* pbkdf2.c (F): Now takes krb5_data for password and salt.

(krb5int_pbkdf2, krb5int_pbkdf2_hmac_sha1, krb5int_pbkdf2_hmac_sha1_128,
krb5int_pbkdf2_hmac_sha1_256): Likewise, and for output also.
* vectors.c (test_pbkdf2): Calls updated.
(main): Run pbkdf2 tests.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15216 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index 23410f9d0ef86d0febb0b1b8d2ca1b18a66f39e1..b5448c86774d18f7a6d4302ecaf8648c950d47e4 100644 (file)
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,12 @@
+2003-03-03  Ken Raeburn  <raeburn@mit.edu>
+
+       * pbkdf2.c (F): Now takes krb5_data for password and salt.
+       (krb5int_pbkdf2, krb5int_pbkdf2_hmac_sha1,
+       krb5int_pbkdf2_hmac_sha1_128, krb5int_pbkdf2_hmac_sha1_256):
+       Likewise, and for output also.
+       * vectors.c (test_pbkdf2): Calls updated.
+       (main): Run pbkdf2 tests.
+
 2003-02-03  Ken Raeburn  <raeburn@mit.edu>
 
        * aes: New directory, containing AES implementation from Brian

diff --git a/src/lib/crypto/pbkdf2.c b/src/lib/crypto/pbkdf2.c
index 03b729335077e701e81f6f59ec74bb51dff9f39d..d93b5b893ca088859a4ebc5ec1bb00d1352e03e5 100644 (file)
--- a/src/lib/crypto/pbkdf2.c
+++ b/src/lib/crypto/pbkdf2.c
@@ -36,17 +36,17 @@
 extern krb5_error_code
 krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
                                       krb5_data *),
-               size_t hlen, const char *pass, const char *salt,
-               unsigned long count, size_t dklen, char *output);
+               size_t hlen, const krb5_data *pass, const krb5_data *salt,
+               unsigned long count, krb5_data *output);
 extern krb5_error_code
-krb5int_pbkdf2_hmac_sha1 (char *out, size_t len, unsigned long count,
-                         const char *pass, const char *salt);
+krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
+                         const krb5_data *pass, const krb5_data *salt);
 extern krb5_error_code
 krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count,
-                             const char *pass, const char *salt);
+                             const krb5_data *pass, const krb5_data *salt);
 extern krb5_error_code
 krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count,
-                             const char *pass, const char *salt);
+                             const krb5_data *pass, const krb5_data *salt);
 
 
 
@@ -84,7 +84,7 @@ static krb5_error_code
 F(char *output, char *u_tmp1, char *u_tmp2,
   krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, krb5_data *),
   size_t hlen,
-  const char *pass, const char *salt,
+  const krb5_data *pass, const krb5_data *salt,
   unsigned long count, int i)
 {
     unsigned char ibytes[4];
@@ -95,11 +95,12 @@ F(char *output, char *u_tmp1, char *u_tmp2,
     krb5_data out;
     krb5_error_code err;
 
-    pdata.contents = pass;
-    pdata.length = strlen(pass);
+    pdata.contents = pass->data;
+    pdata.length = pass->length;
 
 #if 0
-    printf("F(i=%d, count=%lu, pass=%s)\n", i, count, pass);
+    printf("F(i=%d, count=%lu, pass=%d:%s)\n", i, count,
+          pass->length, pass->data);
     printk("F password", &pdata);
 #endif
 
@@ -109,8 +110,8 @@ F(char *output, char *u_tmp1, char *u_tmp2,
     ibytes[1] = (i >> 16) & 0xff;
     ibytes[0] = (i >> 24) & 0xff;
 
-    tlen = strlen(salt);
-    memcpy(u_tmp2, salt, tlen);
+    tlen = salt->length;
+    memcpy(u_tmp2, salt->data, tlen);
     memcpy(u_tmp2 + tlen, ibytes, 4);
     tlen += 4;
     sdata.data = u_tmp2;
@@ -164,30 +165,23 @@ krb5_error_code
 krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
                                       krb5_data *),
                size_t hlen,
-               const char *pass, const char *salt,
-               unsigned long count, size_t dklen,
-               char *output)
+               const krb5_data *pass, const krb5_data *salt,
+               unsigned long count, krb5_data *output)
 {
     int l, r, i;
     char *utmp1, *utmp2;
 
-    if (dklen == 0 || hlen == 0)
+    if (output->length == 0 || hlen == 0)
        abort();
     /* Step 1 & 2.  */
-    if (dklen / hlen > 0xffffffff)
+    if (output->length / hlen > 0xffffffff)
        abort();
     /* Step 2.  */
-    l = (dklen + hlen - 1) / hlen;
-    r = dklen - (l - 1) * hlen;
+    l = (output->length + hlen - 1) / hlen;
+    r = output->length - (l - 1) * hlen;
 
-#if 0
-    output = malloc(dklen + hlen + strlen(salt) + 4 + hlen);
-    if (output == NULL) {
-       abort();
-    }
-#endif
     utmp1 = /*output + dklen; */ malloc(hlen);
-    utmp2 = /*utmp1 + hlen; */ malloc(strlen(salt) + 4 + hlen);
+    utmp2 = /*utmp1 + hlen; */ malloc(salt->length + 4 + hlen);
 
     /* Step 3.  */
     for (i = 1; i <= l; i++) {
@@ -196,15 +190,15 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
 #endif
        krb5_error_code err;
 
-       err = F(output + (i-1) * hlen, utmp1, utmp2, prf, hlen,
+       err = F(output->data + (i-1) * hlen, utmp1, utmp2, prf, hlen,
                pass, salt, count, i);
        if (err)
            return err;
 
 #if 0
-       printf("after F(%d), @%p:\n", i, output);
+       printf("after F(%d), @%p:\n", i, output->data);
        for (j = (i-1) * hlen; j < i * hlen; j++)
-           printf(" %02x", 0xff & output[j]);
+           printf(" %02x", 0xff & output->data[j]);
        printf ("\n");
 #endif
     }
@@ -259,22 +253,28 @@ foo(krb5_keyblock *pass, krb5_data *salt, krb5_data *out)
 }
 
 krb5_error_code
-krb5int_pbkdf2_hmac_sha1 (char *out, size_t len, unsigned long count,
-                         const char *pass, const char *salt)
+krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
+                         const krb5_data *pass, const krb5_data *salt)
 {
-    return krb5int_pbkdf2 (foo, 20, pass, salt, count, len, out);
+    return krb5int_pbkdf2 (foo, 20, pass, salt, count, out);
 }
 
 krb5_error_code
 krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count,
-                             const char *pass, const char *salt)
+                             const krb5_data *pass, const krb5_data *salt)
 {
-    return krb5int_pbkdf2 (foo, 20, pass, salt, count, 16, out);
+    krb5_data out_d;
+    out_d.data = out;
+    out_d.length = 16;
+    return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d);
 }
 
 krb5_error_code
 krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count,
-                             const char *pass, const char *salt)
+                             const krb5_data *pass, const krb5_data *salt)
 {
-    return krb5int_pbkdf2 (foo, 20, pass, salt, count, 32, out);
+    krb5_data out_d;
+    out_d.data = out;
+    out_d.length = 32;
+    return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d);
 }

diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c
index 2bb90452a515c434d7b1371964f6f2d742e9d5c5..b5ca63e8c27412e9cb7e28d2e6495b2af38a594a 100644 (file)
--- a/src/lib/crypto/vectors.c
+++ b/src/lib/crypto/vectors.c
@@ -394,7 +394,7 @@ test_pbkdf2()
     krb5_error_code err;
     krb5_data d;
     krb5_keyblock k, dk;
-    krb5_data usage;
+    krb5_data usage, pass, salt;
 
     d.data = x;
     dk.contents = x2;
@@ -416,8 +416,11 @@ test_pbkdf2()
        }
 
        d.length = 16;
-       err = krb5int_pbkdf2_hmac_sha1_128 (x, test[j].count,
-                                           test[j].pass, test[j].salt);
+       pass.data = test[j].pass;
+       pass.length = strlen(pass.data);
+       salt.data = test[j].salt;
+       salt.length = strlen(salt.data);
+       err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
        printd("128-bit PBKDF2 output", &d);
        enc = &krb5int_enc_aes128;
        k.contents = d.data;
@@ -427,8 +430,7 @@ test_pbkdf2()
        printk("128-bit AES key",&dk);
 
        d.length = 32;
-       err = krb5int_pbkdf2_hmac_sha1_256 (x, test[j].count,
-                                           test[j].pass, test[j].salt);
+       err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
        printd("256-bit PBKDF2 output", &d);
        enc = &krb5int_enc_aes256;
        k.contents = d.data;
@@ -451,7 +453,7 @@ int main (int argc, char **argv)
     test_mit_des_s2k ();
     test_des3_s2k ();
     test_dr_dk ();
-    test_pbkdf2();
 #endif
+    test_pbkdf2();
     return 0;
 }