Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
2571-Add-crypto-pbkdf2_hmac-5-function.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 2571-Add-crypto-pbkdf2_hmac-5-function.patch of Package erlang
From 96854a17c36c073bfe7e612bdefa5c65282bb9de Mon Sep 17 00:00:00 2001 From: gearnode <bryan@frimin.fr> Date: Thu, 25 Nov 2021 12:37:26 +0100 Subject: [PATCH 1/4] Add crypto:pbkdf2_hmac/5 function --- lib/crypto/c_src/Makefile.in | 4 +- lib/crypto/c_src/crypto.c | 2 + lib/crypto/c_src/pbkdf2_hmac.c | 103 +++++++++++++++++++++++++++++++ lib/crypto/c_src/pbkdf2_hmac.h | 29 +++++++++ lib/crypto/doc/src/crypto.xml | 13 ++++ lib/crypto/src/crypto.erl | 14 +++++ lib/crypto/test/crypto_SUITE.erl | 64 ++++++++++++++++++- 7 files changed, 227 insertions(+), 2 deletions(-) create mode 100644 lib/crypto/c_src/pbkdf2_hmac.c create mode 100644 lib/crypto/c_src/pbkdf2_hmac.h diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in index 92918b5d9f..683e4bdbe8 100644 --- a/lib/crypto/c_src/Makefile.in +++ b/lib/crypto/c_src/Makefile.in @@ -112,7 +112,8 @@ CRYPTO_OBJS = $(OBJDIR)/crypto$(TYPEMARKER).o \ $(OBJDIR)/rand$(TYPEMARKER).o \ $(OBJDIR)/rsa$(TYPEMARKER).o \ $(OBJDIR)/srp$(TYPEMARKER).o \ - $(OBJDIR)/hash_equals$(TYPEMARKER).o + $(OBJDIR)/hash_equals$(TYPEMARKER).o \ + $(OBJDIR)/pbkdf2_hmac$(TYPEMARKER).o CALLBACK_OBJS = $(OBJDIR)/crypto_callback$(TYPEMARKER).o CRYPTO_STATIC_OBJS = $(patsubst $(OBJDIR)/%$(TYPEMARKER).o,$(OBJDIR)/%_static$(TYPEMARKER).o,$(CRYPTO_OBJS) $(CALLBACK_OBJS)) diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 65804bf6fb..3397b767eb 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -46,6 +46,7 @@ #include "hmac.h" #include "info.h" #include "math.h" +#include "pbkdf2_hmac.h" #include "pkey.h" #include "rand.h" #include "rsa.h" @@ -94,6 +95,7 @@ static ErlNifFunc nif_funcs[] = { {"hash_equals_nif", 2, hash_equals_nif, 0}, + {"pbkdf2_hmac_nif", 5, pbkdf2_hmac_nif, 0}, {"pkey_sign_nif", 5, pkey_sign_nif, 0}, {"pkey_verify_nif", 6, pkey_verify_nif, 0}, {"pkey_crypt_nif", 6, pkey_crypt_nif, 0}, diff --git a/lib/crypto/c_src/pbkdf2_hmac.c b/lib/crypto/c_src/pbkdf2_hmac.c new file mode 100644 index 0000000000..aa9f27c93d --- /dev/null +++ b/lib/crypto/c_src/pbkdf2_hmac.c @@ -0,0 +1,103 @@ +/* + * %CopyrightBegin% + * + * Copyright Ericsson AB 2010-2021. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * %CopyrightEnd% + + */ + +#include "common.h" +#include "pbkdf2_hmac.h" +#include "digest.h" + +ERL_NIF_TERM pbkdf2_hmac_nif(ErlNifEnv* env, int argc, + const ERL_NIF_TERM argv[]) +{ +#ifdef HAS_PKCS5_PBKDF2_HMAC + ErlNifBinary pass, salt, out; + ErlNifUInt64 iter, keylen; + struct digest_type_t* digp = NULL; + const EVP_MD* digest; + + ASSERT(argc == 5); + + if ((digp = get_digest_type(argv[0])) == NULL) + goto bad_arg; + if (digp->md.p == NULL) + goto bad_arg; + + switch (EVP_MD_type(digp->md.p)) + { + case NID_sha1: + digest = EVP_sha1(); + break; +#ifdef HAVE_SHA224 + case NID_sha224: + digest = EVP_sha224(); + break; +#endif +#ifdef HAVE_SHA256 + case NID_sha256: + digest = EVP_sha256(); + break; +#endif +#ifdef HAVE_SHA384 + case NID_sha384: + digest = EVP_sha384(); + break; +#endif +#ifdef HAVE_SHA512 + case NID_sha512: + digest = EVP_sha512(); + break; +#endif + default: + goto err; + } + + if (!enif_inspect_binary(env, argv[1], &pass)) + goto bad_arg; + if (!enif_inspect_binary(env, argv[2], &salt)) + goto bad_arg; + if (!enif_get_uint64(env, argv[3], &iter)) + goto bad_arg; + if (!enif_get_uint64(env, argv[4], &keylen)) + goto bad_arg; + + if (iter < 1) + goto bad_arg; + if (keylen < 1) + goto bad_arg; + + if (!enif_alloc_binary(keylen, &out)) + goto err; + + if (!PKCS5_PBKDF2_HMAC((const char *)pass.data, pass.size, + salt.data, salt.size, iter, + digest, + keylen, out.data)) { + enif_release_binary(&out); + goto err; + } + + return enif_make_binary(env, &out); + bad_arg: + err: + return enif_make_badarg(env); +#else + return EXCP_NOTSUP(env, "Unsupported CRYPTO_PKCS5_PBKDF2_HMAC"); +#endif +} diff --git a/lib/crypto/c_src/pbkdf2_hmac.h b/lib/crypto/c_src/pbkdf2_hmac.h new file mode 100644 index 0000000000..90be790861 --- /dev/null +++ b/lib/crypto/c_src/pbkdf2_hmac.h @@ -0,0 +1,29 @@ +/* + * %CopyrightBegin% + * + * Copyright Ericsson AB 2010-2021. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * %CopyrightEnd% + */ + +#ifndef E_PBKDF2_HMAC_H__ +#define E_PBKDF2_HMAC_H__ 1 + +#include "common.h" + +ERL_NIF_TERM pbkdf2_hmac_nif(ErlNifEnv* env, int argc, + const ERL_NIF_TERM argv[]); + +#endif /* E_PBKDF2_HMAC_H__ */ diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index d6ff2247b2..b7d089a961 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -2056,6 +2056,19 @@ FloatValue = rand:uniform(). % again </desc> </func> + <func> + <name name="pbkdf2_hmac" arity="5" since=""/> + <fsummary>PBKDF2 in combination with HMAC</fsummary> + <desc> + <p> + PKCS #5 PBKDF2 (Password-Based Key Derivation Function 2) in combination with HMAC. + </p> + <p> + The function raises a <c>error:badarg</c> if the parameters are in wrong format. + </p> + </desc> + </func> + </funcs> <funcs> diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 6e5e32dd96..1d1ad71639 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -43,6 +43,7 @@ -export([privkey_to_pubkey/2]). -export([ec_curve/1, ec_curves/0]). -export([rand_seed/1]). +-export([pbkdf2_hmac/5]). %%%---------------------------------------------------------------- %% Removed functions. @@ -753,6 +754,18 @@ enable_fips_mode(Enable) -> equal_const_time(_, _, _) -> false. +-spec pbkdf2_hmac(Digest, Pass, Salt, Iter, KeyLen) -> Result + when Digest :: sha | sha224 | sha256 | sha384 | sha512, + Pass :: binary(), + Salt :: binary(), + Iter :: pos_integer(), + KeyLen :: pos_integer(), + Result :: binary(). +pbkdf2_hmac(Digest, Pass, Salt, Iter, KeyLen) -> + pbkdf2_hmac_nif(Digest, Pass, Salt, Iter, KeyLen). + +pbkdf2_hmac_nif(_, _, _, _, _) -> ?nif_stub. + %%%================================================================ %%% %%% Hashing diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 854a6e2ad4..182af02cb0 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -138,6 +138,8 @@ use_all_ec_sign_verify/1, use_all_ecdh_generate_compute/1, use_all_eddh_generate_compute/1, + pbkdf2_hmac/0, + pbkdf2_hmac/1, privkey_to_pubkey/1, %% Others: @@ -239,7 +241,8 @@ all() -> rand_plugin_s, cipher_info, hash_info, - hash_equals + hash_equals, + pbkdf2_hmac ]. -define(NEW_CIPHER_TYPE_SCHEMA, @@ -4841,6 +4841,65 @@ try_enable_fips_mode(Config) -> {skip, "FIPS mode not supported"} end. +pbkdf2_hmac() -> + [{doc, "Test the pbkdf2_hmac function"}]. +pbkdf2_hmac(Config) when is_list(Config) -> + try + F = fun (A, B, C, D) -> + binary:encode_hex(crypto:pbkdf2_hmac(sha, A, B, C, D)) + end, + %% RFC 6070 + <<"0C60C80F961F0E71F3A9B524AF6012062FE037A6">> = + F(<<"password">>, <<"salt">>, 1, 20), + <<"EA6C014DC72D6F8CCD1ED92ACE1D41F0D8DE8957">> = + F(<<"password">>, <<"salt">>, 2, 20), + <<"4B007901B765489ABEAD49D926F721D065A429C1">> = + F(<<"password">>, <<"salt">>, 4096, 20), + <<"EEFE3D61CD4DA4E4E9945B3D6BA2158C2634E984">> = + F(<<"password">>, <<"salt">>, 16777216, 20), + <<"3D2EEC4FE41C849B80C8D83662C0E44A8B291A964CF2F07038">> = + F(<<"passwordPASSWORDpassword">>, <<"saltSALTsaltSALTsaltSALTsaltSALTsalt">>, 4096, 25), + <<"56FA6AA75548099DCC37D7F03425E0C3">> = + F(<<"pass\0word">>, <<"sa\0lt">>, 4096, 16), + + %% RFC 3962 + <<"CDEDB5281BB2F801565A1122B2563515">> = + F(<<"password">>, <<"ATHENA.MIT.EDUraeburn">>, 1, 16), + <<"CDEDB5281BB2F801565A1122B25635150AD1F7A04BB9F3A333ECC0E2E1F70837">> = + F(<<"password">>, <<"ATHENA.MIT.EDUraeburn">>, 1, 32), + <<"01DBEE7F4A9E243E988B62C73CDA935D">> = + F(<<"password">>, <<"ATHENA.MIT.EDUraeburn">>, 2, 16), + <<"01DBEE7F4A9E243E988B62C73CDA935DA05378B93244EC8F48A99E61AD799D86">> = + F(<<"password">>, <<"ATHENA.MIT.EDUraeburn">>, 2, 32), + <<"5C08EB61FDF71E4E4EC3CF6BA1F5512B">> = + F(<<"password">>, <<"ATHENA.MIT.EDUraeburn">>, 1200, 16), + <<"5C08EB61FDF71E4E4EC3CF6BA1F5512BA7E52DDBC5E5142F708A31E2E62B1E13">> = + F(<<"password">>, <<"ATHENA.MIT.EDUraeburn">>, 1200, 32), + <<"D1DAA78615F287E6A1C8B120D7062A49">> = + F(<<"password">>, binary:encode_unsigned(16#1234567878563412), 5, 16), + <<"D1DAA78615F287E6A1C8B120D7062A493F98D203E6BE49A6ADF4FA574B6E64EE">> = + F(<<"password">>, binary:encode_unsigned(16#1234567878563412), 5, 32), + <<"139C30C0966BC32BA55FDBF212530AC9">> = + F(<<"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX">>, + <<"pass phrase equals block size">>, 1200, 16), + <<"139C30C0966BC32BA55FDBF212530AC9C5EC59F1A452F5CC9AD940FEA0598ED1">> = + F(<<"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX">>, + <<"pass phrase equals block size">>, 1200, 32), + <<"9CCAD6D468770CD51B10E6A68721BE61">> = + F(<<"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX">>, + <<"pass phrase exceeds block size">>, 1200, 16), + <<"9CCAD6D468770CD51B10E6A68721BE611A8B4D282601DB3B36BE9246915EC82A">> = + F(<<"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX">>, + <<"pass phrase exceeds block size">>, 1200, 32), + <<"6B9CF26D45455A43A5B8BB276A403B39">> = + F(binary:encode_unsigned(16#f09d849e), <<"EXAMPLE.COMpianist">>, 50, 16), + <<"6B9CF26D45455A43A5B8BB276A403B39E7FE37A0C41E02C281FF3069E1E94F52">> = + F(binary:encode_unsigned(16#f09d849e), <<"EXAMPLE.COMpianist">>, 50, 32) + catch + error:{notsup,{"pbkdf2_hmac.c", _}, "Unsupported CRYPTO_PKCS5_PBKDF2_HMAC"} -> + {skip, "No Unsupported CRYPTO_PKCS5_PBKDF2_HMAC"} + end. + get_priv_pub_from_sign_verify(L) -> lists:foldl(fun get_priv_pub/2, [], L). -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor