wpa_supplicant_node: wpa_supplicant_node: sha1.c Source File

00001 /*
00002  * SHA1 hash implementation and interface functions
00003  * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #include "includes.h"
00016 
00017 #include "common.h"
00018 #include "sha1.h"
00019 #include "crypto.h"
00020 
00021 
00032 int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
00033                      const u8 *addr[], const size_t *len, u8 *mac)
00034 {
00035         unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
00036         unsigned char tk[20];
00037         const u8 *_addr[6];
00038         size_t _len[6], i;
00039 
00040         if (num_elem > 5) {
00041                 /*
00042                  * Fixed limit on the number of fragments to avoid having to
00043                  * allocate memory (which could fail).
00044                  */
00045                 return -1;
00046         }
00047 
00048         /* if key is longer than 64 bytes reset it to key = SHA1(key) */
00049         if (key_len > 64) {
00050                 if (sha1_vector(1, &key, &key_len, tk))
00051                         return -1;
00052                 key = tk;
00053                 key_len = 20;
00054         }
00055 
00056         /* the HMAC_SHA1 transform looks like:
00057          *
00058          * SHA1(K XOR opad, SHA1(K XOR ipad, text))
00059          *
00060          * where K is an n byte key
00061          * ipad is the byte 0x36 repeated 64 times
00062          * opad is the byte 0x5c repeated 64 times
00063          * and text is the data being protected */
00064 
00065         /* start out by storing key in ipad */
00066         os_memset(k_pad, 0, sizeof(k_pad));
00067         os_memcpy(k_pad, key, key_len);
00068         /* XOR key with ipad values */
00069         for (i = 0; i < 64; i++)
00070                 k_pad[i] ^= 0x36;
00071 
00072         /* perform inner SHA1 */
00073         _addr[0] = k_pad;
00074         _len[0] = 64;
00075         for (i = 0; i < num_elem; i++) {
00076                 _addr[i + 1] = addr[i];
00077                 _len[i + 1] = len[i];
00078         }
00079         if (sha1_vector(1 + num_elem, _addr, _len, mac))
00080                 return -1;
00081 
00082         os_memset(k_pad, 0, sizeof(k_pad));
00083         os_memcpy(k_pad, key, key_len);
00084         /* XOR key with opad values */
00085         for (i = 0; i < 64; i++)
00086                 k_pad[i] ^= 0x5c;
00087 
00088         /* perform outer SHA1 */
00089         _addr[0] = k_pad;
00090         _len[0] = 64;
00091         _addr[1] = mac;
00092         _len[1] = SHA1_MAC_LEN;
00093         return sha1_vector(2, _addr, _len, mac);
00094 }
00095 
00096 
00106 int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
00107                u8 *mac)
00108 {
00109         return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
00110 }
00111 
00112 
00127 int sha1_prf(const u8 *key, size_t key_len, const char *label,
00128              const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
00129 {
00130         u8 counter = 0;
00131         size_t pos, plen;
00132         u8 hash[SHA1_MAC_LEN];
00133         size_t label_len = os_strlen(label) + 1;
00134         const unsigned char *addr[3];
00135         size_t len[3];
00136 
00137         addr[0] = (u8 *) label;
00138         len[0] = label_len;
00139         addr[1] = data;
00140         len[1] = data_len;
00141         addr[2] = &counter;
00142         len[2] = 1;
00143 
00144         pos = 0;
00145         while (pos < buf_len) {
00146                 plen = buf_len - pos;
00147                 if (plen >= SHA1_MAC_LEN) {
00148                         if (hmac_sha1_vector(key, key_len, 3, addr, len,
00149                                              &buf[pos]))
00150                                 return -1;
00151                         pos += SHA1_MAC_LEN;
00152                 } else {
00153                         if (hmac_sha1_vector(key, key_len, 3, addr, len,
00154                                              hash))
00155                                 return -1;
00156                         os_memcpy(&buf[pos], hash, plen);
00157                         break;
00158                 }
00159                 counter++;
00160         }
00161 
00162         return 0;
00163 }