/* * pbkdf2.c * -------- * PBKDF2 (RFC 2898) on top of HAL interface to Cryptech hash cores. * * Authors: Rob Austein * Copyright (c) 2015, SUNET * * Redistribution and use in source and binary forms, with or * without modification, are permitted provided that the following * conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include "hal.h" /* * Utility to encapsulate the HMAC operations. May need refactoring * if and when we get clever about reusing HMAC state for speed. */ static hal_error_t do_hmac(const hal_hash_descriptor_t * const d, const uint8_t * const pw, const size_t pw_len, const uint8_t * const data, const size_t data_len, const uint32_t block, uint8_t * mac, const size_t mac_len) { assert(d != NULL && pw != NULL && data != NULL && mac != NULL); uint8_t sb[d->hmac_state_length]; hal_hmac_state_t *s; hal_error_t err; if ((err = hal_hmac_initialize(d, &s, sb, sizeof(sb), pw, pw_len)) != HAL_OK) return err; if ((err = hal_hmac_update(s, data, data_len)) != HAL_OK) return err; if (block > 0) { uint8_t b[4] = { (block >> 24) & 0xFF, (block >> 16) & 0xFF, (block >> 8) & 0xFF, (block >> 0) & 0xFF }; if ((err = hal_hmac_update(s, b, sizeof(b))) != HAL_OK) return err; } return hal_hmac_finalize(s, mac, mac_len); } /* * Derive a key from a passphrase using the PBKDF2 algorithm. */ hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor, const uint8_t * const password, const size_t password_length, const uint8_t * const salt, const size_t salt_length, uint8_t * derived_key, size_t derived_key_length, unsigned iterations_desired) { uint8_t result[HAL_MAX_HASH_DIGEST_LENGTH], mac[HAL_MAX_HASH_DIGEST_LENGTH]; uint8_t statebuf[1024]; unsigned iteration; hal_error_t err; uint32_t block; int i; if (descriptor == NULL || password == NULL || salt == NULL || derived_key == NULL || derived_key_length == 0 || iterations_desired == 0) return HAL_ERROR_BAD_ARGUMENTS; assert(sizeof(statebuf) >= descriptor->hmac_state_length); assert(sizeof(result) >= descriptor->digest_length); assert(sizeof(mac) >= descriptor->digest_length); /* Output length check per RFC 2989 5.2. */ if ((uint64_t) derived_key_length > ((uint64_t) 0xFFFFFFFF) * descriptor->block_length) return HAL_ERROR_UNSUPPORTED_KEY; memset(result, 0, sizeof(result)); memset(mac, 0, sizeof(mac)); /* * We probably should check here to see whether the password is * longer than the HMAC block size, and, if so, we should hash the * password here to avoid having recomputing that every time through * the loops below. There are other optimizations we'd like to * make, but this one doesn't require being able to save and restore * the hash state. */ /* * Generate output blocks until we reach the requested length. */ for (block = 1; ; block++) { /* * Initial HMAC is of the salt concatenated with the block count. * This seeds the result, and constitutes iteration one. */ if ((err = do_hmac(descriptor, password, password_length, salt, salt_length, block, mac, sizeof(mac))) != HAL_OK) return err; memcpy(result, mac, descriptor->digest_length); /* * Now iterate however many times the caller requested, XORing the * HMAC back into the result on each iteration. */ for (iteration = 2; iteration <= iterations_desired; iteration++) { if ((err = do_hmac(descriptor, password, password_length, mac, descriptor->digest_length, 0, mac, sizeof(mac))) != HAL_OK) return err; for (i = 0; i < descriptor->digest_length; i++) result[i] ^= mac[i]; } /* * Save result block, then exit or loop for another block. */ if (derived_key_length > descriptor->digest_length) { memcpy(derived_key, result, descriptor->digest_length); derived_key += descriptor->digest_length; derived_key_length -= descriptor->digest_length; } else { memcpy(derived_key, result, derived_key_length); return HAL_OK; } } } /* * Local variables: * indent-tabs-mode: nil * End: */ fix&id=785230990d43a1aaf11ebd102ce66e1c788cc4da'>7852309 
93941c6


7852309

93941c6


7852309


93941c6


7852309

93941c6


7852309


93941c6


7852309

93941c6

cf865e9

7852309


cf865e9





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

37
38
39

40

41
42

43
44

45
46

47
48

49

50
51

52
53

54
55

56

57
58

59
60

61
62

63

64

65

66
67

68
69
70
71
72




































                                                                           


                      
                   

                                                                            

                                

                  

                                       
 

                     

                              

                                                                    
 

                                     

                               

                                                                    
 
                                    
 

                           




                        
/*
 * novena-eim.h
 * ------------
 * This module contains the userland magic to set up and use the EIM bus.
 *
 *
 * Author: Pavel Shatov
 * Copyright (c) 2014-2015, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef _NOVENA_EIM_H_
#define _NOVENA_EIM_H_

#include <stdint.h>
#include <sys/types.h>  /* Required for off_t, at least on Debian Wheezy. */

#define EIM_BASE_ADDR 0x08000000

/*
 * Set up EIM bus.
 * Returns 0 on success, -1 on failure.
 */

int  eim_setup(void);

/*
 * Write a 32-bit word to EIM.
 * If EIM is not set up correctly, this will abort with a bus error.
 */

void eim_write_32(off_t, uint32_t *);

/*
 * Read a 32-bit word from EIM.
 * If EIM is not set up correctly, this will abort with a bus error.
 */

void eim_read_32(off_t, uint32_t *);

#endif /* _NOVENA_EIM_H_ */

/*
 * Local variables:
 * indent-tabs-mode: nil
 * End:
 */
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 10:49:52 +0000