- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/wolfcrypt/src/pwdbased.c
r337 r372 31 31 #include <wolfssl/wolfcrypt/pwdbased.h> 32 32 #include <wolfssl/wolfcrypt/hmac.h> 33 #include <wolfssl/wolfcrypt/hash.h> 33 34 #include <wolfssl/wolfcrypt/integer.h> 34 35 #include <wolfssl/wolfcrypt/error-crypt.h> 35 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)36 #include <wolfssl/wolfcrypt/sha512.h>37 #endif38 36 39 37 #ifdef NO_INLINE … … 45 43 46 44 47 #ifndef NO_SHA 48 /* PBKDF1 needs at least SHA available */ 45 /* PKCS#5 v1.5 with non standard extension to optionally derive the extra data (IV) */ 46 int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, 47 const byte* passwd, int passwdLen, const byte* salt, int saltLen, 48 int iterations, int hashType, void* heap) 49 { 50 int err; 51 int keyLeft, ivLeft, i; 52 int digestLeft, store; 53 int keyOutput = 0; 54 int diestLen; 55 byte digest[WC_MAX_DIGEST_SIZE]; 56 #ifdef WOLFSSL_SMALL_STACK 57 wc_HashAlg* hash = NULL; 58 #else 59 wc_HashAlg hash[1]; 60 #endif 61 enum wc_HashType hashT; 62 63 (void)heap; 64 65 if (key == NULL || keyLen < 0 || passwdLen < 0 || saltLen < 0 || ivLen < 0){ 66 return BAD_FUNC_ARG; 67 } 68 69 if (iterations <= 0) 70 iterations = 1; 71 72 hashT = wc_HashTypeConvert(hashType); 73 err = wc_HashGetDigestSize(hashT); 74 if (err < 0) 75 return err; 76 diestLen = err; 77 78 /* initialize hash */ 79 #ifdef WOLFSSL_SMALL_STACK 80 hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, 81 DYNAMIC_TYPE_HASHCTX); 82 if (hash == NULL) 83 return MEMORY_E; 84 #endif 85 86 err = wc_HashInit(hash, hashT); 87 if (err != 0) { 88 #ifdef WOLFSSL_SMALL_STACK 89 XFREE(hash, heap, DYNAMIC_TYPE_HASHCTX); 90 #endif 91 return err; 92 } 93 94 keyLeft = keyLen; 95 ivLeft = ivLen; 96 while (keyOutput < (keyLen + ivLen)) { 97 digestLeft = diestLen; 98 /* D_(i - 1) */ 99 if (keyOutput) { /* first time D_0 is empty */ 100 err = wc_HashUpdate(hash, hashT, digest, diestLen); 101 if (err != 0) break; 102 } 103 104 /* data */ 105 err = wc_HashUpdate(hash, hashT, passwd, passwdLen); 106 if (err != 0) break; 107 108 /* salt */ 109 if (salt) { 110 err = wc_HashUpdate(hash, hashT, salt, saltLen); 111 if (err != 0) break; 112 } 113 114 err = wc_HashFinal(hash, hashT, digest); 115 if (err != 0) break; 116 117 /* count */ 118 for (i = 1; i < iterations; i++) { 119 err = wc_HashUpdate(hash, hashT, digest, diestLen); 120 if (err != 0) break; 121 122 err = wc_HashFinal(hash, hashT, digest); 123 if (err != 0) break; 124 } 125 126 if (keyLeft) { 127 store = min(keyLeft, diestLen); 128 XMEMCPY(&key[keyLen - keyLeft], digest, store); 129 130 keyOutput += store; 131 keyLeft -= store; 132 digestLeft -= store; 133 } 134 135 if (ivLeft && digestLeft) { 136 store = min(ivLeft, digestLeft); 137 if (iv != NULL) 138 XMEMCPY(&iv[ivLen - ivLeft], 139 &digest[diestLen - digestLeft], store); 140 keyOutput += store; 141 ivLeft -= store; 142 } 143 } 144 145 wc_HashFree(hash, hashT); 146 147 #ifdef WOLFSSL_SMALL_STACK 148 XFREE(hash, heap, DYNAMIC_TYPE_HASHCTX); 149 #endif 150 151 if (err != 0) 152 return err; 153 154 if (keyOutput != (keyLen + ivLen)) 155 return BUFFER_E; 156 157 return err; 158 } 159 160 /* PKCS#5 v1.5 */ 49 161 int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, 50 162 int sLen, int iterations, int kLen, int hashType) 51 163 { 52 wc_Sha sha; 53 #ifndef NO_MD5 54 wc_Md5 md5; 55 #endif 56 int hLen = (int)WC_SHA_DIGEST_SIZE; 57 int i, ret = 0; 58 byte buffer[WC_SHA_DIGEST_SIZE]; /* max size */ 59 60 if (hashType != WC_MD5 && hashType != WC_SHA) 61 return BAD_FUNC_ARG; 62 63 #ifndef NO_MD5 64 if (hashType == WC_MD5) 65 hLen = (int)WC_MD5_DIGEST_SIZE; 66 #endif 67 68 if ((kLen > hLen) || (kLen < 0)) 69 return BAD_FUNC_ARG; 70 71 if (iterations < 1) 72 return BAD_FUNC_ARG; 73 74 switch (hashType) { 75 #ifndef NO_MD5 76 case WC_MD5: 77 ret = wc_InitMd5(&md5); 78 if (ret != 0) { 79 return ret; 80 } 81 ret = wc_Md5Update(&md5, passwd, pLen); 82 if (ret != 0) { 83 return ret; 84 } 85 ret = wc_Md5Update(&md5, salt, sLen); 86 if (ret != 0) { 87 return ret; 88 } 89 ret = wc_Md5Final(&md5, buffer); 90 if (ret != 0) { 91 return ret; 92 } 93 break; 94 #endif /* NO_MD5 */ 95 case WC_SHA: 96 default: 97 ret = wc_InitSha(&sha); 98 if (ret != 0) 99 return ret; 100 wc_ShaUpdate(&sha, passwd, pLen); 101 wc_ShaUpdate(&sha, salt, sLen); 102 wc_ShaFinal(&sha, buffer); 103 break; 104 } 105 106 for (i = 1; i < iterations; i++) { 107 if (hashType == WC_SHA) { 108 wc_ShaUpdate(&sha, buffer, hLen); 109 wc_ShaFinal(&sha, buffer); 110 } 111 #ifndef NO_MD5 112 else { 113 ret = wc_Md5Update(&md5, buffer, hLen); 114 if (ret != 0) { 115 return ret; 116 } 117 ret = wc_Md5Final(&md5, buffer); 118 if (ret != 0) { 119 return ret; 120 } 121 } 122 #endif 123 } 124 XMEMCPY(output, buffer, kLen); 125 126 return 0; 127 } 128 #endif /* NO_SHA */ 129 130 131 int GetDigestSize(int hashType) 132 { 133 int hLen; 134 135 switch (hashType) { 136 #ifndef NO_MD5 137 case WC_MD5: 138 hLen = WC_MD5_DIGEST_SIZE; 139 break; 140 #endif 141 #ifndef NO_SHA 142 case WC_SHA: 143 hLen = WC_SHA_DIGEST_SIZE; 144 break; 145 #endif 146 #ifndef NO_SHA256 147 case WC_SHA256: 148 hLen = WC_SHA256_DIGEST_SIZE; 149 break; 150 #endif 151 #ifdef WOLFSSL_SHA512 152 case WC_SHA512: 153 hLen = WC_SHA512_DIGEST_SIZE; 154 break; 155 #endif 156 default: 157 return BAD_FUNC_ARG; 158 } 159 160 return hLen; 164 return wc_PBKDF1_ex(output, kLen, NULL, 0, 165 passwd, pLen, salt, sLen, iterations, hashType, NULL); 161 166 } 162 167 … … 168 173 int hLen; 169 174 int j, ret; 170 Hmac hmac;171 175 #ifdef WOLFSSL_SMALL_STACK 172 176 byte* buffer; 173 #else 174 byte buffer[MAX_DIGEST_SIZE]; 175 #endif 176 177 hLen = GetDigestSize(hashType); 177 Hmac* hmac; 178 #else 179 byte buffer[WC_MAX_DIGEST_SIZE]; 180 Hmac hmac[1]; 181 #endif 182 enum wc_HashType hashT; 183 184 if (output == NULL || pLen < 0 || sLen < 0 || kLen < 0) { 185 return BAD_FUNC_ARG; 186 } 187 188 if (iterations <= 0) 189 iterations = 1; 190 191 hashT = wc_HashTypeConvert(hashType); 192 hLen = wc_HashGetDigestSize(hashT); 178 193 if (hLen < 0) 179 194 return BAD_FUNC_ARG; 180 195 181 196 #ifdef WOLFSSL_SMALL_STACK 182 buffer = (byte*)XMALLOC( MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);197 buffer = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); 183 198 if (buffer == NULL) 184 199 return MEMORY_E; 185 #endif 186 187 ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); 200 hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC); 201 if (buffer == NULL) 202 return MEMORY_E; 203 #endif 204 205 ret = wc_HmacInit(hmac, NULL, INVALID_DEVID); 188 206 if (ret == 0) { 189 ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen); 207 /* use int hashType here, since HMAC FIPS uses the old unique value */ 208 ret = wc_HmacSetKey(hmac, hashType, passwd, pLen); 190 209 191 210 while (ret == 0 && kLen) { 192 211 int currentLen; 193 212 194 ret = wc_HmacUpdate( &hmac, salt, sLen);213 ret = wc_HmacUpdate(hmac, salt, sLen); 195 214 if (ret != 0) 196 215 break; … … 200 219 byte b = (byte)(i >> ((3-j) * 8)); 201 220 202 ret = wc_HmacUpdate( &hmac, &b, 1);221 ret = wc_HmacUpdate(hmac, &b, 1); 203 222 if (ret != 0) 204 223 break; … … 209 228 break; 210 229 211 ret = wc_HmacFinal( &hmac, buffer);230 ret = wc_HmacFinal(hmac, buffer); 212 231 if (ret != 0) 213 232 break; … … 217 236 218 237 for (j = 1; j < iterations; j++) { 219 ret = wc_HmacUpdate( &hmac, buffer, hLen);238 ret = wc_HmacUpdate(hmac, buffer, hLen); 220 239 if (ret != 0) 221 240 break; 222 ret = wc_HmacFinal( &hmac, buffer);241 ret = wc_HmacFinal(hmac, buffer); 223 242 if (ret != 0) 224 243 break; … … 234 253 i++; 235 254 } 236 wc_HmacFree( &hmac);255 wc_HmacFree(hmac); 237 256 } 238 257 239 258 #ifdef WOLFSSL_SMALL_STACK 240 259 XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); 260 XFREE(hmac, NULL, DYNAMIC_TYPE_HMAC); 241 261 #endif 242 262 … … 244 264 } 245 265 246 #ifdef WOLFSSL_SHA512247 #define PBKDF_DIGEST_SIZE WC_SHA512_BLOCK_SIZE248 #elif !defined(NO_SHA256)249 #define PBKDF_DIGEST_SIZE WC_SHA256_BLOCK_SIZE250 #else251 #define PBKDF_DIGEST_SIZE WC_SHA_DIGEST_SIZE252 #endif253 254 /* helper for wc_PKCS12_PBKDF(), sets block and digest sizes */255 int GetPKCS12HashSizes(int hashType, word32* v, word32* u)256 {257 if (!v || !u)258 return BAD_FUNC_ARG;259 260 switch (hashType) {261 #ifndef NO_MD5262 case WC_MD5:263 *v = WC_MD5_BLOCK_SIZE;264 *u = WC_MD5_DIGEST_SIZE;265 break;266 #endif267 #ifndef NO_SHA268 case WC_SHA:269 *v = WC_SHA_BLOCK_SIZE;270 *u = WC_SHA_DIGEST_SIZE;271 break;272 #endif273 #ifndef NO_SHA256274 case WC_SHA256:275 *v = WC_SHA256_BLOCK_SIZE;276 *u = WC_SHA256_DIGEST_SIZE;277 break;278 #endif279 #ifdef WOLFSSL_SHA512280 case WC_SHA512:281 *v = WC_SHA512_BLOCK_SIZE;282 *u = WC_SHA512_DIGEST_SIZE;283 break;284 #endif285 default:286 return BAD_FUNC_ARG;287 }288 289 return 0;290 }291 292 266 /* helper for PKCS12_PBKDF(), does hash operation */ 293 int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,267 static int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, 294 268 byte* Ai, word32 u, int iterations) 295 269 { 296 270 int i; 297 271 int ret = 0; 298 299 if (buffer == NULL || Ai == NULL) 272 #ifdef WOLFSSL_SMALL_STACK 273 wc_HashAlg* hash = NULL; 274 #else 275 wc_HashAlg hash[1]; 276 #endif 277 enum wc_HashType hashT; 278 279 if (buffer == NULL || Ai == NULL) { 300 280 return BAD_FUNC_ARG; 301 302 switch (hashType) {303 #ifndef NO_MD5304 case WC_MD5:305 {306 wc_Md5 md5;307 ret = wc_InitMd5(&md5);308 if (ret != 0) {309 break;310 281 } 311 ret = wc_Md5Update(&md5, buffer, totalLen); 312 if (ret != 0) { 313 break; 282 283 hashT = wc_HashTypeConvert(hashType); 284 285 /* initialize hash */ 286 #ifdef WOLFSSL_SMALL_STACK 287 hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), NULL, 288 DYNAMIC_TYPE_HASHCTX); 289 if (hash == NULL) 290 return MEMORY_E; 291 #endif 292 293 ret = wc_HashInit(hash, hashT); 294 if (ret != 0) { 295 #ifdef WOLFSSL_SMALL_STACK 296 XFREE(hash, NULL, DYNAMIC_TYPE_HASHCTX); 297 #endif 298 return ret; 299 } 300 301 ret = wc_HashUpdate(hash, hashT, buffer, totalLen); 302 303 if (ret == 0) 304 ret = wc_HashFinal(hash, hashT, Ai); 305 306 for (i = 1; i < iterations; i++) { 307 if (ret == 0) 308 ret = wc_HashUpdate(hash, hashT, Ai, u); 309 if (ret == 0) 310 ret = wc_HashFinal(hash, hashT, Ai); 314 311 } 315 ret = wc_Md5Final(&md5, Ai); 316 if (ret != 0) { 317 break; 318 } 319 320 for (i = 1; i < iterations; i++) { 321 ret = wc_Md5Update(&md5, Ai, u); 322 if (ret != 0) { 323 break; 324 } 325 ret = wc_Md5Final(&md5, Ai); 326 if (ret != 0) { 327 break; 328 } 329 } 330 } 331 break; 332 #endif /* NO_MD5 */ 333 #ifndef NO_SHA 334 case WC_SHA: 335 { 336 wc_Sha sha; 337 ret = wc_InitSha(&sha); 338 if (ret != 0) 339 break; 340 ret = wc_ShaUpdate(&sha, buffer, totalLen); 341 if (ret != 0) { 342 break; 343 } 344 ret = wc_ShaFinal(&sha, Ai); 345 if (ret != 0) { 346 break; 347 } 348 349 for (i = 1; i < iterations; i++) { 350 ret = wc_ShaUpdate(&sha, Ai, u); 351 if (ret != 0) { 352 break; 353 } 354 ret = wc_ShaFinal(&sha, Ai); 355 if (ret != 0) { 356 break; 357 } 358 } 359 } 360 break; 361 #endif /* NO_SHA */ 362 #ifndef NO_SHA256 363 case WC_SHA256: 364 { 365 wc_Sha256 sha256; 366 ret = wc_InitSha256(&sha256); 367 if (ret != 0) 368 break; 369 370 ret = wc_Sha256Update(&sha256, buffer, totalLen); 371 if (ret != 0) 372 break; 373 374 ret = wc_Sha256Final(&sha256, Ai); 375 if (ret != 0) 376 break; 377 378 for (i = 1; i < iterations; i++) { 379 ret = wc_Sha256Update(&sha256, Ai, u); 380 if (ret != 0) 381 break; 382 383 ret = wc_Sha256Final(&sha256, Ai); 384 if (ret != 0) 385 break; 386 } 387 } 388 break; 389 #endif /* NO_SHA256 */ 390 #ifdef WOLFSSL_SHA512 391 case WC_SHA512: 392 { 393 wc_Sha512 sha512; 394 ret = wc_InitSha512(&sha512); 395 if (ret != 0) 396 break; 397 398 ret = wc_Sha512Update(&sha512, buffer, totalLen); 399 if (ret != 0) 400 break; 401 402 ret = wc_Sha512Final(&sha512, Ai); 403 if (ret != 0) 404 break; 405 406 for (i = 1; i < iterations; i++) { 407 ret = wc_Sha512Update(&sha512, Ai, u); 408 if (ret != 0) 409 break; 410 411 ret = wc_Sha512Final(&sha512, Ai); 412 if (ret != 0) 413 break; 414 } 415 } 416 break; 417 #endif /* WOLFSSL_SHA512 */ 418 419 default: 420 ret = BAD_FUNC_ARG; 421 break; 422 } 312 313 wc_HashFree(hash, hashT); 314 315 #ifdef WOLFSSL_SMALL_STACK 316 XFREE(hash, NULL, DYNAMIC_TYPE_HASHCTX); 317 #endif 423 318 424 319 return ret; … … 426 321 427 322 428 int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, 429 int saltLen, int iterations, int kLen, int hashType, int id) 323 int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen, 324 const byte* salt, int saltLen, int iterations, int kLen, int hashType, 325 int id) 430 326 { 431 327 return wc_PKCS12_PBKDF_ex(output, passwd, passLen, salt, saltLen, … … 456 352 byte* B; 457 353 #else 458 byte Ai[PBKDF_DIGEST_SIZE]; 459 byte B[PBKDF_DIGEST_SIZE]; 460 #endif 461 462 if (!iterations) 354 byte Ai[WC_MAX_DIGEST_SIZE]; 355 byte B[WC_MAX_BLOCK_SIZE]; 356 #endif 357 enum wc_HashType hashT; 358 359 (void)heap; 360 361 if (output == NULL || passLen < 0 || saltLen < 0 || kLen < 0) { 362 return BAD_FUNC_ARG; 363 } 364 365 if (iterations <= 0) 463 366 iterations = 1; 464 367 465 ret = GetPKCS12HashSizes(hashType, &v, &u); 368 hashT = wc_HashTypeConvert(hashType); 369 ret = wc_HashGetDigestSize(hashT); 466 370 if (ret < 0) 467 return BAD_FUNC_ARG; 468 469 #ifdef WOLFSSL_SMALL_STACK 470 Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); 371 return ret; 372 u = ret; 373 374 ret = wc_HashGetBlockSize(hashT); 375 if (ret < 0) 376 return ret; 377 v = ret; 378 379 #ifdef WOLFSSL_SMALL_STACK 380 Ai = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); 471 381 if (Ai == NULL) 472 382 return MEMORY_E; 473 383 474 B = (byte*)XMALLOC( PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);384 B = (byte*)XMALLOC(WC_MAX_BLOCK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); 475 385 if (B == NULL) { 476 XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);386 XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); 477 387 return MEMORY_E; 478 388 } 479 389 #endif 480 390 481 XMEMSET(Ai, 0, PBKDF_DIGEST_SIZE);482 XMEMSET(B, 0, PBKDF_DIGEST_SIZE);391 XMEMSET(Ai, 0, WC_MAX_DIGEST_SIZE); 392 XMEMSET(B, 0, WC_MAX_BLOCK_SIZE); 483 393 484 394 dLen = v; … … 496 406 if (buffer == NULL) { 497 407 #ifdef WOLFSSL_SMALL_STACK 498 XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);499 XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);408 XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); 409 XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); 500 410 #endif 501 411 return MEMORY_E; … … 584 494 585 495 #ifdef WOLFSSL_SMALL_STACK 586 XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);587 XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);496 XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); 497 XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); 588 498 #endif 589 499 … … 740 650 #else 741 651 byte* t = x + (2*r - 1) * 64; 742 j = (t[0] | (t[1] << 8) | (t[2] << 16) | ( t[3] << 24)) & (n-1);652 j = (t[0] | (t[1] << 8) | (t[2] << 16) | ((word32)t[3] << 24)) & (n-1); 743 653 #endif 744 654 #ifdef WORD64_AVAILABLE … … 828 738 #endif 829 739 830 #undef PBKDF_DIGEST_SIZE740 #undef WC_MAX_DIGEST_SIZE 831 741 832 742 #endif /* NO_PWDBASED */
Note:
See TracChangeset
for help on using the changeset viewer.