1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
/*-
* Copyright 2005,2007,2009 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include "api.h"
#include "crypto_auth_hmacsha256.h"
#include "crypto_hash_sha256.h"
#include "utils.h"
#include <sys/types.h>
#include <stdint.h>
#include <string.h>
int
crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
const unsigned char *key,
size_t keylen)
{
unsigned char pad[64];
unsigned char khash[32];
size_t i;
if (keylen > 64) {
crypto_hash_sha256_init(&state->ictx);
crypto_hash_sha256_update(&state->ictx, key, keylen);
crypto_hash_sha256_final(&state->ictx, khash);
key = khash;
keylen = 32;
}
crypto_hash_sha256_init(&state->ictx);
memset(pad, 0x36, 64);
for (i = 0; i < keylen; i++) {
pad[i] ^= key[i];
}
crypto_hash_sha256_update(&state->ictx, pad, 64);
crypto_hash_sha256_init(&state->octx);
memset(pad, 0x5c, 64);
for (i = 0; i < keylen; i++) {
pad[i] ^= key[i];
}
crypto_hash_sha256_update(&state->octx, pad, 64);
sodium_memzero((void *) khash, sizeof khash);
return 0;
}
int
crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
const unsigned char *in,
unsigned long long inlen)
{
crypto_hash_sha256_update(&state->ictx, in, inlen);
return 0;
}
int
crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
unsigned char *out)
{
unsigned char ihash[32];
crypto_hash_sha256_final(&state->ictx, ihash);
crypto_hash_sha256_update(&state->octx, ihash, 32);
crypto_hash_sha256_final(&state->octx, out);
sodium_memzero((void *) ihash, sizeof ihash);
return 0;
}
int
crypto_auth(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
crypto_auth_hmacsha256_state state;
crypto_auth_hmacsha256_init(&state, k, crypto_auth_KEYBYTES);
crypto_auth_hmacsha256_update(&state, in, inlen);
crypto_auth_hmacsha256_final(&state, out);
return 0;
}
|