3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 * implementation of HMAC as described in RFC2104
23 * email: daniel.otte@rub.de
24 * License: GPLv3 or later
28 * hmac = hash ( k^opad , hash( k^ipad , msg))
39 typedef sha1_ctx_t hmac_sha1_ctx_t;
41 #ifndef HMAC_SHORTONLY
43 void hmac_sha1_init(hmac_sha1_ctx_t *s, void* key, uint16_t keylength_b){
44 uint8_t buffer[SHA1_BLOCK_BYTES];
47 memset(buffer, 0, SHA1_BLOCK_BYTES);
48 if (keylength_b > SHA1_BLOCK_BITS){
49 sha1((void*)buffer, key, keylength_b);
51 memcpy(buffer, key, (keylength_b+7)/8);
54 for (i=0; i<SHA1_BLOCK_BYTES; ++i){
59 sha1_nextBlock(s, buffer);
60 #if defined SECURE_WIPE_BUFFER
61 memset(buffer, 0, SHA256_BLOCK_BITS/8);
65 void hmac_sha1_final(hmac_sha1_ctx_t *s, void* key, uint16_t keylength_b){
66 uint8_t buffer[SHA1_BLOCK_BYTES];
70 memset(buffer, 0, SHA1_BLOCK_BYTES);
71 if (keylength_b > SHA1_BLOCK_BITS){
72 sha1((void*)buffer, key, keylength_b);
74 memcpy(buffer, key, (keylength_b+7)/8);
77 for (i=0; i<SHA1_BLOCK_BYTES; ++i){
82 sha1_nextBlock(&a, buffer); /* hash key ^ opad */
83 sha1_ctx2hash((void*)buffer, s); /* copy hash(key ^ ipad, msg) to buffer */
84 sha1_lastBlock(&a, buffer, SHA1_HASH_BITS);
85 memcpy(s, &a, sizeof(sha1_ctx_t));
86 #if defined SECURE_WIPE_BUFFER
87 memset(buffer, 0, SHA1_BLOCK_BYTES);
95 void hmac_sha1_nextBlock()
96 void hmac_sha1_lastBlock()
101 * message length in bits!
103 void hmac_sha1(void* dest, void* key, uint16_t keylength_b, void* msg, uint64_t msglength_b){ /* a one-shot*/
106 uint8_t buffer[SHA1_BLOCK_BYTES];
108 memset(buffer, 0, SHA1_BLOCK_BYTES);
110 /* if key is larger than a block we have to hash it*/
111 if (keylength_b > SHA1_BLOCK_BITS){
112 sha1((void*)buffer, key, keylength_b);
114 memcpy(buffer, key, (keylength_b+7)/8);
117 for (i=0; i<SHA1_BLOCK_BYTES; ++i){
121 sha1_nextBlock(&s, buffer);
122 while (msglength_b >= SHA1_BLOCK_BITS){
123 sha1_nextBlock(&s, msg);
124 msg = (uint8_t*)msg + SHA1_BLOCK_BYTES;
125 msglength_b -= SHA1_BLOCK_BITS;
127 sha1_lastBlock(&s, msg, msglength_b);
128 /* since buffer still contains key xor ipad we can do ... */
129 for (i=0; i<SHA1_BLOCK_BYTES; ++i){
130 buffer[i] ^= IPAD ^ OPAD;
132 sha1_ctx2hash(dest, &s); /* save inner hash temporary to dest */
134 sha1_nextBlock(&s, buffer);
135 sha1_lastBlock(&s, dest, SHA1_HASH_BITS);
136 sha1_ctx2hash(dest, &s);