Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: df756b374e
Branches Tags
krackattacks
/
src
/
crypto
/
sha256-tlsprf.c

sha256-tlsprf.c 1.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. /*
    2. 

  2.  * TLS PRF P_SHA256
    3. 

  3.  * Copyright (c) 2011, Jouni Malinen <j@w1.fi>
    4. 

  4.  *
    5. 

  5.  * This software may be distributed under the terms of the BSD license.
    6. 

  6.  * See README for more details.
    7. 

  7.  */
    8. 

  8. 

  9. #include "includes.h"
    10. 

  10. 

  11. #include "common.h"
    12. 

  12. #include "sha256.h"
    13. 

  13. 

  14. 

  15. /**
    16. 

  16.  * tls_prf_sha256 - Pseudo-Random Function for TLS v1.2 (P_SHA256, RFC 5246)
    17. 

  17.  * @secret: Key for PRF
    18. 

  18.  * @secret_len: Length of the key in bytes
    19. 

  19.  * @label: A unique label for each purpose of the PRF
    20. 

  20.  * @seed: Seed value to bind into the key
    21. 

  21.  * @seed_len: Length of the seed
    22. 

  22.  * @out: Buffer for the generated pseudo-random key
    23. 

  23.  * @outlen: Number of bytes of key to generate
    24. 

  24.  * Returns: 0 on success, -1 on failure.
    25. 

  25.  *
    26. 

  26.  * This function is used to derive new, cryptographically separate keys from a
    27. 

  27.  * given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
    28. 

  28.  */
    29. 

  29. void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
    30. 

  30. 		    const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
    31. 

  31. {
    32. 

  32. 	size_t clen;
    33. 

  33. 	u8 A[SHA256_MAC_LEN];
    34. 

  34. 	u8 P[SHA256_MAC_LEN];
    35. 

  35. 	size_t pos;
    36. 

  36. 	const unsigned char *addr[3];
    37. 

  37. 	size_t len[3];
    38. 

  38. 

  39. 	addr[0] = A;
    40. 

  40. 	len[0] = SHA256_MAC_LEN;
    41. 

  41. 	addr[1] = (unsigned char *) label;
    42. 

  42. 	len[1] = os_strlen(label);
    43. 

  43. 	addr[2] = seed;
    44. 

  44. 	len[2] = seed_len;
    45. 

  45. 

  46. 	/*
    47. 

  47. 	 * RFC 5246, Chapter 5
    48. 

  48. 	 * A(0) = seed, A(i) = HMAC(secret, A(i-1))
    49. 

  49. 	 * P_hash = HMAC(secret, A(1) + seed) + HMAC(secret, A(2) + seed) + ..
    50. 

  50. 	 * PRF(secret, label, seed) = P_SHA256(secret, label + seed)
    51. 

  51. 	 */
    52. 

  52. 

  53. 	hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A);
    54. 

  54. 

  55. 	pos = 0;
    56. 

  56. 	while (pos < outlen) {
    57. 

  57. 		hmac_sha256_vector(secret, secret_len, 3, addr, len, P);
    58. 

  58. 		hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A);
    59. 

  59. 

  60. 		clen = outlen - pos;
    61. 

  61. 		if (clen > SHA256_MAC_LEN)
    62. 

  62. 			clen = SHA256_MAC_LEN;
    63. 

  63. 		os_memcpy(out + pos, P, clen);
    64. 

  64. 		pos += clen;
    65. 

  65. 	}
    66. 

  66. }
    67.