in src/hmac.c [82:111]
int HMAC_SHA256_final(hmac_sha256 *ctx, char* out, int outlen)
{
if (ctx == NULL || out == NULL)
return ERR_NULLPOINTER_HMAC;
if (outlen <= 0 || outlen > SHA256_HASH_SIZE)
return ERR_BADARGLEN_HMAC;
int i;
char opad = 0x5c;
char digest[SHA256_HASH_SIZE];
// Compute H((k0 ^ ipad) || in)
HASH256_hash(&(ctx->sha256_ctx), digest);
// Compute `H((K0 ^ opad ) || H((K0 ^ ipad) || in))`
for(i = 0; i < SHA256_BLOCK_SIZE; i++)
HASH256_process(&(ctx->sha256_ctx), (ctx->k0)[i] ^ opad);
for(i = 0; i < SHA256_HASH_SIZE; i++)
HASH256_process(&(ctx->sha256_ctx), digest[i]);
HASH256_hash(&(ctx->sha256_ctx), digest);
// Erase the secret key as it is not needed anymore
for(i = 0; i < SHA256_BLOCK_SIZE; i++)
ctx->k0[i] = 0x00;
for(i = 0; i < outlen; i++)
out[i] = digest[i];
return SUCCESS;
}