/**
Get the current initial vector
@param IV [out] The destination of the initial vector
@param len [in/out] The max size and resulting size of the initial vector
@param f8 The F8 state
@return CRYPT_OK if successful
*/
int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8)
{
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(f8 != NULL);
if ((unsigned long)f8->blocklen > *len) {
*len = f8->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, f8->IV, f8->blocklen);
*len = f8->blocklen;
return CRYPT_OK;
}
/**
Get the current initialization vector
@param IV [out] The destination of the initialization vector
@param len [in/out] The max size and resulting size of the initialization vector
@param ofb The OFB state
@return CRYPT_OK if successful
*/
int ofb_getiv(unsigned char *IV, unsigned long *len, const symmetric_OFB *ofb)
{
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(ofb != NULL);
if ((unsigned long)ofb->blocklen > *len) {
*len = ofb->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, ofb->IV, ofb->blocklen);
*len = ofb->blocklen;
return CRYPT_OK;
}
/* assumes input is big endian format */
int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen)
{
int err;
if (a == NULL || in == NULL || inlen == 0)
return BAD_FUNC_ARG;
err = wc_bigint_alloc(a, inlen);
if (err == 0) {
XMEMCPY(a->buf, in, inlen);
}
return err;
}
struct pdfFile *loadFile( char *fname ) {
FILE *inFile;
uint8_t inBuf[MAX_BUF_SIZE];
size_t rCount;
struct pdfFile *ptrPdf;
if ( ( ptrPdf = XMALLOC( sizeof( struct pdfFile ) ) ) EQ NULL ) {
display( LOG_ERR, "Unable to allocate memory" );
return NULL;
}
XMEMSET( ptrPdf, 0, sizeof( struct pdfFile ) );
if ( ( ptrPdf->fname = XMALLOC( MAXNAMELEN ) ) EQ NULL ) {
display( LOG_ERR, "Unable to allocate memory" );
return NULL;
}
XSTRNCPY( ptrPdf->fname, fname, MAXNAMELEN-1 );
#ifdef DEBUG
if ( config->debug >= 5 )
display( LOG_DEBUG, "Loading [%s] into RAM", ptrPdf->fname );
#endif
/* open file for read only */
if ( ( inFile = fopen( ptrPdf->fname, "ro" ) ) EQ NULL ) {
display( LOG_ERR, "Unable to open [%s] for read", ptrPdf->fname );
return NULL;
}
/* read the file into ram */
while( ( rCount = fread( inBuf, 1, sizeof( inBuf ), inFile ) ) > 0 ) {
if ( ( ptrPdf->fileBuf = XREALLOC( ptrPdf->fileBuf, ptrPdf->fileSize + rCount ) ) EQ NULL ) {
display( LOG_DEBUG, "Unable to grow file buffer" );
return NULL;
}
XMEMCPY( ptrPdf->fileBuf + ptrPdf->fileSize, inBuf, rCount );
ptrPdf->fileSize += rCount;
}
/* close file */
fclose( inFile );
#ifdef DEBUG
if ( config->debug >= 5 )
display( LOG_DEBUG, "Finished loading file into RAM" );
#endif
/* done */
return( ptrPdf );
}
int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
XMEMCPY(out, des->reg, DES_BLOCK_SIZE);
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
/**
Get the IV for LRW
@param IV [out] The IV, must be 16 octets
@param len Length ... must be at least 16 :-)
@param lrw The LRW state to read
@return CRYPT_OK if successful
*/
int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw)
{
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(lrw != NULL);
if (*len < 16) {
*len = 16;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, lrw->IV, 16);
*len = 16;
return CRYPT_OK;
}
/**
Get the current initial vector
@param IV [out] The destination of the initial vector
@param len [in/out] The max size and resulting size of the initial vector
@param cfb The CFB state
@return CRYPT_OK if successful
*/
int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb)
{
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(cfb != NULL);
if ((unsigned long)cfb->blocklen > *len) {
*len = cfb->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, cfb->IV, cfb->blocklen);
*len = cfb->blocklen;
return CRYPT_OK;
}
/**
Process data through OMAC
@param omac The OMAC state
@param in The input data to send through OMAC
@param inlen The length of the input (octets)
@return CRYPT_OK if successful
*/
int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen)
{
unsigned long n, x;
int err;
LTC_ARGCHK(omac != NULL);
LTC_ARGCHK(in != NULL);
if ((err = cipher_is_valid(omac->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((omac->buflen > (int)sizeof(omac->block)) || (omac->buflen < 0) ||
(omac->blklen > (int)sizeof(omac->block)) || (omac->buflen > omac->blklen)) {
return CRYPT_INVALID_ARG;
}
#ifdef LTC_FAST
if (omac->buflen == 0 && inlen > 16) {
int y;
for (x = 0; x < (inlen - 16); x += 16) {
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&omac->prev[y])) ^= *((LTC_FAST_TYPE*)(&in[y]));
}
in += 16;
cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key);
}
inlen -= x;
}
#endif
while (inlen != 0) {
/* ok if the block is full we xor in prev, encrypt and replace prev */
if (omac->buflen == omac->blklen) {
for (x = 0; x < (unsigned long)omac->blklen; x++) {
omac->block[x] ^= omac->prev[x];
}
cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->prev, &omac->key);
omac->buflen = 0;
}
/* add bytes */
n = MIN(inlen, (unsigned long)(omac->blklen - omac->buflen));
XMEMCPY(omac->block + omac->buflen, in, n);
omac->buflen += n;
inlen -= n;
in += n;
}
return CRYPT_OK;
}
int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
{
if (!srp || !username)
return BAD_FUNC_ARG;
srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP);
if (srp->user == NULL)
return MEMORY_E;
srp->userSz = size;
XMEMCPY(srp->user, username, srp->userSz);
return 0;
}
static int Hash_DBRG_Reseed(RNG* rng, byte* entropy, word32 entropySz)
{
byte seed[DBRG_SEED_LEN];
Hash_df(rng, seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V),
entropy, entropySz, NULL, 0);
XMEMCPY(rng->V, seed, sizeof(rng->V));
XMEMSET(seed, 0, sizeof(seed));
Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V),
NULL, 0, NULL, 0);
rng->reseed_ctr = 1;
return 0;
}
/**
Get the current initial vector
@param IV [out] The destination of the initial vector
@param len [in/out] The max size and resulting size of the initial vector
@param ctr The CTR state
@return CRYPT_OK if successful
*/
int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr)
{
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(ctr != NULL);
if ((unsigned long)ctr->blocklen > *len) {
*len = ctr->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, ctr->ctr, ctr->blocklen);
*len = ctr->blocklen;
return CRYPT_OK;
}
/* compute TLSv1 PRF (pseudo random function using HMAC) */
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
int useSha256)
{
word32 half = (secLen + 1) / 2;
byte md5_half[MAX_PRF_HALF]; /* half is real size */
byte sha_half[MAX_PRF_HALF]; /* half is real size */
byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
if (half > MAX_PRF_HALF)
return;
if (labLen + seedLen > MAX_PRF_LABSEED)
return;
if (digLen > MAX_PRF_DIG)
return;
XMEMCPY(md5_half, secret, half);
XMEMCPY(sha_half, secret + half - secLen % 2, half);
XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen);
if (useSha256) {
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
sha256_mac);
return;
}
p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen,
md5_mac);
p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen,
sha_mac);
get_xor(digest, digLen, md5_result, sha_result);
}
/*
Imports a compressed/uncompressed public key.
in the byte array containing the public key
inLen the length of the byte array being passed in
key ed25519 key struct to put the public key in
*/
int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
{
int ret;
/* sanity check on arguments */
if (in == NULL || key == NULL)
return BAD_FUNC_ARG;
if (inLen < ED25519_PUB_KEY_SIZE)
return BAD_FUNC_ARG;
/* compressed prefix according to draft
http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */
if (in[0] == 0x40 && inLen > ED25519_PUB_KEY_SIZE) {
/* key is stored in compressed format so just copy in */
XMEMCPY(key->p, (in + 1), ED25519_PUB_KEY_SIZE);
return 0;
}
/* importing uncompressed public key */
if (in[0] == 0x04 && inLen > 2*ED25519_PUB_KEY_SIZE) {
/* pass in (x,y) and store compressed key */
ret = ge_compress_key(key->p, in+1,
in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE);
return ret;
}
/* if not specified compressed or uncompressed check key size
if key size is equal to compressed key size copy in key */
if (inLen == ED25519_PUB_KEY_SIZE) {
XMEMCPY(key->p, in, ED25519_PUB_KEY_SIZE);
return 0;
}
/* bad public key format */
return BAD_FUNC_ARG;
}
static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
{
word16 add = (word16)length;
word32 total;
byte* tmp;
if (length > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
if (hmac->innerHashKeyed == 0) { /* starting new */
hmac->dataLen = 0;
hmac->innerHashKeyed = 1;
}
total = add + hmac->dataLen;
if (total > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP);
if (tmp == NULL) {
WOLFSSL_MSG("Out of memory for cavium update");
return -1;
}
if (hmac->dataLen)
XMEMCPY(tmp, hmac->data, hmac->dataLen);
XMEMCPY(tmp + hmac->dataLen, msg, add);
hmac->dataLen += add;
XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
hmac->data = tmp;
return 0;
}
int Sha384Final(Sha384* sha384, byte* hash)
{
byte* local = (byte*)sha384->buffer;
int ret;
AddLength384(sha384, sha384->buffLen); /* before adding pads */
local[sha384->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha384->buffLen > SHA384_PAD_SIZE) {
XMEMSET(&local[sha384->buffLen], 0, SHA384_BLOCK_SIZE -sha384->buffLen);
sha384->buffLen += SHA384_BLOCK_SIZE - sha384->buffLen;
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(sha384->buffer,sha384->buffer,SHA384_BLOCK_SIZE);
#endif
ret = Transform384(sha384);
if (ret != 0)
return ret;
sha384->buffLen = 0;
}
XMEMSET(&local[sha384->buffLen], 0, SHA384_PAD_SIZE - sha384->buffLen);
/* put lengths in bits */
sha384->hiLen = (sha384->loLen >> (8*sizeof(sha384->loLen) - 3)) +
(sha384->hiLen << 3);
sha384->loLen = sha384->loLen << 3;
/* store lengths */
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(sha384->buffer, sha384->buffer, SHA384_PAD_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 2] = sha384->hiLen;
sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 1] = sha384->loLen;
ret = Transform384(sha384);
if (ret != 0)
return ret;
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(sha384->digest, sha384->digest, SHA384_DIGEST_SIZE);
#endif
XMEMCPY(hash, sha384->digest, SHA384_DIGEST_SIZE);
return InitSha384(sha384); /* reset state */
}
static void Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V)
{
byte data[DBRG_SEED_LEN];
int i;
int len = (outSz / SHA256_DIGEST_SIZE)
+ ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
InitSha256(&rng->sha);
Sha256Update(&rng->sha, data, sizeof(data));
Sha256Final(&rng->sha, rng->digest);
if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE);
outSz -= SHA256_DIGEST_SIZE;
out += SHA256_DIGEST_SIZE;
array_add_one(data, DBRG_SEED_LEN);
}
else {
XMEMCPY(out, rng->digest, outSz);
}
}
XMEMSET(data, 0, sizeof(data));
}
void *uTKernel_realloc(void *p, unsigned int sz) {
ER ercd;
void *newp ;
if(p) {
ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp, TMO_FEVR);
if (ercd == E_OK) {
XMEMCPY(newp, p, sz) ;
ercd = tk_rel_mpl(ID_wolfssl_MPOOL, (VP)p);
if (ercd == E_OK) {
return newp;
}
}
}
return 0 ;
}
/**
Terminate the hash to get the digest
@param md The hash state
@param out [out] The destination of the hash (28 bytes)
@return CRYPT_OK if successful
*/
int sha224_done(hash_state * md, unsigned char *out)
{
unsigned char buf[32];
int err;
LTC_ARGCHK(md != NULL);
LTC_ARGCHK(out != NULL);
err = sha256_done(md, buf);
XMEMCPY(out, buf, 28);
#ifdef LTC_CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return err;
}
void *uITRON4_realloc(void *p, size_t sz) {
ER ercd;
void *newp ;
if(p) {
ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp);
if (ercd == E_OK) {
XMEMCPY(newp, p, sz) ;
ercd = rel_mpl(ID_wolfssl_MPOOL, (VP)p);
if (ercd == E_OK) {
return newp;
}
}
}
return 0 ;
}
int MakeTlsMasterSecret(CYASSL* ssl)
{
byte seed[SEED_LEN];
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
PRF(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
master_label, MASTER_LABEL_SZ,
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
#ifdef SHOW_SECRETS
{
int i;
printf("master secret: ");
for (i = 0; i < SECRET_LEN; i++)
printf("%02x", ssl->arrays->masterSecret[i]);
printf("\n");
}
#endif
return DeriveTlsKeys(ssl);
}
/*
For importing a private key and its associated public key.
*/
int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, ed25519_key* key)
{
int ret;
/* sanity check on arguments */
if (priv == NULL || pub == NULL || key == NULL)
return BAD_FUNC_ARG;
/* key size check */
if (privSz < ED25519_KEY_SIZE || pubSz < ED25519_PUB_KEY_SIZE)
return BAD_FUNC_ARG;
/* import public key */
ret = wc_ed25519_import_public(pub, pubSz, key);
if (ret != 0)
return ret;
/* make the private key (priv + pub) */
XMEMCPY(key->k, priv, ED25519_KEY_SIZE);
XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE);
return ret;
}
static void Des3ProcessBlock(Des3* des, const byte* in, byte* out)
{
word32 l, r;
XMEMCPY(&l, in, sizeof(l));
XMEMCPY(&r, in + sizeof(l), sizeof(r));
#ifdef LITTLE_ENDIAN_ORDER
l = ByteReverseWord32(l);
r = ByteReverseWord32(r);
#endif
IPERM(&l,&r);
DesRawProcessBlock(&l, &r, des->key[0]);
DesRawProcessBlock(&r, &l, des->key[1]);
DesRawProcessBlock(&l, &r, des->key[2]);
FPERM(&l,&r);
#ifdef LITTLE_ENDIAN_ORDER
l = ByteReverseWord32(l);
r = ByteReverseWord32(r);
#endif
XMEMCPY(out, &r, sizeof(r));
XMEMCPY(out + sizeof(r), &l, sizeof(l));
}
static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
OcspEntry* entry, CertStatus** status, buffer* responseBuffer)
{
int ret = OCSP_INVALID_STATUS;
WOLFSSL_ENTER("GetOcspStatus");
*status = NULL;
if (LockMutex(&ocsp->ocspLock) != 0) {
WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
for (*status = entry->status; *status; *status = (*status)->next)
if ((*status)->serialSz == request->serialSz
&& !XMEMCMP((*status)->serial, request->serial, (*status)->serialSz))
break;
if (responseBuffer && *status && !(*status)->rawOcspResponse) {
/* force fetching again */
ret = OCSP_INVALID_STATUS;
}
else if (*status) {
if (ValidateDate((*status)->thisDate, (*status)->thisDateFormat, BEFORE)
&& ((*status)->nextDate[0] != 0)
&& ValidateDate((*status)->nextDate, (*status)->nextDateFormat, AFTER))
{
ret = xstat2err((*status)->status);
if (responseBuffer) {
responseBuffer->buffer = (byte*)XMALLOC(
(*status)->rawOcspResponseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (responseBuffer->buffer) {
responseBuffer->length = (*status)->rawOcspResponseSz;
XMEMCPY(responseBuffer->buffer,
(*status)->rawOcspResponse,
(*status)->rawOcspResponseSz);
}
}
}
}
UnLockMutex(&ocsp->ocspLock);
return ret;
}
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
static int IsValidCipherSuite(const char* line, char* suite)
{
int found = 0;
int valid = 0;
const char* find = "-l ";
const char* begin = strstr(line, find);
const char* end;
suite[0] = '\0';
if (begin) {
begin += 3;
end = XSTRSTR(begin, " ");
if (end) {
long len = end - begin;
if (len > MAX_SUITE_SZ) {
printf("suite too long!\n");
return 0;
}
XMEMCPY(suite, begin, len);
suite[len] = '\0';
}
else
XSTRNCPY(suite, begin, MAX_SUITE_SZ);
suite[MAX_SUITE_SZ] = '\0';
found = 1;
}
/* if QSH not enabled then do not use QSH suite */
#ifdef HAVE_QSH
if (XSTRNCMP(suite, "QSH", 3) == 0) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
!= SSL_SUCCESS)
return 0;
}
#endif
if (found) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
valid = 1;
}
return valid;
}
void Md2Final(Md2* md2, byte* hash)
{
byte padding[MD2_BLOCK_SIZE];
word32 padLen = MD2_PAD_SIZE - md2->count;
word32 i;
for (i = 0; i < padLen; i++)
padding[i] = (byte)padLen;
Md2Update(md2, padding, padLen);
Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
InitMd2(md2);
}
/*
export private key, including public part
outLen should contain the size of out buffer when input. outLen is than set
to the final output length.
returns 0 on success
*/
int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen)
{
/* sanity checks on arguments */
if (key == NULL || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
if (*outLen < ED25519_PRV_KEY_SIZE) {
*outLen = ED25519_PRV_KEY_SIZE;
return BUFFER_E;
}
*outLen = ED25519_PRV_KEY_SIZE;
XMEMCPY(out, key->k, ED25519_PRV_KEY_SIZE);
return 0;
}
/* Client attempts to read data from server. */
static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
{
if (client_buffer_sz > 0) {
if (sz > client_buffer_sz)
sz = client_buffer_sz;
XMEMCPY(buff, client_buffer, sz);
if (sz < client_buffer_sz) {
XMEMMOVE(client_buffer, client_buffer + sz, client_buffer_sz - sz);
}
client_buffer_sz -= sz;
}
else
sz = WOLFSSL_CBIO_ERR_WANT_READ;
return sz;
}
int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType)
{
Md5 md5;
Sha sha;
int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE;
int i, ret = 0;
byte buffer[SHA_DIGEST_SIZE]; /* max size */
if (hashType != MD5 && hashType != SHA)
return BAD_FUNC_ARG;
if (kLen > hLen)
return BAD_FUNC_ARG;
if (iterations < 1)
return BAD_FUNC_ARG;
if (hashType == MD5) {
InitMd5(&md5);
Md5Update(&md5, passwd, pLen);
Md5Update(&md5, salt, sLen);
Md5Final(&md5, buffer);
}
else {
ret = InitSha(&sha);
if (ret != 0)
return ret;
ShaUpdate(&sha, passwd, pLen);
ShaUpdate(&sha, salt, sLen);
ShaFinal(&sha, buffer);
}
for (i = 1; i < iterations; i++) {
if (hashType == MD5) {
Md5Update(&md5, buffer, hLen);
Md5Final(&md5, buffer);
}
else {
ShaUpdate(&sha, buffer, hLen);
ShaFinal(&sha, buffer);
}
}
XMEMCPY(output, buffer, kLen);
return 0;
}
int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
const byte keylen )
{
blake2b_param P[1];
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1;
P->digest_length = outlen;
P->key_length = keylen;
P->fanout = 1;
P->depth = 1;
store32( &P->leaf_length, 0 );
store64( &P->node_offset, 0 );
P->node_depth = 0;
P->inner_length = 0;
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
XMEMSET( P->salt, 0, sizeof( P->salt ) );
XMEMSET( P->personal, 0, sizeof( P->personal ) );
if( blake2b_init_param( S, P ) < 0 ) return -1;
{
#ifdef WOLFSSL_SMALL_STACK
byte* block;
block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ( block == NULL ) return -1;
#else
byte block[BLAKE2B_BLOCKBYTES];
#endif
XMEMSET( block, 0, BLAKE2B_BLOCKBYTES );
XMEMCPY( block, key, keylen );
blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */
/* memory */
#ifdef WOLFSSL_SMALL_STACK
XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
return 0;
}
/* Random oracles mix.
* Based on RFC 7914: scrypt PBKDF.
*
* x Data to mix.
* v Temporary buffer.
* y Temporary buffer for the block mix.
* r Block size parameter.
* n CPU/Memory cost parameter.
*/
static void scryptROMix(byte* x, byte* v, byte* y, int r, word32 n)
{
word32 i;
word32 j;
word32 k;
word32 bSz = 128 * r;
#ifdef WORD64_AVAILABLE
word64* x64 = (word64*)x;
word64* v64 = (word64*)v;
#else
word32* x32 = (word32*)x;
word32* v32 = (word32*)v;
#endif
/* Step 1. X = B (B not needed therefore not implemented) */
/* Step 2. */
for (i = 0; i < n; i++)
{
XMEMCPY(v + i * bSz, x, bSz);
scryptBlockMix(x, y, r);
}
/* Step 3. */
for (i = 0; i < n; i++)
{
#ifdef LITTLE_ENDIAN_ORDER
#ifdef WORD64_AVAILABLE
j = *(word64*)(x + (2*r - 1) * 64) & (n-1);
#else
j = *(word32*)(x + (2*r - 1) * 64) & (n-1);
#endif
#else
byte* t = x + (2*r - 1) * 64;
j = (t[0] | (t[1] << 8) | (t[2] << 16) | (t[3] << 24)) & (n-1);
#endif
#ifdef WORD64_AVAILABLE
for (k = 0; k < bSz / 8; k++)
x64[k] ^= v64[j * bSz / 8 + k];
#else
for (k = 0; k < bSz / 4; k++)
x32[k] ^= v32[j * bSz / 4 + k];
#endif
scryptBlockMix(x, y, r);
}
/* Step 4. B' = X (B = X = B' so not needed, therefore not implemented) */
}
