Mercurial > dovecot > core-2.2

changeset 20252:2cacbc8e95c5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib: Add PKCS#5 pbkdf1 and 2
author Aki Tuomi <aki.tuomi@dovecot.fi>
date Wed, 20 Apr 2016 17:34:53 +0300
parents 89e2abf6b828
children 3d700b8ae925
files src/lib/Makefile.am src/lib/pkcs5.c src/lib/pkcs5.h src/lib/test-lib.c src/lib/test-lib.h src/lib/test-pkcs5.c
diffstat 6 files changed, 184 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib/Makefile.am	Wed Apr 27 09:14:29 2016 +0300
+++ b/src/lib/Makefile.am	Wed Apr 20 17:34:53 2016 +0300
@@ -114,6 +114,7 @@
 	ostream-hash.c \
 	ostream-null.c \
 	ostream-rawlog.c \
+	pkcs5.c \
 	primes.c \
 	printf-format-fix.c \
 	process-title.c \
@@ -247,6 +248,7 @@
 	ostream-private.h \
 	ostream-null.h \
 	ostream-rawlog.h \
+	pkcs5.h \
 	primes.h \
 	printf-format-fix.h \
 	process-title.h \
@@ -328,6 +330,7 @@
 	test-json-tree.c \
 	test-llist.c \
 	test-mempool-alloconly.c \
+	test-pkcs5.c \
 	test-net.c \
 	test-numpack.c \
 	test-ostream-escaped.c \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib/pkcs5.c	Wed Apr 20 17:34:53 2016 +0300
@@ -0,0 +1,95 @@
+#include "lib.h"
+#include "buffer.h"
+#include "hash-method.h"
+#include "hmac.h"
+#include "pkcs5.h"
+
+#include <stdint.h>
+#include <arpa/inet.h>
+
+static
+int pkcs5_pbkdf1(const struct hash_method *hash,
+	const unsigned char *password, size_t password_len,
+	const unsigned char *salt, size_t salt_len,
+	unsigned int iter, uint32_t length,
+	buffer_t *result)
+{
+	if (length < 1 ||
+		length > hash->digest_size) return -1;
+	if (iter < 1) return -1;
+
+	unsigned char dk[hash->digest_size];
+	unsigned char ctx[hash->context_size];
+
+	hash->init(ctx);
+	hash->loop(ctx, password, password_len);
+	hash->loop(ctx, salt, salt_len);
+	hash->result(ctx, dk);
+	length--;
+
+	for(;length>0;length--) {
+		hash->init(ctx);
+		hash->loop(ctx, dk, hash->digest_size);
+		hash->result(ctx, dk);
+	}
+
+	buffer_append(result, dk, hash->digest_size);
+
+	return 0;
+}
+
+static
+int pkcs5_pbkdf2(const struct hash_method *hash,
+	const unsigned char *password, size_t password_len,
+	const unsigned char *salt, size_t salt_len,
+	unsigned int iter, uint32_t length,
+	buffer_t *result)
+{
+	if (length < 1 || iter < 1) return -1;
+
+	size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
+	unsigned char dk[l * hash->digest_size];
+	unsigned char *block;
+	struct hmac_context hctx;
+	unsigned int c,i,t;
+	unsigned char U_c[hash->digest_size];
+
+	for(t = 0; t < l; t++) {
+		block = &(dk[t*hash->digest_size]);
+		/* U_1 = PRF(Password, Salt|| INT_BE32(Block_Number)) */
+		c = htonl(t+1);
+		hmac_init(&hctx, password, password_len, hash);
+		hmac_update(&hctx, salt, salt_len);
+		hmac_update(&hctx, &c, sizeof(c));
+		hmac_final(&hctx, U_c);
+		/* block = U_1 ^ .. ^ U_iter */
+		memcpy(block, U_c, hash->digest_size);
+		/* U_c = PRF(Password, U_c-1) */
+		for(c = 1; c < iter; c++) {
+			hmac_init(&hctx, password, password_len, hash);
+			hmac_update(&hctx, U_c, hash->digest_size);
+			hmac_final(&hctx, U_c);
+			for(i = 0; i < hash->digest_size; i++)
+				block[i] ^= U_c[i];
+		}
+	}
+
+	buffer_append(result, dk, length);
+
+	return 0;
+}
+
+int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
+	const unsigned char *password, size_t password_len,
+	const unsigned char *salt, size_t salt_len,
+	unsigned int iterations, uint32_t dk_len,
+	buffer_t *result)
+{
+	if (mode == PKCS5_PBKDF1)
+		return pkcs5_pbkdf1(hash,password,password_len,
+			salt,salt_len,iterations,dk_len,result);
+	else if (mode == PKCS5_PBKDF2)
+		return pkcs5_pbkdf2(hash,password,password_len,
+			salt,salt_len,iterations,dk_len,result);
+	i_unreached();
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib/pkcs5.h	Wed Apr 20 17:34:53 2016 +0300
@@ -0,0 +1,35 @@
+#ifndef PKCS5_H
+#define PKCS5_H 1
+
+enum pkcs5_pbkdf_mode {
+	PKCS5_PBKDF1,
+	PKCS5_PBKDF2
+};
+
+/*
+
+ mode         - v1.0 or v2.0
+ hash         - hash_method_lookup return value
+ password     - private password for generation
+ password_len - length of password in octets
+ salt         - salt for generation
+ salt_len     - length of salt in octets
+ iterations   - number of iterations to hash (use at least 1000, a very large number => very very slow)
+ dk_len       - number of bytes to return from derived key
+ result       - buffer_t to hold the result, either use dynamic or make sure it fits dk_len
+
+ non-zero return value indicates that either iterations was less than 1 or dk_len was too large
+
+ Sample code:
+
+ buffer_t *result = buffer_create_dynamic(pool_datastack_create(), 256);
+ if (pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup("sha256"), "password", 8, "salt", 4, 4096, 256, result) != 0) { // error }
+
+*/
+
+int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
+	const unsigned char *password, size_t password_len,
+	const unsigned char *salt, size_t salt_len,
+	unsigned int iterations, uint32_t dk_len,
+	buffer_t *result);
+#endif
--- a/src/lib/test-lib.c	Wed Apr 27 09:14:29 2016 +0300
+++ b/src/lib/test-lib.c	Wed Apr 20 17:34:53 2016 +0300
@@ -39,6 +39,7 @@
 		test_mempool_alloconly,
 		test_net,
 		test_numpack,
+		test_pkcs5_pbkdf2,
 		test_ostream_escaped,
 		test_ostream_failure_at,
 		test_ostream_file,
--- a/src/lib/test-lib.h	Wed Apr 27 09:14:29 2016 +0300
+++ b/src/lib/test-lib.h	Wed Apr 20 17:34:53 2016 +0300
@@ -39,6 +39,7 @@
 void test_llist(void);
 void test_mempool_alloconly(void);
 enum fatal_test_state fatal_mempool(int);
+void test_pkcs5_pbkdf2(void);
 void test_net(void);
 void test_numpack(void);
 void test_ostream_escaped(void);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib/test-pkcs5.c	Wed Apr 20 17:34:53 2016 +0300
@@ -0,0 +1,49 @@
+/* Copyright (c) 2007-2016 Dovecot authors, see the included COPYING file */
+
+#include "test-lib.h"
+#include "str.h"
+#include "buffer.h"
+#include "hash-method.h"
+#include "pkcs5.h"
+
+struct test_vector {
+	const char *prf;
+	unsigned char *p;
+	size_t pLen;
+	unsigned char *s;
+	size_t sLen;
+	unsigned int i;
+	unsigned char *dk;
+	size_t dkLen;
+};
+
+#define TEST_BUF(x) (unsigned char*)x, sizeof(x)-1
+
+/* RFC 6070 test vectors */
+static const struct test_vector test_vectors_v2[] = {
+	{ "sha1", TEST_BUF("password"), TEST_BUF("salt"), 1, TEST_BUF("\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6") },
+	{ "sha1", TEST_BUF("password"), TEST_BUF("salt"), 2, TEST_BUF("\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57") },
+	{ "sha1", TEST_BUF("password"), TEST_BUF("salt"), 4096, TEST_BUF("\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1") },
+/* enable the next test only when you need it, it takes quite long time */
+/*	{ "sha1", TEST_BUF("password"), TEST_BUF("salt"), 16777216, TEST_BUF("\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84") }, */
+	{ "sha1", TEST_BUF("passwordPASSWORDpassword"), TEST_BUF("saltSALTsaltSALTsaltSALTsaltSALTsalt"), 4096, TEST_BUF("\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96\x4c\xf2\xf0\x70\x38") },
+	{ "sha1", TEST_BUF("pass\0word"), TEST_BUF("sa\0lt"), 4096, TEST_BUF("\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37\xd7\xf0\x34\x25\xe0\xc3") }
+};
+
+void test_pkcs5_pbkdf2(void)
+{
+	buffer_t *res = buffer_create_dynamic(default_pool, 25);
+
+	test_begin("pkcs5_pbkdf2");
+
+	for(size_t i = 0; i < N_ELEMENTS(test_vectors_v2); i++) {
+		buffer_reset(res);
+		const struct test_vector *vec = &(test_vectors_v2[i]);
+		pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup(vec->prf), vec->p, vec->pLen, vec->s, vec->sLen, vec->i, vec->dkLen, res);
+		test_assert_idx(memcmp(res->data, vec->dk, vec->dkLen) == 0, i);
+	}
+
+	buffer_free(&res);
+
+	test_end();
+}