/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V)
{
byte data[DRBG_SEED_LEN];
int i;
int len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
if (InitSha256(&rng->sha) != 0 ||
Sha256Update(&rng->sha, data, sizeof(data)) != 0 ||
Sha256Final(&rng->sha, rng->digest) != 0) {
return DRBG_FAILURE;
}
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else {
XMEMCPY(out, rng->digest, outSz);
}
}
XMEMSET(data, 0, sizeof(data));
return DRBG_SUCCESS;
}
/* check mcapi sha256 against internal */
static int check_sha256(void)
{
CRYPT_SHA256_CTX mcSha256;
Sha256 defSha256;
int ret;
byte mcDigest[CRYPT_SHA256_DIGEST_SIZE];
byte defDigest[SHA256_DIGEST_SIZE];
CRYPT_SHA256_Initialize(&mcSha256);
ret = InitSha256(&defSha256);
if (ret != 0) {
printf("sha256 init default failed\n");
return -1;
}
CRYPT_SHA256_DataAdd(&mcSha256, ourData, OUR_DATA_SIZE);
Sha256Update(&defSha256, ourData, OUR_DATA_SIZE);
CRYPT_SHA256_Finalize(&mcSha256, mcDigest);
Sha256Final(&defSha256, defDigest);
if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) {
printf("sha256 final memcmp fialed\n");
return -1;
}
printf("sha256 mcapi test passed\n");
return 0;
}
void bench_sha256(void)
{
Sha256 hash;
byte digest[SHA256_DIGEST_SIZE];
double start, total, persec;
int i;
InitSha256(&hash);
start = current_time(1);
for(i = 0; i < numBlocks; i++)
Sha256Update(&hash, plain, sizeof(plain));
Sha256Final(&hash, digest);
total = current_time(0) - start;
persec = 1 / total * numBlocks;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
#endif
printf("SHA-256 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
blockType, total, persec);
}
static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V)
{
byte data[DBRG_SEED_LEN];
int i, ret;
int len = (outSz / SHA256_DIGEST_SIZE)
+ ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
ret = InitSha256(&rng->sha);
if (ret != 0) return ret;
Sha256Update(&rng->sha, data, sizeof(data));
Sha256Final(&rng->sha, rng->digest);
if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE);
outSz -= SHA256_DIGEST_SIZE;
out += SHA256_DIGEST_SIZE;
array_add_one(data, DBRG_SEED_LEN);
}
else {
XMEMCPY(out, rng->digest, outSz);
}
}
XMEMSET(data, 0, sizeof(data));
return 0;
}
void file_test(const char* file, byte* check)
{
FILE* f;
int i = 0, j;
Sha256 sha256;
byte buf[1024];
byte shasum[SHA256_DIGEST_SIZE];
InitSha256(&sha256);
if( !( f = fopen( file, "rb" ) )) {
printf("Can't open %s\n", file);
return;
}
while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 )
Sha256Update(&sha256, buf, i);
Sha256Final(&sha256, shasum);
memcpy(check, shasum, sizeof(shasum));
for(j = 0; j < SHA256_DIGEST_SIZE; ++j )
printf( "%02x", shasum[j] );
printf(" %s\n", file);
fclose(f);
}
int Sha256Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef CYASSL_SMALL_STACK
Sha256* sha256;
#else
Sha256 sha256[1];
#endif
#ifdef CYASSL_SMALL_STACK
sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha256 == NULL)
return MEMORY_E;
#endif
if ((ret = InitSha256(sha256)) != 0) {
CYASSL_MSG("InitSha256 failed");
}
else if ((ret = Sha256Update(sha256, data, len)) != 0) {
CYASSL_MSG("Sha256Update failed");
}
else if ((ret = Sha256Final(sha256, hash)) != 0) {
CYASSL_MSG("Sha256Final failed");
}
#ifdef CYASSL_SMALL_STACK
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
int Sha256Final(Sha256* sha256, byte* hash)
{
byte* local = (byte*)sha256->buffer;
int ret;
AddLength(sha256, sha256->buffLen); /* before adding pads */
local[sha256->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha256->buffLen > SHA256_PAD_SIZE) {
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif
ret = XTRANSFORM(sha256, local);
if (ret != 0)
return ret;
sha256->buffLen = 0;
}
XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
/* put lengths in bits */
sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
(sha256->hiLen << 3);
sha256->loLen = sha256->loLen << 3;
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
sizeof(word32));
#ifdef FREESCALE_MMCAU
/* Kinetis requires only these bytes reversed */
ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32));
#endif
ret = XTRANSFORM(sha256, local);
if (ret != 0)
return ret;
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
#endif
XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
return InitSha256(sha256); /* reset state */
}
/* Initialize SHA-256 */
int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256)
{
typedef char sha_test[sizeof(CRYPT_SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
(void)sizeof(sha_test);
if (sha256 == NULL)
return BAD_FUNC_ARG;
return InitSha256((Sha256*)sha256);
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
{
byte data[DRBG_SEED_LEN];
int i;
int len;
word32 checkBlock;
/* Special case: outSz is 0 and out is NULL. Generate a block to save for
* the continuous test. */
if (outSz == 0) outSz = 1;
len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
if (InitSha256(&drbg->sha) != 0 ||
Sha256Update(&drbg->sha, data, sizeof(data)) != 0 ||
Sha256Final(&drbg->sha, drbg->digest) != 0) {
return DRBG_FAILURE;
}
checkBlock = *(word32*)drbg->digest;
if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
if (drbg->matchCount == 1) {
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
len++;
}
drbg->matchCount = 1;
}
}
else {
drbg->matchCount = 0;
drbg->lastBlock = checkBlock;
}
if (outSz >= OUTPUT_BLOCK_LEN) {
XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else if (out != NULL && outSz != 0) {
XMEMCPY(out, drbg->digest, outSz);
outSz = 0;
}
}
XMEMSET(data, 0, sizeof(data));
return DRBG_SUCCESS;
}
void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum /* output */,
size_t unused)
{
Sha256 SHA256pw;
(void)unused;
InitSha256(&SHA256pw);
Sha256Update(&SHA256pw, tmp, (word32)tmplen);
Sha256Final(&SHA256pw, sha256sum);
}
static int InitHmac(Hmac* hmac, int type)
{
int ret = 0;
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID))
return BAD_FUNC_ARG;
switch (type) {
#ifndef NO_MD5
case MD5:
InitMd5(&hmac->hash.md5);
break;
#endif
#ifndef NO_SHA
case SHA:
ret = InitSha(&hmac->hash.sha);
break;
#endif
#ifndef NO_SHA256
case SHA256:
ret = InitSha256(&hmac->hash.sha256);
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
ret = InitSha384(&hmac->hash.sha384);
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
ret = InitSha512(&hmac->hash.sha512);
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
break;
#endif
default:
return BAD_FUNC_ARG;
}
return ret;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
{
byte ctr;
int i;
int len;
word32 bits = (outSz * 8); /* reverse byte order */
#ifdef LITTLE_ENDIAN_ORDER
bits = ByteReverseWord32(bits);
#endif
len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
for (i = 0, ctr = 1; i < len; i++, ctr++)
{
if (InitSha256(&drbg->sha) != 0)
return DRBG_FAILURE;
if (Sha256Update(&drbg->sha, &ctr, sizeof(ctr)) != 0)
return DRBG_FAILURE;
if (Sha256Update(&drbg->sha, (byte*)&bits, sizeof(bits)) != 0)
return DRBG_FAILURE;
/* churning V is the only string that doesn't have
* the type added */
if (type != drbgInitV)
if (Sha256Update(&drbg->sha, &type, sizeof(type)) != 0)
return DRBG_FAILURE;
if (Sha256Update(&drbg->sha, inA, inASz) != 0)
return DRBG_FAILURE;
if (inB != NULL && inBSz > 0)
if (Sha256Update(&drbg->sha, inB, inBSz) != 0)
return DRBG_FAILURE;
if (Sha256Final(&drbg->sha, drbg->digest) != 0)
return DRBG_FAILURE;
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
}
else {
XMEMCPY(out, drbg->digest, outSz);
}
}
return DRBG_SUCCESS;
}
static int InitHmac(Hmac* hmac, int type)
{
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512))
return BAD_FUNC_ARG;
switch (type) {
#ifndef NO_MD5
case MD5:
InitMd5(&hmac->hash.md5);
break;
#endif
#ifndef NO_SHA
case SHA:
InitSha(&hmac->hash.sha);
break;
#endif
#ifndef NO_SHA256
case SHA256:
InitSha256(&hmac->hash.sha256);
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
InitSha384(&hmac->hash.sha384);
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
InitSha512(&hmac->hash.sha512);
break;
#endif
default:
break;
}
return 0;
}
int sha256_test(void)
{
Sha256 sha;
byte hash[SHA256_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int ret;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
a.inLen = strlen(a.input);
a.outLen = strlen(a.output);
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
b.inLen = strlen(b.input);
b.outLen = strlen(b.output);
test_sha[0] = a;
test_sha[1] = b;
ret = InitSha256(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ret = Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = Sha256Final(&sha, hash);
if (ret != 0)
return ret;
if (memcmp(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
void Sha256Final(Sha256* sha256, byte* hash)
{
byte* local = (byte*)sha256->buffer;
AddLength(sha256, sha256->buffLen); /* before adding pads */
local[sha256->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha256->buffLen > SHA256_PAD_SIZE) {
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
#endif
Transform(sha256);
sha256->buffLen = 0;
}
XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
/* put lengths in bits */
sha256->loLen = sha256->loLen << 3;
sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
(sha256->hiLen << 3);
/* store lengths */
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
sizeof(word32));
Transform(sha256);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
#endif
XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
InitSha256(sha256); /* reset state */
}
static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word32 inASz,
byte* inB, word32 inBSz, byte* inC, word32 inCSz)
{
byte ctr;
int i;
int len;
word32 bits = (outSz * 8); /* reverse byte order */
#ifdef LITTLE_ENDIAN_ORDER
bits = ByteReverseWord32(bits);
#endif
len = (outSz / SHA256_DIGEST_SIZE)
+ ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0);
for (i = 0, ctr = 1; i < len; i++, ctr++)
{
if (InitSha256(&rng->sha) != 0)
return DBRG_ERROR;
Sha256Update(&rng->sha, &ctr, sizeof(ctr));
Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits));
/* churning V is the only string that doesn't have
* the type added */
if (type != dbrgInitV)
Sha256Update(&rng->sha, &type, sizeof(type));
Sha256Update(&rng->sha, inA, inASz);
if (inB != NULL && inBSz > 0)
Sha256Update(&rng->sha, inB, inBSz);
if (inC != NULL && inCSz > 0)
Sha256Update(&rng->sha, inC, inCSz);
Sha256Final(&rng->sha, rng->digest);
if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE);
outSz -= SHA256_DIGEST_SIZE;
out += SHA256_DIGEST_SIZE;
}
else {
XMEMCPY(out, rng->digest, outSz);
}
}
return DBRG_SUCCESS;
}
static int InitHmac(Hmac* hmac, int type)
{
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
if (!(type == MD5 || type == SHA || type == SHA256))
return BAD_FUNC_ARG;
if (type == MD5)
InitMd5(&hmac->hash.md5);
else if (type == SHA)
InitSha(&hmac->hash.sha);
#ifndef NO_SHA256
else if (type == SHA256)
InitSha256(&hmac->hash.sha256);
#endif
return 0;
}
void bench_sha256(void)
{
Sha256 hash;
byte digest[SHA256_DIGEST_SIZE];
double start, total, persec;
int i;
InitSha256(&hash);
start = current_time();
for(i = 0; i < megs; i++)
Sha256Update(&hash, plain, sizeof(plain));
Sha256Final(&hash, digest);
total = current_time() - start;
persec = 1 / total * megs;
printf("SHA-256 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
void bench_sha256(void)
{
Sha256 hash;
byte digest[SHA256_DIGEST_SIZE];
double start, total, persec;
int i, ret;
ret = InitSha256(&hash);
if (ret != 0) {
printf("InitSha256 failed, ret = %d\n", ret);
return;
}
start = current_time(1);
for(i = 0; i < numBlocks; i++) {
ret = Sha256Update(&hash, plain, sizeof(plain));
if (ret != 0) {
printf("Sha256Update failed, ret = %d\n", ret);
return;
}
}
ret = Sha256Final(&hash, digest);
if (ret != 0) {
printf("Sha256Final failed, ret = %d\n", ret);
return;
}
total = current_time(0) - start;
persec = 1 / total * numBlocks;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
#endif
printf("SHA-256 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec);
}
int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
int saltLen, int iterations, int kLen, int hashType, int id)
{
/* all in bytes instead of bits */
word32 u, v, dLen, pLen, iLen, sLen, totalLen;
int dynamic = 0;
int ret = 0;
int i;
byte *D, *S, *P, *I;
#ifdef CYASSL_SMALL_STACK
byte staticBuffer[1]; /* force dynamic usage */
#else
byte staticBuffer[1024];
#endif
byte* buffer = staticBuffer;
#ifdef CYASSL_SMALL_STACK
byte* Ai;
byte* B;
#else
byte Ai[PBKDF_DIGEST_SIZE];
byte B[PBKDF_DIGEST_SIZE];
#endif
if (!iterations)
iterations = 1;
if (hashType == MD5) {
v = MD5_BLOCK_SIZE;
u = MD5_DIGEST_SIZE;
}
else if (hashType == SHA) {
v = SHA_BLOCK_SIZE;
u = SHA_DIGEST_SIZE;
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
v = SHA256_BLOCK_SIZE;
u = SHA256_DIGEST_SIZE;
}
#endif
#ifdef CYASSL_SHA512
else if (hashType == SHA512) {
v = SHA512_BLOCK_SIZE;
u = SHA512_DIGEST_SIZE;
}
#endif
else
return BAD_FUNC_ARG;
#ifdef CYASSL_SMALL_STACK
Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (Ai == NULL)
return MEMORY_E;
B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (B == NULL) {
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
dLen = v;
sLen = v * ((saltLen + v - 1) / v);
if (passLen)
pLen = v * ((passLen + v - 1) / v);
else
pLen = 0;
iLen = sLen + pLen;
totalLen = dLen + sLen + pLen;
if (totalLen > sizeof(staticBuffer)) {
buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
if (buffer == NULL) {
#ifdef CYASSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
dynamic = 1;
}
D = buffer;
S = D + dLen;
P = S + sLen;
I = S;
XMEMSET(D, id, dLen);
for (i = 0; i < (int)sLen; i++)
S[i] = salt[i % saltLen];
for (i = 0; i < (int)pLen; i++)
P[i] = passwd[i % passLen];
while (kLen > 0) {
word32 currentLen;
mp_int B1;
if (hashType == MD5) {
Md5 md5;
InitMd5(&md5);
Md5Update(&md5, buffer, totalLen);
Md5Final(&md5, Ai);
for (i = 1; i < iterations; i++) {
Md5Update(&md5, Ai, u);
Md5Final(&md5, Ai);
}
}
else if (hashType == SHA) {
Sha sha;
ret = InitSha(&sha);
if (ret != 0)
break;
ShaUpdate(&sha, buffer, totalLen);
ShaFinal(&sha, Ai);
for (i = 1; i < iterations; i++) {
ShaUpdate(&sha, Ai, u);
ShaFinal(&sha, Ai);
}
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
Sha256 sha256;
ret = InitSha256(&sha256);
if (ret != 0)
break;
ret = Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
#endif
#ifdef CYASSL_SHA512
else if (hashType == SHA512) {
Sha512 sha512;
ret = InitSha512(&sha512);
if (ret != 0)
break;
ret = Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
#endif
for (i = 0; i < (int)v; i++)
B[i] = Ai[i % u];
if (mp_init(&B1) != MP_OKAY)
ret = MP_INIT_E;
else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
ret = MP_READ_E;
else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
ret = MP_ADD_E;
if (ret != 0) {
mp_clear(&B1);
break;
}
for (i = 0; i < (int)iLen; i += v) {
int outSz;
mp_int i1;
mp_int res;
if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
ret = MP_INIT_E;
break;
}
if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
ret = MP_READ_E;
else if (mp_add(&i1, &B1, &res) != MP_OKAY)
ret = MP_ADD_E;
else if ( (outSz = mp_unsigned_bin_size(&res)) < 0)
ret = MP_TO_E;
else {
if (outSz > (int)v) {
/* take off MSB */
byte tmp[129];
ret = mp_to_unsigned_bin(&res, tmp);
XMEMCPY(I + i, tmp + 1, v);
}
else if (outSz < (int)v) {
XMEMSET(I + i, 0, v - outSz);
ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
}
else
ret = mp_to_unsigned_bin(&res, I + i);
}
mp_clear(&i1);
mp_clear(&res);
if (ret < 0) break;
}
currentLen = min(kLen, (int)u);
XMEMCPY(output, Ai, currentLen);
output += currentLen;
kLen -= currentLen;
mp_clear(&B1);
}
if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
#ifdef CYASSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}