ni...@lysator.liu.se (Niels Möller) writes:
> Simon Josefsson <si...@josefsson.org> writes:
>
>> ni...@lysator.liu.se (Niels Möller) writes:
>
>>> Thanks. Checked in now. Hope I got all the pieces.
>
> Turned out I forgot to commit your test case. Fixed now.
>
> I've also done the suggested reordering of the arguments (including the
> prototype in the manual).
Thank you.
>> Could you add that, or should I submit a patch?
>
> A patch including tests and documentation would be very nice. Your
> prototype looks right to me,
>
>> void
>> pbkdf2_hmac_sha1 (unsigned key_length, const uint8_t *key,
>> unsigned iterations,
>> unsigned salt_length, const uint8_t *salt,
>> unsigned length, uint8_t *dst)
>
> The declarations can go i pbkdf2.h, with implementation in separate source
> files pkbdf2-hmac-sha1.c and -sha256.c.
See patch below. I also improved the manual a bit.
/Simon
>From cfad97cf3bd005e13051f359d6afa23d9cda8c41 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <si...@josefsson.org>
Date: Thu, 20 Sep 2012 22:41:17 +0200
Subject: [PATCH] Implement concrete PBKDF2 functions.
---
ChangeLog | 9 ++++++++
Makefile.in | 2 +-
nettle.texinfo | 55 ++++++++++++++++++++++++++++++++++++++++++-----
pbkdf2-hmac-sha1.c | 45 ++++++++++++++++++++++++++++++++++++++
pbkdf2-hmac-sha256.c | 45 ++++++++++++++++++++++++++++++++++++++
pbkdf2.h | 16 ++++++++++++++
testsuite/pbkdf2-test.c | 17 +++++++++++++++
7 files changed, 183 insertions(+), 6 deletions(-)
create mode 100644 pbkdf2-hmac-sha1.c
create mode 100644 pbkdf2-hmac-sha256.c
diff --git a/ChangeLog b/ChangeLog
index 049c3dd..efb578e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2012-09-20 Simon Josefsson <si...@josefsson.org>
+
+ * pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
+ * pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
+ * Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
+ pbkdf2-hmac-sha256.c.
+ * nettle.texinfo (Key derivation functions): Improve.
+ * testsuite/pbkdf2-test.c (test_main): Test new functions.
+
2012-09-20 Niels Möller <ni...@lysator.liu.se>
* pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
diff --git a/Makefile.in b/Makefile.in
index 7c6cf33..9904be5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -77,7 +77,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
des3.c des-compat.c \
hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \
hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \
- pbkdf2.c \
+ pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \
knuth-lfib.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compress.c md5-compat.c md5-meta.c \
diff --git a/nettle.texinfo b/nettle.texinfo
index a333779..c73861b 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -2123,12 +2123,19 @@ a given symmetric key derives other symmetric keys. A sub-class of KDFs
is the @dfn{password-based key derivation functions} (@acronym{PBKDFs}),
which take as input a password or passphrase, and its purpose is
typically to strengthen it and protect against certain pre-computation
-attacks by using salting and expensive computation. The most well known
-PBKDF is the @code{PKCS #5 PBKDF2} described in @cite{RFC 2898} which
-uses a pseudorandom function such as @acronym{HMAC-SHA1}.
+attacks by using salting and expensive computation.
-Nettle's @acronym{PBKDF2} function is defined in @file{<nettle/pbkdf2.h>}.
-It contains a function:
+@subsection @acronym{PBKDF2}
+The most well known PBKDF is the @code{PKCS #5 PBKDF2} described in
+@cite{RFC 2898} which uses a pseudorandom function such as
+@acronym{HMAC-SHA1}.
+
+Nettle's @acronym{PBKDF2} functions are defined in
+@file{<nettle/pbkdf2.h>}. There is an abstract function that operate on
+any PRF implemented via the @code{nettle_hash_update_func},
+@code{nettle_hash_digest_func} interfaces. There is also helper macros
+and concrete functions PBKDF2-HMAC-SHA1 and PBKDF2-HMAC-SHA256. First,
+the abstract function:
@deftypefun void pbkdf2 (void *mac_ctx, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned digest_size, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst)
Derive symmetric key from a password according to PKCS #5 PBKDF2. The
@@ -2141,6 +2148,44 @@ desired derived output length @var{length}. The output buffer is
@var{dst} which must have room for at least @var{length} octets.
@end deftypefun
+Like for CBC and HMAC, there is a macros to help use the functions
+correctly.
+
+@deffn Macro PBKDF2 (@var{ctx}, @var{update}, @var{digest}, @var{digest_size}, @var{iterations}, @var{salt_length}, @var{salt}, @var{length}, @var{dst})
+@var{ctx} is a pointer to a context struct passed to the @var{update}
+and @var{digest} functions (of the types @code{nettle_hash_update_func}
+and @code{nettle_hash_digest_func} respectively) to implement the
+underlying PRF with digest size of @var{digest_size}. Inputs are the
+salt @var{salt} of length @var{salt_length}, the iteration counter
+@var{iterations} (> 0), and the desired derived output length
+@var{length}. The output buffer is @var{dst} which must have room for
+at least @var{length} octets.
+@end deffn
+
+@subsection Concrete @acronym{PBKDF2} functions
+Now we come to the specialized @acronym{PBKDF2} functions, which are
+easier to use than the general @acronym{PBKDF2} function.
+
+@subsubsection @acronym{PBKDF2-HMAC-SHA1}
+
+@deftypefun void pbkdf2_hmac_sha1 (unsigned @var{key_length}, const uint8_t *@var{key}, unsigned @var{iterations}, unsigned @var{salt_length}, const uint8_t *@var{salt}, unsigned @var{length}, uint8_t *@var{dst})
+PBKDF2 with HMAC-SHA1. Derive @var{length} bytes of key into buffer
+@var{dst} using the password @var{key} of length @var{key_length} and
+salt @var{salt} of length @var{salt_length}, with iteration counter
+@var{iterations} (> 0). The output buffer is @var{dst} which must have
+room for at least @var{length} octets.
+@end deftypefun
+
+@subsubsection @acronym{PBKDF2-HMAC-SHA256}
+
+@deftypefun void pbkdf2_hmac_sha256 (unsigned @var{key_length}, const uint8_t *@var{key}, unsigned @var{iterations}, unsigned @var{salt_length}, const uint8_t *@var{salt}, unsigned @var{length}, uint8_t *@var{dst})
+PBKDF2 with HMAC-SHA256. Derive @var{length} bytes of key into buffer
+@var{dst} using the password @var{key} of length @var{key_length} and
+salt @var{salt} of length @var{salt_length}, with iteration counter
+@var{iterations} (> 0). The output buffer is @var{dst} which must have
+room for at least @var{length} octets.
+@end deftypefun
+
@node Public-key algorithms, Randomness, Key derivation functions, Reference
@comment node-name, next, previous, up
@section Public-key algorithms
diff --git a/pbkdf2-hmac-sha1.c b/pbkdf2-hmac-sha1.c
new file mode 100644
index 0000000..9185503
--- /dev/null
+++ b/pbkdf2-hmac-sha1.c
@@ -0,0 +1,45 @@
+/* pbkdf2-hmac-sha1.c
+ *
+ * PKCS #5 PBKDF2 used with HMAC-SHA1, see RFC 2898.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pbkdf2.h"
+
+#include "hmac.h"
+
+void
+pbkdf2_hmac_sha1 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst)
+{
+ struct hmac_sha1_ctx sha1ctx;
+
+ hmac_sha1_set_key (&sha1ctx, key_length, key);
+ PBKDF2 (&sha1ctx, hmac_sha1_update, hmac_sha1_digest,
+ SHA1_DIGEST_SIZE, iterations, salt_length, salt, length, dst);
+}
diff --git a/pbkdf2-hmac-sha256.c b/pbkdf2-hmac-sha256.c
new file mode 100644
index 0000000..448f676
--- /dev/null
+++ b/pbkdf2-hmac-sha256.c
@@ -0,0 +1,45 @@
+/* pbkdf2-hmac-sha256.c
+ *
+ * PKCS #5 PBKDF2 used with HMAC-SHA256, see RFC 2898.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pbkdf2.h"
+
+#include "hmac.h"
+
+void
+pbkdf2_hmac_sha256 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst)
+{
+ struct hmac_sha256_ctx sha256ctx;
+
+ hmac_sha256_set_key (&sha256ctx, key_length, key);
+ PBKDF2 (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
+ SHA256_DIGEST_SIZE, iterations, salt_length, salt, length, dst);
+}
diff --git a/pbkdf2.h b/pbkdf2.h
index aa61567..18816ce 100644
--- a/pbkdf2.h
+++ b/pbkdf2.h
@@ -35,6 +35,8 @@ extern "C"
/* Namespace mangling */
#define pbkdf2 nettle_pbkdf2
+#define pbkdf2_hmac_sha1 nettle_pbkdf2_sha1
+#define pbkdf2_hmac_sha256 nettle_pbkdf2_sha256
void
pbkdf2 (void *mac_ctx,
@@ -54,6 +56,20 @@ pbkdf2 (void *mac_ctx,
(digest_size), (iterations), \
(salt_length), (salt), (length), (dst)))
+/* PBKDF2 with specific PRFs. */
+
+void
+pbkdf2_hmac_sha1 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst);
+
+void
+pbkdf2_hmac_sha256 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst);
+
#ifdef __cplusplus
}
#endif
diff --git a/testsuite/pbkdf2-test.c b/testsuite/pbkdf2-test.c
index 6ef5832..c0d2eae 100644
--- a/testsuite/pbkdf2-test.c
+++ b/testsuite/pbkdf2-test.c
@@ -12,6 +12,14 @@
ASSERT(dk[expect->length] == 17); \
} while (0)
+#define PBKDF2_HMAC_TEST(f, key, c, salt, expect) \
+ do { \
+ dk[expect->length] = 17; \
+ f (key, c, salt, expect->length, dk); \
+ ASSERT(MEMEQ (expect->length, dk, expect->data)); \
+ ASSERT(dk[expect->length] == 17); \
+ } while (0)
+
#define MAX_DKLEN 25
void
@@ -69,4 +77,13 @@ test_main (void)
PBKDF2_TEST (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
SHA256_DIGEST_SIZE, 80000, LDATA("NaCl"),
SHEX("4ddcd8f60b98be21830cee5ef22701f9"));
+
+ /* Test convenience functions. */
+
+ PBKDF2_HMAC_TEST(pbkdf2_hmac_sha1, LDATA("password"), 1, LDATA("salt"),
+ SHEX("0c60c80f961f0e71f3a9b524af6012062fe037a6"));
+
+ PBKDF2_HMAC_TEST(pbkdf2_hmac_sha256, LDATA("passwd"), 1, LDATA("salt"),
+ SHEX("55ac046e56e3089fec1691c22544b605"));
+
}
--
1.7.9.5
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
