2 * Copyright (c) 2010,2012 Apple Inc. All Rights Reserved.
5 #include <CoreFoundation/CoreFoundation.h>
6 #include <Security/SecItem.h>
7 #include <Security/SecBase.h>
8 #include <CommonCrypto/CommonHMAC.h>
11 #include <Security/pbkdf2.h>
13 #include "Security_regressions.h"
17 hmac_sha1(const uint8_t *key
, size_t key_len
, const uint8_t *text
, size_t text_len
,
18 uint8_t digest
[CC_SHA1_DIGEST_LENGTH
])
20 CCHmacContext hmac_sha1_context
;
22 CCHmacInit(&hmac_sha1_context
, kCCHmacAlgSHA1
, key
, key_len
);
23 CCHmacUpdate(&hmac_sha1_context
, text
, text_len
);
24 CCHmacFinal(&hmac_sha1_context
, digest
);
29 pbkdf2_hmac_sha1_derivation(const uint8_t *passphrase
, size_t passphrase_length
,
30 const uint8_t *salt
, size_t salt_length
,
32 uint8_t *key_out
, size_t key_length
)
34 // MAX(salt_length + 4, 20 /* SHA1 Digest size */) + 2 * 20;
35 uint8_t *temp_data
= malloc(3*20+salt_length
);
37 if (temp_data
== NULL
) {
38 return errSecMemoryError
;
41 pbkdf2(hmac_sha1
, 20, passphrase
, passphrase_length
,
42 salt
, salt_length
, iterations
, key_out
, key_length
, temp_data
);
53 printComparison(const uint8_t*left
, const uint8_t* right
, int length
)
56 for(i
= 0; i
< length
; ++i
)
58 fprintf(stderr
, "# Values :: 0x%02x :: 0x%02x\n", left
[i
], right
[i
]);
63 static int kTestTestCount
= 8;
64 static void tests(void)
67 const char *password
= "password";
68 const char *salt
= "salt";
69 const int iterations
= 1;
70 const uint8_t expected
[20] = { 0x0c, 0x60, 0xc8, 0x0f,
71 0x96, 0x1f, 0x0e, 0x71,
72 0xf3, 0xa9, 0xb5, 0x24,
73 0xaf, 0x60, 0x12, 0x06,
74 0x2f, 0xe0, 0x37, 0xa6 };
76 const char resultSize
= sizeof(expected
);
78 uint8_t actual
[resultSize
];
80 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password
, strlen(password
), (const uint8_t*) salt
, strlen(salt
), iterations
, actual
, resultSize
), errSecSuccess
, "pbkdf-sha-1: Failed Key Derivation I-1");
82 is(memcmp(expected
, actual
, resultSize
), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1");
86 const char *password
= "password";
87 const char *salt
= "salt";
88 const int iterations
= 2;
89 const uint8_t expected
[20] = { 0xea, 0x6c, 0x01, 0x4d,
90 0xc7, 0x2d, 0x6f, 0x8c,
91 0xcd, 0x1e, 0xd9, 0x2a,
92 0xce, 0x1d, 0x41, 0xf0,
93 0xd8, 0xde, 0x89, 0x57 };
95 const char resultSize
= sizeof(expected
);
97 uint8_t actual
[resultSize
];
99 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password
, strlen(password
), (const uint8_t*) salt
, strlen(salt
), iterations
, actual
, resultSize
), errSecSuccess
, "pbkdf-sha-1: Failed Key Derivation I-2");
101 is(memcmp(expected
, actual
, resultSize
), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-2");
105 const char *password
= "password";
106 const char *salt
= "salt";
107 const int iterations
= 4096;
108 const uint8_t expected
[20] = { 0x4b, 0x00, 0x79, 0x01,
109 0xb7, 0x65, 0x48, 0x9a,
110 0xbe, 0xad, 0x49, 0xd9,
111 0x26, 0xf7, 0x21, 0xd0,
112 0x65, 0xa4, 0x29, 0xc1 };
114 const char resultSize
= sizeof(expected
);
116 uint8_t actual
[resultSize
];
118 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password
, strlen(password
), (const uint8_t*) salt
, strlen(salt
), iterations
, actual
, resultSize
), errSecSuccess
, "pbkdf-sha-1: Failed Key Derivation I-4096");
120 is(memcmp(expected
, actual
, resultSize
), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-4096");
124 skip("16777216 iterations is too slow", 2, 0);
126 const char *password
= "password";
127 const char *salt
= "salt";
128 const int iterations
= 16777216;
129 const uint8_t expected
[20] = { 0xee, 0xfe, 0x3d, 0x61,
130 0xcd, 0x4d, 0xa4, 0xe4,
131 0xe9, 0x94, 0x5b, 0x3d,
132 0x6b, 0xa2, 0x15, 0x8c,
133 0x26, 0x34, 0xe9, 0x84 };
135 const char resultSize
= sizeof(expected
);
137 uint8_t actual
[resultSize
];
139 is(pbkdf2_hmac_sha1_derivation((const uint8_t*) password
, strlen(password
), (const uint8_t*) salt
, strlen(salt
), iterations
, actual
, resultSize
), errSecSuccess
, "pbkdf-sha-1: Failed Key Derivation I-16777216");
141 is(memcmp(expected
, actual
, resultSize
), 0, "pbkdf-sha-1: P-'password' S-'Salt' I-16777216");
145 int pbkdf2_00_hmac_sha1(int argc
, char *const *argv
)
147 plan_tests(kTestTestCount
);