Skip to content

Commit 7c4de54

Browse files
SparkiDevSparkiDev
committed
EVP HMAC: get working with WOLFSSL_HMAC_COPY_HASH
Get the EVP layer working with the wolfSSL HMAC implementation when WOLFSSL_HMAC_COPY_HASH is defined. This define hashes the ipad and opad into temporary hashes and copies the required hash into the working hash when needed. Uses more memory but is faster when starting a new hash with the same key.
1 parent 7fb7509 commit 7c4de54

File tree

3 files changed

+123
-22
lines changed

3 files changed

+123
-22
lines changed

src/ssl_crypto.c

Lines changed: 94 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1472,56 +1472,136 @@ int wolfSSL_HmacCopy(Hmac* dst, Hmac* src)
14721472
#ifndef NO_MD5
14731473
case WC_MD5:
14741474
rc = wc_Md5Copy(&src->hash.md5, &dst->hash.md5);
1475+
#ifdef WOLFSSL_HMAC_COPY_HASH
1476+
if (rc == 0) {
1477+
rc = wc_Md5Copy(&src->i_hash.md5, &dst->i_hash.md5);
1478+
}
1479+
if (rc == 0) {
1480+
rc = wc_Md5Copy(&src->o_hash.md5, &dst->o_hash.md5);
1481+
}
1482+
#endif
14751483
break;
14761484
#endif /* !NO_MD5 */
14771485

14781486
#ifndef NO_SHA
14791487
case WC_SHA:
14801488
rc = wc_ShaCopy(&src->hash.sha, &dst->hash.sha);
1489+
#ifdef WOLFSSL_HMAC_COPY_HASH
1490+
if (rc == 0) {
1491+
rc = wc_ShaCopy(&src->i_hash.sha, &dst->i_hash.sha);
1492+
}
1493+
if (rc == 0) {
1494+
rc = wc_ShaCopy(&src->o_hash.sha, &dst->o_hash.sha);
1495+
}
1496+
#endif
14811497
break;
14821498
#endif /* !NO_SHA */
14831499

14841500
#ifdef WOLFSSL_SHA224
14851501
case WC_SHA224:
14861502
rc = wc_Sha224Copy(&src->hash.sha224, &dst->hash.sha224);
1503+
#ifdef WOLFSSL_HMAC_COPY_HASH
1504+
if (rc == 0) {
1505+
rc = wc_Sha224Copy(&src->i_hash.sha224, &dst->i_hash.sha224);
1506+
}
1507+
if (rc == 0) {
1508+
rc = wc_Sha224Copy(&src->o_hash.sha224, &dst->o_hash.sha224);
1509+
}
1510+
#endif
14871511
break;
14881512
#endif /* WOLFSSL_SHA224 */
14891513

14901514
#ifndef NO_SHA256
14911515
case WC_SHA256:
14921516
rc = wc_Sha256Copy(&src->hash.sha256, &dst->hash.sha256);
1517+
#ifdef WOLFSSL_HMAC_COPY_HASH
1518+
if (rc == 0) {
1519+
rc = wc_Sha256Copy(&src->i_hash.sha256, &dst->i_hash.sha256);
1520+
}
1521+
if (rc == 0) {
1522+
rc = wc_Sha256Copy(&src->o_hash.sha256, &dst->o_hash.sha256);
1523+
}
1524+
#endif
14931525
break;
14941526
#endif /* !NO_SHA256 */
14951527

14961528
#ifdef WOLFSSL_SHA384
14971529
case WC_SHA384:
14981530
rc = wc_Sha384Copy(&src->hash.sha384, &dst->hash.sha384);
1531+
#ifdef WOLFSSL_HMAC_COPY_HASH
1532+
if (rc == 0) {
1533+
rc = wc_Sha384Copy(&src->i_hash.sha384, &dst->i_hash.sha384);
1534+
}
1535+
if (rc == 0) {
1536+
rc = wc_Sha384Copy(&src->o_hash.sha384, &dst->o_hash.sha384);
1537+
}
1538+
#endif
14991539
break;
15001540
#endif /* WOLFSSL_SHA384 */
15011541
#ifdef WOLFSSL_SHA512
15021542
case WC_SHA512:
15031543
rc = wc_Sha512Copy(&src->hash.sha512, &dst->hash.sha512);
1544+
#ifdef WOLFSSL_HMAC_COPY_HASH
1545+
if (rc == 0) {
1546+
rc = wc_Sha512Copy(&src->i_hash.sha512, &dst->i_hash.sha512);
1547+
}
1548+
if (rc == 0) {
1549+
rc = wc_Sha512Copy(&src->o_hash.sha512, &dst->o_hash.sha512);
1550+
}
1551+
#endif
15041552
break;
15051553
#endif /* WOLFSSL_SHA512 */
15061554
#ifdef WOLFSSL_SHA3
15071555
#ifndef WOLFSSL_NOSHA3_224
15081556
case WC_SHA3_224:
15091557
rc = wc_Sha3_224_Copy(&src->hash.sha3, &dst->hash.sha3);
1558+
#ifdef WOLFSSL_HMAC_COPY_HASH
1559+
if (rc == 0) {
1560+
rc = wc_Sha3_224_Copy(&src->i_hash.sha3, &dst->i_hash.sha3);
1561+
}
1562+
if (rc == 0) {
1563+
rc = wc_Sha3_224_Copy(&src->o_hash.sha3, &dst->o_hash.sha3);
1564+
}
1565+
#endif
15101566
break;
15111567
#endif /* WOLFSSL_NO_SHA3_224 */
15121568
#ifndef WOLFSSL_NOSHA3_256
15131569
case WC_SHA3_256:
15141570
rc = wc_Sha3_256_Copy(&src->hash.sha3, &dst->hash.sha3);
1571+
#ifdef WOLFSSL_HMAC_COPY_HASH
1572+
if (rc == 0) {
1573+
rc = wc_Sha3_256_Copy(&src->i_hash.sha3, &dst->i_hash.sha3);
1574+
}
1575+
if (rc == 0) {
1576+
rc = wc_Sha3_256_Copy(&src->o_hash.sha3, &dst->o_hash.sha3);
1577+
}
1578+
#endif
15151579
break;
15161580
#endif /* WOLFSSL_NO_SHA3_256 */
15171581
#ifndef WOLFSSL_NOSHA3_384
15181582
case WC_SHA3_384:
15191583
rc = wc_Sha3_384_Copy(&src->hash.sha3, &dst->hash.sha3);
1584+
#ifdef WOLFSSL_HMAC_COPY_HASH
1585+
if (rc == 0) {
1586+
rc = wc_Sha3_384_Copy(&src->i_hash.sha3, &dst->i_hash.sha3);
1587+
}
1588+
if (rc == 0) {
1589+
rc = wc_Sha3_384_Copy(&src->o_hash.sha3, &dst->o_hash.sha3);
1590+
}
1591+
#endif
15201592
break;
15211593
#endif /* WOLFSSL_NO_SHA3_384 */
15221594
#ifndef WOLFSSL_NOSHA3_512
15231595
case WC_SHA3_512:
15241596
rc = wc_Sha3_512_Copy(&src->hash.sha3, &dst->hash.sha3);
1597+
#ifdef WOLFSSL_HMAC_COPY_HASH
1598+
if (rc == 0) {
1599+
rc = wc_Sha3_512_Copy(&src->i_hash.sha3, &dst->i_hash.sha3);
1600+
}
1601+
if (rc == 0) {
1602+
rc = wc_Sha3_512_Copy(&src->o_hash.sha3, &dst->o_hash.sha3);
1603+
}
1604+
#endif
15251605
break;
15261606
#endif /* WOLFSSL_NO_SHA3_512 */
15271607
#endif /* WOLFSSL_SHA3 */
@@ -1823,13 +1903,24 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
18231903
WC_HMAC_BLOCK_SIZE);
18241904
XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad,
18251905
WC_HMAC_BLOCK_SIZE);
1826-
/* Initialize the wolfSSL HMAC object. */
1827-
rc = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap);
1906+
#ifdef WOLFSSL_HMAC_COPY_HASH
1907+
rc = _HmacInitIOHashes(&ctx->hmac);
18281908
if (rc != 0) {
1829-
WOLFSSL_MSG("hmac init error");
1909+
WOLFSSL_MSG("hmac init i_hash/o_hash error");
18301910
WOLFSSL_ERROR(rc);
18311911
ret = 0;
18321912
}
1913+
if (ret == 1)
1914+
#endif
1915+
{
1916+
/* Initialize the wolfSSL HMAC object. */
1917+
rc = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap);
1918+
if (rc != 0) {
1919+
WOLFSSL_MSG("hmac init error");
1920+
WOLFSSL_ERROR(rc);
1921+
ret = 0;
1922+
}
1923+
}
18331924
}
18341925

18351926
return ret;

wolfcrypt/src/hmac.c

Lines changed: 28 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -400,6 +400,32 @@ static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad)
400400
return ret;
401401
}
402402

403+
#ifdef WOLFSSL_HMAC_COPY_HASH
404+
int _HmacInitIOHashes(Hmac* hmac)
405+
{
406+
int ret;
407+
#ifdef WOLF_CRYPTO_CB
408+
int devId = hmac->devId;
409+
#else
410+
int devId = INVALID_DEVID;
411+
#endif
412+
413+
ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, hmac->heap, devId);
414+
if (ret == 0) {
415+
ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, hmac->heap, devId);
416+
}
417+
if (ret == 0) {
418+
ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash,
419+
(byte*)hmac->ipad);
420+
}
421+
if (ret == 0) {
422+
ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash,
423+
(byte*)hmac->opad);
424+
}
425+
426+
return ret;
427+
}
428+
#endif
403429

404430
int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
405431
int allowFlag)
@@ -761,25 +787,8 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
761787
}
762788

763789
#ifdef WOLFSSL_HMAC_COPY_HASH
764-
if ( ret == 0) {
765-
#ifdef WOLF_CRYPTO_CB
766-
int devId = hmac->devId;
767-
#else
768-
int devId = INVALID_DEVID;
769-
#endif
770-
771-
ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, heap, devId);
772-
if (ret != 0)
773-
return ret;
774-
ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, heap, devId);
775-
if (ret != 0)
776-
return ret;
777-
ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash, ip);
778-
if (ret != 0)
779-
return ret;
780-
ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash, op);
781-
if (ret != 0)
782-
return ret;
790+
if (ret == 0) {
791+
ret = _HmacInitIOHashes(hmac);
783792
}
784793
#endif
785794

wolfssl/wolfcrypt/hmac.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,7 @@ WOLFSSL_API void wc_HmacFree(Hmac* hmac);
194194
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
195195

196196
WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap);
197+
WOLFSSL_LOCAL int _HmacInitIOHashes(Hmac* hmac);
197198

198199
#ifdef HAVE_HKDF
199200

0 commit comments

Comments
 (0)