Domů Procházet Nápověda
Přihlásit se
torambo.com
/
Momentum-Apps
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: e46241e96a
Větve Značky
Momentum-Apps
/
flipbip
/
lib
/
crypto
/
pbkdf2.c

pbkdf2.c 6.7 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195 
  1. /**
    2. 

  2.  * Copyright (c) 2013-2014 Tomas Dzetkulic
    3. 

  3.  * Copyright (c) 2013-2014 Pavol Rusnak
    4. 

  4.  *
    5. 

  5.  * Permission is hereby granted, free of charge, to any person obtaining
    6. 

  6.  * a copy of this software and associated documentation files (the "Software"),
    7. 

  7.  * to deal in the Software without restriction, including without limitation
    8. 

  8.  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
    9. 

  9.  * and/or sell copies of the Software, and to permit persons to whom the
    10. 

  10.  * Software is furnished to do so, subject to the following conditions:
    11. 

  11.  *
    12. 

  12.  * The above copyright notice and this permission notice shall be included
    13. 

  13.  * in all copies or substantial portions of the Software.
    14. 

  14.  *
    15. 

  15.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
    16. 

  16.  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    17. 

  17.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
    18. 

  18.  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
    19. 

  19.  * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
    20. 

  20.  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
    21. 

  21.  * OTHER DEALINGS IN THE SOFTWARE.
    22. 

  22.  */
    23. 

  23. 

  24. #include "pbkdf2.h"
    25. 

  25. #include <string.h>
    26. 

  26. #include "hmac.h"
    27. 

  27. #include "memzero.h"
    28. 

  28. #include "sha2.h"
    29. 

  29. 

  30. void pbkdf2_hmac_sha256_Init(
    31. 

  31.     PBKDF2_HMAC_SHA256_CTX* pctx,
    32. 

  32.     const uint8_t* pass,
    33. 

  33.     int passlen,
    34. 

  34.     const uint8_t* salt,
    35. 

  35.     int saltlen,
    36. 

  36.     uint32_t blocknr) {
    37. 

  37.     SHA256_CTX ctx = {0};
    38. 

  38. #if BYTE_ORDER == LITTLE_ENDIAN
    39. 

  39.     REVERSE32(blocknr, blocknr);
    40. 

  40. #endif
    41. 

  41. 

  42.     hmac_sha256_prepare(pass, passlen, pctx->odig, pctx->idig);
    43. 

  43.     memzero(pctx->g, sizeof(pctx->g));
    44. 

  44.     pctx->g[8] = 0x80000000;
    45. 

  45.     pctx->g[15] = (SHA256_BLOCK_LENGTH + SHA256_DIGEST_LENGTH) * 8;
    46. 

  46. 

  47.     memcpy(ctx.state, pctx->idig, sizeof(pctx->idig));
    48. 

  48.     ctx.bitcount = SHA256_BLOCK_LENGTH * 8;
    49. 

  49.     sha256_Update(&ctx, salt, saltlen);
    50. 

  50.     sha256_Update(&ctx, (uint8_t*)&blocknr, sizeof(blocknr));
    51. 

  51.     sha256_Final(&ctx, (uint8_t*)pctx->g);
    52. 

  52. #if BYTE_ORDER == LITTLE_ENDIAN
    53. 

  53.     for(uint32_t k = 0; k < SHA256_DIGEST_LENGTH / sizeof(uint32_t); k++) {
    54. 

  54.         REVERSE32(pctx->g[k], pctx->g[k]);
    55. 

  55.     }
    56. 

  56. #endif
    57. 

  57.     sha256_Transform(pctx->odig, pctx->g, pctx->g);
    58. 

  58.     memcpy(pctx->f, pctx->g, SHA256_DIGEST_LENGTH);
    59. 

  59.     pctx->first = 1;
    60. 

  60. }
    61. 

  61. 

  62. void pbkdf2_hmac_sha256_Update(PBKDF2_HMAC_SHA256_CTX* pctx, uint32_t iterations) {
    63. 

  63.     for(uint32_t i = pctx->first; i < iterations; i++) {
    64. 

  64.         sha256_Transform(pctx->idig, pctx->g, pctx->g);
    65. 

  65.         sha256_Transform(pctx->odig, pctx->g, pctx->g);
    66. 

  66.         for(uint32_t j = 0; j < SHA256_DIGEST_LENGTH / sizeof(uint32_t); j++) {
    67. 

  67.             pctx->f[j] ^= pctx->g[j];
    68. 

  68.         }
    69. 

  69.     }
    70. 

  70.     pctx->first = 0;
    71. 

  71. }
    72. 

  72. 

  73. void pbkdf2_hmac_sha256_Final(PBKDF2_HMAC_SHA256_CTX* pctx, uint8_t* key) {
    74. 

  74. #if BYTE_ORDER == LITTLE_ENDIAN
    75. 

  75.     for(uint32_t k = 0; k < SHA256_DIGEST_LENGTH / sizeof(uint32_t); k++) {
    76. 

  76.         REVERSE32(pctx->f[k], pctx->f[k]);
    77. 

  77.     }
    78. 

  78. #endif
    79. 

  79.     memcpy(key, pctx->f, SHA256_DIGEST_LENGTH);
    80. 

  80.     memzero(pctx, sizeof(PBKDF2_HMAC_SHA256_CTX));
    81. 

  81. }
    82. 

  82. 

  83. void pbkdf2_hmac_sha256(
    84. 

  84.     const uint8_t* pass,
    85. 

  85.     int passlen,
    86. 

  86.     const uint8_t* salt,
    87. 

  87.     int saltlen,
    88. 

  88.     uint32_t iterations,
    89. 

  89.     uint8_t* key,
    90. 

  90.     int keylen) {
    91. 

  91.     uint32_t last_block_size = keylen % SHA256_DIGEST_LENGTH;
    92. 

  92.     uint32_t blocks_count = keylen / SHA256_DIGEST_LENGTH;
    93. 

  93.     if(last_block_size) {
    94. 

  94.         blocks_count++;
    95. 

  95.     } else {
    96. 

  96.         last_block_size = SHA256_DIGEST_LENGTH;
    97. 

  97.     }
    98. 

  98.     for(uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
    99. 

  99.         PBKDF2_HMAC_SHA256_CTX pctx = {0};
    100. 

  100.         pbkdf2_hmac_sha256_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
    101. 

  101.         pbkdf2_hmac_sha256_Update(&pctx, iterations);
    102. 

  102.         uint8_t digest[SHA256_DIGEST_LENGTH] = {0};
    103. 

  103.         pbkdf2_hmac_sha256_Final(&pctx, digest);
    104. 

  104.         uint32_t key_offset = (blocknr - 1) * SHA256_DIGEST_LENGTH;
    105. 

  105.         if(blocknr < blocks_count) {
    106. 

  106.             memcpy(key + key_offset, digest, SHA256_DIGEST_LENGTH);
    107. 

  107.         } else {
    108. 

  108.             memcpy(key + key_offset, digest, last_block_size);
    109. 

  109.         }
    110. 

  110.     }
    111. 

  111. }
    112. 

  112. 

  113. void pbkdf2_hmac_sha512_Init(
    114. 

  114.     PBKDF2_HMAC_SHA512_CTX* pctx,
    115. 

  115.     const uint8_t* pass,
    116. 

  116.     int passlen,
    117. 

  117.     const uint8_t* salt,
    118. 

  118.     int saltlen,
    119. 

  119.     uint32_t blocknr) {
    120. 

  120.     SHA512_CTX ctx = {0};
    121. 

  121. #if BYTE_ORDER == LITTLE_ENDIAN
    122. 

  122.     REVERSE32(blocknr, blocknr);
    123. 

  123. #endif
    124. 

  124. 

  125.     hmac_sha512_prepare(pass, passlen, pctx->odig, pctx->idig);
    126. 

  126.     memzero(pctx->g, sizeof(pctx->g));
    127. 

  127.     pctx->g[8] = 0x8000000000000000;
    128. 

  128.     pctx->g[15] = (SHA512_BLOCK_LENGTH + SHA512_DIGEST_LENGTH) * 8;
    129. 

  129. 

  130.     memcpy(ctx.state, pctx->idig, sizeof(pctx->idig));
    131. 

  131.     ctx.bitcount[0] = SHA512_BLOCK_LENGTH * 8;
    132. 

  132.     ctx.bitcount[1] = 0;
    133. 

  133.     sha512_Update(&ctx, salt, saltlen);
    134. 

  134.     sha512_Update(&ctx, (uint8_t*)&blocknr, sizeof(blocknr));
    135. 

  135.     sha512_Final(&ctx, (uint8_t*)pctx->g);
    136. 

  136. #if BYTE_ORDER == LITTLE_ENDIAN
    137. 

  137.     for(uint32_t k = 0; k < SHA512_DIGEST_LENGTH / sizeof(uint64_t); k++) {
    138. 

  138.         REVERSE64(pctx->g[k], pctx->g[k]);
    139. 

  139.     }
    140. 

  140. #endif
    141. 

  141.     sha512_Transform(pctx->odig, pctx->g, pctx->g);
    142. 

  142.     memcpy(pctx->f, pctx->g, SHA512_DIGEST_LENGTH);
    143. 

  143.     pctx->first = 1;
    144. 

  144. }
    145. 

  145. 

  146. void pbkdf2_hmac_sha512_Update(PBKDF2_HMAC_SHA512_CTX* pctx, uint32_t iterations) {
    147. 

  147.     for(uint32_t i = pctx->first; i < iterations; i++) {
    148. 

  148.         sha512_Transform(pctx->idig, pctx->g, pctx->g);
    149. 

  149.         sha512_Transform(pctx->odig, pctx->g, pctx->g);
    150. 

  150.         for(uint32_t j = 0; j < SHA512_DIGEST_LENGTH / sizeof(uint64_t); j++) {
    151. 

  151.             pctx->f[j] ^= pctx->g[j];
    152. 

  152.         }
    153. 

  153.     }
    154. 

  154.     pctx->first = 0;
    155. 

  155. }
    156. 

  156. 

  157. void pbkdf2_hmac_sha512_Final(PBKDF2_HMAC_SHA512_CTX* pctx, uint8_t* key) {
    158. 

  158. #if BYTE_ORDER == LITTLE_ENDIAN
    159. 

  159.     for(uint32_t k = 0; k < SHA512_DIGEST_LENGTH / sizeof(uint64_t); k++) {
    160. 

  160.         REVERSE64(pctx->f[k], pctx->f[k]);
    161. 

  161.     }
    162. 

  162. #endif
    163. 

  163.     memcpy(key, pctx->f, SHA512_DIGEST_LENGTH);
    164. 

  164.     memzero(pctx, sizeof(PBKDF2_HMAC_SHA512_CTX));
    165. 

  165. }
    166. 

  166. 

  167. void pbkdf2_hmac_sha512(
    168. 

  168.     const uint8_t* pass,
    169. 

  169.     int passlen,
    170. 

  170.     const uint8_t* salt,
    171. 

  171.     int saltlen,
    172. 

  172.     uint32_t iterations,
    173. 

  173.     uint8_t* key,
    174. 

  174.     int keylen) {
    175. 

  175.     uint32_t last_block_size = keylen % SHA512_DIGEST_LENGTH;
    176. 

  176.     uint32_t blocks_count = keylen / SHA512_DIGEST_LENGTH;
    177. 

  177.     if(last_block_size) {
    178. 

  178.         blocks_count++;
    179. 

  179.     } else {
    180. 

  180.         last_block_size = SHA512_DIGEST_LENGTH;
    181. 

  181.     }
    182. 

  182.     for(uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
    183. 

  183.         PBKDF2_HMAC_SHA512_CTX pctx = {0};
    184. 

  184.         pbkdf2_hmac_sha512_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
    185. 

  185.         pbkdf2_hmac_sha512_Update(&pctx, iterations);
    186. 

  186.         uint8_t digest[SHA512_DIGEST_LENGTH] = {0};
    187. 

  187.         pbkdf2_hmac_sha512_Final(&pctx, digest);
    188. 

  188.         uint32_t key_offset = (blocknr - 1) * SHA512_DIGEST_LENGTH;
    189. 

  189.         if(blocknr < blocks_count) {
    190. 

  190.             memcpy(key + key_offset, digest, SHA512_DIGEST_LENGTH);
    191. 

  191.         } else {
    192. 

  192.             memcpy(key + key_offset, digest, last_block_size);
    193. 

  193.         }
    194. 

  194.     }
    195. 

  195. }
    196.