blob: c095cfefa2b7cb4b40c970b5140a9a09d2496090 [file] [log] [blame]
* Copyright (c) 2011, 2012, 2013, 2014, 2015 Olaf Bergmann (TZI) and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* and Eclipse Distribution License v. 1.0 which accompanies this distribution.
* The Eclipse Public License is available at
* and the Eclipse Distribution License is available at
* Contributors:
* Olaf Bergmann - initial API and implementation
* Hauke Mehrtens - memory optimization, ECC integration
#ifndef _DTLS_HMAC_H_
#define _DTLS_HMAC_H_
#include <sys/types.h>
#include "tinydtls.h"
#include "global.h"
#ifdef WITH_SHA256
/** Aaron D. Gifford's implementation of SHA256
* see */
#include "sha2/sha2.h"
typedef dtls_sha256_ctx dtls_hash_ctx;
typedef dtls_hash_ctx *dtls_hash_t;
#define DTLS_HASH_CTX_SIZE sizeof(dtls_sha256_ctx)
static inline void
dtls_hash_init(dtls_hash_t ctx) {
dtls_sha256_init((dtls_sha256_ctx *)ctx);
static inline void
dtls_hash_update(dtls_hash_t ctx, const unsigned char *input, size_t len) {
dtls_sha256_update((dtls_sha256_ctx *)ctx, input, len);
static inline size_t
dtls_hash_finalize(unsigned char *buf, dtls_hash_t ctx) {
dtls_sha256_final(buf, (dtls_sha256_ctx *)ctx);
#endif /* WITH_SHA256 */
static inline void dtls_hmac_storage_init(void)
{ }
void dtls_hmac_storage_init(void);
* \defgroup HMAC Keyed-Hash Message Authentication Code (HMAC)
* NIST Standard FIPS 198 describes the Keyed-Hash Message Authentication
* Code (HMAC) which is used as hash function for the DTLS PRF.
* @{
#define DTLS_HMAC_BLOCKSIZE 64 /**< size of hmac blocks */
#define DTLS_HMAC_DIGEST_SIZE 32 /**< digest size (for SHA-256) */
#define DTLS_HMAC_MAX 64 /**< max number of bytes in digest */
* List of known hash functions for use in dtls_hmac_init(). The
* identifiers are the same as the HashAlgorithm defined in
* <a href=""
* >Section of RFC 5246</a>.
typedef enum {
HASH_SHA256=4, HASH_SHA384=5, HASH_SHA512=6
} dtls_hashfunc_t;
* Context for HMAC generation. This object is initialized with
* dtls_hmac_init() and must be passed to dtls_hmac_update() and
* dtls_hmac_finalize(). Once, finalized, the component \c H is
* invalid and must be initialized again with dtls_hmac_init() before
* the structure can be used again.
typedef struct {
unsigned char pad[DTLS_HMAC_BLOCKSIZE]; /**< ipad and opad storage */
dtls_hash_ctx data; /**< context for hash function */
} dtls_hmac_context_t;
* Initializes an existing HMAC context.
* @param ctx The HMAC context to initialize.
* @param key The secret key.
* @param klen The length of @p key.
void dtls_hmac_init(dtls_hmac_context_t *ctx, const unsigned char *key, size_t klen);
* Allocates a new HMAC context \p ctx with the given secret key.
* This function returns \c 1 if \c ctx has been set correctly, or \c
* 0 or \c -1 otherwise. Note that this function allocates new storage
* that must be released by dtls_hmac_free().
* \param key The secret key.
* \param klen The length of \p key.
* \return A new dtls_hmac_context_t object or @c NULL on error
dtls_hmac_context_t *dtls_hmac_new(const unsigned char *key, size_t klen);
* Releases the storage for @p ctx that has been allocated by
* dtls_hmac_new().
* @param ctx The dtls_hmac_context_t to free.
void dtls_hmac_free(dtls_hmac_context_t *ctx);
* Updates the HMAC context with data from \p input.
* \param ctx The HMAC context.
* \param input The input data.
* \param ilen Size of \p input.
void dtls_hmac_update(dtls_hmac_context_t *ctx,
const unsigned char *input, size_t ilen);
* Completes the HMAC generation and writes the result to the given
* output parameter \c result. The buffer must be large enough to hold
* the message digest created by the actual hash function. If in
* doubt, use \c DTLS_HMAC_MAX. The function returns the number of
* bytes written to \c result.
* \param ctx The HMAC context.
* \param result Output parameter where the MAC is written to.
* \return Length of the MAC written to \p result.
int dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result);
#endif /* _DTLS_HMAC_H_ */