]> git.saurik.com Git - apple/security.git/blob - libsecurity_cryptkit/lib/HmacSha1Legacy.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55471.tar.gz
[apple/security.git] / libsecurity_cryptkit / lib / HmacSha1Legacy.c
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 File: HmacSha1Legacy.c
21 Contains: HMAC/SHA1, bug-for-bug compatible with BSAFE 4.0.
22 Copyright: (C) 2001 by Apple Computer, Inc., all rights reserved
23 Written by: Doug Mitchell
24 */
25
26 #include "ckconfig.h"
27
28 #if CRYPTKIT_HMAC_LEGACY
29
30 #include "HmacSha1Legacy.h"
31 #include "ckSHA1.h"
32 #include <string.h>
33 #include <stdlib.h>
34 #include <Security/SecBase.h>
35 #define kHMACSHA1DigestSize 20
36
37 /* XXX These should really be in ckSHA1.h */
38 #define kSHA1DigestSize 20
39 #define kSHA1BlockSize 64
40
41 /*
42 * bug-for-bug compatible with BSAFE 4.0. See
43 * BSafe/bsource/algs/ahchhmac.c.
44 *
45 * This implementation, and the BSAFE implementation it emulates, work fine
46 * when calculating a MAC in a single update (init, update, final). They
47 * generate nonconforming MACs when performing multiple updates because
48 * the entire algorithm - both inner and outer digests - are performed
49 * in the update() step. As a result, if one e.g. calculates a MAC of
50 * a block of text with one update, and then calculates the MAC over the
51 * same block of text via two updates, different results will obtain.ÊThe
52 * incorrect result from the multiple-update scenario is repeatable if and
53 * only if the same boundaries (same update sizes) are observed on each operation.
54 *
55 * Because all of the data to be MAC'd is in fact protected by both levels of
56 * SHA1, and all of the key bits are used, this nonconforming implementation is
57 * believed to be as strong, cryptographically, as a conforming SHA1HMAC
58 * implementation.
59 */
60 struct hmacLegacyContext {
61 sha1Obj sha1Context;
62 UInt8 k_ipad[kSHA1BlockSize];
63 UInt8 k_opad[kSHA1BlockSize];
64 };
65
66 hmacLegacyContextRef hmacLegacyAlloc(void)
67 {
68 hmacLegacyContextRef hmac =
69 (hmacLegacyContextRef)malloc(sizeof(struct hmacLegacyContext));
70 memset(hmac, 0, sizeof(struct hmacLegacyContext));
71 return hmac;
72 }
73
74 void hmacLegacyFree(
75 hmacLegacyContextRef hmac)
76 {
77 if(hmac != NULL) {
78 if(hmac->sha1Context != NULL) {
79 sha1Free (hmac->sha1Context);
80 }
81 memset(hmac, 0, sizeof(struct hmacLegacyContext));
82 free(hmac);
83 }
84 }
85
86 /* reusable init */
87 OSStatus hmacLegacyInit(
88 hmacLegacyContextRef hmac,
89 const void *keyPtr,
90 UInt32 keyLen)
91 {
92 UInt8 *key;
93 UInt32 byte;
94
95 if(hmac->sha1Context == NULL) {
96 hmac->sha1Context = sha1Alloc();
97 if(hmac->sha1Context == NULL) {
98 return errSecAllocate;
99 }
100 }
101 else {
102 sha1Reinit(hmac->sha1Context);
103 }
104 /* this implementation requires a 20-byte key */
105 if (keyLen != kSHA1DigestSize) {
106 /* FIXME */
107 return errSecParam;
108 }
109 key = (UInt8*)keyPtr;
110
111 /* The HMAC_SHA_1 transform looks like:
112 SHA1 (K XOR opad || SHA1 (K XOR ipad || text))
113 Where K is a n byte key
114 ipad is the byte 0x36 repeated 64 times.
115 opad is the byte 0x5c repeated 64 times.
116 text is the data being protected.
117 */
118 /* Copy the key into k_ipad and k_opad while doing the XOR. */
119 for (byte = 0; byte < keyLen; byte++)
120 {
121 hmac->k_ipad[byte] = key[byte] ^ 0x36;
122 hmac->k_opad[byte] = key[byte] ^ 0x5c;
123 }
124
125 /* Fill the remainder of k_ipad and k_opad with 0 XORed with
126 * appropriate value. */
127 memset (hmac->k_ipad + keyLen, 0x36, kSHA1BlockSize - keyLen);
128 memset (hmac->k_opad + keyLen, 0x5c, kSHA1BlockSize - keyLen);
129
130 /* remainder happens in update */
131 return errSecSuccess;
132 }
133
134 OSStatus hmacLegacyUpdate(
135 hmacLegacyContextRef hmac,
136 const void *textPtr,
137 UInt32 textLen)
138 {
139 UInt8 innerDigest[kSHA1DigestSize];
140
141 /* compute SHA1(k_ipad || data) ==> innerDigest */
142 sha1AddData (hmac->sha1Context, hmac->k_ipad, kSHA1BlockSize);
143 sha1AddData (hmac->sha1Context, (UInt8*)textPtr, textLen);
144 memcpy (innerDigest, sha1Digest(hmac->sha1Context), kSHA1DigestSize);
145
146 /* reset context (BSAFE does this implicitly in a final() call) */
147 sha1Reinit(hmac->sha1Context);
148
149 /* compute SHA1(k_opad || innerDigest) */
150 sha1AddData (hmac->sha1Context, hmac->k_opad, kSHA1BlockSize);
151 sha1AddData (hmac->sha1Context, innerDigest, kSHA1DigestSize);
152
153 /* if there is another update coming, it gets added in to existing
154 * context; if the next step is a final, the current digest state is used. */
155 return errSecSuccess;
156 }
157
158 OSStatus hmacLegacyFinal(
159 hmacLegacyContextRef hmac,
160 void *resultPtr) // caller mallocs, must be HMACSHA1_OUT_SIZE bytes
161 {
162 memcpy (resultPtr, sha1Digest (hmac->sha1Context), kSHA1DigestSize);
163 return errSecSuccess;
164 }
165
166 #endif /* CRYPTKIT_HMAC_LEGACY */
mirror of Security