iPXE
Functions
sha1extra.c File Reference
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/sha1.h>
#include <ipxe/hmac.h>
#include <stdint.h>
#include <byteswap.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER)
 
void prf_sha1 (const void *key, size_t key_len, const char *label, const void *data, size_t data_len, void *prf, size_t prf_len)
 SHA1 pseudorandom function for creating derived keys. More...
 
static void pbkdf2_sha1_f (const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, u32 blocknr, u8 *block)
 PBKDF2 key derivation function inner block operation. More...
 
void pbkdf2_sha1 (const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, void *key, size_t key_len)
 PBKDF2 key derivation function using SHA1. More...
 

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER  )

◆ prf_sha1()

void prf_sha1 ( const void *  key,
size_t  key_len,
const char *  label,
const void *  data,
size_t  data_len,
void *  prf,
size_t  prf_len 
)

SHA1 pseudorandom function for creating derived keys.

Parameters
keyMaster key with which this call is associated
key_lenLength of key
labelNUL-terminated ASCII string describing purpose of PRF data
dataFurther data that should be included in the PRF
data_lenLength of further PRF data
prf_lenBytes of PRF to generate
Return values
prfPseudorandom function bytes

This is the PRF variant used by 802.11, defined in IEEE 802.11-2007 8.5.5.1. EAP-FAST uses a different SHA1-based PRF, and TLS uses an MD5-based PRF.

Definition at line 44 of file sha1extra.c.

46 {
47  u32 blk;
48  u8 keym[key_len]; /* modifiable copy of key */
49  u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */
50  u8 *in_blknr; /* pointer to last byte of in, block number */
51  u8 out[SHA1_DIGEST_SIZE]; /* HMAC-SHA1 result */
52  u8 ctx[SHA1_CTX_SIZE + SHA1_BLOCK_SIZE]; /* HMAC-SHA1 context */
53  const size_t label_len = strlen ( label );
54 
55  /* The HMAC-SHA-1 is calculated using the given key on the
56  message text `label', followed by a NUL, followed by one
57  byte indicating the block number (0 for first). */
58 
59  memcpy ( keym, key, key_len );
60 
61  memcpy ( in, label, strlen ( label ) + 1 );
62  memcpy ( in + label_len + 1, data, data_len );
63  in_blknr = in + label_len + 1 + data_len;
64 
65  for ( blk = 0 ;; blk++ ) {
66  *in_blknr = blk;
67 
68  hmac_init ( &sha1_algorithm, ctx, keym, key_len );
69  hmac_update ( &sha1_algorithm, ctx, in, sizeof ( in ) );
70  hmac_final ( &sha1_algorithm, ctx, out );
71 
72  if ( prf_len <= sizeof ( out ) ) {
73  memcpy ( prf, out, prf_len );
74  break;
75  }
76 
77  memcpy ( prf, out, sizeof ( out ) );
78  prf_len -= sizeof ( out );
79  prf += sizeof ( out );
80  }
81 }
hmac_init
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
Definition: hmac.c:57
SHA1_BLOCK_SIZE
#define SHA1_BLOCK_SIZE
Definition: Tpm20.h:26
in
__be32 in[4]
Definition: CIB_PRM.h:35
data_len
uint32_t data_len
Microcode data size (or 0 to indicate 2000 bytes)
Definition: ucode.h:26
out
__be32 out[4]
Definition: CIB_PRM.h:36
key_len
static void const void size_t key_len
Definition: crypto.h:285
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
hmac_update
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
Definition: hmac.h:42
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
strlen
size_t strlen(const char *src)
Get length of string.
Definition: string.c:243
SHA1_DIGEST_SIZE
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
SHA1_CTX_SIZE
#define SHA1_CTX_SIZE
SHA-1 context size.
Definition: sha1.h:66
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
hmac_final
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
Definition: hmac.c:87
u8
uint8_t u8
Definition: stdint.h:19
key
union @382 key
Sense key.
Definition: crypto.h:284
u32
uint32_t u32
Definition: stdint.h:23
sha1_algorithm
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:257

References ctx, data, data_len, hmac_final(), hmac_init(), hmac_update(), in, key, key_len, memcpy(), out, sha1_algorithm, SHA1_BLOCK_SIZE, SHA1_CTX_SIZE, SHA1_DIGEST_SIZE, and strlen().

Referenced by wpa_derive_ptk().

◆ pbkdf2_sha1_f()

static void pbkdf2_sha1_f ( const void *  passphrase,
size_t  pass_len,
const void *  salt,
size_t  salt_len,
int  iterations,
u32  blocknr,
u8 block 
)
static

PBKDF2 key derivation function inner block operation.

Parameters
passphrasePassphrase from which to derive key
pass_lenLength of passphrase
saltSalt to include in key
salt_lenLength of salt
iterationsNumber of iterations of SHA1 to perform
blocknrIndex of this block, starting at 1
Return values
blockSHA1_SIZE bytes of PBKDF2 data

The operation of this function is described in RFC 2898.

Definition at line 96 of file sha1extra.c.

99 {
100  u8 pass[pass_len]; /* modifiable passphrase */
101  u8 in[salt_len + 4]; /* input buffer to first round */
102  u8 last[SHA1_DIGEST_SIZE]; /* output of round N, input of N+1 */
103  u8 ctx[SHA1_CTX_SIZE + SHA1_BLOCK_SIZE];
104  u8 *next_in = in; /* changed to `last' after first round */
105  int next_size = sizeof ( in );
106  int i;
107  unsigned int j;
108 
109  blocknr = htonl ( blocknr );
110 
111  memcpy ( pass, passphrase, pass_len );
112  memcpy ( in, salt, salt_len );
113  memcpy ( in + salt_len, &blocknr, 4 );
114  memset ( block, 0, sizeof ( last ) );
115 
116  for ( i = 0; i < iterations; i++ ) {
117  hmac_init ( &sha1_algorithm, ctx, pass, pass_len );
118  hmac_update ( &sha1_algorithm, ctx, next_in, next_size );
119  hmac_final ( &sha1_algorithm, ctx, last );
120 
121  for ( j = 0; j < sizeof ( last ); j++ ) {
122  block[j] ^= last[j];
123  }
124 
125  next_in = last;
126  next_size = sizeof ( last );
127  }
128 }
hmac_init
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
Definition: hmac.c:57
SHA1_BLOCK_SIZE
#define SHA1_BLOCK_SIZE
Definition: Tpm20.h:26
in
__be32 in[4]
Definition: CIB_PRM.h:35
htonl
#define htonl(value)
Definition: byteswap.h:133
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
hmac_update
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
Definition: hmac.h:42
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
last
uint32_t last
Length to read in last segment, or zero.
Definition: pccrc.h:30
SHA1_DIGEST_SIZE
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
block
uint8_t block[3][8]
DES-encrypted blocks.
Definition: mschapv2.h:12
SHA1_CTX_SIZE
#define SHA1_CTX_SIZE
SHA-1 context size.
Definition: sha1.h:66
hmac_final
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
Definition: hmac.c:87
u8
uint8_t u8
Definition: stdint.h:19
sha1_algorithm
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:257
memset
void * memset(void *dest, int character, size_t len) __nonnull

References block, ctx, hmac_final(), hmac_init(), hmac_update(), htonl, in, last, memcpy(), memset(), sha1_algorithm, SHA1_BLOCK_SIZE, SHA1_CTX_SIZE, and SHA1_DIGEST_SIZE.

Referenced by pbkdf2_sha1().

◆ pbkdf2_sha1()

void pbkdf2_sha1 ( const void *  passphrase,
size_t  pass_len,
const void *  salt,
size_t  salt_len,
int  iterations,
void *  key,
size_t  key_len 
)

PBKDF2 key derivation function using SHA1.

Parameters
passphrasePassphrase from which to derive key
pass_lenLength of passphrase
saltSalt to include in key
salt_lenLength of salt
iterationsNumber of iterations of SHA1 to perform
key_lenLength of key to generate
Return values
keyGenerated key bytes

This is used most notably in 802.11 WPA passphrase hashing, in which case the salt is the SSID, 4096 iterations are used, and a 32-byte key is generated that serves as the Pairwise Master Key for EAPOL authentication.

The operation of this function is further described in RFC 2898.

Definition at line 148 of file sha1extra.c.

151 {
152  u32 blocks = ( key_len + SHA1_DIGEST_SIZE - 1 ) / SHA1_DIGEST_SIZE;
153  u32 blk;
154  u8 buf[SHA1_DIGEST_SIZE];
155 
156  for ( blk = 1; blk <= blocks; blk++ ) {
157  pbkdf2_sha1_f ( passphrase, pass_len, salt, salt_len,
158  iterations, blk, buf );
159  if ( key_len <= sizeof ( buf ) ) {
160  memcpy ( key, buf, key_len );
161  break;
162  }
163 
164  memcpy ( key, buf, sizeof ( buf ) );
165  key_len -= sizeof ( buf );
166  key += sizeof ( buf );
167  }
168 }
pbkdf2_sha1_f
static void pbkdf2_sha1_f(const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, u32 blocknr, u8 *block)
PBKDF2 key derivation function inner block operation.
Definition: sha1extra.c:96
blocks
uint32_t blocks
Number of blocks within the block description.
Definition: pccrc.h:17
key_len
static void const void size_t key_len
Definition: crypto.h:285
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
SHA1_DIGEST_SIZE
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
u8
uint8_t u8
Definition: stdint.h:19
key
union @382 key
Sense key.
Definition: crypto.h:284
u32
uint32_t u32
Definition: stdint.h:23

References blocks, key, key_len, memcpy(), pbkdf2_sha1_f(), and SHA1_DIGEST_SIZE.

Referenced by wpa_psk_start().

Generated by   doxygen 1.8.15