#define IPAD 0x3636363636363636ULL
#define OPAD 0x5C5C5C5C5C5C5C5CULL
-#define BLOCK_U64S (64 / sizeof(uint64_t))
+#define BLOCK_U64S (HMAC_SHA256_BLOCKSIZE / sizeof(uint64_t))
static inline void xor_block(uint64_t block[BLOCK_U64S], uint64_t pad)
{
block[i] ^= pad;
}
-#if 1
-void hmac_sha256(struct hmac_sha256 *hmac,
- const void *k, size_t ksize,
- const void *d, size_t dsize)
+void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
+ const void *k, size_t ksize)
{
- struct sha256_ctx shactx;
- uint64_t block[BLOCK_U64S];
- struct sha256 hash, hashed_key;
+ struct sha256 hashed_key;
+ /* We use k_opad as k_ipad temporarily. */
+ uint64_t *k_ipad = ctx->k_opad;
/* (keys longer than B bytes are first hashed using H) */
- if (ksize > sizeof(block)) {
+ if (ksize > HMAC_SHA256_BLOCKSIZE) {
sha256(&hashed_key, k, ksize);
k = &hashed_key;
ksize = sizeof(hashed_key);
* (e.g., if K is of length 20 bytes and B=64, then K will be
* appended with 44 zero bytes 0x00)
*/
- memcpy(block, k, ksize);
- memset((char *)block + ksize, 0, sizeof(block) - ksize);
+ memcpy(k_ipad, k, ksize);
+ memset((char *)k_ipad + ksize, 0, HMAC_SHA256_BLOCKSIZE - ksize);
/*
* (2) XOR (bitwise exclusive-OR) the B byte string computed
* in step (1) with ipad
*/
- xor_block(block, IPAD);
+ xor_block(k_ipad, IPAD);
/*
+ * We start (4) here, appending text later:
+ *
* (3) append the stream of data 'text' to the B byte string resulting
* from step (2)
* (4) apply H to the stream generated in step (3)
*/
- sha256_init(&shactx);
- sha256_update(&shactx, block, sizeof(block));
- sha256_update(&shactx, d, dsize);
- sha256_done(&shactx, &hash);
+ sha256_init(&ctx->sha);
+ sha256_update(&ctx->sha, k_ipad, HMAC_SHA256_BLOCKSIZE);
/*
* (5) XOR (bitwise exclusive-OR) the B byte string computed in
* step (1) with opad
*/
- xor_block(block, IPAD^OPAD);
+ xor_block(ctx->k_opad, IPAD^OPAD);
+}
+
+void hmac_sha256_update(struct hmac_sha256_ctx *ctx, const void *p, size_t size)
+{
+ /* This is the appending-text part of this:
+ *
+ * (3) append the stream of data 'text' to the B byte string resulting
+ * from step (2)
+ * (4) apply H to the stream generated in step (3)
+ */
+ sha256_update(&ctx->sha, p, size);
+}
+
+void hmac_sha256_done(struct hmac_sha256_ctx *ctx,
+ struct hmac_sha256 *hmac)
+{
+ /* (4) apply H to the stream generated in step (3) */
+ sha256_done(&ctx->sha, &hmac->sha);
/*
* (6) append the H result from step (4) to the B byte string
* (7) apply H to the stream generated in step (6) and output
* the result
*/
- sha256_init(&shactx);
- sha256_update(&shactx, block, sizeof(block));
- sha256_update(&shactx, &hash, sizeof(hash));
- sha256_done(&shactx, &hmac->sha);
+ sha256_init(&ctx->sha);
+ sha256_update(&ctx->sha, ctx->k_opad, sizeof(ctx->k_opad));
+ sha256_update(&ctx->sha, &hmac->sha, sizeof(hmac->sha));
+ sha256_done(&ctx->sha, &hmac->sha);
+}
+
+#if 1
+void hmac_sha256(struct hmac_sha256 *hmac,
+ const void *k, size_t ksize,
+ const void *d, size_t dsize)
+{
+ struct hmac_sha256_ctx ctx;
+
+ hmac_sha256_init(&ctx, k, ksize);
+ hmac_sha256_update(&ctx, d, dsize);
+ hmac_sha256_done(&ctx, hmac);
}
#else
/* Direct mapping from MD5 example in RFC2104 */
#include <stdlib.h>
#include <ccan/crypto/sha256/sha256.h>
-/* Uncomment this to use openssl's HMAC routines (and link with -lcrypto) */
-/*#define CCAN_CRYPTO_HMAC_USE_OPENSSL 1*/
-
-#ifdef CCAN_CRYPTO_HMAC_USE_OPENSSL
-#include <openssl/hmac.h>
-#endif
+/* Number of bytes per block. */
+#define HMAC_SHA256_BLOCKSIZE 64
/**
* struct hmac_sha256 - structure representing a completed HMAC.
void hmac_sha256(struct hmac_sha256 *hmac,
const void *k, size_t ksize,
const void *d, size_t dsize);
+
+/**
+ * struct hmac_sha256_ctx - structure to store running context for hmac_sha256
+ */
+struct hmac_sha256_ctx {
+ struct sha256_ctx sha;
+ uint64_t k_opad[HMAC_SHA256_BLOCKSIZE / sizeof(uint64_t)];
+};
+
+/**
+ * hmac_sha256_init - initialize an HMAC_SHA256 context.
+ * @ctx: the hmac_sha256_ctx to initialize
+ * @k: pointer to the key,
+ * @ksize: the number of bytes pointed to by @k
+ *
+ * This must be called before hmac_sha256_update or hmac_sha256_done.
+ *
+ * If it was already initialized, this forgets anything which was
+ * hashed before.
+ *
+ * Example:
+ * static void hmac_all(const char *key,
+ * const char **arr, struct hmac_sha256 *hash)
+ * {
+ * size_t i;
+ * struct hmac_sha256_ctx ctx;
+ *
+ * hmac_sha256_init(&ctx, key, strlen(key));
+ * for (i = 0; arr[i]; i++)
+ * hmac_sha256_update(&ctx, arr[i], strlen(arr[i]));
+ * hmac_sha256_done(&ctx, hash);
+ * }
+ */
+void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
+ const void *k, size_t ksize);
+
+/**
+ * hmac_sha256_update - include some memory in the hash.
+ * @ctx: the hmac_sha256_ctx to use
+ * @p: pointer to memory,
+ * @size: the number of bytes pointed to by @p
+ *
+ * You can call this multiple times to hash more data, before calling
+ * hmac_sha256_done().
+ */
+void hmac_sha256_update(struct hmac_sha256_ctx *ctx, const void *p, size_t size);
+
+/**
+ * hmac_sha256_done - finish HMAC_SHA256 and return the hash
+ * @ctx: the hmac_sha256_ctx to complete
+ * @res: the hash to return.
+ *
+ * Note that @ctx is *destroyed* by this, and must be reinitialized.
+ * To avoid that, pass a copy instead.
+ */
+void hmac_sha256_done(struct hmac_sha256_ctx *hmac_sha256, struct hmac_sha256 *res);
#endif /* CCAN_CRYPTO_HMAC_SHA256_H */
size_t i;
struct hmac_sha256 hmac;
- plan_tests(sizeof(tests) / sizeof(tests[0]));
+ plan_tests(sizeof(tests) / sizeof(tests[0]) * 2);
for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
size_t ksize, dsize, hmacsize;
void *k, *d, *expect;
+ struct hmac_sha256_ctx ctx;
k = fromhex(tests[i].key, &ksize);
d = fromhex(tests[i].data, &dsize);
assert(hmacsize == sizeof(hmac));
hmac_sha256(&hmac, k, ksize, d, dsize);
ok1(memcmp(&hmac, expect, hmacsize) == 0);
+
+ /* Now test partial API. */
+ hmac_sha256_init(&ctx, k, ksize);
+ hmac_sha256_update(&ctx, d, dsize / 2);
+ hmac_sha256_update(&ctx, (char *)d + dsize/2, dsize - dsize/2);
+ hmac_sha256_done(&ctx, &hmac);
+ ok1(memcmp(&hmac, expect, hmacsize) == 0);
+
free(k);
free(d);
free(expect);
projects / ccan / commitdiff