summaryrefslogtreecommitdiff
path: root/cesar/cp2
diff options
context:
space:
mode:
authorlaranjeiro2008-06-18 15:06:47 +0000
committerlaranjeiro2008-06-18 15:06:47 +0000
commit9ad007ce7b5ae0494f734397c821d83f3c618d36 (patch)
treeb2f28a1e7568aa52ff68ccb539229e2f1f536a58 /cesar/cp2
parent8a6f225ca85c9b1eecbf6388b798fc172e02ea4d (diff)
cp2/secu : Added and tested the pbkdf1.
git-svn-id: svn+ssh://pessac/svn/cesar/trunk@2378 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cesar/cp2')
-rw-r--r--cesar/cp2/secu/Module2
-rw-r--r--cesar/cp2/secu/defs.h32
-rw-r--r--cesar/cp2/secu/inc/pbkdf1.h29
-rw-r--r--cesar/cp2/secu/pbkdf1.h32
-rw-r--r--cesar/cp2/secu/secu.h50
-rw-r--r--cesar/cp2/secu/src/pbkdf1.c100
-rw-r--r--cesar/cp2/secu/test/host-Makefile5
-rw-r--r--cesar/cp2/secu/test/sparc-Makefile9
-rw-r--r--cesar/cp2/secu/test/src/test-pbkdf1.c65
9 files changed, 274 insertions, 50 deletions
diff --git a/cesar/cp2/secu/Module b/cesar/cp2/secu/Module
index 4b788b89de..7618d9c16f 100644
--- a/cesar/cp2/secu/Module
+++ b/cesar/cp2/secu/Module
@@ -1 +1 @@
-SOURCES := sha256.c aes.c
+SOURCES := sha256.c aes.c pbkdf1.c
diff --git a/cesar/cp2/secu/defs.h b/cesar/cp2/secu/defs.h
new file mode 100644
index 0000000000..7a39ee7900
--- /dev/null
+++ b/cesar/cp2/secu/defs.h
@@ -0,0 +1,32 @@
+#ifndef cp2_secu_defs_h
+#define cp2_secu_defs_h
+/* Cesar project {{{
+ *
+ * Copyright (C) 2008 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp2/secu/defs.h
+ * \brief Length definitions for the security module.
+ * \ingroup cp2_secu
+ *
+ */
+
+/** MAX PASSWORD SIZE. */
+#define CP_SECU_PWD_SIZE_MAX 64
+
+/** Salt size. */
+#define CP_SECU_SALT_SIZE 8
+
+/** SHA 256 output size. */
+#define CP_SECU_SHA256_OUTPUT_SIZE 32
+
+/** pbkdf1 generated key size */
+#define CP_SECU_OUTPUT_KEY_SIZE 16
+
+/** PBKDF1 itreration. */
+#define CP_SECU_PBKDF1_ITERATION 1000
+
+#endif /* cp2_secu_defs_h */
diff --git a/cesar/cp2/secu/inc/pbkdf1.h b/cesar/cp2/secu/inc/pbkdf1.h
new file mode 100644
index 0000000000..6ab46c6283
--- /dev/null
+++ b/cesar/cp2/secu/inc/pbkdf1.h
@@ -0,0 +1,29 @@
+#ifndef cp2_secu_inc_pbkdf1_h
+#define cp2_secu_inc_pbkdf1_h
+/* Cesar project {{{
+ *
+ * Copyright (C) 2008 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp2/secu/inc/pbkdf1.h
+ * \brief PBKDF1 function.
+ * \ingroup cp2_secu
+ *
+ */
+
+/**
+ * pbkdf1
+ * \param input the input data to hash (can be a clear ascii password)
+ * \param input_len length of input
+ * \param salt salt to apply to input data
+ * \param salt_len length of salt
+ * \param it_count iteration number for the hash function
+ */
+void
+secu_pbkdf1 (u8 buffer[], uint length, u8 salt[],
+ uint salt_len, uint it_count);
+
+#endif /* cp2_secu_inc_pbkdf1_h */
diff --git a/cesar/cp2/secu/pbkdf1.h b/cesar/cp2/secu/pbkdf1.h
new file mode 100644
index 0000000000..f1d6c1fca0
--- /dev/null
+++ b/cesar/cp2/secu/pbkdf1.h
@@ -0,0 +1,32 @@
+#ifndef CP2_SECU_PBKDF1_H_
+#define CP2_SECU_PBKDF1_H_
+/* Cesar project {{{
+ *
+ * Copyright (C) 2008 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp2/secu/pbkdf1.h
+ * \brief Fonction PBKDF1.
+ * \ingroup cp_secu
+ */
+
+enum cp_secu_salt_kind_t
+{
+ CP_SECU_SALT_KEY_DAK,
+ CP_SECU_SALT_KEY_NMK_HS,
+ CP_SECU_SALT_KEY_NB
+};
+typedef enum cp_secu_salt_kind_t cp_secu_salt_kind_t;
+
+/**
+ * PBKDF1 functions for the Secu module.
+ * \param buffer the input buffer.
+ * \param key key kind.
+ */
+void
+cp_secu_pbkdf1 (u8 *buffer, cp_secu_salt_kind_t key);
+
+#endif /* CP2_SECU_PBKDF1_H_ */
diff --git a/cesar/cp2/secu/secu.h b/cesar/cp2/secu/secu.h
index 94a001ce5c..83f0201991 100644
--- a/cesar/cp2/secu/secu.h
+++ b/cesar/cp2/secu/secu.h
@@ -83,50 +83,6 @@ cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last);
#if 0
/**
- * AES-CBC buffer encryption.
- *
- * \param ctx AES context
- * \param iv initialization vector (modified after use) (16 bytes)
- * \param input buffer holding the plaintext
- * \param output buffer holding the ciphertext
- * \param len length of the data to be encrypted
- */
-void
-cp_secu_aes_cbc_encrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len);
-/**
- * AES-CBC buffer decryption.
- *
- * \param ctx AES context
- * \param iv initialization vector (modified after use)
- * \param input buffer holding the ciphertext
- * \param output buffer holding the plaintext
- * \param len length of the data to be decrypted
- */
-void
-cp_secu_aes_cbc_decrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len);
-
-/**
- * set AES key.
- *
- * \param ctx AES context to be initialized
- * \param key the secret key
- * \param keysize must be 128, 192 or 256 bits long
- */
-void
-cp_secu_aes_set_key (aes_context *ctx, unsigned char *key, int keysize);
-
-/**
- * Output = SHA-256( input buffer ).
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output SHA-224/256 checksum result size is SHA256OutputSize bytes
- * \param is224 0 = use SHA256, 1 = use SHA224
- */
-void
-cp_secu_sha2 (unsigned char *input, int ilen, unsigned char *output, int is224);
-
-/**
* pbkdf1 function
* \param input the input data to hash (can be a clear ascii password)
* \param input_len length of input
@@ -136,15 +92,15 @@ cp_secu_sha2 (unsigned char *input, int ilen, unsigned char *output, int is224);
* \param output_key result of hash
* \return error code or 0 if success
*/
-cp_secu_error_t
+cp_secu_error_t
cp_secu_pbkdf1 (u8 input[], int input_len, u8 salt[], int salt_len, int it_count, u8 output_key[]);
/**
* generate AES key (NEK, NMK or TEK).
- * \param
+ * \param
* \return the AES key
- *
+ *
* see 7.10.7.2 for details
*/
void
diff --git a/cesar/cp2/secu/src/pbkdf1.c b/cesar/cp2/secu/src/pbkdf1.c
new file mode 100644
index 0000000000..2b1b2bb80e
--- /dev/null
+++ b/cesar/cp2/secu/src/pbkdf1.c
@@ -0,0 +1,100 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2008 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file cp2/secu/secu_pbkdf1.c
+ * \brief The pbkdf1 function
+ * \ingroup cp_secu
+ */
+#include <string.h>
+
+#include "common/std.h"
+#include "cp2/secu/defs.h"
+
+#include "cp2/secu/sha256.h"
+#include "cp2/secu/pbkdf1.h"
+
+
+#include "cp2/secu/inc/pbkdf1.h"
+
+void
+secu_pbkdf1 (u8 buffer[], uint length, u8 salt[], uint salt_len,
+ uint it_count)
+{
+
+ u8 dk[CP_SECU_PWD_SIZE_MAX + CP_SECU_SALT_SIZE] = "";
+ uint dp_size, i;
+
+ dbg_assert (buffer);
+ dbg_assert (salt);
+ /*
+ * Copy input to DK (max size cannot be greater than DK buffer)
+ */
+ for (dp_size = 0; (dp_size < length)
+ && (dp_size < CP_SECU_PWD_SIZE_MAX); dp_size++)
+ {
+ dk[dp_size] = buffer[dp_size];
+ }
+
+ /*
+ * Concatenate salt with input on DK and count total input size
+ */
+ for (i=0 ; i < salt_len ; i++)
+ {
+ dk[dp_size+i] = salt[i];
+ }
+ dp_size += salt_len;
+
+ /*
+ * compute the following iterations
+ */
+ for(i=0 ; i < it_count ; i++)
+ {
+ cp_secu_sha256 (dk);
+ }
+
+ memcpy (buffer, dk, CP_SECU_OUTPUT_KEY_SIZE);
+}
+
+/**
+ * PBKDF1 functions for the Secu module.
+ * \param buffer the input buffer.
+ * \param key key kind.
+ */
+void
+cp_secu_pbkdf1 (u8 *buffer, cp_secu_salt_kind_t key)
+{
+ u8 salt [CP_SECU_SALT_SIZE];
+
+ dbg_assert (buffer);
+ dbg_assert (key < CP_SECU_SALT_KEY_NB);
+
+ salt[0] = 0x08;
+ salt[1] = 0x85;
+ salt[2] = 0x6D;
+ salt[3] = 0xAF;
+ salt[4] = 0x7C;
+ salt[5] = 0xF5;
+ salt[6] = 0x81;
+
+
+ switch (key)
+ {
+ case CP_SECU_SALT_KEY_DAK:
+ salt[7] = 0x85;
+ break;
+ case CP_SECU_SALT_KEY_NMK_HS:
+ salt[7] = 0x86;
+ break;
+ default:
+ dbg_assert (false);
+ }
+
+ secu_pbkdf1 (buffer, strlen((char*) buffer), salt, CP_SECU_SALT_SIZE,
+ CP_SECU_PBKDF1_ITERATION);
+}
+
diff --git a/cesar/cp2/secu/test/host-Makefile b/cesar/cp2/secu/test/host-Makefile
index ea48fcf8ad..ec931d36ee 100644
--- a/cesar/cp2/secu/test/host-Makefile
+++ b/cesar/cp2/secu/test/host-Makefile
@@ -1,6 +1,6 @@
BASE = ../../..
-HOST_PROGRAMS = test-sha2 test-aes
+HOST_PROGRAMS = test-sha2 test-aes test-pbkdf1
test-sha2_SOURCES = test-sha2.c
test-sha2_MODULES = lib cp2/secu
@@ -8,6 +8,9 @@ test-sha2_MODULES = lib cp2/secu
test-aes_SOURCES = test-aes.c
test-aes_MODULES = lib cp2/secu
+test-pbkdf1_SOURCES = test-pbkdf1.c
+test-pbkdf1_MODULES = lib cp2/secu
+
VARIANT = host
include $(BASE)/common/make/top.mk
diff --git a/cesar/cp2/secu/test/sparc-Makefile b/cesar/cp2/secu/test/sparc-Makefile
index 6c54b9b289..64521960e1 100644
--- a/cesar/cp2/secu/test/sparc-Makefile
+++ b/cesar/cp2/secu/test/sparc-Makefile
@@ -3,10 +3,17 @@ BASE = ../../..
TARGET = sparc
ECOS = y
-TARGET_PROGRAMS = test-sha2
+TARGET_PROGRAMS = test-sha2 test-aes test-pbkdf1
test-sha2_SOURCES = test-sha2.c
test-sha2_MODULES = lib cp2/secu
+test-aes_SOURCES = test-aes.c
+test-aes_MODULES = lib cp2/secu
+
+test-pbkdf1_SOURCES = test-pbkdf1.c
+test-pbkdf1_MODULES = lib cp2/secu
+
+
VARIANT = sparc
include $(BASE)/common/make/top.mk
diff --git a/cesar/cp2/secu/test/src/test-pbkdf1.c b/cesar/cp2/secu/test/src/test-pbkdf1.c
new file mode 100644
index 0000000000..e069ba80b2
--- /dev/null
+++ b/cesar/cp2/secu/test/src/test-pbkdf1.c
@@ -0,0 +1,65 @@
+/* Cesar project {{{
+ *
+ * Copyright (C) 2008 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file src/test-pbkdf1.c
+ * \brief Test pbkdf1 functions.
+ * \ingroup cp2_secu
+ *
+ */
+#include "common/std.h"
+#include "string.h"
+
+#include "lib/test.h"
+#include "cp2/secu/defs.h"
+#include "cp2/secu/pbkdf1.h"
+#include "cp2/secu/sha256.h"
+
+void
+test_case_pbkdf1 (test_t test)
+{
+ uint i;
+
+ u8 buffer [128] __attribute__((aligned(128))) = "HOMEPLUG_AV123\0";
+ u8 result [128] __attribute__((aligned(128))) = "HOMEPLUG_AV123\0";
+
+ result[14] = 0x08;
+ result[15] = 0x85;
+ result[16] = 0x6D;
+ result[17] = 0xAF;
+ result[18] = 0x7C;
+ result[19] = 0xF5;
+ result[20] = 0x81;
+ result[21] = 0x86;
+
+ for (i = 0; i < 1000; i++)
+ {
+ cp_secu_sha256(result);
+ }
+
+ cp_secu_pbkdf1 (buffer, CP_SECU_SALT_KEY_NMK_HS);
+
+ test_begin (test, "PBKDF1")
+ {
+ test_fail_if (memcmp (buffer, result, CP_SECU_OUTPUT_KEY_SIZE) != 0,
+ "Wrong Hash");
+ }
+ test_end;
+}
+
+int
+main (void)
+{
+ test_t test;
+
+ test_init (test, 0, NULL);
+
+ test_case_pbkdf1 (test);
+
+ test_result (test);
+ return test_nb_failed (test) == 0 ? 0 : 1;
+}