diff options
Diffstat (limited to 'openbsd-compat/bcrypt_pbkdf.c')
| -rw-r--r-- | openbsd-compat/bcrypt_pbkdf.c | 46 |
1 files changed, 19 insertions, 27 deletions
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c index 58bbfe15b..e0736feaf 100644 --- a/openbsd-compat/bcrypt_pbkdf.c +++ b/openbsd-compat/bcrypt_pbkdf.c | |||
| @@ -24,18 +24,13 @@ | |||
| 24 | 24 | ||
| 25 | #include <stdlib.h> | 25 | #include <stdlib.h> |
| 26 | #include <string.h> | 26 | #include <string.h> |
| 27 | #include <util.h> | ||
| 28 | 27 | ||
| 29 | #ifdef HAVE_BLF_H | 28 | #ifdef HAVE_BLF_H |
| 30 | # include <blf.h> | 29 | # include <blf.h> |
| 31 | #endif | 30 | #endif |
| 32 | #ifdef HAVE_SHA256_UPDATE | 31 | |
| 33 | # ifdef HAVE_SHA2_H | 32 | #include "crypto_api.h" |
| 34 | # include <sha2.h> | 33 | #define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES |
| 35 | # elif defined(HAVE_CRYPTO_SHA2_H) | ||
| 36 | # include <crypto/sha2.h> | ||
| 37 | # endif | ||
| 38 | #endif | ||
| 39 | 34 | ||
| 40 | /* | 35 | /* |
| 41 | * pkcs #5 pbkdf2 implementation using the "bcrypt" hash | 36 | * pkcs #5 pbkdf2 implementation using the "bcrypt" hash |
| @@ -109,12 +104,11 @@ int | |||
| 109 | bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, | 104 | bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, |
| 110 | u_int8_t *key, size_t keylen, unsigned int rounds) | 105 | u_int8_t *key, size_t keylen, unsigned int rounds) |
| 111 | { | 106 | { |
| 112 | SHA2_CTX ctx; | ||
| 113 | u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; | 107 | u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; |
| 114 | u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; | 108 | u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; |
| 115 | u_int8_t out[BCRYPT_HASHSIZE]; | 109 | u_int8_t out[BCRYPT_HASHSIZE]; |
| 116 | u_int8_t tmpout[BCRYPT_HASHSIZE]; | 110 | u_int8_t tmpout[BCRYPT_HASHSIZE]; |
| 117 | u_int8_t countsalt[4]; | 111 | u_int8_t *countsalt; |
| 118 | size_t i, j, amt, stride; | 112 | size_t i, j, amt, stride; |
| 119 | uint32_t count; | 113 | uint32_t count; |
| 120 | 114 | ||
| @@ -122,37 +116,34 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt | |||
| 122 | if (rounds < 1) | 116 | if (rounds < 1) |
| 123 | return -1; | 117 | return -1; |
| 124 | if (passlen == 0 || saltlen == 0 || keylen == 0 || | 118 | if (passlen == 0 || saltlen == 0 || keylen == 0 || |
| 125 | keylen > sizeof(out) * sizeof(out)) | 119 | keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) |
| 120 | return -1; | ||
| 121 | if ((countsalt = calloc(1, saltlen + 4)) == NULL) | ||
| 126 | return -1; | 122 | return -1; |
| 127 | stride = (keylen + sizeof(out) - 1) / sizeof(out); | 123 | stride = (keylen + sizeof(out) - 1) / sizeof(out); |
| 128 | amt = (keylen + stride - 1) / stride; | 124 | amt = (keylen + stride - 1) / stride; |
| 129 | 125 | ||
| 130 | /* collapse password */ | 126 | memcpy(countsalt, salt, saltlen); |
| 131 | SHA512Init(&ctx); | ||
| 132 | SHA512Update(&ctx, pass, passlen); | ||
| 133 | SHA512Final(sha2pass, &ctx); | ||
| 134 | 127 | ||
| 128 | /* collapse password */ | ||
| 129 | crypto_hash_sha512(sha2pass, pass, passlen); | ||
| 135 | 130 | ||
| 136 | /* generate key, sizeof(out) at a time */ | 131 | /* generate key, sizeof(out) at a time */ |
| 137 | for (count = 1; keylen > 0; count++) { | 132 | for (count = 1; keylen > 0; count++) { |
| 138 | countsalt[0] = (count >> 24) & 0xff; | 133 | countsalt[saltlen + 0] = (count >> 24) & 0xff; |
| 139 | countsalt[1] = (count >> 16) & 0xff; | 134 | countsalt[saltlen + 1] = (count >> 16) & 0xff; |
| 140 | countsalt[2] = (count >> 8) & 0xff; | 135 | countsalt[saltlen + 2] = (count >> 8) & 0xff; |
| 141 | countsalt[3] = count & 0xff; | 136 | countsalt[saltlen + 3] = count & 0xff; |
| 142 | 137 | ||
| 143 | /* first round, salt is salt */ | 138 | /* first round, salt is salt */ |
| 144 | SHA512Init(&ctx); | 139 | crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); |
| 145 | SHA512Update(&ctx, salt, saltlen); | 140 | |
| 146 | SHA512Update(&ctx, countsalt, sizeof(countsalt)); | ||
| 147 | SHA512Final(sha2salt, &ctx); | ||
| 148 | bcrypt_hash(sha2pass, sha2salt, tmpout); | 141 | bcrypt_hash(sha2pass, sha2salt, tmpout); |
| 149 | memcpy(out, tmpout, sizeof(out)); | 142 | memcpy(out, tmpout, sizeof(out)); |
| 150 | 143 | ||
| 151 | for (i = 1; i < rounds; i++) { | 144 | for (i = 1; i < rounds; i++) { |
| 152 | /* subsequent rounds, salt is previous output */ | 145 | /* subsequent rounds, salt is previous output */ |
| 153 | SHA512Init(&ctx); | 146 | crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout)); |
| 154 | SHA512Update(&ctx, tmpout, sizeof(tmpout)); | ||
| 155 | SHA512Final(sha2salt, &ctx); | ||
| 156 | bcrypt_hash(sha2pass, sha2salt, tmpout); | 147 | bcrypt_hash(sha2pass, sha2salt, tmpout); |
| 157 | for (j = 0; j < sizeof(out); j++) | 148 | for (j = 0; j < sizeof(out); j++) |
| 158 | out[j] ^= tmpout[j]; | 149 | out[j] ^= tmpout[j]; |
| @@ -168,8 +159,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt | |||
| 168 | } | 159 | } |
| 169 | 160 | ||
| 170 | /* zap */ | 161 | /* zap */ |
| 171 | memset(&ctx, 0, sizeof(ctx)); | ||
| 172 | memset(out, 0, sizeof(out)); | 162 | memset(out, 0, sizeof(out)); |
| 163 | memset(countsalt, 0, saltlen + 4); | ||
| 164 | free(countsalt); | ||
| 173 | 165 | ||
| 174 | return 0; | 166 | return 0; |
| 175 | } | 167 | } |