|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // This is enumeration of EAPOL source code. |
|
20 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
21 #undef EAP_FILE_NUMBER_ENUM |
|
22 #define EAP_FILE_NUMBER_ENUM 142 |
|
23 #undef EAP_FILE_NUMBER_DATE |
|
24 #define EAP_FILE_NUMBER_DATE 1127594498 |
|
25 #endif //#if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
26 |
|
27 |
|
28 #include <bigint.h> |
|
29 |
|
30 #include "dss_random.h" |
|
31 |
|
32 #include "eap_am_assert.h" |
|
33 #include "abs_eap_am_crypto.h" |
|
34 |
|
35 #include "eap_am_crypto_sha1.h" |
|
36 |
|
37 /** @file */ |
|
38 |
|
39 /** This is the block size in bytes. */ |
|
40 const u32_t BLOCK_SIZE = 160/8; |
|
41 |
|
42 #if defined(EAP_DEBUG_TRACE_ACTIVE) |
|
43 const u32_t DEBUG_BUFFER_SIZE = 64; |
|
44 #endif //#if defined(EAP_DEBUG_TRACE_ACTIVE) |
|
45 |
|
46 |
|
47 LOCAL_C void dss_pseudo_randomL(abs_eap_am_tools_c * const m_am_tools, u8_t *out, u32_t out_length, u8_t *xkey, u32_t xkey_length); |
|
48 |
|
49 |
|
50 /** |
|
51 * dss_random_G() implements the G() function using modified SHA-1. |
|
52 * @code |
|
53 * Copied from "Multiple Examples of DSA" http://csrc.nist.gov/encryption/dss/Examples-1024bit.pdf. |
|
54 * Using the revised algorithm found in the Change Notice for the generation of x values: |
|
55 * XKEY= bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6 |
|
56 * XSEED= 00000000 00000000 00000000 00000000 00000000 |
|
57 * The first loop through step 3.2 provides: |
|
58 * XVAL= bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6 |
|
59 * Using the routine in Appendix 3.3 Constructing The Function G From SHA-1 |
|
60 * provides: |
|
61 * w[0]= 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614 |
|
62 * The following value is the updated XKEY value from step 3.2.c: |
|
63 * XKEY= dd734ee0 bd0bcd3b adbaeb27 dd1eaa59 76803ecb |
|
64 * The second loop through step 3.2 provides: |
|
65 * XVAL= dd734ee0 bd0bcd3b adbaeb27 dd1eaa59 76803ecb |
|
66 * Using the routine in Appendix 3.3 Constructing The Function G From SHA-1 |
|
67 * provides: |
|
68 * w[1]= 3c6c18ba cb0f6c55 babb1378 8e20d737 a3275116 |
|
69 * The following value is the updated XKEY value from step 3.2.c: |
|
70 * XKEY= 19df679b 881b3991 6875fea0 6b3f8191 19a78fe2 |
|
71 * Step 3.3 provides the following values: |
|
72 * w[0] || w[1]= 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614 |
|
73 * 3c6c18ba cb0f6c55 babb1378 8e20d737 a3275116 |
|
74 * X= 47c27eb6 16dba413 91e5165b e9c5e397 7e39a15d |
|
75 * @endcode |
|
76 */ |
|
77 void dss_random_G(abs_eap_am_tools_c * const m_am_tools, u8_t *out, u32_t out_length, const u8_t *c, u32_t c_length) |
|
78 { |
|
79 u32_t *out_array = reinterpret_cast<u32_t *>(out); |
|
80 |
|
81 eap_am_crypto_sha1_c sha1(m_am_tools); |
|
82 u32_t output_length = out_length; |
|
83 |
|
84 eap_status_e status = sha1.eap_sha1_dss_G_function( |
|
85 c, |
|
86 c_length, |
|
87 out_array, |
|
88 &output_length |
|
89 ); |
|
90 if (status != eap_status_ok) |
|
91 { |
|
92 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_EAP_AM_CRYPTO, (EAPL("eap_sha1_dss_G_function(): status = %d"), |
|
93 status)); |
|
94 } |
|
95 |
|
96 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_EAP_AM_CRYPTO, (EAPL("dss_random_G(): out_array"), |
|
97 out_array, sizeof(out_array)*5)); |
|
98 |
|
99 } |
|
100 |
|
101 /** |
|
102 * dss_pseudo_random() implements pseudo random function for key generation of EAP/SIM. |
|
103 * @code |
|
104 * Random generator becomes as follows: |
|
105 * Step 1. Choose a new, secret value for the seed-key, XKEY. |
|
106 * Step 2. In hexadecimal notation let |
|
107 * t = 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0. |
|
108 * This is the initial value for H0 || H1 || H2 || H3 || H4 in the SHS. |
|
109 * Step 3. For j = 0 to m - 1 do |
|
110 * c. xj = G(t,XKEY). |
|
111 * d. XKEY = (1 + XKEY + xj) mod 2^b. |
|
112 * @endcode |
|
113 */ |
|
114 eap_status_e dss_pseudo_random(abs_eap_am_tools_c * const m_am_tools, u8_t *out, u32_t out_length, u8_t *xkey, u32_t xkey_length) |
|
115 { |
|
116 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
117 eap_status_e status = eap_status_ok; |
|
118 __UHEAP_MARK; |
|
119 |
|
120 TRAPD(err, dss_pseudo_randomL(m_am_tools, out, out_length, xkey, xkey_length)); |
|
121 if (err != KErrNone) |
|
122 { |
|
123 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
124 } |
|
125 |
|
126 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
127 __UHEAP_MARKEND; |
|
128 return status; |
|
129 } |
|
130 |
|
131 LOCAL_C void dss_pseudo_randomL(abs_eap_am_tools_c * const m_am_tools, u8_t *out, u32_t out_length, u8_t *xkey, u32_t xkey_length) |
|
132 { |
|
133 EAP_UNREFERENCED_PARAMETER(xkey_length); |
|
134 |
|
135 u32_t block_count = out_length/BLOCK_SIZE; |
|
136 if ((out_length % BLOCK_SIZE) != 0) |
|
137 { |
|
138 EAP_TRACE_DEBUG( |
|
139 m_am_tools, |
|
140 TRACE_FLAGS_DEFAULT, |
|
141 (EAPL("ERROR: dss_pseudo_random(): out buffer length 0x%08x not aligned to 0x%08x.\n"), |
|
142 out_length, BLOCK_SIZE)); |
|
143 |
|
144 User::Leave(KErrArgument); |
|
145 } |
|
146 |
|
147 TBuf8<BLOCK_SIZE> tmp_out; |
|
148 TBuf8<BLOCK_SIZE> tmp_xkey; |
|
149 |
|
150 tmp_xkey.Append(xkey, BLOCK_SIZE); |
|
151 |
|
152 #if defined(EAP_DEBUG_TRACE_ACTIVE) |
|
153 u8_t debug_buffer[DEBUG_BUFFER_SIZE]; |
|
154 #endif //#if defined(EAP_DEBUG_TRACE_ACTIVE) |
|
155 |
|
156 EAP_TRACE_DATA_DEBUG( |
|
157 m_am_tools, |
|
158 TRACE_FLAGS_EAP_AM_CRYPTO, |
|
159 (EAPL("dss_pseudo_random(): xkey"), |
|
160 xkey, xkey_length)); |
|
161 |
|
162 RInteger bn_xkey = RInteger::NewL(tmp_xkey); |
|
163 CleanupStack::PushL(bn_xkey); |
|
164 |
|
165 RInteger bn_two = RInteger::NewL(2); |
|
166 CleanupStack::PushL(bn_two); |
|
167 |
|
168 RInteger bn_160 = RInteger::NewL(160); |
|
169 CleanupStack::PushL(bn_160); |
|
170 |
|
171 // Calculate 2^160 |
|
172 RInteger bn_mod = bn_two.ExponentiateL(bn_160); |
|
173 |
|
174 CleanupStack::PopAndDestroy(&bn_160); |
|
175 CleanupStack::PopAndDestroy(&bn_two); |
|
176 |
|
177 CleanupStack::PushL(bn_mod); |
|
178 |
|
179 for (u32_t ind = 0; ind < block_count; ind++) |
|
180 { |
|
181 dss_random_G(m_am_tools, &(out[ind*BLOCK_SIZE]), BLOCK_SIZE, tmp_xkey.Ptr(), BLOCK_SIZE); |
|
182 |
|
183 EAP_TRACE_DATA_DEBUG( |
|
184 m_am_tools, |
|
185 TRACE_FLAGS_EAP_AM_CRYPTO, |
|
186 (EAPL("dss_pseudo_random(): xj = G(xkey)"), |
|
187 &(out[ind*BLOCK_SIZE]), BLOCK_SIZE)); |
|
188 |
|
189 if (ind+1u >= block_count) |
|
190 { |
|
191 break; |
|
192 } |
|
193 |
|
194 // Get the calculated block to be used |
|
195 tmp_out.Copy(&(out[ind*BLOCK_SIZE]), BLOCK_SIZE); |
|
196 |
|
197 // This must be constructed inside the loop because the only way |
|
198 // to assign descriptor values to CInteger seems to be by using NewLC. |
|
199 RInteger bn_xj = RInteger::NewL(tmp_out); |
|
200 CleanupStack::PushL(bn_xj); |
|
201 |
|
202 // Calculate bn_xkey = (XKEY + 1 + xj) mod 2^b |
|
203 bn_xkey += 1; |
|
204 bn_xkey += bn_xj; |
|
205 bn_xkey %= bn_mod; |
|
206 |
|
207 // New tmp_xkey |
|
208 tmp_xkey.Copy(bn_xkey.BufferLC()->Des()); |
|
209 |
|
210 CleanupStack::PopAndDestroy(); // bn_xkey buffer |
|
211 CleanupStack::PopAndDestroy(&bn_xj); |
|
212 |
|
213 EAP_TRACE_DEBUG( |
|
214 m_am_tools, |
|
215 TRACE_FLAGS_EAP_AM_CRYPTO, |
|
216 (EAPL("dss_pseudo_random(): xkey[%d] = (1 + xkey[%d] + x[%d]) % mod\n"), |
|
217 ind+1u, |
|
218 ind, |
|
219 ind)); |
|
220 |
|
221 EAP_TRACE_FORMAT( |
|
222 m_am_tools, |
|
223 (debug_buffer, |
|
224 sizeof(debug_buffer), |
|
225 EAPL("xkey[%d]"), |
|
226 ind+1u)); |
|
227 |
|
228 EAP_TRACE_DATA_DEBUG( |
|
229 m_am_tools, |
|
230 TRACE_FLAGS_EAP_AM_CRYPTO, |
|
231 ((eap_format_string)debug_buffer, |
|
232 tmp_xkey.Ptr(), |
|
233 tmp_xkey.Length())); |
|
234 |
|
235 } // for() |
|
236 |
|
237 CleanupStack::PopAndDestroy(&bn_mod); |
|
238 CleanupStack::PopAndDestroy(&bn_xkey); |
|
239 } |
|
240 |
|
241 |
|
242 // End. |