_alloc_func) hmac_alloc,
1.260 + (auth_dealloc_func) hmac_dealloc,
1.261 + (auth_init_func) hmac_init,
1.262 + (auth_compute_func) hmac_compute,
1.263 + (auth_update_func) hmac_update,
1.264 + (auth_start_func) hmac_start,
1.265 + (char *) hmac_description,
1.266 + (int) 0, /* instance count */
1.267 + (auth_test_case_t *) &hmac_test_case_0,
1.268 + (debug_module_t *) &mod_hmac,
1.269 + (auth_type_id_t) HMAC_SHA1
1.270 +};
1.271 +
