Coverage report: /home/ellis/comp/ext/ironclad/src/kdf/hmac.lisp

Kind	Covered	All	%
expression	0	73	0.0
branch	0	0	nil

Key

Not instrumented

Conditionalized out

Executed

Not executed

Both branches taken

One branch taken

Neither branch taken

1

;;;; hmac.lisp

2

;;; implementation of RFC 5869

3

(in-package :crypto)

4

5

(defclass hmac-kdf ()

6

((digest-name :initarg :digest :reader kdf-digest)

7

(info :initarg :info :accessor hmac-kdf-info :type (simple-array (unsigned-byte 8) (*))

8

:documentation "Optional context and application specific information")))

9

10

(defmethod shared-initialize ((kdf hmac-kdf) slot-names &rest initargs

11

&key digest info &allow-other-keys)

12

(declare (ignore slot-names initargs))

13

(setf (slot-value kdf 'digest-name) digest

14

(hmac-kdf-info kdf) (or info (make-array 0 :element-type '(unsigned-byte 8))))

15

kdf)

16

17

(defun hkdf-extract (digest salt ikm)

18

(let ((hmac (make-hmac salt digest)))

19

(update-hmac hmac ikm)

20

(produce-mac hmac)))

21

22

(defun hkdf-expand (digest prk info key-length)

23

(let ((digest-length (digest-length digest)))

24

(assert (<= key-length (* 255 digest-length)))

25

(subseq

26

(apply #'concatenate '(vector (unsigned-byte 8))

27

(loop with tmp = (make-array 0 :element-type '(unsigned-byte 8))

28

for i below (ceiling key-length digest-length)

29

collect

30

(setf tmp (hkdf-extract digest prk

31

                                           (concatenate '(vector (unsigned-byte 8)) tmp info (vector (1+ i)))))))

32

0 key-length)))

33

34

(defun hmac-derive-key (digest passphrase salt info key-length)

35

(let ((prk (hkdf-extract digest salt passphrase)))

36

(hkdf-expand digest prk info key-length)))

37

38

(defmethod derive-key ((kdf hmac-kdf) passphrase salt iteration-count key-length)

39

(hmac-derive-key (kdf-digest kdf) passphrase salt (hmac-kdf-info kdf) key-length))