/* * Hash Derive function defined in NISP SP 800-90 Section 10.4.1. * This function is used in the Instantiate and Reseed functions. * * NOTE: requested_bytes cannot overlap with input_string_1 or input_string_2. * input_string_1 and input_string_2 are logically concatentated. * input_string_1 must be supplied. * if input_string_2 is not supplied, NULL should be passed for this parameter. */ static SECStatus prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, const PRUint8 *input_string_1, unsigned int input_string_1_len, const PRUint8 *input_string_2, unsigned int input_string_2_len) { SHA256Context ctx; PRUint32 tmp; PRUint8 counter; tmp=SHA_HTONL(no_of_bytes_to_return*8); for (counter = 1 ; no_of_bytes_to_return > 0; counter++) { unsigned int hash_return_len; SHA256_Begin(&ctx); SHA256_Update(&ctx, &counter, 1); SHA256_Update(&ctx, (unsigned char *)&tmp, sizeof tmp); SHA256_Update(&ctx, input_string_1, input_string_1_len); if (input_string_2) { SHA256_Update(&ctx, input_string_2, input_string_2_len); } SHA256_End(&ctx, requested_bytes, &hash_return_len, no_of_bytes_to_return); requested_bytes += hash_return_len; no_of_bytes_to_return -= hash_return_len; } return SECSuccess; }
/* * SHA: Generate hash value from context */ void SHA1_End(SHA1Context *ctx, unsigned char *hashout, unsigned int *pDigestLen, unsigned int maxDigestLen) { register PRUint64 size; register PRUint32 lenB; static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; #define tmp lenB PORT_Assert (maxDigestLen >= SHA1_LENGTH); /* * Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits */ size = ctx->size; lenB = (PRUint32)size & 63; SHA1_Update(ctx, bulk_pad, (((55+64) - lenB) & 63) + 1); PORT_Assert(((PRUint32)ctx->size & 63) == 56); /* Convert size from bytes to bits. */ size <<= 3; ctx->W[14] = SHA_HTONL((PRUint32)(size >> 32)); ctx->W[15] = SHA_HTONL((PRUint32)size); shaCompress(&ctx->H[H2X], ctx->W); /* * Output hash */ SHA_STORE_RESULT; *pDigestLen = SHA1_LENGTH; }