1 /*
2 * cchmac_init.c
3 * corecrypto
4 *
5 * Created on 12/07/2010
6 *
7 * Copyright (c) 2010,2011,2015 Apple Inc. All rights reserved.
8 *
9 *
10 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
11 *
12 * This file contains Original Code and/or Modifications of Original Code
13 * as defined in and that are subject to the Apple Public Source License
14 * Version 2.0 (the 'License'). You may not use this file except in
15 * compliance with the License. The rights granted to you under the License
16 * may not be used to create, or enable the creation or redistribution of,
17 * unlawful or unlicensed copies of an Apple operating system, or to
18 * circumvent, violate, or enable the circumvention or violation of, any
19 * terms of an Apple operating system software license agreement.
20 *
21 * Please obtain a copy of the License at
22 * http://www.opensource.apple.com/apsl/ and read it before using this file.
23 *
24 * The Original Code and all software distributed under the License are
25 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
26 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
27 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
28 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
29 * Please see the License for the specific language governing rights and
30 * limitations under the License.
31 *
32 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
33 */
34
35 #include <corecrypto/ccdigest_priv.h>
36 #include <corecrypto/cchmac.h>
37 #include <corecrypto/ccn.h>
38 #include <corecrypto/cc_priv.h>
39
40 /* The HMAC_<DIG> transform looks like:
41 * <DIG> (K XOR opad || <DIG> (K XOR ipad || text))
42 * Where K is a n byte key
43 * ipad is the byte 0x36 repeated 64 times.
44 * opad is the byte 0x5c repeated 64 times.
45 * text is the data being protected.
46 */
47 void
cchmac_init(const struct ccdigest_info * di,cchmac_ctx_t hc,size_t key_len,const void * key_data)48 cchmac_init(const struct ccdigest_info *di, cchmac_ctx_t hc,
49 size_t key_len, const void *key_data)
50 {
51 const unsigned char *key = key_data;
52
53 /* Set cchmac_data(di, hc) to key ^ opad. */
54 size_t byte = 0;
55 if (key_len <= di->block_size) {
56 for (; byte < key_len; ++byte) {
57 cchmac_data(di, hc)[byte] = key[byte] ^ 0x5c;
58 }
59 } else {
60 /* Key is longer than di->block size, reset it to key=digest(key) */
61 ccdigest_init(di, cchmac_digest_ctx(di, hc));
62 ccdigest_update(di, cchmac_digest_ctx(di, hc), key_len, key);
63 ccdigest_final(di, cchmac_digest_ctx(di, hc), cchmac_data(di, hc));
64 key_len = di->output_size;
65 for (; byte < key_len; ++byte) {
66 cchmac_data(di, hc)[byte] ^= 0x5c;
67 }
68 }
69 /* Fill remainder of cchmac_data(di, hc) with opad. */
70 if (key_len < di->block_size) {
71 cc_memset(cchmac_data(di, hc) + key_len, 0x5c, di->block_size - key_len);
72 }
73
74 /* Set cchmac_ostate32(di, hc) to the state of the first round of the
75 * outer digest. */
76 ccdigest_copy_state(di, cchmac_ostate32(di, hc), di->initial_state);
77 di->compress(cchmac_ostate(di, hc), 1, cchmac_data(di, hc));
78
79 /* Set cchmac_data(di, hc) to key ^ ipad. */
80 for (byte = 0; byte < di->block_size; ++byte) {
81 cchmac_data(di, hc)[byte] ^= (0x5c ^ 0x36);
82 }
83 ccdigest_copy_state(di, cchmac_istate32(di, hc), di->initial_state);
84 di->compress(cchmac_istate(di, hc), 1, cchmac_data(di, hc));
85 cchmac_num(di, hc) = 0;
86 cchmac_nbits(di, hc) = di->block_size * 8;
87 }
88