libsec: add pbkdf2_hmac_sha1() (from wpapsk factotum module)

4 files changed, 34 insertions, 27 deletions

diff --git a/sys/include/libsec.h b/sys/include/libsec.h
index 9a32aa554..60f25f944 100644
--- a/sys/include/libsec.h
+++ b/sys/include/libsec.h
@@ -456,3 +456,6 @@ mpint* dh_new(DHstate *dh, mpint *p, mpint *g);
 
 /* calculate shared key: k = pub ^ x % p */
 mpint* dh_finish(DHstate *dh, mpint *pub);
+
+/* password-based key derivation function 2 (RFC 2898) */
+void pbkdf2_hmac_sha1(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen);
diff --git a/sys/src/cmd/auth/factotum/wpapsk.c b/sys/src/cmd/auth/factotum/wpapsk.c
index 785d1c0ff..a76cb4ac8 100644
--- a/sys/src/cmd/auth/factotum/wpapsk.c
+++ b/sys/src/cmd/auth/factotum/wpapsk.c
@@ -35,32 +35,6 @@ struct State
 	uchar	resp[PTKlen];
 };
 
-static void
-pbkdf2(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen)
-{
-	uchar block[SHA1dlen], tmp[SHA1dlen], tmp2[SHA1dlen];
-	ulong i, j, k, n;
-	DigestState *ds;
-
-	for(i = 1; dlen > 0; i++, d += n, dlen -= n){
-		tmp[3] = i;
-		tmp[2] = i >> 8;
-		tmp[1] = i >> 16;
-		tmp[0] = i >> 24;
-		ds = hmac_sha1(s, slen, p, plen, nil, nil);
-		hmac_sha1(tmp, 4, p, plen, block, ds);
-		memmove(tmp, block, sizeof(tmp));
-		for(j = 1; j < rounds; j++){
-			hmac_sha1(tmp, sizeof(tmp), p, plen, tmp2, nil);
-			memmove(tmp, tmp2, sizeof(tmp));
-			for(k=0; k<sizeof(tmp); k++)
-				block[k] ^= tmp[k];
-		}
-		n = dlen > sizeof(block) ? sizeof(block) : dlen;
-		memmove(d, block, n); 
-	}
-}
-
 static int
 hextob(char *s, char **sp, uchar *b, int n)
 {
@@ -89,7 +63,7 @@ pass2pmk(char *pass, char *ssid, uchar pmk[PMKlen])
 {
 	if(hextob(pass, nil, pmk, PMKlen) == PMKlen)
 		return;
-	pbkdf2((uchar*)pass, strlen(pass), (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen);
+	pbkdf2_hmac_sha1((uchar*)pass, strlen(pass), (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen);
 }
 
 static void
diff --git a/sys/src/libsec/port/mkfile b/sys/src/libsec/port/mkfile
index c99fcc85d..60aebe629 100644
--- a/sys/src/libsec/port/mkfile
+++ b/sys/src/libsec/port/mkfile
@@ -21,6 +21,7 @@ CFILES = des.c desmodes.c desECB.c desCBC.c des3ECB.c des3CBC.c\
 	ecc.c\
 	ripemd.c\
 	dh.c\
+	pbkdf2.c\
 
 ALLOFILES=${CFILES:%.c=%.$O}
 
diff --git a/sys/src/libsec/port/pbkdf2.c b/sys/src/libsec/port/pbkdf2.c
new file mode 100644
index 000000000..95c26422f
--- /dev/null
+++ b/sys/src/libsec/port/pbkdf2.c
@@ -0,0 +1,29 @@
+#include "os.h"
+#include <mp.h>
+#include <libsec.h>
+
+void
+pbkdf2_hmac_sha1(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen)
+{
+	uchar block[SHA1dlen], tmp[SHA1dlen], tmp2[SHA1dlen];
+	ulong i, j, k, n;
+	DigestState *ds;
+
+	for(i = 1; dlen > 0; i++, d += n, dlen -= n){
+		tmp[3] = i;
+		tmp[2] = i >> 8;
+		tmp[1] = i >> 16;
+		tmp[0] = i >> 24;
+		ds = hmac_sha1(s, slen, p, plen, nil, nil);
+		hmac_sha1(tmp, 4, p, plen, block, ds);
+		memmove(tmp, block, sizeof(tmp));
+		for(j = 1; j < rounds; j++){
+			hmac_sha1(tmp, sizeof(tmp), p, plen, tmp2, nil);
+			memmove(tmp, tmp2, sizeof(tmp));
+			for(k=0; k<sizeof(tmp); k++)
+				block[k] ^= tmp[k];
+		}
+		n = dlen > sizeof(block) ? sizeof(block) : dlen;
+		memmove(d, block, n); 
+	}
+}