wolf SSL
/
CyaSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: HTTPClient-SSL HTTPClient HTTPClient-SSL http_access ... more
Diff: ctaocrypt/src/pwdbased.c
- Revision:
- 0:1239e9b70ca2
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ctaocrypt/src/pwdbased.c Sat Jul 12 07:18:23 2014 +0000
@@ -0,0 +1,475 @@
+/* pwdbased.c
+ *
+ * Copyright (C) 2006-2014 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifndef NO_PWDBASED
+
+#ifdef CYASSL_PIC32MZ_HASH
+
+#define InitMd5 InitMd5_sw
+#define Md5Update Md5Update_sw
+#define Md5Final Md5Final_sw
+
+#define InitSha InitSha_sw
+#define ShaUpdate ShaUpdate_sw
+#define ShaFinal ShaFinal_sw
+
+#define InitSha256 InitSha256_sw
+#define Sha256Update Sha256Update_sw
+#define Sha256Final Sha256Final_sw
+
+#endif
+
+#include <cyassl/ctaocrypt/pwdbased.h>
+#include <cyassl/ctaocrypt/hmac.h>
+#include <cyassl/ctaocrypt/integer.h>
+#include <cyassl/ctaocrypt/error-crypt.h>
+#if defined(CYASSL_SHA512) || defined(CYASSL_SHA384)
+ #include <cyassl/ctaocrypt/sha512.h>
+#endif
+
+#ifdef NO_INLINE
+ #include <cyassl/ctaocrypt/misc.h>
+#else
+ #include <ctaocrypt/src/misc.c>
+#endif
+
+
+#ifndef min
+
+ static INLINE word32 min(word32 a, word32 b)
+ {
+ return a > b ? b : a;
+ }
+
+#endif /* min */
+
+
+int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
+ int sLen, int iterations, int kLen, int hashType)
+{
+ Md5 md5;
+ Sha sha;
+ int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE;
+ int i, ret = 0;
+ byte buffer[SHA_DIGEST_SIZE]; /* max size */
+
+ if (hashType != MD5 && hashType != SHA)
+ return BAD_FUNC_ARG;
+
+ if (kLen > hLen)
+ return BAD_FUNC_ARG;
+
+ if (iterations < 1)
+ return BAD_FUNC_ARG;
+
+ if (hashType == MD5) {
+ InitMd5(&md5);
+ Md5Update(&md5, passwd, pLen);
+ Md5Update(&md5, salt, sLen);
+ Md5Final(&md5, buffer);
+ }
+ else {
+ ret = InitSha(&sha);
+ if (ret != 0)
+ return ret;
+ ShaUpdate(&sha, passwd, pLen);
+ ShaUpdate(&sha, salt, sLen);
+ ShaFinal(&sha, buffer);
+ }
+
+ for (i = 1; i < iterations; i++) {
+ if (hashType == MD5) {
+ Md5Update(&md5, buffer, hLen);
+ Md5Final(&md5, buffer);
+ }
+ else {
+ ShaUpdate(&sha, buffer, hLen);
+ ShaFinal(&sha, buffer);
+ }
+ }
+ XMEMCPY(output, buffer, kLen);
+
+ return 0;
+}
+
+
+int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
+ int sLen, int iterations, int kLen, int hashType)
+{
+ word32 i = 1;
+ int hLen;
+ int j, ret;
+ Hmac hmac;
+#ifdef CYASSL_SMALL_STACK
+ byte* buffer;
+#else
+ byte buffer[MAX_DIGEST_SIZE];
+#endif
+
+ if (hashType == MD5) {
+ hLen = MD5_DIGEST_SIZE;
+ }
+ else if (hashType == SHA) {
+ hLen = SHA_DIGEST_SIZE;
+ }
+#ifndef NO_SHA256
+ else if (hashType == SHA256) {
+ hLen = SHA256_DIGEST_SIZE;
+ }
+#endif
+#ifdef CYASSL_SHA512
+ else if (hashType == SHA512) {
+ hLen = SHA512_DIGEST_SIZE;
+ }
+#endif
+ else
+ return BAD_FUNC_ARG;
+
+#ifdef CYASSL_SMALL_STACK
+ buffer = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (buffer == NULL)
+ return MEMORY_E;
+#endif
+
+ ret = HmacSetKey(&hmac, hashType, passwd, pLen);
+
+ if (ret == 0) {
+ while (kLen) {
+ int currentLen;
+
+ ret = HmacUpdate(&hmac, salt, sLen);
+ if (ret != 0)
+ break;
+
+ /* encode i */
+ for (j = 0; j < 4; j++) {
+ byte b = (byte)(i >> ((3-j) * 8));
+
+ ret = HmacUpdate(&hmac, &b, 1);
+ if (ret != 0)
+ break;
+ }
+
+ /* check ret from inside for loop */
+ if (ret != 0)
+ break;
+
+ ret = HmacFinal(&hmac, buffer);
+ if (ret != 0)
+ break;
+
+ currentLen = min(kLen, hLen);
+ XMEMCPY(output, buffer, currentLen);
+
+ for (j = 1; j < iterations; j++) {
+ ret = HmacUpdate(&hmac, buffer, hLen);
+ if (ret != 0)
+ break;
+ ret = HmacFinal(&hmac, buffer);
+ if (ret != 0)
+ break;
+ xorbuf(output, buffer, currentLen);
+ }
+
+ /* check ret from inside for loop */
+ if (ret != 0)
+ break;
+
+ output += currentLen;
+ kLen -= currentLen;
+ i++;
+ }
+ }
+
+#ifdef CYASSL_SMALL_STACK
+ XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+#ifdef CYASSL_SHA512
+#define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE
+#elif !defined(NO_SHA256)
+#define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE
+#else
+#define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE
+#endif
+
+int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
+ int saltLen, int iterations, int kLen, int hashType, int id)
+{
+ /* all in bytes instead of bits */
+ word32 u, v, dLen, pLen, iLen, sLen, totalLen;
+ int dynamic = 0;
+ int ret = 0;
+ int i;
+ byte *D, *S, *P, *I;
+#ifdef CYASSL_SMALL_STACK
+ byte staticBuffer[1]; /* force dynamic usage */
+#else
+ byte staticBuffer[1024];
+#endif
+ byte* buffer = staticBuffer;
+
+#ifdef CYASSL_SMALL_STACK
+ byte* Ai;
+ byte* B;
+#else
+ byte Ai[PBKDF_DIGEST_SIZE];
+ byte B[PBKDF_DIGEST_SIZE];
+#endif
+
+ if (!iterations)
+ iterations = 1;
+
+ if (hashType == MD5) {
+ v = MD5_BLOCK_SIZE;
+ u = MD5_DIGEST_SIZE;
+ }
+ else if (hashType == SHA) {
+ v = SHA_BLOCK_SIZE;
+ u = SHA_DIGEST_SIZE;
+ }
+#ifndef NO_SHA256
+ else if (hashType == SHA256) {
+ v = SHA256_BLOCK_SIZE;
+ u = SHA256_DIGEST_SIZE;
+ }
+#endif
+#ifdef CYASSL_SHA512
+ else if (hashType == SHA512) {
+ v = SHA512_BLOCK_SIZE;
+ u = SHA512_DIGEST_SIZE;
+ }
+#endif
+ else
+ return BAD_FUNC_ARG;
+
+#ifdef CYASSL_SMALL_STACK
+ Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (Ai == NULL)
+ return MEMORY_E;
+
+ B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (B == NULL) {
+ XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return MEMORY_E;
+ }
+#endif
+
+ dLen = v;
+ sLen = v * ((saltLen + v - 1) / v);
+ if (passLen)
+ pLen = v * ((passLen + v - 1) / v);
+ else
+ pLen = 0;
+ iLen = sLen + pLen;
+
+ totalLen = dLen + sLen + pLen;
+
+ if (totalLen > sizeof(staticBuffer)) {
+ buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
+ if (buffer == NULL) {
+#ifdef CYASSL_SMALL_STACK
+ XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+ return MEMORY_E;
+ }
+ dynamic = 1;
+ }
+
+ D = buffer;
+ S = D + dLen;
+ P = S + sLen;
+ I = S;
+
+ XMEMSET(D, id, dLen);
+
+ for (i = 0; i < (int)sLen; i++)
+ S[i] = salt[i % saltLen];
+ for (i = 0; i < (int)pLen; i++)
+ P[i] = passwd[i % passLen];
+
+ while (kLen > 0) {
+ word32 currentLen;
+ mp_int B1;
+
+ if (hashType == MD5) {
+ Md5 md5;
+
+ InitMd5(&md5);
+ Md5Update(&md5, buffer, totalLen);
+ Md5Final(&md5, Ai);
+
+ for (i = 1; i < iterations; i++) {
+ Md5Update(&md5, Ai, u);
+ Md5Final(&md5, Ai);
+ }
+ }
+ else if (hashType == SHA) {
+ Sha sha;
+
+ ret = InitSha(&sha);
+ if (ret != 0)
+ break;
+ ShaUpdate(&sha, buffer, totalLen);
+ ShaFinal(&sha, Ai);
+
+ for (i = 1; i < iterations; i++) {
+ ShaUpdate(&sha, Ai, u);
+ ShaFinal(&sha, Ai);
+ }
+ }
+#ifndef NO_SHA256
+ else if (hashType == SHA256) {
+ Sha256 sha256;
+
+ ret = InitSha256(&sha256);
+ if (ret != 0)
+ break;
+
+ ret = Sha256Update(&sha256, buffer, totalLen);
+ if (ret != 0)
+ break;
+
+ ret = Sha256Final(&sha256, Ai);
+ if (ret != 0)
+ break;
+
+ for (i = 1; i < iterations; i++) {
+ ret = Sha256Update(&sha256, Ai, u);
+ if (ret != 0)
+ break;
+
+ ret = Sha256Final(&sha256, Ai);
+ if (ret != 0)
+ break;
+ }
+ }
+#endif
+#ifdef CYASSL_SHA512
+ else if (hashType == SHA512) {
+ Sha512 sha512;
+
+ ret = InitSha512(&sha512);
+ if (ret != 0)
+ break;
+
+ ret = Sha512Update(&sha512, buffer, totalLen);
+ if (ret != 0)
+ break;
+
+ ret = Sha512Final(&sha512, Ai);
+ if (ret != 0)
+ break;
+
+ for (i = 1; i < iterations; i++) {
+ ret = Sha512Update(&sha512, Ai, u);
+ if (ret != 0)
+ break;
+
+ ret = Sha512Final(&sha512, Ai);
+ if (ret != 0)
+ break;
+ }
+ }
+#endif
+
+ for (i = 0; i < (int)v; i++)
+ B[i] = Ai[i % u];
+
+ if (mp_init(&B1) != MP_OKAY)
+ ret = MP_INIT_E;
+ else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
+ ret = MP_READ_E;
+ else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
+ ret = MP_ADD_E;
+
+ if (ret != 0) {
+ mp_clear(&B1);
+ break;
+ }
+
+ for (i = 0; i < (int)iLen; i += v) {
+ int outSz;
+ mp_int i1;
+ mp_int res;
+
+ if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
+ ret = MP_INIT_E;
+ break;
+ }
+ if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
+ ret = MP_READ_E;
+ else if (mp_add(&i1, &B1, &res) != MP_OKAY)
+ ret = MP_ADD_E;
+ else if ( (outSz = mp_unsigned_bin_size(&res)) < 0)
+ ret = MP_TO_E;
+ else {
+ if (outSz > (int)v) {
+ /* take off MSB */
+ byte tmp[129];
+ ret = mp_to_unsigned_bin(&res, tmp);
+ XMEMCPY(I + i, tmp + 1, v);
+ }
+ else if (outSz < (int)v) {
+ XMEMSET(I + i, 0, v - outSz);
+ ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
+ }
+ else
+ ret = mp_to_unsigned_bin(&res, I + i);
+ }
+
+ mp_clear(&i1);
+ mp_clear(&res);
+ if (ret < 0) break;
+ }
+
+ currentLen = min(kLen, (int)u);
+ XMEMCPY(output, Ai, currentLen);
+ output += currentLen;
+ kLen -= currentLen;
+ mp_clear(&B1);
+ }
+
+ if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
+
+#ifdef CYASSL_SMALL_STACK
+ XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+#undef PBKDF_DIGEST_SIZE
+
+#endif /* NO_PWDBASED */
+
+
