diff options
| author | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
|---|---|---|
| committer | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
| commit | 554fd8c5195424bdbcabf5de30fdc183aba391bd (patch) | |
| tree | 976dc5ab7fddf506dadce60ae936f43f58787092 /libgo/go/crypto/block/cmac.go | |
| download | cbb-gcc-4.6.4-15d2061ac0796199866debe9ac87130894b0cdd3.tar.bz2 cbb-gcc-4.6.4-15d2061ac0796199866debe9ac87130894b0cdd3.tar.xz | |
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig;
imported gcc-4.6.4 source tree from verified upstream tarball.
downloading a git-generated archive based on the 'upstream' tag
should provide you with a source tree that is binary identical
to the one extracted from the above tarball.
if you have obtained the source via the command 'git clone',
however, do note that line-endings of files in your working
directory might differ from line-endings of the respective
files in the upstream repository.
Diffstat (limited to 'libgo/go/crypto/block/cmac.go')
| -rw-r--r-- | libgo/go/crypto/block/cmac.go | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/libgo/go/crypto/block/cmac.go b/libgo/go/crypto/block/cmac.go new file mode 100644 index 000000000..b85cde72e --- /dev/null +++ b/libgo/go/crypto/block/cmac.go @@ -0,0 +1,105 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// CMAC message authentication code, defined in +// NIST Special Publication SP 800-38B. + +package block + +import ( + "hash" + "os" +) + +const ( + // minimal irreducible polynomial of degree b + r64 = 0x1b + r128 = 0x87 +) + +type cmac struct { + k1, k2, ci, digest []byte + p int // position in ci + c Cipher +} + +// TODO(rsc): Should this return an error instead of panic? + +// NewCMAC returns a new instance of a CMAC message authentication code +// digest using the given Cipher. +func NewCMAC(c Cipher) hash.Hash { + var r byte + n := c.BlockSize() + switch n { + case 64 / 8: + r = r64 + case 128 / 8: + r = r128 + default: + panic("crypto/block: NewCMAC: invalid cipher block size") + } + + d := new(cmac) + d.c = c + d.k1 = make([]byte, n) + d.k2 = make([]byte, n) + d.ci = make([]byte, n) + d.digest = make([]byte, n) + + // Subkey generation, p. 7 + c.Encrypt(d.k1, d.k1) + if shift1(d.k1, d.k1) != 0 { + d.k1[n-1] ^= r + } + if shift1(d.k2, d.k1) != 0 { + d.k2[n-1] ^= r + } + + return d +} + +// Reset clears the digest state, starting a new digest. +func (d *cmac) Reset() { + for i := range d.ci { + d.ci[i] = 0 + } + d.p = 0 +} + +// Write adds the given data to the digest state. +func (d *cmac) Write(p []byte) (n int, err os.Error) { + // Xor input into ci. + for _, c := range p { + // If ci is full, encrypt and start over. + if d.p >= len(d.ci) { + d.c.Encrypt(d.ci, d.ci) + d.p = 0 + } + d.ci[d.p] ^= c + d.p++ + } + return len(p), nil +} + +// Sum returns the CMAC digest, one cipher block in length, +// of the data written with Write. +func (d *cmac) Sum() []byte { + // Finish last block, mix in key, encrypt. + // Don't edit ci, in case caller wants + // to keep digesting after call to Sum. + k := d.k1 + if d.p < len(d.digest) { + k = d.k2 + } + for i := 0; i < len(d.ci); i++ { + d.digest[i] = d.ci[i] ^ k[i] + } + if d.p < len(d.digest) { + d.digest[d.p] ^= 0x80 + } + d.c.Encrypt(d.digest, d.digest) + return d.digest +} + +func (d *cmac) Size() int { return len(d.digest) } |