From a4cf88d728b34db7d7a88ca06b9245be5cf2b89a Mon Sep 17 00:00:00 2001
From: Gregor Pintar <grpintar@gmail.com>
Date: Wed, 24 Jul 2013 10:16:04 +0200
Subject: [PATCH] hmac corrected, pbkdf2 optimized, ...

---
 lib/mac.c       |  2 --
 lib/mac/hmac.c  | 35 ++++++++++++++++++++++------------
 lib/pbkdf2.c    | 50 +++++++++++++++++++++----------------------------
 test.sh         |  7 ++++++-
 test/mac/hmac.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 108 insertions(+), 44 deletions(-)
 create mode 100644 test/mac/hmac.c

diff --git a/lib/mac.c b/lib/mac.c
index 9cb9cb6..5bde566 100644
--- a/lib/mac.c
+++ b/lib/mac.c
@@ -38,7 +38,6 @@ kripto_mac *kripto_mac_create
 
 	assert(key);
 	assert(key_len);
-	//assert(key_len <= kripto_mac_max_key(desc));
 
 	return desc->create(f, r, key, key_len, out_len);
 }
@@ -59,7 +58,6 @@ kripto_mac *kripto_mac_recreate
 
 	assert(key);
 	assert(key_len);
-	//assert(key_len <= kripto_mac_max_key(desc));
 
 	return s->desc->recreate(s, f, r, key, key_len, out_len);
 }
diff --git a/lib/mac/hmac.c b/lib/mac/hmac.c
index ec56c3e..4912b03 100644
--- a/lib/mac/hmac.c
+++ b/lib/mac/hmac.c
@@ -28,6 +28,8 @@ struct kripto_mac
 	kripto_mac_desc *desc;
 	kripto_hash *hash;
 	size_t size;
+	unsigned int r;
+	unsigned int blocksize;
 	uint8_t *key;
 };
 
@@ -35,25 +37,27 @@ static int hmac_init
 (
 	kripto_mac *s,
 	kripto_hash_desc *hash,
-	const unsigned int r,
 	const void *key,
-	const unsigned int key_len
+	const unsigned int key_len,
+	const unsigned int out_len
 )
 {
 	unsigned int i;
 
-	if(key_len > kripto_hash_blocksize(hash))
+	s->blocksize = kripto_hash_blocksize(hash);
+
+	if(key_len > s->blocksize)
 	{
 		if(kripto_hash_all(
 			hash,
-			r,
+			s->r,
 			key,
 			key_len,
 			s->key,
-			kripto_hash_blocksize(hash))
+			out_len)
 		) return -1;
 
-		i = kripto_hash_blocksize(hash);
+		i = out_len;
 	}
 	else
 	{
@@ -61,9 +65,9 @@ static int hmac_init
 		i = key_len;
 	}
 
-	memset(s->key, 0, kripto_hash_blocksize(hash) - i);
+	memset(s->key + i, 0, s->blocksize - i);
 
-	for(i = 0; i < kripto_hash_blocksize(hash); i++)
+	for(i = 0; i < s->blocksize; i++)
 		s->key[i] ^= 0x36;
 
 	kripto_hash_input(s->hash, s->key, i);
@@ -97,6 +101,7 @@ static kripto_mac *hmac_create
 
 	s->desc = kripto_mac_hmac;
 	s->size = sizeof(kripto_mac) + kripto_hash_blocksize(hash);
+	s->r = r;
 	s->hash = kripto_hash_create(hash, out_len, r);
 	if(!s->hash)
 	{
@@ -104,7 +109,7 @@ static kripto_mac *hmac_create
 		return 0;
 	}
 
-	if(hmac_init(s, hash, r, key, key_len))
+	if(hmac_init(s, hash, key, key_len, out_len))
 	{
 		hmac_destroy(s);
 		return 0;
@@ -143,7 +148,8 @@ static kripto_mac *hmac_recreate
 			}
 		}
 
-		if(hmac_init(s, hash, r, key, key_len))
+		s->r = r;
+		if(hmac_init(s, hash, key, key_len, out_len))
 		{
 			hmac_destroy(s);
 			return 0;
@@ -162,17 +168,22 @@ static void hmac_finish(kripto_mac *s, void *out, const size_t len)
 {
 	unsigned int i;
 
-	for(i = 0; i < kripto_hash_blocksize(kripto_hash_get_desc(s->hash)); i++)
+	for(i = 0; i < s->blocksize; i++)
 		s->key[i] ^= 0x6A; /* 0x5C ^ 0x36 */
 
+	kripto_hash_finish(s->hash);
+	kripto_hash_output(s->hash, out, len);
+
+	kripto_hash_recreate(s->hash, len, s->r);
 	kripto_hash_input(s->hash, s->key, i);
+	kripto_hash_input(s->hash, out, len);
 	kripto_hash_finish(s->hash);
 	kripto_hash_output(s->hash, out, len);
 }
 
 static unsigned int hmac_max_output(const void *hash)
 {
-	return kripto_hash_max_output(kripto_hash_get_desc(hash));
+	return kripto_hash_max_output(hash);
 }
 
 static const struct kripto_mac_desc hmac =
diff --git a/lib/pbkdf2.c b/lib/pbkdf2.c
index ab8acdc..d3307a5 100644
--- a/lib/pbkdf2.c
+++ b/lib/pbkdf2.c
@@ -39,17 +39,18 @@ int kripto_pbkdf2
 	unsigned int i;
 	unsigned int x;
 	unsigned int y;
-	uint8_t ctr[4] = {0, 0, 0, 1};
-	uint8_t *buf[2];
+	uint8_t ctr[4] = {0, 0, 0, 0};
+	uint8_t *buf0;
+	uint8_t *buf1;
 	kripto_mac *mac;
 
 	x = kripto_mac_max_output(mac_desc, f);
 	if(out_len < x) x = out_len;
 
-	buf[0] = malloc(x << 1);
-	if(!buf[0]) return -1;
+	buf0 = malloc(x << 1);
+	if(!buf0) return -1;
 
-	buf[1] = buf[0] + x;
+	buf1 = buf0 + x;
 
 	mac = kripto_mac_create(mac_desc, f, r, pass, pass_len, x);
 	if(!mac) goto err;
@@ -63,34 +64,26 @@ int kripto_pbkdf2
 
 		kripto_mac_update(mac, ctr, 4);
 
-		kripto_mac_finish(mac, buf[0], x);
+		kripto_mac_finish(mac, buf0, x);
 
-		memcpy(buf[1], buf[0], x);
+		memcpy(buf1, buf0, x);
 
 		for(i = 1; i < iter; i++)
 		{
-			if(kripto_mac_all
-			(
-				mac_desc,
-				f,
-				r,
-				pass,
-				pass_len,
-				buf[0],
-				x,
-				buf[0],
-				x
-			))
-				goto err1;
+			mac = kripto_mac_recreate(mac, f, r, pass, pass_len, x);
+			if(!mac) goto err;
+
+			kripto_mac_update(mac, buf0, x);
+			kripto_mac_finish(mac, buf0, x);
 
 			for(y = 0; y < x; y++)
-				buf[1][y] ^= buf[0][y];
+				buf1[y] ^= buf0[y];
 		}
 
 		/* output */
 		for(y = 0; y < x && out_len; y++, out_len--)
 		{
-			*U8(out) = buf[1][y];
+			*U8(out) = buf1[y];
 			PTR_INC(out, 1);
 		}
 
@@ -99,17 +92,16 @@ int kripto_pbkdf2
 	}
 
 	kripto_mac_destroy(mac);
-	kripto_memwipe(buf[0], x << 1);
-	free(buf[0]);
+	kripto_memwipe(buf0, x);
+	kripto_memwipe(buf1, x);
+	free(buf0);
 
 	return 0;
 
-err1:
-	kripto_mac_destroy(mac);
-
 err:
-	kripto_memwipe(buf[0], x << 1);
-	free(buf[0]);
+	kripto_memwipe(buf0, x);
+	kripto_memwipe(buf1, x);
+	free(buf0);
 
 	return -1;
 }
diff --git a/test.sh b/test.sh
index f538775..6737549 100755
--- a/test.sh
+++ b/test.sh
@@ -2,10 +2,15 @@
 
 CFLAGS="libkripto.a -std=c99 -pedantic -Wall -Wextra -Wstrict-prototypes -Wmissing-prototypes -Wcast-qual -Wbad-function-cast -Wshadow -I include/ -D_ANSI_SOURCE -D_ISOC99_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $CFLAGS"
 
+#cc test/mac/hmac.c $CFLAGS -o t
+#./t
 
-cc test/block/rijndael256.c $CFLAGS -o t
+cc test/pbkdf2.c $CFLAGS -o t
 ./t
 
+#cc test/block/rijndael256.c $CFLAGS -o t
+#./t
+
 #cc test/block/xtea.c $CFLAGS -o t
 #./t
 
diff --git a/test/mac/hmac.c b/test/mac/hmac.c
new file mode 100644
index 0000000..42458fc
--- /dev/null
+++ b/test/mac/hmac.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2013 Gregor Pintar <grpintar@gmail.com>
+ *
+ * Permission is granted to deal in this work without any restriction,
+ * including unlimited rights to use, publicly perform, publish,
+ * reproduce, relicence, modify, merge, and/or distribute in any form,
+ * for any purpose, with or without fee, and by any means.
+ *
+ * This work is provided "AS IS" and WITHOUT WARRANTY of any kind,
+ * to the utmost extent permitted by applicable law. In no event
+ * shall a licensor, author or contributor be held liable for any
+ * issues arising in any way out of dealing in the work.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <kripto/mac.h>
+#include <kripto/mac/hmac.h>
+#include <kripto/hash/sha1.h>
+#include <kripto/hash/sha2_256.h>
+
+int main(void)
+{
+	uint8_t hash[32];
+	unsigned int i;
+
+	/* SHA1 */
+	puts("de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9");
+	kripto_mac_all(
+		kripto_mac_hmac,
+		kripto_hash_sha1,
+		0,
+		"key", 3,
+		"The quick brown fox jumps over the lazy dog", 43,
+		hash, 20
+	);
+
+	for(i = 0; i < 20; i++) printf("%.2x", hash[i]);
+	putchar('\n');
+
+	/* SHA2_256 */
+	puts("f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8");
+	kripto_mac_all(
+		kripto_mac_hmac,
+		kripto_hash_sha2_256,
+		0,
+		"key", 3,
+		"The quick brown fox jumps over the lazy dog", 43,
+		hash, 32
+	);
+
+	for(i = 0; i < 32; i++) printf("%.2x", hash[i]);
+	putchar('\n');
+
+	return 0;
+}
-- 
2.11.4.GIT