/* -*-c-*-
*
- * $Id: hmac-def.h,v 1.3 2000/07/02 18:27:42 mdw Exp $
+ * $Id: hmac-def.h,v 1.8 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for HMAC and NMAC
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: hmac-def.h,v $
- * Revision 1.3 2000/07/02 18:27:42 mdw
- * (ghash->ops->done): Interface change. Passing in a null buffer pointer
- * uses a buffer internal to the ghash object. The operation returns the
- * address of the buffer it used. Clients of generic hashes no longer need
- * to use dynamically allocated memory for hash results.
- *
- * Revision 1.2 2000/06/17 11:23:44 mdw
- * Use secure arena for memory allocation. Minor changes in the generic
- * hash interface.
- *
- * Revision 1.1 1999/12/10 23:16:40 mdw
- * Split mode macros into interface and implementation.
- *
- */
-
#ifndef CATACOMB_HMAC_DEF_H
#define CATACOMB_HMAC_DEF_H
\
/* --- Useful constants --- */ \
\
-const octet pre##_mackeysz[] = { KSZ_ANY, PRE##_HASHSZ }; \
+const octet pre##_hmackeysz[] = { KSZ_ANY, PRE##_STATESZ }; \
+const octet pre##_sslmackeysz[] = { KSZ_ANY, PRE##_STATESZ }; \
+const octet pre##_nmackeysz[] = { KSZ_SET, 2 * PRE##_STATESZ, 0 }; \
\
/* --- @pre_nmacinit@ --- * \
* \
\
void pre##_nmacinit(pre##_mackey *key, const void *ok, const void *ik) \
{ \
- memcpy(key->ochain, ok, PRE##_HASHSZ); \
- memcpy(key->ichain, ik, PRE##_HASHSZ); \
+ memcpy(key->ochain, ok, PRE##_STATESZ); \
+ memcpy(key->ichain, ik, PRE##_STATESZ); \
key->ocount = key->icount = 0; \
} \
\
BURN(ctx); \
} \
\
+/* --- @pre_sslmacinit@ --- * \
+ * \
+ * Arguments: @pre_mackey *key@ = pointer to MAC key object \
+ * @const void *k@ = pointer to key to use \
+ * @size_t sz@ = size of key data \
+ * \
+ * Returns: --- \
+ * \
+ * Use: Initializes a MAC key for doing hasing using the SSL3 \
+ * variant of HMAC. \
+ */ \
+ \
+void pre##_sslmacinit(pre##_mackey *key, const void *k, size_t sz) \
+{ \
+ const octet *kbuf = k; \
+ pre##_ctx ctx; \
+ octet buf[PRE##_HASHSZ]; \
+ \
+ if (sz > PRE##_BUFSZ) { \
+ pre##_init(&ctx); \
+ pre##_hash(&ctx, k, sz); \
+ pre##_done(&ctx, buf); \
+ kbuf = buf; \
+ sz = PRE##_HASHSZ; \
+ } \
+ \
+ pre##_init(&ctx); \
+ memcpy(ctx.buf, kbuf, sz); \
+ memset(ctx.buf + sz, 0x5c, PRE##_BUFSZ - sz); \
+ pre##_compress(&ctx, ctx.buf); \
+ pre##_state(&ctx, key->ochain); \
+ \
+ pre##_init(&ctx); \
+ memcpy(ctx.buf, kbuf, sz); \
+ memset(ctx.buf + sz, 0x36, PRE##_BUFSZ - sz); \
+ pre##_compress(&ctx, ctx.buf); \
+ pre##_state(&ctx, key->ichain); \
+ \
+ key->ocount = key->icount = PRE##_BUFSZ; \
+ BURN(ctx); \
+} \
+ \
/* --- @pre_macinit@ --- * \
* \
* Arguments: @pre_macctx *ctx@ = pointer to MAC context block \
\
void pre##_macinit(pre##_macctx *ctx, const pre##_mackey *key) \
{ \
- memcpy(ctx->chain, key->ochain, PRE##_HASHSZ); \
+ memcpy(ctx->chain, key->ochain, PRE##_STATESZ); \
ctx->count = key->ocount; \
pre##_set(&ctx->ctx, key->ichain, key->icount); \
} \
/* --- Generic MAC interface --- */ \
\
static const gmac_ops gkops; \
-static const ghash_ops gops; \
+static const ghash_ops gops, gnops, gsslops; \
\
typedef struct gkctx { \
gmac m; \
+ const ghash_ops *gops; \
pre##_mackey k; \
} gkctx; \
\
{ \
gkctx *gk = (gkctx *)m; \
gctx *g = S_CREATE(gctx); \
- g->h.ops = &gops; \
+ g->h.ops = gk->gops; \
pre##_macinit(&g->c, &gk->k); \
return (&g->h); \
} \
{ \
gkctx *gk = S_CREATE(gkctx); \
gk->m.ops = &gkops; \
+ gk->gops = &gops; \
pre##_hmacinit(&gk->k, k, sz); \
return (&gk->m); \
} \
\
+static gmac *gnkey(const void *k, size_t sz) \
+{ \
+ gkctx *gk = S_CREATE(gkctx); \
+ const octet *kk = k; \
+ assert(keysz(sz, pre##_nmackeysz) == sz); \
+ gk->m.ops = &gkops; \
+ gk->gops = &gnops; \
+ pre##_nmacinit(&gk->k, kk, kk + PRE##_STATESZ); \
+ return (&gk->m); \
+} \
+ \
+static gmac *gsslkey(const void *k, size_t sz) \
+{ \
+ gkctx *gk = S_CREATE(gkctx); \
+ gk->m.ops = &gkops; \
+ gk->gops = &gsslops; \
+ pre##_sslmacinit(&gk->k, k, sz); \
+ return (&gk->m); \
+} \
+ \
static void ghhash(ghash *h, const void *p, size_t sz) \
{ \
gctx *g = (gctx *)h; \
return (buf); \
} \
\
+static ghash *ghcopy(ghash *h) \
+{ \
+ gctx *g = (gctx *)h; \
+ gctx *gg = S_CREATE(gctx); \
+ memcpy(gg, g, sizeof(gctx)); \
+ return (&gg->h); \
+} \
+ \
static void ghdestroy(ghash *h) \
{ \
gctx *g = (gctx *)h; \
return (0); \
} \
\
+const gcmac pre##_nmac = \
+ { #pre "-nmac", PRE##_HASHSZ, pre##_nmackeysz, gnkey }; \
const gcmac pre##_hmac = \
- { #pre "-hmac", PRE##_HASHSZ, pre##_mackeysz, gkey }; \
+ { #pre "-hmac", PRE##_HASHSZ, pre##_hmackeysz, gkey }; \
+const gcmac pre##_sslmac = \
+ { #pre "-sslmac", PRE##_HASHSZ, pre##_sslmackeysz, gsslkey }; \
static const gmac_ops gkops = { &pre##_hmac, gkinit, gkdestroy }; \
+static const gmac_ops gnkops = { &pre##_nmac, gkinit, gkdestroy }; \
+static const gmac_ops gsslkops = { &pre##_sslmac, gkinit, gkdestroy }; \
static const gchash gch = { #pre "-hmac", PRE##_HASHSZ, ghinit }; \
static const ghash_ops gops = \
- { &gch, ghhash, ghdone, ghdestroy }; \
+ { &gch, ghhash, ghdone, ghdestroy, ghcopy }; \
+static const gchash gnch = { #pre "-nmac", PRE##_HASHSZ, ghinit }; \
+static const ghash_ops gnops = \
+ { &gch, ghhash, ghdone, ghdestroy, ghcopy }; \
+static const gchash gsslch = { #pre "-sslmac", PRE##_HASHSZ, ghinit }; \
+static const ghash_ops gsslops = \
+ { &gch, ghhash, ghdone, ghdestroy, ghcopy }; \
\
HMAC_TEST(PRE, pre)