lib/libc/include/any-macos-any/CommonCrypto/CommonHMAC.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

/*
 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
    @header     CommonHMAC.h
    @abstract   Keyed Message Authentication Code (HMAC) functions.
 */

#ifndef _CC_COMMON_HMAC_H_
#define _CC_COMMON_HMAC_H_

#include <CommonCrypto/CommonDigest.h>
#include <sys/types.h>

#ifdef __cplusplus
extern "C" {
#endif

/*!
    @enum       CCHmacAlgorithm
    @abstract   Algorithms implemented in this module.

    @constant   kCCHmacAlgSHA1        HMAC with SHA1 digest
    @constant   kCCHmacAlgMD5          HMAC with MD5 digest
    @constant   kCCHmacAlgSHA256    HMAC with SHA256 digest
    @constant   kCCHmacAlgSHA384    HMAC with SHA384 digest
    @constant   kCCHmacAlgSHA512    HMAC with SHA512 digest
    @constant   kCCHmacAlgSHA224    HMAC with SHA224 digest
 */
enum {
    kCCHmacAlgSHA1,
    kCCHmacAlgMD5,
    kCCHmacAlgSHA256,
    kCCHmacAlgSHA384,
    kCCHmacAlgSHA512,
    kCCHmacAlgSHA224
};
typedef uint32_t CCHmacAlgorithm;

/*!
    @typedef    CCHmacContext
    @abstract   HMAC context.
 */
#define CC_HMAC_CONTEXT_SIZE    96
typedef struct {
    uint32_t            ctx[CC_HMAC_CONTEXT_SIZE];
} CCHmacContext;

/*!
    @function   CCHmacInit
    @abstract   Initialize an CCHmacContext with provided raw key bytes.

    @param      ctx         An HMAC context.
    @param      algorithm   HMAC algorithm to perform.
    @param      key         Raw key bytes.
    @param      keyLength   Length of raw key bytes; can be any
                            length including zero.
 */
void CCHmacInit(
    CCHmacContext *ctx,
    CCHmacAlgorithm algorithm,
    const void *key,
    size_t keyLength)
    API_AVAILABLE(macos(10.4), ios(2.0));


/*!
    @function   CCHmacUpdate
    @abstract   Process some data.

    @param      ctx         An HMAC context.
    @param      data        Data to process.
    @param      dataLength  Length of data to process, in bytes.

    @discussion This can be called multiple times.
 */
void CCHmacUpdate(
    CCHmacContext *ctx,
    const void *data,
    size_t dataLength)
    API_AVAILABLE(macos(10.4), ios(2.0));


/*!
    @function   CCHmacFinal
    @abstract   Obtain the final Message Authentication Code.

    @param      ctx         An HMAC context.
    @param      macOut      Destination of MAC; allocated by caller.

    @discussion The length of the MAC written to *macOut is the same as
                the digest length associated with the HMAC algorithm:

                kCCHmacAlgSHA1 : CC_SHA1_DIGEST_LENGTH
                kCCHmacAlgSHA256  : CC_SHA256_DIGEST_LENGTH
 
                The MAC must be verified by comparing the computed and expected values
                using timingsafe_bcmp. Other comparison functions (e.g. memcmp)
                must not be used as they may be vulnerable to practical timing attacks,
                leading to MAC forgery.
 */
void CCHmacFinal(
    CCHmacContext *ctx,
    void *macOut)
    API_AVAILABLE(macos(10.4), ios(2.0));

/*!
     @function   CCHmac
     @abstract   Stateless, one-shot HMAC function
     
     @param      algorithm   HMAC algorithm to perform.
     @param      key         Raw key bytes.
     @param      keyLength   Length of raw key bytes; can be any
     length including zero.
     @param      data        Data to process.
     @param      dataLength  Length of data to process, in bytes.
     @param      macOut      Destination of MAC; allocated by caller.
     
     @discussion The length of the MAC written to *macOut is the same as the digest length associated with the HMAC algorithm:
                  kCCHmacAlgSHA1 : CC_SHA1_DIGEST_LENGTH
                  kCCHmacAlgSHA256  : CC_SHA256_DIGEST_LENGTH
     
                 The MAC must be verified by comparing the computed and expected values
                 using timingsafe_bcmp. Other comparison functions (e.g. memcmp)
                 must not be used as they may be vulnerable to practical timing attacks,
                 leading to MAC forgery.
*/
    
void CCHmac(
    CCHmacAlgorithm algorithm,  /* kCCHmacAlgSHA256, kCCHmacAlgSHA1 */
    const void *key,
    size_t keyLength,           /* length of key in bytes */
    const void *data,
    size_t dataLength,          /* length of data in bytes */
    void *macOut)               /* MAC written here */
    API_AVAILABLE(macos(10.4), ios(2.0));

#ifdef __cplusplus
}
#endif

#endif  /* _CC_COMMON_HMAC_H_ */