Argument reorder for pbkdf2.

d5a173c7 · Niels Möller · 4404dc6d · d5a173c7 · d5a173c7 · d5a173c7
Commit d5a173c7 authored Sep 20, 2012 by Niels Möller
Showing with 41 additions and 34 deletions

ChangeLog ChangeLog +7 -0

nettle.texinfo nettle.texinfo +1 -1

pbkdf2.c pbkdf2.c +4 -4

pbkdf2.h pbkdf2.h +9 -8

testsuite/pbkdf2-test.c testsuite/pbkdf2-test.c +20 -21

No files found.
--- a/ChangeLog
+++ b/ChangeLog
 2012-09-20  Niels Möller  <nisse@lysator.liu.se>

+	* pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
+	* pbkdf2.h (PBKDF2): Analogous reordering.
+	* testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
+	LDATA for the salt.
+	* nettle.texinfo (Key derivation functions): Updated documented
+	pbkdf2 prototype.
+
 	* testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
 	checking easier.


--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -2130,7 +2130,7 @@ uses a pseudorandom function such as @acronym{HMAC-SHA1}.
 Nettle's @acronym{PBKDF2} function is defined in @file{<nettle/pbkdf2.h>}.
 It contains a function:

-@deftypefun void pbkdf2 (void *mac_ctx, unsigned digest_size, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned length, uint8_t *dst, unsigned iterations, unsigned salt_length, const uint8_t *salt)
+@deftypefun void pbkdf2 (void *mac_ctx, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned digest_size, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst)
 Derive symmetric key from a password according to PKCS #5 PBKDF2.  The
 PRF is assumed to have been initialized and this function will call the
 @var{update} and @var{digest} functions passing the @var{mac_ctx}

--- a/pbkdf2.c
+++ b/pbkdf2.c
@@ -38,12 +38,12 @@
 #include "nettle-internal.h"

 void
-pbkdf2 (void *mac_ctx, unsigned digest_size,
+pbkdf2 (void *mac_ctx,
 	nettle_hash_update_func *update,
 	nettle_hash_digest_func *digest,
-	unsigned length, uint8_t *dst,
-	unsigned iterations,
-	unsigned salt_length, const uint8_t *salt)
+	unsigned digest_size, unsigned iterations,
+	unsigned salt_length, const uint8_t *salt,
+	unsigned length, uint8_t *dst)
 {
  TMP_DECL(U, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
  TMP_DECL(T, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);

--- a/pbkdf2.h
+++ b/pbkdf2.h
@@ -37,21 +37,22 @@ extern "C"
 #define pbkdf2 nettle_pbkdf2

 void
-pbkdf2 (void *mac_ctx, unsigned digest_size,
+pbkdf2 (void *mac_ctx,
 	nettle_hash_update_func *update,
 	nettle_hash_digest_func *digest,
-	unsigned length, uint8_t *dst,
-	unsigned iterations,
-	unsigned salt_length, const uint8_t *salt);
+	unsigned digest_size, unsigned iterations,
+	unsigned salt_length, const uint8_t *salt,
+	unsigned length, uint8_t *dst);

-#define PBKDF2(ctx, digest_size, update, digest,			\
-	       length, dst, iterations, salt_length, salt)		\
+#define PBKDF2(ctx, update, digest, digest_size,			\
+	       iterations, salt_length, salt, length, dst)		\
  (0 ? ((update)((ctx), 0, (uint8_t *) 0),				\
 	(digest)((ctx), 0, (uint8_t *) 0))				\
-   : pbkdf2 ((ctx), (digest_size),					\
+   : pbkdf2 ((ctx),							\
 	     (nettle_hash_update_func *)(update),			\
 	     (nettle_hash_digest_func *)(digest),			\
-	     (length), (dst), (iterations), (salt_length), (salt)))
+	     (digest_size), (iterations),				\
+	     (salt_length), (salt), (length), (dst)))

 #ifdef __cplusplus
 }

--- a/testsuite/pbkdf2-test.c
+++ b/testsuite/pbkdf2-test.c
@@ -3,10 +3,11 @@
 #include "sha.h"
 #include "pbkdf2.h"

-#define PBKDF2_TEST(ctx, size, update, digest, slen, s, c, expect)	\
+/* NOTE: The salt argument is expected to expand to length, data */
+#define PBKDF2_TEST(ctx, update, digest, size, c, salt, expect)	\
  do {									\
    dk[expect->length] = 17;						\
-    PBKDF2 (ctx, size, update, digest, expect->length, dk, c, slen, s);	\
+    PBKDF2 (ctx, update, digest, size, c, salt, expect->length, dk); \
    ASSERT(MEMEQ (expect->length, dk, expect->data));			\
    ASSERT(dk[expect->length] == 17);					\
  } while (0)
@@ -24,34 +25,34 @@ test_main (void)

  hmac_sha1_set_key (&sha1ctx, 8, "password");

-  PBKDF2_TEST(&sha1ctx, SHA1_DIGEST_SIZE, hmac_sha1_update, hmac_sha1_digest,
-	      4, "salt", 1,
-	      SHEX("0c60c80f961f0e71f3a9b524af6012062fe037a6"));
+  PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+	       1, LDATA("salt"),
+	       SHEX("0c60c80f961f0e71f3a9b524af6012062fe037a6"));

-  PBKDF2_TEST (&sha1ctx, SHA1_DIGEST_SIZE, hmac_sha1_update, hmac_sha1_digest,
-	       4, "salt", 2,
+  PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+	       2, LDATA("salt"),
 	       SHEX("ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"));

-  PBKDF2_TEST (&sha1ctx, SHA1_DIGEST_SIZE, hmac_sha1_update, hmac_sha1_digest,
-	       4, "salt", 4096,
+  PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+	       4096, LDATA("salt"),
 	       SHEX("4b007901b765489abead49d926f721d065a429c1"));

 #if 0				/* too slow */
-  PBKDF2_TEST (&sha1ctx, SHA1_DIGEST_SIZE, hmac_sha1_update, hmac_sha1_digest,
-	       4, "salt", 16777216,
+  PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+	       16777216, LDATA("salt"),
 	       SHEX("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"));
 #endif

  hmac_sha1_set_key (&sha1ctx, 24, "passwordPASSWORDpassword");

-  PBKDF2_TEST (&sha1ctx, SHA1_DIGEST_SIZE, hmac_sha1_update, hmac_sha1_digest,
-	       36, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096,
+  PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+	       4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"),
 	       SHEX("3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"));

  hmac_sha1_set_key (&sha1ctx, 9, "pass\0word");

-  PBKDF2_TEST (&sha1ctx, SHA1_DIGEST_SIZE, hmac_sha1_update, hmac_sha1_digest,
-	       5, "sa\0lt", 4096,
+  PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+	       4096, LDATA("sa\0lt"),
 	       SHEX("56fa6aa75548099dcc37d7f03425e0c3"));

  /* PBKDF2-HMAC-SHA-256 test vectors confirmed with another
@@ -59,15 +60,13 @@ test_main (void)

  hmac_sha256_set_key (&sha256ctx, 6, "passwd");

-  PBKDF2_TEST (&sha256ctx, SHA256_DIGEST_SIZE,
-	       hmac_sha256_update, hmac_sha256_digest,
-	       4, "salt", 1,
+  PBKDF2_TEST (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
+	       SHA256_DIGEST_SIZE, 1, LDATA("salt"),
 	       SHEX("55ac046e56e3089fec1691c22544b605"));

  hmac_sha256_set_key (&sha256ctx, 8, "Password");

-  PBKDF2_TEST (&sha256ctx, SHA256_DIGEST_SIZE,
-	       hmac_sha256_update, hmac_sha256_digest,
-	       4, "NaCl", 80000,
+  PBKDF2_TEST (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
+	       SHA256_DIGEST_SIZE, 80000, LDATA("NaCl"),
 	       SHEX("4ddcd8f60b98be21830cee5ef22701f9"));
 }