static void
_sol_message_digest_hmac_reset(struct sol_message_digest *handle)
{
HMAC_CTX *ctx = sol_message_digest_common_get_context(handle);
HMAC_CTX_reset(ctx);
}
/**
Completes computation of the HMAC-SHA256 digest value.
This function completes HMAC-SHA256 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the HMAC-SHA256 context cannot
be used again.
HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
If HmacSha256Context is NULL, then return FALSE.
If HmacValue is NULL, then return FALSE.
@param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.
@param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest
value (32 bytes).
@retval TRUE HMAC-SHA256 digest computation succeeded.
@retval FALSE HMAC-SHA256 digest computation failed.
**/
BOOLEAN
EFIAPI
HmacSha256Final (
IN OUT VOID *HmacSha256Context,
OUT UINT8 *HmacValue
)
{
UINT32 Length;
//
// Check input parameters.
//
if (HmacSha256Context == NULL || HmacValue == NULL) {
return FALSE;
}
//
// OpenSSL HMAC-SHA256 digest finalization
//
if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
return FALSE;
}
if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
return FALSE;
}
return TRUE;
}
/**
Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
subsequent use.
If HmacSha256Context is NULL, then return FALSE.
@param[out] HmacSha256Context Pointer to HMAC-SHA256 context being initialized.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
@retval TRUE HMAC-SHA256 context initialization succeeded.
@retval FALSE HMAC-SHA256 context initialization failed.
**/
BOOLEAN
EFIAPI
HmacSha256Init (
OUT VOID *HmacSha256Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
//
// Check input parameters.
//
if (HmacSha256Context == NULL || KeySize > INT_MAX) {
return FALSE;
}
//
// OpenSSL HMAC-SHA256 Context Initialization
//
memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);
if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
return FALSE;
}
if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
return FALSE;
}
return TRUE;
}
HMAC_CTX *HMAC_CTX_new(void)
{
HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_zalloc(sizeof(HMAC_CTX));
if (ctx)
if (!HMAC_CTX_reset(ctx)) {
HMAC_CTX_free(ctx);
ctx = NULL;
}
return ctx;
}
void tsig_hmac_reset(tsig_hmac_t t)
{
HMAC_CTX *hmac = (HMAC_CTX*)t;
#if SSL_API_LT_110
HMAC_CTX_cleanup(hmac);
HMAC_CTX_init(hmac);
#else
HMAC_CTX_reset(hmac);
#endif
}
void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) {
HMAC_Final(ctx,hashmacbuf,len);
#ifndef OLD_CRYPTO
HMAC_CTX_reset(ctx);
#else
HMAC_cleanup(ctx);
#endif
SAFE_FREE(ctx);
}
void
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
const EVP_MD *kt)
{
ASSERT(NULL != kt && NULL != ctx);
HMAC_CTX_reset(ctx);
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
/* make sure we used a big enough key */
ASSERT(HMAC_size(ctx) <= key_len);
}
HMAC_CTX *HMAC_CTX_new(void)
{
HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
if (ctx != NULL) {
if (!HMAC_CTX_reset(ctx)) {
HMAC_CTX_free(ctx);
return NULL;
}
}
return ctx;
}
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
{
if (!HMAC_CTX_reset(dctx))
goto err;
if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
goto err;
if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
goto err;
if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
goto err;
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
dctx->key_length = sctx->key_length;
dctx->md = sctx->md;
return 1;
err:
hmac_ctx_cleanup(dctx);
return 0;
}
/* a counter-based KDF based on NIST SP800-108 */
static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label,
int label_len, uint8_t *retult, int retult_bit_len)
{
HMAC_CTX *hmac_ctx;
uint8_t digest[SHA256_DIGEST_LENGTH];
uint16_t i, ctr, L;
int retult_byte_len, len = 0;
unsigned int mdlen = SHA256_DIGEST_LENGTH;
uint8_t mask = 0xff;
MEM(hmac_ctx = HMAC_CTX_new());
retult_byte_len = (retult_bit_len + 7) / 8;
ctr = 0;
L = htons(retult_bit_len);
while (len < retult_byte_len) {
ctr++; i = htons(ctr);
HMAC_Init_ex(hmac_ctx, key, keylen, EVP_sha256(), NULL);
if (ctr > 1) HMAC_Update(hmac_ctx, digest, mdlen);
HMAC_Update(hmac_ctx, (uint8_t *) &i, sizeof(uint16_t));
HMAC_Update(hmac_ctx, (uint8_t const *)label, label_len);
HMAC_Update(hmac_ctx, (uint8_t *) &L, sizeof(uint16_t));
HMAC_Final(hmac_ctx, digest, &mdlen);
if ((len + (int) mdlen) > retult_byte_len) {
memcpy(retult + len, digest, retult_byte_len - len);
} else {
memcpy(retult + len, digest, mdlen);
}
len += mdlen;
HMAC_CTX_reset(hmac_ctx);
}
/* since we're expanding to a bit length, mask off the excess */
if (retult_bit_len % 8) {
mask <<= (8 - (retult_bit_len % 8));
retult[retult_byte_len - 1] &= mask;
}
HMAC_CTX_free(hmac_ctx);
}
/** Calculate HMAC using OpenSSL's MD5 implementation
*
* @param digest Caller digest to be filled in.
* @param in Pointer to data stream.
* @param inlen length of data stream.
* @param key Pointer to authentication key.
* @param key_len Length of authentication key.
*
*/
void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen,
uint8_t const *key, size_t key_len)
{
HMAC_CTX *ctx;
if (unlikely(!md5_hmac_ctx)) {
ctx = HMAC_CTX_new();
if (unlikely(!ctx)) return;
fr_thread_local_set_destructor(md5_hmac_ctx, _hmac_md5_ctx_free_on_exit, ctx);
} else {
ctx = md5_hmac_ctx;
}
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Since MD5 is not allowed by FIPS, explicitly allow it. */
HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */
HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
HMAC_Update(ctx, in, inlen);
HMAC_Final(ctx, digest, NULL);
HMAC_CTX_reset(ctx);
}
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
HMACCTX ctx = NULL;
ctx = HMAC_CTX_new();
if (ctx == NULL) {
return NULL;
}
#ifndef OLD_CRYPTO
HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.
#endif
switch(type) {
case SSH_HMAC_SHA1:
HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
break;
case SSH_HMAC_SHA256:
HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
break;
case SSH_HMAC_SHA384:
HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
break;
case SSH_HMAC_SHA512:
HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
break;
case SSH_HMAC_MD5:
HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
break;
default:
HMAC_CTX_free(ctx);
SAFE_FREE(ctx);
ctx = NULL;
}
return ctx;
}
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
{
if (key && md)
HMAC_CTX_reset(ctx);
return HMAC_Init_ex(ctx, key, len, md, NULL);
}
int main(int argc, char *argv[])
{
# ifndef OPENSSL_NO_MD5
int i;
char *p;
# endif
int err = 0;
HMAC_CTX *ctx = NULL, *ctx2 = NULL;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len;
# ifdef OPENSSL_NO_MD5
printf("test skipped: MD5 disabled\n");
# else
# ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
# endif
for (i = 0; i < 4; i++) {
p = pt(HMAC(EVP_md5(),
test[i].key, test[i].key_len,
test[i].data, test[i].data_len, NULL, NULL),
MD5_DIGEST_LENGTH);
if (strcmp(p, (char *)test[i].digest) != 0) {
printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[i].digest);
err++;
} else
printf("test %d ok\n", i);
}
# endif /* OPENSSL_NO_MD5 */
/* test4 */
ctx = HMAC_CTX_new();
if (ctx == NULL) {
printf("HMAC malloc failure (test 4)\n");
err++;
goto end;
}
if (HMAC_CTX_get_md(ctx) != NULL) {
printf("Message digest not NULL for HMAC (test 4)\n");
err++;
goto test5;
}
if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with empty key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
printf("test 4 ok\n");
test5:
/* Test 5 has empty key; test that single-shot accepts a NULL key. */
p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
NULL, NULL), SHA_DIGEST_LENGTH);
if (strcmp(p, (char *)test[4].digest) != 0) {
printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[4].digest);
err++;
}
HMAC_CTX_reset(ctx);
if (HMAC_CTX_get_md(ctx) != NULL) {
printf("Message digest not NULL for HMAC (test 5)\n");
err++;
goto test6;
}
if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++;
goto test6;
}
if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
err++;
goto test6;
}
if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Error updating HMAC with data (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[4].digest) != 0) {
printf("Error calculating interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[4].digest);
err++;
goto test6;
}
if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) {
printf("Should disallow changing MD without a new key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
}
if (HMAC_CTX_get_md(ctx) != EVP_sha256()) {
printf("Unexpected message digest for HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (sha256) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[5].digest) != 0) {
printf("Error calculating 2nd interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[5].digest);
err++;
goto test6;
}
if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) {
printf("Failed to reinitialise HMAC with key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) {
printf("Error updating HMAC with data (new key) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (new key) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[6].digest) != 0) {
printf("error calculating HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[6].digest);
err++;
} else {
printf("test 5 ok\n");
}
test6:
HMAC_CTX_reset(ctx);
ctx2 = HMAC_CTX_new();
if (ctx2 == NULL) {
printf("HMAC malloc failure (test 6)\n");
err++;
goto end;
}
if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n");
err++;
goto end;
}
if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) {
printf("Error updating HMAC with data (test 6)\n");
err++;
goto end;
}
if (!HMAC_CTX_copy(ctx2, ctx)) {
printf("Failed to copy HMAC_CTX (test 6)\n");
err++;
goto end;
}
if (!HMAC_Final(ctx2, buf, &len)) {
printf("Error finalising data (test 6)\n");
err++;
goto end;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[7].digest) != 0) {
printf("Error calculating HMAC on test 6\n");
printf("got %s instead of %s\n", p, test[7].digest);
err++;
} else {
printf("test 6 ok\n");
}
end:
HMAC_CTX_free(ctx2);
HMAC_CTX_free(ctx);
EXIT(err);
}
void
hmac_ctx_cleanup(HMAC_CTX *ctx)
{
HMAC_CTX_reset(ctx);
}
/* The random function H(x) = HMAC-SHA256(0^32, x) */
static void pwd_hmac_final(HMAC_CTX *hmac_ctx, uint8_t *digest)
{
unsigned int mdlen = SHA256_DIGEST_LENGTH;
HMAC_Final(hmac_ctx, digest, &mdlen);
HMAC_CTX_reset(hmac_ctx);
}
