sec/Security/Regressions/crypto/pbkdf2-00-hmac-sha1.c

   1 /*
   2  * Copyright (c) 2010 Apple Inc. All Rights Reserved.
   3  */
   4
   5 #include <CoreFoundation/CoreFoundation.h>
   6 #include <Security/SecItem.h>
   7 #include <Security/SecBase.h>
   8 #include <CommonCrypto/CommonHMAC.h>
   9 #include <stdlib.h>
  10 #include <unistd.h>
  11 #include <Security/pbkdf2.h>
  12
  13 #include "Security_regressions.h"
  14
  15 static
  16 void
  17 hmac_sha1(const uint8_t *key, size_t key_len, const uint8_t *text, size_t text_len,
  18     uint8_t digest[CC_SHA1_DIGEST_LENGTH])
  19 {
  20     CCHmacContext hmac_sha1_context;
  21
  22     CCHmacInit(&hmac_sha1_context, kCCHmacAlgSHA1, key, key_len);
  23     CCHmacUpdate(&hmac_sha1_context, text, text_len);
  24     CCHmacFinal(&hmac_sha1_context, digest);
  25 }
  26
  27 static
  28 void
  29 pbkdf2_hmac_sha1_deriviation(const uint8_t *passphrase, size_t passphrase_length,
  30                              const uint8_t *salt, size_t salt_length,
  31                              size_t iterations,
  32                              uint8_t *key_out, size_t key_length)
  33 {
  34         // MAX(salt_length + 4, 20 /* SHA1 Digest size */) + 2 * 20;
  35     uint8_t temp_data[3*20+salt_length];
  36
  37     pbkdf2(hmac_sha1, 20, passphrase, passphrase_length,
  38                    salt, salt_length, iterations, key_out, key_length, temp_data);
  39 }
  40
  41
  42
  43 #if 0
  44 static void
  45 printComparison(const uint8_t*left, const uint8_t* right, int length)
  46 {
  47     int i;
  48     for(i = 0; i < length; ++i)
  49     {
  50         fprintf(stderr, "#  Values :: 0x%02x :: 0x%02x\n", left[i], right[i]);
  51     }
  52 }
  53 #endif
  54
  55 static int kTestTestCount = 4;
  56 static void tests(void)
  57 {
  58     {
  59         const char *password =          "password";
  60         const char *salt =              "salt";
  61         const int iterations =          1;
  62         const uint8_t expected[20] =  { 0x0c, 0x60, 0xc8, 0x0f,
  63                                         0x96, 0x1f, 0x0e, 0x71,
  64                                         0xf3, 0xa9, 0xb5, 0x24,
  65                                         0xaf, 0x60, 0x12, 0x06,
  66                                         0x2f, 0xe0, 0x37, 0xa6 };
  67
  68         const char resultSize = sizeof(expected);
  69
  70         uint8_t actual[resultSize];
  71
  72         pbkdf2_hmac_sha1_deriviation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize);
  73
  74         ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1");
  75     }
  76
  77     {
  78         const char *password =          "password";
  79         const char *salt =              "salt";
  80         const int iterations =          2;
  81         const uint8_t expected[20] =  { 0xea, 0x6c, 0x01, 0x4d,
  82                                         0xc7, 0x2d, 0x6f, 0x8c,
  83                                         0xcd, 0x1e, 0xd9, 0x2a,
  84                                         0xce, 0x1d, 0x41, 0xf0,
  85                                         0xd8, 0xde, 0x89, 0x57 };
  86
  87         const char resultSize = sizeof(expected);
  88
  89         uint8_t actual[resultSize];
  90
  91         pbkdf2_hmac_sha1_deriviation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize);
  92
  93         ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-2");
  94     }
  95
  96     {
  97         const char *password =          "password";
  98         const char *salt =              "salt";
  99         const int iterations =          4096;
 100         const uint8_t expected[20] =  { 0x4b, 0x00, 0x79, 0x01,
 101                                         0xb7, 0x65, 0x48, 0x9a,
 102                                         0xbe, 0xad, 0x49, 0xd9,
 103                                         0x26, 0xf7, 0x21, 0xd0,
 104                                         0x65, 0xa4, 0x29, 0xc1 };
 105
 106         const char resultSize = sizeof(expected);
 107
 108         uint8_t actual[resultSize];
 109
 110         pbkdf2_hmac_sha1_deriviation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize);
 111
 112         ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-4096");
 113     }
 114
 115     SKIP: {
 116         skip("16777216 iterations is too slow", 1, 0);
 117
 118         const char *password =          "password";
 119         const char *salt =              "salt";
 120         const int iterations =          16777216;
 121         const uint8_t expected[20] =  { 0xee, 0xfe, 0x3d, 0x61,
 122                                         0xcd, 0x4d, 0xa4, 0xe4,
 123                                         0xe9, 0x94, 0x5b, 0x3d,
 124                                         0x6b, 0xa2, 0x15, 0x8c,
 125                                         0x26, 0x34, 0xe9, 0x84 };
 126
 127         const char resultSize = sizeof(expected);
 128
 129         uint8_t actual[resultSize];
 130
 131         pbkdf2_hmac_sha1_deriviation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize);
 132
 133         ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-16777216");
 134     }
 135 }
 136
 137 int pbkdf2_00_hmac_sha1(int argc, char *const *argv)
 138 {
 139         plan_tests(kTestTestCount);
 140
 141         tests();
 142
 143         return 0;
 144 }