From 9ad007ce7b5ae0494f734397c821d83f3c618d36 Mon Sep 17 00:00:00 2001 From: laranjeiro Date: Wed, 18 Jun 2008 15:06:47 +0000 Subject: cp2/secu : Added and tested the pbkdf1. git-svn-id: svn+ssh://pessac/svn/cesar/trunk@2378 017c9cb6-072f-447c-8318-d5b54f68fe89 --- cesar/common/tests/tests | 1 + cesar/cp2/secu/Module | 2 +- cesar/cp2/secu/defs.h | 32 +++++++++++ cesar/cp2/secu/inc/pbkdf1.h | 29 ++++++++++ cesar/cp2/secu/pbkdf1.h | 32 +++++++++++ cesar/cp2/secu/secu.h | 50 +---------------- cesar/cp2/secu/src/pbkdf1.c | 100 ++++++++++++++++++++++++++++++++++ cesar/cp2/secu/test/host-Makefile | 5 +- cesar/cp2/secu/test/sparc-Makefile | 9 ++- cesar/cp2/secu/test/src/test-pbkdf1.c | 65 ++++++++++++++++++++++ 10 files changed, 275 insertions(+), 50 deletions(-) create mode 100644 cesar/cp2/secu/defs.h create mode 100644 cesar/cp2/secu/inc/pbkdf1.h create mode 100644 cesar/cp2/secu/pbkdf1.h create mode 100644 cesar/cp2/secu/src/pbkdf1.c create mode 100644 cesar/cp2/secu/test/src/test-pbkdf1.c (limited to 'cesar') diff --git a/cesar/common/tests/tests b/cesar/common/tests/tests index 8df5c669cd..ddee1f743a 100644 --- a/cesar/common/tests/tests +++ b/cesar/common/tests/tests @@ -366,3 +366,4 @@ cp2/secu/test: make: make -f host-Makefile sha256: ./obj/host/test-sha2 aes128: ./obj/host/test-aes +pbkdf1: ./obj/host/test-pbkdf1 diff --git a/cesar/cp2/secu/Module b/cesar/cp2/secu/Module index 4b788b89de..7618d9c16f 100644 --- a/cesar/cp2/secu/Module +++ b/cesar/cp2/secu/Module @@ -1 +1 @@ -SOURCES := sha256.c aes.c +SOURCES := sha256.c aes.c pbkdf1.c diff --git a/cesar/cp2/secu/defs.h b/cesar/cp2/secu/defs.h new file mode 100644 index 0000000000..7a39ee7900 --- /dev/null +++ b/cesar/cp2/secu/defs.h @@ -0,0 +1,32 @@ +#ifndef cp2_secu_defs_h +#define cp2_secu_defs_h +/* Cesar project {{{ + * + * Copyright (C) 2008 Spidcom + * + * <<>> + * + * }}} */ +/** + * \file cp2/secu/defs.h + * \brief Length definitions for the security module. + * \ingroup cp2_secu + * + */ + +/** MAX PASSWORD SIZE. */ +#define CP_SECU_PWD_SIZE_MAX 64 + +/** Salt size. */ +#define CP_SECU_SALT_SIZE 8 + +/** SHA 256 output size. */ +#define CP_SECU_SHA256_OUTPUT_SIZE 32 + +/** pbkdf1 generated key size */ +#define CP_SECU_OUTPUT_KEY_SIZE 16 + +/** PBKDF1 itreration. */ +#define CP_SECU_PBKDF1_ITERATION 1000 + +#endif /* cp2_secu_defs_h */ diff --git a/cesar/cp2/secu/inc/pbkdf1.h b/cesar/cp2/secu/inc/pbkdf1.h new file mode 100644 index 0000000000..6ab46c6283 --- /dev/null +++ b/cesar/cp2/secu/inc/pbkdf1.h @@ -0,0 +1,29 @@ +#ifndef cp2_secu_inc_pbkdf1_h +#define cp2_secu_inc_pbkdf1_h +/* Cesar project {{{ + * + * Copyright (C) 2008 Spidcom + * + * <<>> + * + * }}} */ +/** + * \file cp2/secu/inc/pbkdf1.h + * \brief PBKDF1 function. + * \ingroup cp2_secu + * + */ + +/** + * pbkdf1 + * \param input the input data to hash (can be a clear ascii password) + * \param input_len length of input + * \param salt salt to apply to input data + * \param salt_len length of salt + * \param it_count iteration number for the hash function + */ +void +secu_pbkdf1 (u8 buffer[], uint length, u8 salt[], + uint salt_len, uint it_count); + +#endif /* cp2_secu_inc_pbkdf1_h */ diff --git a/cesar/cp2/secu/pbkdf1.h b/cesar/cp2/secu/pbkdf1.h new file mode 100644 index 0000000000..f1d6c1fca0 --- /dev/null +++ b/cesar/cp2/secu/pbkdf1.h @@ -0,0 +1,32 @@ +#ifndef CP2_SECU_PBKDF1_H_ +#define CP2_SECU_PBKDF1_H_ +/* Cesar project {{{ + * + * Copyright (C) 2008 Spidcom + * + * <<>> + * + * }}} */ +/** + * \file cp2/secu/pbkdf1.h + * \brief Fonction PBKDF1. + * \ingroup cp_secu + */ + +enum cp_secu_salt_kind_t +{ + CP_SECU_SALT_KEY_DAK, + CP_SECU_SALT_KEY_NMK_HS, + CP_SECU_SALT_KEY_NB +}; +typedef enum cp_secu_salt_kind_t cp_secu_salt_kind_t; + +/** + * PBKDF1 functions for the Secu module. + * \param buffer the input buffer. + * \param key key kind. + */ +void +cp_secu_pbkdf1 (u8 *buffer, cp_secu_salt_kind_t key); + +#endif /* CP2_SECU_PBKDF1_H_ */ diff --git a/cesar/cp2/secu/secu.h b/cesar/cp2/secu/secu.h index 94a001ce5c..83f0201991 100644 --- a/cesar/cp2/secu/secu.h +++ b/cesar/cp2/secu/secu.h @@ -82,50 +82,6 @@ cp_secu_protocol_next (cp_secu_protocol_run_t *prun, bool last); #if 0 -/** - * AES-CBC buffer encryption. - * - * \param ctx AES context - * \param iv initialization vector (modified after use) (16 bytes) - * \param input buffer holding the plaintext - * \param output buffer holding the ciphertext - * \param len length of the data to be encrypted - */ -void -cp_secu_aes_cbc_encrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len); -/** - * AES-CBC buffer decryption. - * - * \param ctx AES context - * \param iv initialization vector (modified after use) - * \param input buffer holding the ciphertext - * \param output buffer holding the plaintext - * \param len length of the data to be decrypted - */ -void -cp_secu_aes_cbc_decrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len); - -/** - * set AES key. - * - * \param ctx AES context to be initialized - * \param key the secret key - * \param keysize must be 128, 192 or 256 bits long - */ -void -cp_secu_aes_set_key (aes_context *ctx, unsigned char *key, int keysize); - -/** - * Output = SHA-256( input buffer ). - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-224/256 checksum result size is SHA256OutputSize bytes - * \param is224 0 = use SHA256, 1 = use SHA224 - */ -void -cp_secu_sha2 (unsigned char *input, int ilen, unsigned char *output, int is224); - /** * pbkdf1 function * \param input the input data to hash (can be a clear ascii password) @@ -136,15 +92,15 @@ cp_secu_sha2 (unsigned char *input, int ilen, unsigned char *output, int is224); * \param output_key result of hash * \return error code or 0 if success */ -cp_secu_error_t +cp_secu_error_t cp_secu_pbkdf1 (u8 input[], int input_len, u8 salt[], int salt_len, int it_count, u8 output_key[]); /** * generate AES key (NEK, NMK or TEK). - * \param + * \param * \return the AES key - * + * * see 7.10.7.2 for details */ void diff --git a/cesar/cp2/secu/src/pbkdf1.c b/cesar/cp2/secu/src/pbkdf1.c new file mode 100644 index 0000000000..2b1b2bb80e --- /dev/null +++ b/cesar/cp2/secu/src/pbkdf1.c @@ -0,0 +1,100 @@ +/* Cesar project {{{ + * + * Copyright (C) 2008 Spidcom + * + * <<>> + * + * }}} */ +/** + * \file cp2/secu/secu_pbkdf1.c + * \brief The pbkdf1 function + * \ingroup cp_secu + */ +#include + +#include "common/std.h" +#include "cp2/secu/defs.h" + +#include "cp2/secu/sha256.h" +#include "cp2/secu/pbkdf1.h" + + +#include "cp2/secu/inc/pbkdf1.h" + +void +secu_pbkdf1 (u8 buffer[], uint length, u8 salt[], uint salt_len, + uint it_count) +{ + + u8 dk[CP_SECU_PWD_SIZE_MAX + CP_SECU_SALT_SIZE] = ""; + uint dp_size, i; + + dbg_assert (buffer); + dbg_assert (salt); + /* + * Copy input to DK (max size cannot be greater than DK buffer) + */ + for (dp_size = 0; (dp_size < length) + && (dp_size < CP_SECU_PWD_SIZE_MAX); dp_size++) + { + dk[dp_size] = buffer[dp_size]; + } + + /* + * Concatenate salt with input on DK and count total input size + */ + for (i=0 ; i < salt_len ; i++) + { + dk[dp_size+i] = salt[i]; + } + dp_size += salt_len; + + /* + * compute the following iterations + */ + for(i=0 ; i < it_count ; i++) + { + cp_secu_sha256 (dk); + } + + memcpy (buffer, dk, CP_SECU_OUTPUT_KEY_SIZE); +} + +/** + * PBKDF1 functions for the Secu module. + * \param buffer the input buffer. + * \param key key kind. + */ +void +cp_secu_pbkdf1 (u8 *buffer, cp_secu_salt_kind_t key) +{ + u8 salt [CP_SECU_SALT_SIZE]; + + dbg_assert (buffer); + dbg_assert (key < CP_SECU_SALT_KEY_NB); + + salt[0] = 0x08; + salt[1] = 0x85; + salt[2] = 0x6D; + salt[3] = 0xAF; + salt[4] = 0x7C; + salt[5] = 0xF5; + salt[6] = 0x81; + + + switch (key) + { + case CP_SECU_SALT_KEY_DAK: + salt[7] = 0x85; + break; + case CP_SECU_SALT_KEY_NMK_HS: + salt[7] = 0x86; + break; + default: + dbg_assert (false); + } + + secu_pbkdf1 (buffer, strlen((char*) buffer), salt, CP_SECU_SALT_SIZE, + CP_SECU_PBKDF1_ITERATION); +} + diff --git a/cesar/cp2/secu/test/host-Makefile b/cesar/cp2/secu/test/host-Makefile index ea48fcf8ad..ec931d36ee 100644 --- a/cesar/cp2/secu/test/host-Makefile +++ b/cesar/cp2/secu/test/host-Makefile @@ -1,6 +1,6 @@ BASE = ../../.. -HOST_PROGRAMS = test-sha2 test-aes +HOST_PROGRAMS = test-sha2 test-aes test-pbkdf1 test-sha2_SOURCES = test-sha2.c test-sha2_MODULES = lib cp2/secu @@ -8,6 +8,9 @@ test-sha2_MODULES = lib cp2/secu test-aes_SOURCES = test-aes.c test-aes_MODULES = lib cp2/secu +test-pbkdf1_SOURCES = test-pbkdf1.c +test-pbkdf1_MODULES = lib cp2/secu + VARIANT = host include $(BASE)/common/make/top.mk diff --git a/cesar/cp2/secu/test/sparc-Makefile b/cesar/cp2/secu/test/sparc-Makefile index 6c54b9b289..64521960e1 100644 --- a/cesar/cp2/secu/test/sparc-Makefile +++ b/cesar/cp2/secu/test/sparc-Makefile @@ -3,10 +3,17 @@ BASE = ../../.. TARGET = sparc ECOS = y -TARGET_PROGRAMS = test-sha2 +TARGET_PROGRAMS = test-sha2 test-aes test-pbkdf1 test-sha2_SOURCES = test-sha2.c test-sha2_MODULES = lib cp2/secu +test-aes_SOURCES = test-aes.c +test-aes_MODULES = lib cp2/secu + +test-pbkdf1_SOURCES = test-pbkdf1.c +test-pbkdf1_MODULES = lib cp2/secu + + VARIANT = sparc include $(BASE)/common/make/top.mk diff --git a/cesar/cp2/secu/test/src/test-pbkdf1.c b/cesar/cp2/secu/test/src/test-pbkdf1.c new file mode 100644 index 0000000000..e069ba80b2 --- /dev/null +++ b/cesar/cp2/secu/test/src/test-pbkdf1.c @@ -0,0 +1,65 @@ +/* Cesar project {{{ + * + * Copyright (C) 2008 Spidcom + * + * <<>> + * + * }}} */ +/** + * \file src/test-pbkdf1.c + * \brief Test pbkdf1 functions. + * \ingroup cp2_secu + * + */ +#include "common/std.h" +#include "string.h" + +#include "lib/test.h" +#include "cp2/secu/defs.h" +#include "cp2/secu/pbkdf1.h" +#include "cp2/secu/sha256.h" + +void +test_case_pbkdf1 (test_t test) +{ + uint i; + + u8 buffer [128] __attribute__((aligned(128))) = "HOMEPLUG_AV123\0"; + u8 result [128] __attribute__((aligned(128))) = "HOMEPLUG_AV123\0"; + + result[14] = 0x08; + result[15] = 0x85; + result[16] = 0x6D; + result[17] = 0xAF; + result[18] = 0x7C; + result[19] = 0xF5; + result[20] = 0x81; + result[21] = 0x86; + + for (i = 0; i < 1000; i++) + { + cp_secu_sha256(result); + } + + cp_secu_pbkdf1 (buffer, CP_SECU_SALT_KEY_NMK_HS); + + test_begin (test, "PBKDF1") + { + test_fail_if (memcmp (buffer, result, CP_SECU_OUTPUT_KEY_SIZE) != 0, + "Wrong Hash"); + } + test_end; +} + +int +main (void) +{ + test_t test; + + test_init (test, 0, NULL); + + test_case_pbkdf1 (test); + + test_result (test); + return test_nb_failed (test) == 0 ? 0 : 1; +} -- cgit v1.2.3