Mercurial > dovecot > core-2.2
changeset 20252:2cacbc8e95c5
lib: Add PKCS#5 pbkdf1 and 2
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Wed, 20 Apr 2016 17:34:53 +0300 |
parents | 89e2abf6b828 |
children | 3d700b8ae925 |
files | src/lib/Makefile.am src/lib/pkcs5.c src/lib/pkcs5.h src/lib/test-lib.c src/lib/test-lib.h src/lib/test-pkcs5.c |
diffstat | 6 files changed, 184 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/Makefile.am Wed Apr 27 09:14:29 2016 +0300 +++ b/src/lib/Makefile.am Wed Apr 20 17:34:53 2016 +0300 @@ -114,6 +114,7 @@ ostream-hash.c \ ostream-null.c \ ostream-rawlog.c \ + pkcs5.c \ primes.c \ printf-format-fix.c \ process-title.c \ @@ -247,6 +248,7 @@ ostream-private.h \ ostream-null.h \ ostream-rawlog.h \ + pkcs5.h \ primes.h \ printf-format-fix.h \ process-title.h \ @@ -328,6 +330,7 @@ test-json-tree.c \ test-llist.c \ test-mempool-alloconly.c \ + test-pkcs5.c \ test-net.c \ test-numpack.c \ test-ostream-escaped.c \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/lib/pkcs5.c Wed Apr 20 17:34:53 2016 +0300 @@ -0,0 +1,95 @@ +#include "lib.h" +#include "buffer.h" +#include "hash-method.h" +#include "hmac.h" +#include "pkcs5.h" + +#include <stdint.h> +#include <arpa/inet.h> + +static +int pkcs5_pbkdf1(const struct hash_method *hash, + const unsigned char *password, size_t password_len, + const unsigned char *salt, size_t salt_len, + unsigned int iter, uint32_t length, + buffer_t *result) +{ + if (length < 1 || + length > hash->digest_size) return -1; + if (iter < 1) return -1; + + unsigned char dk[hash->digest_size]; + unsigned char ctx[hash->context_size]; + + hash->init(ctx); + hash->loop(ctx, password, password_len); + hash->loop(ctx, salt, salt_len); + hash->result(ctx, dk); + length--; + + for(;length>0;length--) { + hash->init(ctx); + hash->loop(ctx, dk, hash->digest_size); + hash->result(ctx, dk); + } + + buffer_append(result, dk, hash->digest_size); + + return 0; +} + +static +int pkcs5_pbkdf2(const struct hash_method *hash, + const unsigned char *password, size_t password_len, + const unsigned char *salt, size_t salt_len, + unsigned int iter, uint32_t length, + buffer_t *result) +{ + if (length < 1 || iter < 1) return -1; + + size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ + unsigned char dk[l * hash->digest_size]; + unsigned char *block; + struct hmac_context hctx; + unsigned int c,i,t; + unsigned char U_c[hash->digest_size]; + + for(t = 0; t < l; t++) { + block = &(dk[t*hash->digest_size]); + /* U_1 = PRF(Password, Salt|| INT_BE32(Block_Number)) */ + c = htonl(t+1); + hmac_init(&hctx, password, password_len, hash); + hmac_update(&hctx, salt, salt_len); + hmac_update(&hctx, &c, sizeof(c)); + hmac_final(&hctx, U_c); + /* block = U_1 ^ .. ^ U_iter */ + memcpy(block, U_c, hash->digest_size); + /* U_c = PRF(Password, U_c-1) */ + for(c = 1; c < iter; c++) { + hmac_init(&hctx, password, password_len, hash); + hmac_update(&hctx, U_c, hash->digest_size); + hmac_final(&hctx, U_c); + for(i = 0; i < hash->digest_size; i++) + block[i] ^= U_c[i]; + } + } + + buffer_append(result, dk, length); + + return 0; +} + +int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash, + const unsigned char *password, size_t password_len, + const unsigned char *salt, size_t salt_len, + unsigned int iterations, uint32_t dk_len, + buffer_t *result) +{ + if (mode == PKCS5_PBKDF1) + return pkcs5_pbkdf1(hash,password,password_len, + salt,salt_len,iterations,dk_len,result); + else if (mode == PKCS5_PBKDF2) + return pkcs5_pbkdf2(hash,password,password_len, + salt,salt_len,iterations,dk_len,result); + i_unreached(); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/lib/pkcs5.h Wed Apr 20 17:34:53 2016 +0300 @@ -0,0 +1,35 @@ +#ifndef PKCS5_H +#define PKCS5_H 1 + +enum pkcs5_pbkdf_mode { + PKCS5_PBKDF1, + PKCS5_PBKDF2 +}; + +/* + + mode - v1.0 or v2.0 + hash - hash_method_lookup return value + password - private password for generation + password_len - length of password in octets + salt - salt for generation + salt_len - length of salt in octets + iterations - number of iterations to hash (use at least 1000, a very large number => very very slow) + dk_len - number of bytes to return from derived key + result - buffer_t to hold the result, either use dynamic or make sure it fits dk_len + + non-zero return value indicates that either iterations was less than 1 or dk_len was too large + + Sample code: + + buffer_t *result = buffer_create_dynamic(pool_datastack_create(), 256); + if (pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup("sha256"), "password", 8, "salt", 4, 4096, 256, result) != 0) { // error } + +*/ + +int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash, + const unsigned char *password, size_t password_len, + const unsigned char *salt, size_t salt_len, + unsigned int iterations, uint32_t dk_len, + buffer_t *result); +#endif
--- a/src/lib/test-lib.c Wed Apr 27 09:14:29 2016 +0300 +++ b/src/lib/test-lib.c Wed Apr 20 17:34:53 2016 +0300 @@ -39,6 +39,7 @@ test_mempool_alloconly, test_net, test_numpack, + test_pkcs5_pbkdf2, test_ostream_escaped, test_ostream_failure_at, test_ostream_file,
--- a/src/lib/test-lib.h Wed Apr 27 09:14:29 2016 +0300 +++ b/src/lib/test-lib.h Wed Apr 20 17:34:53 2016 +0300 @@ -39,6 +39,7 @@ void test_llist(void); void test_mempool_alloconly(void); enum fatal_test_state fatal_mempool(int); +void test_pkcs5_pbkdf2(void); void test_net(void); void test_numpack(void); void test_ostream_escaped(void);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/lib/test-pkcs5.c Wed Apr 20 17:34:53 2016 +0300 @@ -0,0 +1,49 @@ +/* Copyright (c) 2007-2016 Dovecot authors, see the included COPYING file */ + +#include "test-lib.h" +#include "str.h" +#include "buffer.h" +#include "hash-method.h" +#include "pkcs5.h" + +struct test_vector { + const char *prf; + unsigned char *p; + size_t pLen; + unsigned char *s; + size_t sLen; + unsigned int i; + unsigned char *dk; + size_t dkLen; +}; + +#define TEST_BUF(x) (unsigned char*)x, sizeof(x)-1 + +/* RFC 6070 test vectors */ +static const struct test_vector test_vectors_v2[] = { + { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 1, TEST_BUF("\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6") }, + { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 2, TEST_BUF("\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57") }, + { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 4096, TEST_BUF("\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1") }, +/* enable the next test only when you need it, it takes quite long time */ +/* { "sha1", TEST_BUF("password"), TEST_BUF("salt"), 16777216, TEST_BUF("\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84") }, */ + { "sha1", TEST_BUF("passwordPASSWORDpassword"), TEST_BUF("saltSALTsaltSALTsaltSALTsaltSALTsalt"), 4096, TEST_BUF("\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96\x4c\xf2\xf0\x70\x38") }, + { "sha1", TEST_BUF("pass\0word"), TEST_BUF("sa\0lt"), 4096, TEST_BUF("\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37\xd7\xf0\x34\x25\xe0\xc3") } +}; + +void test_pkcs5_pbkdf2(void) +{ + buffer_t *res = buffer_create_dynamic(default_pool, 25); + + test_begin("pkcs5_pbkdf2"); + + for(size_t i = 0; i < N_ELEMENTS(test_vectors_v2); i++) { + buffer_reset(res); + const struct test_vector *vec = &(test_vectors_v2[i]); + pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup(vec->prf), vec->p, vec->pLen, vec->s, vec->sLen, vec->i, vec->dkLen, res); + test_assert_idx(memcmp(res->data, vec->dk, vec->dkLen) == 0, i); + } + + buffer_free(&res); + + test_end(); +}