115 lines
3.3 KiB
C
115 lines
3.3 KiB
C
/* gc-pbkdf2-sha1.c --- Password-Based Key Derivation Function a'la PKCS#5
|
|
Copyright (C) 2002, 2003, 2004, 2005, 2006, 2009 Free Software Foundation, Inc.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software Foundation,
|
|
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
|
|
|
|
/* Written by Simon Josefsson. */
|
|
/* Imported from gnulib. */
|
|
|
|
#include <VasEBoot/crypto.h>
|
|
#include <VasEBoot/mm.h>
|
|
#include <VasEBoot/misc.h>
|
|
#include <VasEBoot/dl.h>
|
|
|
|
VAS_EBOOT_MOD_LICENSE ("GPLv2+");
|
|
|
|
/* Implement PKCS#5 PBKDF2 as per RFC 2898. The PRF to use is HMAC variant
|
|
of digest supplied by MD. Inputs are the password P of length PLEN,
|
|
the salt S of length SLEN, the iteration counter C (> 0), and the
|
|
desired derived output length DKLEN. Output buffer is DK which
|
|
must have room for at least DKLEN octets. The output buffer will
|
|
be filled with the derived data. */
|
|
|
|
gcry_err_code_t
|
|
VasEBoot_crypto_pbkdf2 (const struct gcry_md_spec *md,
|
|
const VasEBoot_uint8_t *P, VasEBoot_size_t Plen,
|
|
const VasEBoot_uint8_t *S, VasEBoot_size_t Slen,
|
|
unsigned int c,
|
|
VasEBoot_uint8_t *DK, VasEBoot_size_t dkLen)
|
|
{
|
|
struct VasEBoot_crypto_hmac_handle *hnd = NULL;
|
|
unsigned int hLen = md->mdlen;
|
|
VasEBoot_uint8_t U[VAS_EBOOT_CRYPTO_MAX_MDLEN];
|
|
VasEBoot_uint8_t T[VAS_EBOOT_CRYPTO_MAX_MDLEN];
|
|
unsigned int u;
|
|
unsigned int l;
|
|
unsigned int r;
|
|
unsigned int i;
|
|
unsigned int k;
|
|
VasEBoot_uint8_t *tmp;
|
|
VasEBoot_size_t tmplen = Slen + 4;
|
|
|
|
if (md->mdlen > VAS_EBOOT_CRYPTO_MAX_MDLEN || md->mdlen == 0)
|
|
return GPG_ERR_INV_ARG;
|
|
|
|
if (c == 0)
|
|
return GPG_ERR_INV_ARG;
|
|
|
|
if (dkLen == 0)
|
|
return GPG_ERR_INV_ARG;
|
|
|
|
if (dkLen > 4294967295U)
|
|
return GPG_ERR_INV_ARG;
|
|
|
|
l = ((dkLen - 1) / hLen) + 1;
|
|
r = dkLen - (l - 1) * hLen;
|
|
|
|
tmp = VasEBoot_malloc (tmplen);
|
|
if (tmp == NULL)
|
|
return GPG_ERR_OUT_OF_MEMORY;
|
|
|
|
VasEBoot_memcpy (tmp, S, Slen);
|
|
|
|
hnd = VasEBoot_crypto_hmac_init (md, P, Plen);
|
|
if (hnd == NULL)
|
|
{
|
|
VasEBoot_free (tmp);
|
|
return GPG_ERR_OUT_OF_MEMORY;
|
|
}
|
|
|
|
for (i = 1; i - 1 < l; i++)
|
|
{
|
|
VasEBoot_memset (T, 0, hLen);
|
|
|
|
for (u = 0; u < c; u++)
|
|
{
|
|
if (u == 0)
|
|
{
|
|
tmp[Slen + 0] = (i & 0xff000000) >> 24;
|
|
tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
|
|
tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
|
|
tmp[Slen + 3] = (i & 0x000000ff) >> 0;
|
|
|
|
VasEBoot_crypto_hmac_write (hnd, tmp, tmplen);
|
|
}
|
|
else
|
|
VasEBoot_crypto_hmac_write (hnd, U, hLen);
|
|
|
|
VasEBoot_crypto_hmac_final (hnd, U);
|
|
VasEBoot_crypto_hmac_reset (hnd);
|
|
|
|
for (k = 0; k < hLen; k++)
|
|
T[k] ^= U[k];
|
|
}
|
|
|
|
VasEBoot_memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
|
|
}
|
|
|
|
VasEBoot_crypto_hmac_free (hnd);
|
|
VasEBoot_free (tmp);
|
|
|
|
return GPG_ERR_NO_ERROR;
|
|
}
|