Fix HMAC SHA3-224 and HMAC SHA3-256.
Added NIST test cases for these two as well.
Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6972)
Pauli
5 years ago
19 | 19 | { |
20 | 20 | int rv = 0; |
21 | 21 | int i, j, reset = 0; |
22 | unsigned char pad[HMAC_MAX_MD_CBLOCK]; | |
22 | unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; | |
23 | 23 | |
24 | 24 | /* If we are changing MD then we must have a key */ |
25 | 25 | if (md != NULL && md != ctx->md && (key == NULL || len < 0)) |
51 | 51 | memcpy(ctx->key, key, len); |
52 | 52 | ctx->key_length = len; |
53 | 53 | } |
54 | if (ctx->key_length != HMAC_MAX_MD_CBLOCK) | |
54 | if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) | |
55 | 55 | memset(&ctx->key[ctx->key_length], 0, |
56 | HMAC_MAX_MD_CBLOCK - ctx->key_length); | |
56 | HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); | |
57 | 57 | } |
58 | 58 | |
59 | 59 | if (reset) { |
60 | for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) | |
60 | for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) | |
61 | 61 | pad[i] = 0x36 ^ ctx->key[i]; |
62 | 62 | if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) |
63 | 63 | || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) |
64 | 64 | goto err; |
65 | 65 | |
66 | for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) | |
66 | for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) | |
67 | 67 | pad[i] = 0x5c ^ ctx->key[i]; |
68 | 68 | if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) |
69 | 69 | || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) |
193 | 193 | goto err; |
194 | 194 | if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) |
195 | 195 | goto err; |
196 | memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); | |
196 | memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); | |
197 | 197 | dctx->key_length = sctx->key_length; |
198 | 198 | dctx->md = sctx->md; |
199 | 199 | return 1; |
0 | 0 | /* |
1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
9 | 9 | #ifndef HEADER_HMAC_LCL_H |
10 | 10 | # define HEADER_HMAC_LCL_H |
11 | 11 | |
12 | /* The current largest case is for SHA3-224 */ | |
13 | #define HMAC_MAX_MD_CBLOCK_SIZE 144 | |
14 | ||
12 | 15 | struct hmac_ctx_st { |
13 | 16 | const EVP_MD *md; |
14 | 17 | EVP_MD_CTX *md_ctx; |
15 | 18 | EVP_MD_CTX *i_ctx; |
16 | 19 | EVP_MD_CTX *o_ctx; |
17 | 20 | unsigned int key_length; |
18 | unsigned char key[HMAC_MAX_MD_CBLOCK]; | |
21 | unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE]; | |
19 | 22 | }; |
20 | 23 | |
21 | 24 | #endif |
0 | 0 | /* |
1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
13 | 13 | |
14 | 14 | # include <openssl/evp.h> |
15 | 15 | |
16 | # define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ | |
16 | # if OPENSSL_API_COMPAT < 0x10200000L | |
17 | # define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ | |
18 | # endif | |
17 | 19 | |
18 | 20 | #ifdef __cplusplus |
19 | 21 | extern "C" { |
248 | 248 | # NIST's test vectors |
249 | 249 | |
250 | 250 | MAC = HMAC |
251 | Algorithm = SHA3-224 | |
252 | Input = "Sample message for keylen<blocklen" | |
253 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b | |
254 | Output = 332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04 | |
255 | ||
256 | MAC = HMAC | |
257 | Algorithm = SHA3-224 | |
258 | Input = "Sample message for keylen=blocklen" | |
259 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f | |
260 | Output = d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7 | |
261 | ||
262 | MAC = HMAC | |
263 | Algorithm = SHA3-224 | |
264 | Input = "Sample message for keylen>blocklen" | |
265 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab | |
266 | Output = 078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59 | |
267 | ||
268 | MAC = HMAC | |
269 | Algorithm = SHA3-256 | |
270 | Input = "Sample message for keylen<blocklen" | |
271 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f | |
272 | Output = 4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205 | |
273 | ||
274 | MAC = HMAC | |
275 | Algorithm = SHA3-256 | |
276 | Input = "Sample message for keylen=blocklen" | |
277 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687 | |
278 | Output = 68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa | |
279 | ||
280 | MAC = HMAC | |
281 | Algorithm = SHA3-256 | |
282 | Input = "Sample message for keylen>blocklen" | |
283 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7 | |
284 | Output = 9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258 | |
285 | ||
286 | MAC = HMAC | |
251 | 287 | Algorithm = SHA3-384 |
252 | 288 | Input = "Sample message for keylen<blocklen" |
253 | 289 | Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f |