Context Navigation

source: mainline/uspace/lib/crypto/crypto.c@ cc575ef9

Visit:

lfn serial ticket/834-toolchain-update topic/msim-upgrade topic/simplify-dev-export

Last change on this file since cc575ef9 was cc575ef9, checked in by Jan Kolarik <kolarik@…>, 10 years ago
Appending Michael MIC footer in TKIP communication, tested MIC algorithm itself, but needs testing on real data transmission
Property mode set to `100644`
File size: 10.3 KB

Rev	Line
[1dcc0b9]	1	/*
	2	* Copyright (c) 2015 Jan Kolarik
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* - Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* - Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	* - The name of the author may not be used to endorse or promote products
	15	* derived from this software without specific prior written permission.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	18	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	19	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	20	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	21	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	22	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	23	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	24	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	25	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	26	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	27	*/
	28
	29	/** @file crypto.c
	30	*
	31	* Cryptographic functions library.
	32	*/
	33
	34	#include <unistd.h>
	35	#include <str.h>
	36	#include <macros.h>
	37	#include <errno.h>
	38	#include <byteorder.h>
	39
	40	#include "crypto.h"
	41
[d7dadcb4]	42	/* Hash function procedure definition. */
	43	typedef void (HASH_FUNC)(uint32_t, uint32_t*);
[1dcc0b9]	44
[d7dadcb4]	45	/* Length of HMAC block. */
	46	#define HMAC_BLOCK_LENGTH 64
	47
	48	/* Ceiling for UINT32. */
[1dcc0b9]	49	#define ceil_uint32(val) (((val) - (uint32_t)(val)) > 0 ? \
	50	(uint32_t)((val) + 1) : (uint32_t)(val))
[d7dadcb4]	51
	52	/* Floor for UINT32. */
[1dcc0b9]	53	#define floor_uint32(val) (((val) - (uint32_t)(val)) < 0 ? \
	54	(uint32_t)((val) - 1) : (uint32_t)(val))
[d7dadcb4]	55
	56	/* Pick value at specified index from array or zero if out of bounds. */
[1dcc0b9]	57	#define get_at(input, size, i) (i < size ? input[i] : 0)
	58
[d7dadcb4]	59	/* Init values used in SHA1 and MD5 functions. */
	60	static const uint32_t hash_init[] = {
	61	0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0
	62	};
	63
	64	/* Shift amount array for MD5 algorithm. */
	65	static const uint32_t md5_shift[] = {
	66	7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22,
	67	5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20,
	68	4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23,
	69	6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21
	70	};
	71
	72	/* Substitution box for MD5 algorithm. */
	73	static const uint32_t md5_sbox[] = {
	74	0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
	75	0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
	76	0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
	77	0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
	78	0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
	79	0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
	80	0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
	81	0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
	82	0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
	83	0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
	84	0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
	85	0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
	86	0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
	87	0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
	88	0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
	89	0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
	90	};
	91
[1dcc0b9]	92	/**
[d7dadcb4]	93	* Working procedure of MD5 cryptographic hash function.
[1dcc0b9]	94	*
[d7dadcb4]	95	* @param h Working array with interim hash parts values.
	96	* @param sched_arr Input array with scheduled values from input string.
[1dcc0b9]	97	*/
[d7dadcb4]	98	static void md5_proc(uint32_t h, uint32_t sched_arr)
[1dcc0b9]	99	{
[d7dadcb4]	100	uint32_t f, g, temp;
	101	uint32_t w[HASH_MD5/4];
	102
	103	memcpy(w, h, (HASH_MD5/4) * sizeof(uint32_t));
	104
	105	for(size_t k = 0; k < 64; k++) {
	106	if(k < 16) {
	107	f = (w[1] & w[2]) \| (~w[1] & w[3]);
	108	g = k;
	109	} else if(k >= 16 && k < 32) {
	110	f = (w[1] & w[3]) \| (w[2] & ~w[3]);
	111	g = (5*k + 1) % 16;
	112	} else if(k >= 32 && k < 48) {
	113	f = w[1] ^ w[2] ^ w[3];
	114	g = (3*k + 5) % 16;
	115	} else {
	116	f = w[2] ^ (w[1] \| ~w[3]);
	117	g = 7*k % 16;
	118	}
	119	temp = w[3];
	120	w[3] = w[2];
	121	w[2] = w[1];
	122	w[1] += rotl_uint32(w[0] + f + md5_sbox[k] +
	123	uint32_t_byteorder_swap(sched_arr[g]),
	124	md5_shift[k]);
	125	w[0] = temp;
[1dcc0b9]	126	}
[d7dadcb4]	127
	128	for(uint8_t k = 0; k < HASH_MD5/4; k++)
	129	h[k] += w[k];
[1dcc0b9]	130	}
	131
	132	/**
[d7dadcb4]	133	* Working procedure of SHA-1 cryptographic hash function.
[1dcc0b9]	134	*
[d7dadcb4]	135	* @param h Working array with interim hash parts values.
	136	* @param sched_arr Input array with scheduled values from input string.
[1dcc0b9]	137	*/
[d7dadcb4]	138	static void sha1_proc(uint32_t h, uint32_t sched_arr)
[1dcc0b9]	139	{
[d7dadcb4]	140	uint32_t f, cf, temp;
	141	uint32_t w[HASH_SHA1/4];
[1dcc0b9]	142
[d7dadcb4]	143	for(size_t k = 16; k < 80; k++) {
	144	sched_arr[k] = rotl_uint32(
	145	sched_arr[k-3] ^
	146	sched_arr[k-8] ^
	147	sched_arr[k-14] ^
	148	sched_arr[k-16],
	149	1);
	150	}
	151
	152	memcpy(w, h, (HASH_SHA1/4) * sizeof(uint32_t));
[1dcc0b9]	153
[d7dadcb4]	154	for(size_t k = 0; k < 80; k++) {
	155	if(k < 20) {
	156	f = (w[1] & w[2]) \| (~w[1] & w[3]);
	157	cf = 0x5A827999;
	158	} else if(k >= 20 && k < 40) {
	159	f = w[1] ^ w[2] ^ w[3];
	160	cf = 0x6ED9EBA1;
	161	} else if(k >= 40 && k < 60) {
	162	f = (w[1] & w[2]) \| (w[1] & w[3]) \| (w[2] & w[3]);
	163	cf = 0x8F1BBCDC;
	164	} else {
	165	f = w[1] ^ w[2] ^ w[3];
	166	cf = 0xCA62C1D6;
	167	}
	168
	169	temp = rotl_uint32(w[0], 5) + f + w[4] + cf + sched_arr[k];
	170
	171	w[4] = w[3];
	172	w[3] = w[2];
	173	w[2] = rotl_uint32(w[1], 30);
	174	w[1] = w[0];
	175	w[0] = temp;
	176	}
	177
	178	for(uint8_t k = 0; k < HASH_SHA1/4; k++)
	179	h[k] += w[k];
[1dcc0b9]	180	}
	181
	182	/**
[d7dadcb4]	183	* Create hash based on selected algorithm.
[1dcc0b9]	184	*
[d7dadcb4]	185	* @param input Input message byte sequence.
	186	* @param input_size Size of message sequence.
	187	* @param output Result hash byte sequence.
	188	* @param hash_sel Hash function selector.
[1dcc0b9]	189	*
[d7dadcb4]	190	* @return EINVAL when input not specified, ENOMEM when pointer for
	191	* output hash result is not allocated, otherwise EOK.
[1dcc0b9]	192	*/
[d7dadcb4]	193	int create_hash(uint8_t input, size_t input_size, uint8_t output,
	194	hash_func_t hash_sel)
[1dcc0b9]	195	{
	196	if(!input)
	197	return EINVAL;
	198
[d7dadcb4]	199	if(!output)
[1dcc0b9]	200	return ENOMEM;
	201
[d7dadcb4]	202	HASH_FUNC hash_func = (hash_sel == HASH_MD5) ? md5_proc : sha1_proc;
[1dcc0b9]	203
[d7dadcb4]	204	/* Prepare scheduled input. */
[1dcc0b9]	205	uint8_t work_input[input_size + 1];
	206	memcpy(work_input, input, input_size);
	207	work_input[input_size] = 0x80;
	208
	209	size_t blocks = ceil_uint32((((double)input_size + 1) / 4 + 2) / 16);
[d7dadcb4]	210	uint32_t work_arr[blocks * 16];
[1dcc0b9]	211	for(size_t i = 0; i < blocks; i++) {
	212	for(size_t j = 0; j < 16; j++) {
	213	work_arr[i*16 + j] =
	214	(get_at(work_input, input_size+1, i64+j4) << 24) \|
	215	(get_at(work_input, input_size+1, i64+j4+1) << 16) \|
	216	(get_at(work_input, input_size+1, i64+j4+2) << 8) \|
	217	get_at(work_input, input_size+1, i64+j4+3);
	218	}
	219	}
	220
[d7dadcb4]	221	uint64_t bits_size = (uint64_t)(input_size * 8);
	222	if(hash_sel == HASH_MD5)
	223	bits_size = uint64_t_byteorder_swap(bits_size);
	224
	225	work_arr[(blocks - 1) * 16 + 14] = bits_size >> 32;
	226	work_arr[(blocks - 1) * 16 + 15] = bits_size & 0xFFFFFFFF;
	227
	228	/* Hash computation. */
	229	uint32_t h[hash_sel/4];
	230	memcpy(h, hash_init, (hash_sel/4) * sizeof(uint32_t));
	231	uint32_t sched_arr[80];
[1dcc0b9]	232	for(size_t i = 0; i < blocks; i++) {
	233	for(size_t k = 0; k < 16; k++) {
	234	sched_arr[k] = work_arr[i*16 + k];
	235	}
	236
[d7dadcb4]	237	hash_func(h, sched_arr);
[1dcc0b9]	238	}
	239
[d7dadcb4]	240	/* Copy hash parts into final result. */
	241	for(size_t i = 0; i < hash_sel/4; i++) {
	242	if(hash_sel == HASH_SHA1)
	243	h[i] = uint32_t_byteorder_swap(h[i]);
	244	memcpy(output + i*sizeof(uint32_t), &h[i], sizeof(uint32_t));
[1dcc0b9]	245	}
	246
	247	return EOK;
	248	}
	249
	250	/**
[a931b7b]	251	* Hash-based message authentication code.
[1dcc0b9]	252	*
	253	* @param key Cryptographic key sequence.
	254	* @param key_size Size of key sequence.
	255	* @param msg Message sequence.
	256	* @param msg_size Size of message sequence.
	257	* @param hash Output parameter for result hash.
	258	* @param hash_sel Hash function selector.
	259	*
	260	* @return EINVAL when key or message not specified, ENOMEM when pointer for
	261	* output hash result is not allocated, otherwise EOK.
	262	*/
	263	int hmac(uint8_t key, size_t key_size, uint8_t msg, size_t msg_size,
	264	uint8_t *hash, hash_func_t hash_sel)
	265	{
	266	if(!key \|\| !msg)
	267	return EINVAL;
	268
	269	if(!hash)
	270	return ENOMEM;
	271
	272	uint8_t work_key[HMAC_BLOCK_LENGTH];
	273	uint8_t o_key_pad[HMAC_BLOCK_LENGTH];
	274	uint8_t i_key_pad[HMAC_BLOCK_LENGTH];
[d7dadcb4]	275	uint8_t temp_hash[hash_sel];
[1dcc0b9]	276	memset(work_key, 0, HMAC_BLOCK_LENGTH);
	277
	278	if(key_size > HMAC_BLOCK_LENGTH) {
[d7dadcb4]	279	create_hash(key, key_size, work_key, hash_sel);
[1dcc0b9]	280	} else {
	281	memcpy(work_key, key, key_size);
	282	}
	283
	284	for(size_t i = 0; i < HMAC_BLOCK_LENGTH; i++) {
	285	o_key_pad[i] = work_key[i] ^ 0x5C;
	286	i_key_pad[i] = work_key[i] ^ 0x36;
	287	}
	288
[cc575ef9]	289	uint8_t temp_work[HMAC_BLOCK_LENGTH + max(msg_size, hash_sel)];
[1dcc0b9]	290	memcpy(temp_work, i_key_pad, HMAC_BLOCK_LENGTH);
	291	memcpy(temp_work + HMAC_BLOCK_LENGTH, msg, msg_size);
	292
[d7dadcb4]	293	create_hash(temp_work, HMAC_BLOCK_LENGTH + msg_size, temp_hash,
	294	hash_sel);
[1dcc0b9]	295
	296	memcpy(temp_work, o_key_pad, HMAC_BLOCK_LENGTH);
[d7dadcb4]	297	memcpy(temp_work + HMAC_BLOCK_LENGTH, temp_hash, hash_sel);
[1dcc0b9]	298
[d7dadcb4]	299	create_hash(temp_work, HMAC_BLOCK_LENGTH + hash_sel, hash, hash_sel);
[1dcc0b9]	300
	301	return EOK;
	302	}
	303
	304	/**
	305	* Password-Based Key Derivation Function 2 as defined in RFC 2898,
	306	* using HMAC-SHA1 with 4096 iterations and 32 bytes key result used
[a931b7b]	307	* for WPA/WPA2.
[1dcc0b9]	308	*
	309	* @param pass Password sequence.
	310	* @param pass_size Password sequence length.
	311	* @param salt Salt sequence to be used with password.
	312	* @param salt_size Salt sequence length.
	313	* @param hash Output parameter for result hash (32 byte value).
	314	*
	315	* @return EINVAL when pass or salt not specified, ENOMEM when pointer for
	316	* output hash result is not allocated, otherwise EOK.
	317	*/
	318	int pbkdf2(uint8_t pass, size_t pass_size, uint8_t salt, size_t salt_size,
[a931b7b]	319	uint8_t *hash)
[1dcc0b9]	320	{
	321	if(!pass \|\| !salt)
	322	return EINVAL;
	323
	324	if(!hash)
	325	return ENOMEM;
	326
[cc575ef9]	327	uint8_t work_salt[salt_size + 4];
[1dcc0b9]	328	memcpy(work_salt, salt, salt_size);
[a931b7b]	329	uint8_t work_hmac[HASH_SHA1];
	330	uint8_t temp_hmac[HASH_SHA1];
	331	uint8_t xor_hmac[HASH_SHA1];
	332	uint8_t temp_hash[HASH_SHA1*2];
[1dcc0b9]	333
	334	for(size_t i = 0; i < 2; i++) {
[cc575ef9]	335	uint32_t be_i = host2uint32_t_be(i+1);
	336	memcpy(work_salt + salt_size, &be_i, 4);
	337	hmac(pass, pass_size, work_salt, salt_size + 4,
[a931b7b]	338	work_hmac, HASH_SHA1);
	339	memcpy(xor_hmac, work_hmac, HASH_SHA1);
[cc575ef9]	340
[1dcc0b9]	341	for(size_t k = 1; k < 4096; k++) {
[a931b7b]	342	memcpy(temp_hmac, work_hmac, HASH_SHA1);
	343	hmac(pass, pass_size, temp_hmac, HASH_SHA1,
	344	work_hmac, HASH_SHA1);
	345	for(size_t t = 0; t < HASH_SHA1; t++) {
[1dcc0b9]	346	xor_hmac[t] ^= work_hmac[t];
	347	}
	348	}
[a931b7b]	349	memcpy(temp_hash + i*HASH_SHA1, xor_hmac, HASH_SHA1);
[1dcc0b9]	350	}
	351
	352	memcpy(hash, temp_hash, PBKDF2_KEY_LENGTH);
	353
	354	return EOK;
	355	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: