int pbkdf2(const char *pass, const char *salt, long iter, const EVP_MD *digest, unsigned char *out)
{
unsigned char digtmp[32], itmp[4];
int k, mdlen, saltlen = strlen(salt);
unsigned long j;
HMAC_CTX hctx_tpl, hctx;
mdlen = EVP_MD_size(digest);
HMAC_CTX_init(&hctx_tpl);
HMAC_Init_ex(&hctx_tpl, pass, strlen(pass), digest, NULL);
itmp[0] = itmp[1] = itmp[2] = 0; itmp[3] = 1;
HMAC_CTX_copy(&hctx, &hctx_tpl); HMAC_Update(&hctx, (const unsigned char*)salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); HMAC_CTX_cleanup(&hctx);
memcpy(out, digtmp, mdlen);
for (j = 1; j < iter; j++) {
HMAC_CTX_copy(&hctx, &hctx_tpl); HMAC_Update(&hctx, digtmp, mdlen); HMAC_Final(&hctx, digtmp, NULL); HMAC_CTX_cleanup(&hctx);
for (k = 0; k < mdlen; k++) out[k] ^= digtmp[k];
}
HMAC_CTX_cleanup(&hctx_tpl);
return 1;
}
static VALUE
ossl_hmac_copy(VALUE self, VALUE other)
{
HMAC_CTX *ctx1, *ctx2;
rb_check_frozen(self);
if (self == other) return self;
GetHMAC(self, ctx1);
SafeGetHMAC(other, ctx2);
HMAC_CTX_copy(ctx1, ctx2);
return self;
}
int
hmac_reinit(mac_ctx_t *mctx)
{
int cksum = mctx->mac_cksum;
if (cksum == CKSUM_SKEIN256 || cksum == CKSUM_SKEIN512) {
memcpy(mctx->mac_ctx, mctx->mac_ctx_reinit, sizeof (Skein_512_Ctxt_t));
} else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) {
if (cksum_provider == PROVIDER_OPENSSL) {
HMAC_CTX_copy(mctx->mac_ctx, mctx->mac_ctx_reinit);
} else {
memcpy(mctx->mac_ctx, mctx->mac_ctx_reinit, sizeof (HMAC_SHA256_Context));
}
} else if (cksum == CKSUM_SHA512) {
HMAC_CTX_copy(mctx->mac_ctx, mctx->mac_ctx_reinit);
} else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) {
memcpy(mctx->mac_ctx, mctx->mac_ctx_reinit, sizeof (hashState));
} else {
return (-1);
}
return (0);
}
static VALUE
ossl_hmac_copy(VALUE self, VALUE other)
{
HMAC_CTX *ctx1, *ctx2;
rb_check_frozen(self);
if (self == other) return self;
GetHMAC(self, ctx1);
GetHMAC(other, ctx2);
if (!HMAC_CTX_copy(ctx1, ctx2))
ossl_raise(eHMACError, "HMAC_CTX_copy");
return self;
}
int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt)
{
int i, padlen;
const int blksize = 16;
unsigned int hmac_len = 20;
int crypt_len;
HMAC_CTX hmac_ctx;
/* This gets much more fun if the IV is variable-length */
pkt->esp.spi = vpninfo->esp_out.spi;
pkt->esp.seq = htonl(vpninfo->esp_out.seq++);
if (!RAND_bytes((void *)&pkt->esp.iv, sizeof(pkt->esp.iv))) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to generate random IV for ESP packet:\n"));
openconnect_report_ssl_errors(vpninfo);
return -EIO;
}
padlen = blksize - 1 - ((pkt->len + 1) % blksize);
for (i=0; i<padlen; i++)
pkt->data[pkt->len + i] = i + 1;
pkt->data[pkt->len + padlen] = padlen;
pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */
if (!EVP_EncryptInit_ex(&vpninfo->esp_out.cipher, NULL, NULL, NULL,
pkt->esp.iv)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set up encryption context for ESP packet:\n"));
openconnect_report_ssl_errors(vpninfo);
return -EINVAL;
}
crypt_len = pkt->len + padlen + 2;
if (!EVP_EncryptUpdate(&vpninfo->esp_out.cipher, pkt->data, &crypt_len,
pkt->data, crypt_len)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to encrypt ESP packet:\n"));
openconnect_report_ssl_errors(vpninfo);
return -EINVAL;
}
HMAC_CTX_copy(&hmac_ctx, &vpninfo->esp_out.hmac);
HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + crypt_len);
HMAC_Final(&hmac_ctx, pkt->data + crypt_len, &hmac_len);
HMAC_CTX_cleanup(&hmac_ctx);
return sizeof(pkt->esp) + crypt_len + 12;
}
static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
HMAC_PKEY_CTX *sctx, *dctx;
if (!pkey_hmac_init(dst))
return 0;
sctx = src->data;
dctx = dst->data;
dctx->md = sctx->md;
HMAC_CTX_init(&dctx->ctx);
HMAC_CTX_copy(&dctx->ctx, &sctx->ctx);
if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length))
return 0;
}
return 1;
}
static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
OSSL_HMAC_PKEY_CTX *sctx, *dctx;
if (!ossl_hmac_init(dst))
return 0;
sctx = EVP_PKEY_CTX_get_data(src);
dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md;
if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
return 0;
if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length))
return 0;
}
return 1;
}
/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */
int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt)
{
unsigned char hmac_buf[20];
unsigned int hmac_len = sizeof(hmac_buf);
int crypt_len = pkt->len;
HMAC_CTX hmac_ctx;
HMAC_CTX_copy(&hmac_ctx, &esp->hmac);
HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + pkt->len);
HMAC_Final(&hmac_ctx, hmac_buf, &hmac_len);
HMAC_CTX_cleanup(&hmac_ctx);
if (memcmp(hmac_buf, pkt->data + pkt->len, 12)) {
vpn_progress(vpninfo, PRG_DEBUG,
_("Received ESP packet with invalid HMAC\n"));
return -EINVAL;
}
/* Why in $DEITY's name would you ever *not* set this? Perhaps we
* should do th check anyway, but only warn instead of discarding
* the packet? */
if (vpninfo->esp_replay_protect &&
verify_packet_seqno(vpninfo, esp, ntohl(pkt->esp.seq)))
return -EINVAL;
if (!EVP_DecryptInit_ex(&esp->cipher, NULL, NULL, NULL,
pkt->esp.iv)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set up decryption context for ESP packet:\n"));
openconnect_report_ssl_errors(vpninfo);
return -EINVAL;
}
if (!EVP_DecryptUpdate(&esp->cipher, pkt->data, &crypt_len,
pkt->data, pkt->len)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to decrypt ESP packet:\n"));
openconnect_report_ssl_errors(vpninfo);
return -EINVAL;
}
return 0;
}
/**
Makes a copy of an existing HMAC-SHA256 context.
If HmacSha256Context is NULL, then return FALSE.
If NewHmacSha256Context is NULL, then return FALSE.
@param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.
@param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.
@retval TRUE HMAC-SHA256 context copy succeeded.
@retval FALSE HMAC-SHA256 context copy failed.
**/
BOOLEAN
EFIAPI
HmacSha256Duplicate (
IN CONST VOID *HmacSha256Context,
OUT VOID *NewHmacSha256Context
)
{
//
// Check input parameters.
//
if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
return FALSE;
}
if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
return FALSE;
}
return TRUE;
}
int32_t mz_crypt_hmac_copy(void *src_handle, void *target_handle)
{
mz_crypt_hmac *source = (mz_crypt_hmac *)src_handle;
mz_crypt_hmac *target = (mz_crypt_hmac *)target_handle;
int32_t result = 0;
if (source == NULL || target == NULL)
return MZ_PARAM_ERROR;
if (target->ctx == NULL)
target->ctx = HMAC_CTX_new();
result = HMAC_CTX_copy(target->ctx, source->ctx);
if (!result)
{
target->error = ERR_get_error();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
OSSL_HMAC_PKEY_CTX *sctx, *dctx;
/* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
if (!ossl_hmac_init(dst))
return 0;
sctx = EVP_PKEY_CTX_get_data(src);
dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md;
if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
goto err;
if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length))
goto err;
}
return 1;
err:
/* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
ossl_hmac_cleanup(dst);
return 0;
}
int main(int argc, char *argv[])
{
# ifndef OPENSSL_NO_MD5
int i;
char *p;
# endif
int err = 0;
HMAC_CTX *ctx = NULL, *ctx2 = NULL;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len;
# ifdef OPENSSL_NO_MD5
printf("test skipped: MD5 disabled\n");
# else
# ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
# endif
for (i = 0; i < 4; i++) {
p = pt(HMAC(EVP_md5(),
test[i].key, test[i].key_len,
test[i].data, test[i].data_len, NULL, NULL),
MD5_DIGEST_LENGTH);
if (strcmp(p, (char *)test[i].digest) != 0) {
printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[i].digest);
err++;
} else
printf("test %d ok\n", i);
}
# endif /* OPENSSL_NO_MD5 */
/* test4 */
ctx = HMAC_CTX_new();
if (ctx == NULL) {
printf("HMAC malloc failure (test 4)\n");
err++;
goto end;
}
if (HMAC_CTX_get_md(ctx) != NULL) {
printf("Message digest not NULL for HMAC (test 4)\n");
err++;
goto test5;
}
if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with empty key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
printf("test 4 ok\n");
test5:
/* Test 5 has empty key; test that single-shot accepts a NULL key. */
p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
NULL, NULL), SHA_DIGEST_LENGTH);
if (strcmp(p, (char *)test[4].digest) != 0) {
printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[4].digest);
err++;
}
HMAC_CTX_reset(ctx);
if (HMAC_CTX_get_md(ctx) != NULL) {
printf("Message digest not NULL for HMAC (test 5)\n");
err++;
goto test6;
}
if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++;
goto test6;
}
if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
err++;
goto test6;
}
if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Error updating HMAC with data (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[4].digest) != 0) {
printf("Error calculating interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[4].digest);
err++;
goto test6;
}
if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) {
printf("Should disallow changing MD without a new key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
}
if (HMAC_CTX_get_md(ctx) != EVP_sha256()) {
printf("Unexpected message digest for HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (sha256) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[5].digest) != 0) {
printf("Error calculating 2nd interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[5].digest);
err++;
goto test6;
}
if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) {
printf("Failed to reinitialise HMAC with key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) {
printf("Error updating HMAC with data (new key) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (new key) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[6].digest) != 0) {
printf("error calculating HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[6].digest);
err++;
} else {
printf("test 5 ok\n");
}
test6:
HMAC_CTX_reset(ctx);
ctx2 = HMAC_CTX_new();
if (ctx2 == NULL) {
printf("HMAC malloc failure (test 6)\n");
err++;
goto end;
}
if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n");
err++;
goto end;
}
if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) {
printf("Error updating HMAC with data (test 6)\n");
err++;
goto end;
}
if (!HMAC_CTX_copy(ctx2, ctx)) {
printf("Failed to copy HMAC_CTX (test 6)\n");
err++;
goto end;
}
if (!HMAC_Final(ctx2, buf, &len)) {
printf("Error finalising data (test 6)\n");
err++;
goto end;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[7].digest) != 0) {
printf("Error calculating HMAC on test 6\n");
printf("got %s instead of %s\n", p, test[7].digest);
err++;
} else {
printf("test 6 ok\n");
}
end:
HMAC_CTX_free(ctx2);
HMAC_CTX_free(ctx);
EXIT(err);
}
int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
const uint8_t *salt, size_t salt_len, unsigned iterations,
const EVP_MD *digest, size_t key_len, uint8_t *out_key) {
uint8_t digest_tmp[EVP_MAX_MD_SIZE], *p, itmp[4];
size_t cplen, mdlen, tkeylen, k;
unsigned j;
uint32_t i = 1;
HMAC_CTX hctx_tpl, hctx;
mdlen = EVP_MD_size(digest);
HMAC_CTX_init(&hctx_tpl);
p = out_key;
tkeylen = key_len;
if (!HMAC_Init_ex(&hctx_tpl, password, password_len, digest, NULL)) {
HMAC_CTX_cleanup(&hctx_tpl);
return 0;
}
while (tkeylen) {
if (tkeylen > mdlen) {
cplen = mdlen;
} else {
cplen = tkeylen;
}
/* We are unlikely to ever use more than 256 blocks (5120 bits!)
* but just in case... */
itmp[0] = (uint8_t)((i >> 24) & 0xff);
itmp[1] = (uint8_t)((i >> 16) & 0xff);
itmp[2] = (uint8_t)((i >> 8) & 0xff);
itmp[3] = (uint8_t)(i & 0xff);
if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
HMAC_CTX_cleanup(&hctx_tpl);
return 0;
}
if (!HMAC_Update(&hctx, salt, salt_len) ||
!HMAC_Update(&hctx, itmp, 4) ||
!HMAC_Final(&hctx, digest_tmp, NULL)) {
HMAC_CTX_cleanup(&hctx_tpl);
HMAC_CTX_cleanup(&hctx);
return 0;
}
HMAC_CTX_cleanup(&hctx);
memcpy(p, digest_tmp, cplen);
for (j = 1; j < iterations; j++) {
if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
HMAC_CTX_cleanup(&hctx_tpl);
return 0;
}
if (!HMAC_Update(&hctx, digest_tmp, mdlen) ||
!HMAC_Final(&hctx, digest_tmp, NULL)) {
HMAC_CTX_cleanup(&hctx_tpl);
HMAC_CTX_cleanup(&hctx);
return 0;
}
HMAC_CTX_cleanup(&hctx);
for (k = 0; k < cplen; k++) {
p[k] ^= digest_tmp[k];
}
}
tkeylen -= cplen;
i++;
p += cplen;
}
HMAC_CTX_cleanup(&hctx_tpl);
return 1;
}
/*
* Perform keyed hashing. With Skein, HMAC is not used, rather Skein's
* native MAC is used which is more optimal than HMAC.
*/
int
hmac_init(mac_ctx_t *mctx, int cksum, crypto_ctx_t *cctx)
{
aes_ctx_t *actx = (aes_ctx_t *)(cctx->crypto_ctx);
mctx->mac_cksum = cksum;
if (cksum == CKSUM_SKEIN256) {
Skein_512_Ctxt_t *ctx = malloc(sizeof (Skein_512_Ctxt_t));
if (!ctx) return (-1);
Skein_512_InitExt(ctx, 256, SKEIN_CFG_TREE_INFO_SEQUENTIAL,
actx->pkey, KEYLEN);
mctx->mac_ctx = ctx;
ctx = malloc(sizeof (Skein_512_Ctxt_t));
if (!ctx) {
free(mctx->mac_ctx);
return (-1);
}
memcpy(ctx, mctx->mac_ctx, sizeof (Skein_512_Ctxt_t));
mctx->mac_ctx_reinit = ctx;
} else if (cksum == CKSUM_SKEIN512) {
Skein_512_Ctxt_t *ctx = malloc(sizeof (Skein_512_Ctxt_t));
if (!ctx) return (-1);
Skein_512_InitExt(ctx, 512, SKEIN_CFG_TREE_INFO_SEQUENTIAL,
actx->pkey, KEYLEN);
mctx->mac_ctx = ctx;
ctx = malloc(sizeof (Skein_512_Ctxt_t));
if (!ctx) {
free(mctx->mac_ctx);
return (-1);
}
memcpy(ctx, mctx->mac_ctx, sizeof (Skein_512_Ctxt_t));
mctx->mac_ctx_reinit = ctx;
} else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) {
if (cksum_provider == PROVIDER_OPENSSL) {
HMAC_CTX *ctx = malloc(sizeof (HMAC_CTX));
if (!ctx) return (-1);
HMAC_CTX_init(ctx);
HMAC_Init_ex(ctx, actx->pkey, KEYLEN, EVP_sha256(), NULL);
mctx->mac_ctx = ctx;
ctx = malloc(sizeof (HMAC_CTX));
if (!ctx) {
free(mctx->mac_ctx);
return (-1);
}
if (!HMAC_CTX_copy(ctx, mctx->mac_ctx)) {
free(ctx);
free(mctx->mac_ctx);
return (-1);
}
mctx->mac_ctx_reinit = ctx;
} else {
HMAC_SHA256_Context *ctx = malloc(sizeof (HMAC_SHA256_Context));
if (!ctx) return (-1);
opt_HMAC_SHA256_Init(ctx, actx->pkey, KEYLEN);
mctx->mac_ctx = ctx;
ctx = malloc(sizeof (HMAC_SHA256_Context));
if (!ctx) {
free(mctx->mac_ctx);
return (-1);
}
memcpy(ctx, mctx->mac_ctx, sizeof (HMAC_SHA256_Context));
mctx->mac_ctx_reinit = ctx;
}
} else if (cksum == CKSUM_SHA512) {
HMAC_CTX *ctx = malloc(sizeof (HMAC_CTX));
if (!ctx) return (-1);
HMAC_CTX_init(ctx);
HMAC_Init_ex(ctx, actx->pkey, KEYLEN, EVP_sha512(), NULL);
mctx->mac_ctx = ctx;
ctx = malloc(sizeof (HMAC_CTX));
if (!ctx) {
free(mctx->mac_ctx);
return (-1);
}
if (!HMAC_CTX_copy(ctx, mctx->mac_ctx)) {
free(ctx);
free(mctx->mac_ctx);
return (-1);
}
mctx->mac_ctx_reinit = ctx;
} else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) {
hashState *ctx = malloc(sizeof (hashState));
if (!ctx) return (-1);
if (cksum == CKSUM_KECCAK256) {
if (Keccak_Init(ctx, 256) != 0)
return (-1);
} else {
if (Keccak_Init(ctx, 512) != 0)
return (-1);
}
if (Keccak_Update(ctx, actx->pkey, KEYLEN << 3) != 0)
return (-1);
mctx->mac_ctx = ctx;
ctx = malloc(sizeof (hashState));
if (!ctx) {
free(mctx->mac_ctx);
return (-1);
}
memcpy(ctx, mctx->mac_ctx, sizeof (hashState));
mctx->mac_ctx_reinit = ctx;
} else {
return (-1);
}
return (0);
}
int main(int argc, char *argv[])
{
# ifndef OPENSSL_NO_MD5
int i;
char *p;
# endif
int err = 0;
HMAC_CTX ctx, ctx2;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len;
# ifdef OPENSSL_NO_MD5
printf("test skipped: MD5 disabled\n");
# else
# ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
# endif
for (i = 0; i < 4; i++) {
p = pt(HMAC(EVP_md5(),
test[i].key, test[i].key_len,
test[i].data, test[i].data_len, NULL, NULL),
MD5_DIGEST_LENGTH);
if (strcmp(p, (const char *)test[i].digest) != 0) {
printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[i].digest);
err++;
} else
printf("test %d ok\n", i);
}
# endif /* OPENSSL_NO_MD5 */
/* test4 */
HMAC_CTX_init(&ctx);
if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with empty key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
printf("test 4 ok\n");
test5:
HMAC_CTX_cleanup(&ctx);
HMAC_CTX_init(&ctx);
if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++;
goto test6;
}
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
err++;
goto test6;
}
if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Error updating HMAC with data (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(&ctx, buf, &len)) {
printf("Error finalising data (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (const char *)test[4].digest) != 0) {
printf("Error calculating interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[4].digest);
err++;
goto test6;
}
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
printf("Should disallow changing MD without a new key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(&ctx, buf, &len)) {
printf("Error finalising data (sha256) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (const char *)test[5].digest) != 0) {
printf("Error calculating 2nd interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[5].digest);
err++;
goto test6;
}
if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
printf("Failed to reinitialise HMAC with key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
printf("Error updating HMAC with data (new key) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(&ctx, buf, &len)) {
printf("Error finalising data (new key) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (const char *)test[6].digest) != 0) {
printf("error calculating HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[6].digest);
err++;
} else {
printf("test 5 ok\n");
}
test6:
HMAC_CTX_cleanup(&ctx);
HMAC_CTX_init(&ctx);
if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n");
err++;
goto end;
}
if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
printf("Error updating HMAC with data (test 6)\n");
err++;
goto end;
}
if (!HMAC_CTX_copy(&ctx2, &ctx)) {
printf("Failed to copy HMAC_CTX (test 6)\n");
err++;
goto end;
}
if (!HMAC_Final(&ctx2, buf, &len)) {
printf("Error finalising data (test 6)\n");
err++;
goto end;
}
p = pt(buf, len);
if (strcmp(p, (const char *)test[7].digest) != 0) {
printf("Error calculating HMAC on test 6\n");
printf("got %s instead of %s\n", p, test[7].digest);
err++;
} else {
printf("test 6 ok\n");
}
end:
HMAC_CTX_cleanup(&ctx);
EXIT(err);
return (0);
}