-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpkcs5.c
112 lines (94 loc) · 2.88 KB
/
pkcs5.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
*
* Copyright (c) 2007-2010
* ntldr <[email protected]> PGP key ID - 0xC48251EB4F8E4E6E
*
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3 as
published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "defines.h"
#include "sha512.h"
#include "pkcs5.h"
void sha512_hmac(const char *k, size_t k_len, const char *d, size_t d_len, char *out)
{
sha512_ctx ctx;
u8 buf[SHA512_BLOCK_SIZE];
u8 hval[SHA512_DIGEST_SIZE];
size_t i;
/* zero key buffer */
zeroauto(buf, sizeof(buf));
/* compress hmac key */
if (k_len > SHA512_BLOCK_SIZE) {
sha512_init(&ctx);
sha512_hash(&ctx, k, k_len);
sha512_done(&ctx, buf);
} else {
memcpy(buf, k, k_len);
}
/* create the hash initial vector */
for (i = 0; i < (SHA512_BLOCK_SIZE / 4); i++) {
p32(buf)[i] ^= 0x36363636;
}
/* hash key and data */
sha512_init(&ctx);
sha512_hash(&ctx, buf, SHA512_BLOCK_SIZE);
sha512_hash(&ctx, d, d_len);
sha512_done(&ctx, hval);
/* create the second HMAC vector */
for (i = 0; i < (SHA512_BLOCK_SIZE / 4); i++) {
p32(buf)[i] ^= 0x6A6A6A6A;
}
/* calculate "outer" hash */
sha512_init(&ctx);
sha512_hash(&ctx, buf, SHA512_BLOCK_SIZE);
sha512_hash(&ctx, hval, SHA512_DIGEST_SIZE);
sha512_done(&ctx, out);
/* prevent leaks */
zeroauto(buf, sizeof(buf));
zeroauto(hval, sizeof(hval));
zeroauto(&ctx, sizeof(ctx));
}
void sha512_pkcs5_2(
int i_count,
const void *pwd, size_t pwd_len,
const char *salt, size_t salt_len,
char *dk, size_t dklen
)
{
u8 buff[128];
u8 blk[SHA512_DIGEST_SIZE];
u8 hmac[SHA512_DIGEST_SIZE];
u32 block = 1;
size_t c_len, j;
int i;
while (dklen != 0)
{
/* first interation */
memcpy(buff, salt, salt_len);
p32(buff + salt_len)[0] = BE32(block);
sha512_hmac(pwd, pwd_len, buff, salt_len + 4, hmac);
memcpy(blk, hmac, SHA512_DIGEST_SIZE);
/* next interations */
for (i = 1; i < i_count; i++)
{
sha512_hmac(pwd, pwd_len, hmac, SHA512_DIGEST_SIZE, hmac);
for (j = 0; j < (SHA512_DIGEST_SIZE / 4); j++) {
p32(blk)[j] ^= p32(hmac)[j];
}
}
c_len = min(dklen, SHA512_DIGEST_SIZE);
memcpy(dk, blk, c_len);
dk += c_len; dklen -= c_len; block++;
}
/* prevent leaks */
zeroauto(buff, sizeof(buff));
zeroauto(blk, sizeof(blk));
zeroauto(hmac, sizeof(hmac));
}