自学教程：C++ HMAC_Update函数代码示例

uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,              const uint8_t *data, size_t data_len, uint8_t *out,              unsigned int *out_len) {  HMAC_CTX ctx;  HMAC_CTX_init(&ctx);  if (!HMAC_Init_ex(&ctx, key, key_len, evp_md, NULL) ||      !HMAC_Update(&ctx, data, data_len) ||      !HMAC_Final(&ctx, out, out_len)) {    out = NULL;  }  HMAC_CTX_cleanup(&ctx);  return out;}

static int hmac_fdigest(lua_State *L){  HANDLER_HMAC c;  size_t written = 0;  const char *t = luaL_checkstring(L, 1);  size_t s_len;  const char *s = luaL_checklstring(L, 2, &s_len);  size_t k_len;  const char *k = luaL_checklstring(L, 3, &k_len);  DIGEST_TYPE type = DIGEST_BY_NAME(t);#if CRYPTO_OPENSSL  unsigned char digest[EVP_MAX_MD_SIZE];#elif CRYPTO_GCRYPT  unsigned char *digest;#endif  if (IS_DIGEST_INVALID(type)) {    luaL_argerror(L, 1, "invalid digest type");    return 0;  }#if CRYPTO_OPENSSL  HMAC_CTX_init(&c);  HMAC_Init_ex(&c, k, k_len, type, NULL);  HMAC_Update(&c, (unsigned char *)s, s_len);  HMAC_Final(&c, digest, &written);#elif CRYPTO_GCRYPT  gcry_md_open(&c, type, GCRY_MD_FLAG_HMAC);  gcry_md_setkey(c, k, k_len);  gcry_md_write(c, s, s_len);  gcry_md_final(c);  digest = gcry_md_read(c,type);  written = gcry_md_get_algo_dlen(type);#endif  if (lua_toboolean(L, 4))    lua_pushlstring(L, (char *)digest, written);  else  {    char *hex = bin2hex(digest,written);    lua_pushlstring(L, hex, written*2);    free(hex);  }#if CRYPTO_GCRYPT  gcry_md_close(c);#endif  return 1;}

int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size){#if OPENSSL_VERSION_NUMBER > 0x0090900fL	int rv = 0;#endif	if (!hmac || !hmac->initialized)	{		return PKI_ERROR(PKI_ERR_GENERAL, "PKI_HMAC is not initialized");	}#if OPENSSL_VERSION_NUMBER > 0x0090900fL	rv = HMAC_Update(&hmac->ctx, (const unsigned char *) data, (unsigned int) data_size);	if (rv == 0)	{		return PKI_ERROR(PKI_ERR_GENERAL, "Error while updating the HMAC value");	}#else	HMAC_Update(&hmac->ctx, (const unsigned char *) data, (unsigned int) data_size);#endif	return PKI_OK;}

intdsa_update(struct iked_dsa *dsa, const void *buf, size_t len){	int	ret = 1;	if (dsa->dsa_hmac)		ret = HMAC_Update(dsa->dsa_ctx, buf, len);	else if (dsa->dsa_sign)		ret = EVP_SignUpdate(dsa->dsa_ctx, buf, len);	else		ret = EVP_VerifyUpdate(dsa->dsa_ctx, buf, len);	return (ret ? 0 : -1);}

intP_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret, int sslen,       unsigned char *seed, int slen){    unsigned char hmac[20];    uint32_t hlen;    HMAC_CTX hm;    const EVP_MD *md = EVP_get_digestbyname(digest);    uint32_t tmpslen;    unsigned char tmpseed[slen];    unsigned char *out = dest;    int pending = dlen;    // Copy initial seed    memcpy(tmpseed, seed, slen);    tmpslen = slen;    // Calculate enough data to fill destination    while (pending > 0) {        HMAC_Init(&hm, secret, sslen, md);        HMAC_Update(&hm, tmpseed, tmpslen);        HMAC_Final(&hm, tmpseed, &tmpslen);        HMAC_Init(&hm, secret, sslen, md);        HMAC_Update(&hm, tmpseed, tmpslen);        HMAC_Update(&hm, seed, slen);        HMAC_Final(&hm, hmac, &hlen);        hlen = (hlen > pending) ? pending : hlen;        memcpy(out, hmac, hlen);        out += hlen;        pending -= hlen;    }    HMAC_cleanup(&hm);    return hlen;}

static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {  unsigned int outlen;  int rc = SQLITE_OK;  HMAC_CTX* hctx = NULL;  if(in == NULL) goto error;  hctx = HMAC_CTX_new();  if(hctx == NULL) goto error;  switch(algorithm) {    case SQLCIPHER_HMAC_SHA1:      if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error;      break;    case SQLCIPHER_HMAC_SHA256:      if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error;      break;    case SQLCIPHER_HMAC_SHA512:      if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error;      break;    default:      goto error;  }  if(!HMAC_Update(hctx, in, in_sz)) goto error;  if(in2 != NULL) {    if(!HMAC_Update(hctx, in2, in2_sz)) goto error;  }  if(!HMAC_Final(hctx, out, &outlen)) goto error;    goto cleanup;error:  rc = SQLITE_ERROR;cleanup:  if(hctx) HMAC_CTX_free(hctx);  return rc;}

u_char *mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen){	static union {		u_char m[EVP_MAX_MD_SIZE];		u_int64_t for_align;	} u;	u_char b[4], nonce[8];	if (mac->mac_len > sizeof(u))		fatal("mac_compute: mac too long %u %lu",		    mac->mac_len, (u_long)sizeof(u));	switch (mac->type) {	case SSH_EVP:		put_u32(b, seqno);		/* reset HMAC context */		HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);		HMAC_Update(&mac->evp_ctx, b, sizeof(b));		HMAC_Update(&mac->evp_ctx, data, datalen);		HMAC_Final(&mac->evp_ctx, u.m, NULL);		break;	case SSH_UMAC:		put_u64(nonce, seqno);		umac_update(mac->umac_ctx, data, datalen);		umac_final(mac->umac_ctx, u.m, nonce);		break;	case SSH_UMAC128:		put_u64(nonce, seqno);		umac128_update(mac->umac_ctx, data, datalen);		umac128_final(mac->umac_ctx, u.m, nonce);		break;	default:		fatal("mac_compute: unknown MAC type");	}	return (u.m);}

/* a counter-based KDF based on NIST SP800-108 */static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int labellen, uint8_t *result, int resultbitlen){	HMAC_CTX hctx;	uint8_t digest[SHA256_DIGEST_LENGTH];	uint16_t i, ctr, L;	int resultbytelen, len = 0;	unsigned int mdlen = SHA256_DIGEST_LENGTH;	uint8_t mask = 0xff;	resultbytelen = (resultbitlen + 7)/8;	ctr = 0;	L = htons(resultbitlen);	while (len < resultbytelen) {		ctr++; i = htons(ctr);		HMAC_Init(&hctx, key, keylen, EVP_sha256());		if (ctr > 1) {			HMAC_Update(&hctx, digest, mdlen);		}		HMAC_Update(&hctx, (uint8_t *) &i, sizeof(uint16_t));		HMAC_Update(&hctx, (uint8_t const *)label, labellen);		HMAC_Update(&hctx, (uint8_t *) &L, sizeof(uint16_t));		HMAC_Final(&hctx, digest, &mdlen);		if ((len + (int) mdlen) > resultbytelen) {			memcpy(result + len, digest, resultbytelen - len);		} else {			memcpy(result + len, digest, mdlen);		}		len += mdlen;		HMAC_CTX_cleanup(&hctx);	}	/* since we're expanding to a bit length, mask off the excess */	if (resultbitlen % 8) {		mask <<= (8 - (resultbitlen % 8));		result[resultbytelen - 1] &= mask;	}}

static uint64_t _checksum_64(encfs_common_custom_salt *cur_salt, unsigned char *key, const unsigned char *data, int dataLen, uint64_t *chainedIV){	unsigned char md[EVP_MAX_MD_SIZE];	unsigned int mdLen = EVP_MAX_MD_SIZE;	int i;	unsigned char h[8] = {0,0,0,0,0,0,0,0};	uint64_t value;	HMAC_CTX mac_ctx;	HMAC_CTX_init(&mac_ctx);	HMAC_Init_ex( &mac_ctx, key, cur_salt->keySize, EVP_sha1(), 0 );	HMAC_Init_ex( &mac_ctx, 0, 0, 0, 0 );	HMAC_Update( &mac_ctx, data, dataLen );	if(chainedIV)	{	  // toss in the chained IV as well		uint64_t tmp = *chainedIV;		unsigned char h[8];		for(i=0; i<8; ++i) {			h[i] = tmp & 0xff;			tmp >>= 8;		}		HMAC_Update( &mac_ctx, h, 8 );	}	HMAC_Final( &mac_ctx, md, &mdLen );	HMAC_CTX_cleanup(&mac_ctx);	// chop this down to a 64bit value..	for(i=0; i < (mdLen - 1); ++i)		h[i%8] ^= (unsigned char)(md[i]);	value = (uint64_t)h[0];	for(i=1; i<8; ++i)		value = (value << 8) | (uint64_t)h[i];	return value;}

void hmac_sha1( uint8_t* key, int32_t key_length,                const uint8_t* data_chunks[],                uint32_t data_chunck_length[],                uint8_t* mac, int32_t* mac_length ) {    HMAC_CTX ctx;    HMAC_CTX_init( &ctx );    HMAC_Init_ex( &ctx, key, key_length, EVP_sha1(), NULL );    while ( *data_chunks ) {        HMAC_Update( &ctx, *data_chunks, *data_chunck_length );        data_chunks ++;        data_chunck_length ++;    }    HMAC_Final( &ctx, mac, reinterpret_cast<uint32_t*>(mac_length) );    HMAC_CTX_cleanup( &ctx );}

intrfc6287_ocra(const ocra_suite * ocra, const char *suite_string,    const uint8_t *key, size_t key_l, uint64_t C, const char *Q,    const uint8_t *P, size_t P_l, const uint8_t *S, size_t S_l,    uint64_t T, char **resp){	int ret;	uint8_t qbuf[128];	uint8_t CBE[8];	uint8_t TBE[8];	uint8_t *md = NULL;	unsigned int md_l = 20;	int suite_l = strlen(suite_string) + 1;	int flags = ocra->flags;	HMAC_CTX *ctx;	if ((0 != (ret = check_di_params(ocra, key_l, Q, P_l, S_l, T))) ||	    (0 != (ret = format_questions(ocra, qbuf, Q))))		return ret;	if (flags & FL_C)		st64be(CBE, C);	if (flags & FL_T)		st64be(TBE, T);	if (0 != (ret = hmac_new(&ctx)))		return ret;	if (NULL == (md = (uint8_t *)malloc(mdlen(ocra->hotp_alg))))		return RFC6287_ERR_POSIX;	if ((1 != HMAC_Init_ex(ctx, key, key_l, evp_md(ocra->hotp_alg), NULL)) ||	    (1 !=	    HMAC_Update(ctx, (const uint8_t *)suite_string, suite_l)) ||	    ((flags & FL_C) && (1 != HMAC_Update(ctx, CBE, 8))) ||	    (1 != HMAC_Update(ctx, qbuf, 128)) ||	    ((flags & FL_P) && (1 != HMAC_Update(ctx, P, P_l))) ||	    ((flags & FL_S) && (1 != HMAC_Update(ctx, S, S_l))) ||	    ((flags & FL_T) && (1 != HMAC_Update(ctx, TBE, 8))) ||	    (NULL == (md = (uint8_t *)malloc(mdlen(ocra->hotp_alg)))) ||	    (1 != HMAC_Final(ctx, md, &md_l)) ||	    (md_l != mdlen(ocra->hotp_alg))) {		hmac_destroy(ctx);		free(md);		return RFC6287_ERR_OPENSSL;	}	hmac_destroy(ctx);	if (ocra->hotp_trunc) {		ret = truncate_md(md, md_l, ocra->hotp_trunc, resp);		free(md);	} else {		*resp = (char *)md;		ret = 0;	}	return ret;}

JNIEXPORT int JNICALL Java_com_facebook_crypto_mac_NativeMac_nativeUpdate__B(  JNIEnv* env,  jobject obj,  jbyte data) {  HMAC_CTX* ctx = Get_HMAC_CTX(env, obj);  if (!ctx) {    return CRYPTO_FAILURE;  }  if (!HMAC_Update(ctx, (unsigned char*)&data, sizeof(jbyte))) {    return CRYPTO_FAILURE;  }  return CRYPTO_SUCCESS;}

unsigned char *HMAC2(//fixed to SHA256: EVP_MD *evp_md,                    unsigned char *key, int key_len,                    unsigned char *d, int n,                    unsigned char *md)                    //always 64, unsigned int *md_len)	{	HMAC_CTX c;	//static unsigned char m[EVP_MAX_MD_SIZE];	static unsigned char m[2*SHA256_DIGEST_LENGTH];	if (md == NULL) md=m;	//first round        HMAC_Init(&c, key, key_len);	HMAC_Update(&c,d,n);	HMAC_Final(&c,md);	//second round        HMAC_Init(&c, NULL, key_len); //only performs memcpy	HMAC_Update(&c,d,n);	HMAC_Final(&c,md+SHA256_DIGEST_LENGTH);	HMAC_cleanup(&c);	return(md);	}

unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,		    const unsigned char *d, size_t n, unsigned char *md,		    unsigned int *md_len)	{	HMAC_CTX c;	static unsigned char m[EVP_MAX_MD_SIZE];	if (md == NULL) md=m;	HMAC_CTX_init(&c);	HMAC_Init(&c,key,key_len,evp_md);	HMAC_Update(&c,d,n);	HMAC_Final(&c,md,md_len);	HMAC_CTX_cleanup(&c);	return(md);	}

void *HMAC(const EVP_MD *md,     const void *key, size_t key_size,     const void *data, size_t data_size,     void *hash, unsigned int *hash_len){    HMAC_CTX ctx;    HMAC_CTX_init(&ctx);    HMAC_Init_ex(&ctx, key, key_size, md, NULL);    HMAC_Update(&ctx, data, data_size);    HMAC_Final(&ctx, hash, hash_len);    HMAC_CTX_cleanup(&ctx);    return hash;}

inthmac_update(mac_ctx_t *mctx, uchar_t *data, uint64_t len){	int cksum = mctx->mac_cksum;	if (cksum == CKSUM_SKEIN256 || cksum == CKSUM_SKEIN512) {		Skein_512_Update(mctx->mac_ctx, data, len);	} else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) {		if (cksum_provider == PROVIDER_OPENSSL) {			if (HMAC_Update(mctx->mac_ctx, data, len) == 0)				return (-1);		} else {			opt_HMAC_SHA256_Update(mctx->mac_ctx, data, len);		}	} else if (cksum == CKSUM_SHA512) {		if (HMAC_Update(mctx->mac_ctx, data, len) == 0)			return (-1);	} else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) {		// Keccak takes data length in bits so we have to scale		while (len > KECCAK_MAX_SEG) {			uint64_t blen;			blen = KECCAK_MAX_SEG;			if (Keccak_Update(mctx->mac_ctx, data, blen << 3) != 0)				return (-1);			len -= KECCAK_MAX_SEG;		}		if (Keccak_Update(mctx->mac_ctx, data, len << 3) != 0)			return (-1);	} else {		return (-1);	}	return (0);}

int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt){	int i, padlen;	const int blksize = 16;	unsigned int hmac_len = 20;	int crypt_len;	HMAC_CTX hmac_ctx;	/* This gets much more fun if the IV is variable-length */	pkt->esp.spi = vpninfo->esp_out.spi;	pkt->esp.seq = htonl(vpninfo->esp_out.seq++);	if (!RAND_bytes((void *)&pkt->esp.iv, sizeof(pkt->esp.iv))) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to generate random IV for ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EIO;	}	padlen = blksize - 1 - ((pkt->len + 1) % blksize);	for (i=0; i<padlen; i++)		pkt->data[pkt->len + i] = i + 1;	pkt->data[pkt->len + padlen] = padlen;	pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */		if (!EVP_EncryptInit_ex(&vpninfo->esp_out.cipher, NULL, NULL, NULL,				pkt->esp.iv)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to set up encryption context for ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	crypt_len = pkt->len + padlen + 2;	if (!EVP_EncryptUpdate(&vpninfo->esp_out.cipher, pkt->data, &crypt_len,			       pkt->data, crypt_len)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to encrypt ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	HMAC_CTX_copy(&hmac_ctx, &vpninfo->esp_out.hmac);	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + crypt_len);	HMAC_Final(&hmac_ctx, pkt->data + crypt_len, &hmac_len);	HMAC_CTX_cleanup(&hmac_ctx);	return sizeof(pkt->esp) + crypt_len + 12;}

/* Generate a MAC */int PKCS12_gen_mac (PKCS12 * p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen){    const EVP_MD *md_type;    HMAC_CTX hmac;    unsigned char key[EVP_MAX_MD_SIZE], *salt;    int saltlen, iter;    int md_size;    if (!PKCS7_type_is_data (p12->authsafes))    {        PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);        return 0;    }    salt = p12->mac->salt->data;    saltlen = p12->mac->salt->length;    if (!p12->mac->iter)        iter = 1;    else        iter = ASN1_INTEGER_get (p12->mac->iter);    if (!(md_type = EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm)))    {        PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);        return 0;    }    md_size = EVP_MD_size (md_type);    if (md_size < 0)        return 0;    if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, md_size, key, md_type))    {        PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);        return 0;    }    HMAC_CTX_init (&hmac);    if (!HMAC_Init_ex (&hmac, key, md_size, md_type, NULL)        || !HMAC_Update (&hmac, p12->authsafes->d.data->data,                         p12->authsafes->d.data->length) || !HMAC_Final (&hmac, mac, maclen))    {        HMAC_CTX_cleanup (&hmac);        return 0;    }    HMAC_CTX_cleanup (&hmac);    return 1;}

 int __openssl_HMACsha256(HMAC_CTX* ctx, const void* data, int data_size, void* digest, unsigned int* digest_size)  {     int ret = ERROR_SUCCESS;          if (HMAC_Update(ctx, (unsigned char *) data, data_size) < 0) {         ret = ERROR_OpenSslSha256Update;         return ret;     }      if (HMAC_Final(ctx, (unsigned char *) digest, digest_size) < 0) {         ret = ERROR_OpenSslSha256Final;         return ret;     }          return ret; }

void aes_sha_combo(void* ctx, void* plaintext, void* ciphertext, int size, void* tag){uint8_t iv[16];AES_KEY* key = ctx;HMAC_CTX hctx;unsigned int rlen = 20;	HMAC_CTX_init(&hctx);	HMAC_Init_ex(&hctx, iv, 16, EVP_sha1(), NULL);	HMAC_Update(&hctx, plaintext, size);	HMAC_Final(&hctx, tag, &rlen);	HMAC_CTX_cleanup(&hctx);	AES_cbc_encrypt(plaintext, ciphertext, size, key, iv, 1);}

int getHMACSHA256(char *msg, unsigned char* md_value, int len, unsigned char key[], int keylen){	HMAC_CTX mdctx;	int md_len;	const EVP_MD *md;		OpenSSL_add_all_digests();	md = EVP_get_digestbyname("sha256");	HMAC_CTX_init(&mdctx);	HMAC_Init_ex(&mdctx,key,keylen,md,NULL);	HMAC_Update(&mdctx, msg, len);	HMAC_Final(&mdctx, md_value, &md_len);	HMAC_CTX_cleanup(&mdctx);	return md_len;}

int32_t mz_crypt_hmac_update(void *handle, const void *buf, int32_t size){    mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;    int32_t result = 0;    if (hmac == NULL || buf == NULL)        return MZ_PARAM_ERROR;    result = HMAC_Update(hmac->ctx, buf, size);    if (!result)    {        hmac->error = ERR_get_error();        return MZ_HASH_ERROR;    }    return MZ_OK;}

int compute_keys(UNUSED REQUEST *request, pwd_session_t *session, uint8_t *peer_confirm, uint8_t *msk, uint8_t *emsk){	HMAC_CTX	*hmac_ctx;	uint8_t		mk[SHA256_DIGEST_LENGTH], *cruft;	uint8_t		session_id[SHA256_DIGEST_LENGTH + 1];	uint8_t		msk_emsk[128];		/* 64 each */	int	 	offset;	MEM(cruft = talloc_array(session, uint8_t, BN_num_bytes(session->prime)));	MEM(hmac_ctx = HMAC_CTX_new());	/*	 * first compute the session-id = TypeCode | H(ciphersuite | scal_p |	 *	scal_s)	 */	session_id[0] = FR_EAP_METHOD_PWD;	HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);	HMAC_Update(hmac_ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));	offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar);	memset(cruft, 0, BN_num_bytes(session->prime));	BN_bn2bin(session->peer_scalar, cruft + offset);	HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order));	offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar);	memset(cruft, 0, BN_num_bytes(session->prime));	BN_bn2bin(session->my_scalar, cruft + offset);	HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order));	pwd_hmac_final(hmac_ctx, (uint8_t *)&session_id[1]);	/* then compute MK = H(k | commit-peer | commit-server) */	HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);	memset(cruft, 0, BN_num_bytes(session->prime));	offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k);	BN_bn2bin(session->k, cruft + offset);	HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->prime));	HMAC_Update(hmac_ctx, peer_confirm, SHA256_DIGEST_LENGTH);	HMAC_Update(hmac_ctx, session->my_confirm, SHA256_DIGEST_LENGTH);	pwd_hmac_final(hmac_ctx, mk);	/* stretch the mk with the session-id to get MSK | EMSK */	eap_pwd_kdf(mk, SHA256_DIGEST_LENGTH, (char const *)session_id,		    SHA256_DIGEST_LENGTH + 1, msk_emsk, 1024);  /* it's bits, ((64 + 64) * 8) */	memcpy(msk, msk_emsk, 64);	memcpy(emsk, msk_emsk + 64, 64);	HMAC_CTX_free(hmac_ctx);	talloc_free(cruft);	return 0;}

static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen){    FILE *f = NULL;    int rv = -1;    unsigned char rbuf[READ_BUFFER_LENGTH];    size_t len;    unsigned int hlen;    HMAC_CTX c;    HMAC_CTX_init(&c);    f = fopen(path, "r");    if (f == NULL) {        goto end;    }    HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256());    while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {        HMAC_Update(&c, rbuf, len);    }    len = sizeof(rbuf);    /* reuse rbuf for hmac */    HMAC_Final(&c, rbuf, &hlen);    *buf = malloc(hlen);    if (*buf == NULL) {        goto end;    }    *hmaclen = hlen;    memcpy(*buf, rbuf, hlen);    rv = 0;end:    HMAC_CTX_cleanup(&c);    if (f)        fclose(f);    return rv;}

void hmac_sha256(uint8_t* key, uint32_t key_length,                 uint8_t* data_chunks[],                 uint32_t data_chunck_length[],                 uint8_t* mac, uint32_t* mac_length ){    unsigned int tmp;    HMAC_CTX ctx;    HMAC_CTX_init( &ctx );    HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );    while( *data_chunks ){      HMAC_Update( &ctx, *data_chunks, *data_chunck_length );      data_chunks ++;      data_chunck_length ++;    }    HMAC_Final( &ctx, mac, &tmp);    *mac_length = tmp;    HMAC_CTX_cleanup( &ctx );}

//------------------------------------------------------------------------------// helper function to hash with HMAC algorithm:static std::vector<unsigned char> hmac_sha512(const std::vector<unsigned char>& data, 	    const std::vector<unsigned char>& key){      unsigned int len = EVP_MAX_MD_SIZE;   std::vector<unsigned char> digest(len);   HMAC_CTX ctx;   HMAC_CTX_init(&ctx);   HMAC_Init_ex(&ctx, key.data(), key.size(), EVP_sha512(), NULL);   HMAC_Update(&ctx, data.data(), data.size());   HMAC_Final(&ctx, digest.data(), &len);      HMAC_CTX_cleanup(&ctx);      return digest;}

/*---------------------------------------------------------------------- * Name    : HmacSha256Hash * Purpose : * Input   : none * Output  : none *---------------------------------------------------------------------*/int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key){	HMAC_CTX hctx;	HMAC_CTX_init(&hctx);	HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL);	/*	 * FIXME: why we need this? NULL means to use whatever there is?	 * if removed, result is different	 */	HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);	HMAC_Update(&hctx, data, len);	HMAC_Final(&hctx, hash, NULL);	HMAC_CTX_cleanup(&hctx);	return 0;}

static void dohmac(void)    {    HMAC_CTX ctx;    unsigned char hmac_value[EVP_MAX_MD_SIZE];    unsigned int hmac_len, i;    char key[16] = "etaonrishdlcupfm";    unsigned char buf[256];    /* Generate digest of input stream */     HMAC_Init(&ctx, key, sizeof(key), EVP_sha1());    memcpy(buf, "abcdefghijklmnopqrstuvwxyz", 26);    HMAC_Update(&ctx, buf, 26);    HMAC_Final(&ctx, hmac_value, &hmac_len);    HMAC_cleanup(&ctx);        for(i = 0; i < hmac_len; i++) fprintf(stderr, "%02x", hmac_value[i]);    fprintf(stderr, "/n");    return;}

static int openssl_hmac(lua_State *L){    if (lua_istable(L, 1))    {        if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))        {            lua_pop(L, 1);            lua_remove(L, 1);        }        else            luaL_error(L, "call function with invalid state");    }    {        const EVP_MD *type = get_digest(L, 1);        size_t len;        const char *dat = luaL_checklstring(L, 2, &len);        size_t l;        const char *k = luaL_checklstring(L, 3, &l);        int raw = (lua_isnoneornil(L, 4)) ? 0 : lua_toboolean(L, 4);        ENGINE* e = lua_isnoneornil(L, 5) ? NULL : CHECK_OBJECT(5, ENGINE, "openssl.engine");        unsigned char digest[EVP_MAX_MD_SIZE];        HMAC_CTX *c = HMAC_CTX_new();        HMAC_Init_ex(c, k, (int)l, type, e);        HMAC_Update(c, (unsigned char *)dat, len);        len = EVP_MAX_MD_SIZE;        HMAC_Final(c, digest, (unsigned int*)&len);        HMAC_CTX_free(c);        if (raw)            lua_pushlstring(L, (char *)digest, len);        else        {            char hex[2 * EVP_MAX_MD_SIZE + 1];            to_hex((const char*)digest, len, hex);            lua_pushstring(L, hex);        }    }    return 1;}

/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt){	unsigned char hmac_buf[20];	unsigned int hmac_len = sizeof(hmac_buf);	int crypt_len = pkt->len;	HMAC_CTX hmac_ctx;	HMAC_CTX_copy(&hmac_ctx, &esp->hmac);	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + pkt->len);	HMAC_Final(&hmac_ctx, hmac_buf, &hmac_len);	HMAC_CTX_cleanup(&hmac_ctx);	if (memcmp(hmac_buf, pkt->data + pkt->len, 12)) {		vpn_progress(vpninfo, PRG_DEBUG,			     _("Received ESP packet with invalid HMAC/n"));		return -EINVAL;	}	/* Why in $DEITY's name would you ever *not* set this? Perhaps we	 * should do th check anyway, but only warn instead of discarding	 * the packet? */	if (vpninfo->esp_replay_protect &&	    verify_packet_seqno(vpninfo, esp, ntohl(pkt->esp.seq)))		return -EINVAL;	if (!EVP_DecryptInit_ex(&esp->cipher, NULL, NULL, NULL,				pkt->esp.iv)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to set up decryption context for ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	if (!EVP_DecryptUpdate(&esp->cipher, pkt->data, &crypt_len,			       pkt->data, pkt->len)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to decrypt ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	return 0;}