iPXE
Functions
hmac.c File Reference

Keyed-Hashing for Message Authentication. More...

#include <string.h>
#include <assert.h>
#include <ipxe/crypto.h>
#include <ipxe/hmac.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
static void hmac_reduce_key (struct digest_algorithm *digest, void *key, size_t *key_len)
 Reduce HMAC key length.
void hmac_init (struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len)
 Initialise HMAC.
void hmac_final (struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len, void *hmac)
 Finalise HMAC.

Detailed Description

Keyed-Hashing for Message Authentication.

Definition in file hmac.c.


Function Documentation

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )
static void hmac_reduce_key ( struct digest_algorithm digest,
void *  key,
size_t key_len 
) [static]

Reduce HMAC key length.

Parameters:
digestDigest algorithm to use
digest_ctxDigest context
keyKey
key_lenLength of key

Definition at line 57 of file hmac.c.

References digest_algorithm::ctxsize, digest_final(), digest_init(), digest_update(), and digest_algorithm::digestsize.

Referenced by hmac_final(), and hmac_init().

                                                           {
        uint8_t digest_ctx[digest->ctxsize];

        digest_init ( digest, digest_ctx );
        digest_update ( digest, digest_ctx, key, *key_len );
        digest_final ( digest, digest_ctx, key );
        *key_len = digest->digestsize;
}
void hmac_init ( struct digest_algorithm digest,
void *  digest_ctx,
void *  key,
size_t key_len 
)

Initialise HMAC.

Parameters:
digestDigest algorithm to use
digest_ctxDigest context
keyKey
key_lenLength of key

The length of the key should be less than the block size of the digest algorithm being used. (If the key length is greater, it will be replaced with its own digest, and key_len will be updated accordingly).

Definition at line 80 of file hmac.c.

References digest_algorithm::blocksize, digest_init(), digest_update(), hmac_reduce_key(), memcpy(), and memset().

Referenced by ccmp_kie_mic(), hmac_drbg_update_key(), hmac_drbg_update_value(), ntlm_key(), ntlm_response(), pbkdf2_sha1_f(), peerdist_info_passphrase_okx(), peerdist_info_segment_hash(), prf_sha1(), tkip_kie_mic(), tls_hmac_init(), and tls_p_hash_va().

                                              {
        unsigned char k_ipad[digest->blocksize];
        unsigned int i;

        /* Reduce key if necessary */
        if ( *key_len > sizeof ( k_ipad ) )
                hmac_reduce_key ( digest, key, key_len );

        /* Construct input pad */
        memset ( k_ipad, 0, sizeof ( k_ipad ) );
        memcpy ( k_ipad, key, *key_len );
        for ( i = 0 ; i < sizeof ( k_ipad ) ; i++ ) {
                k_ipad[i] ^= 0x36;
        }
        
        /* Start inner hash */
        digest_init ( digest, digest_ctx );
        digest_update ( digest, digest_ctx, k_ipad, sizeof ( k_ipad ) );
}
void hmac_final ( struct digest_algorithm digest,
void *  digest_ctx,
void *  key,
size_t key_len,
void *  hmac 
)

Finalise HMAC.

Parameters:
digestDigest algorithm to use
digest_ctxDigest context
keyKey
key_lenLength of key
hmacHMAC digest to fill in

The length of the key should be less than the block size of the digest algorithm being used. (If the key length is greater, it will be replaced with its own digest, and key_len will be updated accordingly).

Definition at line 115 of file hmac.c.

References digest_algorithm::blocksize, digest_final(), digest_init(), digest_update(), digest_algorithm::digestsize, hmac_reduce_key(), memcpy(), and memset().

Referenced by ccmp_kie_mic(), hmac_drbg_update_key(), hmac_drbg_update_value(), ntlm_key(), ntlm_response(), pbkdf2_sha1_f(), peerdist_info_passphrase_okx(), peerdist_info_segment_hash(), prf_sha1(), tkip_kie_mic(), tls_hmac_final(), and tls_p_hash_va().

                                                           {
        unsigned char k_opad[digest->blocksize];
        unsigned int i;

        /* Reduce key if necessary */
        if ( *key_len > sizeof ( k_opad ) )
                hmac_reduce_key ( digest, key, key_len );

        /* Construct output pad */
        memset ( k_opad, 0, sizeof ( k_opad ) );
        memcpy ( k_opad, key, *key_len );
        for ( i = 0 ; i < sizeof ( k_opad ) ; i++ ) {
                k_opad[i] ^= 0x5c;
        }
        
        /* Finish inner hash */
        digest_final ( digest, digest_ctx, hmac );

        /* Perform outer hash */
        digest_init ( digest, digest_ctx );
        digest_update ( digest, digest_ctx, k_opad, sizeof ( k_opad ) );
        digest_update ( digest, digest_ctx, hmac, digest->digestsize );
        digest_final ( digest, digest_ctx, hmac );
}