3fba80174d
Conflicts: NEWS README configure.in doc/tincd.8.in src/Makefile.am src/bsd/device.c src/connection.c src/connection.h src/cygwin/device.c src/device.h src/dropin.h src/linux/device.c src/mingw/device.c src/net.c src/net_packet.c src/net_setup.c src/net_socket.c src/process.c src/protocol.c src/protocol_key.c src/raw_socket_device.c src/route.c src/solaris/device.c src/tincd.c src/uml_device.c
75 lines
2.3 KiB
C
75 lines
2.3 KiB
C
/*
|
|
prf.c -- Pseudo-Random Function for key material generation
|
|
Copyright (C) 2011 Guus Sliepen <guus@tinc-vpn.org>
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License along
|
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
#include "system.h"
|
|
|
|
#include <openssl/obj_mac.h>
|
|
|
|
#include "digest.h"
|
|
#include "prf.h"
|
|
|
|
/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
|
|
We use SHA512 instead of MD5 and SHA1.
|
|
*/
|
|
|
|
static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
|
|
digest_t digest;
|
|
|
|
if(!digest_open_by_nid(&digest, nid, -1))
|
|
return false;
|
|
|
|
if(!digest_set_key(&digest, secret, secretlen))
|
|
return false;
|
|
|
|
size_t len = digest_length(&digest);
|
|
|
|
/* Data is what the "inner" HMAC function processes.
|
|
It consists of the previous HMAC result plus the seed.
|
|
*/
|
|
|
|
char data[len + seedlen];
|
|
memset(data, 0, len);
|
|
memcpy(data + len, seed, seedlen);
|
|
|
|
char hash[len];
|
|
|
|
while(outlen > 0) {
|
|
/* Inner HMAC */
|
|
digest_create(&digest, data, len + seedlen, data);
|
|
|
|
/* Outer HMAC */
|
|
digest_create(&digest, data, len + seedlen, hash);
|
|
|
|
/* XOR the results of the outer HMAC into the out buffer */
|
|
for(int i = 0; i < len && i < outlen; i++)
|
|
*out++ ^= hash[i];
|
|
|
|
outlen -= len;
|
|
}
|
|
|
|
digest_close(&digest);
|
|
return true;
|
|
}
|
|
|
|
bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
|
|
/* This construction allows us to easily switch back to a scheme where the PRF is calculated using two different digest algorithms. */
|
|
memset(out, 0, outlen);
|
|
|
|
return prf_xor(NID_sha512, secret, secretlen, seed, seedlen, out, outlen);
|
|
}
|