Drop pbkdf2 module (superseded by pkcs5)

This commit is contained in:
Manuel Pégourié-Gonnard 2015-03-11 11:20:43 +00:00
parent f9c1387b9d
commit b6b16bddc3
14 changed files with 5 additions and 253 deletions

View file

@ -6,6 +6,7 @@ Features
* Support for DTLS 1.0 and 1.2 (RFC 6347). * Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes API Changes
* Remove the PBKDF2 module (use PKCS5).
* Remove POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()). * Remove POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()).
* Headers are now found in the 'mbedtls' directory (previously 'polarssl'). * Headers are now found in the 'mbedtls' directory (previously 'polarssl').
* Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION

View file

@ -1814,20 +1814,6 @@
*/ */
#define POLARSSL_PADLOCK_C #define POLARSSL_PADLOCK_C
/**
* \def POLARSSL_PBKDF2_C
*
* Enable PKCS#5 PBKDF2 key derivation function.
* DEPRECATED: Use POLARSSL_PKCS5_C instead
*
* Module: library/pbkdf2.c
*
* Requires: POLARSSL_PKCS5_C
*
* This module adds support for the PKCS#5 PBKDF2 key derivation function.
*/
#define POLARSSL_PBKDF2_C
/** /**
* \def POLARSSL_PEM_PARSE_C * \def POLARSSL_PEM_PARSE_C
* *

View file

@ -1,79 +0,0 @@
/**
* \file pbkdf2.h
*
* \brief Password-Based Key Derivation Function 2 (from PKCS#5)
* DEPRECATED: use pkcs5.h instead.
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
* Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
*
* This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PBKDF2_H
#define POLARSSL_PBKDF2_H
#include "md.h"
#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Bad input parameters to function. */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief PKCS#5 PBKDF2 using HMAC
* DEPRECATED: Use pkcs5_pbkdf2_hmac() instead!
*
* \param ctx Generic HMAC context
* \param password Password to use when generating key
* \param plen Length of password
* \param salt Salt to use when generating key
* \param slen Length of salt
* \param iteration_count Iteration count
* \param key_length Length of generated key
* \param output Generated key. Must be at least as big as key_length
*
* \returns 0 on success, or a POLARSSL_ERR_xxx code if verification fails.
*/
int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output );
/**
* \brief Checkup routine
* DEPRECATED: Use pkcs5_self_test() instead!
*
* \return 0 if successful, or 1 if the test failed
*/
int pbkdf2_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* pbkdf2.h */

View file

@ -39,7 +39,6 @@ set(src
net.c net.c
oid.c oid.c
padlock.c padlock.c
pbkdf2.c
pem.c pem.c
pkcs5.c pkcs5.c
pkcs11.c pkcs11.c

View file

@ -56,8 +56,7 @@ OBJS= aes.o aesni.o arc4.o \
md.o md_wrap.o md2.o \ md.o md_wrap.o md2.o \
md4.o md5.o \ md4.o md5.o \
memory_buffer_alloc.o net.o \ memory_buffer_alloc.o net.o \
oid.o \ oid.o padlock.o pem.o \
padlock.o pbkdf2.o pem.o \
pkcs5.o pkcs11.o pkcs12.o \ pkcs5.o pkcs11.o pkcs12.o \
pk.o pk_wrap.o pkparse.o \ pk.o pk_wrap.o pkparse.o \
pkwrite.o platform.o ripemd160.o \ pkwrite.o platform.o ripemd160.o \

View file

@ -125,10 +125,6 @@
#include "mbedtls/padlock.h" #include "mbedtls/padlock.h"
#endif #endif
#if defined(POLARSSL_PBKDF2_C)
#include "mbedtls/pbkdf2.h"
#endif
#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C) #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
@ -701,11 +697,6 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
#endif /* POLARSSL_PADLOCK_C */ #endif /* POLARSSL_PADLOCK_C */
#if defined(POLARSSL_PBKDF2_C)
if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) )
polarssl_snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
#endif /* POLARSSL_PBKDF2_C */
#if defined(POLARSSL_RIPEMD160_C) #if defined(POLARSSL_RIPEMD160_C)
if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) ) if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) )
polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" ); polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" );

View file

@ -1,61 +0,0 @@
/**
* \file pbkdf2.c
*
* \brief Password-Based Key Derivation Function 2 (from PKCS#5)
* DEPRECATED: Use pkcs5.c instead
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
* This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* PBKDF2 is part of PKCS#5
*
* http://tools.ietf.org/html/rfc2898 (Specification)
* http://tools.ietf.org/html/rfc6070 (Test vectors)
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PBKDF2_C)
#include "mbedtls/pbkdf2.h"
#include "mbedtls/pkcs5.h"
int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output )
{
return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
key_length, output );
}
#if defined(POLARSSL_SELF_TEST)
int pbkdf2_self_test( int verbose )
{
return pkcs5_self_test( verbose );
}
#endif /* POLARSSL_SELF_TEST */
#endif /* POLARSSL_PBKDF2_C */

View file

@ -49,7 +49,6 @@
#include "mbedtls/x509.h" #include "mbedtls/x509.h"
#include "mbedtls/xtea.h" #include "mbedtls/xtea.h"
#include "mbedtls/pkcs5.h" #include "mbedtls/pkcs5.h"
#include "mbedtls/pbkdf2.h"
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
@ -203,17 +202,12 @@ int main( int argc, char *argv[] )
return( ret ); return( ret );
#endif #endif
/* Slow tests last */
#if defined(POLARSSL_PBKDF2_C)
if( ( ret = pbkdf2_self_test( v ) ) != 0 )
return( ret );
#else
#if defined(POLARSSL_PKCS5_C) #if defined(POLARSSL_PKCS5_C)
if( ( ret = pkcs5_self_test( v ) ) != 0 ) if( ( ret = pkcs5_self_test( v ) ) != 0 )
return( ret ); return( ret );
#endif #endif
#endif
/* Slow tests last */
/* Not stable enough on Windows and FreeBSD yet */ /* Not stable enough on Windows and FreeBSD yet */
#if __linux__ && defined(POLARSSL_TIMING_C) #if __linux__ && defined(POLARSSL_TIMING_C)

View file

@ -75,7 +75,6 @@ add_test_suite(md)
add_test_suite(mdx) add_test_suite(mdx)
add_test_suite(memory_buffer_alloc) add_test_suite(memory_buffer_alloc)
add_test_suite(mpi) add_test_suite(mpi)
add_test_suite(pbkdf2)
add_test_suite(pem) add_test_suite(pem)
add_test_suite(pkcs1_v21) add_test_suite(pkcs1_v21)
add_test_suite(pkcs5) add_test_suite(pkcs5)

View file

@ -74,7 +74,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \
test_suite_hmac_drbg.pr$(EXEXT) \ test_suite_hmac_drbg.pr$(EXEXT) \
test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \ test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \
test_suite_memory_buffer_alloc$(EXEXT) \ test_suite_memory_buffer_alloc$(EXEXT) \
test_suite_mpi$(EXEXT) test_suite_pbkdf2$(EXEXT) \ test_suite_mpi$(EXEXT) \
test_suite_pem$(EXEXT) \ test_suite_pem$(EXEXT) \
test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \ test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \
test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \ test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \

View file

@ -1,19 +0,0 @@
PBKDF2 RFC 6070 Test Vector #1 (SHA1)
depends_on:POLARSSL_SHA1_C
pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":1:20:"0c60c80f961f0e71f3a9b524af6012062fe037a6"
PBKDF2 RFC 6070 Test Vector #2 (SHA1)
depends_on:POLARSSL_SHA1_C
pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":2:20:"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
PBKDF2 RFC 6070 Test Vector #3 (SHA1)
depends_on:POLARSSL_SHA1_C
pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":4096:20:"4b007901b765489abead49d926f721d065a429c1"
PBKDF2 RFC 6070 Test Vector #5 (SHA1)
depends_on:POLARSSL_SHA1_C
pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
PBKDF2 RFC 6070 Test Vector #6 (SHA1)
depends_on:POLARSSL_SHA1_C
pbkdf2_hmac:POLARSSL_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"

View file

@ -1,48 +0,0 @@
/* BEGIN_HEADER */
#include "mbedtls/pbkdf2.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:POLARSSL_PBKDF2_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void pbkdf2_hmac( int hash, char *hex_password_string, char *hex_salt_string,
int it_cnt, int key_len, char *result_key_string )
{
unsigned char pw_str[100];
unsigned char salt_str[100];
unsigned char dst_str[100];
md_context_t ctx;
const md_info_t *info;
int pw_len, salt_len;
unsigned char key[100];
md_init( &ctx );
memset(pw_str, 0x00, 100);
memset(salt_str, 0x00, 100);
memset(dst_str, 0x00, 100);
pw_len = unhexify( pw_str, hex_password_string );
salt_len = unhexify( salt_str, hex_salt_string );
info = md_info_from_type( hash );
TEST_ASSERT( info != NULL );
if( info == NULL )
return;
TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
TEST_ASSERT( pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
it_cnt, key_len, key ) == 0 );
hexify( dst_str, key, key_len );
TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
exit:
md_free( &ctx );
}
/* END_CASE */

View file

@ -180,7 +180,6 @@
<ClInclude Include="..\..\include\mbedtls\net.h" /> <ClInclude Include="..\..\include\mbedtls\net.h" />
<ClInclude Include="..\..\include\mbedtls\oid.h" /> <ClInclude Include="..\..\include\mbedtls\oid.h" />
<ClInclude Include="..\..\include\mbedtls\padlock.h" /> <ClInclude Include="..\..\include\mbedtls\padlock.h" />
<ClInclude Include="..\..\include\mbedtls\pbkdf2.h" />
<ClInclude Include="..\..\include\mbedtls\pem.h" /> <ClInclude Include="..\..\include\mbedtls\pem.h" />
<ClInclude Include="..\..\include\mbedtls\pk.h" /> <ClInclude Include="..\..\include\mbedtls\pk.h" />
<ClInclude Include="..\..\include\mbedtls\pk_wrap.h" /> <ClInclude Include="..\..\include\mbedtls\pk_wrap.h" />
@ -243,7 +242,6 @@
<ClCompile Include="..\..\library\net.c" /> <ClCompile Include="..\..\library\net.c" />
<ClCompile Include="..\..\library\oid.c" /> <ClCompile Include="..\..\library\oid.c" />
<ClCompile Include="..\..\library\padlock.c" /> <ClCompile Include="..\..\library\padlock.c" />
<ClCompile Include="..\..\library\pbkdf2.c" />
<ClCompile Include="..\..\library\pem.c" /> <ClCompile Include="..\..\library\pem.c" />
<ClCompile Include="..\..\library\pk.c" /> <ClCompile Include="..\..\library\pk.c" />
<ClCompile Include="..\..\library\pk_wrap.c" /> <ClCompile Include="..\..\library\pk_wrap.c" />

View file

@ -229,10 +229,6 @@ SOURCE=..\..\library\padlock.c
# End Source File # End Source File
# Begin Source File # Begin Source File
SOURCE=..\..\library\pbkdf2.c
# End Source File
# Begin Source File
SOURCE=..\..\library\pem.c SOURCE=..\..\library\pem.c
# End Source File # End Source File
# Begin Source File # Begin Source File
@ -517,10 +513,6 @@ SOURCE=..\..\include\mbedtls\padlock.h
# End Source File # End Source File
# Begin Source File # Begin Source File
SOURCE=..\..\include\mbedtls\pbkdf2.h
# End Source File
# Begin Source File
SOURCE=..\..\include\mbedtls\pem.h SOURCE=..\..\include\mbedtls\pem.h
# End Source File # End Source File
# Begin Source File # Begin Source File