OpenSSL: Implement SHA256 HMAC functions using HMAC API

Use the OpenSSL HMAC implementation instead of the internal sha256.c
implementation of HMAC with SHA256.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-16 22:34:35 +03:00
parent ab637dcb37
commit 26a379224c
7 changed files with 70 additions and 15 deletions

View file

@ -720,7 +720,9 @@ endif
endif endif
ifdef NEED_SHA256 ifdef NEED_SHA256
ifneq ($(CONFIG_TLS), openssl)
OBJS += src/crypto/sha256.c OBJS += src/crypto/sha256.c
endif
OBJS += src/crypto/sha256-prf.c OBJS += src/crypto/sha256-prf.c
ifdef CONFIG_INTERNAL_SHA256 ifdef CONFIG_INTERNAL_SHA256
OBJS += src/crypto/sha256-internal.c OBJS += src/crypto/sha256-internal.c

View file

@ -712,7 +712,9 @@ endif
ifdef NEED_SHA256 ifdef NEED_SHA256
CFLAGS += -DCONFIG_SHA256 CFLAGS += -DCONFIG_SHA256
ifneq ($(CONFIG_TLS), openssl)
OBJS += ../src/crypto/sha256.o OBJS += ../src/crypto/sha256.o
endif
OBJS += ../src/crypto/sha256-prf.o OBJS += ../src/crypto/sha256-prf.o
ifdef CONFIG_INTERNAL_SHA256 ifdef CONFIG_INTERNAL_SHA256
OBJS += ../src/crypto/sha256-internal.o OBJS += ../src/crypto/sha256-internal.o

View file

@ -744,6 +744,49 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
} }
#ifdef CONFIG_SHA256
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
HMAC_CTX ctx;
size_t i;
unsigned int mdlen;
int res;
HMAC_CTX_init(&ctx);
#if OPENSSL_VERSION_NUMBER < 0x00909000
HMAC_Init_ex(&ctx, key, key_len, EVP_sha256(), NULL);
#else /* openssl < 0.9.9 */
if (HMAC_Init_ex(&ctx, key, key_len, EVP_sha256(), NULL) != 1)
return -1;
#endif /* openssl < 0.9.9 */
for (i = 0; i < num_elem; i++)
HMAC_Update(&ctx, addr[i], len[i]);
mdlen = 32;
#if OPENSSL_VERSION_NUMBER < 0x00909000
HMAC_Final(&ctx, mac, &mdlen);
res = 1;
#else /* openssl < 0.9.9 */
res = HMAC_Final(&ctx, mac, &mdlen);
#endif /* openssl < 0.9.9 */
HMAC_CTX_cleanup(&ctx);
return res == 1 ? 0 : -1;
}
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
size_t data_len, u8 *mac)
{
return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
}
#endif /* CONFIG_SHA256 */
int crypto_get_random(void *buf, size_t len) int crypto_get_random(void *buf, size_t len)
{ {
if (RAND_bytes(buf, len) != 1) if (RAND_bytes(buf, len) != 1)

View file

@ -1,6 +1,6 @@
/* /*
* SHA-256 hash implementation and interface functions * SHA-256 hash implementation and interface functions
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -21,9 +21,10 @@
* @addr: Pointers to the data areas * @addr: Pointers to the data areas
* @len: Lengths of the data blocks * @len: Lengths of the data blocks
* @mac: Buffer for the hash (32 bytes) * @mac: Buffer for the hash (32 bytes)
* Returns: 0 on success, -1 on failure
*/ */
void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac) const u8 *addr[], const size_t *len, u8 *mac)
{ {
unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
unsigned char tk[32]; unsigned char tk[32];
@ -35,12 +36,13 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
* Fixed limit on the number of fragments to avoid having to * Fixed limit on the number of fragments to avoid having to
* allocate memory (which could fail). * allocate memory (which could fail).
*/ */
return; return -1;
} }
/* if key is longer than 64 bytes reset it to key = SHA256(key) */ /* if key is longer than 64 bytes reset it to key = SHA256(key) */
if (key_len > 64) { if (key_len > 64) {
sha256_vector(1, &key, &key_len, tk); if (sha256_vector(1, &key, &key_len, tk) < 0)
return -1;
key = tk; key = tk;
key_len = 32; key_len = 32;
} }
@ -68,7 +70,8 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
_addr[i + 1] = addr[i]; _addr[i + 1] = addr[i];
_len[i + 1] = len[i]; _len[i + 1] = len[i];
} }
sha256_vector(1 + num_elem, _addr, _len, mac); if (sha256_vector(1 + num_elem, _addr, _len, mac) < 0)
return -1;
os_memset(k_pad, 0, sizeof(k_pad)); os_memset(k_pad, 0, sizeof(k_pad));
os_memcpy(k_pad, key, key_len); os_memcpy(k_pad, key, key_len);
@ -81,7 +84,7 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
_len[0] = 64; _len[0] = 64;
_addr[1] = mac; _addr[1] = mac;
_len[1] = SHA256_MAC_LEN; _len[1] = SHA256_MAC_LEN;
sha256_vector(2, _addr, _len, mac); return sha256_vector(2, _addr, _len, mac);
} }
@ -91,10 +94,11 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
* @key_len: Length of the key in bytes * @key_len: Length of the key in bytes
* @data: Pointers to the data area * @data: Pointers to the data area
* @data_len: Length of the data area * @data_len: Length of the data area
* @mac: Buffer for the hash (20 bytes) * @mac: Buffer for the hash (32 bytes)
* Returns: 0 on success, -1 on failure
*/ */
void hmac_sha256(const u8 *key, size_t key_len, const u8 *data, int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
size_t data_len, u8 *mac) size_t data_len, u8 *mac)
{ {
hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
} }

View file

@ -11,10 +11,10 @@
#define SHA256_MAC_LEN 32 #define SHA256_MAC_LEN 32
void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac); const u8 *addr[], const size_t *len, u8 *mac);
void hmac_sha256(const u8 *key, size_t key_len, const u8 *data, int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
size_t data_len, u8 *mac); size_t data_len, u8 *mac);
void sha256_prf(const u8 *key, size_t key_len, const char *label, void sha256_prf(const u8 *key, size_t key_len, const char *label,
const u8 *data, size_t data_len, u8 *buf, size_t buf_len); const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
void tls_prf_sha256(const u8 *secret, size_t secret_len, void tls_prf_sha256(const u8 *secret, size_t secret_len,

View file

@ -1122,7 +1122,9 @@ endif
SHA256OBJS = # none by default SHA256OBJS = # none by default
ifdef NEED_SHA256 ifdef NEED_SHA256
L_CFLAGS += -DCONFIG_SHA256 L_CFLAGS += -DCONFIG_SHA256
ifneq ($(CONFIG_TLS), openssl)
SHA256OBJS += src/crypto/sha256.c SHA256OBJS += src/crypto/sha256.c
endif
SHA256OBJS += src/crypto/sha256-prf.c SHA256OBJS += src/crypto/sha256-prf.c
ifdef CONFIG_INTERNAL_SHA256 ifdef CONFIG_INTERNAL_SHA256
SHA256OBJS += src/crypto/sha256-internal.c SHA256OBJS += src/crypto/sha256-internal.c

View file

@ -1153,7 +1153,9 @@ endif
SHA256OBJS = # none by default SHA256OBJS = # none by default
ifdef NEED_SHA256 ifdef NEED_SHA256
CFLAGS += -DCONFIG_SHA256 CFLAGS += -DCONFIG_SHA256
ifneq ($(CONFIG_TLS), openssl)
SHA256OBJS += ../src/crypto/sha256.o SHA256OBJS += ../src/crypto/sha256.o
endif
SHA256OBJS += ../src/crypto/sha256-prf.o SHA256OBJS += ../src/crypto/sha256-prf.o
ifdef CONFIG_INTERNAL_SHA256 ifdef CONFIG_INTERNAL_SHA256
SHA256OBJS += ../src/crypto/sha256-internal.o SHA256OBJS += ../src/crypto/sha256-internal.o