]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Regressions/crypto/pbkdf2-00-hmac-sha1.c
Security-58286.200.222.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / crypto / pbkdf2-00-hmac-sha1.c
1 /*
2 * Copyright (c) 2010,2012 Apple Inc. All Rights Reserved.
3 */
4
5 #include <CoreFoundation/CoreFoundation.h>
6 #include <Security/SecItem.h>
7 #include <Security/SecBase.h>
8 #include <CommonCrypto/CommonHMAC.h>
9 #include <stdlib.h>
10 #include <unistd.h>
11 #include <Security/pbkdf2.h>
12
13 #include "Security_regressions.h"
14
15 static
16 void
17 hmac_sha1(const uint8_t *key, size_t key_len, const uint8_t *text, size_t text_len,
18 uint8_t digest[CC_SHA1_DIGEST_LENGTH])
19 {
20 CCHmacContext hmac_sha1_context;
21
22 CCHmacInit(&hmac_sha1_context, kCCHmacAlgSHA1, key, key_len);
23 CCHmacUpdate(&hmac_sha1_context, text, text_len);
24 CCHmacFinal(&hmac_sha1_context, digest);
25 }
26
27 static
28 OSStatus
29 pbkdf2_hmac_sha1_derivation(const uint8_t *passphrase, size_t passphrase_length,
30 const uint8_t *salt, size_t salt_length,
31 size_t iterations,
32 uint8_t *key_out, size_t key_length)
33 {
34 // MAX(salt_length + 4, 20 /* SHA1 Digest size */) + 2 * 20;
35 uint8_t *temp_data = malloc(3*20+salt_length);
36
37 if (temp_data == NULL) {
38 return errSecMemoryError;
39 }
40
41 pbkdf2(hmac_sha1, 20, passphrase, passphrase_length,
42 salt, salt_length, iterations, key_out, key_length, temp_data);
43
44 free(temp_data);
45
46 return errSecSuccess;
47 }
48
49
50
51 #if 0
52 static void
53 printComparison(const uint8_t*left, const uint8_t* right, int length)
54 {
55 int i;
56 for(i = 0; i < length; ++i)
57 {
58 fprintf(stderr, "# Values :: 0x%02x :: 0x%02x\n", left[i], right[i]);
59 }
60 }
61 #endif
62
63 static int kTestTestCount = 8;
64 static void tests(void)
65 {
66 {
67 const char *password = "password";
68 const char *salt = "salt";
69 const int iterations = 1;
70 const uint8_t expected[20] = { 0x0c, 0x60, 0xc8, 0x0f,
71 0x96, 0x1f, 0x0e, 0x71,
72 0xf3, 0xa9, 0xb5, 0x24,
73 0xaf, 0x60, 0x12, 0x06,
74 0x2f, 0xe0, 0x37, 0xa6 };
75
76 const char resultSize = sizeof(expected);
77
78 uint8_t actual[resultSize];
79
80 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize), errSecSuccess, "pbkdf-sha-1: Failed Key Derivation I-1");
81
82 is(memcmp(expected, actual, resultSize), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1");
83 }
84
85 {
86 const char *password = "password";
87 const char *salt = "salt";
88 const int iterations = 2;
89 const uint8_t expected[20] = { 0xea, 0x6c, 0x01, 0x4d,
90 0xc7, 0x2d, 0x6f, 0x8c,
91 0xcd, 0x1e, 0xd9, 0x2a,
92 0xce, 0x1d, 0x41, 0xf0,
93 0xd8, 0xde, 0x89, 0x57 };
94
95 const char resultSize = sizeof(expected);
96
97 uint8_t actual[resultSize];
98
99 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize), errSecSuccess, "pbkdf-sha-1: Failed Key Derivation I-2");
100
101 is(memcmp(expected, actual, resultSize), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-2");
102 }
103
104 {
105 const char *password = "password";
106 const char *salt = "salt";
107 const int iterations = 4096;
108 const uint8_t expected[20] = { 0x4b, 0x00, 0x79, 0x01,
109 0xb7, 0x65, 0x48, 0x9a,
110 0xbe, 0xad, 0x49, 0xd9,
111 0x26, 0xf7, 0x21, 0xd0,
112 0x65, 0xa4, 0x29, 0xc1 };
113
114 const char resultSize = sizeof(expected);
115
116 uint8_t actual[resultSize];
117
118 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize), errSecSuccess, "pbkdf-sha-1: Failed Key Derivation I-4096");
119
120 is(memcmp(expected, actual, resultSize), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-4096");
121 }
122
123 SKIP: {
124 skip("16777216 iterations is too slow", 2, 0);
125
126 const char *password = "password";
127 const char *salt = "salt";
128 const int iterations = 16777216;
129 const uint8_t expected[20] = { 0xee, 0xfe, 0x3d, 0x61,
130 0xcd, 0x4d, 0xa4, 0xe4,
131 0xe9, 0x94, 0x5b, 0x3d,
132 0x6b, 0xa2, 0x15, 0x8c,
133 0x26, 0x34, 0xe9, 0x84 };
134
135 const char resultSize = sizeof(expected);
136
137 uint8_t actual[resultSize];
138
139 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize), errSecSuccess, "pbkdf-sha-1: Failed Key Derivation I-16777216");
140
141 is(memcmp(expected, actual, resultSize), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-16777216");
142 }
143 }
144
145 int pbkdf2_00_hmac_sha1(int argc, char *const *argv)
146 {
147 plan_tests(kTestTestCount);
148
149 tests();
150
151 return 0;
152 }