Continue error handling cleanup
Also overhaul/clean up pkcs5 internals
This commit is contained in:
Steven Fackler
parent
8f89f0bfa9
commit
73ccfe7a29
|
|
@ -4,26 +4,25 @@ use error::ErrorStack;
|
||||||
use std::ptr;
|
use std::ptr;
|
||||||
use libc::{c_int, c_char, c_void};
|
use libc::{c_int, c_char, c_void};
|
||||||
|
|
||||||
|
use {cvt, cvt_p};
|
||||||
use bn::BigNumRef;
|
use bn::BigNumRef;
|
||||||
use bio::{MemBio, MemBioSlice};
|
use bio::{MemBio, MemBioSlice};
|
||||||
use crypto::util::{CallbackState, invoke_passwd_cb};
|
use crypto::util::{CallbackState, invoke_passwd_cb};
|
||||||
|
|
||||||
|
|
||||||
/// Builder for upfront DSA parameter generation
|
/// Builder for upfront DSA parameter generation
|
||||||
pub struct DSAParams(*mut ffi::DSA);
|
pub struct DSAParams(*mut ffi::DSA);
|
||||||
|
|
||||||
impl DSAParams {
|
impl DSAParams {
|
||||||
pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> {
|
pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
// Wrap it so that if we panic we'll call the dtor
|
let dsa = DSAParams(try!(cvt_p(ffi::DSA_new())));
|
||||||
let dsa = DSAParams(try_ssl_null!(ffi::DSA_new()));
|
try!(cvt(ffi::DSA_generate_parameters_ex(dsa.0,
|
||||||
try_ssl!(ffi::DSA_generate_parameters_ex(dsa.0,
|
|
||||||
size as c_int,
|
size as c_int,
|
||||||
ptr::null(),
|
ptr::null(),
|
||||||
0,
|
0,
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
ptr::null_mut()));
|
ptr::null_mut())));
|
||||||
Ok(dsa)
|
Ok(dsa)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -31,7 +30,7 @@ impl DSAParams {
|
||||||
/// Generate a key pair from the initialized parameters
|
/// Generate a key pair from the initialized parameters
|
||||||
pub fn generate(self) -> Result<DSA, ErrorStack> {
|
pub fn generate(self) -> Result<DSA, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
try_ssl!(ffi::DSA_generate_key(self.0));
|
try!(cvt(ffi::DSA_generate_key(self.0)));
|
||||||
let dsa = DSA(self.0);
|
let dsa = DSA(self.0);
|
||||||
::std::mem::forget(self);
|
::std::mem::forget(self);
|
||||||
Ok(dsa)
|
Ok(dsa)
|
||||||
|
|
@ -75,13 +74,11 @@ impl DSA {
|
||||||
let mem_bio = try!(MemBioSlice::new(buf));
|
let mem_bio = try!(MemBioSlice::new(buf));
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
let dsa = try_ssl_null!(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(),
|
let dsa = try!(cvt_p(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
None,
|
None,
|
||||||
ptr::null_mut()));
|
ptr::null_mut())));
|
||||||
let dsa = DSA(dsa);
|
Ok(DSA(dsa))
|
||||||
assert!(dsa.has_private_key());
|
|
||||||
Ok(dsa)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -99,13 +96,11 @@ impl DSA {
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
let cb_ptr = &mut cb as *mut _ as *mut c_void;
|
let cb_ptr = &mut cb as *mut _ as *mut c_void;
|
||||||
let dsa = try_ssl_null!(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(),
|
let dsa = try!(cvt_p(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
Some(invoke_passwd_cb::<F>),
|
Some(invoke_passwd_cb::<F>),
|
||||||
cb_ptr));
|
cb_ptr)));
|
||||||
let dsa = DSA(dsa);
|
Ok(DSA(dsa))
|
||||||
assert!(dsa.has_private_key());
|
|
||||||
Ok(dsa)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -116,9 +111,9 @@ impl DSA {
|
||||||
let mem_bio = try!(MemBio::new());
|
let mem_bio = try!(MemBio::new());
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
try_ssl!(ffi::PEM_write_bio_DSAPrivateKey(mem_bio.as_ptr(), self.0,
|
try!(cvt(ffi::PEM_write_bio_DSAPrivateKey(mem_bio.as_ptr(), self.0,
|
||||||
ptr::null(), ptr::null_mut(), 0,
|
ptr::null(), ptr::null_mut(), 0,
|
||||||
None, ptr::null_mut()))
|
None, ptr::null_mut())))
|
||||||
};
|
};
|
||||||
|
|
||||||
Ok(mem_bio.get_buf().to_owned())
|
Ok(mem_bio.get_buf().to_owned())
|
||||||
|
|
@ -131,10 +126,10 @@ impl DSA {
|
||||||
|
|
||||||
let mem_bio = try!(MemBioSlice::new(buf));
|
let mem_bio = try!(MemBioSlice::new(buf));
|
||||||
unsafe {
|
unsafe {
|
||||||
let dsa = try_ssl_null!(ffi::PEM_read_bio_DSA_PUBKEY(mem_bio.as_ptr(),
|
let dsa = try!(cvt_p(ffi::PEM_read_bio_DSA_PUBKEY(mem_bio.as_ptr(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
None,
|
None,
|
||||||
ptr::null_mut()));
|
ptr::null_mut())));
|
||||||
Ok(DSA(dsa))
|
Ok(DSA(dsa))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -142,7 +137,9 @@ impl DSA {
|
||||||
/// Writes an DSA public key as PEM formatted data
|
/// Writes an DSA public key as PEM formatted data
|
||||||
pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
|
pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
|
||||||
let mem_bio = try!(MemBio::new());
|
let mem_bio = try!(MemBio::new());
|
||||||
unsafe { try_ssl!(ffi::PEM_write_bio_DSA_PUBKEY(mem_bio.as_ptr(), self.0)) };
|
unsafe {
|
||||||
|
try!(cvt(ffi::PEM_write_bio_DSA_PUBKEY(mem_bio.as_ptr(), self.0)));
|
||||||
|
}
|
||||||
Ok(mem_bio.get_buf().to_owned())
|
Ok(mem_bio.get_buf().to_owned())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
use std::io::prelude::*;
|
use std::io::prelude::*;
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::ptr;
|
|
||||||
use ffi;
|
use ffi;
|
||||||
|
|
||||||
#[cfg(ossl110)]
|
#[cfg(ossl110)]
|
||||||
|
|
@ -8,6 +7,7 @@ use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free};
|
||||||
#[cfg(any(ossl101, ossl102))]
|
#[cfg(any(ossl101, ossl102))]
|
||||||
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
|
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
|
||||||
|
|
||||||
|
use {cvt, cvt_p};
|
||||||
use error::ErrorStack;
|
use error::ErrorStack;
|
||||||
|
|
||||||
#[derive(Copy, Clone)]
|
#[derive(Copy, Clone)]
|
||||||
|
|
@ -116,7 +116,7 @@ impl Hasher {
|
||||||
pub fn new(ty: MessageDigest) -> Result<Hasher, ErrorStack> {
|
pub fn new(ty: MessageDigest) -> Result<Hasher, ErrorStack> {
|
||||||
ffi::init();
|
ffi::init();
|
||||||
|
|
||||||
let ctx = unsafe { try_ssl_null!(EVP_MD_CTX_new()) };
|
let ctx = unsafe { try!(cvt_p(EVP_MD_CTX_new())) };
|
||||||
|
|
||||||
let mut h = Hasher {
|
let mut h = Hasher {
|
||||||
ctx: ctx,
|
ctx: ctx,
|
||||||
|
|
@ -136,7 +136,7 @@ impl Hasher {
|
||||||
}
|
}
|
||||||
Finalized => (),
|
Finalized => (),
|
||||||
}
|
}
|
||||||
unsafe { try_ssl!(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *mut _)); }
|
unsafe { try!(cvt(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *mut _))); }
|
||||||
self.state = Reset;
|
self.state = Reset;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
@ -147,9 +147,9 @@ impl Hasher {
|
||||||
try!(self.init());
|
try!(self.init());
|
||||||
}
|
}
|
||||||
unsafe {
|
unsafe {
|
||||||
try_ssl!(ffi::EVP_DigestUpdate(self.ctx,
|
try!(cvt(ffi::EVP_DigestUpdate(self.ctx,
|
||||||
data.as_ptr() as *mut _,
|
data.as_ptr() as *mut _,
|
||||||
data.len()));
|
data.len())));
|
||||||
}
|
}
|
||||||
self.state = Updated;
|
self.state = Updated;
|
||||||
Ok(())
|
Ok(())
|
||||||
|
|
@ -164,7 +164,7 @@ impl Hasher {
|
||||||
unsafe {
|
unsafe {
|
||||||
let mut len = ffi::EVP_MAX_MD_SIZE;
|
let mut len = ffi::EVP_MAX_MD_SIZE;
|
||||||
let mut res = vec![0; len as usize];
|
let mut res = vec![0; len as usize];
|
||||||
try_ssl!(ffi::EVP_DigestFinal_ex(self.ctx, res.as_mut_ptr(), &mut len));
|
try!(cvt(ffi::EVP_DigestFinal_ex(self.ctx, res.as_mut_ptr(), &mut len)));
|
||||||
res.truncate(len as usize);
|
res.truncate(len as usize);
|
||||||
self.state = Finalized;
|
self.state = Finalized;
|
||||||
Ok(res)
|
Ok(res)
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ use libc::c_int;
|
||||||
use std::ptr;
|
use std::ptr;
|
||||||
use ffi;
|
use ffi;
|
||||||
|
|
||||||
|
use cvt;
|
||||||
use crypto::hash::MessageDigest;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::symm::Cipher;
|
use crypto::symm::Cipher;
|
||||||
use error::ErrorStack;
|
use error::ErrorStack;
|
||||||
|
|
@ -9,26 +10,27 @@ use error::ErrorStack;
|
||||||
#[derive(Clone, Eq, PartialEq, Hash, Debug)]
|
#[derive(Clone, Eq, PartialEq, Hash, Debug)]
|
||||||
pub struct KeyIvPair {
|
pub struct KeyIvPair {
|
||||||
pub key: Vec<u8>,
|
pub key: Vec<u8>,
|
||||||
pub iv: Vec<u8>,
|
pub iv: Option<Vec<u8>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Derives a key and an IV from various parameters.
|
/// Derives a key and an IV from various parameters.
|
||||||
///
|
///
|
||||||
/// If specified `salt` must be 8 bytes in length.
|
/// If specified, `salt` must be 8 bytes in length.
|
||||||
///
|
///
|
||||||
/// If the total key and IV length is less than 16 bytes and MD5 is used then
|
/// If the total key and IV length is less than 16 bytes and MD5 is used then
|
||||||
/// the algorithm is compatible with the key derivation algorithm from PKCS#5
|
/// the algorithm is compatible with the key derivation algorithm from PKCS#5
|
||||||
/// v1.5 or PBKDF1 from PKCS#5 v2.0.
|
/// v1.5 or PBKDF1 from PKCS#5 v2.0.
|
||||||
///
|
///
|
||||||
/// New applications should not use this and instead use `pbkdf2_hmac_sha1` or
|
/// New applications should not use this and instead use
|
||||||
/// another more modern key derivation algorithm.
|
/// `pkcs5_pbkdf2_hmac_sha1` or another more modern key derivation algorithm.
|
||||||
pub fn evp_bytes_to_key_pbkdf1_compatible(cipher: Cipher,
|
pub fn bytes_to_key(cipher: Cipher,
|
||||||
digest: MessageDigest,
|
digest: MessageDigest,
|
||||||
data: &[u8],
|
data: &[u8],
|
||||||
salt: Option<&[u8]>,
|
salt: Option<&[u8]>,
|
||||||
count: u32)
|
count: i32)
|
||||||
-> Result<KeyIvPair, ErrorStack> {
|
-> Result<KeyIvPair, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
|
assert!(data.len() <= c_int::max_value() as usize);
|
||||||
let salt_ptr = match salt {
|
let salt_ptr = match salt {
|
||||||
Some(salt) => {
|
Some(salt) => {
|
||||||
assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize);
|
assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize);
|
||||||
|
|
@ -39,78 +41,58 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(cipher: Cipher,
|
||||||
|
|
||||||
ffi::init();
|
ffi::init();
|
||||||
|
|
||||||
|
let mut iv = cipher.iv_len().map(|l| vec![0; l]);
|
||||||
|
|
||||||
let cipher = cipher.as_ptr();
|
let cipher = cipher.as_ptr();
|
||||||
let digest = digest.as_ptr();
|
let digest = digest.as_ptr();
|
||||||
|
|
||||||
let len = ffi::EVP_BytesToKey(cipher,
|
let len = try!(cvt(ffi::EVP_BytesToKey(cipher,
|
||||||
digest,
|
digest,
|
||||||
salt_ptr,
|
salt_ptr,
|
||||||
data.as_ptr(),
|
ptr::null(),
|
||||||
data.len() as c_int,
|
data.len() as c_int,
|
||||||
count as c_int,
|
count.into(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
ptr::null_mut());
|
ptr::null_mut())));
|
||||||
if len == 0 {
|
|
||||||
return Err(ErrorStack::get());
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut key = vec![0; len as usize];
|
let mut key = vec![0; len as usize];
|
||||||
let mut iv = vec![0; len as usize];
|
let iv_ptr = iv.as_mut().map(|v| v.as_mut_ptr()).unwrap_or(ptr::null_mut());
|
||||||
|
|
||||||
try_ssl!(ffi::EVP_BytesToKey(cipher,
|
try!(cvt(ffi::EVP_BytesToKey(cipher,
|
||||||
digest,
|
digest,
|
||||||
salt_ptr,
|
salt_ptr,
|
||||||
data.as_ptr(),
|
data.as_ptr(),
|
||||||
data.len() as c_int,
|
data.len() as c_int,
|
||||||
count as c_int,
|
count as c_int,
|
||||||
key.as_mut_ptr(),
|
key.as_mut_ptr(),
|
||||||
iv.as_mut_ptr()));
|
iv_ptr)));
|
||||||
|
|
||||||
Ok(KeyIvPair { key: key, iv: iv })
|
Ok(KeyIvPair { key: key, iv: iv })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm.
|
|
||||||
pub fn pbkdf2_hmac_sha1(pass: &[u8],
|
|
||||||
salt: &[u8],
|
|
||||||
iter: usize,
|
|
||||||
keylen: usize)
|
|
||||||
-> Result<Vec<u8>, ErrorStack> {
|
|
||||||
unsafe {
|
|
||||||
let mut out = vec![0; keylen];
|
|
||||||
|
|
||||||
ffi::init();
|
|
||||||
|
|
||||||
try_ssl!(ffi::PKCS5_PBKDF2_HMAC_SHA1(pass.as_ptr() as *const _,
|
|
||||||
pass.len() as c_int,
|
|
||||||
salt.as_ptr(),
|
|
||||||
salt.len() as c_int,
|
|
||||||
iter as c_int,
|
|
||||||
keylen as c_int,
|
|
||||||
out.as_mut_ptr()));
|
|
||||||
Ok(out)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function.
|
/// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function.
|
||||||
pub fn pbkdf2_hmac(pass: &[u8],
|
pub fn pbkdf2_hmac(pass: &[u8],
|
||||||
salt: &[u8],
|
salt: &[u8],
|
||||||
iter: usize,
|
iter: usize,
|
||||||
hash: MessageDigest,
|
hash: MessageDigest,
|
||||||
keylen: usize)
|
key: &mut [u8])
|
||||||
-> Result<Vec<u8>, ErrorStack> {
|
-> Result<(), ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
let mut out = vec![0; keylen];
|
assert!(pass.len() <= c_int::max_value() as usize);
|
||||||
|
assert!(salt.len() <= c_int::max_value() as usize);
|
||||||
|
assert!(key.len() <= c_int::max_value() as usize);
|
||||||
|
|
||||||
ffi::init();
|
ffi::init();
|
||||||
try_ssl!(ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr() as *const _,
|
cvt(ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr() as *const _,
|
||||||
pass.len() as c_int,
|
pass.len() as c_int,
|
||||||
salt.as_ptr(),
|
salt.as_ptr(),
|
||||||
salt.len() as c_int,
|
salt.len() as c_int,
|
||||||
iter as c_int,
|
iter as c_int,
|
||||||
hash.as_ptr(),
|
hash.as_ptr(),
|
||||||
keylen as c_int,
|
key.len() as c_int,
|
||||||
out.as_mut_ptr()));
|
key.as_mut_ptr()))
|
||||||
Ok(out)
|
.map(|_| ())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -120,96 +102,67 @@ mod tests {
|
||||||
use crypto::symm::Cipher;
|
use crypto::symm::Cipher;
|
||||||
|
|
||||||
// Test vectors from
|
// Test vectors from
|
||||||
// http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06
|
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
||||||
#[test]
|
#[test]
|
||||||
fn test_pbkdf2_hmac_sha1() {
|
fn pbkdf2_hmac_sha256() {
|
||||||
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 1, 20).unwrap(),
|
let mut buf = [0; 16];
|
||||||
vec![0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, 0x71_u8,
|
|
||||||
0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, 0x12_u8, 0x06_u8,
|
|
||||||
0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8]);
|
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 2, 20).unwrap(),
|
super::pbkdf2_hmac(b"passwd", b"salt", 1, MessageDigest::sha256(), &mut buf).unwrap();
|
||||||
vec![0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, 0x8c_u8,
|
assert_eq!(buf,
|
||||||
0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, 0x41_u8, 0xf0_u8,
|
&[0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8,
|
||||||
0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8]);
|
0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8][..]);
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 4096, 20).unwrap(),
|
super::pbkdf2_hmac(b"Password", b"NaCl", 80000, MessageDigest::sha256(), &mut buf).unwrap();
|
||||||
vec![0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, 0x9a_u8,
|
assert_eq!(buf,
|
||||||
0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, 0x21_u8, 0xd0_u8,
|
&[0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8,
|
||||||
0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8]);
|
0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8][..]);
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 16777216, 20).unwrap(),
|
|
||||||
vec![0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, 0xe4_u8,
|
|
||||||
0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, 0x15_u8, 0x8c_u8,
|
|
||||||
0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8]);
|
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac_sha1(b"passwordPASSWORDpassword",
|
|
||||||
b"saltSALTsaltSALTsaltSALTsaltSALTsalt",
|
|
||||||
4096,
|
|
||||||
25).unwrap(),
|
|
||||||
vec![0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, 0x9b_u8,
|
|
||||||
0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, 0xe4_u8, 0x4a_u8,
|
|
||||||
0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, 0xf2_u8, 0xf0_u8, 0x70_u8,
|
|
||||||
0x38_u8]);
|
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac_sha1(b"pass\x00word", b"sa\x00lt", 4096, 16).unwrap(),
|
|
||||||
vec![0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, 0x9d_u8,
|
|
||||||
0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, 0xe0_u8, 0xc3_u8]);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test vectors from
|
// Test vectors from
|
||||||
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
||||||
#[test]
|
#[test]
|
||||||
fn test_pbkdf2_hmac_sha256() {
|
fn pbkdf2_hmac_sha512() {
|
||||||
assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, MessageDigest::sha256(), 16).unwrap(),
|
let mut buf = [0; 64];
|
||||||
vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8,
|
|
||||||
0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]);
|
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac(b"Password", b"NaCl", 80000, MessageDigest::sha256(), 16).unwrap(),
|
super::pbkdf2_hmac(b"password", b"NaCL", 1, MessageDigest::sha512(), &mut buf).unwrap();
|
||||||
vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8,
|
assert_eq!(&buf[..],
|
||||||
0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]);
|
&[0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8,
|
||||||
}
|
0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8,
|
||||||
|
0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8,
|
||||||
|
0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8,
|
||||||
|
0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8,
|
||||||
|
0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8,
|
||||||
|
0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8,
|
||||||
|
0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8][..]);
|
||||||
|
|
||||||
// Test vectors from
|
super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, MessageDigest::sha512(), &mut buf).unwrap();
|
||||||
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
assert_eq!(&buf[..],
|
||||||
#[test]
|
&[0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8,
|
||||||
fn test_pbkdf2_hmac_sha512() {
|
0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8,
|
||||||
assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, MessageDigest::sha512(), 64).unwrap(),
|
0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8,
|
||||||
vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8,
|
0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8,
|
||||||
0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8,
|
0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8,
|
||||||
0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8,
|
0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8,
|
||||||
0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8,
|
0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8,
|
||||||
0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8,
|
0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8][..]);
|
||||||
0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8,
|
|
||||||
0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8,
|
|
||||||
0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]);
|
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, MessageDigest::sha512(), 64).unwrap(),
|
super::pbkdf2_hmac(b"passwordPASSWORDpassword",
|
||||||
vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8,
|
b"salt\0\0\0",
|
||||||
0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8,
|
50,
|
||||||
0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8,
|
MessageDigest::sha512(),
|
||||||
0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8,
|
&mut buf).unwrap();
|
||||||
0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8,
|
assert_eq!(&buf[..],
|
||||||
0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8,
|
&[0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8,
|
||||||
0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8,
|
0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8,
|
||||||
0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8]);
|
0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8,
|
||||||
|
0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8,
|
||||||
assert_eq!(super::pbkdf2_hmac(b"passwordPASSWORDpassword",
|
0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8,
|
||||||
b"salt\0\0\0",
|
0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8,
|
||||||
50,
|
0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8,
|
||||||
MessageDigest::sha512(),
|
0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8][..]);
|
||||||
64).unwrap(),
|
|
||||||
vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8,
|
|
||||||
0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8,
|
|
||||||
0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8,
|
|
||||||
0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8,
|
|
||||||
0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8,
|
|
||||||
0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8,
|
|
||||||
0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8,
|
|
||||||
0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8]);
|
|
||||||
}
|
}
|
||||||
#[test]
|
#[test]
|
||||||
fn test_evp_bytes_to_key_pbkdf1_compatible() {
|
fn bytes_to_key() {
|
||||||
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
|
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
|
||||||
|
|
||||||
let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8,
|
let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8,
|
||||||
|
|
@ -224,18 +177,16 @@ mod tests {
|
||||||
98_u8, 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8,
|
98_u8, 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8,
|
||||||
224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8];
|
224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8];
|
||||||
let expected_iv = vec![4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8,
|
let expected_iv = vec![4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8,
|
||||||
69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8,
|
69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8];
|
||||||
0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8,
|
|
||||||
0_u8, 0_u8, 0_u8];
|
|
||||||
|
|
||||||
assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(Cipher::aes_256_cbc(),
|
assert_eq!(super::bytes_to_key(Cipher::aes_256_cbc(),
|
||||||
MessageDigest::sha1(),
|
MessageDigest::sha1(),
|
||||||
&data,
|
&data,
|
||||||
Some(&salt),
|
Some(&salt),
|
||||||
1).unwrap(),
|
1).unwrap(),
|
||||||
super::KeyIvPair {
|
super::KeyIvPair {
|
||||||
key: expected_key,
|
key: expected_key,
|
||||||
iv: expected_iv,
|
iv: Some(expected_iv),
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue