Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8307489840
Branches Tags
krackattacks
/
src
/
crypto
/
sha256-tlsprf.c

sha256-tlsprf.c 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. /*
    2. 

  2.  * TLS PRF P_SHA256
    3. 

  3.  * Copyright (c) 2011, Jouni Malinen <j@w1.fi>
    4. 

  4.  *
    5. 

  5.  * This program is free software; you can redistribute it and/or modify
    6. 

  6.  * it under the terms of the GNU General Public License version 2 as
    7. 

  7.  * published by the Free Software Foundation.
    8. 

  8.  *
    9. 

  9.  * Alternatively, this software may be distributed under the terms of BSD
    10. 

  10.  * license.
    11. 

  11.  *
    12. 

  12.  * See README and COPYING for more details.
    13. 

  13.  */
    14. 

  14. 

  15. #include "includes.h"
    16. 

  16. 

  17. #include "common.h"
    18. 

  18. #include "sha256.h"
    19. 

  19. 

  20. 

  21. /**
    22. 

  22.  * tls_prf_sha256 - Pseudo-Random Function for TLS v1.2 (P_SHA256, RFC 5246)
    23. 

  23.  * @secret: Key for PRF
    24. 

  24.  * @secret_len: Length of the key in bytes
    25. 

  25.  * @label: A unique label for each purpose of the PRF
    26. 

  26.  * @seed: Seed value to bind into the key
    27. 

  27.  * @seed_len: Length of the seed
    28. 

  28.  * @out: Buffer for the generated pseudo-random key
    29. 

  29.  * @outlen: Number of bytes of key to generate
    30. 

  30.  * Returns: 0 on success, -1 on failure.
    31. 

  31.  *
    32. 

  32.  * This function is used to derive new, cryptographically separate keys from a
    33. 

  33.  * given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
    34. 

  34.  */
    35. 

  35. void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
    36. 

  36. 		    const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
    37. 

  37. {
    38. 

  38. 	size_t clen;
    39. 

  39. 	u8 A[SHA256_MAC_LEN];
    40. 

  40. 	u8 P[SHA256_MAC_LEN];
    41. 

  41. 	size_t pos;
    42. 

  42. 	const unsigned char *addr[3];
    43. 

  43. 	size_t len[3];
    44. 

  44. 

  45. 	addr[0] = A;
    46. 

  46. 	len[0] = SHA256_MAC_LEN;
    47. 

  47. 	addr[1] = (unsigned char *) label;
    48. 

  48. 	len[1] = os_strlen(label);
    49. 

  49. 	addr[2] = seed;
    50. 

  50. 	len[2] = seed_len;
    51. 

  51. 

  52. 	/*
    53. 

  53. 	 * RFC 5246, Chapter 5
    54. 

  54. 	 * A(0) = seed, A(i) = HMAC(secret, A(i-1))
    55. 

  55. 	 * P_hash = HMAC(secret, A(1) + seed) + HMAC(secret, A(2) + seed) + ..
    56. 

  56. 	 * PRF(secret, label, seed) = P_SHA256(secret, label + seed)
    57. 

  57. 	 */
    58. 

  58. 

  59. 	hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A);
    60. 

  60. 

  61. 	pos = 0;
    62. 

  62. 	while (pos < outlen) {
    63. 

  63. 		hmac_sha256_vector(secret, secret_len, 3, addr, len, P);
    64. 

  64. 		hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A);
    65. 

  65. 

  66. 		clen = outlen - pos;
    67. 

  67. 		if (clen > SHA256_MAC_LEN)
    68. 

  68. 			clen = SHA256_MAC_LEN;
    69. 

  69. 		os_memcpy(out + pos, P, clen);
    70. 

  70. 		pos += clen;
    71. 

  71. 	}
    72. 

  72. }
    73.