/src/hostap/src/crypto/sha1.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * SHA1 hash implementation and interface functions |
3 | | * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> |
4 | | * |
5 | | * This software may be distributed under the terms of the BSD license. |
6 | | * See README for more details. |
7 | | */ |
8 | | |
9 | | #include "includes.h" |
10 | | |
11 | | #include "common.h" |
12 | | #include "sha1.h" |
13 | | #include "crypto.h" |
14 | | |
15 | | |
16 | | /** |
17 | | * hmac_sha1_vector - HMAC-SHA1 over data vector (RFC 2104) |
18 | | * @key: Key for HMAC operations |
19 | | * @key_len: Length of the key in bytes |
20 | | * @num_elem: Number of elements in the data vector |
21 | | * @addr: Pointers to the data areas |
22 | | * @len: Lengths of the data blocks |
23 | | * @mac: Buffer for the hash (20 bytes) |
24 | | * Returns: 0 on success, -1 on failure |
25 | | */ |
26 | | int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, |
27 | | const u8 *addr[], const size_t *len, u8 *mac) |
28 | 5.36k | { |
29 | 5.36k | unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ |
30 | 5.36k | unsigned char tk[20]; |
31 | 5.36k | const u8 *_addr[6]; |
32 | 5.36k | size_t _len[6], i; |
33 | 5.36k | int ret; |
34 | | |
35 | 5.36k | if (num_elem > 5) { |
36 | | /* |
37 | | * Fixed limit on the number of fragments to avoid having to |
38 | | * allocate memory (which could fail). |
39 | | */ |
40 | 0 | return -1; |
41 | 0 | } |
42 | | |
43 | | /* if key is longer than 64 bytes reset it to key = SHA1(key) */ |
44 | 5.36k | if (key_len > 64) { |
45 | 0 | if (sha1_vector(1, &key, &key_len, tk)) |
46 | 0 | return -1; |
47 | 0 | key = tk; |
48 | 0 | key_len = 20; |
49 | 0 | } |
50 | | |
51 | | /* the HMAC_SHA1 transform looks like: |
52 | | * |
53 | | * SHA1(K XOR opad, SHA1(K XOR ipad, text)) |
54 | | * |
55 | | * where K is an n byte key |
56 | | * ipad is the byte 0x36 repeated 64 times |
57 | | * opad is the byte 0x5c repeated 64 times |
58 | | * and text is the data being protected */ |
59 | | |
60 | | /* start out by storing key in ipad */ |
61 | 5.36k | os_memset(k_pad, 0, sizeof(k_pad)); |
62 | 5.36k | os_memcpy(k_pad, key, key_len); |
63 | | /* XOR key with ipad values */ |
64 | 348k | for (i = 0; i < 64; i++) |
65 | 343k | k_pad[i] ^= 0x36; |
66 | | |
67 | | /* perform inner SHA1 */ |
68 | 5.36k | _addr[0] = k_pad; |
69 | 5.36k | _len[0] = 64; |
70 | 16.0k | for (i = 0; i < num_elem; i++) { |
71 | 10.7k | _addr[i + 1] = addr[i]; |
72 | 10.7k | _len[i + 1] = len[i]; |
73 | 10.7k | } |
74 | 5.36k | if (sha1_vector(1 + num_elem, _addr, _len, mac)) |
75 | 0 | return -1; |
76 | | |
77 | 5.36k | os_memset(k_pad, 0, sizeof(k_pad)); |
78 | 5.36k | os_memcpy(k_pad, key, key_len); |
79 | | /* XOR key with opad values */ |
80 | 348k | for (i = 0; i < 64; i++) |
81 | 343k | k_pad[i] ^= 0x5c; |
82 | | |
83 | | /* perform outer SHA1 */ |
84 | 5.36k | _addr[0] = k_pad; |
85 | 5.36k | _len[0] = 64; |
86 | 5.36k | _addr[1] = mac; |
87 | 5.36k | _len[1] = SHA1_MAC_LEN; |
88 | 5.36k | ret = sha1_vector(2, _addr, _len, mac); |
89 | 5.36k | forced_memzero(k_pad, sizeof(k_pad)); |
90 | 5.36k | forced_memzero(tk, sizeof(tk)); |
91 | 5.36k | return ret; |
92 | 5.36k | } |
93 | | |
94 | | |
95 | | /** |
96 | | * hmac_sha1 - HMAC-SHA1 over data buffer (RFC 2104) |
97 | | * @key: Key for HMAC operations |
98 | | * @key_len: Length of the key in bytes |
99 | | * @data: Pointers to the data area |
100 | | * @data_len: Length of the data area |
101 | | * @mac: Buffer for the hash (20 bytes) |
102 | | * Returns: 0 on success, -1 of failure |
103 | | */ |
104 | | int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, |
105 | | u8 *mac) |
106 | 2.33k | { |
107 | 2.33k | return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); |
108 | 2.33k | } |