crypto: add pbkdf2 hmac key generator
this will allow to generate a KEY + IV based on a password and salt for AES encryption/decryption as example or simply the key for hmac or rsa from text password Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
This commit is contained in:
parent
18d778a06e
commit
5f5d5331bb
|
@ -34,3 +34,8 @@ config DIGEST_HMAC
|
|||
bool "HMAC"
|
||||
|
||||
endif
|
||||
|
||||
config CRYPTO_PBKDF2
|
||||
select DIGEST
|
||||
select SHA1
|
||||
bool
|
||||
|
|
|
@ -9,3 +9,5 @@ obj-$(CONFIG_SHA224) += sha2.o
|
|||
obj-$(CONFIG_SHA256) += sha2.o
|
||||
obj-$(CONFIG_SHA384) += sha4.o
|
||||
obj-$(CONFIG_SHA512) += sha4.o
|
||||
|
||||
obj-$(CONFIG_CRYPTO_PBKDF2) += pbkdf2.o
|
||||
|
|
|
@ -0,0 +1,94 @@
|
|||
/*
|
||||
* (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
|
||||
*
|
||||
* Under GPLv2 Only
|
||||
*/
|
||||
|
||||
#include <common.h>
|
||||
#include <malloc.h>
|
||||
#include <errno.h>
|
||||
#include <crypto/pbkdf2.h>
|
||||
|
||||
int pkcs5_pbkdf2_hmac(struct digest* d,
|
||||
const unsigned char *pwd, size_t pwd_len,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
uint32_t iteration,
|
||||
uint32_t key_len, unsigned char *key)
|
||||
{
|
||||
int i, j, k;
|
||||
unsigned char cnt[4];
|
||||
uint32_t pass_len;
|
||||
unsigned char *tmpdgt;
|
||||
uint32_t d_len;
|
||||
int ret;
|
||||
|
||||
if (!d)
|
||||
return -EINVAL;
|
||||
|
||||
d_len = digest_length(d);
|
||||
tmpdgt = malloc(d_len);
|
||||
if (!tmpdgt)
|
||||
return -ENOMEM;
|
||||
|
||||
i = 1;
|
||||
|
||||
ret = digest_set_key(d, pwd, pwd_len);
|
||||
if (ret)
|
||||
goto err;
|
||||
|
||||
while (key_len) {
|
||||
pass_len = min(key_len, d_len);
|
||||
cnt[0] = (i >> 24) & 0xff;
|
||||
cnt[1] = (i >> 16) & 0xff;
|
||||
cnt[2] = (i >> 8) & 0xff;
|
||||
cnt[3] = i & 0xff;
|
||||
ret = digest_init(d);
|
||||
if (ret)
|
||||
goto err;
|
||||
ret = digest_update(d, salt, salt_len);
|
||||
if (ret)
|
||||
goto err;
|
||||
ret = digest_update(d, cnt, 4);
|
||||
if (ret)
|
||||
goto err;
|
||||
ret = digest_final(d, tmpdgt);
|
||||
if (ret)
|
||||
goto err;
|
||||
|
||||
memcpy(key, tmpdgt, pass_len);
|
||||
|
||||
for (j = 1; j < iteration; j++) {
|
||||
ret = digest_digest(d, tmpdgt, d_len, tmpdgt);
|
||||
if (ret)
|
||||
goto err;
|
||||
|
||||
for(k = 0; k < pass_len; k++)
|
||||
key[k] ^= tmpdgt[k];
|
||||
}
|
||||
|
||||
key_len -= pass_len;
|
||||
key += pass_len;
|
||||
i++;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
err:
|
||||
free(tmpdgt);
|
||||
|
||||
return ret;;
|
||||
}
|
||||
|
||||
int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
uint32_t iter,
|
||||
uint32_t key_len, unsigned char *key)
|
||||
{
|
||||
int ret;
|
||||
struct digest* d = digest_alloc("hmac(sha1)");
|
||||
|
||||
ret = pkcs5_pbkdf2_hmac(d, pwd, pwd_len, salt, salt_len, iter,
|
||||
key_len, key);
|
||||
|
||||
digest_free(d);
|
||||
return ret;
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
/*
|
||||
* (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
|
||||
*
|
||||
* Under GPLv2 Only
|
||||
*/
|
||||
|
||||
#ifndef __PBKDF2_H__
|
||||
#define __PBKDF2_H__
|
||||
|
||||
#include <digest.h>
|
||||
|
||||
int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
uint32_t iteration,
|
||||
uint32_t key_len, unsigned char *buf);
|
||||
|
||||
int pkcs5_pbkdf2_hmac(struct digest* d,
|
||||
const unsigned char *pwd, size_t pwd_len,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
uint32_t iteration,
|
||||
uint32_t key_len, unsigned char *key);
|
||||
|
||||
#endif /* __PBKDF2_H__ */
|
Loading…
Reference in New Issue