summaryrefslogtreecommitdiffstats
path: root/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/pbkdf2.c
blob: fce6a22f269c6459903ba80a2ccb8b2e21c9b93f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

/*
 * cifra - embedded cryptography library
 * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com>
 *
 * To the extent possible under law, the author(s) have dedicated all
 * copyright and related and neighboring rights to this software to the
 * public domain worldwide. This software is distributed without any
 * warranty.
 *
 * You should have received a copy of the CC0 Public Domain Dedication
 * along with this software. If not, see
 * <http://creativecommons.org/publicdomain/zero/1.0/>.
 */

#include "pbkdf2.h"
#include "hmac.h"
#include "bitops.h"
#include "handy.h"
#include "tassert.h"

#include <string.h>

static void F(const cf_hmac_ctx *startctx,
              uint32_t counter,
              const uint8_t *salt, size_t nsalt,
              uint32_t iterations,
              uint8_t *out)
{
  uint8_t U[CF_MAXHASH];
  size_t hashsz = startctx->hash->hashsz;
  
  uint8_t countbuf[4];
  write32_be(counter, countbuf);

  /* First iteration:
   *   U_1 = PRF(P, S || INT_32_BE(i))
   */
  cf_hmac_ctx ctx = *startctx;
  cf_hmac_update(&ctx, salt, nsalt);
  cf_hmac_update(&ctx, countbuf, sizeof countbuf);
  cf_hmac_finish(&ctx, U);
  memcpy(out, U, hashsz);

  /* Subsequent iterations:
   *   U_c = PRF(P, U_{c-1})
   */
  for (uint32_t i = 1; i < iterations; i++)
  {
    ctx = *startctx;
    cf_hmac_update(&ctx, U, hashsz);
    cf_hmac_finish(&ctx, U);
    xor_bb(out, out, U, hashsz);
  }
}

void cf_pbkdf2_hmac(const uint8_t *pw, size_t npw,
                    const uint8_t *salt, size_t nsalt,
                    uint32_t iterations,
                    uint8_t *out, size_t nout,
                    const cf_chash *hash)
{
  uint32_t counter = 1;
  uint8_t block[CF_MAXHASH];

  assert(iterations);
  assert(out && nout);
  assert(hash);

  /* Starting point for inner loop. */
  cf_hmac_ctx ctx;
  cf_hmac_init(&ctx, hash, pw, npw);

  while (nout)
  {
    F(&ctx, counter, salt, nsalt, iterations, block);

    size_t taken = MIN(nout, hash->hashsz);
    memcpy(out, block, taken);
    out += taken;
    nout -= taken;
    counter++;
  }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-13 11:40:38 +0000