Fix HMAC SHA3-224 and HMAC SHA3-256.
Added NIST test cases for these two as well. Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6972)
This commit is contained in:
parent
bdd58bd249
commit
e0810e3502
4 changed files with 51 additions and 10 deletions
|
@ -20,7 +20,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||||
{
|
{
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
int i, j, reset = 0;
|
int i, j, reset = 0;
|
||||||
unsigned char pad[HMAC_MAX_MD_CBLOCK];
|
unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
|
||||||
|
|
||||||
/* If we are changing MD then we must have a key */
|
/* If we are changing MD then we must have a key */
|
||||||
if (md != NULL && md != ctx->md && (key == NULL || len < 0))
|
if (md != NULL && md != ctx->md && (key == NULL || len < 0))
|
||||||
|
@ -52,19 +52,19 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||||
memcpy(ctx->key, key, len);
|
memcpy(ctx->key, key, len);
|
||||||
ctx->key_length = len;
|
ctx->key_length = len;
|
||||||
}
|
}
|
||||||
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
|
if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE)
|
||||||
memset(&ctx->key[ctx->key_length], 0,
|
memset(&ctx->key[ctx->key_length], 0,
|
||||||
HMAC_MAX_MD_CBLOCK - ctx->key_length);
|
HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (reset) {
|
if (reset) {
|
||||||
for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
|
for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
|
||||||
pad[i] = 0x36 ^ ctx->key[i];
|
pad[i] = 0x36 ^ ctx->key[i];
|
||||||
if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
|
if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
|
||||||
|| !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
|
|| !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
|
for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
|
||||||
pad[i] = 0x5c ^ ctx->key[i];
|
pad[i] = 0x5c ^ ctx->key[i];
|
||||||
if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
|
if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
|
||||||
|| !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
|
|| !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
|
||||||
|
@ -194,7 +194,7 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
||||||
goto err;
|
goto err;
|
||||||
if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
|
if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
|
||||||
goto err;
|
goto err;
|
||||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE);
|
||||||
dctx->key_length = sctx->key_length;
|
dctx->key_length = sctx->key_length;
|
||||||
dctx->md = sctx->md;
|
dctx->md = sctx->md;
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@ -10,13 +10,16 @@
|
||||||
#ifndef HEADER_HMAC_LCL_H
|
#ifndef HEADER_HMAC_LCL_H
|
||||||
# define HEADER_HMAC_LCL_H
|
# define HEADER_HMAC_LCL_H
|
||||||
|
|
||||||
|
/* The current largest case is for SHA3-224 */
|
||||||
|
#define HMAC_MAX_MD_CBLOCK_SIZE 144
|
||||||
|
|
||||||
struct hmac_ctx_st {
|
struct hmac_ctx_st {
|
||||||
const EVP_MD *md;
|
const EVP_MD *md;
|
||||||
EVP_MD_CTX *md_ctx;
|
EVP_MD_CTX *md_ctx;
|
||||||
EVP_MD_CTX *i_ctx;
|
EVP_MD_CTX *i_ctx;
|
||||||
EVP_MD_CTX *o_ctx;
|
EVP_MD_CTX *o_ctx;
|
||||||
unsigned int key_length;
|
unsigned int key_length;
|
||||||
unsigned char key[HMAC_MAX_MD_CBLOCK];
|
unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE];
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@ -14,7 +14,9 @@
|
||||||
|
|
||||||
# include <openssl/evp.h>
|
# include <openssl/evp.h>
|
||||||
|
|
||||||
# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */
|
# if OPENSSL_API_COMPAT < 0x10200000L
|
||||||
|
# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */
|
||||||
|
# endif
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
|
|
|
@ -248,6 +248,42 @@ Title = SHA3
|
||||||
|
|
||||||
# NIST's test vectors
|
# NIST's test vectors
|
||||||
|
|
||||||
|
MAC = HMAC
|
||||||
|
Algorithm = SHA3-224
|
||||||
|
Input = "Sample message for keylen<blocklen"
|
||||||
|
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b
|
||||||
|
Output = 332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04
|
||||||
|
|
||||||
|
MAC = HMAC
|
||||||
|
Algorithm = SHA3-224
|
||||||
|
Input = "Sample message for keylen=blocklen"
|
||||||
|
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f
|
||||||
|
Output = d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7
|
||||||
|
|
||||||
|
MAC = HMAC
|
||||||
|
Algorithm = SHA3-224
|
||||||
|
Input = "Sample message for keylen>blocklen"
|
||||||
|
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab
|
||||||
|
Output = 078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59
|
||||||
|
|
||||||
|
MAC = HMAC
|
||||||
|
Algorithm = SHA3-256
|
||||||
|
Input = "Sample message for keylen<blocklen"
|
||||||
|
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
|
||||||
|
Output = 4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205
|
||||||
|
|
||||||
|
MAC = HMAC
|
||||||
|
Algorithm = SHA3-256
|
||||||
|
Input = "Sample message for keylen=blocklen"
|
||||||
|
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687
|
||||||
|
Output = 68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa
|
||||||
|
|
||||||
|
MAC = HMAC
|
||||||
|
Algorithm = SHA3-256
|
||||||
|
Input = "Sample message for keylen>blocklen"
|
||||||
|
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7
|
||||||
|
Output = 9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258
|
||||||
|
|
||||||
MAC = HMAC
|
MAC = HMAC
|
||||||
Algorithm = SHA3-384
|
Algorithm = SHA3-384
|
||||||
Input = "Sample message for keylen<blocklen"
|
Input = "Sample message for keylen<blocklen"
|
||||||
|
|
Loading…
Reference in a new issue