You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sha1extra.c 5.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
  1. /*
  2. * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of the GNU General Public License as
  6. * published by the Free Software Foundation; either version 2 of the
  7. * License, or any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful, but
  10. * WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  12. * General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program; if not, write to the Free Software
  16. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  17. * 02110-1301, USA.
  18. */
  19. FILE_LICENCE ( GPL2_OR_LATER );
  20. #include <string.h>
  21. #include <ipxe/crypto.h>
  22. #include <ipxe/sha1.h>
  23. #include <ipxe/hmac.h>
  24. #include <stdint.h>
  25. #include <byteswap.h>
  26. /**
  27. * SHA1 pseudorandom function for creating derived keys
  28. *
  29. * @v key Master key with which this call is associated
  30. * @v key_len Length of key
  31. * @v label NUL-terminated ASCII string describing purpose of PRF data
  32. * @v data Further data that should be included in the PRF
  33. * @v data_len Length of further PRF data
  34. * @v prf_len Bytes of PRF to generate
  35. * @ret prf Pseudorandom function bytes
  36. *
  37. * This is the PRF variant used by 802.11, defined in IEEE 802.11-2007
  38. * 8.5.5.1. EAP-FAST uses a different SHA1-based PRF, and TLS uses an
  39. * MD5-based PRF.
  40. */
  41. void prf_sha1 ( const void *key, size_t key_len, const char *label,
  42. const void *data, size_t data_len, void *prf, size_t prf_len )
  43. {
  44. u32 blk;
  45. u8 keym[key_len]; /* modifiable copy of key */
  46. u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */
  47. u8 *in_blknr; /* pointer to last byte of in, block number */
  48. u8 out[SHA1_DIGEST_SIZE]; /* HMAC-SHA1 result */
  49. u8 sha1_ctx[SHA1_CTX_SIZE]; /* SHA1 context */
  50. const size_t label_len = strlen ( label );
  51. /* The HMAC-SHA-1 is calculated using the given key on the
  52. message text `label', followed by a NUL, followed by one
  53. byte indicating the block number (0 for first). */
  54. memcpy ( keym, key, key_len );
  55. memcpy ( in, label, strlen ( label ) + 1 );
  56. memcpy ( in + label_len + 1, data, data_len );
  57. in_blknr = in + label_len + 1 + data_len;
  58. for ( blk = 0 ;; blk++ ) {
  59. *in_blknr = blk;
  60. hmac_init ( &sha1_algorithm, sha1_ctx, keym, &key_len );
  61. hmac_update ( &sha1_algorithm, sha1_ctx, in, sizeof ( in ) );
  62. hmac_final ( &sha1_algorithm, sha1_ctx, keym, &key_len, out );
  63. if ( prf_len <= sizeof ( out ) ) {
  64. memcpy ( prf, out, prf_len );
  65. break;
  66. }
  67. memcpy ( prf, out, sizeof ( out ) );
  68. prf_len -= sizeof ( out );
  69. prf += sizeof ( out );
  70. }
  71. }
  72. /**
  73. * PBKDF2 key derivation function inner block operation
  74. *
  75. * @v passphrase Passphrase from which to derive key
  76. * @v pass_len Length of passphrase
  77. * @v salt Salt to include in key
  78. * @v salt_len Length of salt
  79. * @v iterations Number of iterations of SHA1 to perform
  80. * @v blocknr Index of this block, starting at 1
  81. * @ret block SHA1_SIZE bytes of PBKDF2 data
  82. *
  83. * The operation of this function is described in RFC 2898.
  84. */
  85. static void pbkdf2_sha1_f ( const void *passphrase, size_t pass_len,
  86. const void *salt, size_t salt_len,
  87. int iterations, u32 blocknr, u8 *block )
  88. {
  89. u8 pass[pass_len]; /* modifiable passphrase */
  90. u8 in[salt_len + 4]; /* input buffer to first round */
  91. u8 last[SHA1_DIGEST_SIZE]; /* output of round N, input of N+1 */
  92. u8 sha1_ctx[SHA1_CTX_SIZE];
  93. u8 *next_in = in; /* changed to `last' after first round */
  94. int next_size = sizeof ( in );
  95. int i;
  96. unsigned int j;
  97. blocknr = htonl ( blocknr );
  98. memcpy ( pass, passphrase, pass_len );
  99. memcpy ( in, salt, salt_len );
  100. memcpy ( in + salt_len, &blocknr, 4 );
  101. memset ( block, 0, sizeof ( last ) );
  102. for ( i = 0; i < iterations; i++ ) {
  103. hmac_init ( &sha1_algorithm, sha1_ctx, pass, &pass_len );
  104. hmac_update ( &sha1_algorithm, sha1_ctx, next_in, next_size );
  105. hmac_final ( &sha1_algorithm, sha1_ctx, pass, &pass_len, last );
  106. for ( j = 0; j < sizeof ( last ); j++ ) {
  107. block[j] ^= last[j];
  108. }
  109. next_in = last;
  110. next_size = sizeof ( last );
  111. }
  112. }
  113. /**
  114. * PBKDF2 key derivation function using SHA1
  115. *
  116. * @v passphrase Passphrase from which to derive key
  117. * @v pass_len Length of passphrase
  118. * @v salt Salt to include in key
  119. * @v salt_len Length of salt
  120. * @v iterations Number of iterations of SHA1 to perform
  121. * @v key_len Length of key to generate
  122. * @ret key Generated key bytes
  123. *
  124. * This is used most notably in 802.11 WPA passphrase hashing, in
  125. * which case the salt is the SSID, 4096 iterations are used, and a
  126. * 32-byte key is generated that serves as the Pairwise Master Key for
  127. * EAPOL authentication.
  128. *
  129. * The operation of this function is further described in RFC 2898.
  130. */
  131. void pbkdf2_sha1 ( const void *passphrase, size_t pass_len,
  132. const void *salt, size_t salt_len,
  133. int iterations, void *key, size_t key_len )
  134. {
  135. u32 blocks = ( key_len + SHA1_DIGEST_SIZE - 1 ) / SHA1_DIGEST_SIZE;
  136. u32 blk;
  137. u8 buf[SHA1_DIGEST_SIZE];
  138. for ( blk = 1; blk <= blocks; blk++ ) {
  139. pbkdf2_sha1_f ( passphrase, pass_len, salt, salt_len,
  140. iterations, blk, buf );
  141. if ( key_len <= sizeof ( buf ) ) {
  142. memcpy ( key, buf, key_len );
  143. break;
  144. }
  145. memcpy ( key, buf, sizeof ( buf ) );
  146. key_len -= sizeof ( buf );
  147. key += sizeof ( buf );
  148. }
  149. }