2 * SHA1 hash implementation and interface functions
3 * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
17 * hmac_sha1_vector - HMAC-SHA1 over data vector (RFC 2104)
18 * @key: Key for HMAC operations
19 * @key_len: Length of the key in bytes
20 * @num_elem: Number of elements in the data vector
21 * @addr: Pointers to the data areas
22 * @len: Lengths of the data blocks
23 * @mac: Buffer for the hash (20 bytes)
24 * Returns: 0 on success, -1 on failure
26 int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
27 const u8 *addr[], const size_t *len, u8 *mac)
29 unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
36 * Fixed limit on the number of fragments to avoid having to
37 * allocate memory (which could fail).
42 /* if key is longer than 64 bytes reset it to key = SHA1(key) */
44 if (sha1_vector(1, &key, &key_len, tk))
50 /* the HMAC_SHA1 transform looks like:
52 * SHA1(K XOR opad, SHA1(K XOR ipad, text))
54 * where K is an n byte key
55 * ipad is the byte 0x36 repeated 64 times
56 * opad is the byte 0x5c repeated 64 times
57 * and text is the data being protected */
59 /* start out by storing key in ipad */
60 os_memset(k_pad, 0, sizeof(k_pad));
61 os_memcpy(k_pad, key, key_len);
62 /* XOR key with ipad values */
63 for (i = 0; i < 64; i++)
66 /* perform inner SHA1 */
69 for (i = 0; i < num_elem; i++) {
70 _addr[i + 1] = addr[i];
73 if (sha1_vector(1 + num_elem, _addr, _len, mac))
76 os_memset(k_pad, 0, sizeof(k_pad));
77 os_memcpy(k_pad, key, key_len);
78 /* XOR key with opad values */
79 for (i = 0; i < 64; i++)
82 /* perform outer SHA1 */
86 _len[1] = SHA1_MAC_LEN;
87 return sha1_vector(2, _addr, _len, mac);
92 * hmac_sha1 - HMAC-SHA1 over data buffer (RFC 2104)
93 * @key: Key for HMAC operations
94 * @key_len: Length of the key in bytes
95 * @data: Pointers to the data area
96 * @data_len: Length of the data area
97 * @mac: Buffer for the hash (20 bytes)
98 * Returns: 0 on success, -1 of failure
100 int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
103 return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
108 * sha1_prf - SHA1-based Pseudo-Random Function (PRF) (IEEE 802.11i, 8.5.1.1)
110 * @key_len: Length of the key in bytes
111 * @label: A unique label for each purpose of the PRF
112 * @data: Extra data to bind into the key
113 * @data_len: Length of the data
114 * @buf: Buffer for the generated pseudo-random key
115 * @buf_len: Number of bytes of key to generate
116 * Returns: 0 on success, -1 of failure
118 * This function is used to derive new, cryptographically separate keys from a
119 * given key (e.g., PMK in IEEE 802.11i).
121 int sha1_prf(const u8 *key, size_t key_len, const char *label,
122 const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
126 u8 hash[SHA1_MAC_LEN];
127 size_t label_len = os_strlen(label) + 1;
128 const unsigned char *addr[3];
131 addr[0] = (u8 *) label;
139 while (pos < buf_len) {
140 plen = buf_len - pos;
141 if (plen >= SHA1_MAC_LEN) {
142 if (hmac_sha1_vector(key, key_len, 3, addr, len,
147 if (hmac_sha1_vector(key, key_len, 3, addr, len,
150 os_memcpy(&buf[pos], hash, plen);