From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from 5.mo68.mail-out.ovh.net ([46.105.62.179]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1YXS5A-00021i-1y for barebox@lists.infradead.org; Mon, 16 Mar 2015 10:17:13 +0000 Received: from mail189.ha.ovh.net (b6.ovh.net [213.186.33.56]) by mo68.mail-out.ovh.net (Postfix) with SMTP id 3B50EFFAA5C for ; Mon, 16 Mar 2015 11:16:49 +0100 (CET) From: Jean-Christophe PLAGNIOL-VILLARD Date: Mon, 16 Mar 2015 11:15:41 +0100 Message-Id: <1426500945-31815-6-git-send-email-plagnioj@jcrosoft.com> In-Reply-To: <1426500945-31815-1-git-send-email-plagnioj@jcrosoft.com> References: <20150316101321.GA26127@ns203013.ovh.net> <1426500945-31815-1-git-send-email-plagnioj@jcrosoft.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: [PATCH 06/10] crypto: add pbkdf2 hmac key generator To: barebox@lists.infradead.org this will allow to generate a KEY + IV based on a password and salt for AES encryption/decryption as example or simply the key for hmac or rsa from text password Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD --- crypto/Kconfig | 5 +++ crypto/Makefile | 2 ++ crypto/pbkdf2.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++ include/crypto/pbkdf2.h | 23 ++++++++++++ 4 files changed, 124 insertions(+) create mode 100644 crypto/pbkdf2.c create mode 100644 include/crypto/pbkdf2.h diff --git a/crypto/Kconfig b/crypto/Kconfig index e72b91e..b721e30 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -34,3 +34,8 @@ config DIGEST_HMAC bool "HMAC" endif + +config CRYPTO_PBKDF2 + select DIGEST + select SHA1 + bool diff --git a/crypto/Makefile b/crypto/Makefile index ff5c289..0bb67d5 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -9,3 +9,5 @@ obj-$(CONFIG_SHA224) += sha2.o obj-$(CONFIG_SHA256) += sha2.o obj-$(CONFIG_SHA384) += sha4.o obj-$(CONFIG_SHA512) += sha4.o + +obj-$(CONFIG_CRYPTO_PBKDF2) += pbkdf2.o diff --git a/crypto/pbkdf2.c b/crypto/pbkdf2.c new file mode 100644 index 0000000..c4ba7be --- /dev/null +++ b/crypto/pbkdf2.c @@ -0,0 +1,94 @@ +/* + * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD + * + * Under GPLv2 Only + */ + +#include +#include +#include +#include + +int pkcs5_pbkdf2_hmac(struct digest* d, + const unsigned char *pwd, size_t pwd_len, + const unsigned char *salt, size_t salt_len, + uint32_t iteration, + uint32_t key_len, unsigned char *key) +{ + int i, j, k; + unsigned char cnt[4]; + uint32_t pass_len; + unsigned char *tmpdgt; + uint32_t d_len; + int ret; + + if (!d) + return -EINVAL; + + d_len = digest_length(d); + tmpdgt = malloc(d_len); + if (!tmpdgt) + return -ENOMEM; + + i = 1; + + ret = digest_set_key(d, pwd, pwd_len); + if (ret) + goto err; + + while (key_len) { + pass_len = min(key_len, d_len); + cnt[0] = (i >> 24) & 0xff; + cnt[1] = (i >> 16) & 0xff; + cnt[2] = (i >> 8) & 0xff; + cnt[3] = i & 0xff; + ret = digest_init(d); + if (ret) + goto err; + ret = digest_update(d, salt, salt_len); + if (ret) + goto err; + ret = digest_update(d, cnt, 4); + if (ret) + goto err; + ret = digest_final(d, tmpdgt); + if (ret) + goto err; + + memcpy(key, tmpdgt, pass_len); + + for (j = 1; j < iteration; j++) { + ret = digest_digest(d, tmpdgt, d_len, tmpdgt); + if (ret) + goto err; + + for(k = 0; k < pass_len; k++) + key[k] ^= tmpdgt[k]; + } + + key_len -= pass_len; + key += pass_len; + i++; + } + + ret = 0; +err: + free(tmpdgt); + + return ret;; +} + +int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len, + const unsigned char *salt, size_t salt_len, + uint32_t iter, + uint32_t key_len, unsigned char *key) +{ + int ret; + struct digest* d = digest_alloc("hmac(sha1)"); + + ret = pkcs5_pbkdf2_hmac(d, pwd, pwd_len, salt, salt_len, iter, + key_len, key); + + digest_free(d); + return ret; +} diff --git a/include/crypto/pbkdf2.h b/include/crypto/pbkdf2.h new file mode 100644 index 0000000..fa66675 --- /dev/null +++ b/include/crypto/pbkdf2.h @@ -0,0 +1,23 @@ +/* + * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD + * + * Under GPLv2 Only + */ + +#ifndef __PBKDF2_H__ +#define __PBKDF2_H__ + +#include + +int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len, + const unsigned char *salt, size_t salt_len, + uint32_t iteration, + uint32_t key_len, unsigned char *buf); + +int pkcs5_pbkdf2_hmac(struct digest* d, + const unsigned char *pwd, size_t pwd_len, + const unsigned char *salt, size_t salt_len, + uint32_t iteration, + uint32_t key_len, unsigned char *key); + +#endif /* __PBKDF2_H__ */ -- 2.1.4 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox