iPXE
hmac.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  *
23  * Alternatively, you may distribute this code in source or binary
24  * form, with or without modification, provided that the following
25  * conditions are met:
26  *
27  * 1. Redistributions of source code must retain the above copyright
28  * notice, this list of conditions and the above disclaimer.
29  *
30  * 2. Redistributions in binary form must reproduce the above
31  * copyright notice, this list of conditions and the above
32  * disclaimer in the documentation and/or other materials provided
33  * with the distribution.
34  */
35 
36 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
37 
38 /**
39  * @file
40  *
41  * Keyed-Hashing for Message Authentication
42  */
43 
44 #include <string.h>
45 #include <assert.h>
46 #include <ipxe/crypto.h>
47 #include <ipxe/hmac.h>
48 
49 /**
50  * Reduce HMAC key length
51  *
52  * @v digest Digest algorithm to use
53  * @v digest_ctx Digest context
54  * @v key Key
55  * @v key_len Length of key
56  */
57 static void hmac_reduce_key ( struct digest_algorithm *digest,
58  void *key, size_t *key_len ) {
59  uint8_t digest_ctx[digest->ctxsize];
60 
61  digest_init ( digest, digest_ctx );
62  digest_update ( digest, digest_ctx, key, *key_len );
63  digest_final ( digest, digest_ctx, key );
64  *key_len = digest->digestsize;
65 }
66 
67 /**
68  * Initialise HMAC
69  *
70  * @v digest Digest algorithm to use
71  * @v digest_ctx Digest context
72  * @v key Key
73  * @v key_len Length of key
74  *
75  * The length of the key should be less than the block size of the
76  * digest algorithm being used. (If the key length is greater, it
77  * will be replaced with its own digest, and key_len will be updated
78  * accordingly).
79  */
80 void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
81  void *key, size_t *key_len ) {
82  unsigned char k_ipad[digest->blocksize];
83  unsigned int i;
84 
85  /* Reduce key if necessary */
86  if ( *key_len > sizeof ( k_ipad ) )
87  hmac_reduce_key ( digest, key, key_len );
88 
89  /* Construct input pad */
90  memset ( k_ipad, 0, sizeof ( k_ipad ) );
91  memcpy ( k_ipad, key, *key_len );
92  for ( i = 0 ; i < sizeof ( k_ipad ) ; i++ ) {
93  k_ipad[i] ^= 0x36;
94  }
95 
96  /* Start inner hash */
97  digest_init ( digest, digest_ctx );
98  digest_update ( digest, digest_ctx, k_ipad, sizeof ( k_ipad ) );
99 }
100 
101 /**
102  * Finalise HMAC
103  *
104  * @v digest Digest algorithm to use
105  * @v digest_ctx Digest context
106  * @v key Key
107  * @v key_len Length of key
108  * @v hmac HMAC digest to fill in
109  *
110  * The length of the key should be less than the block size of the
111  * digest algorithm being used. (If the key length is greater, it
112  * will be replaced with its own digest, and key_len will be updated
113  * accordingly).
114  */
115 void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
116  void *key, size_t *key_len, void *hmac ) {
117  unsigned char k_opad[digest->blocksize];
118  unsigned int i;
119 
120  /* Reduce key if necessary */
121  if ( *key_len > sizeof ( k_opad ) )
122  hmac_reduce_key ( digest, key, key_len );
123 
124  /* Construct output pad */
125  memset ( k_opad, 0, sizeof ( k_opad ) );
126  memcpy ( k_opad, key, *key_len );
127  for ( i = 0 ; i < sizeof ( k_opad ) ; i++ ) {
128  k_opad[i] ^= 0x5c;
129  }
130 
131  /* Finish inner hash */
132  digest_final ( digest, digest_ctx, hmac );
133 
134  /* Perform outer hash */
135  digest_init ( digest, digest_ctx );
136  digest_update ( digest, digest_ctx, k_opad, sizeof ( k_opad ) );
137  digest_update ( digest, digest_ctx, hmac, digest->digestsize );
138  digest_final ( digest, digest_ctx, hmac );
139 }
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition: crypto.h:177
void hmac_final(struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len, void *hmac)
Finalise HMAC.
Definition: hmac.c:115
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition: crypto.h:182
Cryptographic API.
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
void * memcpy(void *dest, const void *src, size_t len) __nonnull
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
Assertions.
Keyed-Hashing for Message Authentication.
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition: crypto.h:172
static void hmac_reduce_key(struct digest_algorithm *digest, void *key, size_t *key_len)
Reduce HMAC key length.
Definition: hmac.c:57
unsigned char uint8_t
Definition: stdint.h:10
void hmac_init(struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len)
Initialise HMAC.
Definition: hmac.c:80
A message digest algorithm.
Definition: crypto.h:16
String functions.
union @375 key
Sense key.
Definition: scsi.h:18
void * memset(void *dest, int character, size_t len) __nonnull