Hash-Based Message Authentication Code

/* Complete Steps 1-4 of Generating Random Numbers */ /* Generate KEY_SIZE bytes of random data for the key. */ if ((status = B_GenerateRandomBytes

(randomAlgorithm, keyData, KEY_SIZE, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

keyDataItem.data = keyData; keyDataItem.len = key_Size; /* Set the key object */

if ((status = B_SetKeyInfo (HMACKey, KI_Item, (pointer) & keyDataItem)) != 0) break;

Once you have properly initialized the key object, you can call B_DigestInit. The Reference Manual Chapter 4 entry on B_DigestInit shows that it requires four arguments. The first argument is the algorithm object; the second is the key object. The third is an algorithm chooser. The fourth is a surrender context; this is a fast function, so it is reasonable to pass a properly cast NULL_PTR:

B_ALGORITHM_METHOD *HMAC_CHOOSER[] = { &AM_SHA,

&AM_SHA_RANDOM,

(B_ALGORITHM_METHOD *)NULL_PTR

};

if ((status = B_DigestInit (HMACDigester, HMACKey, HMAC_CHOOSER, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

Step 4: Update

Once you have set the algorithm object, you can create the message authentication code by calling B_DigestUpdate for all of the data to digest:

unsigned char dataToDigest[] = "Digest this sentence."; unsigned int dataToDigestLen = strlen (dataToDigest);

if ((status = B_DigestUpdate

(HMACDigester, dataToDigest, dataToDigestLen, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

C h a p t e r 5 N o n - C r y p t o g r a p h i c O p e r a t i o n s

1 6 3

Page 185
Image 185
RSA Security 5.2.2 manual RandomAlgorithm, keyData, KEYSIZE, Asurrenderctx *NULLPTR !=