summaryrefslogtreecommitdiff
path: root/cesar/cp
diff options
context:
space:
mode:
authorlaranjeiro2009-06-08 08:22:53 +0000
committerlaranjeiro2009-06-08 08:22:53 +0000
commit7ea3c3aaa11fa1e90fabb752f927b73fabaa32db (patch)
treed11b38507854e82eb7570052127e7ec2cc435ef0 /cesar/cp
parent1f0d46590c928d5806dc75599e06f025822f7344 (diff)
*cp/secu, cp/cco/action:
* Update the PKDKF1 function to only use 5 iteration for the NEK. * Change a function name to use the real name. git-svn-id: svn+ssh://pessac/svn/cesar/trunk@4754 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cesar/cp')
-rw-r--r--cesar/cp/cco/action/src/cco_action.c2
-rw-r--r--cesar/cp/cco/action/test/src/action_gen_nek.c4
-rw-r--r--cesar/cp/cco/action/test/src/secu_stub.c2
-rw-r--r--cesar/cp/secu/defs.h3
-rw-r--r--cesar/cp/secu/pbkdf1.h5
-rw-r--r--cesar/cp/secu/secu.h7
-rw-r--r--cesar/cp/secu/src/pbkdf1.c61
-rw-r--r--cesar/cp/secu/src/secu.c11
-rw-r--r--cesar/cp/secu/stub/src/secu.c4
-rw-r--r--cesar/cp/secu/test/src/test-aes.c26
-rw-r--r--cesar/cp/secu/test/src/test-nmk.c10
11 files changed, 57 insertions, 78 deletions
diff --git a/cesar/cp/cco/action/src/cco_action.c b/cesar/cp/cco/action/src/cco_action.c
index ee85feedca..863b463fd8 100644
--- a/cesar/cp/cco/action/src/cco_action.c
+++ b/cesar/cp/cco/action/src/cco_action.c
@@ -297,7 +297,7 @@ cp_cco_action_gen_nek (cp_t *ctx)
cp_key_t key;
dbg_assert (ctx);
- cp_secu_aes_generate_key (lib_rnd32 (&ctx->rnd), &key);
+ cp_secu_generate_nek (lib_rnd32 (&ctx->rnd), &key);
cp_beacon_change_nek (ctx, 0, key, true /* now. */);
}
diff --git a/cesar/cp/cco/action/test/src/action_gen_nek.c b/cesar/cp/cco/action/test/src/action_gen_nek.c
index 290a82f064..a3387336e7 100644
--- a/cesar/cp/cco/action/test/src/action_gen_nek.c
+++ b/cesar/cp/cco/action/test/src/action_gen_nek.c
@@ -56,8 +56,8 @@ test_case_gen_nek (test_t test)
test_begin (test, "Verify first shot")
{
uint i;
- uint computed_keys [4] = {0xff56c64f, 0xeb2d0411, 0x8b28d2f2,
- 0xa9272624};
+ uint computed_keys [4] = {0xf48aa84f, 0xb3b084cb, 0xdf36c134,
+ 0xaa4010d2};
cp_cco_action_gen_nek (&cp);
for (i = 0; i < 4; i++)
diff --git a/cesar/cp/cco/action/test/src/secu_stub.c b/cesar/cp/cco/action/test/src/secu_stub.c
index 6e79ee0626..d71e805ae8 100644
--- a/cesar/cp/cco/action/test/src/secu_stub.c
+++ b/cesar/cp/cco/action/test/src/secu_stub.c
@@ -21,7 +21,7 @@
* \param output the key generated.
*/
void
-cp_secu_aes_generate_key (uint num, cp_key_t *output)
+cp_secu_generate_nek (uint num, cp_key_t *output)
{
uint i;
dbg_assert (num);
diff --git a/cesar/cp/secu/defs.h b/cesar/cp/secu/defs.h
index a629d02c6f..d5c1fe61a4 100644
--- a/cesar/cp/secu/defs.h
+++ b/cesar/cp/secu/defs.h
@@ -32,6 +32,9 @@
/** PBKDF1 iteration for NID. */
#define CP_SECU_PBKDF1_ITERATION_NID 5
+/** PBKDF1 iteration for NEK . */
+#define CP_SECU_PBKDF1_ITERATION_NEK 5
+
/** AES Size. */
#define CP_SECU_AES_SIZE 16
diff --git a/cesar/cp/secu/pbkdf1.h b/cesar/cp/secu/pbkdf1.h
index a279fb7a09..ee25735429 100644
--- a/cesar/cp/secu/pbkdf1.h
+++ b/cesar/cp/secu/pbkdf1.h
@@ -17,8 +17,8 @@ enum cp_secu_salt_kind_t
{
CP_SECU_SALT_KEY_DAK,
CP_SECU_SALT_KEY_NMK_HS,
- CP_SECU_SALT_KEY_NID,
CP_SECU_SALT_SPIDCOM,
+ CP_SECU_SALT_NONE,
CP_SECU_SALT_KEY_NB
};
typedef enum cp_secu_salt_kind_t cp_secu_salt_kind_t;
@@ -36,6 +36,7 @@ typedef enum cp_secu_salt_kind_t cp_secu_salt_kind_t;
void
cp_secu_pbkdf1 (const u8 input[], const uint input_length,
u8 *output, uint output_length,
- cp_secu_salt_kind_t salt);
+ cp_secu_salt_kind_t salt,
+ uint iteration);
#endif /* CP2_SECU_PBKDF1_H_ */
diff --git a/cesar/cp/secu/secu.h b/cesar/cp/secu/secu.h
index a6ac049fc9..03b1c6dba4 100644
--- a/cesar/cp/secu/secu.h
+++ b/cesar/cp/secu/secu.h
@@ -17,6 +17,7 @@
#include "lib/swap.h"
#include "cp/types.h"
+#include "cp/secu/defs.h"
#include "cp/secu/pbkdf1.h"
#include "cp/secu/inc/openssl_aes.h"
#include "string.h"
@@ -106,12 +107,12 @@ void
cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last);
/**
- * Generate an AES key.
+ * Generate the NEK.
* \param num a random number.
* \param output the generated key.
*/
void
-cp_secu_aes_generate_key (uint num, cp_key_t *output_key);
+cp_secu_generate_nek (uint num, cp_key_t *output_key);
/**
* Generate the keys
@@ -132,7 +133,7 @@ cp_secu_generate_keys (const u8 *buffer, uint length,
dbg_assert (salt < CP_SECU_SALT_KEY_NB);
cp_secu_pbkdf1 (buffer, length, output, sizeof(output),
- salt);
+ salt, CP_SECU_PBKDF1_ITERATION);
#if DEFS_BIG_ENDIAN
GET_UINT32 (keys.key[0], output, 0);
diff --git a/cesar/cp/secu/src/pbkdf1.c b/cesar/cp/secu/src/pbkdf1.c
index d3ef374a03..1f24d6243c 100644
--- a/cesar/cp/secu/src/pbkdf1.c
+++ b/cesar/cp/secu/src/pbkdf1.c
@@ -66,46 +66,45 @@ secu_pbkdf1 (const u8 input[], const uint input_length,
void
cp_secu_pbkdf1 (const u8 input[], const uint input_length,
u8 *output, uint output_length,
- cp_secu_salt_kind_t salt_index)
+ cp_secu_salt_kind_t salt_index,
+ uint iteration)
{
+ u8 *pbkdf1;
/* Check parameters. */
dbg_assert (input);
dbg_assert (input_length);
dbg_assert (output);
+ dbg_assert (salt_index < CP_SECU_SALT_KEY_NB);
- if (salt_index != CP_SECU_SALT_KEY_NID)
- {
- /* The salt to use for the PBKDF1 function. */
- u8 salt[CP_SECU_SALT_SIZE] = {0x08, 0x85, 0x6d, 0xaf, 0x7c, 0xf5,
- 0x81, 0x00};
-
- switch (salt_index)
- {
- case CP_SECU_SALT_KEY_DAK:
- salt[7] = 0x85;
- break;
- case CP_SECU_SALT_KEY_NMK_HS:
- salt[7] = 0x86;
- break;
- case CP_SECU_SALT_SPIDCOM:
- salt[0] += 2;
- salt[4] = 0xA2;
- break;
- default:
- /* Unsupported value. */
- dbg_assert_default ();
- }
+ /* The salt to use for the PBKDF1 function. */
+ u8 salt[CP_SECU_SALT_SIZE] = {0x08, 0x85, 0x6d, 0xaf, 0x7c, 0xf5,
+ 0x81, 0x00};
- secu_pbkdf1 (input, input_length,
- salt, CP_SECU_PBKDF1_ITERATION,
- output, output_length);
- }
- else
+ switch (salt_index)
{
- secu_pbkdf1 (input, input_length,
- NULL, CP_SECU_PBKDF1_ITERATION_NID,
- output, output_length);
+ case CP_SECU_SALT_KEY_DAK:
+ salt[7] = 0x85;
+ pbkdf1 = salt;
+ break;
+ case CP_SECU_SALT_KEY_NMK_HS:
+ salt[7] = 0x86;
+ pbkdf1 = salt;
+ break;
+ case CP_SECU_SALT_SPIDCOM:
+ salt[0] += 2;
+ salt[4] = 0xA2;
+ pbkdf1 = salt;
+ break;
+ case CP_SECU_SALT_NONE:
+ pbkdf1 = NULL;
+ break;
+ default:
+ /* Unsupported value. */
+ dbg_assert_default ();
}
+ secu_pbkdf1 (input, input_length,
+ pbkdf1, iteration,
+ output, output_length);
}
diff --git a/cesar/cp/secu/src/secu.c b/cesar/cp/secu/src/secu.c
index 0e0004d3d0..0a04a96a3f 100644
--- a/cesar/cp/secu/src/secu.c
+++ b/cesar/cp/secu/src/secu.c
@@ -100,7 +100,7 @@ cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last)
}
void
-cp_secu_aes_generate_key (const uint num, cp_key_t *output)
+cp_secu_generate_nek (const uint num, cp_key_t *output)
{
u8 input[4];
u8 buffer[sizeof(cp_key_t)];
@@ -112,7 +112,8 @@ cp_secu_aes_generate_key (const uint num, cp_key_t *output)
/* Call the real function to generate an AES key. */
cp_secu_pbkdf1 (input, sizeof (input),
buffer , sizeof(buffer),
- CP_SECU_SALT_SPIDCOM);
+ CP_SECU_SALT_SPIDCOM,
+ CP_SECU_PBKDF1_ITERATION_NEK);
GET_UINT32 (output->key[0], buffer, 0);
GET_UINT32 (output->key[1], buffer, 4);
@@ -141,7 +142,7 @@ cp_secu_nmk2nid(const cp_key_t nmk, const u8 security_level)
PUT_UINT32(nmk.key[3], input, 12);
cp_secu_pbkdf1 (input, sizeof (cp_key_t), output, CP_NID_SIZE,
- CP_SECU_SALT_KEY_NID);
+ CP_SECU_SALT_NONE, CP_SECU_PBKDF1_ITERATION_NID);
output[CP_NID_SIZE-1] = output[CP_NID_SIZE-1] >> 4;
uint w1, w2;
@@ -197,7 +198,7 @@ cp_secu_generate_hash (const u32 seed, u8 *hash, const uint hash_length)
cp_secu_pbkdf1 ((u8 *) &seed, sizeof (seed),
&hash[compt * CP_SECU_OUTPUT_KEY_SIZE],
CP_SECU_OUTPUT_KEY_SIZE,
- CP_SECU_SALT_SPIDCOM);
+ CP_SECU_SALT_SPIDCOM, CP_SECU_PBKDF1_ITERATION);
}
/* Check if last part is not enought for CP_SECU_OUTPUT_KEY_SIZE. */
uint modulo = hash_length % CP_SECU_OUTPUT_KEY_SIZE;
@@ -206,7 +207,7 @@ cp_secu_generate_hash (const u32 seed, u8 *hash, const uint hash_length)
cp_secu_pbkdf1 ((u8 *) &seed, sizeof (seed),
&hash[iteration * CP_SECU_OUTPUT_KEY_SIZE],
modulo,
- CP_SECU_SALT_SPIDCOM);
+ CP_SECU_SALT_SPIDCOM, CP_SECU_PBKDF1_ITERATION);
}
}
diff --git a/cesar/cp/secu/stub/src/secu.c b/cesar/cp/secu/stub/src/secu.c
index c4b5ea77f0..31cb3c7fe9 100644
--- a/cesar/cp/secu/stub/src/secu.c
+++ b/cesar/cp/secu/stub/src/secu.c
@@ -27,7 +27,7 @@ void
cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last) __attribute__((weak));
void
-cp_secu_aes_generate_key (uint num, cp_key_t *output) __attribute__((weak));
+cp_secu_generate_nek (uint num, cp_key_t *output) __attribute__((weak));
cp_nid_t
cp_secu_nmk2nid(cp_key_t nmk, u8 security_level) __attribute__((weak));
@@ -47,7 +47,7 @@ void
cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last) {}
void
-cp_secu_aes_generate_key (uint num, cp_key_t *output) {}
+cp_secu_generate_nek (uint num, cp_key_t *output) {}
cp_nid_t
cp_secu_nmk2nid(cp_key_t nmk, u8 security_level)
diff --git a/cesar/cp/secu/test/src/test-aes.c b/cesar/cp/secu/test/src/test-aes.c
index 325b4c6213..26696a5edc 100644
--- a/cesar/cp/secu/test/src/test-aes.c
+++ b/cesar/cp/secu/test/src/test-aes.c
@@ -245,31 +245,6 @@ test_case_cp_secu_aes_crypt (test_t test)
}
void
-test_case_cp_secu_aes_gen_key (test_t test)
-{
- test_case_begin (test, "Generation of keys");
-
- test_begin (test, "AES")
- {
- cp_key_t output = {{ 0x1, 0x2, 0x3, 0x4 }};
- cp_key_t key = {{ 0xFF42, 0x42FF, 0x4FF2, 0xF42F }};
-
- cp_secu_aes_generate_key (0x12345, &output);
- cp_secu_aes_generate_key (0x12345, &key);
-
- test_fail_unless (bitstream_direct_read (output.key, 0, 32) ==
- key.key[0]);
- test_fail_unless (bitstream_direct_read (output.key, 32, 32) ==
- key.key[1]);
- test_fail_unless (bitstream_direct_read (output.key, 64, 32) ==
- key.key[2]);
- test_fail_unless (bitstream_direct_read (output.key, 96, 32) ==
- key.key[3]);
- }
- test_end;
-}
-
-void
test_case_cp_secu_aes_pbb (test_t test)
{
uint i;
@@ -297,7 +272,6 @@ main (void)
test_case_cp_secu_aes (test);
test_case_cp_secu_aes_in_one_buffer (test);
test_case_cp_secu_aes_crypt (test);
- test_case_cp_secu_aes_gen_key (test);
test_case_cp_secu_aes_pbb (test);
test_result (test);
diff --git a/cesar/cp/secu/test/src/test-nmk.c b/cesar/cp/secu/test/src/test-nmk.c
index c8d8b0a491..4c5a80ccec 100644
--- a/cesar/cp/secu/test/src/test-nmk.c
+++ b/cesar/cp/secu/test/src/test-nmk.c
@@ -163,12 +163,12 @@ test_case_nek_generation (test_t test)
{
cp_key_t output;
- cp_secu_aes_generate_key (0x12345678, &output);
+ cp_secu_generate_nek (0x12345678, &output);
- test_fail_unless (output.key[0] == 0x652c25a8);
- test_fail_unless (output.key[1] == 0x5699ff58);
- test_fail_unless (output.key[2] == 0x3a9fa973);
- test_fail_unless (output.key[3] == 0xd01b60ec);
+ test_fail_unless (output.key[0] == 0xcb268d65);
+ test_fail_unless (output.key[1] == 0x5117d2d0);
+ test_fail_unless (output.key[2] == 0xdf639617);
+ test_fail_unless (output.key[3] == 0x130f3722);
}
test_end;
}