/
hmac-sha1.c
131 lines (109 loc) · 3.33 KB
/
hmac-sha1.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/* hmac-sha1.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "sha1.h"
#include "hmac-sha1.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHORTONLY
void hmac_sha1_init(hmac_sha1_ctx_t *s, const void *key, uint16_t keylength_b){
uint8_t buffer[SHA1_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, SHA1_BLOCK_BYTES);
if (keylength_b > SHA1_BLOCK_BITS){
sha1((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha1_init(&(s->a));
sha1_nextBlock(&(s->a), buffer);
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD^OPAD;
}
sha1_init(&(s->b));
sha1_nextBlock(&(s->b), buffer);
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, SHA1_BLOCK_BYTES);
#endif
}
void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void *block){
sha1_nextBlock(&(s->a), block);
}
void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void *block, uint16_t length_b){
while(length_b>=SHA1_BLOCK_BITS){
sha1_nextBlock(&s->a, block);
block = (uint8_t*)block + SHA1_BLOCK_BYTES;
length_b -= SHA1_BLOCK_BITS;
}
sha1_lastBlock(&s->a, block, length_b);
}
void hmac_sha1_final(void *dest, hmac_sha1_ctx_t *s){
sha1_ctx2hash(dest, &s->a);
sha1_lastBlock(&s->b, dest, SHA1_HASH_BITS);
sha1_ctx2hash(dest, &(s->b));
}
#endif
/*
* keylength in bits!
* message length in bits!
*/
void hmac_sha1(void *dest, const void *key, uint16_t keylength_b, const void *msg, uint32_t msglength_b){ /* a one-shot*/
sha1_ctx_t s;
uint8_t i;
uint8_t buffer[SHA1_BLOCK_BYTES];
memset(buffer, 0, SHA1_BLOCK_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > SHA1_BLOCK_BITS){
sha1((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha1_init(&s);
sha1_nextBlock(&s, buffer);
while (msglength_b >= SHA1_BLOCK_BITS){
sha1_nextBlock(&s, msg);
msg = (uint8_t*)msg + SHA1_BLOCK_BYTES;
msglength_b -= SHA1_BLOCK_BITS;
}
sha1_lastBlock(&s, msg, msglength_b);
/* since buffer still contains key xor ipad we can do ... */
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD ^ OPAD;
}
sha1_ctx2hash(dest, &s); /* save inner hash temporary to dest */
sha1_init(&s);
sha1_nextBlock(&s, buffer);
sha1_lastBlock(&s, dest, SHA1_HASH_BITS);
sha1_ctx2hash(dest, &s);
}