OpenSSL: Implement SHA256 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha256.c implementation of HMAC with SHA256. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ab637dcb37
commit
26a379224c
7 changed files with 70 additions and 15 deletions
|
@ -720,7 +720,9 @@ endif
|
|||
endif
|
||||
|
||||
ifdef NEED_SHA256
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
OBJS += src/crypto/sha256.c
|
||||
endif
|
||||
OBJS += src/crypto/sha256-prf.c
|
||||
ifdef CONFIG_INTERNAL_SHA256
|
||||
OBJS += src/crypto/sha256-internal.c
|
||||
|
|
|
@ -712,7 +712,9 @@ endif
|
|||
|
||||
ifdef NEED_SHA256
|
||||
CFLAGS += -DCONFIG_SHA256
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
OBJS += ../src/crypto/sha256.o
|
||||
endif
|
||||
OBJS += ../src/crypto/sha256-prf.o
|
||||
ifdef CONFIG_INTERNAL_SHA256
|
||||
OBJS += ../src/crypto/sha256-internal.o
|
||||
|
|
|
@ -744,6 +744,49 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
|
|||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_SHA256
|
||||
|
||||
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||
const u8 *addr[], const size_t *len, u8 *mac)
|
||||
{
|
||||
HMAC_CTX ctx;
|
||||
size_t i;
|
||||
unsigned int mdlen;
|
||||
int res;
|
||||
|
||||
HMAC_CTX_init(&ctx);
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00909000
|
||||
HMAC_Init_ex(&ctx, key, key_len, EVP_sha256(), NULL);
|
||||
#else /* openssl < 0.9.9 */
|
||||
if (HMAC_Init_ex(&ctx, key, key_len, EVP_sha256(), NULL) != 1)
|
||||
return -1;
|
||||
#endif /* openssl < 0.9.9 */
|
||||
|
||||
for (i = 0; i < num_elem; i++)
|
||||
HMAC_Update(&ctx, addr[i], len[i]);
|
||||
|
||||
mdlen = 32;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00909000
|
||||
HMAC_Final(&ctx, mac, &mdlen);
|
||||
res = 1;
|
||||
#else /* openssl < 0.9.9 */
|
||||
res = HMAC_Final(&ctx, mac, &mdlen);
|
||||
#endif /* openssl < 0.9.9 */
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
|
||||
return res == 1 ? 0 : -1;
|
||||
}
|
||||
|
||||
|
||||
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||
size_t data_len, u8 *mac)
|
||||
{
|
||||
return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_SHA256 */
|
||||
|
||||
|
||||
int crypto_get_random(void *buf, size_t len)
|
||||
{
|
||||
if (RAND_bytes(buf, len) != 1)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* SHA-256 hash implementation and interface functions
|
||||
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -21,8 +21,9 @@
|
|||
* @addr: Pointers to the data areas
|
||||
* @len: Lengths of the data blocks
|
||||
* @mac: Buffer for the hash (32 bytes)
|
||||
* Returns: 0 on success, -1 on failure
|
||||
*/
|
||||
void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||
const u8 *addr[], const size_t *len, u8 *mac)
|
||||
{
|
||||
unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
|
||||
|
@ -35,12 +36,13 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
* Fixed limit on the number of fragments to avoid having to
|
||||
* allocate memory (which could fail).
|
||||
*/
|
||||
return;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* if key is longer than 64 bytes reset it to key = SHA256(key) */
|
||||
if (key_len > 64) {
|
||||
sha256_vector(1, &key, &key_len, tk);
|
||||
if (sha256_vector(1, &key, &key_len, tk) < 0)
|
||||
return -1;
|
||||
key = tk;
|
||||
key_len = 32;
|
||||
}
|
||||
|
@ -68,7 +70,8 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
_addr[i + 1] = addr[i];
|
||||
_len[i + 1] = len[i];
|
||||
}
|
||||
sha256_vector(1 + num_elem, _addr, _len, mac);
|
||||
if (sha256_vector(1 + num_elem, _addr, _len, mac) < 0)
|
||||
return -1;
|
||||
|
||||
os_memset(k_pad, 0, sizeof(k_pad));
|
||||
os_memcpy(k_pad, key, key_len);
|
||||
|
@ -81,7 +84,7 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
_len[0] = 64;
|
||||
_addr[1] = mac;
|
||||
_len[1] = SHA256_MAC_LEN;
|
||||
sha256_vector(2, _addr, _len, mac);
|
||||
return sha256_vector(2, _addr, _len, mac);
|
||||
}
|
||||
|
||||
|
||||
|
@ -91,10 +94,11 @@ void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
* @key_len: Length of the key in bytes
|
||||
* @data: Pointers to the data area
|
||||
* @data_len: Length of the data area
|
||||
* @mac: Buffer for the hash (20 bytes)
|
||||
* @mac: Buffer for the hash (32 bytes)
|
||||
* Returns: 0 on success, -1 on failure
|
||||
*/
|
||||
void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||
size_t data_len, u8 *mac)
|
||||
{
|
||||
hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
||||
return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
||||
}
|
||||
|
|
|
@ -11,9 +11,9 @@
|
|||
|
||||
#define SHA256_MAC_LEN 32
|
||||
|
||||
void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||
const u8 *addr[], const size_t *len, u8 *mac);
|
||||
void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||
size_t data_len, u8 *mac);
|
||||
void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
||||
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
|
||||
|
|
|
@ -1122,7 +1122,9 @@ endif
|
|||
SHA256OBJS = # none by default
|
||||
ifdef NEED_SHA256
|
||||
L_CFLAGS += -DCONFIG_SHA256
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
SHA256OBJS += src/crypto/sha256.c
|
||||
endif
|
||||
SHA256OBJS += src/crypto/sha256-prf.c
|
||||
ifdef CONFIG_INTERNAL_SHA256
|
||||
SHA256OBJS += src/crypto/sha256-internal.c
|
||||
|
|
|
@ -1153,7 +1153,9 @@ endif
|
|||
SHA256OBJS = # none by default
|
||||
ifdef NEED_SHA256
|
||||
CFLAGS += -DCONFIG_SHA256
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
SHA256OBJS += ../src/crypto/sha256.o
|
||||
endif
|
||||
SHA256OBJS += ../src/crypto/sha256-prf.o
|
||||
ifdef CONFIG_INTERNAL_SHA256
|
||||
SHA256OBJS += ../src/crypto/sha256-internal.o
|
||||
|
|
Loading…
Reference in a new issue