LCOV - code coverage report
Current view: top level - src/crypto - sha256-prf.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1443382998 Lines: 32 32 100.0 %
Date: 2015-09-27 Functions: 2 2 100.0 %

          Line data    Source code
       1             : /*
       2             :  * SHA256-based PRF (IEEE 802.11r)
       3             :  * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "sha256.h"
      13             : #include "crypto.h"
      14             : 
      15             : 
      16             : /**
      17             :  * sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5.1.5.2)
      18             :  * @key: Key for PRF
      19             :  * @key_len: Length of the key in bytes
      20             :  * @label: A unique label for each purpose of the PRF
      21             :  * @data: Extra data to bind into the key
      22             :  * @data_len: Length of the data
      23             :  * @buf: Buffer for the generated pseudo-random key
      24             :  * @buf_len: Number of bytes of key to generate
      25             :  *
      26             :  * This function is used to derive new, cryptographically separate keys from a
      27             :  * given key.
      28             :  */
      29        3725 : void sha256_prf(const u8 *key, size_t key_len, const char *label,
      30             :                 const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
      31             : {
      32        3725 :         sha256_prf_bits(key, key_len, label, data, data_len, buf, buf_len * 8);
      33        3725 : }
      34             : 
      35             : 
      36             : /**
      37             :  * sha256_prf_bits - IEEE Std 802.11-2012, 11.6.1.7.2 Key derivation function
      38             :  * @key: Key for KDF
      39             :  * @key_len: Length of the key in bytes
      40             :  * @label: A unique label for each purpose of the PRF
      41             :  * @data: Extra data to bind into the key
      42             :  * @data_len: Length of the data
      43             :  * @buf: Buffer for the generated pseudo-random key
      44             :  * @buf_len: Number of bits of key to generate
      45             :  *
      46             :  * This function is used to derive new, cryptographically separate keys from a
      47             :  * given key. If the requested buf_len is not divisible by eight, the least
      48             :  * significant 1-7 bits of the last octet in the output are not part of the
      49             :  * requested output.
      50             :  */
      51        9494 : void sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
      52             :                      const u8 *data, size_t data_len, u8 *buf,
      53             :                      size_t buf_len_bits)
      54             : {
      55        9494 :         u16 counter = 1;
      56             :         size_t pos, plen;
      57             :         u8 hash[SHA256_MAC_LEN];
      58             :         const u8 *addr[4];
      59             :         size_t len[4];
      60             :         u8 counter_le[2], length_le[2];
      61        9494 :         size_t buf_len = (buf_len_bits + 7) / 8;
      62             : 
      63        9494 :         addr[0] = counter_le;
      64        9494 :         len[0] = 2;
      65        9494 :         addr[1] = (u8 *) label;
      66        9494 :         len[1] = os_strlen(label);
      67        9494 :         addr[2] = data;
      68        9494 :         len[2] = data_len;
      69        9494 :         addr[3] = length_le;
      70        9494 :         len[3] = sizeof(length_le);
      71             : 
      72        9494 :         WPA_PUT_LE16(length_le, buf_len_bits);
      73        9494 :         pos = 0;
      74       26178 :         while (pos < buf_len) {
      75       11090 :                 plen = buf_len - pos;
      76       11090 :                 WPA_PUT_LE16(counter_le, counter);
      77       11090 :                 if (plen >= SHA256_MAC_LEN) {
      78        7190 :                         hmac_sha256_vector(key, key_len, 4, addr, len,
      79             :                                            &buf[pos]);
      80        7190 :                         pos += SHA256_MAC_LEN;
      81             :                 } else {
      82        3900 :                         hmac_sha256_vector(key, key_len, 4, addr, len, hash);
      83        3900 :                         os_memcpy(&buf[pos], hash, plen);
      84        3900 :                         pos += plen;
      85        3900 :                         break;
      86             :                 }
      87        7190 :                 counter++;
      88             :         }
      89             : 
      90             :         /*
      91             :          * Mask out unused bits in the last octet if it does not use all the
      92             :          * bits.
      93             :          */
      94        9494 :         if (buf_len_bits % 8) {
      95          80 :                 u8 mask = 0xff << (8 - buf_len_bits % 8);
      96          80 :                 buf[pos - 1] &= mask;
      97             :         }
      98             : 
      99        9494 :         os_memset(hash, 0, sizeof(hash));
     100        9494 : }

Generated by: LCOV version 1.10