A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.

Dependents:   HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL

Committer:
Mike Fiore
Date:
Mon Mar 23 16:51:07 2015 -0500
Revision:
6:cf58d49e1a86
Parent:
0:b86d15c6ba29
fix whitespace in sha512.c

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Vanger 0:b86d15c6ba29 1 /* pwdbased.c
Vanger 0:b86d15c6ba29 2 *
Vanger 0:b86d15c6ba29 3 * Copyright (C) 2006-2014 wolfSSL Inc.
Vanger 0:b86d15c6ba29 4 *
Vanger 0:b86d15c6ba29 5 * This file is part of CyaSSL.
Vanger 0:b86d15c6ba29 6 *
Vanger 0:b86d15c6ba29 7 * CyaSSL is free software; you can redistribute it and/or modify
Vanger 0:b86d15c6ba29 8 * it under the terms of the GNU General Public License as published by
Vanger 0:b86d15c6ba29 9 * the Free Software Foundation; either version 2 of the License, or
Vanger 0:b86d15c6ba29 10 * (at your option) any later version.
Vanger 0:b86d15c6ba29 11 *
Vanger 0:b86d15c6ba29 12 * CyaSSL is distributed in the hope that it will be useful,
Vanger 0:b86d15c6ba29 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Vanger 0:b86d15c6ba29 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Vanger 0:b86d15c6ba29 15 * GNU General Public License for more details.
Vanger 0:b86d15c6ba29 16 *
Vanger 0:b86d15c6ba29 17 * You should have received a copy of the GNU General Public License
Vanger 0:b86d15c6ba29 18 * along with this program; if not, write to the Free Software
Vanger 0:b86d15c6ba29 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Vanger 0:b86d15c6ba29 20 */
Vanger 0:b86d15c6ba29 21
Vanger 0:b86d15c6ba29 22 #ifdef HAVE_CONFIG_H
Vanger 0:b86d15c6ba29 23 #include <config.h>
Vanger 0:b86d15c6ba29 24 #endif
Vanger 0:b86d15c6ba29 25
Vanger 0:b86d15c6ba29 26 #include <cyassl/ctaocrypt/settings.h>
Vanger 0:b86d15c6ba29 27
Vanger 0:b86d15c6ba29 28 #ifndef NO_PWDBASED
Vanger 0:b86d15c6ba29 29
Vanger 0:b86d15c6ba29 30 #ifdef CYASSL_PIC32MZ_HASH
Vanger 0:b86d15c6ba29 31
Vanger 0:b86d15c6ba29 32 #define InitMd5 InitMd5_sw
Vanger 0:b86d15c6ba29 33 #define Md5Update Md5Update_sw
Vanger 0:b86d15c6ba29 34 #define Md5Final Md5Final_sw
Vanger 0:b86d15c6ba29 35
Vanger 0:b86d15c6ba29 36 #define InitSha InitSha_sw
Vanger 0:b86d15c6ba29 37 #define ShaUpdate ShaUpdate_sw
Vanger 0:b86d15c6ba29 38 #define ShaFinal ShaFinal_sw
Vanger 0:b86d15c6ba29 39
Vanger 0:b86d15c6ba29 40 #define InitSha256 InitSha256_sw
Vanger 0:b86d15c6ba29 41 #define Sha256Update Sha256Update_sw
Vanger 0:b86d15c6ba29 42 #define Sha256Final Sha256Final_sw
Vanger 0:b86d15c6ba29 43
Vanger 0:b86d15c6ba29 44 #endif
Vanger 0:b86d15c6ba29 45
Vanger 0:b86d15c6ba29 46 #include <cyassl/ctaocrypt/pwdbased.h>
Vanger 0:b86d15c6ba29 47 #include <cyassl/ctaocrypt/hmac.h>
Vanger 0:b86d15c6ba29 48 #include <cyassl/ctaocrypt/integer.h>
Vanger 0:b86d15c6ba29 49 #include <cyassl/ctaocrypt/error-crypt.h>
Vanger 0:b86d15c6ba29 50 #if defined(CYASSL_SHA512) || defined(CYASSL_SHA384)
Vanger 0:b86d15c6ba29 51 #include <cyassl/ctaocrypt/sha512.h>
Vanger 0:b86d15c6ba29 52 #endif
Vanger 0:b86d15c6ba29 53
Vanger 0:b86d15c6ba29 54 #ifdef NO_INLINE
Vanger 0:b86d15c6ba29 55 #include <cyassl/ctaocrypt/misc.h>
Vanger 0:b86d15c6ba29 56 #else
Vanger 0:b86d15c6ba29 57 #include <ctaocrypt/src/misc.c>
Vanger 0:b86d15c6ba29 58 #endif
Vanger 0:b86d15c6ba29 59
Vanger 0:b86d15c6ba29 60
Vanger 0:b86d15c6ba29 61 #ifndef min
Vanger 0:b86d15c6ba29 62
Vanger 0:b86d15c6ba29 63 static INLINE word32 min(word32 a, word32 b)
Vanger 0:b86d15c6ba29 64 {
Vanger 0:b86d15c6ba29 65 return a > b ? b : a;
Vanger 0:b86d15c6ba29 66 }
Vanger 0:b86d15c6ba29 67
Vanger 0:b86d15c6ba29 68 #endif /* min */
Vanger 0:b86d15c6ba29 69
Vanger 0:b86d15c6ba29 70
Vanger 0:b86d15c6ba29 71 int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
Vanger 0:b86d15c6ba29 72 int sLen, int iterations, int kLen, int hashType)
Vanger 0:b86d15c6ba29 73 {
Vanger 0:b86d15c6ba29 74 Md5 md5;
Vanger 0:b86d15c6ba29 75 Sha sha;
Vanger 0:b86d15c6ba29 76 int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 77 int i, ret = 0;
Vanger 0:b86d15c6ba29 78 byte buffer[SHA_DIGEST_SIZE]; /* max size */
Vanger 0:b86d15c6ba29 79
Vanger 0:b86d15c6ba29 80 if (hashType != MD5 && hashType != SHA)
Vanger 0:b86d15c6ba29 81 return BAD_FUNC_ARG;
Vanger 0:b86d15c6ba29 82
Vanger 0:b86d15c6ba29 83 if (kLen > hLen)
Vanger 0:b86d15c6ba29 84 return BAD_FUNC_ARG;
Vanger 0:b86d15c6ba29 85
Vanger 0:b86d15c6ba29 86 if (iterations < 1)
Vanger 0:b86d15c6ba29 87 return BAD_FUNC_ARG;
Vanger 0:b86d15c6ba29 88
Vanger 0:b86d15c6ba29 89 if (hashType == MD5) {
Vanger 0:b86d15c6ba29 90 InitMd5(&md5);
Vanger 0:b86d15c6ba29 91 Md5Update(&md5, passwd, pLen);
Vanger 0:b86d15c6ba29 92 Md5Update(&md5, salt, sLen);
Vanger 0:b86d15c6ba29 93 Md5Final(&md5, buffer);
Vanger 0:b86d15c6ba29 94 }
Vanger 0:b86d15c6ba29 95 else {
Vanger 0:b86d15c6ba29 96 ret = InitSha(&sha);
Vanger 0:b86d15c6ba29 97 if (ret != 0)
Vanger 0:b86d15c6ba29 98 return ret;
Vanger 0:b86d15c6ba29 99 ShaUpdate(&sha, passwd, pLen);
Vanger 0:b86d15c6ba29 100 ShaUpdate(&sha, salt, sLen);
Vanger 0:b86d15c6ba29 101 ShaFinal(&sha, buffer);
Vanger 0:b86d15c6ba29 102 }
Vanger 0:b86d15c6ba29 103
Vanger 0:b86d15c6ba29 104 for (i = 1; i < iterations; i++) {
Vanger 0:b86d15c6ba29 105 if (hashType == MD5) {
Vanger 0:b86d15c6ba29 106 Md5Update(&md5, buffer, hLen);
Vanger 0:b86d15c6ba29 107 Md5Final(&md5, buffer);
Vanger 0:b86d15c6ba29 108 }
Vanger 0:b86d15c6ba29 109 else {
Vanger 0:b86d15c6ba29 110 ShaUpdate(&sha, buffer, hLen);
Vanger 0:b86d15c6ba29 111 ShaFinal(&sha, buffer);
Vanger 0:b86d15c6ba29 112 }
Vanger 0:b86d15c6ba29 113 }
Vanger 0:b86d15c6ba29 114 XMEMCPY(output, buffer, kLen);
Vanger 0:b86d15c6ba29 115
Vanger 0:b86d15c6ba29 116 return 0;
Vanger 0:b86d15c6ba29 117 }
Vanger 0:b86d15c6ba29 118
Vanger 0:b86d15c6ba29 119
Vanger 0:b86d15c6ba29 120 int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
Vanger 0:b86d15c6ba29 121 int sLen, int iterations, int kLen, int hashType)
Vanger 0:b86d15c6ba29 122 {
Vanger 0:b86d15c6ba29 123 word32 i = 1;
Vanger 0:b86d15c6ba29 124 int hLen;
Vanger 0:b86d15c6ba29 125 int j, ret;
Vanger 0:b86d15c6ba29 126 Hmac hmac;
Vanger 0:b86d15c6ba29 127 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 128 byte* buffer;
Vanger 0:b86d15c6ba29 129 #else
Vanger 0:b86d15c6ba29 130 byte buffer[MAX_DIGEST_SIZE];
Vanger 0:b86d15c6ba29 131 #endif
Vanger 0:b86d15c6ba29 132
Vanger 0:b86d15c6ba29 133 if (hashType == MD5) {
Vanger 0:b86d15c6ba29 134 hLen = MD5_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 135 }
Vanger 0:b86d15c6ba29 136 else if (hashType == SHA) {
Vanger 0:b86d15c6ba29 137 hLen = SHA_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 138 }
Vanger 0:b86d15c6ba29 139 #ifndef NO_SHA256
Vanger 0:b86d15c6ba29 140 else if (hashType == SHA256) {
Vanger 0:b86d15c6ba29 141 hLen = SHA256_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 142 }
Vanger 0:b86d15c6ba29 143 #endif
Vanger 0:b86d15c6ba29 144 #ifdef CYASSL_SHA512
Vanger 0:b86d15c6ba29 145 else if (hashType == SHA512) {
Vanger 0:b86d15c6ba29 146 hLen = SHA512_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 147 }
Vanger 0:b86d15c6ba29 148 #endif
Vanger 0:b86d15c6ba29 149 else
Vanger 0:b86d15c6ba29 150 return BAD_FUNC_ARG;
Vanger 0:b86d15c6ba29 151
Vanger 0:b86d15c6ba29 152 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 153 buffer = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 154 if (buffer == NULL)
Vanger 0:b86d15c6ba29 155 return MEMORY_E;
Vanger 0:b86d15c6ba29 156 #endif
Vanger 0:b86d15c6ba29 157
Vanger 0:b86d15c6ba29 158 ret = HmacSetKey(&hmac, hashType, passwd, pLen);
Vanger 0:b86d15c6ba29 159
Vanger 0:b86d15c6ba29 160 if (ret == 0) {
Vanger 0:b86d15c6ba29 161 while (kLen) {
Vanger 0:b86d15c6ba29 162 int currentLen;
Vanger 0:b86d15c6ba29 163
Vanger 0:b86d15c6ba29 164 ret = HmacUpdate(&hmac, salt, sLen);
Vanger 0:b86d15c6ba29 165 if (ret != 0)
Vanger 0:b86d15c6ba29 166 break;
Vanger 0:b86d15c6ba29 167
Vanger 0:b86d15c6ba29 168 /* encode i */
Vanger 0:b86d15c6ba29 169 for (j = 0; j < 4; j++) {
Vanger 0:b86d15c6ba29 170 byte b = (byte)(i >> ((3-j) * 8));
Vanger 0:b86d15c6ba29 171
Vanger 0:b86d15c6ba29 172 ret = HmacUpdate(&hmac, &b, 1);
Vanger 0:b86d15c6ba29 173 if (ret != 0)
Vanger 0:b86d15c6ba29 174 break;
Vanger 0:b86d15c6ba29 175 }
Vanger 0:b86d15c6ba29 176
Vanger 0:b86d15c6ba29 177 /* check ret from inside for loop */
Vanger 0:b86d15c6ba29 178 if (ret != 0)
Vanger 0:b86d15c6ba29 179 break;
Vanger 0:b86d15c6ba29 180
Vanger 0:b86d15c6ba29 181 ret = HmacFinal(&hmac, buffer);
Vanger 0:b86d15c6ba29 182 if (ret != 0)
Vanger 0:b86d15c6ba29 183 break;
Vanger 0:b86d15c6ba29 184
Vanger 0:b86d15c6ba29 185 currentLen = min(kLen, hLen);
Vanger 0:b86d15c6ba29 186 XMEMCPY(output, buffer, currentLen);
Vanger 0:b86d15c6ba29 187
Vanger 0:b86d15c6ba29 188 for (j = 1; j < iterations; j++) {
Vanger 0:b86d15c6ba29 189 ret = HmacUpdate(&hmac, buffer, hLen);
Vanger 0:b86d15c6ba29 190 if (ret != 0)
Vanger 0:b86d15c6ba29 191 break;
Vanger 0:b86d15c6ba29 192 ret = HmacFinal(&hmac, buffer);
Vanger 0:b86d15c6ba29 193 if (ret != 0)
Vanger 0:b86d15c6ba29 194 break;
Vanger 0:b86d15c6ba29 195 xorbuf(output, buffer, currentLen);
Vanger 0:b86d15c6ba29 196 }
Vanger 0:b86d15c6ba29 197
Vanger 0:b86d15c6ba29 198 /* check ret from inside for loop */
Vanger 0:b86d15c6ba29 199 if (ret != 0)
Vanger 0:b86d15c6ba29 200 break;
Vanger 0:b86d15c6ba29 201
Vanger 0:b86d15c6ba29 202 output += currentLen;
Vanger 0:b86d15c6ba29 203 kLen -= currentLen;
Vanger 0:b86d15c6ba29 204 i++;
Vanger 0:b86d15c6ba29 205 }
Vanger 0:b86d15c6ba29 206 }
Vanger 0:b86d15c6ba29 207
Vanger 0:b86d15c6ba29 208 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 209 XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 210 #endif
Vanger 0:b86d15c6ba29 211
Vanger 0:b86d15c6ba29 212 return ret;
Vanger 0:b86d15c6ba29 213 }
Vanger 0:b86d15c6ba29 214
Vanger 0:b86d15c6ba29 215 #ifdef CYASSL_SHA512
Vanger 0:b86d15c6ba29 216 #define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE
Vanger 0:b86d15c6ba29 217 #elif !defined(NO_SHA256)
Vanger 0:b86d15c6ba29 218 #define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE
Vanger 0:b86d15c6ba29 219 #else
Vanger 0:b86d15c6ba29 220 #define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE
Vanger 0:b86d15c6ba29 221 #endif
Vanger 0:b86d15c6ba29 222
Vanger 0:b86d15c6ba29 223 int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
Vanger 0:b86d15c6ba29 224 int saltLen, int iterations, int kLen, int hashType, int id)
Vanger 0:b86d15c6ba29 225 {
Vanger 0:b86d15c6ba29 226 /* all in bytes instead of bits */
Vanger 0:b86d15c6ba29 227 word32 u, v, dLen, pLen, iLen, sLen, totalLen;
Vanger 0:b86d15c6ba29 228 int dynamic = 0;
Vanger 0:b86d15c6ba29 229 int ret = 0;
Vanger 0:b86d15c6ba29 230 int i;
Vanger 0:b86d15c6ba29 231 byte *D, *S, *P, *I;
Vanger 0:b86d15c6ba29 232 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 233 byte staticBuffer[1]; /* force dynamic usage */
Vanger 0:b86d15c6ba29 234 #else
Vanger 0:b86d15c6ba29 235 byte staticBuffer[1024];
Vanger 0:b86d15c6ba29 236 #endif
Vanger 0:b86d15c6ba29 237 byte* buffer = staticBuffer;
Vanger 0:b86d15c6ba29 238
Vanger 0:b86d15c6ba29 239 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 240 byte* Ai;
Vanger 0:b86d15c6ba29 241 byte* B;
Vanger 0:b86d15c6ba29 242 #else
Vanger 0:b86d15c6ba29 243 byte Ai[PBKDF_DIGEST_SIZE];
Vanger 0:b86d15c6ba29 244 byte B[PBKDF_DIGEST_SIZE];
Vanger 0:b86d15c6ba29 245 #endif
Vanger 0:b86d15c6ba29 246
Vanger 0:b86d15c6ba29 247 if (!iterations)
Vanger 0:b86d15c6ba29 248 iterations = 1;
Vanger 0:b86d15c6ba29 249
Vanger 0:b86d15c6ba29 250 if (hashType == MD5) {
Vanger 0:b86d15c6ba29 251 v = MD5_BLOCK_SIZE;
Vanger 0:b86d15c6ba29 252 u = MD5_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 253 }
Vanger 0:b86d15c6ba29 254 else if (hashType == SHA) {
Vanger 0:b86d15c6ba29 255 v = SHA_BLOCK_SIZE;
Vanger 0:b86d15c6ba29 256 u = SHA_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 257 }
Vanger 0:b86d15c6ba29 258 #ifndef NO_SHA256
Vanger 0:b86d15c6ba29 259 else if (hashType == SHA256) {
Vanger 0:b86d15c6ba29 260 v = SHA256_BLOCK_SIZE;
Vanger 0:b86d15c6ba29 261 u = SHA256_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 262 }
Vanger 0:b86d15c6ba29 263 #endif
Vanger 0:b86d15c6ba29 264 #ifdef CYASSL_SHA512
Vanger 0:b86d15c6ba29 265 else if (hashType == SHA512) {
Vanger 0:b86d15c6ba29 266 v = SHA512_BLOCK_SIZE;
Vanger 0:b86d15c6ba29 267 u = SHA512_DIGEST_SIZE;
Vanger 0:b86d15c6ba29 268 }
Vanger 0:b86d15c6ba29 269 #endif
Vanger 0:b86d15c6ba29 270 else
Vanger 0:b86d15c6ba29 271 return BAD_FUNC_ARG;
Vanger 0:b86d15c6ba29 272
Vanger 0:b86d15c6ba29 273 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 274 Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 275 if (Ai == NULL)
Vanger 0:b86d15c6ba29 276 return MEMORY_E;
Vanger 0:b86d15c6ba29 277
Vanger 0:b86d15c6ba29 278 B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 279 if (B == NULL) {
Vanger 0:b86d15c6ba29 280 XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 281 return MEMORY_E;
Vanger 0:b86d15c6ba29 282 }
Vanger 0:b86d15c6ba29 283 #endif
Vanger 0:b86d15c6ba29 284
Vanger 0:b86d15c6ba29 285 dLen = v;
Vanger 0:b86d15c6ba29 286 sLen = v * ((saltLen + v - 1) / v);
Vanger 0:b86d15c6ba29 287 if (passLen)
Vanger 0:b86d15c6ba29 288 pLen = v * ((passLen + v - 1) / v);
Vanger 0:b86d15c6ba29 289 else
Vanger 0:b86d15c6ba29 290 pLen = 0;
Vanger 0:b86d15c6ba29 291 iLen = sLen + pLen;
Vanger 0:b86d15c6ba29 292
Vanger 0:b86d15c6ba29 293 totalLen = dLen + sLen + pLen;
Vanger 0:b86d15c6ba29 294
Vanger 0:b86d15c6ba29 295 if (totalLen > sizeof(staticBuffer)) {
Vanger 0:b86d15c6ba29 296 buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
Vanger 0:b86d15c6ba29 297 if (buffer == NULL) {
Vanger 0:b86d15c6ba29 298 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 299 XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 300 XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 301 #endif
Vanger 0:b86d15c6ba29 302 return MEMORY_E;
Vanger 0:b86d15c6ba29 303 }
Vanger 0:b86d15c6ba29 304 dynamic = 1;
Vanger 0:b86d15c6ba29 305 }
Vanger 0:b86d15c6ba29 306
Vanger 0:b86d15c6ba29 307 D = buffer;
Vanger 0:b86d15c6ba29 308 S = D + dLen;
Vanger 0:b86d15c6ba29 309 P = S + sLen;
Vanger 0:b86d15c6ba29 310 I = S;
Vanger 0:b86d15c6ba29 311
Vanger 0:b86d15c6ba29 312 XMEMSET(D, id, dLen);
Vanger 0:b86d15c6ba29 313
Vanger 0:b86d15c6ba29 314 for (i = 0; i < (int)sLen; i++)
Vanger 0:b86d15c6ba29 315 S[i] = salt[i % saltLen];
Vanger 0:b86d15c6ba29 316 for (i = 0; i < (int)pLen; i++)
Vanger 0:b86d15c6ba29 317 P[i] = passwd[i % passLen];
Vanger 0:b86d15c6ba29 318
Vanger 0:b86d15c6ba29 319 while (kLen > 0) {
Vanger 0:b86d15c6ba29 320 word32 currentLen;
Vanger 0:b86d15c6ba29 321 mp_int B1;
Vanger 0:b86d15c6ba29 322
Vanger 0:b86d15c6ba29 323 if (hashType == MD5) {
Vanger 0:b86d15c6ba29 324 Md5 md5;
Vanger 0:b86d15c6ba29 325
Vanger 0:b86d15c6ba29 326 InitMd5(&md5);
Vanger 0:b86d15c6ba29 327 Md5Update(&md5, buffer, totalLen);
Vanger 0:b86d15c6ba29 328 Md5Final(&md5, Ai);
Vanger 0:b86d15c6ba29 329
Vanger 0:b86d15c6ba29 330 for (i = 1; i < iterations; i++) {
Vanger 0:b86d15c6ba29 331 Md5Update(&md5, Ai, u);
Vanger 0:b86d15c6ba29 332 Md5Final(&md5, Ai);
Vanger 0:b86d15c6ba29 333 }
Vanger 0:b86d15c6ba29 334 }
Vanger 0:b86d15c6ba29 335 else if (hashType == SHA) {
Vanger 0:b86d15c6ba29 336 Sha sha;
Vanger 0:b86d15c6ba29 337
Vanger 0:b86d15c6ba29 338 ret = InitSha(&sha);
Vanger 0:b86d15c6ba29 339 if (ret != 0)
Vanger 0:b86d15c6ba29 340 break;
Vanger 0:b86d15c6ba29 341 ShaUpdate(&sha, buffer, totalLen);
Vanger 0:b86d15c6ba29 342 ShaFinal(&sha, Ai);
Vanger 0:b86d15c6ba29 343
Vanger 0:b86d15c6ba29 344 for (i = 1; i < iterations; i++) {
Vanger 0:b86d15c6ba29 345 ShaUpdate(&sha, Ai, u);
Vanger 0:b86d15c6ba29 346 ShaFinal(&sha, Ai);
Vanger 0:b86d15c6ba29 347 }
Vanger 0:b86d15c6ba29 348 }
Vanger 0:b86d15c6ba29 349 #ifndef NO_SHA256
Vanger 0:b86d15c6ba29 350 else if (hashType == SHA256) {
Vanger 0:b86d15c6ba29 351 Sha256 sha256;
Vanger 0:b86d15c6ba29 352
Vanger 0:b86d15c6ba29 353 ret = InitSha256(&sha256);
Vanger 0:b86d15c6ba29 354 if (ret != 0)
Vanger 0:b86d15c6ba29 355 break;
Vanger 0:b86d15c6ba29 356
Vanger 0:b86d15c6ba29 357 ret = Sha256Update(&sha256, buffer, totalLen);
Vanger 0:b86d15c6ba29 358 if (ret != 0)
Vanger 0:b86d15c6ba29 359 break;
Vanger 0:b86d15c6ba29 360
Vanger 0:b86d15c6ba29 361 ret = Sha256Final(&sha256, Ai);
Vanger 0:b86d15c6ba29 362 if (ret != 0)
Vanger 0:b86d15c6ba29 363 break;
Vanger 0:b86d15c6ba29 364
Vanger 0:b86d15c6ba29 365 for (i = 1; i < iterations; i++) {
Vanger 0:b86d15c6ba29 366 ret = Sha256Update(&sha256, Ai, u);
Vanger 0:b86d15c6ba29 367 if (ret != 0)
Vanger 0:b86d15c6ba29 368 break;
Vanger 0:b86d15c6ba29 369
Vanger 0:b86d15c6ba29 370 ret = Sha256Final(&sha256, Ai);
Vanger 0:b86d15c6ba29 371 if (ret != 0)
Vanger 0:b86d15c6ba29 372 break;
Vanger 0:b86d15c6ba29 373 }
Vanger 0:b86d15c6ba29 374 }
Vanger 0:b86d15c6ba29 375 #endif
Vanger 0:b86d15c6ba29 376 #ifdef CYASSL_SHA512
Vanger 0:b86d15c6ba29 377 else if (hashType == SHA512) {
Vanger 0:b86d15c6ba29 378 Sha512 sha512;
Vanger 0:b86d15c6ba29 379
Vanger 0:b86d15c6ba29 380 ret = InitSha512(&sha512);
Vanger 0:b86d15c6ba29 381 if (ret != 0)
Vanger 0:b86d15c6ba29 382 break;
Vanger 0:b86d15c6ba29 383
Vanger 0:b86d15c6ba29 384 ret = Sha512Update(&sha512, buffer, totalLen);
Vanger 0:b86d15c6ba29 385 if (ret != 0)
Vanger 0:b86d15c6ba29 386 break;
Vanger 0:b86d15c6ba29 387
Vanger 0:b86d15c6ba29 388 ret = Sha512Final(&sha512, Ai);
Vanger 0:b86d15c6ba29 389 if (ret != 0)
Vanger 0:b86d15c6ba29 390 break;
Vanger 0:b86d15c6ba29 391
Vanger 0:b86d15c6ba29 392 for (i = 1; i < iterations; i++) {
Vanger 0:b86d15c6ba29 393 ret = Sha512Update(&sha512, Ai, u);
Vanger 0:b86d15c6ba29 394 if (ret != 0)
Vanger 0:b86d15c6ba29 395 break;
Vanger 0:b86d15c6ba29 396
Vanger 0:b86d15c6ba29 397 ret = Sha512Final(&sha512, Ai);
Vanger 0:b86d15c6ba29 398 if (ret != 0)
Vanger 0:b86d15c6ba29 399 break;
Vanger 0:b86d15c6ba29 400 }
Vanger 0:b86d15c6ba29 401 }
Vanger 0:b86d15c6ba29 402 #endif
Vanger 0:b86d15c6ba29 403
Vanger 0:b86d15c6ba29 404 for (i = 0; i < (int)v; i++)
Vanger 0:b86d15c6ba29 405 B[i] = Ai[i % u];
Vanger 0:b86d15c6ba29 406
Vanger 0:b86d15c6ba29 407 if (mp_init(&B1) != MP_OKAY)
Vanger 0:b86d15c6ba29 408 ret = MP_INIT_E;
Vanger 0:b86d15c6ba29 409 else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
Vanger 0:b86d15c6ba29 410 ret = MP_READ_E;
Vanger 0:b86d15c6ba29 411 else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
Vanger 0:b86d15c6ba29 412 ret = MP_ADD_E;
Vanger 0:b86d15c6ba29 413
Vanger 0:b86d15c6ba29 414 if (ret != 0) {
Vanger 0:b86d15c6ba29 415 mp_clear(&B1);
Vanger 0:b86d15c6ba29 416 break;
Vanger 0:b86d15c6ba29 417 }
Vanger 0:b86d15c6ba29 418
Vanger 0:b86d15c6ba29 419 for (i = 0; i < (int)iLen; i += v) {
Vanger 0:b86d15c6ba29 420 int outSz;
Vanger 0:b86d15c6ba29 421 mp_int i1;
Vanger 0:b86d15c6ba29 422 mp_int res;
Vanger 0:b86d15c6ba29 423
Vanger 0:b86d15c6ba29 424 if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
Vanger 0:b86d15c6ba29 425 ret = MP_INIT_E;
Vanger 0:b86d15c6ba29 426 break;
Vanger 0:b86d15c6ba29 427 }
Vanger 0:b86d15c6ba29 428 if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
Vanger 0:b86d15c6ba29 429 ret = MP_READ_E;
Vanger 0:b86d15c6ba29 430 else if (mp_add(&i1, &B1, &res) != MP_OKAY)
Vanger 0:b86d15c6ba29 431 ret = MP_ADD_E;
Vanger 0:b86d15c6ba29 432 else if ( (outSz = mp_unsigned_bin_size(&res)) < 0)
Vanger 0:b86d15c6ba29 433 ret = MP_TO_E;
Vanger 0:b86d15c6ba29 434 else {
Vanger 0:b86d15c6ba29 435 if (outSz > (int)v) {
Vanger 0:b86d15c6ba29 436 /* take off MSB */
Vanger 0:b86d15c6ba29 437 byte tmp[129];
Vanger 0:b86d15c6ba29 438 ret = mp_to_unsigned_bin(&res, tmp);
Vanger 0:b86d15c6ba29 439 XMEMCPY(I + i, tmp + 1, v);
Vanger 0:b86d15c6ba29 440 }
Vanger 0:b86d15c6ba29 441 else if (outSz < (int)v) {
Vanger 0:b86d15c6ba29 442 XMEMSET(I + i, 0, v - outSz);
Vanger 0:b86d15c6ba29 443 ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
Vanger 0:b86d15c6ba29 444 }
Vanger 0:b86d15c6ba29 445 else
Vanger 0:b86d15c6ba29 446 ret = mp_to_unsigned_bin(&res, I + i);
Vanger 0:b86d15c6ba29 447 }
Vanger 0:b86d15c6ba29 448
Vanger 0:b86d15c6ba29 449 mp_clear(&i1);
Vanger 0:b86d15c6ba29 450 mp_clear(&res);
Vanger 0:b86d15c6ba29 451 if (ret < 0) break;
Vanger 0:b86d15c6ba29 452 }
Vanger 0:b86d15c6ba29 453
Vanger 0:b86d15c6ba29 454 currentLen = min(kLen, (int)u);
Vanger 0:b86d15c6ba29 455 XMEMCPY(output, Ai, currentLen);
Vanger 0:b86d15c6ba29 456 output += currentLen;
Vanger 0:b86d15c6ba29 457 kLen -= currentLen;
Vanger 0:b86d15c6ba29 458 mp_clear(&B1);
Vanger 0:b86d15c6ba29 459 }
Vanger 0:b86d15c6ba29 460
Vanger 0:b86d15c6ba29 461 if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
Vanger 0:b86d15c6ba29 462
Vanger 0:b86d15c6ba29 463 #ifdef CYASSL_SMALL_STACK
Vanger 0:b86d15c6ba29 464 XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 465 XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger 0:b86d15c6ba29 466 #endif
Vanger 0:b86d15c6ba29 467
Vanger 0:b86d15c6ba29 468 return ret;
Vanger 0:b86d15c6ba29 469 }
Vanger 0:b86d15c6ba29 470
Vanger 0:b86d15c6ba29 471 #undef PBKDF_DIGEST_SIZE
Vanger 0:b86d15c6ba29 472
Vanger 0:b86d15c6ba29 473 #endif /* NO_PWDBASED */
Vanger 0:b86d15c6ba29 474