+ return TCL_OK;
+}
+
+int cht_do_blockcipherop_mac(ClientData cd, Tcl_Interp *ip,
+ HBytes_Value msg, const BlockCipherAlgInfo *alg,
+ Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
+ HBytes_Value iv, HBytes_Value *result) {
+ const CiphKeyValue *key;
+ const char *failure;
+ const Byte *ivbuf;
+ Byte *buffers;
+ const void *sched;
+ int nblocks, iv_lenbytes;
+ int rc;
+
+ if (!mode->mac)
+ return cht_staticerr(ip, "mode does not support mac generation", 0);
+
+ rc= blockcipher_prep(ip,key_obj,&iv,0,
+ alg,mode, cht_hb_len(&msg),
+ &key,&sched,
+ &ivbuf,&iv_lenbytes,
+ &buffers,&nblocks);
+ if (rc) return rc;
+
+ failure= mode->mac(cht_hb_data(&msg), nblocks, ivbuf, buffers, alg, sched);
+ if (failure)
+ return cht_staticerr(ip,failure, "HBYTES BLOCKCIPHER CRYPTFAIL MAC");
+
+ cht_hb_array(result, buffers, alg->blocksize * mode->mac_blocks);
+
+ return TCL_OK;
+}
+
+int cht_do_hbcrypto_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg,
+ HBytes_Value message, Tcl_Obj *key_obj,
+ Tcl_Obj *maclen_obj, HBytes_Value *result) {
+ /* key->alpha = state after H(K XOR ipad <unfinished>
+ * key->beta = state after H(K XOR opad <unfinished>
+ * key->buffers = room for one block, or one state
+ */
+ CiphKeyValue *key;
+ Byte *dest;
+ int i, ml, rc;
+
+ if (maclen_obj) {
+ rc= Tcl_GetIntFromObj(ip, maclen_obj, &ml); if (rc) return rc;
+ if (ml<0 || ml>alg->hashsize)
+ return cht_staticerr(ip, "requested hmac output size out of range",
+ "HBYTES HMAC PARAMS");
+ } else {
+ ml= alg->hashsize;
+ }
+
+ key= get_key(ip, key_obj, alg,
+ alg->blocksize > alg->statesize
+ ? alg->blocksize : alg->statesize);
+
+ if (!key->alpha) {
+ assert(!key->beta);
+
+ if (key->valuelen > alg->blocksize)
+ return cht_staticerr(ip, "key to hmac longer than hash block size",
+ "HBYTES HMAC PARAMS");
+
+ memcpy(key->buffers, key->value, key->valuelen);
+ memset(key->buffers + key->valuelen, 0, alg->blocksize - key->valuelen);
+ for (i=0; i<alg->blocksize; i++) key->buffers[i] ^= 0x36;
+
+ key->alpha= TALLOC(alg->statesize);
+ alg->init(key->alpha);
+ alg->update(key->alpha, key->buffers, alg->blocksize);
+
+ key->beta= TALLOC(alg->statesize);
+ alg->init(key->beta);
+ for (i=0; i<alg->blocksize; i++) key->buffers[i] ^= (0x5c ^ 0x36);
+ alg->update(key->beta, key->buffers, alg->blocksize);
+ }
+ assert(key->beta);
+
+ dest= cht_hb_arrayspace(result, alg->hashsize);
+
+ memcpy(key->buffers, key->alpha, alg->statesize);
+ alg->update(key->buffers, cht_hb_data(&message), cht_hb_len(&message));
+ alg->final(key->buffers, dest);
+
+ memcpy(key->buffers, key->beta, alg->statesize);
+ alg->update(key->buffers, dest, alg->hashsize);
+ alg->final(key->buffers, dest);
+
+ cht_hb_unappend(result, alg->hashsize - ml);
+
+ return TCL_OK;
+}
+
+int cht_do_blockcipherop_prop(ClientData cd, Tcl_Interp *ip,
+ const BlockCipherPropInfo *prop,
+ const BlockCipherAlgInfo *alg, int *result) {
+ *result= *(const int*)((const char*)alg + prop->int_offset);
+ return TCL_OK;
+}