MultiTech
A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.
Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL
ctaocrypt/src/pwdbased.c@6:cf58d49e1a86, 2015-03-23 (annotated)
- Committer:
- Mike Fiore
- Date:
- Mon Mar 23 16:51:07 2015 -0500
- Revision:
- 6:cf58d49e1a86
- Parent:
- 0:b86d15c6ba29
fix whitespace in sha512.c
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| Vanger | 0:b86d15c6ba29 | 1 | /* pwdbased.c |
| Vanger | 0:b86d15c6ba29 | 2 | * |
| Vanger | 0:b86d15c6ba29 | 3 | * Copyright (C) 2006-2014 wolfSSL Inc. |
| Vanger | 0:b86d15c6ba29 | 4 | * |
| Vanger | 0:b86d15c6ba29 | 5 | * This file is part of CyaSSL. |
| Vanger | 0:b86d15c6ba29 | 6 | * |
| Vanger | 0:b86d15c6ba29 | 7 | * CyaSSL is free software; you can redistribute it and/or modify |
| Vanger | 0:b86d15c6ba29 | 8 | * it under the terms of the GNU General Public License as published by |
| Vanger | 0:b86d15c6ba29 | 9 | * the Free Software Foundation; either version 2 of the License, or |
| Vanger | 0:b86d15c6ba29 | 10 | * (at your option) any later version. |
| Vanger | 0:b86d15c6ba29 | 11 | * |
| Vanger | 0:b86d15c6ba29 | 12 | * CyaSSL is distributed in the hope that it will be useful, |
| Vanger | 0:b86d15c6ba29 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| Vanger | 0:b86d15c6ba29 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| Vanger | 0:b86d15c6ba29 | 15 | * GNU General Public License for more details. |
| Vanger | 0:b86d15c6ba29 | 16 | * |
| Vanger | 0:b86d15c6ba29 | 17 | * You should have received a copy of the GNU General Public License |
| Vanger | 0:b86d15c6ba29 | 18 | * along with this program; if not, write to the Free Software |
| Vanger | 0:b86d15c6ba29 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
| Vanger | 0:b86d15c6ba29 | 20 | */ |
| Vanger | 0:b86d15c6ba29 | 21 | |
| Vanger | 0:b86d15c6ba29 | 22 | #ifdef HAVE_CONFIG_H |
| Vanger | 0:b86d15c6ba29 | 23 | #include <config.h> |
| Vanger | 0:b86d15c6ba29 | 24 | #endif |
| Vanger | 0:b86d15c6ba29 | 25 | |
| Vanger | 0:b86d15c6ba29 | 26 | #include <cyassl/ctaocrypt/settings.h> |
| Vanger | 0:b86d15c6ba29 | 27 | |
| Vanger | 0:b86d15c6ba29 | 28 | #ifndef NO_PWDBASED |
| Vanger | 0:b86d15c6ba29 | 29 | |
| Vanger | 0:b86d15c6ba29 | 30 | #ifdef CYASSL_PIC32MZ_HASH |
| Vanger | 0:b86d15c6ba29 | 31 | |
| Vanger | 0:b86d15c6ba29 | 32 | #define InitMd5 InitMd5_sw |
| Vanger | 0:b86d15c6ba29 | 33 | #define Md5Update Md5Update_sw |
| Vanger | 0:b86d15c6ba29 | 34 | #define Md5Final Md5Final_sw |
| Vanger | 0:b86d15c6ba29 | 35 | |
| Vanger | 0:b86d15c6ba29 | 36 | #define InitSha InitSha_sw |
| Vanger | 0:b86d15c6ba29 | 37 | #define ShaUpdate ShaUpdate_sw |
| Vanger | 0:b86d15c6ba29 | 38 | #define ShaFinal ShaFinal_sw |
| Vanger | 0:b86d15c6ba29 | 39 | |
| Vanger | 0:b86d15c6ba29 | 40 | #define InitSha256 InitSha256_sw |
| Vanger | 0:b86d15c6ba29 | 41 | #define Sha256Update Sha256Update_sw |
| Vanger | 0:b86d15c6ba29 | 42 | #define Sha256Final Sha256Final_sw |
| Vanger | 0:b86d15c6ba29 | 43 | |
| Vanger | 0:b86d15c6ba29 | 44 | #endif |
| Vanger | 0:b86d15c6ba29 | 45 | |
| Vanger | 0:b86d15c6ba29 | 46 | #include <cyassl/ctaocrypt/pwdbased.h> |
| Vanger | 0:b86d15c6ba29 | 47 | #include <cyassl/ctaocrypt/hmac.h> |
| Vanger | 0:b86d15c6ba29 | 48 | #include <cyassl/ctaocrypt/integer.h> |
| Vanger | 0:b86d15c6ba29 | 49 | #include <cyassl/ctaocrypt/error-crypt.h> |
| Vanger | 0:b86d15c6ba29 | 50 | #if defined(CYASSL_SHA512) || defined(CYASSL_SHA384) |
| Vanger | 0:b86d15c6ba29 | 51 | #include <cyassl/ctaocrypt/sha512.h> |
| Vanger | 0:b86d15c6ba29 | 52 | #endif |
| Vanger | 0:b86d15c6ba29 | 53 | |
| Vanger | 0:b86d15c6ba29 | 54 | #ifdef NO_INLINE |
| Vanger | 0:b86d15c6ba29 | 55 | #include <cyassl/ctaocrypt/misc.h> |
| Vanger | 0:b86d15c6ba29 | 56 | #else |
| Vanger | 0:b86d15c6ba29 | 57 | #include <ctaocrypt/src/misc.c> |
| Vanger | 0:b86d15c6ba29 | 58 | #endif |
| Vanger | 0:b86d15c6ba29 | 59 | |
| Vanger | 0:b86d15c6ba29 | 60 | |
| Vanger | 0:b86d15c6ba29 | 61 | #ifndef min |
| Vanger | 0:b86d15c6ba29 | 62 | |
| Vanger | 0:b86d15c6ba29 | 63 | static INLINE word32 min(word32 a, word32 b) |
| Vanger | 0:b86d15c6ba29 | 64 | { |
| Vanger | 0:b86d15c6ba29 | 65 | return a > b ? b : a; |
| Vanger | 0:b86d15c6ba29 | 66 | } |
| Vanger | 0:b86d15c6ba29 | 67 | |
| Vanger | 0:b86d15c6ba29 | 68 | #endif /* min */ |
| Vanger | 0:b86d15c6ba29 | 69 | |
| Vanger | 0:b86d15c6ba29 | 70 | |
| Vanger | 0:b86d15c6ba29 | 71 | int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, |
| Vanger | 0:b86d15c6ba29 | 72 | int sLen, int iterations, int kLen, int hashType) |
| Vanger | 0:b86d15c6ba29 | 73 | { |
| Vanger | 0:b86d15c6ba29 | 74 | Md5 md5; |
| Vanger | 0:b86d15c6ba29 | 75 | Sha sha; |
| Vanger | 0:b86d15c6ba29 | 76 | int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 77 | int i, ret = 0; |
| Vanger | 0:b86d15c6ba29 | 78 | byte buffer[SHA_DIGEST_SIZE]; /* max size */ |
| Vanger | 0:b86d15c6ba29 | 79 | |
| Vanger | 0:b86d15c6ba29 | 80 | if (hashType != MD5 && hashType != SHA) |
| Vanger | 0:b86d15c6ba29 | 81 | return BAD_FUNC_ARG; |
| Vanger | 0:b86d15c6ba29 | 82 | |
| Vanger | 0:b86d15c6ba29 | 83 | if (kLen > hLen) |
| Vanger | 0:b86d15c6ba29 | 84 | return BAD_FUNC_ARG; |
| Vanger | 0:b86d15c6ba29 | 85 | |
| Vanger | 0:b86d15c6ba29 | 86 | if (iterations < 1) |
| Vanger | 0:b86d15c6ba29 | 87 | return BAD_FUNC_ARG; |
| Vanger | 0:b86d15c6ba29 | 88 | |
| Vanger | 0:b86d15c6ba29 | 89 | if (hashType == MD5) { |
| Vanger | 0:b86d15c6ba29 | 90 | InitMd5(&md5); |
| Vanger | 0:b86d15c6ba29 | 91 | Md5Update(&md5, passwd, pLen); |
| Vanger | 0:b86d15c6ba29 | 92 | Md5Update(&md5, salt, sLen); |
| Vanger | 0:b86d15c6ba29 | 93 | Md5Final(&md5, buffer); |
| Vanger | 0:b86d15c6ba29 | 94 | } |
| Vanger | 0:b86d15c6ba29 | 95 | else { |
| Vanger | 0:b86d15c6ba29 | 96 | ret = InitSha(&sha); |
| Vanger | 0:b86d15c6ba29 | 97 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 98 | return ret; |
| Vanger | 0:b86d15c6ba29 | 99 | ShaUpdate(&sha, passwd, pLen); |
| Vanger | 0:b86d15c6ba29 | 100 | ShaUpdate(&sha, salt, sLen); |
| Vanger | 0:b86d15c6ba29 | 101 | ShaFinal(&sha, buffer); |
| Vanger | 0:b86d15c6ba29 | 102 | } |
| Vanger | 0:b86d15c6ba29 | 103 | |
| Vanger | 0:b86d15c6ba29 | 104 | for (i = 1; i < iterations; i++) { |
| Vanger | 0:b86d15c6ba29 | 105 | if (hashType == MD5) { |
| Vanger | 0:b86d15c6ba29 | 106 | Md5Update(&md5, buffer, hLen); |
| Vanger | 0:b86d15c6ba29 | 107 | Md5Final(&md5, buffer); |
| Vanger | 0:b86d15c6ba29 | 108 | } |
| Vanger | 0:b86d15c6ba29 | 109 | else { |
| Vanger | 0:b86d15c6ba29 | 110 | ShaUpdate(&sha, buffer, hLen); |
| Vanger | 0:b86d15c6ba29 | 111 | ShaFinal(&sha, buffer); |
| Vanger | 0:b86d15c6ba29 | 112 | } |
| Vanger | 0:b86d15c6ba29 | 113 | } |
| Vanger | 0:b86d15c6ba29 | 114 | XMEMCPY(output, buffer, kLen); |
| Vanger | 0:b86d15c6ba29 | 115 | |
| Vanger | 0:b86d15c6ba29 | 116 | return 0; |
| Vanger | 0:b86d15c6ba29 | 117 | } |
| Vanger | 0:b86d15c6ba29 | 118 | |
| Vanger | 0:b86d15c6ba29 | 119 | |
| Vanger | 0:b86d15c6ba29 | 120 | int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, |
| Vanger | 0:b86d15c6ba29 | 121 | int sLen, int iterations, int kLen, int hashType) |
| Vanger | 0:b86d15c6ba29 | 122 | { |
| Vanger | 0:b86d15c6ba29 | 123 | word32 i = 1; |
| Vanger | 0:b86d15c6ba29 | 124 | int hLen; |
| Vanger | 0:b86d15c6ba29 | 125 | int j, ret; |
| Vanger | 0:b86d15c6ba29 | 126 | Hmac hmac; |
| Vanger | 0:b86d15c6ba29 | 127 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 128 | byte* buffer; |
| Vanger | 0:b86d15c6ba29 | 129 | #else |
| Vanger | 0:b86d15c6ba29 | 130 | byte buffer[MAX_DIGEST_SIZE]; |
| Vanger | 0:b86d15c6ba29 | 131 | #endif |
| Vanger | 0:b86d15c6ba29 | 132 | |
| Vanger | 0:b86d15c6ba29 | 133 | if (hashType == MD5) { |
| Vanger | 0:b86d15c6ba29 | 134 | hLen = MD5_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 135 | } |
| Vanger | 0:b86d15c6ba29 | 136 | else if (hashType == SHA) { |
| Vanger | 0:b86d15c6ba29 | 137 | hLen = SHA_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 138 | } |
| Vanger | 0:b86d15c6ba29 | 139 | #ifndef NO_SHA256 |
| Vanger | 0:b86d15c6ba29 | 140 | else if (hashType == SHA256) { |
| Vanger | 0:b86d15c6ba29 | 141 | hLen = SHA256_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 142 | } |
| Vanger | 0:b86d15c6ba29 | 143 | #endif |
| Vanger | 0:b86d15c6ba29 | 144 | #ifdef CYASSL_SHA512 |
| Vanger | 0:b86d15c6ba29 | 145 | else if (hashType == SHA512) { |
| Vanger | 0:b86d15c6ba29 | 146 | hLen = SHA512_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 147 | } |
| Vanger | 0:b86d15c6ba29 | 148 | #endif |
| Vanger | 0:b86d15c6ba29 | 149 | else |
| Vanger | 0:b86d15c6ba29 | 150 | return BAD_FUNC_ARG; |
| Vanger | 0:b86d15c6ba29 | 151 | |
| Vanger | 0:b86d15c6ba29 | 152 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 153 | buffer = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 154 | if (buffer == NULL) |
| Vanger | 0:b86d15c6ba29 | 155 | return MEMORY_E; |
| Vanger | 0:b86d15c6ba29 | 156 | #endif |
| Vanger | 0:b86d15c6ba29 | 157 | |
| Vanger | 0:b86d15c6ba29 | 158 | ret = HmacSetKey(&hmac, hashType, passwd, pLen); |
| Vanger | 0:b86d15c6ba29 | 159 | |
| Vanger | 0:b86d15c6ba29 | 160 | if (ret == 0) { |
| Vanger | 0:b86d15c6ba29 | 161 | while (kLen) { |
| Vanger | 0:b86d15c6ba29 | 162 | int currentLen; |
| Vanger | 0:b86d15c6ba29 | 163 | |
| Vanger | 0:b86d15c6ba29 | 164 | ret = HmacUpdate(&hmac, salt, sLen); |
| Vanger | 0:b86d15c6ba29 | 165 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 166 | break; |
| Vanger | 0:b86d15c6ba29 | 167 | |
| Vanger | 0:b86d15c6ba29 | 168 | /* encode i */ |
| Vanger | 0:b86d15c6ba29 | 169 | for (j = 0; j < 4; j++) { |
| Vanger | 0:b86d15c6ba29 | 170 | byte b = (byte)(i >> ((3-j) * 8)); |
| Vanger | 0:b86d15c6ba29 | 171 | |
| Vanger | 0:b86d15c6ba29 | 172 | ret = HmacUpdate(&hmac, &b, 1); |
| Vanger | 0:b86d15c6ba29 | 173 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 174 | break; |
| Vanger | 0:b86d15c6ba29 | 175 | } |
| Vanger | 0:b86d15c6ba29 | 176 | |
| Vanger | 0:b86d15c6ba29 | 177 | /* check ret from inside for loop */ |
| Vanger | 0:b86d15c6ba29 | 178 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 179 | break; |
| Vanger | 0:b86d15c6ba29 | 180 | |
| Vanger | 0:b86d15c6ba29 | 181 | ret = HmacFinal(&hmac, buffer); |
| Vanger | 0:b86d15c6ba29 | 182 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 183 | break; |
| Vanger | 0:b86d15c6ba29 | 184 | |
| Vanger | 0:b86d15c6ba29 | 185 | currentLen = min(kLen, hLen); |
| Vanger | 0:b86d15c6ba29 | 186 | XMEMCPY(output, buffer, currentLen); |
| Vanger | 0:b86d15c6ba29 | 187 | |
| Vanger | 0:b86d15c6ba29 | 188 | for (j = 1; j < iterations; j++) { |
| Vanger | 0:b86d15c6ba29 | 189 | ret = HmacUpdate(&hmac, buffer, hLen); |
| Vanger | 0:b86d15c6ba29 | 190 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 191 | break; |
| Vanger | 0:b86d15c6ba29 | 192 | ret = HmacFinal(&hmac, buffer); |
| Vanger | 0:b86d15c6ba29 | 193 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 194 | break; |
| Vanger | 0:b86d15c6ba29 | 195 | xorbuf(output, buffer, currentLen); |
| Vanger | 0:b86d15c6ba29 | 196 | } |
| Vanger | 0:b86d15c6ba29 | 197 | |
| Vanger | 0:b86d15c6ba29 | 198 | /* check ret from inside for loop */ |
| Vanger | 0:b86d15c6ba29 | 199 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 200 | break; |
| Vanger | 0:b86d15c6ba29 | 201 | |
| Vanger | 0:b86d15c6ba29 | 202 | output += currentLen; |
| Vanger | 0:b86d15c6ba29 | 203 | kLen -= currentLen; |
| Vanger | 0:b86d15c6ba29 | 204 | i++; |
| Vanger | 0:b86d15c6ba29 | 205 | } |
| Vanger | 0:b86d15c6ba29 | 206 | } |
| Vanger | 0:b86d15c6ba29 | 207 | |
| Vanger | 0:b86d15c6ba29 | 208 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 209 | XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 210 | #endif |
| Vanger | 0:b86d15c6ba29 | 211 | |
| Vanger | 0:b86d15c6ba29 | 212 | return ret; |
| Vanger | 0:b86d15c6ba29 | 213 | } |
| Vanger | 0:b86d15c6ba29 | 214 | |
| Vanger | 0:b86d15c6ba29 | 215 | #ifdef CYASSL_SHA512 |
| Vanger | 0:b86d15c6ba29 | 216 | #define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE |
| Vanger | 0:b86d15c6ba29 | 217 | #elif !defined(NO_SHA256) |
| Vanger | 0:b86d15c6ba29 | 218 | #define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE |
| Vanger | 0:b86d15c6ba29 | 219 | #else |
| Vanger | 0:b86d15c6ba29 | 220 | #define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE |
| Vanger | 0:b86d15c6ba29 | 221 | #endif |
| Vanger | 0:b86d15c6ba29 | 222 | |
| Vanger | 0:b86d15c6ba29 | 223 | int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, |
| Vanger | 0:b86d15c6ba29 | 224 | int saltLen, int iterations, int kLen, int hashType, int id) |
| Vanger | 0:b86d15c6ba29 | 225 | { |
| Vanger | 0:b86d15c6ba29 | 226 | /* all in bytes instead of bits */ |
| Vanger | 0:b86d15c6ba29 | 227 | word32 u, v, dLen, pLen, iLen, sLen, totalLen; |
| Vanger | 0:b86d15c6ba29 | 228 | int dynamic = 0; |
| Vanger | 0:b86d15c6ba29 | 229 | int ret = 0; |
| Vanger | 0:b86d15c6ba29 | 230 | int i; |
| Vanger | 0:b86d15c6ba29 | 231 | byte *D, *S, *P, *I; |
| Vanger | 0:b86d15c6ba29 | 232 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 233 | byte staticBuffer[1]; /* force dynamic usage */ |
| Vanger | 0:b86d15c6ba29 | 234 | #else |
| Vanger | 0:b86d15c6ba29 | 235 | byte staticBuffer[1024]; |
| Vanger | 0:b86d15c6ba29 | 236 | #endif |
| Vanger | 0:b86d15c6ba29 | 237 | byte* buffer = staticBuffer; |
| Vanger | 0:b86d15c6ba29 | 238 | |
| Vanger | 0:b86d15c6ba29 | 239 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 240 | byte* Ai; |
| Vanger | 0:b86d15c6ba29 | 241 | byte* B; |
| Vanger | 0:b86d15c6ba29 | 242 | #else |
| Vanger | 0:b86d15c6ba29 | 243 | byte Ai[PBKDF_DIGEST_SIZE]; |
| Vanger | 0:b86d15c6ba29 | 244 | byte B[PBKDF_DIGEST_SIZE]; |
| Vanger | 0:b86d15c6ba29 | 245 | #endif |
| Vanger | 0:b86d15c6ba29 | 246 | |
| Vanger | 0:b86d15c6ba29 | 247 | if (!iterations) |
| Vanger | 0:b86d15c6ba29 | 248 | iterations = 1; |
| Vanger | 0:b86d15c6ba29 | 249 | |
| Vanger | 0:b86d15c6ba29 | 250 | if (hashType == MD5) { |
| Vanger | 0:b86d15c6ba29 | 251 | v = MD5_BLOCK_SIZE; |
| Vanger | 0:b86d15c6ba29 | 252 | u = MD5_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 253 | } |
| Vanger | 0:b86d15c6ba29 | 254 | else if (hashType == SHA) { |
| Vanger | 0:b86d15c6ba29 | 255 | v = SHA_BLOCK_SIZE; |
| Vanger | 0:b86d15c6ba29 | 256 | u = SHA_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 257 | } |
| Vanger | 0:b86d15c6ba29 | 258 | #ifndef NO_SHA256 |
| Vanger | 0:b86d15c6ba29 | 259 | else if (hashType == SHA256) { |
| Vanger | 0:b86d15c6ba29 | 260 | v = SHA256_BLOCK_SIZE; |
| Vanger | 0:b86d15c6ba29 | 261 | u = SHA256_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 262 | } |
| Vanger | 0:b86d15c6ba29 | 263 | #endif |
| Vanger | 0:b86d15c6ba29 | 264 | #ifdef CYASSL_SHA512 |
| Vanger | 0:b86d15c6ba29 | 265 | else if (hashType == SHA512) { |
| Vanger | 0:b86d15c6ba29 | 266 | v = SHA512_BLOCK_SIZE; |
| Vanger | 0:b86d15c6ba29 | 267 | u = SHA512_DIGEST_SIZE; |
| Vanger | 0:b86d15c6ba29 | 268 | } |
| Vanger | 0:b86d15c6ba29 | 269 | #endif |
| Vanger | 0:b86d15c6ba29 | 270 | else |
| Vanger | 0:b86d15c6ba29 | 271 | return BAD_FUNC_ARG; |
| Vanger | 0:b86d15c6ba29 | 272 | |
| Vanger | 0:b86d15c6ba29 | 273 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 274 | Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 275 | if (Ai == NULL) |
| Vanger | 0:b86d15c6ba29 | 276 | return MEMORY_E; |
| Vanger | 0:b86d15c6ba29 | 277 | |
| Vanger | 0:b86d15c6ba29 | 278 | B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 279 | if (B == NULL) { |
| Vanger | 0:b86d15c6ba29 | 280 | XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 281 | return MEMORY_E; |
| Vanger | 0:b86d15c6ba29 | 282 | } |
| Vanger | 0:b86d15c6ba29 | 283 | #endif |
| Vanger | 0:b86d15c6ba29 | 284 | |
| Vanger | 0:b86d15c6ba29 | 285 | dLen = v; |
| Vanger | 0:b86d15c6ba29 | 286 | sLen = v * ((saltLen + v - 1) / v); |
| Vanger | 0:b86d15c6ba29 | 287 | if (passLen) |
| Vanger | 0:b86d15c6ba29 | 288 | pLen = v * ((passLen + v - 1) / v); |
| Vanger | 0:b86d15c6ba29 | 289 | else |
| Vanger | 0:b86d15c6ba29 | 290 | pLen = 0; |
| Vanger | 0:b86d15c6ba29 | 291 | iLen = sLen + pLen; |
| Vanger | 0:b86d15c6ba29 | 292 | |
| Vanger | 0:b86d15c6ba29 | 293 | totalLen = dLen + sLen + pLen; |
| Vanger | 0:b86d15c6ba29 | 294 | |
| Vanger | 0:b86d15c6ba29 | 295 | if (totalLen > sizeof(staticBuffer)) { |
| Vanger | 0:b86d15c6ba29 | 296 | buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY); |
| Vanger | 0:b86d15c6ba29 | 297 | if (buffer == NULL) { |
| Vanger | 0:b86d15c6ba29 | 298 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 299 | XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 300 | XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 301 | #endif |
| Vanger | 0:b86d15c6ba29 | 302 | return MEMORY_E; |
| Vanger | 0:b86d15c6ba29 | 303 | } |
| Vanger | 0:b86d15c6ba29 | 304 | dynamic = 1; |
| Vanger | 0:b86d15c6ba29 | 305 | } |
| Vanger | 0:b86d15c6ba29 | 306 | |
| Vanger | 0:b86d15c6ba29 | 307 | D = buffer; |
| Vanger | 0:b86d15c6ba29 | 308 | S = D + dLen; |
| Vanger | 0:b86d15c6ba29 | 309 | P = S + sLen; |
| Vanger | 0:b86d15c6ba29 | 310 | I = S; |
| Vanger | 0:b86d15c6ba29 | 311 | |
| Vanger | 0:b86d15c6ba29 | 312 | XMEMSET(D, id, dLen); |
| Vanger | 0:b86d15c6ba29 | 313 | |
| Vanger | 0:b86d15c6ba29 | 314 | for (i = 0; i < (int)sLen; i++) |
| Vanger | 0:b86d15c6ba29 | 315 | S[i] = salt[i % saltLen]; |
| Vanger | 0:b86d15c6ba29 | 316 | for (i = 0; i < (int)pLen; i++) |
| Vanger | 0:b86d15c6ba29 | 317 | P[i] = passwd[i % passLen]; |
| Vanger | 0:b86d15c6ba29 | 318 | |
| Vanger | 0:b86d15c6ba29 | 319 | while (kLen > 0) { |
| Vanger | 0:b86d15c6ba29 | 320 | word32 currentLen; |
| Vanger | 0:b86d15c6ba29 | 321 | mp_int B1; |
| Vanger | 0:b86d15c6ba29 | 322 | |
| Vanger | 0:b86d15c6ba29 | 323 | if (hashType == MD5) { |
| Vanger | 0:b86d15c6ba29 | 324 | Md5 md5; |
| Vanger | 0:b86d15c6ba29 | 325 | |
| Vanger | 0:b86d15c6ba29 | 326 | InitMd5(&md5); |
| Vanger | 0:b86d15c6ba29 | 327 | Md5Update(&md5, buffer, totalLen); |
| Vanger | 0:b86d15c6ba29 | 328 | Md5Final(&md5, Ai); |
| Vanger | 0:b86d15c6ba29 | 329 | |
| Vanger | 0:b86d15c6ba29 | 330 | for (i = 1; i < iterations; i++) { |
| Vanger | 0:b86d15c6ba29 | 331 | Md5Update(&md5, Ai, u); |
| Vanger | 0:b86d15c6ba29 | 332 | Md5Final(&md5, Ai); |
| Vanger | 0:b86d15c6ba29 | 333 | } |
| Vanger | 0:b86d15c6ba29 | 334 | } |
| Vanger | 0:b86d15c6ba29 | 335 | else if (hashType == SHA) { |
| Vanger | 0:b86d15c6ba29 | 336 | Sha sha; |
| Vanger | 0:b86d15c6ba29 | 337 | |
| Vanger | 0:b86d15c6ba29 | 338 | ret = InitSha(&sha); |
| Vanger | 0:b86d15c6ba29 | 339 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 340 | break; |
| Vanger | 0:b86d15c6ba29 | 341 | ShaUpdate(&sha, buffer, totalLen); |
| Vanger | 0:b86d15c6ba29 | 342 | ShaFinal(&sha, Ai); |
| Vanger | 0:b86d15c6ba29 | 343 | |
| Vanger | 0:b86d15c6ba29 | 344 | for (i = 1; i < iterations; i++) { |
| Vanger | 0:b86d15c6ba29 | 345 | ShaUpdate(&sha, Ai, u); |
| Vanger | 0:b86d15c6ba29 | 346 | ShaFinal(&sha, Ai); |
| Vanger | 0:b86d15c6ba29 | 347 | } |
| Vanger | 0:b86d15c6ba29 | 348 | } |
| Vanger | 0:b86d15c6ba29 | 349 | #ifndef NO_SHA256 |
| Vanger | 0:b86d15c6ba29 | 350 | else if (hashType == SHA256) { |
| Vanger | 0:b86d15c6ba29 | 351 | Sha256 sha256; |
| Vanger | 0:b86d15c6ba29 | 352 | |
| Vanger | 0:b86d15c6ba29 | 353 | ret = InitSha256(&sha256); |
| Vanger | 0:b86d15c6ba29 | 354 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 355 | break; |
| Vanger | 0:b86d15c6ba29 | 356 | |
| Vanger | 0:b86d15c6ba29 | 357 | ret = Sha256Update(&sha256, buffer, totalLen); |
| Vanger | 0:b86d15c6ba29 | 358 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 359 | break; |
| Vanger | 0:b86d15c6ba29 | 360 | |
| Vanger | 0:b86d15c6ba29 | 361 | ret = Sha256Final(&sha256, Ai); |
| Vanger | 0:b86d15c6ba29 | 362 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 363 | break; |
| Vanger | 0:b86d15c6ba29 | 364 | |
| Vanger | 0:b86d15c6ba29 | 365 | for (i = 1; i < iterations; i++) { |
| Vanger | 0:b86d15c6ba29 | 366 | ret = Sha256Update(&sha256, Ai, u); |
| Vanger | 0:b86d15c6ba29 | 367 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 368 | break; |
| Vanger | 0:b86d15c6ba29 | 369 | |
| Vanger | 0:b86d15c6ba29 | 370 | ret = Sha256Final(&sha256, Ai); |
| Vanger | 0:b86d15c6ba29 | 371 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 372 | break; |
| Vanger | 0:b86d15c6ba29 | 373 | } |
| Vanger | 0:b86d15c6ba29 | 374 | } |
| Vanger | 0:b86d15c6ba29 | 375 | #endif |
| Vanger | 0:b86d15c6ba29 | 376 | #ifdef CYASSL_SHA512 |
| Vanger | 0:b86d15c6ba29 | 377 | else if (hashType == SHA512) { |
| Vanger | 0:b86d15c6ba29 | 378 | Sha512 sha512; |
| Vanger | 0:b86d15c6ba29 | 379 | |
| Vanger | 0:b86d15c6ba29 | 380 | ret = InitSha512(&sha512); |
| Vanger | 0:b86d15c6ba29 | 381 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 382 | break; |
| Vanger | 0:b86d15c6ba29 | 383 | |
| Vanger | 0:b86d15c6ba29 | 384 | ret = Sha512Update(&sha512, buffer, totalLen); |
| Vanger | 0:b86d15c6ba29 | 385 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 386 | break; |
| Vanger | 0:b86d15c6ba29 | 387 | |
| Vanger | 0:b86d15c6ba29 | 388 | ret = Sha512Final(&sha512, Ai); |
| Vanger | 0:b86d15c6ba29 | 389 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 390 | break; |
| Vanger | 0:b86d15c6ba29 | 391 | |
| Vanger | 0:b86d15c6ba29 | 392 | for (i = 1; i < iterations; i++) { |
| Vanger | 0:b86d15c6ba29 | 393 | ret = Sha512Update(&sha512, Ai, u); |
| Vanger | 0:b86d15c6ba29 | 394 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 395 | break; |
| Vanger | 0:b86d15c6ba29 | 396 | |
| Vanger | 0:b86d15c6ba29 | 397 | ret = Sha512Final(&sha512, Ai); |
| Vanger | 0:b86d15c6ba29 | 398 | if (ret != 0) |
| Vanger | 0:b86d15c6ba29 | 399 | break; |
| Vanger | 0:b86d15c6ba29 | 400 | } |
| Vanger | 0:b86d15c6ba29 | 401 | } |
| Vanger | 0:b86d15c6ba29 | 402 | #endif |
| Vanger | 0:b86d15c6ba29 | 403 | |
| Vanger | 0:b86d15c6ba29 | 404 | for (i = 0; i < (int)v; i++) |
| Vanger | 0:b86d15c6ba29 | 405 | B[i] = Ai[i % u]; |
| Vanger | 0:b86d15c6ba29 | 406 | |
| Vanger | 0:b86d15c6ba29 | 407 | if (mp_init(&B1) != MP_OKAY) |
| Vanger | 0:b86d15c6ba29 | 408 | ret = MP_INIT_E; |
| Vanger | 0:b86d15c6ba29 | 409 | else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY) |
| Vanger | 0:b86d15c6ba29 | 410 | ret = MP_READ_E; |
| Vanger | 0:b86d15c6ba29 | 411 | else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY) |
| Vanger | 0:b86d15c6ba29 | 412 | ret = MP_ADD_E; |
| Vanger | 0:b86d15c6ba29 | 413 | |
| Vanger | 0:b86d15c6ba29 | 414 | if (ret != 0) { |
| Vanger | 0:b86d15c6ba29 | 415 | mp_clear(&B1); |
| Vanger | 0:b86d15c6ba29 | 416 | break; |
| Vanger | 0:b86d15c6ba29 | 417 | } |
| Vanger | 0:b86d15c6ba29 | 418 | |
| Vanger | 0:b86d15c6ba29 | 419 | for (i = 0; i < (int)iLen; i += v) { |
| Vanger | 0:b86d15c6ba29 | 420 | int outSz; |
| Vanger | 0:b86d15c6ba29 | 421 | mp_int i1; |
| Vanger | 0:b86d15c6ba29 | 422 | mp_int res; |
| Vanger | 0:b86d15c6ba29 | 423 | |
| Vanger | 0:b86d15c6ba29 | 424 | if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) { |
| Vanger | 0:b86d15c6ba29 | 425 | ret = MP_INIT_E; |
| Vanger | 0:b86d15c6ba29 | 426 | break; |
| Vanger | 0:b86d15c6ba29 | 427 | } |
| Vanger | 0:b86d15c6ba29 | 428 | if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY) |
| Vanger | 0:b86d15c6ba29 | 429 | ret = MP_READ_E; |
| Vanger | 0:b86d15c6ba29 | 430 | else if (mp_add(&i1, &B1, &res) != MP_OKAY) |
| Vanger | 0:b86d15c6ba29 | 431 | ret = MP_ADD_E; |
| Vanger | 0:b86d15c6ba29 | 432 | else if ( (outSz = mp_unsigned_bin_size(&res)) < 0) |
| Vanger | 0:b86d15c6ba29 | 433 | ret = MP_TO_E; |
| Vanger | 0:b86d15c6ba29 | 434 | else { |
| Vanger | 0:b86d15c6ba29 | 435 | if (outSz > (int)v) { |
| Vanger | 0:b86d15c6ba29 | 436 | /* take off MSB */ |
| Vanger | 0:b86d15c6ba29 | 437 | byte tmp[129]; |
| Vanger | 0:b86d15c6ba29 | 438 | ret = mp_to_unsigned_bin(&res, tmp); |
| Vanger | 0:b86d15c6ba29 | 439 | XMEMCPY(I + i, tmp + 1, v); |
| Vanger | 0:b86d15c6ba29 | 440 | } |
| Vanger | 0:b86d15c6ba29 | 441 | else if (outSz < (int)v) { |
| Vanger | 0:b86d15c6ba29 | 442 | XMEMSET(I + i, 0, v - outSz); |
| Vanger | 0:b86d15c6ba29 | 443 | ret = mp_to_unsigned_bin(&res, I + i + v - outSz); |
| Vanger | 0:b86d15c6ba29 | 444 | } |
| Vanger | 0:b86d15c6ba29 | 445 | else |
| Vanger | 0:b86d15c6ba29 | 446 | ret = mp_to_unsigned_bin(&res, I + i); |
| Vanger | 0:b86d15c6ba29 | 447 | } |
| Vanger | 0:b86d15c6ba29 | 448 | |
| Vanger | 0:b86d15c6ba29 | 449 | mp_clear(&i1); |
| Vanger | 0:b86d15c6ba29 | 450 | mp_clear(&res); |
| Vanger | 0:b86d15c6ba29 | 451 | if (ret < 0) break; |
| Vanger | 0:b86d15c6ba29 | 452 | } |
| Vanger | 0:b86d15c6ba29 | 453 | |
| Vanger | 0:b86d15c6ba29 | 454 | currentLen = min(kLen, (int)u); |
| Vanger | 0:b86d15c6ba29 | 455 | XMEMCPY(output, Ai, currentLen); |
| Vanger | 0:b86d15c6ba29 | 456 | output += currentLen; |
| Vanger | 0:b86d15c6ba29 | 457 | kLen -= currentLen; |
| Vanger | 0:b86d15c6ba29 | 458 | mp_clear(&B1); |
| Vanger | 0:b86d15c6ba29 | 459 | } |
| Vanger | 0:b86d15c6ba29 | 460 | |
| Vanger | 0:b86d15c6ba29 | 461 | if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY); |
| Vanger | 0:b86d15c6ba29 | 462 | |
| Vanger | 0:b86d15c6ba29 | 463 | #ifdef CYASSL_SMALL_STACK |
| Vanger | 0:b86d15c6ba29 | 464 | XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 465 | XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| Vanger | 0:b86d15c6ba29 | 466 | #endif |
| Vanger | 0:b86d15c6ba29 | 467 | |
| Vanger | 0:b86d15c6ba29 | 468 | return ret; |
| Vanger | 0:b86d15c6ba29 | 469 | } |
| Vanger | 0:b86d15c6ba29 | 470 | |
| Vanger | 0:b86d15c6ba29 | 471 | #undef PBKDF_DIGEST_SIZE |
| Vanger | 0:b86d15c6ba29 | 472 | |
| Vanger | 0:b86d15c6ba29 | 473 | #endif /* NO_PWDBASED */ |
| Vanger | 0:b86d15c6ba29 | 474 |