From: Denis Kenzior <denkenz@gmail.com>
To: James Prestwood <prestwoj@gmail.com>, ell@lists.linux.dev
Subject: Re: [RFC 5/8] cert-crypto: refactor l_cert_pkcs5_pbkdf2
Date: Tue, 22 Nov 2022 11:00:43 -0600 [thread overview]
Message-ID: <6cb99e58-e7c3-cda4-9744-91d9463da173@gmail.com> (raw)
In-Reply-To: <20221118211624.19298-6-prestwoj@gmail.com>
Hi James,
On 11/18/22 15:16, James Prestwood wrote:
> This makes the actual algorithm common to prepare for adding a
> new variant which uses a key ID rather than password.
> ---
> ell/cert-crypto.c | 67 +++++++++++++++++++++++++++++------------------
> 1 file changed, 41 insertions(+), 26 deletions(-)
>
> diff --git a/ell/cert-crypto.c b/ell/cert-crypto.c
> index e6e8876..bf748b0 100644
> --- a/ell/cert-crypto.c
> +++ b/ell/cert-crypto.c
> @@ -103,44 +103,34 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf1(enum l_checksum_type type,
> return !iter_count;
> }
>
> -/* RFC8018 section 5.2 */
> -LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type,
> - const char *password,
> - const uint8_t *salt, size_t salt_len,
> - unsigned int iter_count,
> - uint8_t *out_dk, size_t dk_len)
> +static size_t cert_checksum_to_length(enum l_checksum_type type)
We already have l_checksum_digest_length(). Should we use that?
> {
> - size_t h_len;
> - struct l_checksum *checksum;
> - unsigned int i;
> -
> switch (type) {
> case L_CHECKSUM_SHA1:
> - h_len = 20;
> - break;
> + return 20;
> case L_CHECKSUM_SHA224:
> - h_len = 28;
> - break;
> + return 28;
> case L_CHECKSUM_SHA256:
> - h_len = 32;
> - break;
> + return 32;
> case L_CHECKSUM_SHA384:
> - h_len = 48;
> - break;
> + return 48;
> case L_CHECKSUM_SHA512:
> - h_len = 64;
> - break;
> + return 64;
> case L_CHECKSUM_NONE:
> case L_CHECKSUM_MD4:
> case L_CHECKSUM_MD5:
> - return false;
> + return 0;
> default:
> - return false;
> + return 0;
> }
> +}
>
> - checksum = l_checksum_new_hmac(type, password, strlen(password));
> - if (!checksum)
> - return false;
> +static bool cert_pkcs5_pbkdf2(struct l_checksum *checksum, const uint8_t *salt,
> + size_t salt_len, size_t h_len,
> + unsigned int iter_count, uint8_t *out_dk,
> + size_t dk_len)
> +{
> + unsigned int i;
>
> for (i = 1; dk_len; i++) {
> unsigned int j, k;
Regards,
-Denis
next prev parent reply other threads:[~2022-11-22 17:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-18 21:16 [RFC 0/8] Crypto operations by key ID James Prestwood
2022-11-18 21:16 ` [RFC 1/8] key: add l_key_search James Prestwood
2022-11-22 16:43 ` Denis Kenzior
2022-11-22 17:16 ` James Prestwood
2022-11-22 17:09 ` Denis Kenzior
2022-11-22 18:34 ` James Prestwood
2022-11-18 21:16 ` [RFC 2/8] unit: add key search test James Prestwood
2022-11-18 21:16 ` [RFC 3/8] checksum: commonize checksum creation James Prestwood
2022-11-22 16:46 ` Denis Kenzior
2022-11-18 21:16 ` [RFC 4/8] checksum: add l_checksum_new_hmac_from_key_id James Prestwood
2022-11-22 16:53 ` Denis Kenzior
2022-11-18 21:16 ` [RFC 5/8] cert-crypto: refactor l_cert_pkcs5_pbkdf2 James Prestwood
2022-11-22 17:00 ` Denis Kenzior [this message]
2022-11-18 21:16 ` [RFC 6/8] cert: add l_cert_pkcs5_pbkdf2_from_key_id James Prestwood
2022-11-22 17:03 ` Denis Kenzior
2022-11-18 21:16 ` [RFC 7/8] cert: add explicit length to l_cert_pkcs5_pbkdf2 James Prestwood
2022-11-18 21:16 ` [RFC 8/8] unit: update test-pbkdf2 with API change James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6cb99e58-e7c3-cda4-9744-91d9463da173@gmail.com \
--to=denkenz@gmail.com \
--cc=ell@lists.linux.dev \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).