Commit 24f3cce7 authored by Simon Josefsson's avatar Simon Josefsson Committed by Niels Möller

Support for pbkdf2.

parent 75288e44
2012-09-19 Niels Möller <nisse@lysator.liu.se>
* pbkdf2.h (PBKDF2): New macro.
* testsuite/pbkdf2-test.c: Use it.
2012-09-12 Simon Josefsson <simon@josefsson.org>
* NEWS: Mention addition of PBKDF2.
* pbkdf2.c (pbkdf2): New file and function.
* pbkdf2.h: Declare it.
* Makefile.in (nettle_SOURCES): Add pbkdf2.c.
(HEADERS): Add pbkdf2.h.
* nettle.texinfo (Key derivation functions): New section.
* testsuite/pbkdf2-test.c: New test case.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
* testsuite/.test-rules.make (pbkdf2-test): New target.
2012-09-16 Niels Möller <nisse@lysator.liu.se> 2012-09-16 Niels Möller <nisse@lysator.liu.se>
* testsuite/: Overhaul of testsuite, affecting almost all files. * testsuite/: Overhaul of testsuite, affecting almost all files.
......
...@@ -77,6 +77,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ ...@@ -77,6 +77,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
des3.c des-compat.c \ des3.c des-compat.c \
hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \
hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \
pbkdf2.c \
knuth-lfib.c \ knuth-lfib.c \
md2.c md2-meta.c md4.c md4-meta.c \ md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compress.c md5-compat.c md5-meta.c \ md5.c md5-compress.c md5-compat.c md5-meta.c \
...@@ -123,6 +124,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \ ...@@ -123,6 +124,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
cbc.h ctr.h gcm.h \ cbc.h ctr.h gcm.h \
des.h des-compat.h dsa.h \ des.h des-compat.h dsa.h \
hmac.h \ hmac.h \
pbkdf2.h \
knuth-lfib.h \ knuth-lfib.h \
macros.h \ macros.h \
md2.h md4.h \ md2.h md4.h \
......
NEWS for the 2.6 release
New features:
* Support for PKCS #5 PBKDF2. Contributed by Simon Josefsson.
Specification in RFC 2898 and test vectors in RFC 6070.
NEWS for the 2.5 release NEWS for the 2.5 release
This release includes important portability fixes for Windows This release includes important portability fixes for Windows
......
...@@ -70,6 +70,7 @@ Reference ...@@ -70,6 +70,7 @@ Reference
* Cipher functions:: * Cipher functions::
* Cipher modes:: * Cipher modes::
* Keyed hash functions:: * Keyed hash functions::
* Key derivation functions::
* Public-key algorithms:: * Public-key algorithms::
* Randomness:: * Randomness::
* Ascii encoding:: * Ascii encoding::
...@@ -199,6 +200,10 @@ implementation (in the public domain), adapted to Nettle by Simon ...@@ -199,6 +200,10 @@ implementation (in the public domain), adapted to Nettle by Simon
Josefsson, and heavily modified by Niels Möller. Assembly for x86_64 by Josefsson, and heavily modified by Niels Möller. Assembly for x86_64 by
Niels Möller. Released under the LGPL. Niels Möller. Released under the LGPL.
@item PBKDF2
The C implementation of PBKDF2 is based on earlier work for Shishi and
GnuTLS by Simon Josefsson. Released under the LGPL.
@item SERPENT @item SERPENT
The implementation of the SERPENT cipher is based on the code in libgcrypt, The implementation of the SERPENT cipher is based on the code in libgcrypt,
copyright owned by the Free Software Foundation. Adapted to Nettle by copyright owned by the Free Software Foundation. Adapted to Nettle by
...@@ -316,6 +321,7 @@ This chapter describes all the Nettle functions, grouped by family. ...@@ -316,6 +321,7 @@ This chapter describes all the Nettle functions, grouped by family.
* Cipher functions:: * Cipher functions::
* Cipher modes:: * Cipher modes::
* Keyed hash functions:: * Keyed hash functions::
* Key derivation functions::
* Public-key algorithms:: * Public-key algorithms::
* Randomness:: * Randomness::
* Ascii encoding:: * Ascii encoding::
...@@ -1852,7 +1858,7 @@ only the first @var{length} octets of the digest are written. ...@@ -1852,7 +1858,7 @@ only the first @var{length} octets of the digest are written.
@node Keyed hash functions, Public-key algorithms, Cipher modes, Reference @node Keyed hash functions, Key derivation functions, Cipher modes, Reference
@comment node-name, next, previous, up @comment node-name, next, previous, up
@section Keyed Hash Functions @section Keyed Hash Functions
...@@ -2102,7 +2108,40 @@ This function also resets the context for processing new messages, with ...@@ -2102,7 +2108,40 @@ This function also resets the context for processing new messages, with
the same key. the same key.
@end deftypefun @end deftypefun
@node Public-key algorithms, Randomness, Keyed hash functions, Reference @node Key derivation functions, Public-key algorithms, Keyed hash functions, Reference
@comment node-name, next, previous, up
@section Key derivation Functions
@cindex Key Derivation Function
@cindex Password Based Key Derivation Function
@cindex PKCS #5
@cindex KDF
@cindex PBKDF
A @dfn{key derivation function} (@acronym{KDF}) is a function that from
a given symmetric key derives other symmetric keys. A sub-class of KDFs
is the @dfn{password-based key derivation functions} (@acronym{PBKDFs}),
which take as input a password or passphrase, and its purpose is
typically to strengthen it and protect against certain pre-computation
attacks by using salting and expensive computation. The most well known
PBKDF is the @code{PKCS #5 PBKDF2} described in @cite{RFC 2898} which
uses a pseudorandom function such as @acronym{HMAC-SHA1}.
Nettle's @acronym{PBKDF2} function is defined in @file{<nettle/pbkdf2.h>}.
It contains a function:
@deftypefun void pbkdf2 (void *mac_ctx, unsigned digest_size, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned length, uint8_t *dst, unsigned iterations, unsigned salt_length, const uint8_t *salt)
Derive symmetric key from a password according to PKCS #5 PBKDF2. The
PRF is assumed to have been initialized and this function will call the
@var{update} and @var{digest} functions passing the @var{mac_ctx}
context parameter as an argument in order to compute digest of size
@var{digest_size}. Inputs are the salt @var{salt} of length
@var{salt_length}, the iteration counter @var{iterations} (> 0), and the
desired derived output length @var{length}. The output buffer is
@var{dst} which must have room for at least @var{length} octets.
@end deftypefun
@node Public-key algorithms, Randomness, Key derivation functions, Reference
@comment node-name, next, previous, up @comment node-name, next, previous, up
@section Public-key algorithms @section Public-key algorithms
......
/* pbkdf2.c
*
* PKCS #5 password-based key derivation function PBKDF2, see RFC 2898.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2012 Simon Josefsson
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include "pbkdf2.h"
#include "macros.h"
#include "memxor.h"
#include "nettle-internal.h"
void
pbkdf2 (void *mac_ctx, unsigned digest_size,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
unsigned length, uint8_t *dst,
unsigned iterations,
unsigned salt_length, const uint8_t *salt)
{
TMP_DECL(U, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
TMP_DECL(T, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
unsigned int u;
unsigned int l;
unsigned int r;
unsigned int i;
char tmp[4];
if (iterations == 0)
return;
if (length == 0)
return;
l = ((length - 1) / digest_size) + 1;
r = length - (l - 1) * digest_size;
TMP_ALLOC (U, digest_size);
TMP_ALLOC (T, digest_size);
for (i = 1; i <= l; i++)
{
memset (T, 0, digest_size);
for (u = 1; u <= iterations; u++)
{
if (u == 1)
{
WRITE_UINT32 (tmp, i);
update (mac_ctx, salt_length, salt);
update (mac_ctx, 4, tmp);
}
else
{
update (mac_ctx, digest_size, U);
}
digest (mac_ctx, digest_size, U);
memxor (T, U, digest_size);
}
memcpy (dst + (i - 1) * digest_size, T, i == l ? r : digest_size);
}
}
/* pbkdf2.c
*
* PKCS #5 password-based key derivation function PBKDF2, see RFC 2898.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2012 Simon Josefsson
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_PBKDF2_H_INCLUDED
#define NETTLE_PBKDF2_H_INCLUDED
#include "nettle-meta.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* Namespace mangling */
#define pbkdf2 nettle_pbkdf2
void
pbkdf2 (void *mac_ctx, unsigned digest_size,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
unsigned length, uint8_t *dst,
unsigned iterations,
unsigned salt_length, const uint8_t *salt);
#define PBKDF2(ctx, digest_size, update, digest, \
length, dst, iterations, salt_length, salt) \
(0 ? ((update)((ctx), 0, (const uint8_t *) 0), \
(digest)((ctx), 0, (uint8_t *) 0)) \
: pbkdf2 ((ctx), (digest_size), \
(nettle_hash_update_func *)(update), \
(nettle_hash_digest_func *)(digest), \
(length), (dst), (iterations), (salt_length), (salt)))
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_PBKDF2_H_INCLUDED */
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
/meta-armor-test /meta-armor-test
/meta-cipher-test /meta-cipher-test
/meta-hash-test /meta-hash-test
/pbkdf2-test
/pkcs1-test /pkcs1-test
/random-prime-test /random-prime-test
/ripemd160-test /ripemd160-test
......
...@@ -88,6 +88,9 @@ gcm-test$(EXEEXT): gcm-test.$(OBJEXT) ...@@ -88,6 +88,9 @@ gcm-test$(EXEEXT): gcm-test.$(OBJEXT)
hmac-test$(EXEEXT): hmac-test.$(OBJEXT) hmac-test$(EXEEXT): hmac-test.$(OBJEXT)
$(LINK) hmac-test.$(OBJEXT) $(TEST_OBJS) -o hmac-test$(EXEEXT) $(LINK) hmac-test.$(OBJEXT) $(TEST_OBJS) -o hmac-test$(EXEEXT)
pbkdf2-test$(EXEEXT): pbkdf2-test.$(OBJEXT)
$(LINK) pbkdf2-test.$(OBJEXT) $(TEST_OBJS) -o pbkdf2-test$(EXEEXT)
meta-hash-test$(EXEEXT): meta-hash-test.$(OBJEXT) meta-hash-test$(EXEEXT): meta-hash-test.$(OBJEXT)
$(LINK) meta-hash-test.$(OBJEXT) $(TEST_OBJS) -o meta-hash-test$(EXEEXT) $(LINK) meta-hash-test.$(OBJEXT) $(TEST_OBJS) -o meta-hash-test$(EXEEXT)
......
...@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ ...@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
knuth-lfib-test.c \ knuth-lfib-test.c \
cbc-test.c ctr-test.c gcm-test.c hmac-test.c \ cbc-test.c ctr-test.c gcm-test.c hmac-test.c \
meta-hash-test.c meta-cipher-test.c meta-armor-test.c \ meta-hash-test.c meta-cipher-test.c meta-armor-test.c \
buffer-test.c yarrow-test.c buffer-test.c yarrow-test.c pbkdf2-test.c
TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
rsa2sexp-test.c sexp2rsa-test.c \ rsa2sexp-test.c sexp2rsa-test.c \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment