summaryrefslogtreecommitdiff
path: root/cp/secu
diff options
context:
space:
mode:
authorchertier2008-01-18 11:21:31 +0000
committerchertier2008-01-18 11:21:31 +0000
commitc41961d4d4f027d152a6108c9bc4a1c4dea3d23b (patch)
tree06d594900f461dd43598287bf970531d8b1edcc1 /cp/secu
parenta51431220fda9b91b8fad6a7a19952c5baaa6634 (diff)
updating the secu module:
- adding secu_npw2nmk() and secu_nmk2nid() functions - adding element for NPW in array for secu_hash() function - minor rewrite of secu_pbkdf1() functions git-svn-id: svn+ssh://pessac/svn/cesar/trunk@1290 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cp/secu')
-rw-r--r--cp/secu/secu.h19
-rw-r--r--cp/secu/src/secu_lib.c45
-rw-r--r--cp/secu/src/secu_pbkdf1.c2
3 files changed, 61 insertions, 5 deletions
diff --git a/cp/secu/secu.h b/cp/secu/secu.h
index b2cd417dfe..69b96bd8f4 100644
--- a/cp/secu/secu.h
+++ b/cp/secu/secu.h
@@ -59,5 +59,24 @@ void
secu_set_sta_s_dak(const tei_t, const aes_key_t dak);
+/*
+ * Hash a 128 bits NMK key to generate a 54 bits NID
+ * conforming to the security level specified.
+ * \param nmk, the NMK buffer pointer (input)
+ * \param security_level, the station security-level
+ * \param nid, the NID buffer pointer (output)
+ * \return E_ErrCode, return code (0 if success)
+ */
+E_ErrCode secu_nmk2nid(u8 *nmk, u8 security_level, u8 *nid);
+
+/*
+ * Hash a NPW password (1 to 64 chars in the 0x20-0x7F standard ASCII interval)
+ * to generate a 16 octets (128 bits) NMK key.
+ * \param npw,the NPW buffer pointer (input)
+ * \param nmk, the NMK buffer pointer (output)
+ * \return E_ErrCode, return code (0 if success)
+ */
+E_ErrCode secu_npw2nmk(char *npw, u8 *nmk);
+
#endif
diff --git a/cp/secu/src/secu_lib.c b/cp/secu/src/secu_lib.c
index 54d6c9a8d7..109445c9cf 100644
--- a/cp/secu/src/secu_lib.c
+++ b/cp/secu/src/secu_lib.c
@@ -69,10 +69,11 @@ secu_hash (pwd_type_t pwd_type, u8 in[], u8 out[])
u8 str[OUTPUT_KEY_SIZE];
struct pbkdf1_params_t pbkdf1params[] =
{
- { { 0x08, 0x85, 0x6D, 0xAF, 0x7C, 0xF5, 0x81, 0x85 }, 999, 16 }, // obtenir DAK depuis DPW (7.10.7.1)
- { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 4, NID_SIZE }, // obtenir NID depuis NMK (4.4.3.1)
- { { 0x08, 0x85, 0x6D, 0xAF, 0x7C, 0xF5, 0x81, 0x86 }, 999, 16 }, // obtenir NMK-HS (7.10.7.1)
- { { 0x58, 0x56, 0x52, 0xf6, 0x9c, 0x04, 0xb5, 0x72 }, 999, 16 } // Test
+ { { 0x08, 0x85, 0x6D, 0xAF, 0x7C, 0xF5, 0x81, 0x85 }, 1000, 16 }, // obtenir DAK depuis DPW (7.10.7.1)
+ { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 5, NID_SIZE }, // obtenir "NID offset" depuis NMK (4.4.3.1)
+ { { 0x08, 0x85, 0x6D, 0xAF, 0x7C, 0xF5, 0x81, 0x86 }, 1000, 16 }, // obtenir NMK-HS (7.10.7.1)
+ { { 0x58, 0x56, 0x52, 0xf6, 0x9c, 0x04, 0xb5, 0x72 }, 1000, 16 }, // Test
+ { { 0x08, 0x85, 0x6D, 0xAF, 0x7C, 0xF5, 0x81, 0x86 }, 1000, 16 } // obtenir NMK depuis NPW
};
#ifdef DEBUG
uint i;
@@ -146,3 +147,39 @@ secu_set_sta_s_dak(const tei_t tei, const aes_key_t dak)
dbg_assert(tei != 0 && tei != 0xFF);
memcpy(m_dak[tei], dak, sizeof(m_dak[0]));
}
+
+E_ErrCode secu_nmk2nid(u8 *nmk, u8 security_level, u8 *nid)
+{
+ E_ErrCode ret;
+ u8 nid_offset[NID_SIZE] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+
+ dbg_assert (nmk);
+ dbg_assert (nid);
+ dbg_assert (security_level <= 2); /* supported security-levels = 0, 1 or 2 */
+
+ /* generate NID offset value (52 bits) from NMK */
+ ret = secu_hash(PWD_NMK, nmk, nid_offset);
+ if (ret == Success)
+ {
+ /*
+ * TODO : combine the NID offset (52 bits) and Security Level (2 bits) together
+ * to form the NID value (54 bits)
+ */
+ }
+
+ return ret;
+}
+
+E_ErrCode secu_npw2nmk(char *npw, u8 *nmk)
+{
+ E_ErrCode ret;
+
+ dbg_assert (npw);
+ dbg_assert (nmk);
+
+ /* generate default NMK key from NPW password */
+ ret = secu_hash(PWD_NPW, (u8*)npw, nmk);
+
+ return ret;
+}
+
diff --git a/cp/secu/src/secu_pbkdf1.c b/cp/secu/src/secu_pbkdf1.c
index 739e0ded21..0eb7145758 100644
--- a/cp/secu/src/secu_pbkdf1.c
+++ b/cp/secu/src/secu_pbkdf1.c
@@ -77,7 +77,7 @@ secu_pbkdf1 (u8 password[], u8 salt[], int it_count, u8 output_key[])
/*
* compute the following iterations
*/
- for(i=0 ; i < it_count ; i++)
+ for(i=1 ; i < it_count ; i++)
{
memcpy (dk, sha_output, SHA256_OUTPUT_SIZE);
sha2 (dk, SHA256_OUTPUT_SIZE, sha_output, 0);