From 7ea3c3aaa11fa1e90fabb752f927b73fabaa32db Mon Sep 17 00:00:00 2001 From: laranjeiro Date: Mon, 8 Jun 2009 08:22:53 +0000 Subject: *cp/secu, cp/cco/action: * Update the PKDKF1 function to only use 5 iteration for the NEK. * Change a function name to use the real name. git-svn-id: svn+ssh://pessac/svn/cesar/trunk@4754 017c9cb6-072f-447c-8318-d5b54f68fe89 --- cesar/cp/secu/src/pbkdf1.c | 61 +++++++++++++++++++++++----------------------- cesar/cp/secu/src/secu.c | 11 +++++---- 2 files changed, 36 insertions(+), 36 deletions(-) (limited to 'cesar/cp/secu/src') diff --git a/cesar/cp/secu/src/pbkdf1.c b/cesar/cp/secu/src/pbkdf1.c index d3ef374a03..1f24d6243c 100644 --- a/cesar/cp/secu/src/pbkdf1.c +++ b/cesar/cp/secu/src/pbkdf1.c @@ -66,46 +66,45 @@ secu_pbkdf1 (const u8 input[], const uint input_length, void cp_secu_pbkdf1 (const u8 input[], const uint input_length, u8 *output, uint output_length, - cp_secu_salt_kind_t salt_index) + cp_secu_salt_kind_t salt_index, + uint iteration) { + u8 *pbkdf1; /* Check parameters. */ dbg_assert (input); dbg_assert (input_length); dbg_assert (output); + dbg_assert (salt_index < CP_SECU_SALT_KEY_NB); - if (salt_index != CP_SECU_SALT_KEY_NID) - { - /* The salt to use for the PBKDF1 function. */ - u8 salt[CP_SECU_SALT_SIZE] = {0x08, 0x85, 0x6d, 0xaf, 0x7c, 0xf5, - 0x81, 0x00}; - - switch (salt_index) - { - case CP_SECU_SALT_KEY_DAK: - salt[7] = 0x85; - break; - case CP_SECU_SALT_KEY_NMK_HS: - salt[7] = 0x86; - break; - case CP_SECU_SALT_SPIDCOM: - salt[0] += 2; - salt[4] = 0xA2; - break; - default: - /* Unsupported value. */ - dbg_assert_default (); - } + /* The salt to use for the PBKDF1 function. */ + u8 salt[CP_SECU_SALT_SIZE] = {0x08, 0x85, 0x6d, 0xaf, 0x7c, 0xf5, + 0x81, 0x00}; - secu_pbkdf1 (input, input_length, - salt, CP_SECU_PBKDF1_ITERATION, - output, output_length); - } - else + switch (salt_index) { - secu_pbkdf1 (input, input_length, - NULL, CP_SECU_PBKDF1_ITERATION_NID, - output, output_length); + case CP_SECU_SALT_KEY_DAK: + salt[7] = 0x85; + pbkdf1 = salt; + break; + case CP_SECU_SALT_KEY_NMK_HS: + salt[7] = 0x86; + pbkdf1 = salt; + break; + case CP_SECU_SALT_SPIDCOM: + salt[0] += 2; + salt[4] = 0xA2; + pbkdf1 = salt; + break; + case CP_SECU_SALT_NONE: + pbkdf1 = NULL; + break; + default: + /* Unsupported value. */ + dbg_assert_default (); } + secu_pbkdf1 (input, input_length, + pbkdf1, iteration, + output, output_length); } diff --git a/cesar/cp/secu/src/secu.c b/cesar/cp/secu/src/secu.c index 0e0004d3d0..0a04a96a3f 100644 --- a/cesar/cp/secu/src/secu.c +++ b/cesar/cp/secu/src/secu.c @@ -100,7 +100,7 @@ cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last) } void -cp_secu_aes_generate_key (const uint num, cp_key_t *output) +cp_secu_generate_nek (const uint num, cp_key_t *output) { u8 input[4]; u8 buffer[sizeof(cp_key_t)]; @@ -112,7 +112,8 @@ cp_secu_aes_generate_key (const uint num, cp_key_t *output) /* Call the real function to generate an AES key. */ cp_secu_pbkdf1 (input, sizeof (input), buffer , sizeof(buffer), - CP_SECU_SALT_SPIDCOM); + CP_SECU_SALT_SPIDCOM, + CP_SECU_PBKDF1_ITERATION_NEK); GET_UINT32 (output->key[0], buffer, 0); GET_UINT32 (output->key[1], buffer, 4); @@ -141,7 +142,7 @@ cp_secu_nmk2nid(const cp_key_t nmk, const u8 security_level) PUT_UINT32(nmk.key[3], input, 12); cp_secu_pbkdf1 (input, sizeof (cp_key_t), output, CP_NID_SIZE, - CP_SECU_SALT_KEY_NID); + CP_SECU_SALT_NONE, CP_SECU_PBKDF1_ITERATION_NID); output[CP_NID_SIZE-1] = output[CP_NID_SIZE-1] >> 4; uint w1, w2; @@ -197,7 +198,7 @@ cp_secu_generate_hash (const u32 seed, u8 *hash, const uint hash_length) cp_secu_pbkdf1 ((u8 *) &seed, sizeof (seed), &hash[compt * CP_SECU_OUTPUT_KEY_SIZE], CP_SECU_OUTPUT_KEY_SIZE, - CP_SECU_SALT_SPIDCOM); + CP_SECU_SALT_SPIDCOM, CP_SECU_PBKDF1_ITERATION); } /* Check if last part is not enought for CP_SECU_OUTPUT_KEY_SIZE. */ uint modulo = hash_length % CP_SECU_OUTPUT_KEY_SIZE; @@ -206,7 +207,7 @@ cp_secu_generate_hash (const u32 seed, u8 *hash, const uint hash_length) cp_secu_pbkdf1 ((u8 *) &seed, sizeof (seed), &hash[iteration * CP_SECU_OUTPUT_KEY_SIZE], modulo, - CP_SECU_SALT_SPIDCOM); + CP_SECU_SALT_SPIDCOM, CP_SECU_PBKDF1_ITERATION); } } -- cgit v1.2.3