sha1extra.c File Reference

#include <gpxe/crypto.h>
#include <gpxe/sha1.h>
#include <gpxe/hmac.h>
#include <stdint.h>
#include <byteswap.h>

Go to the source code of this file.

Functions

FILE_LICENCE (GPL2_OR_LATER)

void prf_sha1 (const void *key, size_t key_len, const char *label, const void *data, size_t data_len, void *prf, size_t prf_len)

SHA1 pseudorandom function for creating derived keys.

static void pbkdf2_sha1_f (const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, u32 blocknr, u8 *block)

PBKDF2 key derivation function inner block operation.

void pbkdf2_sha1 (const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, void *key, size_t key_len)

PBKDF2 key derivation function using SHA1.

Function Documentation

FILE_LICENCE ( GPL2_OR_LATER )

void prf_sha1	(	const void *	key,
		size_t	key_len,
		const char *	label,
		const void *	data,
		size_t	data_len,
		void *	prf,
		size_t	prf_len
	)

SHA1 pseudorandom function for creating derived keys.

Parameters:

	key	Master key with which this call is associated
	key_len	Length of key
	label	NUL-terminated ASCII string describing purpose of PRF data
	data	Further data that should be included in the PRF
	data_len	Length of further PRF data
	prf_len	Bytes of PRF to generate

Return values:

prf

Pseudorandom function bytes

This is the PRF variant used by 802.11, defined in IEEE 802.11-2007 8.5.5.1. EAP-FAST uses a different SHA1-based PRF, and TLS uses an MD5-based PRF.

Definition at line 42 of file sha1extra.c.

References hmac_final(), hmac_init(), hmac_update(), memcpy, sha1_algorithm, SHA1_CTX_SIZE, SHA1_SIZE, strlen(), u32, and u8.

Referenced by wpa_derive_ptk().

00044 {
00045         u32 blk;
00046         u8 keym[key_len];       /* modifiable copy of key */
00047         u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */
00048         u8 *in_blknr;           /* pointer to last byte of in, block number */
00049         u8 out[SHA1_SIZE];      /* HMAC-SHA1 result */
00050         u8 sha1_ctx[SHA1_CTX_SIZE]; /* SHA1 context */
00051         const size_t label_len = strlen ( label );
00052 
00053         /* The HMAC-SHA-1 is calculated using the given key on the
00054            message text `label', followed by a NUL, followed by one
00055            byte indicating the block number (0 for first). */
00056 
00057         memcpy ( keym, key, key_len );
00058 
00059         memcpy ( in, label, strlen ( label ) + 1 );
00060         memcpy ( in + label_len + 1, data, data_len );
00061         in_blknr = in + label_len + 1 + data_len;
00062 
00063         for ( blk = 0 ;; blk++ ) {
00064                 *in_blknr = blk;
00065 
00066                 hmac_init ( &sha1_algorithm, sha1_ctx, keym, &key_len );
00067                 hmac_update ( &sha1_algorithm, sha1_ctx, in, sizeof ( in ) );
00068                 hmac_final ( &sha1_algorithm, sha1_ctx, keym, &key_len, out );
00069 
00070                 if ( prf_len <= SHA1_SIZE ) {
00071                         memcpy ( prf, out, prf_len );
00072                         break;
00073                 }
00074 
00075                 memcpy ( prf, out, SHA1_SIZE );
00076                 prf_len -= SHA1_SIZE;
00077                 prf += SHA1_SIZE;
00078         }
00079 }

static void pbkdf2_sha1_f	(	const void *	passphrase,
		size_t	pass_len,
		const void *	salt,
		size_t	salt_len,
		int	iterations,
		u32	blocknr,
		u8 *	block
	)			`[static]`

PBKDF2 key derivation function inner block operation.

Parameters:

	passphrase	Passphrase from which to derive key
	pass_len	Length of passphrase
	salt	Salt to include in key
	salt_len	Length of salt
	iterations	Number of iterations of SHA1 to perform
	blocknr	Index of this block, starting at 1

Return values:

block

SHA1_SIZE bytes of PBKDF2 data

The operation of this function is described in RFC 2898.

Definition at line 94 of file sha1extra.c.

References hmac_final(), hmac_init(), hmac_update(), htonl, memcpy, memset(), sha1_algorithm, SHA1_CTX_SIZE, SHA1_SIZE, and u8.

Referenced by pbkdf2_sha1().

00097 {
00098         u8 pass[pass_len];      /* modifiable passphrase */
00099         u8 in[salt_len + 4];    /* input buffer to first round */
00100         u8 last[SHA1_SIZE];     /* output of round N, input of N+1 */
00101         u8 sha1_ctx[SHA1_CTX_SIZE];
00102         u8 *next_in = in;       /* changed to `last' after first round */
00103         int next_size = sizeof ( in );
00104         int i, j;
00105 
00106         blocknr = htonl ( blocknr );
00107 
00108         memcpy ( pass, passphrase, pass_len );
00109         memcpy ( in, salt, salt_len );
00110         memcpy ( in + salt_len, &blocknr, 4 );
00111         memset ( block, 0, SHA1_SIZE );
00112 
00113         for ( i = 0; i < iterations; i++ ) {
00114                 hmac_init ( &sha1_algorithm, sha1_ctx, pass, &pass_len );
00115                 hmac_update ( &sha1_algorithm, sha1_ctx, next_in, next_size );
00116                 hmac_final ( &sha1_algorithm, sha1_ctx, pass, &pass_len, last );
00117 
00118                 for ( j = 0; j < SHA1_SIZE; j++ ) {
00119                         block[j] ^= last[j];
00120                 }
00121 
00122                 next_in = last;
00123                 next_size = SHA1_SIZE;
00124         }
00125 }

void pbkdf2_sha1	(	const void *	passphrase,
		size_t	pass_len,
		const void *	salt,
		size_t	salt_len,
		int	iterations,
		void *	key,
		size_t	key_len
	)

PBKDF2 key derivation function using SHA1.

Parameters:

	passphrase	Passphrase from which to derive key
	pass_len	Length of passphrase
	salt	Salt to include in key
	salt_len	Length of salt
	iterations	Number of iterations of SHA1 to perform
	key_len	Length of key to generate

Return values:

key

Generated key bytes

This is used most notably in 802.11 WPA passphrase hashing, in which case the salt is the SSID, 4096 iterations are used, and a 32-byte key is generated that serves as the Pairwise Master Key for EAPOL authentication.

The operation of this function is further described in RFC 2898.

Definition at line 145 of file sha1extra.c.

References memcpy, pbkdf2_sha1_f(), SHA1_SIZE, u32, and u8.

Referenced by wpa_psk_start().

00148 {
00149         u32 blocks = ( key_len + SHA1_SIZE - 1 ) / SHA1_SIZE;
00150         u32 blk;
00151         u8 buf[SHA1_SIZE];
00152 
00153         for ( blk = 1; blk <= blocks; blk++ ) {
00154                 pbkdf2_sha1_f ( passphrase, pass_len, salt, salt_len,
00155                                 iterations, blk, buf );
00156                 if ( key_len <= SHA1_SIZE ) {
00157                         memcpy ( key, buf, key_len );
00158                         break;
00159                 }
00160 
00161                 memcpy ( key, buf, SHA1_SIZE );
00162                 key_len -= SHA1_SIZE;
00163                 key += SHA1_SIZE;
00164         }
00165 }


Functions
	FILE_LICENCE (GPL2_OR_LATER)
void	prf_sha1 (const void key, size_t key_len, const char label, const void data, size_t data_len, void prf, size_t prf_len)
	SHA1 pseudorandom function for creating derived keys.
static void	pbkdf2_sha1_f (const void passphrase, size_t pass_len, const void salt, size_t salt_len, int iterations, u32 blocknr, u8 *block)
	PBKDF2 key derivation function inner block operation.
void	pbkdf2_sha1 (const void passphrase, size_t pass_len, const void salt, size_t salt_len, int iterations, void *key, size_t key_len)
	PBKDF2 key derivation function using SHA1.