Home Explore Help
Register Sign In
Apq
/
udp2raw
mirror of https://github.com/wangyu-/udp2raw.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: d12e540830
Branches Tags
udp2raw
/
lib
/
pbkdf2-sha1.cpp

pbkdf2-sha1.cpp 20 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865 
  1. /*
    2. 

  2.    this file is from https://github.com/kholia/PKCS5_PBKDF2
    3. 

  3. 

  4. *
    5. 

  5.  *  FIPS-180-1 compliant SHA-1 implementation
    6. 

  6.  *
    7. 

  7.  *  Copyright (C) 2006-2010, Brainspark B.V.
    8. 

  8.  *
    9. 

  9.  *  This file is part of PolarSSL (http://www.polarssl.org)
    10. 

  10.  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
    11. 

  11.  *
    12. 

  12.  *  All rights reserved.
    13. 

  13.  *
    14. 

  14.  *  This program is free software; you can redistribute it and/or modify
    15. 

  15.  *  it under the terms of the GNU General Public License as published by
    16. 

  16.  *  the Free Software Foundation; either version 2 of the License, or
    17. 

  17.  *  (at your option) any later version.
    18. 

  18.  *
    19. 

  19.  *  This program is distributed in the hope that it will be useful,
    20. 

  20.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
    21. 

  21.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    22. 

  22.  *  GNU General Public License for more details.
    23. 

  23.  *
    24. 

  24.  *  You should have received a copy of the GNU General Public License along
    25. 

  25.  *  with this program; if not, write to the Free Software Foundation, Inc.,
    26. 

  26.  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    27. 

  27.  *
    28. 

  28.  *  The SHA-1 standard was published by NIST in 1993.
    29. 

  29.  *
    30. 

  30.  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
    31. 

  31.  *
    32. 

  32.  *  Copyright 2012 Mathias Olsson [email protected]
    33. 

  33.  *
    34. 

  34.  *  This file is dual licensed as either GPL version 2 or Apache License 2.0 at your choice
    35. 

  35.  *  http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
    36. 

  36.  *  http://www.apache.org/licenses/
    37. 

  37.  *
    38. 

  38.  *  Note that PolarSSL uses GPL with a FOSS License Exception */
    39. 

  39. 

  40. #include <stdio.h>
    41. 

  41. #include <stdlib.h>
    42. 

  42. #include <string.h>
    43. 

  43. 

  44. #if defined(TEST) ||defined(DEBUG)
    45. 

  45. #undef TEST 
    46. 

  46. #undef DEBUG
    47. 

  47. #warning "undefined TEST/DEBUG"
    48. 

  48. #endif
    49. 

  49. 

  50. typedef struct {
    51. 

  51. 	unsigned long total[2];	/*!< number of bytes processed  */
    52. 

  52. 	unsigned long state[5];	/*!< intermediate digest state  */
    53. 

  53. 	unsigned char buffer[64];	/*!< data block being processed */
    54. 

  54. 

  55. 	unsigned char ipad[64];	/*!< HMAC: inner padding        */
    56. 

  56. 	unsigned char opad[64];	/*!< HMAC: outer padding        */
    57. 

  57. } sha1_context;
    58. 

  58. 

  59. /*
    60. 

  60.  * 32-bit integer manipulation macros (big endian)
    61. 

  61.  */
    62. 

  62. #ifndef GET_ULONG_BE
    63. 

  63. #define GET_ULONG_BE(n,b,i)                             \
    64. 

  64. {                                                       \
    65. 

  65.     (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
    66. 

  66.         | ( (unsigned long) (b)[(i) + 1] << 16 )        \
    67. 

  67.         | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
    68. 

  68.         | ( (unsigned long) (b)[(i) + 3]       );       \
    69. 

  69. }
    70. 

  70. #endif
    71. 

  71. 

  72. #ifndef PUT_ULONG_BE
    73. 

  73. #define PUT_ULONG_BE(n,b,i)                             \
    74. 

  74. {                                                       \
    75. 

  75.     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
    76. 

  76.     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
    77. 

  77.     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
    78. 

  78.     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
    79. 

  79. }
    80. 

  80. #endif
    81. 

  81. 

  82. /*
    83. 

  83.  * SHA-1 context setup
    84. 

  84.  */
    85. 

  85. void sha1_starts(sha1_context * ctx)
    86. 

  86. {
    87. 

  87. 	ctx->total[0] = 0;
    88. 

  88. 	ctx->total[1] = 0;
    89. 

  89. 

  90. 	ctx->state[0] = 0x67452301;
    91. 

  91. 	ctx->state[1] = 0xEFCDAB89;
    92. 

  92. 	ctx->state[2] = 0x98BADCFE;
    93. 

  93. 	ctx->state[3] = 0x10325476;
    94. 

  94. 	ctx->state[4] = 0xC3D2E1F0;
    95. 

  95. }
    96. 

  96. 

  97. static void sha1_process(sha1_context * ctx, const unsigned char data[64])
    98. 

  98. {
    99. 

  99. 	unsigned long temp, W[16], A, B, C, D, E;
    100. 

  100. 

  101. 	GET_ULONG_BE(W[0], data, 0);
    102. 

  102. 	GET_ULONG_BE(W[1], data, 4);
    103. 

  103. 	GET_ULONG_BE(W[2], data, 8);
    104. 

  104. 	GET_ULONG_BE(W[3], data, 12);
    105. 

  105. 	GET_ULONG_BE(W[4], data, 16);
    106. 

  106. 	GET_ULONG_BE(W[5], data, 20);
    107. 

  107. 	GET_ULONG_BE(W[6], data, 24);
    108. 

  108. 	GET_ULONG_BE(W[7], data, 28);
    109. 

  109. 	GET_ULONG_BE(W[8], data, 32);
    110. 

  110. 	GET_ULONG_BE(W[9], data, 36);
    111. 

  111. 	GET_ULONG_BE(W[10], data, 40);
    112. 

  112. 	GET_ULONG_BE(W[11], data, 44);
    113. 

  113. 	GET_ULONG_BE(W[12], data, 48);
    114. 

  114. 	GET_ULONG_BE(W[13], data, 52);
    115. 

  115. 	GET_ULONG_BE(W[14], data, 56);
    116. 

  116. 	GET_ULONG_BE(W[15], data, 60);
    117. 

  117. 

  118. #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
    119. 

  119. 

  120. #define R(t)                                            \
    121. 

  121. (                                                       \
    122. 

  122.     temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^     \
    123. 

  123.            W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],      \
    124. 

  124.     ( W[t & 0x0F] = S(temp,1) )                         \
    125. 

  125. )
    126. 

  126. 

  127. #define P(a,b,c,d,e,x)                                  \
    128. 

  128. {                                                       \
    129. 

  129.     e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
    130. 

  130. }
    131. 

  131. 

  132. 	A = ctx->state[0];
    133. 

  133. 	B = ctx->state[1];
    134. 

  134. 	C = ctx->state[2];
    135. 

  135. 	D = ctx->state[3];
    136. 

  136. 	E = ctx->state[4];
    137. 

  137. 

  138. #define F(x,y,z) (z ^ (x & (y ^ z)))
    139. 

  139. #define K 0x5A827999
    140. 

  140. 

  141. 	P(A, B, C, D, E, W[0]);
    142. 

  142. 	P(E, A, B, C, D, W[1]);
    143. 

  143. 	P(D, E, A, B, C, W[2]);
    144. 

  144. 	P(C, D, E, A, B, W[3]);
    145. 

  145. 	P(B, C, D, E, A, W[4]);
    146. 

  146. 	P(A, B, C, D, E, W[5]);
    147. 

  147. 	P(E, A, B, C, D, W[6]);
    148. 

  148. 	P(D, E, A, B, C, W[7]);
    149. 

  149. 	P(C, D, E, A, B, W[8]);
    150. 

  150. 	P(B, C, D, E, A, W[9]);
    151. 

  151. 	P(A, B, C, D, E, W[10]);
    152. 

  152. 	P(E, A, B, C, D, W[11]);
    153. 

  153. 	P(D, E, A, B, C, W[12]);
    154. 

  154. 	P(C, D, E, A, B, W[13]);
    155. 

  155. 	P(B, C, D, E, A, W[14]);
    156. 

  156. 	P(A, B, C, D, E, W[15]);
    157. 

  157. 	P(E, A, B, C, D, R(16));
    158. 

  158. 	P(D, E, A, B, C, R(17));
    159. 

  159. 	P(C, D, E, A, B, R(18));
    160. 

  160. 	P(B, C, D, E, A, R(19));
    161. 

  161. 

  162. #undef K
    163. 

  163. #undef F
    164. 

  164. 

  165. #define F(x,y,z) (x ^ y ^ z)
    166. 

  166. #define K 0x6ED9EBA1
    167. 

  167. 

  168. 	P(A, B, C, D, E, R(20));
    169. 

  169. 	P(E, A, B, C, D, R(21));
    170. 

  170. 	P(D, E, A, B, C, R(22));
    171. 

  171. 	P(C, D, E, A, B, R(23));
    172. 

  172. 	P(B, C, D, E, A, R(24));
    173. 

  173. 	P(A, B, C, D, E, R(25));
    174. 

  174. 	P(E, A, B, C, D, R(26));
    175. 

  175. 	P(D, E, A, B, C, R(27));
    176. 

  176. 	P(C, D, E, A, B, R(28));
    177. 

  177. 	P(B, C, D, E, A, R(29));
    178. 

  178. 	P(A, B, C, D, E, R(30));
    179. 

  179. 	P(E, A, B, C, D, R(31));
    180. 

  180. 	P(D, E, A, B, C, R(32));
    181. 

  181. 	P(C, D, E, A, B, R(33));
    182. 

  182. 	P(B, C, D, E, A, R(34));
    183. 

  183. 	P(A, B, C, D, E, R(35));
    184. 

  184. 	P(E, A, B, C, D, R(36));
    185. 

  185. 	P(D, E, A, B, C, R(37));
    186. 

  186. 	P(C, D, E, A, B, R(38));
    187. 

  187. 	P(B, C, D, E, A, R(39));
    188. 

  188. 

  189. #undef K
    190. 

  190. #undef F
    191. 

  191. 

  192. #define F(x,y,z) ((x & y) | (z & (x | y)))
    193. 

  193. #define K 0x8F1BBCDC
    194. 

  194. 

  195. 	P(A, B, C, D, E, R(40));
    196. 

  196. 	P(E, A, B, C, D, R(41));
    197. 

  197. 	P(D, E, A, B, C, R(42));
    198. 

  198. 	P(C, D, E, A, B, R(43));
    199. 

  199. 	P(B, C, D, E, A, R(44));
    200. 

  200. 	P(A, B, C, D, E, R(45));
    201. 

  201. 	P(E, A, B, C, D, R(46));
    202. 

  202. 	P(D, E, A, B, C, R(47));
    203. 

  203. 	P(C, D, E, A, B, R(48));
    204. 

  204. 	P(B, C, D, E, A, R(49));
    205. 

  205. 	P(A, B, C, D, E, R(50));
    206. 

  206. 	P(E, A, B, C, D, R(51));
    207. 

  207. 	P(D, E, A, B, C, R(52));
    208. 

  208. 	P(C, D, E, A, B, R(53));
    209. 

  209. 	P(B, C, D, E, A, R(54));
    210. 

  210. 	P(A, B, C, D, E, R(55));
    211. 

  211. 	P(E, A, B, C, D, R(56));
    212. 

  212. 	P(D, E, A, B, C, R(57));
    213. 

  213. 	P(C, D, E, A, B, R(58));
    214. 

  214. 	P(B, C, D, E, A, R(59));
    215. 

  215. 

  216. #undef K
    217. 

  217. #undef F
    218. 

  218. 

  219. #define F(x,y,z) (x ^ y ^ z)
    220. 

  220. #define K 0xCA62C1D6
    221. 

  221. 

  222. 	P(A, B, C, D, E, R(60));
    223. 

  223. 	P(E, A, B, C, D, R(61));
    224. 

  224. 	P(D, E, A, B, C, R(62));
    225. 

  225. 	P(C, D, E, A, B, R(63));
    226. 

  226. 	P(B, C, D, E, A, R(64));
    227. 

  227. 	P(A, B, C, D, E, R(65));
    228. 

  228. 	P(E, A, B, C, D, R(66));
    229. 

  229. 	P(D, E, A, B, C, R(67));
    230. 

  230. 	P(C, D, E, A, B, R(68));
    231. 

  231. 	P(B, C, D, E, A, R(69));
    232. 

  232. 	P(A, B, C, D, E, R(70));
    233. 

  233. 	P(E, A, B, C, D, R(71));
    234. 

  234. 	P(D, E, A, B, C, R(72));
    235. 

  235. 	P(C, D, E, A, B, R(73));
    236. 

  236. 	P(B, C, D, E, A, R(74));
    237. 

  237. 	P(A, B, C, D, E, R(75));
    238. 

  238. 	P(E, A, B, C, D, R(76));
    239. 

  239. 	P(D, E, A, B, C, R(77));
    240. 

  240. 	P(C, D, E, A, B, R(78));
    241. 

  241. 	P(B, C, D, E, A, R(79));
    242. 

  242. 

  243. #undef K
    244. 

  244. #undef F
    245. 

  245. 

  246. 	ctx->state[0] += A;
    247. 

  247. 	ctx->state[1] += B;
    248. 

  248. 	ctx->state[2] += C;
    249. 

  249. 	ctx->state[3] += D;
    250. 

  250. 	ctx->state[4] += E;
    251. 

  251. }
    252. 

  252. 

  253. /*
    254. 

  254.  * SHA-1 process buffer
    255. 

  255.  */
    256. 

  256. void sha1_update(sha1_context * ctx, const unsigned char *input, int ilen)
    257. 

  257. {
    258. 

  258. 	int fill;
    259. 

  259. 	unsigned long left;
    260. 

  260. 

  261. 	if (ilen <= 0)
    262. 

  262. 		return;
    263. 

  263. 

  264. 	left = ctx->total[0] & 0x3F;
    265. 

  265. 	fill = 64 - left;
    266. 

  266. 

  267. 	ctx->total[0] += (unsigned long) ilen;
    268. 

  268. 	ctx->total[0] &= 0xFFFFFFFF;
    269. 

  269. 

  270. 	if (ctx->total[0] < (unsigned long) ilen)
    271. 

  271. 		ctx->total[1]++;
    272. 

  272. 

  273. 	if (left && ilen >= fill) {
    274. 

  274. 		memcpy((void *) (ctx->buffer + left), (void *) input, fill);
    275. 

  275. 		sha1_process(ctx, ctx->buffer);
    276. 

  276. 		input += fill;
    277. 

  277. 		ilen -= fill;
    278. 

  278. 		left = 0;
    279. 

  279. 	}
    280. 

  280. 

  281. 	while (ilen >= 64) {
    282. 

  282. 		sha1_process(ctx, input);
    283. 

  283. 		input += 64;
    284. 

  284. 		ilen -= 64;
    285. 

  285. 	}
    286. 

  286. 

  287. 	if (ilen > 0) {
    288. 

  288. 		memcpy((void *) (ctx->buffer + left), (void *) input, ilen);
    289. 

  289. 	}
    290. 

  290. }
    291. 

  291. 

  292. static const unsigned char sha1_padding[64] = {
    293. 

  293. 	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    294. 

  294. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    295. 

  295. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    296. 

  296. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
    297. 

  297. };
    298. 

  298. 

  299. /*
    300. 

  300.  * SHA-1 final digest
    301. 

  301.  */
    302. 

  302. void sha1_finish(sha1_context * ctx, unsigned char output[20])
    303. 

  303. {
    304. 

  304. 	unsigned long last, padn;
    305. 

  305. 	unsigned long high, low;
    306. 

  306. 	unsigned char msglen[8];
    307. 

  307. 

  308. 	high = (ctx->total[0] >> 29)
    309. 

  309. 	    | (ctx->total[1] << 3);
    310. 

  310. 	low = (ctx->total[0] << 3);
    311. 

  311. 

  312. 	PUT_ULONG_BE(high, msglen, 0);
    313. 

  313. 	PUT_ULONG_BE(low, msglen, 4);
    314. 

  314. 

  315. 	last = ctx->total[0] & 0x3F;
    316. 

  316. 	padn = (last < 56) ? (56 - last) : (120 - last);
    317. 

  317. 

  318. 	sha1_update(ctx, (unsigned char *) sha1_padding, padn);
    319. 

  319. 	sha1_update(ctx, msglen, 8);
    320. 

  320. 

  321. 	PUT_ULONG_BE(ctx->state[0], output, 0);
    322. 

  322. 	PUT_ULONG_BE(ctx->state[1], output, 4);
    323. 

  323. 	PUT_ULONG_BE(ctx->state[2], output, 8);
    324. 

  324. 	PUT_ULONG_BE(ctx->state[3], output, 12);
    325. 

  325. 	PUT_ULONG_BE(ctx->state[4], output, 16);
    326. 

  326. }
    327. 

  327. 

  328. /*
    329. 

  329.  * output = SHA-1( input buffer )
    330. 

  330.  */
    331. 

  331. void sha1(const unsigned char *input, int ilen, unsigned char output[20])
    332. 

  332. {
    333. 

  333. 	sha1_context ctx;
    334. 

  334. 

  335. 	sha1_starts(&ctx);
    336. 

  336. 	sha1_update(&ctx, input, ilen);
    337. 

  337. 	sha1_finish(&ctx, output);
    338. 

  338. 

  339. }
    340. 

  340. 

  341. 

  342. /*
    343. 

  343.  * SHA-1 HMAC context setup
    344. 

  344.  */
    345. 

  345. void sha1_hmac_starts(sha1_context * ctx, const unsigned char *key, int keylen)
    346. 

  346. {
    347. 

  347. 	int i;
    348. 

  348. 	unsigned char sum[20];
    349. 

  349. 

  350. 	if (keylen > 64) {
    351. 

  351. 		sha1(key, keylen, sum);
    352. 

  352. 		keylen = 20;
    353. 

  353. 		key = sum;
    354. 

  354. 	}
    355. 

  355. 

  356. 	memset(ctx->ipad, 0x36, 64);
    357. 

  357. 	memset(ctx->opad, 0x5C, 64);
    358. 

  358. 

  359. 	for (i = 0; i < keylen; i++) {
    360. 

  360. 		ctx->ipad[i] = (unsigned char) (ctx->ipad[i] ^ key[i]);
    361. 

  361. 		ctx->opad[i] = (unsigned char) (ctx->opad[i] ^ key[i]);
    362. 

  362. 	}
    363. 

  363. 

  364. 	sha1_starts(ctx);
    365. 

  365. 	sha1_update(ctx, ctx->ipad, 64);
    366. 

  366. 

  367. }
    368. 

  368. 

  369. /*
    370. 

  370.  * SHA-1 HMAC process buffer
    371. 

  371.  */
    372. 

  372. void sha1_hmac_update(sha1_context * ctx, const unsigned char *input, int ilen)
    373. 

  373. {
    374. 

  374. 	sha1_update(ctx, input, ilen);
    375. 

  375. }
    376. 

  376. 

  377. /*
    378. 

  378.  * SHA-1 HMAC final digest
    379. 

  379.  */
    380. 

  380. void sha1_hmac_finish(sha1_context * ctx, unsigned char output[20])
    381. 

  381. {
    382. 

  382. 	unsigned char tmpbuf[20];
    383. 

  383. 

  384. 	sha1_finish(ctx, tmpbuf);
    385. 

  385. 	sha1_starts(ctx);
    386. 

  386. 	sha1_update(ctx, ctx->opad, 64);
    387. 

  387. 	sha1_update(ctx, tmpbuf, 20);
    388. 

  388. 	sha1_finish(ctx, output);
    389. 

  389. 

  390. }
    391. 

  391. 

  392. /*
    393. 

  393.  * SHA1 HMAC context reset
    394. 

  394.  */
    395. 

  395. void sha1_hmac_reset(sha1_context * ctx)
    396. 

  396. {
    397. 

  397. 	sha1_starts(ctx);
    398. 

  398. 	sha1_update(ctx, ctx->ipad, 64);
    399. 

  399. }
    400. 

  400. 

  401. /*
    402. 

  402.  * output = HMAC-SHA-1( hmac key, input buffer )
    403. 

  403.  */
    404. 

  404. void sha1_hmac(const unsigned char *key, int keylen,
    405. 

  405.     const unsigned char *input, int ilen, unsigned char output[20])
    406. 

  406. {
    407. 

  407. 	sha1_context ctx;
    408. 

  408. 

  409. 	sha1_hmac_starts(&ctx, key, keylen);
    410. 

  410. 	sha1_hmac_update(&ctx, input, ilen);
    411. 

  411. 	sha1_hmac_finish(&ctx, output);
    412. 

  412. 

  413. }
    414. 

  414. 

  415. 

  416. 

  417. 

  418. 

  419. 

  420. 

  421. #ifndef min
    422. 

  422. #define min( a, b ) ( ((a) < (b)) ? (a) : (b) )
    423. 

  423. #endif
    424. 

  424. 

  425. void PKCS5_PBKDF2_HMAC_SHA1(const unsigned char *password, size_t plen,
    426. 

  426.     const unsigned char *salt, size_t slen,
    427. 

  427.     const unsigned long iteration_count, const unsigned long key_length,
    428. 

  428.     unsigned char *output)
    429. 

  429. {
    430. 

  430. 	sha1_context ctx;
    431. 

  431. 	sha1_starts(&ctx);
    432. 

  432. 

  433. 	// Size of the generated digest
    434. 

  434. 	unsigned char md_size = 20;
    435. 

  435. 	unsigned char md1[20];
    436. 

  436. 	unsigned char work[20];
    437. 

  437. 

  438. 	unsigned long counter = 1;
    439. 

  439. 	unsigned long generated_key_length = 0;
    440. 

  440. 	while (generated_key_length < key_length) {
    441. 

  441. 		// U1 ends up in md1 and work
    442. 

  442. 		unsigned char c[4];
    443. 

  443. 		c[0] = (counter >> 24) & 0xff;
    444. 

  444. 		c[1] = (counter >> 16) & 0xff;
    445. 

  445. 		c[2] = (counter >> 8) & 0xff;
    446. 

  446. 		c[3] = (counter >> 0) & 0xff;
    447. 

  447. 

  448. 		sha1_hmac_starts(&ctx, password, plen);
    449. 

  449. 		sha1_hmac_update(&ctx, salt, slen);
    450. 

  450. 		sha1_hmac_update(&ctx, c, 4);
    451. 

  451. 		sha1_hmac_finish(&ctx, md1);
    452. 

  452. 		memcpy(work, md1, md_size);
    453. 

  453. 

  454. 		unsigned long ic = 1;
    455. 

  455. 		for (ic = 1; ic < iteration_count; ic++) {
    456. 

  456. 			// U2 ends up in md1
    457. 

  457. 			sha1_hmac_starts(&ctx, password, plen);
    458. 

  458. 			sha1_hmac_update(&ctx, md1, md_size);
    459. 

  459. 			sha1_hmac_finish(&ctx, md1);
    460. 

  460. 			// U1 xor U2
    461. 

  461. 			unsigned long i = 0;
    462. 

  462. 			for (i = 0; i < md_size; i++) {
    463. 

  463. 				work[i] ^= md1[i];
    464. 

  464. 			}
    465. 

  465. 			// and so on until iteration_count
    466. 

  466. 		}
    467. 

  467. 

  468. 		// Copy the generated bytes to the key
    469. 

  469. 		unsigned long bytes_to_write =
    470. 

  470. 		    min((key_length - generated_key_length), md_size);
    471. 

  471. 		memcpy(output + generated_key_length, work, bytes_to_write);
    472. 

  472. 		generated_key_length += bytes_to_write;
    473. 

  473. 		++counter;
    474. 

  474. 	}
    475. 

  475. }
    476. 

  476. 

  477. 

  478. #if defined(TEST)
    479. 

  479. /*
    480. 

  480.  * FIPS-180-1 test vectors
    481. 

  481.  */
    482. 

  482. static unsigned char sha1_test_buf[3][57] = {
    483. 

  483. 	{"abc"},
    484. 

  484. 	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
    485. 

  485. 	{""}
    486. 

  486. };
    487. 

  487. 

  488. static const int sha1_test_buflen[3] = {
    489. 

  489. 	3, 56, 1000
    490. 

  490. };
    491. 

  491. 

  492. static const unsigned char sha1_test_sum[3][20] = {
    493. 

  493. 	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
    494. 

  494. 	    0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
    495. 

  495. 	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
    496. 

  496. 	    0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
    497. 

  497. 	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
    498. 

  498. 	    0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
    499. 

  499. };
    500. 

  500. 

  501. /*
    502. 

  502.  * RFC 2202 test vectors
    503. 

  503.  */
    504. 

  504. static unsigned char sha1_hmac_test_key[7][26] = {
    505. 

  505. 	{"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
    506. 

  506. 		    "\x0B\x0B\x0B\x0B"},
    507. 

  507. 	{"Jefe"},
    508. 

  508. 	{"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
    509. 

  509. 		    "\xAA\xAA\xAA\xAA"},
    510. 

  510. 	{"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
    511. 

  511. 		    "\x11\x12\x13\x14\x15\x16\x17\x18\x19"},
    512. 

  512. 	{"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
    513. 

  513. 		    "\x0C\x0C\x0C\x0C"},
    514. 

  514. 	{""},			/* 0xAA 80 times */
    515. 

  515. 	{""}
    516. 

  516. };
    517. 

  517. 

  518. static const int sha1_hmac_test_keylen[7] = {
    519. 

  519. 	20, 4, 20, 25, 20, 80, 80
    520. 

  520. };
    521. 

  521. 

  522. static unsigned char sha1_hmac_test_buf[7][74] = {
    523. 

  523. 	{"Hi There"},
    524. 

  524. 	{"what do ya want for nothing?"},
    525. 

  525. 	{"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
    526. 

  526. 		    "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
    527. 

  527. 		    "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
    528. 

  528. 		    "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
    529. 

  529. 		    "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"},
    530. 

  530. 	{"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
    531. 

  531. 		    "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
    532. 

  532. 		    "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
    533. 

  533. 		    "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
    534. 

  534. 		    "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"},
    535. 

  535. 	{"Test With Truncation"},
    536. 

  536. 	{"Test Using Larger Than Block-Size Key - Hash Key First"},
    537. 

  537. 	{"Test Using Larger Than Block-Size Key and Larger"
    538. 

  538. 		    " Than One Block-Size Data"}
    539. 

  539. };
    540. 

  540. 

  541. static const int sha1_hmac_test_buflen[7] = {
    542. 

  542. 	8, 28, 50, 50, 20, 54, 73
    543. 

  543. };
    544. 

  544. 

  545. static const unsigned char sha1_hmac_test_sum[7][20] = {
    546. 

  546. 	{0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
    547. 

  547. 	    0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00},
    548. 

  548. 	{0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
    549. 

  549. 	    0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79},
    550. 

  550. 	{0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
    551. 

  551. 	    0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3},
    552. 

  552. 	{0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
    553. 

  553. 	    0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA},
    554. 

  554. 	{0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
    555. 

  555. 	    0x7B, 0xE1},
    556. 

  556. 	{0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
    557. 

  557. 	    0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12},
    558. 

  558. 	{0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
    559. 

  559. 	    0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91}
    560. 

  560. };
    561. 

  561. 

  562. typedef struct {
    563. 

  563. 	char *t;
    564. 

  564. 	char *p;
    565. 

  565. 	int plen;
    566. 

  566. 	char *s;
    567. 

  567. 	int slen;
    568. 

  568. 	int c;
    569. 

  569. 	int dkLen;
    570. 

  570. 	char dk[1024];		// Remember to set this to max dkLen
    571. 

  571. } testvector;
    572. 

  572. 

  573. int do_test(testvector * tv)
    574. 

  574. {
    575. 

  575. 	printf("Started %s\n", tv->t);
    576. 

  576. 	fflush(stdout);
    577. 

  577. 	char *key = malloc(tv->dkLen);
    578. 

  578. 	if (key == 0) {
    579. 

  579. 		return -1;
    580. 

  580. 	}
    581. 

  581. 

  582. 	PKCS5_PBKDF2_HMAC(tv->p, tv->plen, tv->s, tv->slen, tv->c,
    583. 

  583. 	    tv->dkLen, key);
    584. 

  584. 

  585. 	if (memcmp(tv->dk, key, tv->dkLen) != 0) {
    586. 

  586. 		// Failed
    587. 

  587. 		return -1;
    588. 

  588. 	}
    589. 

  589. 

  590. 	return 0;
    591. 

  591. }
    592. 

  592. 

  593. #ifdef DEBUG
    594. 

  594. static void print_hex(unsigned char *str, int len)
    595. 

  595. {
    596. 

  596. 	int i;
    597. 

  597. 	for (i = 0; i < len; ++i)
    598. 

  598. 		printf("%02x", str[i]);
    599. 

  599. 	printf("\n");
    600. 

  600. }
    601. 

  601. #endif
    602. 

  602. 

  603. /*
    604. 

  604.  * Checkup routine
    605. 

  605.  */
    606. 

  606. int main(int argc,char * argv[])
    607. 

  607. {
    608. 

  608. 	int verbose = 1;
    609. 

  609. 	int i, j, buflen;
    610. 

  610. 	unsigned char buf[1024];
    611. 

  611. 	unsigned char sha1sum[20];
    612. 

  612. 

  613. 	sha1_context ctx;
    614. 

  614. 

  615. 	/*
    616. 

  616. 	 * SHA-1
    617. 

  617. 	 */
    618. 

  618. 	for (i = 0; i < 3; i++) {
    619. 

  619. 		if (verbose != 0)
    620. 

  620. 			printf("  SHA-1 test #%d: ", i + 1);
    621. 

  621. 

  622. 		sha1_starts(&ctx);
    623. 

  623. 

  624. 		if (i == 2) {
    625. 

  625. 			memset(buf, 'a', buflen = 1000);
    626. 

  626. 

  627. 			for (j = 0; j < 1000; j++)
    628. 

  628. 				sha1_update(&ctx, buf, buflen);
    629. 

  629. 		} else
    630. 

  630. 			sha1_update(&ctx, sha1_test_buf[i],
    631. 

  631. 			    sha1_test_buflen[i]);
    632. 

  632. 

  633. 		sha1_finish(&ctx, sha1sum);
    634. 

  634. 

  635. 		if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) {
    636. 

  636. 			if (verbose != 0)
    637. 

  637. 				printf("failed\n");
    638. 

  638. 

  639. 			return (1);
    640. 

  640. 		}
    641. 

  641. 

  642. 		if (verbose != 0)
    643. 

  643. 			printf("passed\n");
    644. 

  644. 	}
    645. 

  645. 

  646. 	if (verbose != 0)
    647. 

  647. 		printf("\n");
    648. 

  648. 

  649. 	for (i = 0; i < 7; i++) {
    650. 

  650. 		if (verbose != 0)
    651. 

  651. 			printf("  HMAC-SHA-1 test #%d: ", i + 1);
    652. 

  652. 

  653. 		if (i == 5 || i == 6) {
    654. 

  654. 			memset(buf, '\xAA', buflen = 80);
    655. 

  655. 			sha1_hmac_starts(&ctx, buf, buflen);
    656. 

  656. 		} else
    657. 

  657. 			sha1_hmac_starts(&ctx, sha1_hmac_test_key[i],
    658. 

  658. 			    sha1_hmac_test_keylen[i]);
    659. 

  659. 

  660. 		sha1_hmac_update(&ctx, sha1_hmac_test_buf[i],
    661. 

  661. 		    sha1_hmac_test_buflen[i]);
    662. 

  662. 

  663. 		sha1_hmac_finish(&ctx, sha1sum);
    664. 

  664. 

  665. 		buflen = (i == 4) ? 12 : 20;
    666. 

  666. 

  667. 		if (memcmp(sha1sum, sha1_hmac_test_sum[i], buflen) != 0) {
    668. 

  668. 			if (verbose != 0)
    669. 

  669. 				printf("failed\n");
    670. 

  670. 

  671. 			return (1);
    672. 

  672. 		}
    673. 

  673. 

  674. 		if (verbose != 0)
    675. 

  675. 			printf("passed\n");
    676. 

  676. 	}
    677. 

  677. 

  678. 	if (verbose != 0)
    679. 

  679. 		printf("\n");
    680. 

  680. 

  681. 	// Test vectors from RFC 6070
    682. 

  682. 

  683. 	testvector *tv = 0;
    684. 

  684. 	int res = 0;
    685. 

  685. 

  686. /*
    687. 

  687.     Input:
    688. 

  688.        P = "password" (8 octets)
    689. 

  689.        S = "salt" (4 octets)
    690. 

  690.        c = 1
    691. 

  691.        dkLen = 20
    692. 

  692. 

  693.      Output:
    694. 

  694.        DK = 0c 60 c8 0f 96 1f 0e 71
    695. 

  695.             f3 a9 b5 24 af 60 12 06
    696. 

  696.             2f e0 37 a6             (20 octets)
    697. 

  697. 

  698. */
    699. 

  699. 	testvector t1 = {
    700. 

  700. 		"Test 1",
    701. 

  701. 		"password", 8, "salt", 4, 1, 20,
    702. 

  702. 		.dk = {0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
    703. 

  703. 			    0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
    704. 

  704. 		    0x2f, 0xe0, 0x37, 0xa6}
    705. 

  705. 	};
    706. 

  706. 

  707. 	tv = &t1;
    708. 

  708. 	res = do_test(tv);
    709. 

  709. 	if (res != 0) {
    710. 

  710. 		printf("%s failed\n", tv->t);
    711. 

  711. 		return res;
    712. 

  712. 	}
    713. 

  713. 

  714. /*
    715. 

  715.        Input:
    716. 

  716.              P = "password" (8 octets)
    717. 

  717.              S = "salt" (4 octets)
    718. 

  718.              c = 2
    719. 

  719.              dkLen = 20
    720. 

  720. 

  721.            Output:
    722. 

  722.              DK = ea 6c 01 4d c7 2d 6f 8c
    723. 

  723.                   cd 1e d9 2a ce 1d 41 f0
    724. 

  724.                   d8 de 89 57             (20 octets)
    725. 

  725. 

  726. */
    727. 

  727. 

  728. 	testvector t2 = {
    729. 

  729. 		"Test 2",
    730. 

  730. 		"password", 8, "salt", 4, 2, 20,
    731. 

  731. 		{0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
    732. 

  732. 			    0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
    733. 

  733. 		    0xd8, 0xde, 0x89, 0x57}
    734. 

  734. 	};
    735. 

  735. 

  736. 	tv = &t2;
    737. 

  737. 	res = do_test(tv);
    738. 

  738. 	if (res != 0) {
    739. 

  739. 		printf("%s failed\n", tv->t);
    740. 

  740. 		return res;
    741. 

  741. 	}
    742. 

  742. 

  743. /*
    744. 

  744.              Input:
    745. 

  745.                   P = "password" (8 octets)
    746. 

  746.                   S = "salt" (4 octets)
    747. 

  747.                   c = 4096
    748. 

  748.                   dkLen = 20
    749. 

  749. 

  750.                 Output:
    751. 

  751.                   DK = 4b 00 79 01 b7 65 48 9a
    752. 

  752.                        be ad 49 d9 26 f7 21 d0
    753. 

  753.                        65 a4 29 c1             (20 octets)
    754. 

  754. 

  755. 

  756. */
    757. 

  757. 	testvector t3 = {
    758. 

  758. 		"Test 3",
    759. 

  759. 		"password", 8, "salt", 4, 4096, 20,
    760. 

  760. 		{0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
    761. 

  761. 			    0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
    762. 

  762. 		    0x65, 0xa4, 0x29, 0xc1}
    763. 

  763. 	};
    764. 

  764. 

  765. 	tv = &t3;
    766. 

  766. 	res = do_test(tv);
    767. 

  767. 	if (res != 0) {
    768. 

  768. 		printf("%s failed\n", tv->t);
    769. 

  769. 		return res;
    770. 

  770. 	}
    771. 

  771. 

  772. /*
    773. 

  773.                   Input:
    774. 

  774.                      P = "password" (8 octets)
    775. 

  775.                      S = "salt" (4 octets)
    776. 

  776.                      c = 16777216
    777. 

  777.                      dkLen = 20
    778. 

  778. 

  779.                    Output:
    780. 

  780.                      DK = ee fe 3d 61 cd 4d a4 e4
    781. 

  781.                           e9 94 5b 3d 6b a2 15 8c
    782. 

  782.                           26 34 e9 84             (20 octets)
    783. 

  783. 

  784. */
    785. 

  785. 	testvector t4 = {
    786. 

  786. 		"Test 4",
    787. 

  787. 		"password", 8, "salt", 4, 16777216, 20,
    788. 

  788. 		{0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
    789. 

  789. 			    0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
    790. 

  790. 		    0x26, 0x34, 0xe9, 0x84}
    791. 

  791. 	};
    792. 

  792. 

  793. 	tv = &t4;
    794. 

  794. 	// res = do_test(tv);
    795. 

  795. 	if (res != 0) {
    796. 

  796. 		printf("%s failed\n", tv->t);
    797. 

  797. 		return res;
    798. 

  798. 	}
    799. 

  799. 

  800. /*
    801. 

  801.                      Input:
    802. 

  802.                         P = "passwordPASSWORDpassword" (24 octets)
    803. 

  803.                         S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
    804. 

  804.                         c = 4096
    805. 

  805.                         dkLen = 25
    806. 

  806. 

  807.                       Output:
    808. 

  808.                         DK = 3d 2e ec 4f e4 1c 84 9b
    809. 

  809.                              80 c8 d8 36 62 c0 e4 4a
    810. 

  810.                              8b 29 1a 96 4c f2 f0 70
    811. 

  811.                              38                      (25 octets)
    812. 

  812. 

  813. */
    814. 

  814. 	testvector t5 = {
    815. 

  815. 		"Test 5",
    816. 

  816. 		"passwordPASSWORDpassword", 24,
    817. 

  817. 		    "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096, 25,
    818. 

  818. 		{0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
    819. 

  819. 			    0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
    820. 

  820. 			    0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
    821. 

  821. 		    0x38}
    822. 

  822. 	};
    823. 

  823. 

  824. 	tv = &t5;
    825. 

  825. 	res = do_test(tv);
    826. 

  826. 	if (res != 0) {
    827. 

  827. 		printf("%s failed\n", tv->t);
    828. 

  828. 		return res;
    829. 

  829. 	}
    830. 

  830. 

  831. /*
    832. 

  832.                         Input:
    833. 

  833.                            P = "pass\0word" (9 octets)
    834. 

  834.                            S = "sa\0lt" (5 octets)
    835. 

  835.                            c = 4096
    836. 

  836.                            dkLen = 16
    837. 

  837. 

  838.                          Output:
    839. 

  839.                            DK = 56 fa 6a a7 55 48 09 9d
    840. 

  840.                                 cc 37 d7 f0 34 25 e0 c3 (16 octets)
    841. 

  841. */
    842. 

  842. 	testvector t6 = {
    843. 

  843. 		"Test 6",
    844. 

  844. 		"pass\0word", 9, "sa\0lt", 5, 4096, 16,
    845. 

  845. 		{0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
    846. 

  846. 			    0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3,
    847. 

  847. 		    }
    848. 

  848. 	};
    849. 

  849. 

  850. 	tv = &t6;
    851. 

  851. 	res = do_test(tv);
    852. 

  852. 	if (res != 0) {
    853. 

  853. 		printf("%s failed\n", tv->t);
    854. 

  854. 		return res;
    855. 

  855. 	}
    856. 

  856. 

  857. 	printf("All tests successful\n");
    858. 

  858. 	return 0;
    859. 

  859. }
    860. 

  860. 

  861. #endif
    862. 

  862. /*
    863. 

  863. int main()
    864. 

  864. {
    865. 

  865. }*/
    866.