![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to sha1extra.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / crypto|
Return to sha1extra.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / crypto |
1.1 root 1: /*
2: * Copyright (c) 2009 Joshua Oreman <[email protected]>.
3: *
4: * This program is free software; you can redistribute it and/or
5: * modify it under the terms of the GNU General Public License as
6: * published by the Free Software Foundation; either version 2 of the
7: * License, or any later version.
8: *
9: * This program is distributed in the hope that it will be useful, but
10: * WITHOUT ANY WARRANTY; without even the implied warranty of
11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12: * General Public License for more details.
13: *
14: * You should have received a copy of the GNU General Public License
15: * along with this program; if not, write to the Free Software
16: * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17: */
18:
19: FILE_LICENCE ( GPL2_OR_LATER );
20:
21: #include <ipxe/crypto.h>
22: #include <ipxe/sha1.h>
23: #include <ipxe/hmac.h>
24: #include <stdint.h>
25: #include <byteswap.h>
26:
27: /**
28: * SHA1 pseudorandom function for creating derived keys
29: *
30: * @v key Master key with which this call is associated
31: * @v key_len Length of key
32: * @v label NUL-terminated ASCII string describing purpose of PRF data
33: * @v data Further data that should be included in the PRF
34: * @v data_len Length of further PRF data
35: * @v prf_len Bytes of PRF to generate
36: * @ret prf Pseudorandom function bytes
37: *
38: * This is the PRF variant used by 802.11, defined in IEEE 802.11-2007
39: * 8.5.5.1. EAP-FAST uses a different SHA1-based PRF, and TLS uses an
40: * MD5-based PRF.
41: */
42: void prf_sha1 ( const void *key, size_t key_len, const char *label,
43: const void *data, size_t data_len, void *prf, size_t prf_len )
44: {
45: u32 blk;
46: u8 keym[key_len]; /* modifiable copy of key */
47: u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */
48: u8 *in_blknr; /* pointer to last byte of in, block number */
49: u8 out[SHA1_SIZE]; /* HMAC-SHA1 result */
50: u8 sha1_ctx[SHA1_CTX_SIZE]; /* SHA1 context */
51: const size_t label_len = strlen ( label );
52:
53: /* The HMAC-SHA-1 is calculated using the given key on the
54: message text `label', followed by a NUL, followed by one
55: byte indicating the block number (0 for first). */
56:
57: memcpy ( keym, key, key_len );
58:
59: memcpy ( in, label, strlen ( label ) + 1 );
60: memcpy ( in + label_len + 1, data, data_len );
61: in_blknr = in + label_len + 1 + data_len;
62:
63: for ( blk = 0 ;; blk++ ) {
64: *in_blknr = blk;
65:
66: hmac_init ( &sha1_algorithm, sha1_ctx, keym, &key_len );
67: hmac_update ( &sha1_algorithm, sha1_ctx, in, sizeof ( in ) );
68: hmac_final ( &sha1_algorithm, sha1_ctx, keym, &key_len, out );
69:
70: if ( prf_len <= SHA1_SIZE ) {
71: memcpy ( prf, out, prf_len );
72: break;
73: }
74:
75: memcpy ( prf, out, SHA1_SIZE );
76: prf_len -= SHA1_SIZE;
77: prf += SHA1_SIZE;
78: }
79: }
80:
81: /**
82: * PBKDF2 key derivation function inner block operation
83: *
84: * @v passphrase Passphrase from which to derive key
85: * @v pass_len Length of passphrase
86: * @v salt Salt to include in key
87: * @v salt_len Length of salt
88: * @v iterations Number of iterations of SHA1 to perform
89: * @v blocknr Index of this block, starting at 1
90: * @ret block SHA1_SIZE bytes of PBKDF2 data
91: *
92: * The operation of this function is described in RFC 2898.
93: */
94: static void pbkdf2_sha1_f ( const void *passphrase, size_t pass_len,
95: const void *salt, size_t salt_len,
96: int iterations, u32 blocknr, u8 *block )
97: {
98: u8 pass[pass_len]; /* modifiable passphrase */
99: u8 in[salt_len + 4]; /* input buffer to first round */
100: u8 last[SHA1_SIZE]; /* output of round N, input of N+1 */
101: u8 sha1_ctx[SHA1_CTX_SIZE];
102: u8 *next_in = in; /* changed to `last' after first round */
103: int next_size = sizeof ( in );
104: int i, j;
105:
106: blocknr = htonl ( blocknr );
107:
108: memcpy ( pass, passphrase, pass_len );
109: memcpy ( in, salt, salt_len );
110: memcpy ( in + salt_len, &blocknr, 4 );
111: memset ( block, 0, SHA1_SIZE );
112:
113: for ( i = 0; i < iterations; i++ ) {
114: hmac_init ( &sha1_algorithm, sha1_ctx, pass, &pass_len );
115: hmac_update ( &sha1_algorithm, sha1_ctx, next_in, next_size );
116: hmac_final ( &sha1_algorithm, sha1_ctx, pass, &pass_len, last );
117:
118: for ( j = 0; j < SHA1_SIZE; j++ ) {
119: block[j] ^= last[j];
120: }
121:
122: next_in = last;
123: next_size = SHA1_SIZE;
124: }
125: }
126:
127: /**
128: * PBKDF2 key derivation function using SHA1
129: *
130: * @v passphrase Passphrase from which to derive key
131: * @v pass_len Length of passphrase
132: * @v salt Salt to include in key
133: * @v salt_len Length of salt
134: * @v iterations Number of iterations of SHA1 to perform
135: * @v key_len Length of key to generate
136: * @ret key Generated key bytes
137: *
138: * This is used most notably in 802.11 WPA passphrase hashing, in
139: * which case the salt is the SSID, 4096 iterations are used, and a
140: * 32-byte key is generated that serves as the Pairwise Master Key for
141: * EAPOL authentication.
142: *
143: * The operation of this function is further described in RFC 2898.
144: */
145: void pbkdf2_sha1 ( const void *passphrase, size_t pass_len,
146: const void *salt, size_t salt_len,
147: int iterations, void *key, size_t key_len )
148: {
149: u32 blocks = ( key_len + SHA1_SIZE - 1 ) / SHA1_SIZE;
150: u32 blk;
151: u8 buf[SHA1_SIZE];
152:
153: for ( blk = 1; blk <= blocks; blk++ ) {
154: pbkdf2_sha1_f ( passphrase, pass_len, salt, salt_len,
155: iterations, blk, buf );
156: if ( key_len <= SHA1_SIZE ) {
157: memcpy ( key, buf, key_len );
158: break;
159: }
160:
161: memcpy ( key, buf, SHA1_SIZE );
162: key_len -= SHA1_SIZE;
163: key += SHA1_SIZE;
164: }
165: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.