2 ---------------------------------------------------------------------------
3 Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
5 The redistribution and use of this software (with or without changes)
6 is allowed without the payment of fees or royalties provided that:
8 source code distributions include the above copyright notice, this
9 list of conditions and the following disclaimer;
11 binary distributions include the above copyright notice, this list
12 of conditions and the following disclaimer in their documentation.
14 This software is provided 'as is' with no explicit or implied warranties
15 in respect of its operation, including, but not limited to, correctness
16 and fitness for purpose.
17 ---------------------------------------------------------------------------
18 Issue Date: 20/12/2007
20 This is an implementation of HMAC, the FIPS standard keyed hash function
25 #if defined(__cplusplus)
30 /* initialise the HMAC context to zero */
31 int hmac_sha_begin(enum hmac_hash hash, hmac_ctx cx[1])
33 memset(cx, 0, sizeof(hmac_ctx));
38 cx->f_begin = (hf_begin *)sha1_begin;
39 cx->f_hash = (hf_hash *)sha1_hash;
40 cx->f_end = (hf_end *)sha1_end;
41 cx->input_len = SHA1_BLOCK_SIZE;
42 cx->output_len = SHA1_DIGEST_SIZE;
47 cx->f_begin = (hf_begin *)sha224_begin;
48 cx->f_hash = (hf_hash *)sha224_hash;
49 cx->f_end = (hf_end *)sha224_end;
50 cx->input_len = SHA224_BLOCK_SIZE;
51 cx->output_len = SHA224_DIGEST_SIZE;
56 cx->f_begin = (hf_begin *)sha256_begin;
57 cx->f_hash = (hf_hash *)sha256_hash;
58 cx->f_end = (hf_end *)sha256_end;
59 cx->input_len = SHA256_BLOCK_SIZE;
60 cx->output_len = SHA256_DIGEST_SIZE;
65 cx->f_begin = (hf_begin *)sha384_begin;
66 cx->f_hash = (hf_hash *)sha384_hash;
67 cx->f_end = (hf_end *)sha384_end;
68 cx->input_len = SHA384_BLOCK_SIZE;
69 cx->output_len = SHA384_DIGEST_SIZE;
74 cx->f_begin = (hf_begin *)sha512_begin;
75 cx->f_hash = (hf_hash *)sha512_hash;
76 cx->f_end = (hf_end *)sha512_end;
77 cx->input_len = SHA512_BLOCK_SIZE;
78 cx->output_len = SHA512_DIGEST_SIZE;
81 cx->f_begin = (hf_begin *)sha512_256_begin;
82 cx->f_hash = (hf_hash *)sha512_256_hash;
83 cx->f_end = (hf_end *)sha512_256_end;
84 cx->input_len = SHA512_256_BLOCK_SIZE;
85 cx->output_len = SHA512_256_DIGEST_SIZE;
88 cx->f_begin = (hf_begin *)sha512_224_begin;
89 cx->f_hash = (hf_hash *)sha512_224_hash;
90 cx->f_end = (hf_end *)sha512_224_end;
91 cx->input_len = SHA512_224_BLOCK_SIZE;
92 cx->output_len = SHA512_224_DIGEST_SIZE;
95 cx->f_begin = (hf_begin *)sha512_192_begin;
96 cx->f_hash = (hf_hash *)sha512_192_hash;
97 cx->f_end = (hf_end *)sha512_192_end;
98 cx->input_len = SHA512_192_BLOCK_SIZE;
99 cx->output_len = SHA512_192_DIGEST_SIZE;
101 case HMAC_SHA512_128:
102 cx->f_begin = (hf_begin *)sha512_128_begin;
103 cx->f_hash = (hf_hash *)sha512_128_hash;
104 cx->f_end = (hf_begin *)sha512_128_end;
105 cx->input_len = SHA512_128_BLOCK_SIZE;
106 cx->output_len = SHA512_128_DIGEST_SIZE;
110 return (int)cx->output_len;
113 /* input the HMAC key (can be called multiple times) */
114 int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
116 if(cx->klen == HMAC_IN_DATA) /* error if further key input */
117 return EXIT_FAILURE; /* is attempted in data mode */
119 if(cx->klen + key_len > cx->input_len) /* if the key has to be hashed */
121 if(cx->klen <= cx->input_len) /* if the hash has not yet been */
122 { /* started, initialise it and */
123 cx->f_begin(cx->sha_ctx); /* hash stored key characters */
124 cx->f_hash(cx->key, cx->klen, cx->sha_ctx);
127 cx->f_hash(key, key_len, cx->sha_ctx); /* hash long key data into hash */
129 else /* otherwise store key data */
130 memcpy(cx->key + cx->klen, key, key_len);
132 cx->klen += key_len; /* update the key length count */
136 /* input the HMAC data (can be called multiple times) - */
137 /* note that this call terminates the key input phase */
138 void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
141 if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
143 if(cx->klen > cx->input_len) /* if key is being hashed */
144 { /* complete the hash and */
145 cx->f_end(cx->key, cx->sha_ctx); /* store the result as the */
146 cx->klen = cx->output_len; /* key and set new length */
149 /* pad the key if necessary */
150 memset(cx->key + cx->klen, 0, cx->input_len - cx->klen);
152 /* xor ipad into key value */
153 for(i = 0; i < (cx->input_len >> 2); ++i)
154 ((uint32_t*)cx->key)[i] ^= 0x36363636;
156 /* and start hash operation */
157 cx->f_begin(cx->sha_ctx);
158 cx->f_hash(cx->key, cx->input_len, cx->sha_ctx);
160 /* mark as now in data mode */
161 cx->klen = HMAC_IN_DATA;
164 /* hash the data (if any) */
166 cx->f_hash(data, data_len, cx->sha_ctx);
169 /* compute and output the MAC value */
170 void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
171 { unsigned char dig[HMAC_MAX_OUTPUT_SIZE];
174 /* if no data has been entered perform a null data phase */
175 if(cx->klen != HMAC_IN_DATA)
176 hmac_sha_data((const unsigned char*)0, 0, cx);
178 cx->f_end(dig, cx->sha_ctx); /* complete the inner hash */
180 /* set outer key value using opad and removing ipad */
181 for(i = 0; i < (cx->input_len >> 2); ++i)
182 ((uint32_t*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
184 /* perform the outer hash operation */
185 cx->f_begin(cx->sha_ctx);
186 cx->f_hash(cx->key, cx->input_len, cx->sha_ctx);
187 cx->f_hash(dig, cx->output_len, cx->sha_ctx);
188 cx->f_end(dig, cx->sha_ctx);
190 /* output the hash value */
191 for(i = 0; i < mac_len; ++i)
195 /* 'do it all in one go' subroutine */
196 void hmac_sha(enum hmac_hash hash, const unsigned char key[], unsigned long key_len,
197 const unsigned char data[], unsigned long data_len,
198 unsigned char mac[], unsigned long mac_len)
201 hmac_sha_begin(hash, cx);
202 hmac_sha_key(key, key_len, cx);
203 hmac_sha_data(data, data_len, cx);
204 hmac_sha_end(mac, mac_len, cx);
207 #if defined(__cplusplus)