From 6794c17af6815e0c2cd0b88414b1922d4ba04b51 Mon Sep 17 00:00:00 2001 From: Erick Tryzelaar Date: Fri, 20 Apr 2012 10:04:23 -0700 Subject: [PATCH] Add support for PKCS5_PBKDF2_HMAC_SHA1. --- crypto.rc | 1 + pkcs5.rs | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 pkcs5.rs diff --git a/crypto.rc b/crypto.rc index b91cb372..cdd25fb8 100644 --- a/crypto.rc +++ b/crypto.rc @@ -24,3 +24,4 @@ use std; // FIXME https://github.com/mozilla/rust/issues/1127 mod hash; mod pkey; mod symm; +mod pkcs5; diff --git a/pkcs5.rs b/pkcs5.rs new file mode 100644 index 00000000..468fe6b0 --- /dev/null +++ b/pkcs5.rs @@ -0,0 +1,89 @@ +import libc::{c_char, c_uchar, c_int}; + +#[link_name = "crypto"] +#[abi = "cdecl"] +native mod _native { + fn PKCS5_PBKDF2_HMAC_SHA1(pass: *c_char, passlen: c_int, + salt: *c_uchar, saltlen: c_int, + iter: c_int, keylen: c_int, + out: *c_uchar) -> c_int; +} + +#[doc = " +Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm. +"] +fn pbkdf2_hmac_sha1(pass: str, salt: [u8], iter: uint, keylen: uint) -> [u8] { + assert iter >= 1u; + assert keylen >= 1u; + + str::as_c_str(pass) { |pass_buf| + vec::as_buf(salt) { |salt_buf| + let mut out = []; + vec::reserve(out, keylen); + + vec::as_buf(out) { |out_buf| + let r = _native::PKCS5_PBKDF2_HMAC_SHA1( + pass_buf, str::len(pass) as c_int, + salt_buf, vec::len(salt) as c_int, + iter as c_int, keylen as c_int, + out_buf); + + if r != 1 as c_int { fail; } + + unsafe { vec::unsafe::set_len(out, keylen); } + out + } + } + } +} + +#[cfg(test)] +mod tests { + // Test vectors from + // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 + #[test] + fn test_pbkdf2_hmac_sha1() { + assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 1u, 20u) == [ + 0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, + 0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, + 0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8 + ]; + + assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 2u, 20u) == [ + 0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, + 0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, + 0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8 + ]; + + assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 4096u, + 20u) == [ + 0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, + 0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, + 0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8 + ]; + + assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 16777216u, + 20u) == [ + 0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, + 0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, + 0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8 + ]; + + assert pbkdf2_hmac_sha1( + "passwordPASSWORDpassword", + str::bytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + 4096u, 25u) == [ + 0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, + 0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, + 0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, + 0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8 + ]; + + assert pbkdf2_hmac_sha1("pass\x00word", str::bytes("sa\x00lt"), 4096u, + 16u) == [ + 0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, + 0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, + 0xe0_u8, 0xc3_u8 + ]; + } +}