osfmk/corecrypto/cchmac/src/cchmac_init.c

   1 /*
   2  *  cchmac_init.c
   3  *  corecrypto
   4  *
   5  *  Created on 12/07/2010
   6  *
   7  *  Copyright (c) 2010,2011,2015 Apple Inc. All rights reserved.
   8  *
   9  *
  10  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  11  *
  12  * This file contains Original Code and/or Modifications of Original Code
  13  * as defined in and that are subject to the Apple Public Source License
  14  * Version 2.0 (the 'License'). You may not use this file except in
  15  * compliance with the License. The rights granted to you under the License
  16  * may not be used to create, or enable the creation or redistribution of,
  17  * unlawful or unlicensed copies of an Apple operating system, or to
  18  * circumvent, violate, or enable the circumvention or violation of, any
  19  * terms of an Apple operating system software license agreement.
  20  *
  21  * Please obtain a copy of the License at
  22  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  23  *
  24  * The Original Code and all software distributed under the License are
  25  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  26  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  27  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  28  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  29  * Please see the License for the specific language governing rights and
  30  * limitations under the License.
  31  *
  32  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  33  */
  34
  35 #include <corecrypto/cchmac.h>
  36 #include <corecrypto/ccn.h>
  37 #include <corecrypto/cc_priv.h>
  38
  39 /* The HMAC_<DIG> transform looks like:
  40  *  <DIG> (K XOR opad || <DIG> (K XOR ipad || text))
  41  *  Where K is a n byte key
  42  *  ipad is the byte 0x36 repeated 64 times.
  43  *  opad is the byte 0x5c repeated 64 times.
  44  *  text is the data being protected.
  45  */
  46 void
  47 cchmac_init(const struct ccdigest_info *di, cchmac_ctx_t hc,
  48     size_t key_len, const void *key_data)
  49 {
  50         const unsigned char *key = key_data;
  51
  52         /* Set cchmac_data(di, hc) to key ^ opad. */
  53         size_t byte = 0;
  54         if (key_len <= di->block_size) {
  55                 for (; byte < key_len; ++byte) {
  56                         cchmac_data(di, hc)[byte] = key[byte] ^ 0x5c;
  57                 }
  58         } else {
  59                 /* Key is longer than di->block size, reset it to key=digest(key) */
  60                 ccdigest_init(di, cchmac_digest_ctx(di, hc));
  61                 ccdigest_update(di, cchmac_digest_ctx(di, hc), key_len, key);
  62                 ccdigest_final(di, cchmac_digest_ctx(di, hc), cchmac_data(di, hc));
  63                 key_len = di->output_size;
  64                 for (; byte < key_len; ++byte) {
  65                         cchmac_data(di, hc)[byte] ^= 0x5c;
  66                 }
  67         }
  68         /* Fill remainder of cchmac_data(di, hc) with opad. */
  69         if (key_len < di->block_size) {
  70                 CC_MEMSET(cchmac_data(di, hc) + key_len, 0x5c, di->block_size - key_len);
  71         }
  72
  73         /* Set cchmac_ostate32(di, hc) to the state of the first round of the
  74          *  outer digest. */
  75         ccdigest_copy_state(di, cchmac_ostate32(di, hc), di->initial_state);
  76         di->compress(cchmac_ostate(di, hc), 1, cchmac_data(di, hc));
  77
  78         /* Set cchmac_data(di, hc) to key ^ ipad. */
  79         for (byte = 0; byte < di->block_size; ++byte) {
  80                 cchmac_data(di, hc)[byte] ^= (0x5c ^ 0x36);
  81         }
  82         ccdigest_copy_state(di, cchmac_istate32(di, hc), di->initial_state);
  83         di->compress(cchmac_istate(di, hc), 1, cchmac_data(di, hc));
  84         cchmac_num(di, hc) = 0;
  85         cchmac_nbits(di, hc) = di->block_size * 8;
  86 }