OpenSSL: Implement SHA256 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha256.c implementation of HMAC with SHA256. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ab637dcb37
commit
26a379224c
7 changed files with 70 additions and 15 deletions
|
@ -720,7 +720,9 @@ endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef NEED_SHA256
|
ifdef NEED_SHA256
|
||||||
|
ifneq ($(CONFIG_TLS), openssl)
|
||||||
OBJS += src/crypto/sha256.c
|
OBJS += src/crypto/sha256.c
|
||||||
|
endif
|
||||||
OBJS += src/crypto/sha256-prf.c
|
OBJS += src/crypto/sha256-prf.c
|
||||||
ifdef CONFIG_INTERNAL_SHA256
|
ifdef CONFIG_INTERNAL_SHA256
|
||||||
OBJS += src/crypto/sha256-internal.c
|
OBJS += src/crypto/sha256-internal.c
|
||||||
|
|
|
@ -712,7 +712,9 @@ endif
|
||||||
|
|
||||||
ifdef NEED_SHA256
|
ifdef NEED_SHA256
|
||||||
CFLAGS += -DCONFIG_SHA256
|
CFLAGS += -DCONFIG_SHA256
|
||||||
|
ifneq ($(CONFIG_TLS), openssl)
|
||||||
OBJS += ../src/crypto/sha256.o
|
OBJS += ../src/crypto/sha256.o
|
||||||
|
endif
|
||||||
OBJS += ../src/crypto/sha256-prf.o
|
OBJS += ../src/crypto/sha256-prf.o
|
||||||
ifdef CONFIG_INTERNAL_SHA256
|
ifdef CONFIG_INTERNAL_SHA256
|
||||||
OBJS += ../src/crypto/sha256-internal.o
|
OBJS += ../src/crypto/sha256-internal.o
|
||||||
|
|
|
@ -744,6 +744,49 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CONFIG_SHA256
|
||||||
|
|
||||||
|
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
|
const u8 *addr[], const size_t *len, u8 *mac)
|
||||||
|
{
|
||||||
|
HMAC_CTX ctx;
|
||||||
|
size_t i;
|
||||||
|
unsigned int mdlen;
|
||||||
|
int res;
|
||||||
|
|
||||||
|
HMAC_CTX_init(&ctx);
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x00909000
|
||||||
|
HMAC_Init_ex(&ctx, key, key_len, EVP_sha256(), NULL);
|
||||||
|
#else /* openssl < 0.9.9 */
|
||||||
|
if (HMAC_Init_ex(&ctx, key, key_len, EVP_sha256(), NULL) != 1)
|
||||||
|
return -1;
|
||||||
|
#endif /* openssl < 0.9.9 */
|
||||||
|
|
||||||
|
for (i = 0; i < num_elem; i++)
|
||||||
|
HMAC_Update(&ctx, addr[i], len[i]);
|
||||||
|
|
||||||
|
mdlen = 32;
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x00909000
|
||||||
|
HMAC_Final(&ctx, mac, &mdlen);
|
||||||
|
res = 1;
|
||||||
|
#else /* openssl < 0.9.9 */
|
||||||
|
res = HMAC_Final(&ctx, mac, &mdlen);
|
||||||
|
#endif /* openssl < 0.9.9 */
|
||||||
|
HMAC_CTX_cleanup(&ctx);
|
||||||
|
|
||||||
|
return res == 1 ? 0 : -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||||
|
size_t data_len, u8 *mac)
|
||||||
|
{
|
||||||
|
return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* CONFIG_SHA256 */
|
||||||
|
|
||||||
|
|
||||||
int crypto_get_random(void *buf, size_t len)
|
int crypto_get_random(void *buf, size_t len)
|
||||||
{
|
{
|
||||||
if (RAND_bytes(buf, len) != 1)
|
if (RAND_bytes(buf, len) != 1)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* SHA-256 hash implementation and interface functions
|
* SHA-256 hash implementation and interface functions
|
||||||
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -21,9 +21,10 @@
|
||||||
* @addr: Pointers to the data areas
|
* @addr: Pointers to the data areas
|
||||||
* @len: Lengths of the data blocks
|
* @len: Lengths of the data blocks
|
||||||
* @mac: Buffer for the hash (32 bytes)
|
* @mac: Buffer for the hash (32 bytes)
|
||||||
|
* Returns: 0 on success, -1 on failure
|
||||||
*/
|
*/
|
||||||
void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
const u8 *addr[], const size_t *len, u8 *mac)
|
const u8 *addr[], const size_t *len, u8 *mac)
|
||||||
{
|
{
|
||||||
unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
|
unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
|
||||||
unsigned char tk[32];
|
unsigned char tk[32];
|
||||||
|
@ -35,12 +36,13 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
* Fixed limit on the number of fragments to avoid having to
|
* Fixed limit on the number of fragments to avoid having to
|
||||||
* allocate memory (which could fail).
|
* allocate memory (which could fail).
|
||||||
*/
|
*/
|
||||||
return;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if key is longer than 64 bytes reset it to key = SHA256(key) */
|
/* if key is longer than 64 bytes reset it to key = SHA256(key) */
|
||||||
if (key_len > 64) {
|
if (key_len > 64) {
|
||||||
sha256_vector(1, &key, &key_len, tk);
|
if (sha256_vector(1, &key, &key_len, tk) < 0)
|
||||||
|
return -1;
|
||||||
key = tk;
|
key = tk;
|
||||||
key_len = 32;
|
key_len = 32;
|
||||||
}
|
}
|
||||||
|
@ -68,7 +70,8 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
_addr[i + 1] = addr[i];
|
_addr[i + 1] = addr[i];
|
||||||
_len[i + 1] = len[i];
|
_len[i + 1] = len[i];
|
||||||
}
|
}
|
||||||
sha256_vector(1 + num_elem, _addr, _len, mac);
|
if (sha256_vector(1 + num_elem, _addr, _len, mac) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
os_memset(k_pad, 0, sizeof(k_pad));
|
os_memset(k_pad, 0, sizeof(k_pad));
|
||||||
os_memcpy(k_pad, key, key_len);
|
os_memcpy(k_pad, key, key_len);
|
||||||
|
@ -81,7 +84,7 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
_len[0] = 64;
|
_len[0] = 64;
|
||||||
_addr[1] = mac;
|
_addr[1] = mac;
|
||||||
_len[1] = SHA256_MAC_LEN;
|
_len[1] = SHA256_MAC_LEN;
|
||||||
sha256_vector(2, _addr, _len, mac);
|
return sha256_vector(2, _addr, _len, mac);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -91,10 +94,11 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
* @key_len: Length of the key in bytes
|
* @key_len: Length of the key in bytes
|
||||||
* @data: Pointers to the data area
|
* @data: Pointers to the data area
|
||||||
* @data_len: Length of the data area
|
* @data_len: Length of the data area
|
||||||
* @mac: Buffer for the hash (20 bytes)
|
* @mac: Buffer for the hash (32 bytes)
|
||||||
|
* Returns: 0 on success, -1 on failure
|
||||||
*/
|
*/
|
||||||
void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||||
size_t data_len, u8 *mac)
|
size_t data_len, u8 *mac)
|
||||||
{
|
{
|
||||||
hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,10 +11,10 @@
|
||||||
|
|
||||||
#define SHA256_MAC_LEN 32
|
#define SHA256_MAC_LEN 32
|
||||||
|
|
||||||
void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||||
const u8 *addr[], const size_t *len, u8 *mac);
|
const u8 *addr[], const size_t *len, u8 *mac);
|
||||||
void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||||
size_t data_len, u8 *mac);
|
size_t data_len, u8 *mac);
|
||||||
void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
||||||
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
|
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
|
||||||
void tls_prf_sha256(const u8 *secret, size_t secret_len,
|
void tls_prf_sha256(const u8 *secret, size_t secret_len,
|
||||||
|
|
|
@ -1122,7 +1122,9 @@ endif
|
||||||
SHA256OBJS = # none by default
|
SHA256OBJS = # none by default
|
||||||
ifdef NEED_SHA256
|
ifdef NEED_SHA256
|
||||||
L_CFLAGS += -DCONFIG_SHA256
|
L_CFLAGS += -DCONFIG_SHA256
|
||||||
|
ifneq ($(CONFIG_TLS), openssl)
|
||||||
SHA256OBJS += src/crypto/sha256.c
|
SHA256OBJS += src/crypto/sha256.c
|
||||||
|
endif
|
||||||
SHA256OBJS += src/crypto/sha256-prf.c
|
SHA256OBJS += src/crypto/sha256-prf.c
|
||||||
ifdef CONFIG_INTERNAL_SHA256
|
ifdef CONFIG_INTERNAL_SHA256
|
||||||
SHA256OBJS += src/crypto/sha256-internal.c
|
SHA256OBJS += src/crypto/sha256-internal.c
|
||||||
|
|
|
@ -1153,7 +1153,9 @@ endif
|
||||||
SHA256OBJS = # none by default
|
SHA256OBJS = # none by default
|
||||||
ifdef NEED_SHA256
|
ifdef NEED_SHA256
|
||||||
CFLAGS += -DCONFIG_SHA256
|
CFLAGS += -DCONFIG_SHA256
|
||||||
|
ifneq ($(CONFIG_TLS), openssl)
|
||||||
SHA256OBJS += ../src/crypto/sha256.o
|
SHA256OBJS += ../src/crypto/sha256.o
|
||||||
|
endif
|
||||||
SHA256OBJS += ../src/crypto/sha256-prf.o
|
SHA256OBJS += ../src/crypto/sha256-prf.o
|
||||||
ifdef CONFIG_INTERNAL_SHA256
|
ifdef CONFIG_INTERNAL_SHA256
|
||||||
SHA256OBJS += ../src/crypto/sha256-internal.o
|
SHA256OBJS += ../src/crypto/sha256-internal.o
|
||||||
|
|
Loading…
Reference in a new issue