From eb3c4496b385671136f39b8b618c2d1b51739b72 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Mon, 3 Mar 2003 22:00:30 +0000 Subject: [PATCH] * pbkdf2.c (F): Now takes krb5_data for password and salt. (krb5int_pbkdf2, krb5int_pbkdf2_hmac_sha1, krb5int_pbkdf2_hmac_sha1_128, krb5int_pbkdf2_hmac_sha1_256): Likewise, and for output also. * vectors.c (test_pbkdf2): Calls updated. (main): Run pbkdf2 tests. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15216 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/ChangeLog | 9 +++++ src/lib/crypto/pbkdf2.c | 72 ++++++++++++++++++++-------------------- src/lib/crypto/vectors.c | 14 ++++---- 3 files changed, 53 insertions(+), 42 deletions(-) diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 23410f9d0..b5448c867 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,12 @@ +2003-03-03 Ken Raeburn + + * pbkdf2.c (F): Now takes krb5_data for password and salt. + (krb5int_pbkdf2, krb5int_pbkdf2_hmac_sha1, + krb5int_pbkdf2_hmac_sha1_128, krb5int_pbkdf2_hmac_sha1_256): + Likewise, and for output also. + * vectors.c (test_pbkdf2): Calls updated. + (main): Run pbkdf2 tests. + 2003-02-03 Ken Raeburn * aes: New directory, containing AES implementation from Brian diff --git a/src/lib/crypto/pbkdf2.c b/src/lib/crypto/pbkdf2.c index 03b729335..d93b5b893 100644 --- a/src/lib/crypto/pbkdf2.c +++ b/src/lib/crypto/pbkdf2.c @@ -36,17 +36,17 @@ extern krb5_error_code krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, krb5_data *), - size_t hlen, const char *pass, const char *salt, - unsigned long count, size_t dklen, char *output); + size_t hlen, const krb5_data *pass, const krb5_data *salt, + unsigned long count, krb5_data *output); extern krb5_error_code -krb5int_pbkdf2_hmac_sha1 (char *out, size_t len, unsigned long count, - const char *pass, const char *salt); +krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count, + const krb5_data *pass, const krb5_data *salt); extern krb5_error_code krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count, - const char *pass, const char *salt); + const krb5_data *pass, const krb5_data *salt); extern krb5_error_code krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count, - const char *pass, const char *salt); + const krb5_data *pass, const krb5_data *salt); @@ -84,7 +84,7 @@ static krb5_error_code F(char *output, char *u_tmp1, char *u_tmp2, krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, krb5_data *), size_t hlen, - const char *pass, const char *salt, + const krb5_data *pass, const krb5_data *salt, unsigned long count, int i) { unsigned char ibytes[4]; @@ -95,11 +95,12 @@ F(char *output, char *u_tmp1, char *u_tmp2, krb5_data out; krb5_error_code err; - pdata.contents = pass; - pdata.length = strlen(pass); + pdata.contents = pass->data; + pdata.length = pass->length; #if 0 - printf("F(i=%d, count=%lu, pass=%s)\n", i, count, pass); + printf("F(i=%d, count=%lu, pass=%d:%s)\n", i, count, + pass->length, pass->data); printk("F password", &pdata); #endif @@ -109,8 +110,8 @@ F(char *output, char *u_tmp1, char *u_tmp2, ibytes[1] = (i >> 16) & 0xff; ibytes[0] = (i >> 24) & 0xff; - tlen = strlen(salt); - memcpy(u_tmp2, salt, tlen); + tlen = salt->length; + memcpy(u_tmp2, salt->data, tlen); memcpy(u_tmp2 + tlen, ibytes, 4); tlen += 4; sdata.data = u_tmp2; @@ -164,30 +165,23 @@ krb5_error_code krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, krb5_data *), size_t hlen, - const char *pass, const char *salt, - unsigned long count, size_t dklen, - char *output) + const krb5_data *pass, const krb5_data *salt, + unsigned long count, krb5_data *output) { int l, r, i; char *utmp1, *utmp2; - if (dklen == 0 || hlen == 0) + if (output->length == 0 || hlen == 0) abort(); /* Step 1 & 2. */ - if (dklen / hlen > 0xffffffff) + if (output->length / hlen > 0xffffffff) abort(); /* Step 2. */ - l = (dklen + hlen - 1) / hlen; - r = dklen - (l - 1) * hlen; + l = (output->length + hlen - 1) / hlen; + r = output->length - (l - 1) * hlen; -#if 0 - output = malloc(dklen + hlen + strlen(salt) + 4 + hlen); - if (output == NULL) { - abort(); - } -#endif utmp1 = /*output + dklen; */ malloc(hlen); - utmp2 = /*utmp1 + hlen; */ malloc(strlen(salt) + 4 + hlen); + utmp2 = /*utmp1 + hlen; */ malloc(salt->length + 4 + hlen); /* Step 3. */ for (i = 1; i <= l; i++) { @@ -196,15 +190,15 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, #endif krb5_error_code err; - err = F(output + (i-1) * hlen, utmp1, utmp2, prf, hlen, + err = F(output->data + (i-1) * hlen, utmp1, utmp2, prf, hlen, pass, salt, count, i); if (err) return err; #if 0 - printf("after F(%d), @%p:\n", i, output); + printf("after F(%d), @%p:\n", i, output->data); for (j = (i-1) * hlen; j < i * hlen; j++) - printf(" %02x", 0xff & output[j]); + printf(" %02x", 0xff & output->data[j]); printf ("\n"); #endif } @@ -259,22 +253,28 @@ foo(krb5_keyblock *pass, krb5_data *salt, krb5_data *out) } krb5_error_code -krb5int_pbkdf2_hmac_sha1 (char *out, size_t len, unsigned long count, - const char *pass, const char *salt) +krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count, + const krb5_data *pass, const krb5_data *salt) { - return krb5int_pbkdf2 (foo, 20, pass, salt, count, len, out); + return krb5int_pbkdf2 (foo, 20, pass, salt, count, out); } krb5_error_code krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count, - const char *pass, const char *salt) + const krb5_data *pass, const krb5_data *salt) { - return krb5int_pbkdf2 (foo, 20, pass, salt, count, 16, out); + krb5_data out_d; + out_d.data = out; + out_d.length = 16; + return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d); } krb5_error_code krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count, - const char *pass, const char *salt) + const krb5_data *pass, const krb5_data *salt) { - return krb5int_pbkdf2 (foo, 20, pass, salt, count, 32, out); + krb5_data out_d; + out_d.data = out; + out_d.length = 32; + return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d); } diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c index 2bb90452a..b5ca63e8c 100644 --- a/src/lib/crypto/vectors.c +++ b/src/lib/crypto/vectors.c @@ -394,7 +394,7 @@ test_pbkdf2() krb5_error_code err; krb5_data d; krb5_keyblock k, dk; - krb5_data usage; + krb5_data usage, pass, salt; d.data = x; dk.contents = x2; @@ -416,8 +416,11 @@ test_pbkdf2() } d.length = 16; - err = krb5int_pbkdf2_hmac_sha1_128 (x, test[j].count, - test[j].pass, test[j].salt); + pass.data = test[j].pass; + pass.length = strlen(pass.data); + salt.data = test[j].salt; + salt.length = strlen(salt.data); + err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt); printd("128-bit PBKDF2 output", &d); enc = &krb5int_enc_aes128; k.contents = d.data; @@ -427,8 +430,7 @@ test_pbkdf2() printk("128-bit AES key",&dk); d.length = 32; - err = krb5int_pbkdf2_hmac_sha1_256 (x, test[j].count, - test[j].pass, test[j].salt); + err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt); printd("256-bit PBKDF2 output", &d); enc = &krb5int_enc_aes256; k.contents = d.data; @@ -451,7 +453,7 @@ int main (int argc, char **argv) test_mit_des_s2k (); test_des3_s2k (); test_dr_dk (); - test_pbkdf2(); #endif + test_pbkdf2(); return 0; } -- 2.26.2