release/src/router/libsodium/src/libsodium/crypto_auth/hmacsha256/ref/hmac_hmacsha256.c

   1 /*
   2  * 20080913
   3  * D. J. Bernstein
   4  * Public domain.
   5  * */
   6
   7 #include "api.h"
   8 #include "crypto_hashblocks_sha256.h"
   9
  10 #define blocks crypto_hashblocks_sha256
  11
  12 typedef unsigned int uint32;
  13
  14 static const char iv[32] = {
  15   0x6a,0x09,0xe6,0x67,
  16   0xbb,0x67,0xae,0x85,
  17   0x3c,0x6e,0xf3,0x72,
  18   0xa5,0x4f,0xf5,0x3a,
  19   0x51,0x0e,0x52,0x7f,
  20   0x9b,0x05,0x68,0x8c,
  21   0x1f,0x83,0xd9,0xab,
  22   0x5b,0xe0,0xcd,0x19,
  23 } ;
  24
  25 int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
  26 {
  27   unsigned char h[32];
  28   unsigned char padded[128];
  29   unsigned long long i;
  30   unsigned long long bits = 512 + (inlen << 3);
  31
  32   for (i = 0;i < 32;++i) h[i] = iv[i];
  33
  34   for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
  35   for (i = 32;i < 64;++i) padded[i] = 0x36;
  36
  37   blocks(h,padded,64);
  38   blocks(h,in,inlen);
  39   in += inlen;
  40   inlen &= 63;
  41   in -= inlen;
  42
  43   for (i = 0;i < inlen;++i) padded[i] = in[i];
  44   padded[inlen] = 0x80;
  45
  46   if (inlen < 56) {
  47     for (i = inlen + 1;i < 56;++i) padded[i] = 0;
  48     padded[56] = bits >> 56;
  49     padded[57] = bits >> 48;
  50     padded[58] = bits >> 40;
  51     padded[59] = bits >> 32;
  52     padded[60] = bits >> 24;
  53     padded[61] = bits >> 16;
  54     padded[62] = bits >> 8;
  55     padded[63] = bits;
  56     blocks(h,padded,64);
  57   } else {
  58     for (i = inlen + 1;i < 120;++i) padded[i] = 0;
  59     padded[120] = bits >> 56;
  60     padded[121] = bits >> 48;
  61     padded[122] = bits >> 40;
  62     padded[123] = bits >> 32;
  63     padded[124] = bits >> 24;
  64     padded[125] = bits >> 16;
  65     padded[126] = bits >> 8;
  66     padded[127] = bits;
  67     blocks(h,padded,128);
  68   }
  69
  70   for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
  71   for (i = 32;i < 64;++i) padded[i] = 0x5c;
  72   for (i = 0;i < 32;++i) padded[64 + i] = h[i];
  73
  74   for (i = 0;i < 32;++i) out[i] = iv[i];
  75
  76   for (i = 32;i < 64;++i) padded[64 + i] = 0;
  77   padded[64 + 32] = 0x80;
  78   padded[64 + 62] = 3;
  79
  80   blocks(out,padded,128);
  81
  82   return 0;
  83 }