Enable PBKDF2 with SHA-256 and SHA-384

Rename krb5int_pbkdf2_hmac_sha1() to krb5int_pbkdf2_hmac() and add a
hash parameter.  In the OpenSSL implementation, look up the
corresponding PBKDF2 parameter based on the hash pointer.  In
pbkdf2_string_to_key(), pass the hash function for the key type if one
is present, and use SHA-1 if it does not (as for the Camellia
enctypes).

In the builtin implementation, use the hash provider instead of
assuming SHA-1.  Remove the functional parameterization of the PRF and
turn it into an hmac() helper function.  Use krb5int_hmac_keyblock()
to remove the need for a krb5_key object containing the password.
Rename the internal function from krb5int_pbkdf2() to pbkdf2().

ticket: 8490

diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index e6d13f6fbf3f04626bf3f63268f7e400a9ac6769..6a97270911d7a71cb688ae523fce735d0c7dbd38 100644 (file)
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -46,12 +46,6 @@
 typedef krb5_error_code (*prf_fn)(krb5_key pass, krb5_data *salt,
                                   krb5_data *out);
 
-/* Not exported, for now.  */
-static krb5_error_code
-krb5int_pbkdf2 (prf_fn prf, size_t hlen, krb5_key pass,
-                const krb5_data *salt, unsigned long count,
-                const krb5_data *output);
-
 static int debug_hmac = 0;
 
 static void printd (const char *descr, krb5_data *d) {
@@ -75,9 +69,32 @@ static void printd (const char *descr, krb5_data *d) {
     printf("\n");
 }
 
+/*
+ * Implements the hmac-sha1 PRF.  pass has been pre-hashed (if
+ * necessary) and converted to a key already; salt has had the block
+ * index appended to the original salt.
+ */
+static krb5_error_code
+hmac(const struct krb5_hash_provider *hash, krb5_keyblock *pass,
+     krb5_data *salt, krb5_data *out)
+{
+    krb5_error_code err;
+    krb5_crypto_iov iov;
+
+    if (debug_hmac)
+        printd(" hmac input", salt);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *salt;
+    err = krb5int_hmac_keyblock(hash, pass, &iov, 1, out);
+    if (err == 0 && debug_hmac)
+        printd(" hmac output", out);
+    return err;
+}
+
 static krb5_error_code
-F(char *output, char *u_tmp1, char *u_tmp2, prf_fn prf, size_t hlen,
-  krb5_key pass, const krb5_data *salt, unsigned long count, int i)
+F(char *output, char *u_tmp1, char *u_tmp2,
+  const struct krb5_hash_provider *hash, size_t hlen, krb5_keyblock *pass,
+  const krb5_data *salt, unsigned long count, int i)
 {
     unsigned char ibytes[4];
     size_t tlen;
@@ -111,7 +128,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_fn prf, size_t hlen,
 #if 0
     printf("F: computing hmac #1 (U_1) with %s\n", pdata.contents);
 #endif
-    err = (*prf)(pass, &sdata, &out);
+    err = hmac(hash, pass, &sdata, &out);
     if (err)
         return err;
 #if 0
@@ -126,7 +143,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_fn prf, size_t hlen,
         printf("F: computing hmac #%d (U_%d)\n", j, j);
 #endif
         memcpy(u_tmp2, u_tmp1, hlen);
-        err = (*prf)(pass, &sdata, &out);
+        err = hmac(hash, pass, &sdata, &out);
         if (err)
             return err;
 #if 0
@@ -146,13 +163,13 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_fn prf, size_t hlen,
 }
 
 static krb5_error_code
-krb5int_pbkdf2 (prf_fn prf, size_t hlen, krb5_key pass,
-                const krb5_data *salt, unsigned long count,
-                const krb5_data *output)
+pbkdf2(const struct krb5_hash_provider *hash, krb5_keyblock *pass,
+       const krb5_data *salt, unsigned long count, const krb5_data *output)
 {
+    size_t hlen = hash->hashsize;
     int l, i;
     char *utmp1, *utmp2;
-    char utmp3[20];             /* XXX length shouldn't be hardcoded! */
+    char utmp3[128];             /* XXX length shouldn't be hardcoded! */
 
     if (output->length == 0 || hlen == 0)
         abort();
@@ -183,7 +200,7 @@ krb5int_pbkdf2 (prf_fn prf, size_t hlen, krb5_key pass,
             out = utmp3;
         else
             out = output->data + (i-1) * hlen;
-        err = F(out, utmp1, utmp2, prf, hlen, pass, salt, count, i);
+        err = F(out, utmp1, utmp2, hash, hlen, pass, salt, count, i);
         if (err) {
             free(utmp1);
             free(utmp2);
@@ -205,46 +222,23 @@ krb5int_pbkdf2 (prf_fn prf, size_t hlen, krb5_key pass,
     return 0;
 }
 
-/*
- * Implements the hmac-sha1 PRF.  pass has been pre-hashed (if
- * necessary) and converted to a key already; salt has had the block
- * index appended to the original salt.
- */
-static krb5_error_code
-hmac_sha1(krb5_key pass, krb5_data *salt, krb5_data *out)
-{
-    const struct krb5_hash_provider *h = &krb5int_hash_sha1;
-    krb5_error_code err;
-    krb5_crypto_iov iov;
-
-    if (debug_hmac)
-        printd(" hmac input", salt);
-    iov.flags = KRB5_CRYPTO_TYPE_DATA;
-    iov.data = *salt;
-    err = krb5int_hmac(h, pass, &iov, 1, out);
-    if (err == 0 && debug_hmac)
-        printd(" hmac output", out);
-    return err;
-}
-
 krb5_error_code
-krb5int_pbkdf2_hmac_sha1(const krb5_data *out, unsigned long count,
-                         const krb5_data *pass, const krb5_data *salt)
+krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                    const krb5_data *out, unsigned long count,
+                    const krb5_data *pass, const krb5_data *salt)
 {
-    const struct krb5_hash_provider *h = &krb5int_hash_sha1;
     krb5_keyblock keyblock;
-    krb5_key key;
-    char tmp[40];
+    char tmp[128];
     krb5_data d;
     krb5_crypto_iov iov;
     krb5_error_code err;
 
-    assert(h->hashsize <= sizeof(tmp));
-    if (pass->length > h->blocksize) {
-        d = make_data(tmp, h->hashsize);
+    assert(hash->hashsize <= sizeof(tmp));
+    if (pass->length > hash->blocksize) {
+        d = make_data(tmp, hash->hashsize);
         iov.flags = KRB5_CRYPTO_TYPE_DATA;
         iov.data = *pass;
-        err = h->hash(&iov, 1, &d);
+        err = hash->hash(&iov, 1, &d);
         if (err)
             return err;
         keyblock.length = d.length;
@@ -255,11 +249,6 @@ krb5int_pbkdf2_hmac_sha1(const krb5_data *out, unsigned long count,
     }
     keyblock.enctype = ENCTYPE_NULL;
 
-    err = krb5_k_create_key(NULL, &keyblock, &key);
-    if (err)
-        return err;
-
-    err = krb5int_pbkdf2(hmac_sha1, 20, key, salt, count, out);
-    krb5_k_free_key(NULL, key);
+    err = pbkdf2(hash, &keyblock, salt, count, out);
     return err;
 }

diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index 311d2a888323a85fe9f80c757e2c5ea3d037dada..fec0eab777e6a47cfa51e5bbb59039f67de37d48 100644 (file)
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -457,13 +457,13 @@ krb5_error_code krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
 
 /*
  * Compute the PBKDF2 (see RFC 2898) of password and salt, with the specified
- * count, using HMAC-SHA-1 as the pseudorandom function, storing the result
- * into out (caller-allocated).
+ * count, using HMAC with the specified hash as the pseudo-random function,
+ * storing the result into out (caller-allocated).
  */
-krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *out,
-                                         unsigned long count,
-                                         const krb5_data *password,
-                                         const krb5_data *salt);
+krb5_error_code krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                                    const krb5_data *out, unsigned long count,
+                                    const krb5_data *password,
+                                    const krb5_data *salt);
 
 /* The following are used by test programs and are just handler functions from
  * the AES and Camellia enc providers. */

diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c
index 1808882d5f1bf28b3fd00e1f253a55f03a61fbac..316f59a9052ab3676574899735adb305cd2168f8 100644 (file)
--- a/src/lib/crypto/krb/s2k_pbkdf2.c
+++ b/src/lib/crypto/krb/s2k_pbkdf2.c
@@ -111,6 +111,7 @@ pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string,
                      const krb5_data *params, krb5_keyblock *key,
                      enum deriv_alg deriv_alg, unsigned long def_iter_count)
 {
+    const struct krb5_hash_provider *hash;
     unsigned long iter_count;
     krb5_data out;
     static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
@@ -158,7 +159,8 @@ pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string,
         salt = &sandp;
     }
 
-    err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
+    hash = (ktp->hash != NULL) ? ktp->hash : &krb5int_hash_sha1;
+    err = krb5int_pbkdf2_hmac(hash, &out, iter_count, string, salt);
     if (err)
         goto cleanup;
 

diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c
index 2a7da3f89744fc0a68f116bdb4f4e2702c6c6620..00c2116fc136ce511533831341543d43f383f925 100644 (file)
--- a/src/lib/crypto/openssl/pbkdf2.c
+++ b/src/lib/crypto/openssl/pbkdf2.c
@@ -30,15 +30,24 @@
 #include <openssl/hmac.h>
 
 krb5_error_code
-krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-                          const krb5_data *pass, const krb5_data *salt)
+krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                    const krb5_data *out, unsigned long count,
+                    const krb5_data *pass, const krb5_data *salt)
 {
-/*
- * This is an implementation of PKCS#5 v2.0
- * Does not return an error
- */
-    PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length,
-                           (unsigned char *)salt->data, salt->length, count,
-                           out->length, (unsigned char *)out->data);
+    const EVP_MD *md = NULL;
+
+    /* Get the message digest handle corresponding to the hash. */
+    if (hash == &krb5int_hash_sha1)
+        md = EVP_sha1();
+    else if (hash == &krb5int_hash_sha256)
+        md = EVP_sha256();
+    else if (hash == &krb5int_hash_sha384)
+        md = EVP_sha384();
+    if (md == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    PKCS5_PBKDF2_HMAC(pass->data, pass->length, (unsigned char *)salt->data,
+                      salt->length, count, md, out->length,
+                      (unsigned char *)out->data);
     return 0;
 }