From: James Prestwood <prestwoj@gmail.com>
To: ell@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [RFC 5/8] cert-crypto: refactor l_cert_pkcs5_pbkdf2
Date: Fri, 18 Nov 2022 13:16:21 -0800 [thread overview]
Message-ID: <20221118211624.19298-6-prestwoj@gmail.com> (raw)
In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com>
This makes the actual algorithm common to prepare for adding a
new variant which uses a key ID rather than password.
---
ell/cert-crypto.c | 67 +++++++++++++++++++++++++++++------------------
1 file changed, 41 insertions(+), 26 deletions(-)
diff --git a/ell/cert-crypto.c b/ell/cert-crypto.c
index e6e8876..bf748b0 100644
--- a/ell/cert-crypto.c
+++ b/ell/cert-crypto.c
@@ -103,44 +103,34 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf1(enum l_checksum_type type,
return !iter_count;
}
-/* RFC8018 section 5.2 */
-LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type,
- const char *password,
- const uint8_t *salt, size_t salt_len,
- unsigned int iter_count,
- uint8_t *out_dk, size_t dk_len)
+static size_t cert_checksum_to_length(enum l_checksum_type type)
{
- size_t h_len;
- struct l_checksum *checksum;
- unsigned int i;
-
switch (type) {
case L_CHECKSUM_SHA1:
- h_len = 20;
- break;
+ return 20;
case L_CHECKSUM_SHA224:
- h_len = 28;
- break;
+ return 28;
case L_CHECKSUM_SHA256:
- h_len = 32;
- break;
+ return 32;
case L_CHECKSUM_SHA384:
- h_len = 48;
- break;
+ return 48;
case L_CHECKSUM_SHA512:
- h_len = 64;
- break;
+ return 64;
case L_CHECKSUM_NONE:
case L_CHECKSUM_MD4:
case L_CHECKSUM_MD5:
- return false;
+ return 0;
default:
- return false;
+ return 0;
}
+}
- checksum = l_checksum_new_hmac(type, password, strlen(password));
- if (!checksum)
- return false;
+static bool cert_pkcs5_pbkdf2(struct l_checksum *checksum, const uint8_t *salt,
+ size_t salt_len, size_t h_len,
+ unsigned int iter_count, uint8_t *out_dk,
+ size_t dk_len)
+{
+ unsigned int i;
for (i = 1; dk_len; i++) {
unsigned int j, k;
@@ -180,9 +170,34 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type,
dk_len -= block_len;
}
+ return !dk_len;
+}
+
+/* RFC8018 section 5.2 */
+LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type,
+ const char *password,
+ const uint8_t *salt, size_t salt_len,
+ unsigned int iter_count,
+ uint8_t *out_dk, size_t dk_len)
+{
+ size_t h_len;
+ struct l_checksum *checksum;
+ bool r;
+
+ h_len = cert_checksum_to_length(type);
+ if (!h_len)
+ return false;
+
+ checksum = l_checksum_new_hmac(type, password, strlen(password));
+ if (!checksum)
+ return false;
+
+ r = cert_pkcs5_pbkdf2(checksum, salt, salt_len, h_len, iter_count,
+ out_dk, dk_len);
+
l_checksum_free(checksum);
- return !dk_len;
+ return r;
}
/* RFC7292 Appendix B */
--
2.34.3
next prev parent reply other threads:[~2022-11-18 21:16 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-18 21:16 [RFC 0/8] Crypto operations by key ID James Prestwood
2022-11-18 21:16 ` [RFC 1/8] key: add l_key_search James Prestwood
2022-11-22 16:43 ` Denis Kenzior
2022-11-22 17:16 ` James Prestwood
2022-11-22 17:09 ` Denis Kenzior
2022-11-22 18:34 ` James Prestwood
2022-11-18 21:16 ` [RFC 2/8] unit: add key search test James Prestwood
2022-11-18 21:16 ` [RFC 3/8] checksum: commonize checksum creation James Prestwood
2022-11-22 16:46 ` Denis Kenzior
2022-11-18 21:16 ` [RFC 4/8] checksum: add l_checksum_new_hmac_from_key_id James Prestwood
2022-11-22 16:53 ` Denis Kenzior
2022-11-18 21:16 ` James Prestwood [this message]
2022-11-22 17:00 ` [RFC 5/8] cert-crypto: refactor l_cert_pkcs5_pbkdf2 Denis Kenzior
2022-11-18 21:16 ` [RFC 6/8] cert: add l_cert_pkcs5_pbkdf2_from_key_id James Prestwood
2022-11-22 17:03 ` Denis Kenzior
2022-11-18 21:16 ` [RFC 7/8] cert: add explicit length to l_cert_pkcs5_pbkdf2 James Prestwood
2022-11-18 21:16 ` [RFC 8/8] unit: update test-pbkdf2 with API change James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221118211624.19298-6-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).