release/src/router/libsodium/src/libsodium/crypto_auth/hmacsha512256/ref/hmac_hmacsha512256.c

   1 /*
   2  * 20080913
   3  * D. J. Bernstein
   4  * Public domain.
   5  * */
   6
   7 #include "api.h"
   8 #include "crypto_hashblocks_sha512.h"
   9
  10 #define blocks crypto_hashblocks_sha512
  11
  12 typedef unsigned long long uint64;
  13
  14 static const unsigned char iv[64] = {
  15   0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
  16   0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
  17   0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
  18   0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
  19   0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
  20   0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
  21   0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
  22   0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
  23 } ;
  24
  25 int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
  26 {
  27   unsigned char h[64];
  28   unsigned char padded[256];
  29   unsigned long long i;
  30   unsigned long long bytes = 128 + inlen;
  31
  32   for (i = 0;i < 64;++i) h[i] = iv[i];
  33
  34   for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
  35   for (i = 32;i < 128;++i) padded[i] = 0x36;
  36
  37   blocks(h,padded,128);
  38   blocks(h,in,inlen);
  39   in += inlen;
  40   inlen &= 127;
  41   in -= inlen;
  42
  43   for (i = 0;i < inlen;++i) padded[i] = in[i];
  44   padded[inlen] = 0x80;
  45
  46   if (inlen < 112) {
  47     for (i = inlen + 1;i < 119;++i) padded[i] = 0;
  48     padded[119] = bytes >> 61;
  49     padded[120] = bytes >> 53;
  50     padded[121] = bytes >> 45;
  51     padded[122] = bytes >> 37;
  52     padded[123] = bytes >> 29;
  53     padded[124] = bytes >> 21;
  54     padded[125] = bytes >> 13;
  55     padded[126] = bytes >> 5;
  56     padded[127] = bytes << 3;
  57     blocks(h,padded,128);
  58   } else {
  59     for (i = inlen + 1;i < 247;++i) padded[i] = 0;
  60     padded[247] = bytes >> 61;
  61     padded[248] = bytes >> 53;
  62     padded[249] = bytes >> 45;
  63     padded[250] = bytes >> 37;
  64     padded[251] = bytes >> 29;
  65     padded[252] = bytes >> 21;
  66     padded[253] = bytes >> 13;
  67     padded[254] = bytes >> 5;
  68     padded[255] = bytes << 3;
  69     blocks(h,padded,256);
  70   }
  71
  72   for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
  73   for (i = 32;i < 128;++i) padded[i] = 0x5c;
  74
  75   for (i = 0;i < 64;++i) padded[128 + i] = h[i];
  76   for (i = 0;i < 64;++i) h[i] = iv[i];
  77
  78   for (i = 64;i < 128;++i) padded[128 + i] = 0;
  79   padded[128 + 64] = 0x80;
  80   padded[128 + 126] = 6;
  81
  82   blocks(h,padded,256);
  83   for (i = 0;i < 32;++i) out[i] = h[i];
  84
  85   return 0;
  86 }