Make Rules.mk more compatible with merges and local diffs.
[BearSSL] / src / mac / hmac.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include "inner.h"
26
27 static inline size_t
28 block_size(const br_hash_class *dig)
29 {
30 unsigned ls;
31
32 ls = (unsigned)(dig->desc >> BR_HASHDESC_LBLEN_OFF)
33 & BR_HASHDESC_LBLEN_MASK;
34 return (size_t)1 << ls;
35 }
36
37 static void
38 process_key(const br_hash_class **hc, void *ks,
39 const void *key, size_t key_len, unsigned bb)
40 {
41 unsigned char tmp[256];
42 size_t blen, u;
43
44 blen = block_size(*hc);
45 memcpy(tmp, key, key_len);
46 for (u = 0; u < key_len; u ++) {
47 tmp[u] ^= (unsigned char)bb;
48 }
49 memset(tmp + key_len, bb, blen - key_len);
50 (*hc)->init(hc);
51 (*hc)->update(hc, tmp, blen);
52 (*hc)->state(hc, ks);
53 }
54
55 /* see bearssl.h */
56 void
57 br_hmac_key_init(br_hmac_key_context *kc,
58 const br_hash_class *dig, const void *key, size_t key_len)
59 {
60 br_hash_compat_context hc;
61 unsigned char kbuf[64];
62
63 kc->dig_vtable = dig;
64 hc.vtable = dig;
65 if (key_len > block_size(dig)) {
66 dig->init(&hc.vtable);
67 dig->update(&hc.vtable, key, key_len);
68 dig->out(&hc.vtable, kbuf);
69 key = kbuf;
70 key_len = br_digest_size(dig);
71 }
72 process_key(&hc.vtable, kc->ksi, key, key_len, 0x36);
73 process_key(&hc.vtable, kc->kso, key, key_len, 0x5C);
74 }
75
76 /* see bearssl.h */
77 void
78 br_hmac_init(br_hmac_context *ctx,
79 const br_hmac_key_context *kc, size_t out_len)
80 {
81 const br_hash_class *dig;
82 size_t blen, hlen;
83
84 dig = kc->dig_vtable;
85 blen = block_size(dig);
86 dig->init(&ctx->dig.vtable);
87 dig->set_state(&ctx->dig.vtable, kc->ksi, (uint64_t)blen);
88 memcpy(ctx->kso, kc->kso, sizeof kc->kso);
89 hlen = br_digest_size(dig);
90 if (out_len > 0 && out_len < hlen) {
91 hlen = out_len;
92 }
93 ctx->out_len = hlen;
94 }
95
96 /* see bearssl.h */
97 void
98 br_hmac_update(br_hmac_context *ctx, const void *data, size_t len)
99 {
100 ctx->dig.vtable->update(&ctx->dig.vtable, data, len);
101 }
102
103 /* see bearssl.h */
104 size_t
105 br_hmac_out(const br_hmac_context *ctx, void *out)
106 {
107 const br_hash_class *dig;
108 br_hash_compat_context hc;
109 unsigned char tmp[64];
110 size_t blen, hlen;
111
112 dig = ctx->dig.vtable;
113 dig->out(&ctx->dig.vtable, tmp);
114 blen = block_size(dig);
115 dig->init(&hc.vtable);
116 dig->set_state(&hc.vtable, ctx->kso, (uint64_t)blen);
117 hlen = br_digest_size(dig);
118 dig->update(&hc.vtable, tmp, hlen);
119 dig->out(&hc.vtable, tmp);
120 memcpy(out, tmp, ctx->out_len);
121 return ctx->out_len;
122 }