X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fprf.c;h=55c9923d474aa4d642c6cae749595d9315b57a6d;hb=9ba3e95a9a559240d16de71ca1513c7bfa98a70c;hp=f9a21121c8016b324b1d92a8bd0d6819bcff4511;hpb=9b9230a0a79c670b86f54fadd2807b864ff9d91f;p=tinc

diff --git a/src/gcrypt/prf.c b/src/gcrypt/prf.c
index f9a21121..55c9923d 100644
--- a/src/gcrypt/prf.c
+++ b/src/gcrypt/prf.c
@@ -19,11 +19,88 @@
 
 #include "../system.h"
 
-#include "digest.h"
-#include "../digest.h"
 #include "../prf.h"
+#include "../ed25519/sha512.h"
+
+static void memxor(char *buf, char c, size_t len) {
+	for(size_t i = 0; i < len; i++)
+		buf[i] ^= c;
+}
+
+static const size_t mdlen = 64;
+static const size_t blklen = 128;
+
+static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) {
+	char tmp[blklen + mdlen];
+	sha512_context md;
+
+	if(keylen <= blklen) {
+		memcpy(tmp, key, keylen);
+		memset(tmp + keylen, 0, blklen - keylen);
+	} else {
+		if(sha512(key, keylen, tmp) != 0)
+			return false;
+		memset(tmp + mdlen, 0, blklen - mdlen);
+	}
+
+	if(sha512_init(&md) != 0)
+		return false;
+
+	// ipad
+	memxor(tmp, 0x36, blklen);
+	if(sha512_update(&md, tmp, blklen) != 0)
+		return false;
+
+	// message
+	if(sha512_update(&md, msg, msglen) != 0)
+		return false;
+
+	if(sha512_final(&md, tmp + blklen) != 0)
+		return false;
+
+	// opad
+	memxor(tmp, 0x36 ^ 0x5c, blklen);
+	if(sha512(tmp, sizeof tmp, out) != 0)
+		return false;
+
+	return true;
+}
+
+
+/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
+   We use SHA512 instead of MD5 and SHA1.
+ */
 
 bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
-	logger(DEBUG_ALWAYS, LOG_ERR, "PRF support using libgcrypt not implemented");
-	return false;
+	/* Data is what the "inner" HMAC function processes.
+	   It consists of the previous HMAC result plus the seed.
+	 */
+
+	char data[mdlen + seedlen];
+	memset(data, 0, mdlen);
+	memcpy(data + mdlen, seed, seedlen);
+
+	char hash[mdlen];
+
+	while(outlen > 0) {
+		/* Inner HMAC */
+		if(!hmac_sha512(secret, secretlen, data, sizeof data, data))
+			return false;
+
+		/* Outer HMAC */
+		if(outlen >= mdlen) {
+			if(!hmac_sha512(secret, secretlen, data, sizeof data, out))
+				return false;
+			out += mdlen;
+			outlen -= mdlen;
+		} else {
+			if(!hmac_sha512(secret, secretlen, data, sizeof data, hash))
+				return false;
+			memcpy(out, hash, outlen);
+			out += outlen;
+			outlen = 0;
+		}
+	}
+
+	return true;
 }