--- /dev/null
+#include "lib.h"
+#include "buffer.h"
+#include "hash-method.h"
+#include "hmac.h"
+#include "pkcs5.h"
+
+#include <stdint.h>
+#include <arpa/inet.h>
+
+static
+int pkcs5_pbkdf1(const struct hash_method *hash,
+ const unsigned char *password, size_t password_len,
+ const unsigned char *salt, size_t salt_len,
+ unsigned int iter, uint32_t length,
+ buffer_t *result)
+{
+ if (length < 1 ||
+ length > hash->digest_size) return -1;
+ if (iter < 1) return -1;
+
+ unsigned char dk[hash->digest_size];
+ unsigned char ctx[hash->context_size];
+
+ hash->init(ctx);
+ hash->loop(ctx, password, password_len);
+ hash->loop(ctx, salt, salt_len);
+ hash->result(ctx, dk);
+ length--;
+
+ for(;length>0;length--) {
+ hash->init(ctx);
+ hash->loop(ctx, dk, hash->digest_size);
+ hash->result(ctx, dk);
+ }
+
+ buffer_append(result, dk, hash->digest_size);
+
+ return 0;
+}
+
+static
+int pkcs5_pbkdf2(const struct hash_method *hash,
+ const unsigned char *password, size_t password_len,
+ const unsigned char *salt, size_t salt_len,
+ unsigned int iter, uint32_t length,
+ buffer_t *result)
+{
+ if (length < 1 || iter < 1) return -1;
+
+ size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
+ unsigned char dk[l * hash->digest_size];
+ unsigned char *block;
+ struct hmac_context hctx;
+ unsigned int c,i,t;
+ unsigned char U_c[hash->digest_size];
+
+ for(t = 0; t < l; t++) {
+ block = &(dk[t*hash->digest_size]);
+ /* U_1 = PRF(Password, Salt|| INT_BE32(Block_Number)) */
+ c = htonl(t+1);
+ hmac_init(&hctx, password, password_len, hash);
+ hmac_update(&hctx, salt, salt_len);
+ hmac_update(&hctx, &c, sizeof(c));
+ hmac_final(&hctx, U_c);
+ /* block = U_1 ^ .. ^ U_iter */
+ memcpy(block, U_c, hash->digest_size);
+ /* U_c = PRF(Password, U_c-1) */
+ for(c = 1; c < iter; c++) {
+ hmac_init(&hctx, password, password_len, hash);
+ hmac_update(&hctx, U_c, hash->digest_size);
+ hmac_final(&hctx, U_c);
+ for(i = 0; i < hash->digest_size; i++)
+ block[i] ^= U_c[i];
+ }
+ }
+
+ buffer_append(result, dk, length);
+
+ return 0;
+}
+
+int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
+ const unsigned char *password, size_t password_len,
+ const unsigned char *salt, size_t salt_len,
+ unsigned int iterations, uint32_t dk_len,
+ buffer_t *result)
+{
+ if (mode == PKCS5_PBKDF1)
+ return pkcs5_pbkdf1(hash,password,password_len,
+ salt,salt_len,iterations,dk_len,result);
+ else if (mode == PKCS5_PBKDF2)
+ return pkcs5_pbkdf2(hash,password,password_len,
+ salt,salt_len,iterations,dk_len,result);
+ i_unreached();
+}
--- /dev/null
+#ifndef PKCS5_H
+#define PKCS5_H 1
+
+enum pkcs5_pbkdf_mode {
+ PKCS5_PBKDF1,
+ PKCS5_PBKDF2
+};
+
+/*
+
+ mode - v1.0 or v2.0
+ hash - hash_method_lookup return value
+ password - private password for generation
+ password_len - length of password in octets
+ salt - salt for generation
+ salt_len - length of salt in octets
+ iterations - number of iterations to hash (use at least 1000, a very large number => very very slow)
+ dk_len - number of bytes to return from derived key
+ result - buffer_t to hold the result, either use dynamic or make sure it fits dk_len
+
+ non-zero return value indicates that either iterations was less than 1 or dk_len was too large
+
+ Sample code:
+
+ buffer_t *result = buffer_create_dynamic(pool_datastack_create(), 256);
+ if (pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup("sha256"), "password", 8, "salt", 4, 4096, 256, result) != 0) { // error }
+
+*/
+
+int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
+ const unsigned char *password, size_t password_len,
+ const unsigned char *salt, size_t salt_len,
+ unsigned int iterations, uint32_t dk_len,
+ buffer_t *result);
+#endif
--- /dev/null
+/* Copyright (c) 2007-2016 Dovecot authors, see the included COPYING file */
+
+#include "test-lib.h"
+#include "str.h"
+#include "buffer.h"
+#include "hash-method.h"
+#include "pkcs5.h"
+
+struct test_vector {
+ const char *prf;
+ unsigned char *p;
+ size_t pLen;
+ unsigned char *s;
+ size_t sLen;
+ unsigned int i;
+ unsigned char *dk;
+ size_t dkLen;
+};
+
+#define TEST_BUF(x) (unsigned char*)x, sizeof(x)-1
+
+/* RFC 6070 test vectors */
+static const struct test_vector test_vectors_v2[] = {
+ { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 1, TEST_BUF("\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6") },
+ { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 2, TEST_BUF("\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57") },
+ { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 4096, TEST_BUF("\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1") },
+/* enable the next test only when you need it, it takes quite long time */
+/* { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 16777216, TEST_BUF("\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84") }, */
+ { "sha1", TEST_BUF("passwordPASSWORDpassword"), TEST_BUF("saltSALTsaltSALTsaltSALTsaltSALTsalt"), 4096, TEST_BUF("\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96\x4c\xf2\xf0\x70\x38") },
+ { "sha1", TEST_BUF("pass\0word"), TEST_BUF("sa\0lt"), 4096, TEST_BUF("\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37\xd7\xf0\x34\x25\xe0\xc3") }
+};
+
+void test_pkcs5_pbkdf2(void)
+{
+ buffer_t *res = buffer_create_dynamic(default_pool, 25);
+
+ test_begin("pkcs5_pbkdf2");
+
+ for(size_t i = 0; i < N_ELEMENTS(test_vectors_v2); i++) {
+ buffer_reset(res);
+ const struct test_vector *vec = &(test_vectors_v2[i]);
+ pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup(vec->prf), vec->p, vec->pLen, vec->s, vec->sLen, vec->i, vec->dkLen, res);
+ test_assert_idx(memcmp(res->data, vec->dk, vec->dkLen) == 0, i);
+ }
+
+ buffer_free(&res);
+
+ test_end();
+}
projects / thirdparty / dovecot / core.git / commitdiff
