|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* Copyright (c) 2017, Björn Esser <besser82@fedoraproject.org>
|
|
Packit |
13e0ca |
* All rights reserved.
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
* Redistribution and use in source and binary forms, with or without
|
|
Packit |
13e0ca |
* modification, are permitted provided that the following conditions
|
|
Packit |
13e0ca |
* are met:
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit |
13e0ca |
* notice, this list of conditions and the following disclaimer.
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit |
13e0ca |
* notice, this list of conditions and the following disclaimer in the
|
|
Packit |
13e0ca |
* documentation and/or other materials provided with the distribution.
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
Packit |
13e0ca |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
Packit |
13e0ca |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
Packit |
13e0ca |
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
Packit |
13e0ca |
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
Packit |
13e0ca |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
Packit |
13e0ca |
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
Packit |
13e0ca |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
Packit |
13e0ca |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
Packit |
13e0ca |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
Packit |
13e0ca |
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* Implement HMAC as described in RFC 2104
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
#include "crypt-port.h"
|
|
Packit |
13e0ca |
#include "alg-hmac-sha1.h"
|
|
Packit |
13e0ca |
#include "alg-sha1.h"
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
#include <stdlib.h>
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
#if INCLUDE_sha1
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/* Don't change these */
|
|
Packit |
13e0ca |
#define HMAC_IPAD 0x36
|
|
Packit |
13e0ca |
#define HMAC_OPAD 0x5c
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/* Nor this */
|
|
Packit |
13e0ca |
#ifndef HMAC_BLOCKSZ
|
|
Packit |
13e0ca |
# define HMAC_BLOCKSZ 64
|
|
Packit |
13e0ca |
# define HASH_LENGTH 20
|
|
Packit |
13e0ca |
#endif
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* The logic here is lifted straight from RFC 2104 except that
|
|
Packit |
13e0ca |
* rather than filling the pads with 0, copying in the key and then
|
|
Packit |
13e0ca |
* XOR with the pad byte, we just fill with the pad byte and
|
|
Packit |
13e0ca |
* XOR with the key.
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
void
|
|
Packit |
13e0ca |
hmac_sha1_process_data (const uint8_t *text, size_t text_len,
|
|
Packit |
13e0ca |
const uint8_t *key, size_t key_len,
|
|
Packit |
13e0ca |
void *resbuf)
|
|
Packit |
13e0ca |
{
|
|
Packit |
13e0ca |
struct sha1_ctx ctx;
|
|
Packit |
13e0ca |
/* Inner padding key XOR'd with ipad */
|
|
Packit |
13e0ca |
uint8_t k_ipad[HMAC_BLOCKSZ];
|
|
Packit |
13e0ca |
/* Outer padding key XOR'd with opad */
|
|
Packit |
13e0ca |
uint8_t k_opad[HMAC_BLOCKSZ];
|
|
Packit |
13e0ca |
/* HASH(key) if needed */
|
|
Packit |
13e0ca |
unsigned char tk[HASH_LENGTH];
|
|
Packit |
13e0ca |
size_t i;
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* If key is longer than HMAC_BLOCKSZ bytes
|
|
Packit |
13e0ca |
* reset it to key=HASH(key)
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
if (key_len > HMAC_BLOCKSZ)
|
|
Packit |
13e0ca |
{
|
|
Packit |
13e0ca |
struct sha1_ctx tctx;
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
sha1_init_ctx (&tctx);
|
|
Packit |
13e0ca |
sha1_process_bytes (key, &tctx, key_len);
|
|
Packit |
13e0ca |
sha1_finish_ctx(&tctx, &tk;;
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
key = tk;
|
|
Packit |
13e0ca |
key_len = HASH_LENGTH;
|
|
Packit |
13e0ca |
}
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* The HMAC_ transform looks like:
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
* HASH(K XOR opad, HASH(K XOR ipad, text))
|
|
Packit |
13e0ca |
*
|
|
Packit |
13e0ca |
* where K is an n byte key
|
|
Packit |
13e0ca |
* ipad is the byte HMAC_IPAD repeated HMAC_BLOCKSZ times
|
|
Packit |
13e0ca |
* opad is the byte HMAC_OPAD repeated HMAC_BLOCKSZ times
|
|
Packit |
13e0ca |
* and text is the data being protected
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* Fill the pads and XOR in the key
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
memset (k_ipad, HMAC_IPAD, sizeof k_ipad);
|
|
Packit |
13e0ca |
memset (k_opad, HMAC_OPAD, sizeof k_opad);
|
|
Packit |
13e0ca |
for (i = 0; i < key_len; i++)
|
|
Packit |
13e0ca |
{
|
|
Packit |
13e0ca |
k_ipad[i] ^= key[i];
|
|
Packit |
13e0ca |
k_opad[i] ^= key[i];
|
|
Packit |
13e0ca |
}
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* Perform inner HASH.
|
|
Packit |
13e0ca |
* Start with inner pad,
|
|
Packit |
13e0ca |
* then the text.
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
sha1_init_ctx (&ctx;;
|
|
Packit |
13e0ca |
sha1_process_bytes (k_ipad, &ctx, HMAC_BLOCKSZ);
|
|
Packit |
13e0ca |
sha1_process_bytes (text, &ctx, text_len);
|
|
Packit |
13e0ca |
sha1_finish_ctx(&ctx, resbuf);
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
/*
|
|
Packit |
13e0ca |
* Perform outer HASH.
|
|
Packit |
13e0ca |
* Start with the outer pad,
|
|
Packit |
13e0ca |
* then the result of the inner hash.
|
|
Packit |
13e0ca |
*/
|
|
Packit |
13e0ca |
sha1_init_ctx (&ctx;;
|
|
Packit |
13e0ca |
sha1_process_bytes (k_opad, &ctx, HMAC_BLOCKSZ);
|
|
Packit |
13e0ca |
sha1_process_bytes (resbuf, &ctx, HASH_LENGTH);
|
|
Packit |
13e0ca |
sha1_finish_ctx(&ctx, resbuf);
|
|
Packit |
13e0ca |
}
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
#endif
|