diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index 7aab2e40f..37acb9744 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -534,7 +534,9 @@ int wc_Blake2bHmacInit(Blake2b* b2b, const byte* key, size_t key_len) ret = wc_Blake2bFinal(b2b, x_key, 0); } else { XMEMCPY(x_key, key, key_len); - XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len); + if (key_len < BLAKE2B_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len); + } } if (ret == 0) { @@ -581,7 +583,9 @@ int wc_Blake2bHmacFinal(Blake2b* b2b, const byte* key, size_t key_len, ret = wc_Blake2bFinal(b2b, x_key, 0); } else { XMEMCPY(x_key, key, key_len); - XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len); + if (key_len < BLAKE2B_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len); + } } if (ret == 0) { diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c index 6f5d1d2e9..b38d12a93 100644 --- a/wolfcrypt/src/blake2s.c +++ b/wolfcrypt/src/blake2s.c @@ -528,7 +528,9 @@ int wc_Blake2sHmacInit(Blake2s* b2s, const byte* key, size_t key_len) ret = wc_Blake2sFinal(b2s, x_key, 0); } else { XMEMCPY(x_key, key, key_len); - XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len); + if (key_len < BLAKE2S_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len); + } } if (ret == 0) { @@ -575,7 +577,9 @@ int wc_Blake2sHmacFinal(Blake2s* b2s, const byte* key, size_t key_len, ret = wc_Blake2sFinal(b2s, x_key, 0); } else { XMEMCPY(x_key, key, key_len); - XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len); + if (key_len < BLAKE2S_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len); + } } if (ret == 0) { diff --git a/wrapper/rust/wolfssl-wolfcrypt/build.rs b/wrapper/rust/wolfssl-wolfcrypt/build.rs index 78adbbc3b..608c100e2 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/build.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/build.rs @@ -128,7 +128,9 @@ fn scan_cfg() -> Result<()> { /* blake2 */ check_cfg(&binding, "wc_InitBlake2b", "blake2b"); + check_cfg(&binding, "wc_Blake2bHmac", "blake2b_hmac"); check_cfg(&binding, "wc_InitBlake2s", "blake2s"); + check_cfg(&binding, "wc_Blake2sHmac", "blake2s_hmac"); /* chacha20_poly1305 */ check_cfg(&binding, "wc_ChaCha20Poly1305_Encrypt", "chacha20_poly1305"); diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs b/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs index 9a4478c47..4b8daeb39 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs @@ -167,6 +167,144 @@ impl BLAKE2b { } } + +/// Context for HMAC-BLAKE2b computation. +#[cfg(blake2b_hmac)] +pub struct BLAKE2bHmac { + wc_blake2b: sys::Blake2b, +} + +#[cfg(blake2b_hmac)] +impl BLAKE2bHmac { + /// HMAC-BLAKE2b digest size. + pub const DIGEST_SIZE: usize = sys::WC_BLAKE2B_DIGEST_SIZE as usize; + + /// Build a new BLAKE2bHmac instance. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2b computation. + /// + /// # Returns + /// + /// Returns either Ok(hmac_blake2b) or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac; + /// let key = [42u8, 43, 44]; + /// let hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()"); + /// ``` + pub fn new(key: &[u8]) -> Result { + let mut wc_blake2b: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_Blake2bHmacInit(wc_blake2b.as_mut_ptr(), key.as_ptr(), key.len()) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2b = unsafe { wc_blake2b.assume_init() }; + let hmac_blake2b = BLAKE2bHmac { wc_blake2b }; + Ok(hmac_blake2b) + } + + /// Update the HMAC-BLAKE2b computation with the input data. + /// + /// This method may be called several times and then the finalize() + /// method should be called to retrieve the final MAC. + /// + /// # Parameters + /// + /// * `data`: Input data to hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2b.update(&data).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2bHmacUpdate(&mut self.wc_blake2b, data.as_ptr(), data.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute and retrieve the final HMAC-BLAKE2b MAC. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2b computation. + /// * `mac`: Output buffer in which to store the computed HMAC-BLAKE2b MAC. + /// It must be 64 bytes long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2b.update(&data).expect("Error with update()"); + /// let mut mac = [0u8; 64]; + /// hmac_blake2b.finalize(&key, &mut mac).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, key: &[u8], mac: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2bHmacFinal(&mut self.wc_blake2b, + key.as_ptr(), key.len(), mac.as_mut_ptr(), mac.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the HMAC-BLAKE2b message authentication code of the given + /// input data using the given key (one-shot API). + /// + /// # Parameters + /// + /// * `data`: Input data to create MAC from. + /// * `key`: Key to use for MAC creation. + /// * `out`: Buffer in which to store the computed MAC. It must be 64 bytes + /// long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2bHmac(data.as_ptr(), data.len(), key.as_ptr(), + key.len(), out.as_mut_ptr(), out.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + + /// Context for BLAKE2s computation. #[cfg(blake2s)] pub struct BLAKE2s { @@ -291,7 +429,7 @@ impl BLAKE2s { /// use wolfssl_wolfcrypt::blake2::BLAKE2s; /// let mut blake2s = BLAKE2s::new(32).expect("Error with new()"); /// blake2s.update(&[0u8; 16]).expect("Error with update()"); - /// let mut hash = [0u8; 64]; + /// let mut hash = [0u8; 32]; /// blake2s.finalize(&mut hash).expect("Error with finalize()"); /// ``` pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { @@ -305,3 +443,140 @@ impl BLAKE2s { Ok(()) } } + + +/// Context for HMAC-BLAKE2s computation. +#[cfg(blake2s_hmac)] +pub struct BLAKE2sHmac { + wc_blake2s: sys::Blake2s, +} + +#[cfg(blake2s_hmac)] +impl BLAKE2sHmac { + /// HMAC-BLAKE2s digest size. + pub const DIGEST_SIZE: usize = sys::WC_BLAKE2S_DIGEST_SIZE as usize; + + /// Build a new BLAKE2sHmac instance. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2s computation. + /// + /// # Returns + /// + /// Returns either Ok(hmac_blake2s) or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac; + /// let key = [42u8, 43, 44]; + /// let hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()"); + /// ``` + pub fn new(key: &[u8]) -> Result { + let mut wc_blake2s: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_Blake2sHmacInit(wc_blake2s.as_mut_ptr(), key.as_ptr(), key.len()) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2s = unsafe { wc_blake2s.assume_init() }; + let hmac_blake2s = BLAKE2sHmac { wc_blake2s }; + Ok(hmac_blake2s) + } + + /// Update the HMAC-BLAKE2s computation with the input data. + /// + /// This method may be called several times and then the finalize() + /// method should be called to retrieve the final MAC. + /// + /// # Parameters + /// + /// * `data`: Input data to hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2s.update(&data).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2sHmacUpdate(&mut self.wc_blake2s, data.as_ptr(), data.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute and retrieve the final HMAC-BLAKE2s MAC. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2s computation. + /// * `mac`: Output buffer in which to store the computed HMAC-BLAKE2s MAC. + /// It must be 32 bytes long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2s.update(&data).expect("Error with update()"); + /// let mut mac = [0u8; 32]; + /// hmac_blake2s.finalize(&key, &mut mac).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, key: &[u8], mac: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2sHmacFinal(&mut self.wc_blake2s, + key.as_ptr(), key.len(), mac.as_mut_ptr(), mac.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the HMAC-BLAKE2s message authentication code of the given + /// input data using the given key (one-shot API). + /// + /// # Parameters + /// + /// * `data`: Input data to create MAC from. + /// * `key`: Key to use for MAC creation. + /// * `out`: Buffer in which to store the computed MAC. It must be 32 bytes + /// long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2sHmac(data.as_ptr(), data.len(), key.as_ptr(), + key.len(), out.as_mut_ptr(), out.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs index 5891ea596..4b8bff27f 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs @@ -50,6 +50,70 @@ fn test_blake2b() { } } +#[test] +#[cfg(blake2b_hmac)] +fn test_blake2b_hmac() { + let key1 = [0x41u8, 0x42, 0x43, 0x44]; + let message1 = [0x48u8, 0x65, 0x6c, 0x6c, 0x6f]; + let expected1 = [ + 0x46u8, 0x76, 0xbb, 0x0e, 0xf8, 0xa1, 0x56, 0x33, + 0xde, 0xdc, 0x44, 0xe3, 0x2b, 0xf3, 0xee, 0x5b, + 0x5f, 0x7f, 0x04, 0x00, 0x2c, 0xaa, 0xd4, 0x93, + 0xc6, 0xa6, 0xb4, 0xf3, 0x14, 0x8d, 0x6d, 0x9c, + 0x6a, 0x12, 0x02, 0x85, 0x66, 0xed, 0x9b, 0x5d, + 0x8d, 0x0e, 0x3d, 0xf4, 0x78, 0xee, 0x5a, 0xf6, + 0x2f, 0x97, 0xa5, 0x77, 0x88, 0x8c, 0xc4, 0x66, + 0x46, 0xb1, 0xba, 0x51, 0x29, 0x19, 0xd7, 0xaa, + ]; + let key2 = [ + 0x30u8, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33 + ]; + let message2 = [ + 0x61u8, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, + 0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, + 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, + 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71 + ]; + let expected2 = [ + 0x2au8, 0xda, 0xf6, 0x94, 0x79, 0xce, 0xe2, 0xd2, + 0x5d, 0x89, 0x8b, 0xd7, 0x0d, 0xbc, 0x11, 0x1f, + 0x98, 0x99, 0xe0, 0x17, 0x7c, 0x5b, 0x8f, 0x94, + 0xf5, 0x95, 0xbc, 0x1b, 0xb1, 0x95, 0xe8, 0x60, + 0xbb, 0x29, 0xa4, 0xd9, 0x27, 0x2e, 0x00, 0xea, + 0xba, 0xc3, 0x3e, 0xe6, 0x9c, 0xc7, 0xd7, 0x8d, + 0x69, 0xc7, 0xb4, 0xf7, 0x31, 0x4a, 0xb1, 0xf0, + 0x3c, 0xed, 0x06, 0x49, 0x6f, 0x46, 0x99, 0xea, + ]; + + let mut out1 = [0u8; 64]; + BLAKE2bHmac::hmac(&message1, &key1, &mut out1).expect("Error with hmac()"); + assert_eq!(out1, expected1); + + let mut out2 = [0u8; 64]; + BLAKE2bHmac::hmac(&message2, &key2, &mut out2).expect("Error with hmac()"); + assert_eq!(out2, expected2); + + let mut hmac_blake2b = BLAKE2bHmac::new(&key1).expect("Error with new()"); + hmac_blake2b.update(&message1[0..4]).expect("Error with update()"); + hmac_blake2b.update(&message1[4..]).expect("Error with update()"); + let mut out1 = [0u8; 64]; + hmac_blake2b.finalize(&key1, &mut out1).expect("Error with finalize()"); + assert_eq!(out1, expected1); + + let mut hmac_blake2b = BLAKE2bHmac::new(&key2).expect("Error with new()"); + hmac_blake2b.update(&message2[0..48]).expect("Error with update()"); + hmac_blake2b.update(&message2[48..]).expect("Error with update()"); + let mut out2 = [0u8; 64]; + hmac_blake2b.finalize(&key2, &mut out2).expect("Error with finalize()"); + assert_eq!(out2, expected2); +} + #[test] #[cfg(blake2s)] fn test_blake2s() { @@ -86,3 +150,56 @@ fn test_blake2s() { assert_eq!(hash, *expected_hash); } } + +#[test] +#[cfg(blake2s_hmac)] +fn test_blake2s_hmac() { + let key1 = [0x41u8, 0x42, 0x43, 0x44]; + let message1 = [0x48u8, 0x65, 0x6c, 0x6c, 0x6f]; + let expected1 = [ + 0x96u8, 0xca, 0x1d, 0xaa, 0x9a, 0x33, 0x97, 0x3d, + 0xc5, 0x95, 0x3e, 0xce, 0x49, 0x93, 0x75, 0xc1, + 0x2a, 0x7c, 0x8f, 0x5b, 0xf0, 0x28, 0xef, 0xc3, + 0xfb, 0xc5, 0x97, 0xcd, 0xcc, 0x74, 0x44, 0x68, + ]; + let key2 = [ + 0x30u8, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, + ]; + let message2 = [ + 0x61u8, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, + 0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, + 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, + 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71 + ]; + let expected2 = [ + 0xc4u8, 0x63, 0xdb, 0x28, 0x97, 0x60, 0x6a, 0xa7, + 0x1e, 0xe6, 0xcf, 0x93, 0x85, 0x3c, 0x90, 0x71, + 0xea, 0x76, 0x7f, 0x6a, 0xa7, 0x20, 0x80, 0x35, + 0xe1, 0x68, 0x95, 0xfe, 0x65, 0x65, 0x43, 0x76, + ]; + + let mut out1 = [0u8; 32]; + BLAKE2sHmac::hmac(&message1, &key1, &mut out1).expect("Error with hmac()"); + assert_eq!(out1, expected1); + + let mut out2 = [0u8; 32]; + BLAKE2sHmac::hmac(&message2, &key2, &mut out2).expect("Error with hmac()"); + assert_eq!(out2, expected2); + + let mut hmac_blake2s = BLAKE2sHmac::new(&key1).expect("Error with new()"); + hmac_blake2s.update(&message1[0..4]).expect("Error with update()"); + hmac_blake2s.update(&message1[4..]).expect("Error with update()"); + let mut out1 = [0u8; 32]; + hmac_blake2s.finalize(&key1, &mut out1).expect("Error with finalize()"); + assert_eq!(out1, expected1); + + let mut hmac_blake2s = BLAKE2sHmac::new(&key2).expect("Error with new()"); + hmac_blake2s.update(&message2[0..48]).expect("Error with update()"); + hmac_blake2s.update(&message2[48..]).expect("Error with update()"); + let mut out2 = [0u8; 32]; + hmac_blake2s.finalize(&key2, &mut out2).expect("Error with finalize()"); + assert_eq!(out2, expected2); +}