1ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com/* 28a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com * FIPS 186-2 PRF for libcrypto 3ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi> 48a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com * 5ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com * This software may be distributed under the terms of the BSD license. 6ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com * See README for more details. 78a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com */ 88a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com 9ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com#include "includes.h" 108a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com#include <openssl/sha.h> 118a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com 128a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com#include "common.h" 138a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com#include "crypto.h" 148a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com 1563ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com 1663ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.comstatic void sha1_transform(u8 *state, const u8 data[64]) 17fbfcd5602128ec010c82cb733c9cdc0a3254f9f3rmistry@google.com{ 18fbfcd5602128ec010c82cb733c9cdc0a3254f9f3rmistry@google.com SHA_CTX context; 1963ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com os_memset(&context, 0, sizeof(context)); 2063ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com os_memcpy(&context.h0, state, 5 * 4); 2163ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com SHA1_Transform(&context, data); 2263ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com os_memcpy(state, &context.h0, 5 * 4); 2363ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com} 2463ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com 2563ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com 267ffb1b21abcc7bbed5a0fc711f6dd7b9dbb4f577ctguil@chromium.orgint fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) 278a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com{ 280a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com u8 xkey[64]; 290a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com u32 t[5], _t[5]; 300a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com int i, j, m, k; 310a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com u8 *xpos = x; 320a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com u32 carry; 330a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com 348a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com if (seed_len < sizeof(xkey)) 358a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len); 368a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com else 378a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com seed_len = sizeof(xkey); 388a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com 398a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com /* FIPS 186-2 + change notice 1 */ 4063ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com 4163ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com os_memcpy(xkey, seed, seed_len); 428a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com t[0] = 0x67452301; 438a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com t[1] = 0xEFCDAB89; 448a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com t[2] = 0x98BADCFE; 458a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com t[3] = 0x10325476; 468a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com t[4] = 0xC3D2E1F0; 478a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com 488a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com m = xlen / 40; 498a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com for (j = 0; j < m; j++) { 508a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com /* XSEED_j = 0 */ 5163ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com for (i = 0; i < 2; i++) { 5263ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com /* XVAL = (XKEY + XSEED_j) mod 2^b */ 5363ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com 5463ae1cfb10d0d14722df59cba0012f8a4370c090robertphillips@google.com /* w_i = G(t, XVAL) */ 558a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com os_memcpy(_t, t, 20); 568a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com sha1_transform((u8 *) _t, xkey); 574c09d5cd4b9e6f0be1352f62288efdedc1bc3de3reed@google.com _t[0] = host_to_be32(_t[0]); 588a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com _t[1] = host_to_be32(_t[1]); 598a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com _t[2] = host_to_be32(_t[2]); 608a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com _t[3] = host_to_be32(_t[3]); 618a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com _t[4] = host_to_be32(_t[4]); 620a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com os_memcpy(xpos, _t, 20); 638a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com 648a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com /* XKEY = (1 + XKEY + w_i) mod 2^b */ 650a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com carry = 1; 668a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com for (k = 19; k >= 0; k--) { 670a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com carry += xkey[k] + xpos[k]; 680a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com xkey[k] = carry & 0xff; 690a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com carry >>= 8; 700a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com } 710a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com 72d302f1401b3c9aea094804bad4e76de98782cfe8bsalomon@google.com xpos += 20; 73d302f1401b3c9aea094804bad4e76de98782cfe8bsalomon@google.com } 74d302f1401b3c9aea094804bad4e76de98782cfe8bsalomon@google.com /* x_j = w_0|w_1 */ 750a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com } 76d302f1401b3c9aea094804bad4e76de98782cfe8bsalomon@google.com 770a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com return 0; 788a1c16ff38322f0210116fa7293eb8817c7e477ereed@android.com} 790a78b0f4a2e1a3d7d1fbdb9b0b5dba5095db2e5arobertphillips@google.com