Prepare for V7.2.0 release.

[freertos] / FreeRTOS-Plus / CyaSSL / ctaocrypt / src / hmac.c

/* hmac.c
 *
 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
 * CyaSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * CyaSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

#ifdef HAVE_CONFIG_H
    #include <config.h>
#endif

#ifndef NO_HMAC

#include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/error.h>


static int InitHmac(Hmac* hmac, int type)
{
    hmac->innerHashKeyed = 0;
    hmac->macType = (byte)type;

    if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
        return BAD_FUNC_ARG;

    if (type == MD5)
        InitMd5(&hmac->hash.md5);
    else if (type == SHA)
        InitSha(&hmac->hash.sha);
#ifndef NO_SHA256
    else if (type == SHA256)
        InitSha256(&hmac->hash.sha256);
#endif
#ifdef CYASSL_SHA384
    else if (type == SHA384)
        InitSha384(&hmac->hash.sha384);
#endif

    return 0;
}


void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
    byte*  ip = (byte*) hmac->ipad;
    byte*  op = (byte*) hmac->opad;
    word32 i, hmac_block_size = MD5_BLOCK_SIZE;

    InitHmac(hmac, type);

    if (hmac->macType == MD5) {
        if (length <= MD5_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            Md5Update(&hmac->hash.md5, key, length);
            Md5Final(&hmac->hash.md5, ip);
            length = MD5_DIGEST_SIZE;
        }
    }
    else if (hmac->macType == SHA) {
                hmac_block_size = SHA_BLOCK_SIZE;
        if (length <= SHA_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            ShaUpdate(&hmac->hash.sha, key, length);
            ShaFinal(&hmac->hash.sha, ip);
            length = SHA_DIGEST_SIZE;
        }
    }
#ifndef NO_SHA256
    else if (hmac->macType == SHA256) {
                hmac_block_size = SHA256_BLOCK_SIZE;
        if (length <= SHA256_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            Sha256Update(&hmac->hash.sha256, key, length);
            Sha256Final(&hmac->hash.sha256, ip);
            length = SHA256_DIGEST_SIZE;
        }
    }
#endif
#ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384) {
        hmac_block_size = SHA384_BLOCK_SIZE;
        if (length <= SHA384_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            Sha384Update(&hmac->hash.sha384, key, length);
            Sha384Final(&hmac->hash.sha384, ip);
            length = SHA384_DIGEST_SIZE;
        }
    }
#endif
    XMEMSET(ip + length, 0, hmac_block_size - length);

    for(i = 0; i < hmac_block_size; i++) {
        op[i] = ip[i] ^ OPAD;
        ip[i] ^= IPAD;
    }
}


static void HmacKeyInnerHash(Hmac* hmac)
{
    if (hmac->macType == MD5)
        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
    else if (hmac->macType == SHA)
        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
#ifndef NO_SHA256
    else if (hmac->macType == SHA256)
        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
#endif
#ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384)
        Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
#endif

    hmac->innerHashKeyed = 1;
}


void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
    if (!hmac->innerHashKeyed)
        HmacKeyInnerHash(hmac);

    if (hmac->macType == MD5)
        Md5Update(&hmac->hash.md5, msg, length);
    else if (hmac->macType == SHA)
        ShaUpdate(&hmac->hash.sha, msg, length);
#ifndef NO_SHA256
    else if (hmac->macType == SHA256)
        Sha256Update(&hmac->hash.sha256, msg, length);
#endif
#ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384)
        Sha384Update(&hmac->hash.sha384, msg, length);
#endif

}


void HmacFinal(Hmac* hmac, byte* hash)
{
    if (!hmac->innerHashKeyed)
        HmacKeyInnerHash(hmac);

    if (hmac->macType == MD5) {
        Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);

        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
        Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);

        Md5Final(&hmac->hash.md5, hash);
    }
    else if (hmac->macType == SHA) {
        ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);

        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
        ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);

        ShaFinal(&hmac->hash.sha, hash);
    }
#ifndef NO_SHA256
    else if (hmac->macType == SHA256) {
        Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);

        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE);
        Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
                     SHA256_DIGEST_SIZE);

        Sha256Final(&hmac->hash.sha256, hash);
    }
#endif
#ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384) {
        Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);

        Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE);
        Sha384Update(&hmac->hash.sha384, (byte*) hmac->innerHash,
                     SHA384_DIGEST_SIZE);

        Sha384Final(&hmac->hash.sha384, hash);
    }
#endif

    hmac->innerHashKeyed = 0;
}


#endif /* NO_HMAC */