[1dcc0b9] | 1 | /*
|
---|
| 2 | * Copyright (c) 2015 Jan Kolarik
|
---|
| 3 | * All rights reserved.
|
---|
| 4 | *
|
---|
| 5 | * Redistribution and use in source and binary forms, with or without
|
---|
| 6 | * modification, are permitted provided that the following conditions
|
---|
| 7 | * are met:
|
---|
| 8 | *
|
---|
| 9 | * - Redistributions of source code must retain the above copyright
|
---|
| 10 | * notice, this list of conditions and the following disclaimer.
|
---|
| 11 | * - Redistributions in binary form must reproduce the above copyright
|
---|
| 12 | * notice, this list of conditions and the following disclaimer in the
|
---|
| 13 | * documentation and/or other materials provided with the distribution.
|
---|
| 14 | * - The name of the author may not be used to endorse or promote products
|
---|
| 15 | * derived from this software without specific prior written permission.
|
---|
| 16 | *
|
---|
| 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
---|
| 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
---|
| 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
---|
| 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
---|
| 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
---|
| 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
---|
| 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
---|
| 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
---|
| 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
---|
| 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
---|
| 27 | */
|
---|
| 28 |
|
---|
| 29 | /** @file crypto.c
|
---|
[8a64320e] | 30 | *
|
---|
[1dcc0b9] | 31 | * Cryptographic functions library.
|
---|
| 32 | */
|
---|
| 33 |
|
---|
[a4cf312] | 34 | #include <assert.h>
|
---|
[1dcc0b9] | 35 | #include <str.h>
|
---|
| 36 | #include <macros.h>
|
---|
| 37 | #include <errno.h>
|
---|
| 38 | #include <byteorder.h>
|
---|
[a4cf312] | 39 | #include <limits.h>
|
---|
[1dcc0b9] | 40 | #include "crypto.h"
|
---|
| 41 |
|
---|
[8a64320e] | 42 | /** Hash function procedure definition. */
|
---|
| 43 | typedef void (*hash_fnc_t)(uint32_t *, uint32_t *);
|
---|
[1dcc0b9] | 44 |
|
---|
[8a64320e] | 45 | /** Length of HMAC block. */
|
---|
| 46 | #define HMAC_BLOCK_LENGTH 64
|
---|
[d7dadcb4] | 47 |
|
---|
[8a64320e] | 48 | /** Ceiling for uint32_t. */
|
---|
| 49 | #define ceil_uint32(val) \
|
---|
| 50 | (((val) - (uint32_t) (val)) > 0 ? \
|
---|
| 51 | (uint32_t) ((val) + 1) : (uint32_t) (val))
|
---|
[d7dadcb4] | 52 |
|
---|
[8a64320e] | 53 | /** Floor for uint32_t. */
|
---|
| 54 | #define floor_uint32(val) \
|
---|
| 55 | (((val) - (uint32_t) (val)) < 0 ? \
|
---|
| 56 | (uint32_t) ((val) - 1) : (uint32_t) (val))
|
---|
[d7dadcb4] | 57 |
|
---|
[8a64320e] | 58 | /** Pick value at specified index from array or zero if out of bounds. */
|
---|
| 59 | #define get_at(input, size, i) \
|
---|
| 60 | ((i) < (size) ? (input[i]) : 0)
|
---|
[1dcc0b9] | 61 |
|
---|
[8a64320e] | 62 | /** Init values used in SHA1 and MD5 functions. */
|
---|
[d7dadcb4] | 63 | static const uint32_t hash_init[] = {
|
---|
[8a64320e] | 64 | 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
|
---|
[d7dadcb4] | 65 | };
|
---|
| 66 |
|
---|
[8a64320e] | 67 | /** Shift amount array for MD5 algorithm. */
|
---|
[d7dadcb4] | 68 | static const uint32_t md5_shift[] = {
|
---|
| 69 | 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22,
|
---|
| 70 | 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20,
|
---|
| 71 | 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23,
|
---|
| 72 | 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21
|
---|
| 73 | };
|
---|
| 74 |
|
---|
[8a64320e] | 75 | /** Substitution box for MD5 algorithm. */
|
---|
[d7dadcb4] | 76 | static const uint32_t md5_sbox[] = {
|
---|
| 77 | 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
|
---|
| 78 | 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
|
---|
| 79 | 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
|
---|
| 80 | 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
|
---|
| 81 | 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
|
---|
| 82 | 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
|
---|
| 83 | 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
|
---|
| 84 | 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
|
---|
| 85 | 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
|
---|
| 86 | 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
|
---|
| 87 | 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
|
---|
| 88 | 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
|
---|
| 89 | 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
|
---|
| 90 | 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
|
---|
| 91 | 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
|
---|
| 92 | 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
|
---|
| 93 | };
|
---|
| 94 |
|
---|
[8a64320e] | 95 | /** Working procedure of MD5 cryptographic hash function.
|
---|
| 96 | *
|
---|
| 97 | * @param h Working array with interim hash parts values.
|
---|
[d7dadcb4] | 98 | * @param sched_arr Input array with scheduled values from input string.
|
---|
[8a64320e] | 99 | *
|
---|
[1dcc0b9] | 100 | */
|
---|
[d7dadcb4] | 101 | static void md5_proc(uint32_t *h, uint32_t *sched_arr)
|
---|
[1dcc0b9] | 102 | {
|
---|
[d7dadcb4] | 103 | uint32_t f, g, temp;
|
---|
[8a64320e] | 104 | uint32_t w[HASH_MD5 / 4];
|
---|
[a35b458] | 105 |
|
---|
[8a64320e] | 106 | memcpy(w, h, (HASH_MD5 / 4) * sizeof(uint32_t));
|
---|
[a35b458] | 107 |
|
---|
[8a64320e] | 108 | for (size_t k = 0; k < 64; k++) {
|
---|
| 109 | if (k < 16) {
|
---|
[d7dadcb4] | 110 | f = (w[1] & w[2]) | (~w[1] & w[3]);
|
---|
| 111 | g = k;
|
---|
[8a64320e] | 112 | } else if ((k >= 16) && (k < 32)) {
|
---|
[d7dadcb4] | 113 | f = (w[1] & w[3]) | (w[2] & ~w[3]);
|
---|
[8a64320e] | 114 | g = (5 * k + 1) % 16;
|
---|
| 115 | } else if ((k >= 32) && (k < 48)) {
|
---|
[d7dadcb4] | 116 | f = w[1] ^ w[2] ^ w[3];
|
---|
[8a64320e] | 117 | g = (3 * k + 5) % 16;
|
---|
[d7dadcb4] | 118 | } else {
|
---|
| 119 | f = w[2] ^ (w[1] | ~w[3]);
|
---|
[8a64320e] | 120 | g = 7 * k % 16;
|
---|
[d7dadcb4] | 121 | }
|
---|
[a35b458] | 122 |
|
---|
[d7dadcb4] | 123 | temp = w[3];
|
---|
| 124 | w[3] = w[2];
|
---|
| 125 | w[2] = w[1];
|
---|
[8a64320e] | 126 | w[1] += rotl_uint32(w[0] + f + md5_sbox[k] +
|
---|
| 127 | uint32_t_byteorder_swap(sched_arr[g]),
|
---|
| 128 | md5_shift[k]);
|
---|
[d7dadcb4] | 129 | w[0] = temp;
|
---|
[1dcc0b9] | 130 | }
|
---|
[a35b458] | 131 |
|
---|
[8a64320e] | 132 | for (uint8_t k = 0; k < HASH_MD5 / 4; k++)
|
---|
[d7dadcb4] | 133 | h[k] += w[k];
|
---|
[1dcc0b9] | 134 | }
|
---|
| 135 |
|
---|
[8a64320e] | 136 | /** Working procedure of SHA-1 cryptographic hash function.
|
---|
| 137 | *
|
---|
| 138 | * @param h Working array with interim hash parts values.
|
---|
[d7dadcb4] | 139 | * @param sched_arr Input array with scheduled values from input string.
|
---|
[8a64320e] | 140 | *
|
---|
[1dcc0b9] | 141 | */
|
---|
[d7dadcb4] | 142 | static void sha1_proc(uint32_t *h, uint32_t *sched_arr)
|
---|
[1dcc0b9] | 143 | {
|
---|
[d7dadcb4] | 144 | uint32_t f, cf, temp;
|
---|
[8a64320e] | 145 | uint32_t w[HASH_SHA1 / 4];
|
---|
[a35b458] | 146 |
|
---|
[8a64320e] | 147 | for (size_t k = 16; k < 80; k++) {
|
---|
[d7dadcb4] | 148 | sched_arr[k] = rotl_uint32(
|
---|
[1433ecda] | 149 | sched_arr[k - 3] ^
|
---|
| 150 | sched_arr[k - 8] ^
|
---|
| 151 | sched_arr[k - 14] ^
|
---|
| 152 | sched_arr[k - 16],
|
---|
[8a64320e] | 153 | 1);
|
---|
[d7dadcb4] | 154 | }
|
---|
[a35b458] | 155 |
|
---|
[8a64320e] | 156 | memcpy(w, h, (HASH_SHA1 / 4) * sizeof(uint32_t));
|
---|
[a35b458] | 157 |
|
---|
[8a64320e] | 158 | for (size_t k = 0; k < 80; k++) {
|
---|
| 159 | if (k < 20) {
|
---|
[d7dadcb4] | 160 | f = (w[1] & w[2]) | (~w[1] & w[3]);
|
---|
| 161 | cf = 0x5A827999;
|
---|
[8a64320e] | 162 | } else if ((k >= 20) && (k < 40)) {
|
---|
[d7dadcb4] | 163 | f = w[1] ^ w[2] ^ w[3];
|
---|
[8a64320e] | 164 | cf = 0x6ed9eba1;
|
---|
| 165 | } else if ((k >= 40) && (k < 60)) {
|
---|
[d7dadcb4] | 166 | f = (w[1] & w[2]) | (w[1] & w[3]) | (w[2] & w[3]);
|
---|
[8a64320e] | 167 | cf = 0x8f1bbcdc;
|
---|
[d7dadcb4] | 168 | } else {
|
---|
| 169 | f = w[1] ^ w[2] ^ w[3];
|
---|
[8a64320e] | 170 | cf = 0xca62c1d6;
|
---|
[d7dadcb4] | 171 | }
|
---|
[a35b458] | 172 |
|
---|
[d7dadcb4] | 173 | temp = rotl_uint32(w[0], 5) + f + w[4] + cf + sched_arr[k];
|
---|
[a35b458] | 174 |
|
---|
[d7dadcb4] | 175 | w[4] = w[3];
|
---|
| 176 | w[3] = w[2];
|
---|
| 177 | w[2] = rotl_uint32(w[1], 30);
|
---|
| 178 | w[1] = w[0];
|
---|
| 179 | w[0] = temp;
|
---|
| 180 | }
|
---|
[a35b458] | 181 |
|
---|
[8a64320e] | 182 | for (uint8_t k = 0; k < HASH_SHA1 / 4; k++)
|
---|
[d7dadcb4] | 183 | h[k] += w[k];
|
---|
[1dcc0b9] | 184 | }
|
---|
| 185 |
|
---|
[8a64320e] | 186 | /** Create hash based on selected algorithm.
|
---|
| 187 | *
|
---|
| 188 | * @param input Input message byte sequence.
|
---|
[d7dadcb4] | 189 | * @param input_size Size of message sequence.
|
---|
[8a64320e] | 190 | * @param output Result hash byte sequence.
|
---|
| 191 | * @param hash_sel Hash function selector.
|
---|
| 192 | *
|
---|
| 193 | * @return EINVAL when input not specified,
|
---|
| 194 | * ENOMEM when pointer for output hash result
|
---|
| 195 | * is not allocated, otherwise EOK.
|
---|
| 196 | *
|
---|
[1dcc0b9] | 197 | */
|
---|
[b7fd2a0] | 198 | errno_t create_hash(uint8_t *input, size_t input_size, uint8_t *output,
|
---|
[8a64320e] | 199 | hash_func_t hash_sel)
|
---|
[1dcc0b9] | 200 | {
|
---|
[a4cf312] | 201 | assert(input_size < SSIZE_MAX);
|
---|
| 202 |
|
---|
[8a64320e] | 203 | if (!input)
|
---|
[1dcc0b9] | 204 | return EINVAL;
|
---|
[a35b458] | 205 |
|
---|
[8a64320e] | 206 | if (!output)
|
---|
[1dcc0b9] | 207 | return ENOMEM;
|
---|
[a35b458] | 208 |
|
---|
[8a64320e] | 209 | hash_fnc_t hash_func = (hash_sel == HASH_MD5) ? md5_proc : sha1_proc;
|
---|
[a35b458] | 210 |
|
---|
[d7dadcb4] | 211 | /* Prepare scheduled input. */
|
---|
[1dcc0b9] | 212 | uint8_t work_input[input_size + 1];
|
---|
| 213 | memcpy(work_input, input, input_size);
|
---|
| 214 | work_input[input_size] = 0x80;
|
---|
[a35b458] | 215 |
|
---|
[8a64320e] | 216 | // FIXME: double?
|
---|
| 217 | size_t blocks = ceil_uint32((((double) input_size + 1) / 4 + 2) / 16);
|
---|
[d7dadcb4] | 218 | uint32_t work_arr[blocks * 16];
|
---|
[8a64320e] | 219 | for (size_t i = 0; i < blocks; i++) {
|
---|
| 220 | for (size_t j = 0; j < 16; j++) {
|
---|
[1433ecda] | 221 | work_arr[i * 16 + j] =
|
---|
[8a64320e] | 222 | (get_at(work_input, input_size + 1, i * 64 + j * 4) << 24) |
|
---|
| 223 | (get_at(work_input, input_size + 1, i * 64 + j * 4 + 1) << 16) |
|
---|
| 224 | (get_at(work_input, input_size + 1, i * 64 + j * 4 + 2) << 8) |
|
---|
| 225 | get_at(work_input, input_size + 1, i * 64 + j * 4 + 3);
|
---|
[1dcc0b9] | 226 | }
|
---|
| 227 | }
|
---|
[a35b458] | 228 |
|
---|
[8a64320e] | 229 | uint64_t bits_size = (uint64_t) (input_size * 8);
|
---|
| 230 | if (hash_sel == HASH_MD5)
|
---|
[d7dadcb4] | 231 | bits_size = uint64_t_byteorder_swap(bits_size);
|
---|
[a35b458] | 232 |
|
---|
[d7dadcb4] | 233 | work_arr[(blocks - 1) * 16 + 14] = bits_size >> 32;
|
---|
[8a64320e] | 234 | work_arr[(blocks - 1) * 16 + 15] = bits_size & 0xffffffff;
|
---|
[a35b458] | 235 |
|
---|
[d7dadcb4] | 236 | /* Hash computation. */
|
---|
[8a64320e] | 237 | uint32_t h[hash_sel / 4];
|
---|
| 238 | memcpy(h, hash_init, (hash_sel / 4) * sizeof(uint32_t));
|
---|
[d7dadcb4] | 239 | uint32_t sched_arr[80];
|
---|
[8a64320e] | 240 | for (size_t i = 0; i < blocks; i++) {
|
---|
| 241 | for (size_t k = 0; k < 16; k++)
|
---|
| 242 | sched_arr[k] = work_arr[i * 16 + k];
|
---|
[a35b458] | 243 |
|
---|
[d7dadcb4] | 244 | hash_func(h, sched_arr);
|
---|
[1dcc0b9] | 245 | }
|
---|
[a35b458] | 246 |
|
---|
[d7dadcb4] | 247 | /* Copy hash parts into final result. */
|
---|
[8a64320e] | 248 | for (size_t i = 0; i < hash_sel / 4; i++) {
|
---|
| 249 | if (hash_sel == HASH_SHA1)
|
---|
[d7dadcb4] | 250 | h[i] = uint32_t_byteorder_swap(h[i]);
|
---|
[a35b458] | 251 |
|
---|
[8a64320e] | 252 | memcpy(output + i * sizeof(uint32_t), &h[i], sizeof(uint32_t));
|
---|
[1dcc0b9] | 253 | }
|
---|
[a35b458] | 254 |
|
---|
[1dcc0b9] | 255 | return EOK;
|
---|
| 256 | }
|
---|
| 257 |
|
---|
[8a64320e] | 258 | /** Hash-based message authentication code.
|
---|
| 259 | *
|
---|
| 260 | * @param key Cryptographic key sequence.
|
---|
[1dcc0b9] | 261 | * @param key_size Size of key sequence.
|
---|
[8a64320e] | 262 | * @param msg Message sequence.
|
---|
[1dcc0b9] | 263 | * @param msg_size Size of message sequence.
|
---|
[8a64320e] | 264 | * @param hash Output parameter for result hash.
|
---|
[1dcc0b9] | 265 | * @param hash_sel Hash function selector.
|
---|
[8a64320e] | 266 | *
|
---|
| 267 | * @return EINVAL when key or message not specified,
|
---|
| 268 | * ENOMEM when pointer for output hash result
|
---|
| 269 | * is not allocated, otherwise EOK.
|
---|
| 270 | *
|
---|
[1dcc0b9] | 271 | */
|
---|
[1b20da0] | 272 | errno_t hmac(uint8_t *key, size_t key_size, uint8_t *msg, size_t msg_size,
|
---|
[8a64320e] | 273 | uint8_t *hash, hash_func_t hash_sel)
|
---|
[1dcc0b9] | 274 | {
|
---|
[8a64320e] | 275 | if ((!key) || (!msg))
|
---|
[1dcc0b9] | 276 | return EINVAL;
|
---|
[a35b458] | 277 |
|
---|
[8a64320e] | 278 | if (!hash)
|
---|
[1dcc0b9] | 279 | return ENOMEM;
|
---|
[a35b458] | 280 |
|
---|
[1dcc0b9] | 281 | uint8_t work_key[HMAC_BLOCK_LENGTH];
|
---|
| 282 | uint8_t o_key_pad[HMAC_BLOCK_LENGTH];
|
---|
| 283 | uint8_t i_key_pad[HMAC_BLOCK_LENGTH];
|
---|
[d7dadcb4] | 284 | uint8_t temp_hash[hash_sel];
|
---|
[1dcc0b9] | 285 | memset(work_key, 0, HMAC_BLOCK_LENGTH);
|
---|
[a35b458] | 286 |
|
---|
[1433ecda] | 287 | if (key_size > HMAC_BLOCK_LENGTH)
|
---|
[d7dadcb4] | 288 | create_hash(key, key_size, work_key, hash_sel);
|
---|
[8a64320e] | 289 | else
|
---|
[1dcc0b9] | 290 | memcpy(work_key, key, key_size);
|
---|
[a35b458] | 291 |
|
---|
[8a64320e] | 292 | for (size_t i = 0; i < HMAC_BLOCK_LENGTH; i++) {
|
---|
| 293 | o_key_pad[i] = work_key[i] ^ 0x5c;
|
---|
[1dcc0b9] | 294 | i_key_pad[i] = work_key[i] ^ 0x36;
|
---|
| 295 | }
|
---|
[a35b458] | 296 |
|
---|
[cc575ef9] | 297 | uint8_t temp_work[HMAC_BLOCK_LENGTH + max(msg_size, hash_sel)];
|
---|
[1dcc0b9] | 298 | memcpy(temp_work, i_key_pad, HMAC_BLOCK_LENGTH);
|
---|
| 299 | memcpy(temp_work + HMAC_BLOCK_LENGTH, msg, msg_size);
|
---|
[a35b458] | 300 |
|
---|
[8a64320e] | 301 | create_hash(temp_work, HMAC_BLOCK_LENGTH + msg_size, temp_hash,
|
---|
| 302 | hash_sel);
|
---|
[a35b458] | 303 |
|
---|
[1dcc0b9] | 304 | memcpy(temp_work, o_key_pad, HMAC_BLOCK_LENGTH);
|
---|
[d7dadcb4] | 305 | memcpy(temp_work + HMAC_BLOCK_LENGTH, temp_hash, hash_sel);
|
---|
[a35b458] | 306 |
|
---|
[d7dadcb4] | 307 | create_hash(temp_work, HMAC_BLOCK_LENGTH + hash_sel, hash, hash_sel);
|
---|
[a35b458] | 308 |
|
---|
[1dcc0b9] | 309 | return EOK;
|
---|
| 310 | }
|
---|
| 311 |
|
---|
[8a64320e] | 312 | /** Password-Based Key Derivation Function 2.
|
---|
| 313 | *
|
---|
| 314 | * As defined in RFC 2898, using HMAC-SHA1 with 4096 iterations
|
---|
| 315 | * and 32 bytes key result used for WPA/WPA2.
|
---|
| 316 | *
|
---|
| 317 | * @param pass Password sequence.
|
---|
[1dcc0b9] | 318 | * @param pass_size Password sequence length.
|
---|
[8a64320e] | 319 | * @param salt Salt sequence to be used with password.
|
---|
[1dcc0b9] | 320 | * @param salt_size Salt sequence length.
|
---|
[8a64320e] | 321 | * @param hash Output parameter for result hash (32 byte value).
|
---|
| 322 | *
|
---|
| 323 | * @return EINVAL when pass or salt not specified,
|
---|
| 324 | * ENOMEM when pointer for output hash result
|
---|
| 325 | * is not allocated, otherwise EOK.
|
---|
| 326 | *
|
---|
[1dcc0b9] | 327 | */
|
---|
[b7fd2a0] | 328 | errno_t pbkdf2(uint8_t *pass, size_t pass_size, uint8_t *salt, size_t salt_size,
|
---|
[8a64320e] | 329 | uint8_t *hash)
|
---|
[1dcc0b9] | 330 | {
|
---|
[8a64320e] | 331 | if ((!pass) || (!salt))
|
---|
[1dcc0b9] | 332 | return EINVAL;
|
---|
[a35b458] | 333 |
|
---|
[8a64320e] | 334 | if (!hash)
|
---|
[1dcc0b9] | 335 | return ENOMEM;
|
---|
[a35b458] | 336 |
|
---|
[cc575ef9] | 337 | uint8_t work_salt[salt_size + 4];
|
---|
[1dcc0b9] | 338 | memcpy(work_salt, salt, salt_size);
|
---|
[a931b7b] | 339 | uint8_t work_hmac[HASH_SHA1];
|
---|
| 340 | uint8_t temp_hmac[HASH_SHA1];
|
---|
| 341 | uint8_t xor_hmac[HASH_SHA1];
|
---|
[8a64320e] | 342 | uint8_t temp_hash[HASH_SHA1 * 2];
|
---|
[a35b458] | 343 |
|
---|
[8a64320e] | 344 | for (size_t i = 0; i < 2; i++) {
|
---|
| 345 | uint32_t be_i = host2uint32_t_be(i + 1);
|
---|
[a35b458] | 346 |
|
---|
[cc575ef9] | 347 | memcpy(work_salt + salt_size, &be_i, 4);
|
---|
| 348 | hmac(pass, pass_size, work_salt, salt_size + 4,
|
---|
[8a64320e] | 349 | work_hmac, HASH_SHA1);
|
---|
[a931b7b] | 350 | memcpy(xor_hmac, work_hmac, HASH_SHA1);
|
---|
[a35b458] | 351 |
|
---|
[8a64320e] | 352 | for (size_t k = 1; k < 4096; k++) {
|
---|
[a931b7b] | 353 | memcpy(temp_hmac, work_hmac, HASH_SHA1);
|
---|
[8a64320e] | 354 | hmac(pass, pass_size, temp_hmac, HASH_SHA1,
|
---|
| 355 | work_hmac, HASH_SHA1);
|
---|
[a35b458] | 356 |
|
---|
[8a64320e] | 357 | for (size_t t = 0; t < HASH_SHA1; t++)
|
---|
[1dcc0b9] | 358 | xor_hmac[t] ^= work_hmac[t];
|
---|
| 359 | }
|
---|
[a35b458] | 360 |
|
---|
[8a64320e] | 361 | memcpy(temp_hash + i * HASH_SHA1, xor_hmac, HASH_SHA1);
|
---|
[1dcc0b9] | 362 | }
|
---|
[a35b458] | 363 |
|
---|
[1dcc0b9] | 364 | memcpy(hash, temp_hash, PBKDF2_KEY_LENGTH);
|
---|
[a35b458] | 365 |
|
---|
[1dcc0b9] | 366 | return EOK;
|
---|
| 367 | }
|
---|