summaryrefslogtreecommitdiff
path: root/cesar/cp/secu/src
diff options
context:
space:
mode:
authorlaranjeiro2009-06-08 08:22:53 +0000
committerlaranjeiro2009-06-08 08:22:53 +0000
commit7ea3c3aaa11fa1e90fabb752f927b73fabaa32db (patch)
treed11b38507854e82eb7570052127e7ec2cc435ef0 /cesar/cp/secu/src
parent1f0d46590c928d5806dc75599e06f025822f7344 (diff)
*cp/secu, cp/cco/action:
* Update the PKDKF1 function to only use 5 iteration for the NEK. * Change a function name to use the real name. git-svn-id: svn+ssh://pessac/svn/cesar/trunk@4754 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cesar/cp/secu/src')
-rw-r--r--cesar/cp/secu/src/pbkdf1.c61
-rw-r--r--cesar/cp/secu/src/secu.c11
2 files changed, 36 insertions, 36 deletions
diff --git a/cesar/cp/secu/src/pbkdf1.c b/cesar/cp/secu/src/pbkdf1.c
index d3ef374a03..1f24d6243c 100644
--- a/cesar/cp/secu/src/pbkdf1.c
+++ b/cesar/cp/secu/src/pbkdf1.c
@@ -66,46 +66,45 @@ secu_pbkdf1 (const u8 input[], const uint input_length,
void
cp_secu_pbkdf1 (const u8 input[], const uint input_length,
u8 *output, uint output_length,
- cp_secu_salt_kind_t salt_index)
+ cp_secu_salt_kind_t salt_index,
+ uint iteration)
{
+ u8 *pbkdf1;
/* Check parameters. */
dbg_assert (input);
dbg_assert (input_length);
dbg_assert (output);
+ dbg_assert (salt_index < CP_SECU_SALT_KEY_NB);
- if (salt_index != CP_SECU_SALT_KEY_NID)
- {
- /* The salt to use for the PBKDF1 function. */
- u8 salt[CP_SECU_SALT_SIZE] = {0x08, 0x85, 0x6d, 0xaf, 0x7c, 0xf5,
- 0x81, 0x00};
-
- switch (salt_index)
- {
- case CP_SECU_SALT_KEY_DAK:
- salt[7] = 0x85;
- break;
- case CP_SECU_SALT_KEY_NMK_HS:
- salt[7] = 0x86;
- break;
- case CP_SECU_SALT_SPIDCOM:
- salt[0] += 2;
- salt[4] = 0xA2;
- break;
- default:
- /* Unsupported value. */
- dbg_assert_default ();
- }
+ /* The salt to use for the PBKDF1 function. */
+ u8 salt[CP_SECU_SALT_SIZE] = {0x08, 0x85, 0x6d, 0xaf, 0x7c, 0xf5,
+ 0x81, 0x00};
- secu_pbkdf1 (input, input_length,
- salt, CP_SECU_PBKDF1_ITERATION,
- output, output_length);
- }
- else
+ switch (salt_index)
{
- secu_pbkdf1 (input, input_length,
- NULL, CP_SECU_PBKDF1_ITERATION_NID,
- output, output_length);
+ case CP_SECU_SALT_KEY_DAK:
+ salt[7] = 0x85;
+ pbkdf1 = salt;
+ break;
+ case CP_SECU_SALT_KEY_NMK_HS:
+ salt[7] = 0x86;
+ pbkdf1 = salt;
+ break;
+ case CP_SECU_SALT_SPIDCOM:
+ salt[0] += 2;
+ salt[4] = 0xA2;
+ pbkdf1 = salt;
+ break;
+ case CP_SECU_SALT_NONE:
+ pbkdf1 = NULL;
+ break;
+ default:
+ /* Unsupported value. */
+ dbg_assert_default ();
}
+ secu_pbkdf1 (input, input_length,
+ pbkdf1, iteration,
+ output, output_length);
}
diff --git a/cesar/cp/secu/src/secu.c b/cesar/cp/secu/src/secu.c
index 0e0004d3d0..0a04a96a3f 100644
--- a/cesar/cp/secu/src/secu.c
+++ b/cesar/cp/secu/src/secu.c
@@ -100,7 +100,7 @@ cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last)
}
void
-cp_secu_aes_generate_key (const uint num, cp_key_t *output)
+cp_secu_generate_nek (const uint num, cp_key_t *output)
{
u8 input[4];
u8 buffer[sizeof(cp_key_t)];
@@ -112,7 +112,8 @@ cp_secu_aes_generate_key (const uint num, cp_key_t *output)
/* Call the real function to generate an AES key. */
cp_secu_pbkdf1 (input, sizeof (input),
buffer , sizeof(buffer),
- CP_SECU_SALT_SPIDCOM);
+ CP_SECU_SALT_SPIDCOM,
+ CP_SECU_PBKDF1_ITERATION_NEK);
GET_UINT32 (output->key[0], buffer, 0);
GET_UINT32 (output->key[1], buffer, 4);
@@ -141,7 +142,7 @@ cp_secu_nmk2nid(const cp_key_t nmk, const u8 security_level)
PUT_UINT32(nmk.key[3], input, 12);
cp_secu_pbkdf1 (input, sizeof (cp_key_t), output, CP_NID_SIZE,
- CP_SECU_SALT_KEY_NID);
+ CP_SECU_SALT_NONE, CP_SECU_PBKDF1_ITERATION_NID);
output[CP_NID_SIZE-1] = output[CP_NID_SIZE-1] >> 4;
uint w1, w2;
@@ -197,7 +198,7 @@ cp_secu_generate_hash (const u32 seed, u8 *hash, const uint hash_length)
cp_secu_pbkdf1 ((u8 *) &seed, sizeof (seed),
&hash[compt * CP_SECU_OUTPUT_KEY_SIZE],
CP_SECU_OUTPUT_KEY_SIZE,
- CP_SECU_SALT_SPIDCOM);
+ CP_SECU_SALT_SPIDCOM, CP_SECU_PBKDF1_ITERATION);
}
/* Check if last part is not enought for CP_SECU_OUTPUT_KEY_SIZE. */
uint modulo = hash_length % CP_SECU_OUTPUT_KEY_SIZE;
@@ -206,7 +207,7 @@ cp_secu_generate_hash (const u32 seed, u8 *hash, const uint hash_length)
cp_secu_pbkdf1 ((u8 *) &seed, sizeof (seed),
&hash[iteration * CP_SECU_OUTPUT_KEY_SIZE],
modulo,
- CP_SECU_SALT_SPIDCOM);
+ CP_SECU_SALT_SPIDCOM, CP_SECU_PBKDF1_ITERATION);
}
}