From 5b8a5d2a4459f7f1a500e56a12fd39acb2bb04fc Mon Sep 17 00:00:00 2001 From: rasky Date: Fri, 24 Sep 2010 16:23:28 +0000 Subject: [PATCH] SEC: add implementations for PBKDF1 and PBKDF2. git-svn-id: https://src.develer.com/svnoss/bertos/trunk@4305 38d2e660-2303-0410-9eaa-f027e97ec537 --- bertos/sec/kdf/pbkdf1.c | 106 ++++++++++++++++++++++++++++++++ bertos/sec/kdf/pbkdf1.h | 61 +++++++++++++++++++ bertos/sec/kdf/pbkdf1_test.c | 34 +++++++++++ bertos/sec/kdf/pbkdf2.c | 113 +++++++++++++++++++++++++++++++++++ bertos/sec/kdf/pbkdf2.h | 65 ++++++++++++++++++++ bertos/sec/kdf/pbkdf2_test.c | 62 +++++++++++++++++++ 6 files changed, 441 insertions(+) create mode 100644 bertos/sec/kdf/pbkdf1.c create mode 100644 bertos/sec/kdf/pbkdf1.h create mode 100644 bertos/sec/kdf/pbkdf1_test.c create mode 100644 bertos/sec/kdf/pbkdf2.c create mode 100644 bertos/sec/kdf/pbkdf2.h create mode 100644 bertos/sec/kdf/pbkdf2_test.c diff --git a/bertos/sec/kdf/pbkdf1.c b/bertos/sec/kdf/pbkdf1.c new file mode 100644 index 00000000..bf4980bd --- /dev/null +++ b/bertos/sec/kdf/pbkdf1.c @@ -0,0 +1,106 @@ +/** + * \file + * + * + * \brief PBKDF1 implementation + * \author Giovanni Bajo + * + */ + +#include "pbkdf1.h" +#include +#include + + +static void PBKDF1_begin(Kdf *ctx_, const char *pwd, size_t pwd_len, + const uint8_t *salt, size_t salt_len) +{ + PBKDF1_Context *ctx = (PBKDF1_Context *)ctx_; + + hash_begin(ctx->hash); + hash_update(ctx->hash, pwd, pwd_len); + hash_update(ctx->hash, salt, salt_len); + + ctx->kdf.to_read = 0; + ctx->kdf.block = NULL; +} + +static void PBKDF1_next(Kdf *ctx_) +{ + PBKDF1_Context *ctx = (PBKDF1_Context *)ctx_; + + // PBKDF1 will generate only one block of data (whose len depends + // on the underlying hash function). After that, the generation stops + // with an ASSERT. If you use PKBDF1, you are supposed to be aware + // of this limit while designing your algorithm. + ASSERT(ctx->kdf.block == NULL); + + int hlen = hash_digest_len(ctx->hash); + uint8_t temp[hlen]; + uint8_t *final = hash_final(ctx->hash); + + for (uint32_t i=0; iiterations-1; i++) + { + memcpy(temp, final, hlen); + hash_begin(ctx->hash); + hash_update(ctx->hash, temp, hlen); + final = hash_final(ctx->hash); + } + + PURGE(temp); + + ctx->kdf.to_read = ctx->kdf.block_len; + ctx->kdf.block = final; +} + +/**********************************************************************/ + +// Default iteration count. The RFC does not specify a "good" default +// value; it just says that this should be a high value to slow down +// computations. Since slowing down is not much of a concern for an +// embedded system, we settle for a value which is not too big. +#define PBKDF1_DEFAULT_ITERATIONS 100 + + +void PBKDF1_init(PBKDF1_Context *ctx, Hash *h) +{ + ctx->hash = h; + ctx->iterations = PBKDF1_DEFAULT_ITERATIONS; + ctx->kdf.begin = PBKDF1_begin; + ctx->kdf.next = PBKDF1_next; + ctx->kdf.block_len = hash_digest_len(h); +} + +void PBKDF1_set_iterations(Kdf *ctx_, uint32_t iterations) +{ + PBKDF1_Context *ctx = (PBKDF1_Context *)ctx_; + ctx->iterations = iterations; +} diff --git a/bertos/sec/kdf/pbkdf1.h b/bertos/sec/kdf/pbkdf1.h new file mode 100644 index 00000000..f64d0d81 --- /dev/null +++ b/bertos/sec/kdf/pbkdf1.h @@ -0,0 +1,61 @@ +/** + * \file + * + * + * \brief PBKDF1 implementation + * \author Giovanni Bajo + * + */ + +#ifndef SEC_KDF_PBKDF1_H +#define SEC_KDF_PBKDF1_H + +#include +#include + +typedef struct +{ + Kdf kdf; + Hash *hash; + uint32_t iterations; +} PBKDF1_Context; + +void PBKDF1_init(PBKDF1_Context *ctx, Hash *h); +void PBKDF1_set_iterations(Kdf *kdf, uint32_t iterations); + +#define PBKDF1_stackinit(...) \ + ({ PBKDF1_Context *ctx = alloca(sizeof(PBKDF1_Context)); PBKDF1_init(ctx , ##__VA_ARGS__); &ctx->kdf; }) + +int PBKDF1_testSetup(void); +int PBKDF1_testRun(void); +int PBKDF1_testTearDown(void); + +#endif /* SEC_KDF_PBKDF1_H */ diff --git a/bertos/sec/kdf/pbkdf1_test.c b/bertos/sec/kdf/pbkdf1_test.c new file mode 100644 index 00000000..1e0f727d --- /dev/null +++ b/bertos/sec/kdf/pbkdf1_test.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include +#include +#include +#include + +int PBKDF1_testSetup(void) +{ + kdbg_init(); + return 0; +} + +int PBKDF1_testTearDown(void) +{ + return 0; +} + +int PBKDF1_testRun(void) +{ + Kdf *kdf = PBKDF1_stackinit(SHA1_stackinit()); + + uint8_t res[16]; + + PBKDF1_set_iterations(kdf, 1000); + kdf_begin(kdf, "password", 8, (const uint8_t*)"\x78\x57\x8E\x5A\x5D\x63\xCB\x06", 8); + kdf_read(kdf, res, 16); + ASSERT(memcmp(res, "\xDC\x19\x84\x7E\x05\xC6\x4D\x2F\xAF\x10\xEB\xFB\x4A\x3D\x2A\x20", 16) == 0); + + return 0; +} + +TEST_MAIN(PBKDF1); diff --git a/bertos/sec/kdf/pbkdf2.c b/bertos/sec/kdf/pbkdf2.c new file mode 100644 index 00000000..e3d1f5f8 --- /dev/null +++ b/bertos/sec/kdf/pbkdf2.c @@ -0,0 +1,113 @@ +/** + * \file + * + * + * \brief PBKDF2 implementation + * \author Giovanni Bajo + * + */ + +#include "pbkdf2.h" +#include +#include +#include + +static void PBKDF2_begin(Kdf *ctx_, const char *pwd, size_t pwd_len, + const uint8_t *salt, size_t salt_len) +{ + PBKDF2_Context *ctx = (PBKDF2_Context*)ctx_; + + ASSERT(sizeof(ctx->salt) >= salt_len); + + mac_set_key(ctx->mac, (const uint8_t*)pwd, pwd_len); + ctx->salt_len = salt_len; + memcpy(ctx->salt, salt, salt_len); + ctx->c = 0; + ctx->kdf.to_read = 0; + ctx->kdf.block = NULL; +} + +static void PBKDF2_next(Kdf *ctx_) +{ + PBKDF2_Context *ctx = (PBKDF2_Context*)ctx_; + int dlen = mac_digest_len(ctx->mac); + uint8_t last[dlen]; + + ++ctx->c; + uint32_t bec = cpu_to_be32(ctx->c); + + mac_begin(ctx->mac); + mac_update(ctx->mac, ctx->salt, ctx->salt_len); + mac_update(ctx->mac, &bec, 4); + memcpy(last, mac_final(ctx->mac), dlen); + memcpy(ctx->block, last, dlen); + + for (uint32_t i=0; iiterations-1; ++i) + { + mac_begin(ctx->mac); + mac_update(ctx->mac, last, dlen); + memcpy(last, mac_final(ctx->mac), dlen); + xor_block(ctx->block, ctx->block, last, dlen); + } + + ctx->kdf.to_read = dlen; + ctx->kdf.block = ctx->block; + + PURGE(last); +} + + +/**********************************************************************/ + +// Default iteration count. The RFC does not specify a "good" default +// value; it just says that this should be a high value to slow down +// computations. Since slowing down is not much of a concern for an +// embedded system, we settle for a value which is not too big. +#define PBKDF2_DEFAULT_ITERATIONS 100 + + +void PBKDF2_init(PBKDF2_Context *ctx, Mac *mac) +{ + ctx->salt_len = 0; + ctx->mac = mac; + ctx->iterations = PBKDF2_DEFAULT_ITERATIONS; + ctx->kdf.begin = PBKDF2_begin; + ctx->kdf.next = PBKDF2_next; + ctx->kdf.block_len = mac_digest_len(mac); + ASSERT(ctx->kdf.block_len <= sizeof(ctx->block)); +} + +void PBKDF2_set_iterations(Kdf *ctx_, uint32_t iterations) +{ + PBKDF2_Context *ctx = (PBKDF2_Context*)ctx_; + ctx->iterations = iterations; +} + diff --git a/bertos/sec/kdf/pbkdf2.h b/bertos/sec/kdf/pbkdf2.h new file mode 100644 index 00000000..43d44d18 --- /dev/null +++ b/bertos/sec/kdf/pbkdf2.h @@ -0,0 +1,65 @@ +/** + * \file + * + * + * \brief PBKDF2 implementation + * \author Giovanni Bajo + * + */ + +#ifndef SEC_KDF_PBKDF2_H +#define SEC_KDF_PBKDF2_H + +#include +#include + +typedef struct +{ + Kdf kdf; + Mac *mac; + uint8_t block[20]; + uint32_t c; + uint32_t iterations; + uint8_t salt_len; + uint8_t salt[48]; +} PBKDF2_Context; + +void PBKDF2_init(PBKDF2_Context *ctx, Mac *mac); +void PBKDF2_set_iterations(Kdf *kdf, uint32_t iterations); + +#define PBKDF2_stackinit(...) \ + ({ PBKDF2_Context *ctx = alloca(sizeof(PBKDF2_Context)); PBKDF2_init(ctx , ##__VA_ARGS__); &ctx->kdf; }) + +int PBKDF2_testSetup(void); +int PBKDF2_testRun(void); +int PBKDF2_testTearDown(void); + +#endif /* SEC_KDF_PBKDF2_H */ diff --git a/bertos/sec/kdf/pbkdf2_test.c b/bertos/sec/kdf/pbkdf2_test.c new file mode 100644 index 00000000..326817cb --- /dev/null +++ b/bertos/sec/kdf/pbkdf2_test.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include +#include +#include +#include + +int PBKDF2_testSetup(void) +{ + kdbg_init(); + return 0; +} + +int PBKDF2_testTearDown(void) +{ + return 0; +} + +int PBKDF2_testRun(void) +{ + Kdf *kdf = PBKDF2_stackinit(HMAC_stackinit(SHA1_stackinit())); + + uint8_t res[32]; + + PBKDF2_set_iterations(kdf, 1); + kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4); + kdf_read(kdf, res, 20); + ASSERT(memcmp(res, "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20) == 0); + + PBKDF2_set_iterations(kdf, 2); + kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4); + kdf_read(kdf, res, 20); + ASSERT(memcmp(res, "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20) == 0); + + PBKDF2_set_iterations(kdf, 4096); + kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4); + kdf_read(kdf, res, 20); + ASSERT(memcmp(res, "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20) == 0); + +#if CPU_X86 + // Too slow for an embedded system... + PBKDF2_set_iterations(kdf, 16777216); + kdf_begin(kdf, "password", 8, (const uint8_t*)"salt", 4); + kdf_read(kdf, res, 20); + ASSERT(memcmp(res, "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20) == 0); +#endif + + PBKDF2_set_iterations(kdf, 4096); + kdf_begin(kdf, "pass\0word", 9, (const uint8_t*)"sa\0lt", 5); + kdf_read(kdf, res, 16); + ASSERT(memcmp(res, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37\xd7\xf0\x34\x25\xe0\xc3", 16) == 0); + + PBKDF2_set_iterations(kdf, 4096); + kdf_begin(kdf, "passwordPASSWORDpassword", 24, (const uint8_t*)"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36); + kdf_read(kdf, res, 25); + ASSERT(memcmp(res, "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96\x4c\xf2\xf0\x70\x38", 25) == 0); + + return 0; +} + +TEST_MAIN(PBKDF2); -- 2.25.1