2 * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL
);
29 * Keyed-Hashing for Message Authentication
34 #include <ipxe/crypto.h>
35 #include <ipxe/hmac.h>
38 * Reduce HMAC key length
40 * @v digest Digest algorithm to use
41 * @v digest_ctx Digest context
43 * @v key_len Length of key
45 static void hmac_reduce_key ( struct digest_algorithm
*digest
,
46 void *key
, size_t *key_len
) {
47 uint8_t digest_ctx
[digest
->ctxsize
];
49 digest_init ( digest
, digest_ctx
);
50 digest_update ( digest
, digest_ctx
, key
, *key_len
);
51 digest_final ( digest
, digest_ctx
, key
);
52 *key_len
= digest
->digestsize
;
58 * @v digest Digest algorithm to use
59 * @v digest_ctx Digest context
61 * @v key_len Length of key
63 * The length of the key should be less than the block size of the
64 * digest algorithm being used. (If the key length is greater, it
65 * will be replaced with its own digest, and key_len will be updated
68 void hmac_init ( struct digest_algorithm
*digest
, void *digest_ctx
,
69 void *key
, size_t *key_len
) {
70 unsigned char k_ipad
[digest
->blocksize
];
73 /* Reduce key if necessary */
74 if ( *key_len
> sizeof ( k_ipad
) )
75 hmac_reduce_key ( digest
, key
, key_len
);
77 /* Construct input pad */
78 memset ( k_ipad
, 0, sizeof ( k_ipad
) );
79 memcpy ( k_ipad
, key
, *key_len
);
80 for ( i
= 0 ; i
< sizeof ( k_ipad
) ; i
++ ) {
84 /* Start inner hash */
85 digest_init ( digest
, digest_ctx
);
86 digest_update ( digest
, digest_ctx
, k_ipad
, sizeof ( k_ipad
) );
92 * @v digest Digest algorithm to use
93 * @v digest_ctx Digest context
95 * @v key_len Length of key
96 * @v hmac HMAC digest to fill in
98 * The length of the key should be less than the block size of the
99 * digest algorithm being used. (If the key length is greater, it
100 * will be replaced with its own digest, and key_len will be updated
103 void hmac_final ( struct digest_algorithm
*digest
, void *digest_ctx
,
104 void *key
, size_t *key_len
, void *hmac
) {
105 unsigned char k_opad
[digest
->blocksize
];
108 /* Reduce key if necessary */
109 if ( *key_len
> sizeof ( k_opad
) )
110 hmac_reduce_key ( digest
, key
, key_len
);
112 /* Construct output pad */
113 memset ( k_opad
, 0, sizeof ( k_opad
) );
114 memcpy ( k_opad
, key
, *key_len
);
115 for ( i
= 0 ; i
< sizeof ( k_opad
) ; i
++ ) {
119 /* Finish inner hash */
120 digest_final ( digest
, digest_ctx
, hmac
);
122 /* Perform outer hash */
123 digest_init ( digest
, digest_ctx
);
124 digest_update ( digest
, digest_ctx
, k_opad
, sizeof ( k_opad
) );
125 digest_update ( digest
, digest_ctx
, hmac
, digest
->digestsize
);
126 digest_final ( digest
, digest_ctx
, hmac
);