iPXE
Functions
sha1extra.c File Reference
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/sha1.h>
#include <ipxe/hmac.h>
#include <stdint.h>
#include <byteswap.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER)
 
void prf_sha1 (const void *key, size_t key_len, const char *label, const void *data, size_t data_len, void *prf, size_t prf_len)
 SHA1 pseudorandom function for creating derived keys. More...
 
static void pbkdf2_sha1_f (const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, u32 blocknr, u8 *block)
 PBKDF2 key derivation function inner block operation. More...
 
void pbkdf2_sha1 (const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, void *key, size_t key_len)
 PBKDF2 key derivation function using SHA1. More...
 

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER  )

◆ prf_sha1()

void prf_sha1 ( const void *  key,
size_t  key_len,
const char *  label,
const void *  data,
size_t  data_len,
void *  prf,
size_t  prf_len 
)

SHA1 pseudorandom function for creating derived keys.

Parameters
keyMaster key with which this call is associated
key_lenLength of key
labelNUL-terminated ASCII string describing purpose of PRF data
dataFurther data that should be included in the PRF
data_lenLength of further PRF data
prf_lenBytes of PRF to generate
Return values
prfPseudorandom function bytes

This is the PRF variant used by 802.11, defined in IEEE 802.11-2007 8.5.5.1. EAP-FAST uses a different SHA1-based PRF, and TLS uses an MD5-based PRF.

Definition at line 44 of file sha1extra.c.

46 {
47  u32 blk;
48  u8 keym[key_len]; /* modifiable copy of key */
49  u8 in[strlen ( label ) + 1 + data_len + 1]; /* message to HMAC */
50  u8 *in_blknr; /* pointer to last byte of in, block number */
51  u8 out[SHA1_DIGEST_SIZE]; /* HMAC-SHA1 result */
52  u8 ctx[SHA1_CTX_SIZE + SHA1_BLOCK_SIZE]; /* HMAC-SHA1 context */
53  const size_t label_len = strlen ( label );
54 
55  /* The HMAC-SHA-1 is calculated using the given key on the
56  message text `label', followed by a NUL, followed by one
57  byte indicating the block number (0 for first). */
58 
59  memcpy ( keym, key, key_len );
60 
61  memcpy ( in, label, strlen ( label ) + 1 );
62  memcpy ( in + label_len + 1, data, data_len );
63  in_blknr = in + label_len + 1 + data_len;
64 
65  for ( blk = 0 ;; blk++ ) {
66  *in_blknr = blk;
67 
68  hmac_init ( &sha1_algorithm, ctx, keym, key_len );
69  hmac_update ( &sha1_algorithm, ctx, in, sizeof ( in ) );
71 
72  if ( prf_len <= sizeof ( out ) ) {
73  memcpy ( prf, out, prf_len );
74  break;
75  }
76 
77  memcpy ( prf, out, sizeof ( out ) );
78  prf_len -= sizeof ( out );
79  prf += sizeof ( out );
80  }
81 }
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
Definition: hmac.c:57
A text label widget.
Definition: label.h:16
#define SHA1_BLOCK_SIZE
Definition: Tpm20.h:26
__be32 in[4]
Definition: CIB_PRM.h:35
uint32_t data_len
Microcode data size (or 0 to indicate 2000 bytes)
Definition: ucode.h:26
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
void * memcpy(void *dest, const void *src, size_t len) __nonnull
__be32 out[4]
Definition: CIB_PRM.h:36
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
Definition: hmac.h:42
size_t strlen(const char *src)
Get length of string.
Definition: string.c:243
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
#define SHA1_CTX_SIZE
SHA-1 context size.
Definition: sha1.h:66
uint8_t data[48]
Additional event data.
Definition: ena.h:22
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
Definition: hmac.c:87
uint8_t u8
Definition: stdint.h:19
union @383 key
Sense key.
Definition: scsi.h:18
uint32_t u32
Definition: stdint.h:23
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:257

References ctx, data, data_len, hmac_final(), hmac_init(), hmac_update(), in, key, memcpy(), out, sha1_algorithm, SHA1_BLOCK_SIZE, SHA1_CTX_SIZE, SHA1_DIGEST_SIZE, and strlen().

Referenced by wpa_derive_ptk().

◆ pbkdf2_sha1_f()

static void pbkdf2_sha1_f ( const void *  passphrase,
size_t  pass_len,
const void *  salt,
size_t  salt_len,
int  iterations,
u32  blocknr,
u8 block 
)
static

PBKDF2 key derivation function inner block operation.

Parameters
passphrasePassphrase from which to derive key
pass_lenLength of passphrase
saltSalt to include in key
salt_lenLength of salt
iterationsNumber of iterations of SHA1 to perform
blocknrIndex of this block, starting at 1
Return values
blockSHA1_SIZE bytes of PBKDF2 data

The operation of this function is described in RFC 2898.

Definition at line 96 of file sha1extra.c.

99 {
100  u8 pass[pass_len]; /* modifiable passphrase */
101  u8 in[salt_len + 4]; /* input buffer to first round */
102  u8 last[SHA1_DIGEST_SIZE]; /* output of round N, input of N+1 */
104  u8 *next_in = in; /* changed to `last' after first round */
105  int next_size = sizeof ( in );
106  int i;
107  unsigned int j;
108 
109  blocknr = htonl ( blocknr );
110 
111  memcpy ( pass, passphrase, pass_len );
112  memcpy ( in, salt, salt_len );
113  memcpy ( in + salt_len, &blocknr, 4 );
114  memset ( block, 0, sizeof ( last ) );
115 
116  for ( i = 0; i < iterations; i++ ) {
117  hmac_init ( &sha1_algorithm, ctx, pass, pass_len );
118  hmac_update ( &sha1_algorithm, ctx, next_in, next_size );
119  hmac_final ( &sha1_algorithm, ctx, last );
120 
121  for ( j = 0; j < sizeof ( last ); j++ ) {
122  block[j] ^= last[j];
123  }
124 
125  next_in = last;
126  next_size = sizeof ( last );
127  }
128 }
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
Definition: hmac.c:57
#define SHA1_BLOCK_SIZE
Definition: Tpm20.h:26
__be32 in[4]
Definition: CIB_PRM.h:35
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
#define htonl(value)
Definition: byteswap.h:133
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
Definition: hmac.h:42
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
uint8_t block[3][8]
DES-encrypted blocks.
Definition: mschapv2.h:12
#define SHA1_CTX_SIZE
SHA-1 context size.
Definition: sha1.h:66
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
Definition: hmac.c:87
uint8_t u8
Definition: stdint.h:19
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:257
void * memset(void *dest, int character, size_t len) __nonnull

References block, ctx, hmac_final(), hmac_init(), hmac_update(), htonl, in, memcpy(), memset(), sha1_algorithm, SHA1_BLOCK_SIZE, SHA1_CTX_SIZE, and SHA1_DIGEST_SIZE.

Referenced by pbkdf2_sha1().

◆ pbkdf2_sha1()

void pbkdf2_sha1 ( const void *  passphrase,
size_t  pass_len,
const void *  salt,
size_t  salt_len,
int  iterations,
void *  key,
size_t  key_len 
)

PBKDF2 key derivation function using SHA1.

Parameters
passphrasePassphrase from which to derive key
pass_lenLength of passphrase
saltSalt to include in key
salt_lenLength of salt
iterationsNumber of iterations of SHA1 to perform
key_lenLength of key to generate
Return values
keyGenerated key bytes

This is used most notably in 802.11 WPA passphrase hashing, in which case the salt is the SSID, 4096 iterations are used, and a 32-byte key is generated that serves as the Pairwise Master Key for EAPOL authentication.

The operation of this function is further described in RFC 2898.

Definition at line 148 of file sha1extra.c.

151 {
152  u32 blocks = ( key_len + SHA1_DIGEST_SIZE - 1 ) / SHA1_DIGEST_SIZE;
153  u32 blk;
154  u8 buf[SHA1_DIGEST_SIZE];
155 
156  for ( blk = 1; blk <= blocks; blk++ ) {
157  pbkdf2_sha1_f ( passphrase, pass_len, salt, salt_len,
158  iterations, blk, buf );
159  if ( key_len <= sizeof ( buf ) ) {
160  memcpy ( key, buf, key_len );
161  break;
162  }
163 
164  memcpy ( key, buf, sizeof ( buf ) );
165  key_len -= sizeof ( buf );
166  key += sizeof ( buf );
167  }
168 }
static void pbkdf2_sha1_f(const void *passphrase, size_t pass_len, const void *salt, size_t salt_len, int iterations, u32 blocknr, u8 *block)
PBKDF2 key derivation function inner block operation.
Definition: sha1extra.c:96
void * memcpy(void *dest, const void *src, size_t len) __nonnull
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
uint8_t u8
Definition: stdint.h:19
union @383 key
Sense key.
Definition: scsi.h:18
uint32_t u32
Definition: stdint.h:23

References key, memcpy(), pbkdf2_sha1_f(), and SHA1_DIGEST_SIZE.

Referenced by wpa_psk_start().