summaryrefslogtreecommitdiff
path: root/openbsd-compat/bcrypt_pbkdf.c
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd-compat/bcrypt_pbkdf.c')
-rw-r--r--openbsd-compat/bcrypt_pbkdf.c46
1 files changed, 19 insertions, 27 deletions
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 58bbfe15b..e0736feaf 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -24,18 +24,13 @@
24 24
25#include <stdlib.h> 25#include <stdlib.h>
26#include <string.h> 26#include <string.h>
27#include <util.h>
28 27
29#ifdef HAVE_BLF_H 28#ifdef HAVE_BLF_H
30# include <blf.h> 29# include <blf.h>
31#endif 30#endif
32#ifdef HAVE_SHA256_UPDATE 31
33# ifdef HAVE_SHA2_H 32#include "crypto_api.h"
34# include <sha2.h> 33#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
35# elif defined(HAVE_CRYPTO_SHA2_H)
36# include <crypto/sha2.h>
37# endif
38#endif
39 34
40/* 35/*
41 * pkcs #5 pbkdf2 implementation using the "bcrypt" hash 36 * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
@@ -109,12 +104,11 @@ int
109bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, 104bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
110 u_int8_t *key, size_t keylen, unsigned int rounds) 105 u_int8_t *key, size_t keylen, unsigned int rounds)
111{ 106{
112 SHA2_CTX ctx;
113 u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; 107 u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
114 u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; 108 u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
115 u_int8_t out[BCRYPT_HASHSIZE]; 109 u_int8_t out[BCRYPT_HASHSIZE];
116 u_int8_t tmpout[BCRYPT_HASHSIZE]; 110 u_int8_t tmpout[BCRYPT_HASHSIZE];
117 u_int8_t countsalt[4]; 111 u_int8_t *countsalt;
118 size_t i, j, amt, stride; 112 size_t i, j, amt, stride;
119 uint32_t count; 113 uint32_t count;
120 114
@@ -122,37 +116,34 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
122 if (rounds < 1) 116 if (rounds < 1)
123 return -1; 117 return -1;
124 if (passlen == 0 || saltlen == 0 || keylen == 0 || 118 if (passlen == 0 || saltlen == 0 || keylen == 0 ||
125 keylen > sizeof(out) * sizeof(out)) 119 keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
120 return -1;
121 if ((countsalt = calloc(1, saltlen + 4)) == NULL)
126 return -1; 122 return -1;
127 stride = (keylen + sizeof(out) - 1) / sizeof(out); 123 stride = (keylen + sizeof(out) - 1) / sizeof(out);
128 amt = (keylen + stride - 1) / stride; 124 amt = (keylen + stride - 1) / stride;
129 125
130 /* collapse password */ 126 memcpy(countsalt, salt, saltlen);
131 SHA512Init(&ctx);
132 SHA512Update(&ctx, pass, passlen);
133 SHA512Final(sha2pass, &ctx);
134 127
128 /* collapse password */
129 crypto_hash_sha512(sha2pass, pass, passlen);
135 130
136 /* generate key, sizeof(out) at a time */ 131 /* generate key, sizeof(out) at a time */
137 for (count = 1; keylen > 0; count++) { 132 for (count = 1; keylen > 0; count++) {
138 countsalt[0] = (count >> 24) & 0xff; 133 countsalt[saltlen + 0] = (count >> 24) & 0xff;
139 countsalt[1] = (count >> 16) & 0xff; 134 countsalt[saltlen + 1] = (count >> 16) & 0xff;
140 countsalt[2] = (count >> 8) & 0xff; 135 countsalt[saltlen + 2] = (count >> 8) & 0xff;
141 countsalt[3] = count & 0xff; 136 countsalt[saltlen + 3] = count & 0xff;
142 137
143 /* first round, salt is salt */ 138 /* first round, salt is salt */
144 SHA512Init(&ctx); 139 crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
145 SHA512Update(&ctx, salt, saltlen); 140
146 SHA512Update(&ctx, countsalt, sizeof(countsalt));
147 SHA512Final(sha2salt, &ctx);
148 bcrypt_hash(sha2pass, sha2salt, tmpout); 141 bcrypt_hash(sha2pass, sha2salt, tmpout);
149 memcpy(out, tmpout, sizeof(out)); 142 memcpy(out, tmpout, sizeof(out));
150 143
151 for (i = 1; i < rounds; i++) { 144 for (i = 1; i < rounds; i++) {
152 /* subsequent rounds, salt is previous output */ 145 /* subsequent rounds, salt is previous output */
153 SHA512Init(&ctx); 146 crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
154 SHA512Update(&ctx, tmpout, sizeof(tmpout));
155 SHA512Final(sha2salt, &ctx);
156 bcrypt_hash(sha2pass, sha2salt, tmpout); 147 bcrypt_hash(sha2pass, sha2salt, tmpout);
157 for (j = 0; j < sizeof(out); j++) 148 for (j = 0; j < sizeof(out); j++)
158 out[j] ^= tmpout[j]; 149 out[j] ^= tmpout[j];
@@ -168,8 +159,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
168 } 159 }
169 160
170 /* zap */ 161 /* zap */
171 memset(&ctx, 0, sizeof(ctx));
172 memset(out, 0, sizeof(out)); 162 memset(out, 0, sizeof(out));
163 memset(countsalt, 0, saltlen + 4);
164 free(countsalt);
173 165
174 return 0; 166 return 0;
175} 167}