]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
pbkdf2: removed internal implementation, use nettle's
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 8 Aug 2014 11:51:31 +0000 (13:51 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 8 Aug 2014 11:51:31 +0000 (13:51 +0200)
lib/x509/Makefile.am
lib/x509/pbkdf2-sha1.c [deleted file]
lib/x509/pbkdf2-sha1.h [deleted file]
lib/x509/privkey_openssl.c
lib/x509/privkey_pkcs8.c
tests/gc.c

index 082804bf7f158010ce89b36118843ca555b953a0..68cd37f11bd05cb457a13f80477171dc8176f5fc 100644 (file)
@@ -41,8 +41,6 @@ libgnutls_x509_la_SOURCES =   \
        extensions.c            \
        mpi.c                   \
        output.c                \
-       pbkdf2-sha1.c           \
-       pbkdf2-sha1.h           \
        pkcs12.c                \
        pkcs12_bag.c            \
        pkcs12_encr.c           \
diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c
deleted file mode 100644 (file)
index 5cb1ea8..0000000
+++ /dev/null
@@ -1,190 +0,0 @@
-/* gc-pbkdf2-sha1.c --- Password-Based Key Derivation Function a'la PKCS#5
-   Copyright (C) 2002-2012 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU Lesser General Public License as published by
-   the Free Software Foundation; either version 2.1, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>
-
-*/
-
-/* Written by Simon Josefsson.  The comments in this file are taken
-   from RFC 2898.  */
-
-#include <gnutls_int.h>
-#include <gnutls_datum.h>
-#include <gnutls_errors.h>
-#include <gnutls_hash_int.h>
-#include <pbkdf2-sha1.h>
-
-/*
- * 5.2 PBKDF2
- *
- *  PBKDF2 applies a pseudorandom function (see Appendix B.1 for an
- *  example) to derive keys. The length of the derived key is essentially
- *  unbounded. (However, the maximum effective search space for the
- *  derived key may be limited by the structure of the underlying
- *  pseudorandom function. See Appendix B.1 for further discussion.)
- *  PBKDF2 is recommended for new applications.
- *
- *  PBKDF2 (P, S, c, dkLen)
- *
- *  Options:        PRF        underlying pseudorandom function (hLen
- *                             denotes the length in octets of the
- *                             pseudorandom function output)
- *
- *  Input:          P          password, an octet string (ASCII or UTF-8)
- *                  S          salt, an octet string
- *                  c          iteration count, a positive integer
- *                  dkLen      intended length in octets of the derived
- *                             key, a positive integer, at most
- *                             (2^32 - 1) * hLen
- *
- *  Output:         DK         derived key, a dkLen-octet string
- */
-
-int
-_gnutls_pbkdf2_sha1(const char *P, size_t Plen,
-                   const unsigned char *S, size_t Slen,
-                   unsigned int c, unsigned char *DK, size_t dkLen)
-{
-       unsigned int hLen = 20;
-       char U[20];
-       char T[20];
-       unsigned int u;
-       unsigned int l;
-       unsigned int r;
-       unsigned int i;
-       unsigned int k;
-       int rc;
-       char *tmp;
-       size_t tmplen = Slen + 4;
-
-       if (c == 0) {
-               gnutls_assert();
-               return GNUTLS_E_INVALID_REQUEST;
-       }
-
-       if (dkLen == 0) {
-               gnutls_assert();
-               return GNUTLS_E_INVALID_REQUEST;
-       }
-       /*
-        *
-        *  Steps:
-        *
-        *     1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
-        *        stop.
-        */
-
-       if (dkLen > 4294967295U) {
-               gnutls_assert();
-               return GNUTLS_E_INVALID_REQUEST;
-       }
-
-       /*
-        *     2. Let l be the number of hLen-octet blocks in the derived key,
-        *        rounding up, and let r be the number of octets in the last
-        *        block:
-        *
-        *                  l = CEIL (dkLen / hLen) ,
-        *                  r = dkLen - (l - 1) * hLen .
-        *
-        *        Here, CEIL (x) is the "ceiling" function, i.e. the smallest
-        *        integer greater than, or equal to, x.
-        */
-
-       l = ((dkLen - 1) / hLen) + 1;
-       r = dkLen - (l - 1) * hLen;
-
-       /*
-        *     3. For each block of the derived key apply the function F defined
-        *        below to the password P, the salt S, the iteration count c, and
-        *        the block index to compute the block:
-        *
-        *                  T_1 = F (P, S, c, 1) ,
-        *                  T_2 = F (P, S, c, 2) ,
-        *                  ...
-        *                  T_l = F (P, S, c, l) ,
-        *
-        *        where the function F is defined as the exclusive-or sum of the
-        *        first c iterates of the underlying pseudorandom function PRF
-        *        applied to the password P and the concatenation of the salt S
-        *        and the block index i:
-        *
-        *                  F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
-        *
-        *        where
-        *
-        *                  U_1 = PRF (P, S || INT (i)) ,
-        *                  U_2 = PRF (P, U_1) ,
-        *                  ...
-        *                  U_c = PRF (P, U_{c-1}) .
-        *
-        *        Here, INT (i) is a four-octet encoding of the integer i, most
-        *        significant octet first.
-        *
-        *     4. Concatenate the blocks and extract the first dkLen octets to
-        *        produce a derived key DK:
-        *
-        *                  DK = T_1 || T_2 ||  ...  || T_l<0..r-1>
-        *
-        *     5. Output the derived key DK.
-        *
-        *  Note. The construction of the function F follows a "belt-and-
-        *  suspenders" approach. The iterates U_i are computed recursively to
-        *  remove a degree of parallelism from an opponent; they are exclusive-
-        *  ored together to reduce concerns about the recursion degenerating
-        *  into a small set of values.
-        *
-        */
-
-       tmp = gnutls_malloc(tmplen);
-       if (tmp == NULL) {
-               gnutls_assert();
-               return GNUTLS_E_MEMORY_ERROR;
-       }
-
-       memcpy(tmp, S, Slen);
-
-       for (i = 1; i <= l; i++) {
-               memset(T, 0, hLen);
-
-               for (u = 1; u <= c; u++) {
-                       if (u == 1) {
-                               tmp[Slen + 0] = (i & 0xff000000) >> 24;
-                               tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
-                               tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
-                               tmp[Slen + 3] = (i & 0x000000ff) >> 0;
-
-                               rc = _gnutls_mac_fast(GNUTLS_MAC_SHA1, P,
-                                                     Plen, tmp, tmplen,
-                                                     U);
-                       } else
-                               rc = _gnutls_mac_fast(GNUTLS_MAC_SHA1, P,
-                                                     Plen, U, hLen, U);
-
-                       if (rc < 0) {
-                               gnutls_free(tmp);
-                               return rc;
-                       }
-
-                       for (k = 0; k < hLen; k++)
-                               T[k] ^= U[k];
-               }
-
-               memcpy(DK + (i - 1) * hLen, T, i == l ? r : hLen);
-       }
-
-       gnutls_free(tmp);
-
-       return 0;
-}
diff --git a/lib/x509/pbkdf2-sha1.h b/lib/x509/pbkdf2-sha1.h
deleted file mode 100644 (file)
index a874392..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-/* gc-pbkdf2-sha1.c --- Password-Based Key Derivation Function a'la PKCS#5
-   Copyright (C) 2002-2012 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU Lesser General Public License as published by
-   the Free Software Foundation; either version 2.1, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>
-
-*/
-
-int _gnutls_pbkdf2_sha1(const char *P, size_t Plen,
-                       const unsigned char *S, size_t Slen,
-                       unsigned int c, unsigned char *DK, size_t dkLen);
index 3c110bc8c360ca2d23d6f6a46fa5e65a9a78a96b..97753eab4458be91d531134ef52b2790203be13e 100644 (file)
@@ -32,7 +32,6 @@
 #include <algorithms.h>
 #include <gnutls_num.h>
 #include <random.h>
-#include <pbkdf2-sha1.h>
 
 static int
 openssl_hash_password(const char *pass, gnutls_datum_t * key,
index f6ed2a798074635e25fe3908abe3095a1be0e5ec..753a239168623cde0ebdbdb048fb1d9ec5850da6 100644 (file)
@@ -34,7 +34,7 @@
 #include <algorithms.h>
 #include <gnutls_num.h>
 #include <random.h>
-#include <pbkdf2-sha1.h>
+#include <nettle/pbkdf2.h>
 
 static int _decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn,
                                 gnutls_x509_privkey_t pkey);
@@ -1827,16 +1827,10 @@ decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
 
        p = pbes2_schema_get(schema);
        if (p != NULL && p->pbes2 != 0) { /* PBES2 */
-               result = _gnutls_pbkdf2_sha1(password, pass_len,
-                                            kdf_params->salt,
-                                            kdf_params->salt_size,
-                                            kdf_params->iter_count, key,
-                                            key_size);
-
-               if (result < 0) {
-                       gnutls_assert();
-                       goto error;
-               }
+               pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+                                kdf_params->iter_count,
+                                kdf_params->salt_size, kdf_params->salt,
+                                key_size, key);
        } else if (p != NULL) { /* PKCS 12 schema */
                result =
                    _gnutls_pkcs12_string_to_key(1 /*KEY*/,
@@ -2129,15 +2123,10 @@ generate_key(schema_id schema,
         */
 
         if (p->pbes2 != 0) {
-               ret = _gnutls_pbkdf2_sha1(password, pass_len,
-                                         kdf_params->salt,
-                                         kdf_params->salt_size,
-                                         kdf_params->iter_count,
-                                         key->data, kdf_params->key_size);
-               if (ret < 0) {
-                       gnutls_assert();
-                       return ret;
-               }
+               pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+                                kdf_params->iter_count,
+                                kdf_params->salt_size, kdf_params->salt,
+                                kdf_params->key_size, key->data);
 
                if (enc_params->iv_size) {
                        ret = _gnutls_rnd(GNUTLS_RND_NONCE,
index 275a13877e536929480aee1f9f4920a05f646ae8..2ba1d784f83e75d7eaefb1490320df84ccfa70c7 100644 (file)
@@ -30,7 +30,7 @@
 
 #include "../lib/gnutls_int.h"
 #include "../lib/gnutls_hash_int.h"
-#include "../lib/x509/pbkdf2-sha1.h"
+#include <nettle/pbkdf2.h>
 #include "../lib/debug.h"
 
 static void tls_log_func(int level, const char *str)
@@ -82,21 +82,15 @@ void doit(void)
                }
        }
 
-       err =
-           _gnutls_pbkdf2_sha1("password", 8, (unsigned char *) "salt", 4,
-                               4711, digest, 16);
-       if (err < 0)
-               fail("_gnutls_pkcs5_pbkdf2_sha1() failed: %d\n", err);
-       else {
-               if (memcmp(digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
-                          "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0) {
-                       if (debug)
-                               success
-                                   ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
-               } else {
-                       hexprint(digest, 16);
-                       fail("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
-               }
+       pbkdf2_hmac_sha1(8, (unsigned char*)"password", 4711, 4, (unsigned char *)"salt", 16, digest);
+       if (memcmp(digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
+                  "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0) {
+               if (debug)
+                       success
+                           ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
+       } else {
+               hexprint(digest, 16);
+               fail("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
        }
 
        gnutls_global_deinit();