From 5b8a5d2a4459f7f1a500e56a12fd39acb2bb04fc Mon Sep 17 00:00:00 2001
From: rasky <rasky@38d2e660-2303-0410-9eaa-f027e97ec537>
Date: Fri, 24 Sep 2010 16:23:28 +0000
Subject: [PATCH] SEC: add implementations for PBKDF1 and PBKDF2.

git-svn-id: https://src.develer.com/svnoss/bertos/trunk@4305 38d2e660-2303-0410-9eaa-f027e97ec537
---
 bertos/sec/kdf/pbkdf1.c      | 106 ++++++++++++++++++++++++++++++++
 bertos/sec/kdf/pbkdf1.h      |  61 +++++++++++++++++++
 bertos/sec/kdf/pbkdf1_test.c |  34 +++++++++++
 bertos/sec/kdf/pbkdf2.c      | 113 +++++++++++++++++++++++++++++++++++
 bertos/sec/kdf/pbkdf2.h      |  65 ++++++++++++++++++++
 bertos/sec/kdf/pbkdf2_test.c |  62 +++++++++++++++++++
 6 files changed, 441 insertions(+)
 create mode 100644 bertos/sec/kdf/pbkdf1.c
 create mode 100644 bertos/sec/kdf/pbkdf1.h
 create mode 100644 bertos/sec/kdf/pbkdf1_test.c
 create mode 100644 bertos/sec/kdf/pbkdf2.c
 create mode 100644 bertos/sec/kdf/pbkdf2.h
 create mode 100644 bertos/sec/kdf/pbkdf2_test.c

diff --git a/bertos/sec/kdf/pbkdf1.c b/bertos/sec/kdf/pbkdf1.c
new file mode 100644
index 00000000..bf4980bd
--- /dev/null
+++ b/bertos/sec/kdf/pbkdf1.c
@@ -0,0 +1,106 @@
+/**
+ * \file
+ * <!--
+ * This file is part of BeRTOS.
+ *
+ * Bertos is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As a special exception, you may use this file as part of a free software
+ * library without restriction.  Specifically, if other files instantiate
+ * templates or use macros or inline functions from this file, or you compile
+ * this file and link it with other files to produce an executable, this
+ * file does not by itself cause the resulting executable to be covered by
+ * the GNU General Public License.  This exception does not however
+ * invalidate any other reasons why the executable file might be covered by
+ * the GNU General Public License.
+ *
+ * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
+ *
+ * -->
+ *
+ * \brief PBKDF1 implementation
+ * \author Giovanni Bajo <rasky@develer.com>
+ * 
+ */
+
+#include "pbkdf1.h"
+#include <sec/hash.h>
+#include <sec/util.h>
+
+
+static void PBKDF1_begin(Kdf *ctx_, const char *pwd, size_t pwd_len,
+					     const uint8_t *salt, size_t salt_len)
+{
+	PBKDF1_Context *ctx = (PBKDF1_Context *)ctx_;
+
+	hash_begin(ctx->hash);
+	hash_update(ctx->hash, pwd, pwd_len);
+	hash_update(ctx->hash, salt, salt_len);
+	
+	ctx->kdf.to_read = 0;
+	ctx->kdf.block = NULL;
+}
+
+static void PBKDF1_next(Kdf *ctx_)
+{
+	PBKDF1_Context *ctx = (PBKDF1_Context *)ctx_;
+	
+	// PBKDF1 will generate only one block of data (whose len depends
+	// on the underlying hash function). After that, the generation stops
+	// with an ASSERT. If you use PKBDF1, you are supposed to be aware
+	// of this limit while designing your algorithm.
+	ASSERT(ctx->kdf.block == NULL);
+
+	int hlen = hash_digest_len(ctx->hash);
+	uint8_t temp[hlen];
+	uint8_t *final = hash_final(ctx->hash);
+	
+	for (uint32_t i=0; i<ctx->iterations-1; i++)
+	{
+		memcpy(temp, final, hlen);
+		hash_begin(ctx->hash);
+		hash_update(ctx->hash, temp, hlen);
+		final = hash_final(ctx->hash);
+	}
+
+	PURGE(temp);
+
+	ctx->kdf.to_read = ctx->kdf.block_len;
+	ctx->kdf.block = final;
+}
+
+/**********************************************************************/
+
+// Default iteration count. The RFC does not specify a "good" default
+// value; it just says that this should be a high value to slow down
+// computations. Since slowing down is not much of a concern for an
+// embedded system, we settle for a value which is not too big.
+#define PBKDF1_DEFAULT_ITERATIONS      100
+
+
+void PBKDF1_init(PBKDF1_Context *ctx, Hash *h)
+{
+	ctx->hash = h;
+	ctx->iterations = PBKDF1_DEFAULT_ITERATIONS;
+	ctx->kdf.begin = PBKDF1_begin;
+	ctx->kdf.next = PBKDF1_next;
+	ctx->kdf.block_len = hash_digest_len(h);
+}
+
+void PBKDF1_set_iterations(Kdf *ctx_, uint32_t iterations)
+{
+	PBKDF1_Context *ctx = (PBKDF1_Context *)ctx_;
+	ctx->iterations = iterations;
+}
diff --git a/bertos/sec/kdf/pbkdf1.h b/bertos/sec/kdf/pbkdf1.h
new file mode 100644
index 00000000..f64d0d81
--- /dev/null
+++ b/bertos/sec/kdf/pbkdf1.h
@@ -0,0 +1,61 @@
+/**
+ * \file
+ * <!--
+ * This file is part of BeRTOS.
+ *
+ * Bertos is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As a special exception, you may use this file as part of a free software
+ * library without restriction.  Specifically, if other files instantiate
+ * templates or use macros or inline functions from this file, or you compile
+ * this file and link it with other files to produce an executable, this
+ * file does not by itself cause the resulting executable to be covered by
+ * the GNU General Public License.  This exception does not however
+ * invalidate any other reasons why the executable file might be covered by
+ * the GNU General Public License.
+ *
+ * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
+ *
+ * -->
+ *
+ * \brief PBKDF1 implementation
+ * \author Giovanni Bajo <rasky@develer.com>
+ * 
+ */
+
+#ifndef SEC_KDF_PBKDF1_H
+#define SEC_KDF_PBKDF1_H
+
+#include <sec/kdf.h>
+#include <sec/hash.h>
+
+typedef struct 
+{
+	Kdf kdf;
+	Hash *hash;
+	uint32_t iterations;
+} PBKDF1_Context;
+
+void PBKDF1_init(PBKDF1_Context *ctx, Hash *h);
+void PBKDF1_set_iterations(Kdf *kdf, uint32_t iterations);
+
+#define PBKDF1_stackinit(...) \
+	({ PBKDF1_Context *ctx = alloca(sizeof(PBKDF1_Context)); PBKDF1_init(ctx , ##__VA_ARGS__); &ctx->kdf; })
+
+int PBKDF1_testSetup(void);
+int PBKDF1_testRun(void);
+int PBKDF1_testTearDown(void);
+
+#endif /* SEC_KDF_PBKDF1_H */
diff --git a/bertos/sec/kdf/pbkdf1_test.c b/bertos/sec/kdf/pbkdf1_test.c
new file mode 100644
index 00000000..1e0f727d
--- /dev/null
+++ b/bertos/sec/kdf/pbkdf1_test.c
@@ -0,0 +1,34 @@
+#include <string.h>
+#include <cpu/detect.h>
+#include <cfg/test.h>
+#include <cfg/debug.h>
+#include <sec/mac/hmac.h>
+#include <sec/hash/sha1.h>
+#include <sec/kdf/PBKDF1.h>
+
+int PBKDF1_testSetup(void)
+{
+	kdbg_init();
+	return 0;
+}
+
+int PBKDF1_testTearDown(void)
+{
+	return 0;
+}
+
+int PBKDF1_testRun(void)
+{
+	Kdf *kdf = PBKDF1_stackinit(SHA1_stackinit());
+
+	uint8_t res[16];
+	
+	PBKDF1_set_iterations(kdf, 1000);
+	kdf_begin(kdf, "password", 8, (const uint8_t*)"\x78\x57\x8E\x5A\x5D\x63\xCB\x06", 8);
+	kdf_read(kdf, res, 16);
+	ASSERT(memcmp(res, "\xDC\x19\x84\x7E\x05\xC6\x4D\x2F\xAF\x10\xEB\xFB\x4A\x3D\x2A\x20", 16) == 0);
+	
+	return 0;
+}
+
+TEST_MAIN(PBKDF1);
diff --git a/bertos/sec/kdf/pbkdf2.c b/bertos/sec/kdf/pbkdf2.c
new file mode 100644
index 00000000..e3d1f5f8
--- /dev/null
+++ b/bertos/sec/kdf/pbkdf2.c
@@ -0,0 +1,113 @@
+/**
+ * \file
+ * <!--
+ * This file is part of BeRTOS.
+ *
+ * Bertos is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As a special exception, you may use this file as part of a free software
+ * library without restriction.  Specifically, if other files instantiate
+ * templates or use macros or inline functions from this file, or you compile
+ * this file and link it with other files to produce an executable, this
+ * file does not by itself cause the resulting executable to be covered by
+ * the GNU General Public License.  This exception does not however
+ * invalidate any other reasons why the executable file might be covered by
+ * the GNU General Public License.
+ *
+ * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
+ *
+ * -->
+ *
+ * \brief PBKDF2 implementation
+ * \author Giovanni Bajo <rasky@develer.com>
+ * 
+ */
+
+#include "pbkdf2.h"
+#include <cpu/byteorder.h>
+#include <sec/util.h>
+#include <cfg/debug.h>
+
+static void PBKDF2_begin(Kdf *ctx_, const char *pwd, size_t pwd_len,
+					     const uint8_t *salt, size_t salt_len)
+{
+	PBKDF2_Context *ctx = (PBKDF2_Context*)ctx_;
+	
+	ASSERT(sizeof(ctx->salt) >= salt_len);
+	
+	mac_set_key(ctx->mac, (const uint8_t*)pwd, pwd_len);
+	ctx->salt_len = salt_len;
+	memcpy(ctx->salt, salt, salt_len);
+	ctx->c = 0;
+	ctx->kdf.to_read = 0;
+	ctx->kdf.block = NULL;
+}
+
+static void PBKDF2_next(Kdf *ctx_)
+{
+	PBKDF2_Context *ctx = (PBKDF2_Context*)ctx_;
+	int dlen = mac_digest_len(ctx->mac);
+	uint8_t last[dlen];
+	
+	++ctx->c;
+	uint32_t bec = cpu_to_be32(ctx->c);
+	
+	mac_begin(ctx->mac);
+	mac_update(ctx->mac, ctx->salt, ctx->salt_len);
+	mac_update(ctx->mac, &bec, 4);
+	memcpy(last, mac_final(ctx->mac), dlen);
+	memcpy(ctx->block, last, dlen);
+	
+	for (uint32_t i=0; i<ctx->iterations-1; ++i)
+	{
+		mac_begin(ctx->mac);
+		mac_update(ctx->mac, last, dlen);
+		memcpy(last, mac_final(ctx->mac), dlen);
+		xor_block(ctx->block, ctx->block, last, dlen);
+	}
+
+	ctx->kdf.to_read = dlen;
+	ctx->kdf.block = ctx->block;
+	
+	PURGE(last);
+}
+
+
+/**********************************************************************/
+
+// Default iteration count. The RFC does not specify a "good" default
+// value; it just says that this should be a high value to slow down
+// computations. Since slowing down is not much of a concern for an
+// embedded system, we settle for a value which is not too big.
+#define PBKDF2_DEFAULT_ITERATIONS      100
+
+
+void PBKDF2_init(PBKDF2_Context *ctx, Mac *mac)
+{
+	ctx->salt_len = 0;
+	ctx->mac = mac;
+	ctx->iterations = PBKDF2_DEFAULT_ITERATIONS;
+	ctx->kdf.begin = PBKDF2_begin;
+	ctx->kdf.next = PBKDF2_next;
+	ctx->kdf.block_len = mac_digest_len(mac);
+	ASSERT(ctx->kdf.block_len <= sizeof(ctx->block));
+}
+
+void PBKDF2_set_iterations(Kdf *ctx_, uint32_t iterations)
+{
+	PBKDF2_Context *ctx = (PBKDF2_Context*)ctx_;
+	ctx->iterations = iterations;
+}
+
diff --git a/bertos/sec/kdf/pbkdf2.h b/bertos/sec/kdf/pbkdf2.h
new file mode 100644
index 00000000..43d44d18
--- /dev/null
+++ b/bertos/sec/kdf/pbkdf2.h
@@ -0,0 +1,65 @@
+/**
+ * \file
+ * <!--
+ * This file is part of BeRTOS.
+ *
+ * Bertos is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As a special exception, you may use this file as part of a free software
+ * library without restriction.  Specifically, if other files instantiate
+ * templates or use macros or inline functions from this file, or you compile
+ * this file and link it with other files to produce an executable, this
+ * file does not by itself cause the resulting executable to be covered by
+ * the GNU General Public License.  This exception does not however
+ * invalidate any other reasons why the executable file might be covered by
+ * the GNU General Public License.
+ *
+ * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
+ *
+ * -->
+ *
+ * \brief PBKDF2 implementation
+ * \author Giovanni Bajo <rasky@develer.com>
+ * 
+ */
+
+#ifndef SEC_KDF_PBKDF2_H
+#define SEC_KDF_PBKDF2_H
+
+#include <sec/kdf.h>
+#include <sec/mac.h>
+
+typedef struct 
+{
+	Kdf kdf;
+	Mac *mac;
+	uint8_t block[20];
+	uint32_t c;
+	uint32_t iterations;
+	uint8_t salt_len;
+	uint8_t salt[48];
+} PBKDF2_Context;
+
+void PBKDF2_init(PBKDF2_Context *ctx, Mac *mac);
+void PBKDF2_set_iterations(Kdf *kdf, uint32_t iterations);
+
+#define PBKDF2_stackinit(...) \
+	({ PBKDF2_Context *ctx = alloca(sizeof(PBKDF2_Context)); PBKDF2_init(ctx , ##__VA_ARGS__); &ctx->kdf; })
+
+int PBKDF2_testSetup(void);
+int PBKDF2_testRun(void);
+int PBKDF2_testTearDown(void);
+
+#endif /* SEC_KDF_PBKDF2_H */
diff --git a/bertos/sec/kdf/pbkdf2_test.c b/bertos/sec/kdf/pbkdf2_test.c
new file mode 100644
index 00000000..326817cb
--- /dev/null
+++ b/bertos/sec/kdf/pbkdf2_test.c
@@ -0,0 +1,62 @@
+#include <string.h>
+#include <cpu/detect.h>
+#include <cfg/test.h>
+#include <cfg/debug.h>
+#include <sec/mac/hmac.h>
+#include <sec/hash/sha1.h>
+#include <sec/kdf/pbkdf2.h>
+
+int PBKDF2_testSetup(void)
+{
+	kdbg_init();
+	return 0;
+}
+
+int PBKDF2_testTearDown(void)
+{
+	return 0;
+}
+
+int PBKDF2_testRun(void)
+{
+	Kdf *kdf = PBKDF2_stackinit(HMAC_stackinit(SHA1_stackinit()));
+
+	uint8_t res[32];
+	
+	PBKDF2_set_iterations(kdf, 1);
+	kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4);
+	kdf_read(kdf, res, 20);
+	ASSERT(memcmp(res, "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20) == 0);
+	
+	PBKDF2_set_iterations(kdf, 2);
+	kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4);
+	kdf_read(kdf, res, 20);
+	ASSERT(memcmp(res, "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20) == 0);
+	
+	PBKDF2_set_iterations(kdf, 4096);
+	kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4);
+	kdf_read(kdf, res, 20);
+	ASSERT(memcmp(res, "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20) == 0);	
+	
+#if CPU_X86
+	// Too slow for an embedded system...
+	PBKDF2_set_iterations(kdf, 16777216);
+	kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4);
+	kdf_read(kdf, res, 20);
+	ASSERT(memcmp(res, "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20) == 0);
+#endif
+
+	PBKDF2_set_iterations(kdf, 4096);
+	kdf_begin(kdf, "pass\0word", 9, (const uint8_t*)"sa\0lt", 5);
+	kdf_read(kdf, res, 16);
+	ASSERT(memcmp(res, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37\xd7\xf0\x34\x25\xe0\xc3", 16) == 0);
+
+	PBKDF2_set_iterations(kdf, 4096);
+	kdf_begin(kdf, "passwordPASSWORDpassword", 24, (const uint8_t*)"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36);
+	kdf_read(kdf, res, 25);
+	ASSERT(memcmp(res, "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96\x4c\xf2\xf0\x70\x38", 25) == 0);
+
+	return 0;
+}
+
+TEST_MAIN(PBKDF2);
-- 
2.25.1