- added ability to append data
authorMartin Willi <martin@strongswan.org>
Tue, 22 Nov 2005 12:00:46 +0000 (12:00 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 22 Nov 2005 12:00:46 +0000 (12:00 -0000)
Source/charon/transforms/hmac.c
Source/charon/transforms/hmac.h

index 1f078eb..809c7f8 100644 (file)
@@ -68,20 +68,37 @@ struct private_hmac_s {
  */
 static status_t get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
 {
-       /* H(K XOR opad, H(K XOR ipad, text)) */
+       /* H(K XOR opad, H(K XOR ipad, text)) 
+        * 
+        * if out is NULL, we append text to the inner hash.
+        * else, we complete the inner and do the outer.
+        * 
+        */
+       
        u_int8_t buffer[this->h->get_block_size(this->h)];
        chunk_t inner;
-       inner.ptr = buffer;
-       inner.len = this->h->get_block_size(this->h);
-       
-       /* inner */
-       this->h->get_hash(this->h, this->ipaded_key, NULL);
-       this->h->get_hash(this->h, data, buffer);
-       
-       /* outer */
-       this->h->get_hash(this->h, this->opaded_key, NULL);
-       this->h->get_hash(this->h, inner, out);
        
+       if (out == NULL)
+       {
+               /* append data to inner */
+               this->h->get_hash(this->h, data, NULL);
+       }
+       else
+       {
+               /* append and do outer hash */
+               inner.ptr = buffer;
+               inner.len = this->h->get_block_size(this->h);
+               
+               /* complete inner */
+               this->h->get_hash(this->h, data, buffer);
+               
+               /* do outer */
+               this->h->get_hash(this->h, this->opaded_key, NULL);
+               this->h->get_hash(this->h, inner, out);
+               
+               /* reinit for next call */
+               this->h->get_hash(this->h, this->ipaded_key, NULL);
+       }
        return SUCCESS;
 }
 
@@ -91,13 +108,21 @@ static status_t get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
 static status_t allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out)
 {
        /* allocate space and use get_mac */
-       out->len = this->h->get_block_size(this->h);
-       out->ptr = allocator_alloc(out->len);
-       if (out->ptr == NULL)
+       if (out == NULL)
        {
-               return OUT_OF_RES;      
+               /* append mode */
+               this->public.get_mac(&(this->public), data, NULL);
+       }
+       else
+       {
+               out->len = this->h->get_block_size(this->h);
+               out->ptr = allocator_alloc(out->len);
+               if (out->ptr == NULL)
+               {
+                       return OUT_OF_RES;      
+               }
+               this->public.get_mac(&(this->public), data, out->ptr);
        }
-       this->public.get_mac(&(this->public), data, out->ptr);
        return SUCCESS;
 }
        
@@ -137,6 +162,10 @@ static status_t set_key(private_hmac_t *this, chunk_t key)
                this->opaded_key.ptr[i] = buffer[i] ^ 0x5C;
        }
        
+       /* begin hashing if inner pad */
+       this->h->reset(this->h);
+       this->h->get_hash(this->h, this->ipaded_key, NULL);
+       
        return SUCCESS;;
 }
 
index 14cec68..25b59d0 100644 (file)
@@ -37,6 +37,11 @@ struct hmac_s {
        /**
         * @brief Generate message authentication code.
         * 
+        * If buffer is NULL, no result is given back. A next call will
+        * append the data to already supplied. If buffer is not NULL, 
+        * the mac of all apended data is calculated, returned and the
+        * state of the hmac_t reset;
+        * 
         * @param this                  calling hmac
         * @param data                  chunk of data to authenticate
         * @param [out]buffer   pointer where the generated bytes will be written
@@ -49,6 +54,11 @@ struct hmac_s {
         * @brief Generates message authentication code and 
         * allocate space for them.
         * 
+        * If chunk is NULL, no result is given back. A next call will
+        * append the data to already supplied. If chunk is not NULL, 
+        * the mac of all apended data is calculated, returned and the
+        * state of the hmac_t reset;
+        * 
         * @param this                  calling hmac
         * @param data                  chunk of data to authenticate
         * @param [out]chunk    chunk which will hold generated bytes