1 /* 2 * FIPS 186-2 PRF for libcrypto 3 * Copyright (c) 2004-2005, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 #include <openssl/sha.h> 11 12 #include "common.h" 13 #include "crypto.h" 14 15 16 static void sha1_transform(u8 *state, const u8 data[64]) 17 { 18 SHA_CTX context; 19 os_memset(&context, 0, sizeof(context)); 20 os_memcpy(&context.h0, state, 5 * 4); 21 SHA1_Transform(&context, data); 22 os_memcpy(state, &context.h0, 5 * 4); 23 } 24 25 26 int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) 27 { 28 u8 xkey[64]; 29 u32 t[5], _t[5]; 30 int i, j, m, k; 31 u8 *xpos = x; 32 u32 carry; 33 34 if (seed_len > sizeof(xkey)) 35 seed_len = sizeof(xkey); 36 37 /* FIPS 186-2 + change notice 1 */ 38 39 os_memcpy(xkey, seed, seed_len); 40 os_memset(xkey + seed_len, 0, 64 - seed_len); 41 t[0] = 0x67452301; 42 t[1] = 0xEFCDAB89; 43 t[2] = 0x98BADCFE; 44 t[3] = 0x10325476; 45 t[4] = 0xC3D2E1F0; 46 47 m = xlen / 40; 48 for (j = 0; j < m; j++) { 49 /* XSEED_j = 0 */ 50 for (i = 0; i < 2; i++) { 51 /* XVAL = (XKEY + XSEED_j) mod 2^b */ 52 53 /* w_i = G(t, XVAL) */ 54 os_memcpy(_t, t, 20); 55 sha1_transform((u8 *) _t, xkey); 56 _t[0] = host_to_be32(_t[0]); 57 _t[1] = host_to_be32(_t[1]); 58 _t[2] = host_to_be32(_t[2]); 59 _t[3] = host_to_be32(_t[3]); 60 _t[4] = host_to_be32(_t[4]); 61 os_memcpy(xpos, _t, 20); 62 63 /* XKEY = (1 + XKEY + w_i) mod 2^b */ 64 carry = 1; 65 for (k = 19; k >= 0; k--) { 66 carry += xkey[k] + xpos[k]; 67 xkey[k] = carry & 0xff; 68 carry >>= 8; 69 } 70 71 xpos += 20; 72 } 73 /* x_j = w_0|w_1 */ 74 } 75 76 return 0; 77 } 78
