diff --git a/sys/include/libsec.h b/sys/include/libsec.h index 38d8a67c5..e46180829 100644 --- a/sys/include/libsec.h +++ b/sys/include/libsec.h @@ -454,12 +454,13 @@ mpint* dh_new(DHstate *dh, mpint *p, mpint *q, mpint *g); /* calculate shared key: k = y**x % p */ mpint* dh_finish(DHstate *dh, mpint *y); -/* password-based key derivation function 2 (RFC 2898) */ -void pbkdf2_hmac_sha1(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen); - /* Curve25519 elliptic curve, public key function */ void curve25519(uchar mypublic[32], uchar secret[32], uchar basepoint[32]); /* Curve25519 diffie hellman */ void curve25519_dh_new(uchar x[32], uchar y[32]); void curve25519_dh_finish(uchar x[32], uchar y[32], uchar z[32]); + +/* password-based key derivation function 2 (rfc2898) */ +void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen, + DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen); diff --git a/sys/src/cmd/auth/factotum/wpapsk.c b/sys/src/cmd/auth/factotum/wpapsk.c index a76cb4ac8..42e72f08a 100644 --- a/sys/src/cmd/auth/factotum/wpapsk.c +++ b/sys/src/cmd/auth/factotum/wpapsk.c @@ -63,7 +63,7 @@ pass2pmk(char *pass, char *ssid, uchar pmk[PMKlen]) { if(hextob(pass, nil, pmk, PMKlen) == PMKlen) return; - pbkdf2_hmac_sha1((uchar*)pass, strlen(pass), (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen); + pbkdf2_x((uchar*)pass, strlen(pass), (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen, hmac_sha1, SHA1dlen); } static void diff --git a/sys/src/libauthsrv/passtokey.c b/sys/src/libauthsrv/passtokey.c index c829b374e..d2867da87 100644 --- a/sys/src/libauthsrv/passtokey.c +++ b/sys/src/libauthsrv/passtokey.c @@ -36,7 +36,7 @@ static void passtoaeskey(uchar *key, char *p) { static char salt[] = "Plan 9 key derivation"; - pbkdf2_hmac_sha1((uchar*)p, strlen(p), (uchar*)salt, sizeof(salt)-1, 9001, key, AESKEYLEN); + pbkdf2_x((uchar*)p, strlen(p), (uchar*)salt, sizeof(salt)-1, 9001, key, AESKEYLEN, hmac_sha1, SHA1dlen); } void diff --git a/sys/src/libsec/port/pbkdf2.c b/sys/src/libsec/port/pbkdf2.c index 95c26422f..7df01dc25 100644 --- a/sys/src/libsec/port/pbkdf2.c +++ b/sys/src/libsec/port/pbkdf2.c @@ -2,28 +2,34 @@ #include #include +/* rfc2898 */ void -pbkdf2_hmac_sha1(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen) +pbkdf2_x(p, plen, s, slen, rounds, d, dlen, x, xlen) + uchar *p, *s, *d; + ulong plen, slen, dlen, rounds; + DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); + int xlen; { - uchar block[SHA1dlen], tmp[SHA1dlen], tmp2[SHA1dlen]; + uchar block[256], tmp[256]; ulong i, j, k, n; DigestState *ds; + assert(xlen <= sizeof(tmp)); + for(i = 1; dlen > 0; i++, d += n, dlen -= n){ tmp[3] = i; tmp[2] = i >> 8; tmp[1] = i >> 16; tmp[0] = i >> 24; - ds = hmac_sha1(s, slen, p, plen, nil, nil); - hmac_sha1(tmp, 4, p, plen, block, ds); - memmove(tmp, block, sizeof(tmp)); + ds = (*x)(s, slen, p, plen, nil, nil); + (*x)(tmp, 4, p, plen, block, ds); + memmove(tmp, block, xlen); for(j = 1; j < rounds; j++){ - hmac_sha1(tmp, sizeof(tmp), p, plen, tmp2, nil); - memmove(tmp, tmp2, sizeof(tmp)); - for(k=0; k sizeof(block) ? sizeof(block) : dlen; + n = dlen > xlen ? xlen : dlen; memmove(d, block, n); } }