foxiepaws
/
weechat
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

core: add function secure_hash_pbkdf2

v2.8-utf8proc
Sébastien Helleu 2020-03-01 14:26:24 +01:00
parent 3472793d24
commit 1ae2591458
4 changed files with 179 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/core/wee-secure.c
View File

@ -163,6 +163,60 @@ hash_end:
return result;
}
/*
* Computes PKCS#5 Passphrase Based Key Derivation Function number 2 (PBKDF2)
* hash of data, as binary buffer.
*
* Returns 1 if OK, 0 if error.
*
* Note: if OK, "*hash" must be freed after use.
*/
int
secure_hash_pbkdf2 (const char *data, int length_data, int hash_subalgo,
const char *salt, int length_salt, int iterations,
char **hash, int *length_hash)
{
int rc;
rc = 0;
if (!hash || !length_hash)
goto hash_pbkdf2_end;
*hash = NULL;
*length_hash = 0;
if (!data || (length_data < 1) || !salt || (length_salt < 1)
|| (iterations < 1))
{
goto hash_pbkdf2_end;
}
*length_hash = gcry_md_get_algo_dlen (hash_subalgo);
*hash = malloc (*length_hash);
if (!*hash)
{
*length_hash = 0;
goto hash_pbkdf2_end;
}
if (gcry_kdf_derive (data, length_data, GCRY_KDF_PBKDF2, hash_subalgo,
salt, length_salt, iterations,
*length_hash, *hash) != 0)
{
free (*hash);
*hash = NULL;
*length_hash = 0;
goto hash_pbkdf2_end;
}
rc = 1;
hash_pbkdf2_end:
return rc;
}
/*
* Derives a key from salt + passphrase (using a hash).
*

5
src/core/wee-secure.h
View File

@ -58,6 +58,11 @@ extern char *secure_decrypt_error[];
extern void secure_hash_binary (const char *data, int length_data,
int hash_algo, char **hash, int *length_hash);
extern char *secure_hash (const char *data, int length_data, int hash_algo);
extern int secure_hash_pbkdf2 (const char *data, int length_data,
int hash_subalgo,
const char *salt, int length_salt,
int iterations,
char **hash, int *length_hash);
extern int secure_encrypt_data (const char *data, int length_data,
int hash_algo, int cipher,
const char *passphrase, char **encrypted,

114
tests/unit/core/test-core-secure.cpp
View File

@ -33,11 +33,12 @@ extern "C"
#define SECURE_PASSWORD "this_is_a_secret_password"
#define TOTP_SECRET "secretpasswordbase32"
#define WEE_CHECK_HASH_BIN(__result, __buffer, __length, __hash_algo) \
if (__result) \
#define WEE_CHECK_HASH_BIN(__result_hash, __data, __length_data, \
__hash_algo) \
if (__result_hash) \
{ \
result_bin = (char *)malloc (4096); \
length_bin = string_base16_decode (__result, \
length_bin = string_base16_decode (__result_hash, \
(char *)result_bin); \
} \
else \
@ -45,9 +46,11 @@ extern "C"
result_bin = NULL; \
length_bin = 0; \
} \
secure_hash_binary (__buffer, __length, __hash_algo, \
hash_bin = NULL; \
length_hash_bin = -1; \
secure_hash_binary (__data, __length_data, __hash_algo, \
&hash_bin, &length_hash_bin); \
if (__result == NULL) \
if (__result_hash == NULL) \
{ \
POINTERS_EQUAL(NULL, hash_bin); \
} \
@ -61,19 +64,57 @@ extern "C"
if (hash_bin) \
free (hash_bin);
#define WEE_CHECK_HASH_HEX(__result, __buffer, __length, __hash_algo) \
hash = secure_hash (__buffer, __length, __hash_algo); \
if (__result == NULL) \
#define WEE_CHECK_HASH_HEX(__result_hash, __data, __length_data, \
__hash_algo) \
hash = secure_hash (__data, __length_data, __hash_algo); \
if (__result_hash == NULL) \
{ \
POINTERS_EQUAL(NULL, hash); \
} \
else \
{ \
STRCMP_EQUAL(__result, hash); \
STRCMP_EQUAL(__result_hash, hash); \
} \
if (hash) \
free (hash);
#define WEE_CHECK_HASH_PBKDF2(__result_code, __result_hash, \
__data, __length_data, \
__hash_subalgo, __salt, __length_salt, \
__iterations) \
if (__result_hash) \
{ \
result_bin = (char *)malloc (4096); \
length_bin = string_base16_decode (__result_hash, \
(char *)result_bin); \
} \
else \
{ \
result_bin = NULL; \
length_bin = 0; \
} \
hash_bin = NULL; \
length_hash_bin = -1; \
LONGS_EQUAL(__result_code, \
secure_hash_pbkdf2 (__data, __length_data, \
__hash_subalgo, \
__salt, __length_salt, \
__iterations, \
&hash_bin, &length_hash_bin)); \
if (__result_hash == NULL) \
{ \
POINTERS_EQUAL(NULL, hash_bin); \
} \
else \
{ \
MEMCMP_EQUAL(result_bin, hash_bin, length_hash_bin); \
} \
LONGS_EQUAL(length_bin, length_hash_bin); \
if (result_bin) \
free (result_bin); \
if (hash_bin) \
free (hash_bin);
#define WEE_CHECK_TOTP_GENERATE(__result, __secret, __time, __digits) \
totp = secure_totp_generate (__secret, __time, __digits); \
if (__result == NULL) \
@ -154,6 +195,61 @@ TEST(CoreSecure, Hash)
WEE_CHECK_HASH_HEX(DATA_HASH_SHA3_512, data, length, GCRY_MD_SHA3_512);
}
/*
* Tests functions:
* secure_hash_pbkdf2
*/
TEST(CoreSecure, HashPbkdf2)
{
const char *data = DATA_HASH, *salt = DATA_HASH_SALT;
char *result_bin, *hash_bin;
int length, length_salt, length_bin, length_hash_bin;
length = strlen (data);
length_salt = strlen (salt);
WEE_CHECK_HASH_PBKDF2(0, NULL, NULL, 0, 0, NULL, 0, 0);
WEE_CHECK_HASH_PBKDF2(0, NULL, "test", 0, 0, NULL, 0, 0);
WEE_CHECK_HASH_PBKDF2(0, NULL, "test", 4, GCRY_MD_SHA1, "salt", 4, 0);
/* SHA1 */
WEE_CHECK_HASH_PBKDF2(1, DATA_HASH_PBKDF2_SHA1_1000,
data, length,
GCRY_MD_SHA1,
DATA_HASH_SALT, length_salt,
1000);
WEE_CHECK_HASH_PBKDF2(1, DATA_HASH_PBKDF2_SHA1_100000,
data, length,
GCRY_MD_SHA1,
DATA_HASH_SALT, length_salt,
100000);
/* SHA256 */
WEE_CHECK_HASH_PBKDF2(1, DATA_HASH_PBKDF2_SHA256_1000,
data, length,
GCRY_MD_SHA256,
DATA_HASH_SALT, length_salt,
1000);
WEE_CHECK_HASH_PBKDF2(1, DATA_HASH_PBKDF2_SHA256_100000,
data, length,
GCRY_MD_SHA256,
DATA_HASH_SALT, length_salt,
100000);
/* SHA512 */
WEE_CHECK_HASH_PBKDF2(1, DATA_HASH_PBKDF2_SHA512_1000,
data, length,
GCRY_MD_SHA512,
DATA_HASH_SALT, length_salt,
1000);
WEE_CHECK_HASH_PBKDF2(1, DATA_HASH_PBKDF2_SHA512_100000,
data, length,
GCRY_MD_SHA512,
DATA_HASH_SALT, length_salt,
100000);
}
/*
* Tests functions:
* secure_derive_key

15
tests/unit/core/test-core.h
View File

@ -42,5 +42,20 @@
#define DATA_HASH_SHA3_512 "31dfb5fc8f30ac7007acddc4fce562d408706833d0d2af2" \
"e5f61a179099592927ff7d100e278406c7f98d42575001e26e153b135c21f7ef5b00c8" \
"cef93ca048d"
#define DATA_HASH_SALT "this is a salt of 32 bytes xxxxx"
#define DATA_HASH_PBKDF2_SHA1_1000 "85ce23c8873830df8f0a96aa82ae7d7635dad12" \
"7"
#define DATA_HASH_PBKDF2_SHA1_100000 "f2c2a079007523df3a5a5c7b578073dff06ba" \
"49f"
#define DATA_HASH_PBKDF2_SHA256_1000 "0eb0a795537a8c37a2d7d7e50a076e07c9a8e" \
"e9aa281669381af99fad198997c"
#define DATA_HASH_PBKDF2_SHA256_100000 "b243ef60f9d9e7a6315f874053802cfb3b7" \
"b5a3502d47cf7fd76b3ee5661fcff"
#define DATA_HASH_PBKDF2_SHA512_1000 "03d8e9e86f3bbe20b88a600a5aa15f8cfbee0" \
"a402af301e1714c25467a32489c773c71eddf5aa39f42823ecc54c9e9b015517b5f3c0" \
"19bae9463a2d8fe527882"
#define DATA_HASH_PBKDF2_SHA512_100000 "286cca5521b00a7398530fbf11a570401a8" \
"0c901f1584cb493fcb75c49e5c30613c331ce318b34615a08be2fdcb9a3b4d3e9a5b62" \
"e119db6941010533cdf73d3"
#endif /* WEECHAT_TEST_UNIT_CORE_H */