1
0

hmac_sha256.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
  1. /*
  2. * hmac_sha1.c
  3. *
  4. * Version 1.0.0
  5. *
  6. * Written by Aaron D. Gifford <[email protected]>
  7. *
  8. * Copyright 1998, 2000 Aaron D. Gifford. All rights reserved.
  9. *
  10. * Redistribution and use in source and binary forms, with or without
  11. * modification, are permitted provided that the following conditions
  12. * are met:
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in the
  17. * documentation and/or other materials provided with the distribution.
  18. * 3. Neither the name of the copyright holder nor the names of contributors
  19. * may be used to endorse or promote products derived from this software
  20. * without specific prior written permission.
  21. *
  22. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS ``AS IS'' AND
  23. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTORS BE LIABLE
  26. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32. * SUCH DAMAGE.
  33. */
  34. /*
  35. * The HMAC-SHA256 has is defined as:
  36. *
  37. * HMAC = SHA256(K XOR opad, SHA256(K XOR ipad, message))
  38. *
  39. * "opad" is 64 bytes filled with 0x5c
  40. * "ipad" is 64 bytes filled with 0x36
  41. * "K" is the key material
  42. *
  43. * If the key material "K" is longer than 64 bytes, then the key material
  44. * will first be digested (K = SHA1(K)) resulting in a 20-byte hash.
  45. * If the key material is shorter than 64 bytes, it is padded with zero
  46. * bytes.
  47. *
  48. * This code precomputes "K XOR ipad" and "K XOR opad" since that just makes
  49. * sense.
  50. *
  51. * This code was heavily influenced by Eric A. Young's in how the interface
  52. * was designed and how this file is formatted.
  53. */
  54. #ifndef __HMAC_SHA256_H__
  55. #define __HMAC_SHA256_H__
  56. #include "hmac_sha256.h"
  57. #include <string.h>
  58. #ifdef __cplusplus
  59. extern "C" {
  60. #endif
  61. /* Filler bytes: */
  62. #define IPAD_BYTE 0x36
  63. #define OPAD_BYTE 0x5c
  64. #define ZERO_BYTE 0x00
  65. void HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx) {
  66. memset(&(ctx->key[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  67. memset(&(ctx->ipad[0]), IPAD_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  68. memset(&(ctx->opad[0]), OPAD_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  69. ctx->keylen = 0;
  70. ctx->hashkey = 0;
  71. }
  72. void HMAC_SHA256_UpdateKey(HMAC_SHA256_CTX *ctx, unsigned char *key, unsigned int keylen) {
  73. /* Do we have anything to work with? If not, return right away. */
  74. if (keylen < 1)
  75. return;
  76. /*
  77. * Is the total key length (current data and any previous data)
  78. * longer than the hash block length?
  79. */
  80. if (ctx->hashkey !=0 || (keylen + ctx->keylen) > HMAC_SHA256_BLOCK_LENGTH) {
  81. /*
  82. * Looks like the key data exceeds the hash block length,
  83. * so that means we use a hash of the key as the key data
  84. * instead.
  85. */
  86. if (ctx->hashkey == 0) {
  87. /*
  88. * Ah, we haven't started hashing the key
  89. * data yet, so we must init. the hash
  90. * monster to begin feeding it.
  91. */
  92. /* Set the hash key flag to true (non-zero) */
  93. ctx->hashkey = 1;
  94. /* Init. the hash beastie... */
  95. SHA256_Init(&ctx->shactx);
  96. /* If there's any previous key data, use it */
  97. if (ctx->keylen > 0) {
  98. SHA256_Update(&ctx->shactx, &(ctx->key[0]), ctx->keylen);
  99. }
  100. /*
  101. * Reset the key length to the future true
  102. * key length, HMAC_SHA256_DIGEST_LENGTH
  103. */
  104. ctx->keylen = HMAC_SHA256_DIGEST_LENGTH;
  105. }
  106. /* Now feed the latest key data to the has monster */
  107. SHA256_Update(&ctx->shactx, key, keylen);
  108. } else {
  109. /*
  110. * Key data length hasn't yet exceeded the hash
  111. * block length (HMAC_SHA1_BLOCK_LENGTH), so theres
  112. * no need to hash the key data (yet). Copy it
  113. * into the key buffer.
  114. */
  115. memcpy(&(ctx->key[ctx->keylen]), key, keylen);
  116. ctx->keylen += keylen;
  117. }
  118. }
  119. void HMAC_SHA256_EndKey(HMAC_SHA256_CTX *ctx) {
  120. unsigned char *ipad, *opad, *key;
  121. int i;
  122. unsigned int j;
  123. /* Did we end up hashing the key? */
  124. if (ctx->hashkey) {
  125. memset(&(ctx->key[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  126. /* Yes, so finish up and copy the key data */
  127. SHA256_Final(&(ctx->key[0]), &ctx->shactx);
  128. /* ctx->keylen was already set correctly */
  129. }
  130. /* Pad the key if necessary with zero bytes */
  131. if ((i = HMAC_SHA256_BLOCK_LENGTH - ctx->keylen) > 0) {
  132. memset(&(ctx->key[ctx->keylen]), ZERO_BYTE, i);
  133. }
  134. ipad = &(ctx->ipad[0]);
  135. opad = &(ctx->opad[0]);
  136. /* Precompute the respective pads XORed with the key */
  137. key = &(ctx->key[0]);
  138. for (j = 0; j < ctx->keylen; j++, key++) {
  139. /* XOR the key byte with the appropriate pad filler byte */
  140. *ipad++ ^= *key;
  141. *opad++ ^= *key;
  142. }
  143. }
  144. void HMAC_SHA256_StartMessage(HMAC_SHA256_CTX *ctx) {
  145. SHA256_Init(&ctx->shactx);
  146. SHA256_Update(&ctx->shactx, &(ctx->ipad[0]), HMAC_SHA256_BLOCK_LENGTH);
  147. }
  148. void HMAC_SHA256_UpdateMessage(HMAC_SHA256_CTX *ctx, unsigned char *data, unsigned int datalen) {
  149. SHA256_Update(&ctx->shactx, data, datalen);
  150. }
  151. void HMAC_SHA256_EndMessage(unsigned char *out, HMAC_SHA256_CTX *ctx) {
  152. unsigned char buf[HMAC_SHA256_DIGEST_LENGTH];
  153. SHA256_CTX *c = &ctx->shactx;
  154. SHA256_Final(&(buf[0]), c);
  155. SHA256_Init(c);
  156. SHA256_Update(c, &(ctx->opad[0]), HMAC_SHA256_BLOCK_LENGTH);
  157. SHA256_Update(c, buf, HMAC_SHA256_DIGEST_LENGTH);
  158. SHA256_Final(out, c);
  159. }
  160. void HMAC_SHA256_Done(HMAC_SHA256_CTX *ctx) {
  161. /* Just to be safe, toast all context data */
  162. memset(&(ctx->ipad[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  163. memset(&(ctx->ipad[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  164. memset(&(ctx->key[0]), ZERO_BYTE, HMAC_SHA256_BLOCK_LENGTH);
  165. ctx->keylen = 0;
  166. ctx->hashkey = 0;
  167. }
  168. #ifdef __cplusplus
  169. }
  170. #endif
  171. #endif