robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5940 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ipxe/src/crypto/sha1extra.c

sha1extra.c 5.3KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168 
  1. /*

  2.  * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

  17.  * 02110-1301, USA.

  18.  */

  19. 

  20. FILE_LICENCE ( GPL2_OR_LATER );

  21. 

  22. #include <string.h>

  23. #include <ipxe/crypto.h>

  24. #include <ipxe/sha1.h>

  25. #include <ipxe/hmac.h>

  26. #include <stdint.h>

  27. #include <byteswap.h>

  28. 

  29. /**

  30.  * SHA1 pseudorandom function for creating derived keys

  31.  *

  32.  * @v key	Master key with which this call is associated

  33.  * @v key_len	Length of key

  34.  * @v label	NUL-terminated ASCII string describing purpose of PRF data

  35.  * @v data	Further data that should be included in the PRF

  36.  * @v data_len	Length of further PRF data

  37.  * @v prf_len	Bytes of PRF to generate

  38.  * @ret prf	Pseudorandom function bytes

  39.  *

  40.  * This is the PRF variant used by 802.11, defined in IEEE 802.11-2007

  41.  * 8.5.5.1. EAP-FAST uses a different SHA1-based PRF, and TLS uses an

  42.  * MD5-based PRF.

  43.  */

  44. void prf_sha1 ( const void *key, size_t key_len, const char *label,

  45. 		const void *data, size_t data_len, void *prf, size_t prf_len )

  46. {

  47. 	u32 blk;

  48. 	u8 keym[key_len];	/* modifiable copy of key */

  49. 	u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */

  50. 	u8 *in_blknr;		/* pointer to last byte of in, block number */

  51. 	u8 out[SHA1_DIGEST_SIZE]; /* HMAC-SHA1 result */

  52. 	u8 sha1_ctx[SHA1_CTX_SIZE]; /* SHA1 context */

  53. 	const size_t label_len = strlen ( label );

  54. 

  55. 	/* The HMAC-SHA-1 is calculated using the given key on the

  56. 	   message text `label', followed by a NUL, followed by one

  57. 	   byte indicating the block number (0 for first). */

  58. 

  59. 	memcpy ( keym, key, key_len );

  60. 

  61. 	memcpy ( in, label, strlen ( label ) + 1 );

  62. 	memcpy ( in + label_len + 1, data, data_len );

  63. 	in_blknr = in + label_len + 1 + data_len;

  64. 

  65. 	for ( blk = 0 ;; blk++ ) {

  66. 		*in_blknr = blk;

  67. 

  68. 		hmac_init ( &sha1_algorithm, sha1_ctx, keym, &key_len );

  69. 		hmac_update ( &sha1_algorithm, sha1_ctx, in, sizeof ( in ) );

  70. 		hmac_final ( &sha1_algorithm, sha1_ctx, keym, &key_len, out );

  71. 

  72. 		if ( prf_len <= sizeof ( out ) ) {

  73. 			memcpy ( prf, out, prf_len );

  74. 			break;

  75. 		}

  76. 

  77. 		memcpy ( prf, out, sizeof ( out ) );

  78. 		prf_len -= sizeof ( out );

  79. 		prf += sizeof ( out );

  80. 	}

  81. }

  82. 

  83. /**

  84.  * PBKDF2 key derivation function inner block operation

  85.  *

  86.  * @v passphrase	Passphrase from which to derive key

  87.  * @v pass_len		Length of passphrase

  88.  * @v salt		Salt to include in key

  89.  * @v salt_len		Length of salt

  90.  * @v iterations	Number of iterations of SHA1 to perform

  91.  * @v blocknr		Index of this block, starting at 1

  92.  * @ret block		SHA1_SIZE bytes of PBKDF2 data

  93.  *

  94.  * The operation of this function is described in RFC 2898.

  95.  */

  96. static void pbkdf2_sha1_f ( const void *passphrase, size_t pass_len,

  97. 			    const void *salt, size_t salt_len,

  98. 			    int iterations, u32 blocknr, u8 *block )

  99. {

  100. 	u8 pass[pass_len];	/* modifiable passphrase */

  101. 	u8 in[salt_len + 4];	/* input buffer to first round */

  102. 	u8 last[SHA1_DIGEST_SIZE]; /* output of round N, input of N+1 */

  103. 	u8 sha1_ctx[SHA1_CTX_SIZE];

  104. 	u8 *next_in = in;	/* changed to `last' after first round */

  105. 	int next_size = sizeof ( in );

  106. 	int i;

  107. 	unsigned int j;

  108. 

  109. 	blocknr = htonl ( blocknr );

  110. 

  111. 	memcpy ( pass, passphrase, pass_len );

  112. 	memcpy ( in, salt, salt_len );

  113. 	memcpy ( in + salt_len, &blocknr, 4 );

  114. 	memset ( block, 0, sizeof ( last ) );

  115. 

  116. 	for ( i = 0; i < iterations; i++ ) {

  117. 		hmac_init ( &sha1_algorithm, sha1_ctx, pass, &pass_len );

  118. 		hmac_update ( &sha1_algorithm, sha1_ctx, next_in, next_size );

  119. 		hmac_final ( &sha1_algorithm, sha1_ctx, pass, &pass_len, last );

  120. 

  121. 		for ( j = 0; j < sizeof ( last ); j++ ) {

  122. 			block[j] ^= last[j];

  123. 		}

  124. 

  125. 		next_in = last;

  126. 		next_size = sizeof ( last );

  127. 	}

  128. }

  129. 

  130. /**

  131.  * PBKDF2 key derivation function using SHA1

  132.  *

  133.  * @v passphrase	Passphrase from which to derive key

  134.  * @v pass_len		Length of passphrase

  135.  * @v salt		Salt to include in key

  136.  * @v salt_len		Length of salt

  137.  * @v iterations	Number of iterations of SHA1 to perform

  138.  * @v key_len		Length of key to generate

  139.  * @ret key		Generated key bytes

  140.  *

  141.  * This is used most notably in 802.11 WPA passphrase hashing, in

  142.  * which case the salt is the SSID, 4096 iterations are used, and a

  143.  * 32-byte key is generated that serves as the Pairwise Master Key for

  144.  * EAPOL authentication.

  145.  *

  146.  * The operation of this function is further described in RFC 2898.

  147.  */

  148. void pbkdf2_sha1 ( const void *passphrase, size_t pass_len,

  149. 		   const void *salt, size_t salt_len,

  150. 		   int iterations, void *key, size_t key_len )

  151. {

  152. 	u32 blocks = ( key_len + SHA1_DIGEST_SIZE - 1 ) / SHA1_DIGEST_SIZE;

  153. 	u32 blk;

  154. 	u8 buf[SHA1_DIGEST_SIZE];

  155. 

  156. 	for ( blk = 1; blk <= blocks; blk++ ) {

  157. 		pbkdf2_sha1_f ( passphrase, pass_len, salt, salt_len,

  158. 				iterations, blk, buf );

  159. 		if ( key_len <= sizeof ( buf ) ) {

  160. 			memcpy ( key, buf, key_len );

  161. 			break;

  162. 		}

  163. 

  164. 		memcpy ( key, buf, sizeof ( buf ) );

  165. 		key_len -= sizeof ( buf );

  166. 		key += sizeof ( buf );

  167. 	}

  168. }