/src/hostap/src/crypto/sha256.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * SHA-256 hash implementation and interface functions |
3 | | * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> |
4 | | * |
5 | | * This software may be distributed under the terms of the BSD license. |
6 | | * See README for more details. |
7 | | */ |
8 | | |
9 | | #include "includes.h" |
10 | | |
11 | | #include "common.h" |
12 | | #include "sha256.h" |
13 | | #include "crypto.h" |
14 | | |
15 | | |
16 | | /** |
17 | | * hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104) |
18 | | * @key: Key for HMAC operations |
19 | | * @key_len: Length of the key in bytes |
20 | | * @num_elem: Number of elements in the data vector |
21 | | * @addr: Pointers to the data areas |
22 | | * @len: Lengths of the data blocks |
23 | | * @mac: Buffer for the hash (32 bytes) |
24 | | * Returns: 0 on success, -1 on failure |
25 | | */ |
26 | | int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, |
27 | | const u8 *addr[], const size_t *len, u8 *mac) |
28 | 0 | { |
29 | 0 | unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ |
30 | 0 | unsigned char tk[32]; |
31 | 0 | const u8 *_addr[HMAC_VECTOR_MAX_ELEM + 1]; |
32 | 0 | size_t _len[HMAC_VECTOR_MAX_ELEM + 1], i; |
33 | 0 | int ret; |
34 | |
|
35 | 0 | if (num_elem > HMAC_VECTOR_MAX_ELEM) { |
36 | | /* |
37 | | * Fixed limit on the number of fragments to avoid having to |
38 | | * allocate memory (which could fail). |
39 | | */ |
40 | 0 | return -1; |
41 | 0 | } |
42 | | |
43 | | /* if key is longer than 64 bytes reset it to key = SHA256(key) */ |
44 | 0 | if (key_len > 64) { |
45 | 0 | if (sha256_vector(1, &key, &key_len, tk) < 0) |
46 | 0 | return -1; |
47 | 0 | key = tk; |
48 | 0 | key_len = 32; |
49 | 0 | } |
50 | | |
51 | | /* the HMAC_SHA256 transform looks like: |
52 | | * |
53 | | * SHA256(K XOR opad, SHA256(K XOR ipad, text)) |
54 | | * |
55 | | * where K is an n byte key |
56 | | * ipad is the byte 0x36 repeated 64 times |
57 | | * opad is the byte 0x5c repeated 64 times |
58 | | * and text is the data being protected */ |
59 | | |
60 | | /* start out by storing key in ipad */ |
61 | 0 | os_memset(k_pad, 0, sizeof(k_pad)); |
62 | 0 | os_memcpy(k_pad, key, key_len); |
63 | | /* XOR key with ipad values */ |
64 | 0 | for (i = 0; i < 64; i++) |
65 | 0 | k_pad[i] ^= 0x36; |
66 | | |
67 | | /* perform inner SHA256 */ |
68 | 0 | _addr[0] = k_pad; |
69 | 0 | _len[0] = 64; |
70 | 0 | for (i = 0; i < num_elem; i++) { |
71 | 0 | _addr[i + 1] = addr[i]; |
72 | 0 | _len[i + 1] = len[i]; |
73 | 0 | } |
74 | 0 | ret = sha256_vector(1 + num_elem, _addr, _len, mac); |
75 | 0 | if (ret < 0) |
76 | 0 | goto fail; |
77 | | |
78 | 0 | os_memset(k_pad, 0, sizeof(k_pad)); |
79 | 0 | os_memcpy(k_pad, key, key_len); |
80 | | /* XOR key with opad values */ |
81 | 0 | for (i = 0; i < 64; i++) |
82 | 0 | k_pad[i] ^= 0x5c; |
83 | | |
84 | | /* perform outer SHA256 */ |
85 | 0 | _addr[0] = k_pad; |
86 | 0 | _len[0] = 64; |
87 | 0 | _addr[1] = mac; |
88 | 0 | _len[1] = SHA256_MAC_LEN; |
89 | |
|
90 | 0 | ret = sha256_vector(2, _addr, _len, mac); |
91 | |
|
92 | 0 | fail: |
93 | 0 | forced_memzero(k_pad, sizeof(k_pad)); |
94 | 0 | forced_memzero(tk, sizeof(tk)); |
95 | |
|
96 | 0 | return ret; |
97 | 0 | } |
98 | | |
99 | | |
100 | | /** |
101 | | * hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104) |
102 | | * @key: Key for HMAC operations |
103 | | * @key_len: Length of the key in bytes |
104 | | * @data: Pointers to the data area |
105 | | * @data_len: Length of the data area |
106 | | * @mac: Buffer for the hash (32 bytes) |
107 | | * Returns: 0 on success, -1 on failure |
108 | | */ |
109 | | int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, |
110 | | size_t data_len, u8 *mac) |
111 | 0 | { |
112 | 0 | return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); |
113 | 0 | } |