osfmk/corecrypto/cchmac/src/cchmac_init.c

   1 /*
   2  *  cchmac_init.c
   3  *  corecrypto
   4  *
   5  *  Created on 12/07/2010
   6  *
   7  *  Copyright (c) 2010,2011,2015 Apple Inc. All rights reserved.
   8  *
   9  *
  10  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  11  *
  12  * This file contains Original Code and/or Modifications of Original Code
  13  * as defined in and that are subject to the Apple Public Source License
  14  * Version 2.0 (the 'License'). You may not use this file except in
  15  * compliance with the License. The rights granted to you under the License
  16  * may not be used to create, or enable the creation or redistribution of,
  17  * unlawful or unlicensed copies of an Apple operating system, or to
  18  * circumvent, violate, or enable the circumvention or violation of, any
  19  * terms of an Apple operating system software license agreement.
  20  *
  21  * Please obtain a copy of the License at
  22  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  23  *
  24  * The Original Code and all software distributed under the License are
  25  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  26  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  27  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  28  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  29  * Please see the License for the specific language governing rights and
  30  * limitations under the License.
  31  *
  32  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  33  */
  34
  35 #include <corecrypto/ccdigest_priv.h>
  36 #include <corecrypto/cchmac.h>
  37 #include <corecrypto/ccn.h>
  38 #include <corecrypto/cc_priv.h>
  39
  40 /* The HMAC_<DIG> transform looks like:
  41  *  <DIG> (K XOR opad || <DIG> (K XOR ipad || text))
  42  *  Where K is a n byte key
  43  *  ipad is the byte 0x36 repeated 64 times.
  44  *  opad is the byte 0x5c repeated 64 times.
  45  *  text is the data being protected.
  46  */
  47 void
  48 cchmac_init(const struct ccdigest_info *di, cchmac_ctx_t hc,
  49     size_t key_len, const void *key_data)
  50 {
  51         const unsigned char *key = key_data;
  52
  53         /* Set cchmac_data(di, hc) to key ^ opad. */
  54         size_t byte = 0;
  55         if (key_len <= di->block_size) {
  56                 for (; byte < key_len; ++byte) {
  57                         cchmac_data(di, hc)[byte] = key[byte] ^ 0x5c;
  58                 }
  59         } else {
  60                 /* Key is longer than di->block size, reset it to key=digest(key) */
  61                 ccdigest_init(di, cchmac_digest_ctx(di, hc));
  62                 ccdigest_update(di, cchmac_digest_ctx(di, hc), key_len, key);
  63                 ccdigest_final(di, cchmac_digest_ctx(di, hc), cchmac_data(di, hc));
  64                 key_len = di->output_size;
  65                 for (; byte < key_len; ++byte) {
  66                         cchmac_data(di, hc)[byte] ^= 0x5c;
  67                 }
  68         }
  69         /* Fill remainder of cchmac_data(di, hc) with opad. */
  70         if (key_len < di->block_size) {
  71                 cc_memset(cchmac_data(di, hc) + key_len, 0x5c, di->block_size - key_len);
  72         }
  73
  74         /* Set cchmac_ostate32(di, hc) to the state of the first round of the
  75          *  outer digest. */
  76         ccdigest_copy_state(di, cchmac_ostate32(di, hc), di->initial_state);
  77         di->compress(cchmac_ostate(di, hc), 1, cchmac_data(di, hc));
  78
  79         /* Set cchmac_data(di, hc) to key ^ ipad. */
  80         for (byte = 0; byte < di->block_size; ++byte) {
  81                 cchmac_data(di, hc)[byte] ^= (0x5c ^ 0x36);
  82         }
  83         ccdigest_copy_state(di, cchmac_istate32(di, hc), di->initial_state);
  84         di->compress(cchmac_istate(di, hc), 1, cchmac_data(di, hc));
  85         cchmac_num(di, hc) = 0;
  86         cchmac_nbits(di, hc) = di->block_size * 8;
  87 }