Drop pbkdf2 module (superseded by pkcs5)

ChangeLog

@@ -6,6 +6,7 @@ Features
   * Support for DTLS 1.0 and 1.2 (RFC 6347).
 
 API Changes
+   * Remove the PBKDF2 module (use PKCS5).
    * Remove POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()).
    * Headers are now found in the 'mbedtls' directory (previously 'polarssl').
    * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION

include/mbedtls/config.h

@@ -1814,20 +1814,6 @@
  */
 #define POLARSSL_PADLOCK_C
 
-/**
- * \def POLARSSL_PBKDF2_C
- *
- * Enable PKCS#5 PBKDF2 key derivation function.
- * DEPRECATED: Use POLARSSL_PKCS5_C instead
- *
- * Module:  library/pbkdf2.c
- *
- * Requires: POLARSSL_PKCS5_C
- *
- * This module adds support for the PKCS#5 PBKDF2 key derivation function.
- */
-#define POLARSSL_PBKDF2_C
-
 /**
  * \def POLARSSL_PEM_PARSE_C
  *

include/mbedtls/pbkdf2.h

@@ -1,79 +0,0 @@
-/**
- * \file pbkdf2.h
- *
- * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- *        DEPRECATED: use pkcs5.h instead.
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- *  Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, write to the Free Software Foundation, Inc.,
- *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_PBKDF2_H
-#define POLARSSL_PBKDF2_H
-
-#include "md.h"
-
-#include <stddef.h>
-
-#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
-#include <basetsd.h>
-typedef UINT32 uint32_t;
-#else
-#include <inttypes.h>
-#endif
-
-#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA                 -0x007C  /**< Bad input parameters to function. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          PKCS#5 PBKDF2 using HMAC
- *                 DEPRECATED: Use pkcs5_pbkdf2_hmac() instead!
- *
- * \param ctx      Generic HMAC context
- * \param password Password to use when generating key
- * \param plen     Length of password
- * \param salt     Salt to use when generating key
- * \param slen     Length of salt
- * \param iteration_count       Iteration count
- * \param key_length            Length of generated key
- * \param output   Generated key. Must be at least as big as key_length
- *
- * \returns        0 on success, or a POLARSSL_ERR_xxx code if verification fails.
- */
-int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
-                 size_t plen, const unsigned char *salt, size_t slen,
-                 unsigned int iteration_count,
-                 uint32_t key_length, unsigned char *output );
-
-/**
- * \brief          Checkup routine
- *                 DEPRECATED: Use pkcs5_self_test() instead!
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int pbkdf2_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pbkdf2.h */

library/CMakeLists.txt

@@ -39,7 +39,6 @@ set(src
      net.c
      oid.c
      padlock.c
-     pbkdf2.c
      pem.c
      pkcs5.c
      pkcs11.c

library/Makefile

@@ -56,8 +56,7 @@ OBJS=	aes.o		aesni.o		arc4.o			\
 		md.o		md_wrap.o	md2.o			\
 		md4.o		md5.o						\
 		memory_buffer_alloc.o	net.o			\
-		oid.o									\
-		padlock.o	pbkdf2.o	pem.o			\
+		oid.o		padlock.o	pem.o			\
 		pkcs5.o		pkcs11.o	pkcs12.o		\
 		pk.o		pk_wrap.o	pkparse.o		\
 		pkwrite.o	platform.o	ripemd160.o		\

library/error.c

@@ -125,10 +125,6 @@
 #include "mbedtls/padlock.h"
 #endif
 
-#if defined(POLARSSL_PBKDF2_C)
-#include "mbedtls/pbkdf2.h"
-#endif
-
 #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
 #include "mbedtls/pem.h"
 #endif
@@ -701,11 +697,6 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
         polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
 #endif /* POLARSSL_PADLOCK_C */
 
-#if defined(POLARSSL_PBKDF2_C)
-    if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) )
-        polarssl_snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
-#endif /* POLARSSL_PBKDF2_C */
-
 #if defined(POLARSSL_RIPEMD160_C)
     if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) )
         polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" );

library/pbkdf2.c

@@ -1,61 +0,0 @@
-/**
- * \file pbkdf2.c
- *
- * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- *        DEPRECATED: Use pkcs5.c instead
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, write to the Free Software Foundation, Inc.,
- *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * PBKDF2 is part of PKCS#5
- *
- * http://tools.ietf.org/html/rfc2898 (Specification)
- * http://tools.ietf.org/html/rfc6070 (Test vectors)
- */
-
-#if !defined(POLARSSL_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include POLARSSL_CONFIG_FILE
-#endif
-
-#if defined(POLARSSL_PBKDF2_C)
-
-#include "mbedtls/pbkdf2.h"
-#include "mbedtls/pkcs5.h"
-
-int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
-                 const unsigned char *salt, size_t slen,
-                 unsigned int iteration_count,
-                 uint32_t key_length, unsigned char *output )
-{
-    return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
-                              key_length, output );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-int pbkdf2_self_test( int verbose )
-{
-    return pkcs5_self_test( verbose );
-}
-#endif /* POLARSSL_SELF_TEST */
-
-#endif /* POLARSSL_PBKDF2_C */

programs/test/selftest.c

@@ -49,7 +49,6 @@
 #include "mbedtls/x509.h"
 #include "mbedtls/xtea.h"
 #include "mbedtls/pkcs5.h"
-#include "mbedtls/pbkdf2.h"
 #include "mbedtls/ecp.h"
 #include "mbedtls/timing.h"
 
@@ -203,17 +202,12 @@ int main( int argc, char *argv[] )
         return( ret );
 #endif
 
-/* Slow tests last */
-
-#if defined(POLARSSL_PBKDF2_C)
-    if( ( ret = pbkdf2_self_test( v ) ) != 0 )
-        return( ret );
-#else
 #if defined(POLARSSL_PKCS5_C)
     if( ( ret = pkcs5_self_test( v ) ) != 0 )
         return( ret );
 #endif
-#endif
+
+/* Slow tests last */
 
 /* Not stable enough on Windows and FreeBSD yet */
 #if __linux__ && defined(POLARSSL_TIMING_C)

tests/CMakeLists.txt

@@ -75,7 +75,6 @@ add_test_suite(md)
 add_test_suite(mdx)
 add_test_suite(memory_buffer_alloc)
 add_test_suite(mpi)
-add_test_suite(pbkdf2)
 add_test_suite(pem)
 add_test_suite(pkcs1_v21)
 add_test_suite(pkcs5)

tests/Makefile

@@ -74,7 +74,7 @@ APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_hmac_drbg.pr$(EXEXT)					\
 	test_suite_md$(EXEXT)		test_suite_mdx$(EXEXT)		\
 	test_suite_memory_buffer_alloc$(EXEXT)				\
-	test_suite_mpi$(EXEXT)		test_suite_pbkdf2$(EXEXT)	\
+	test_suite_mpi$(EXEXT)						\
 	test_suite_pem$(EXEXT)						\
 	test_suite_pkcs1_v21$(EXEXT)	test_suite_pkcs5$(EXEXT)	\
 	test_suite_pkparse$(EXEXT)	test_suite_pkwrite$(EXEXT)	\

tests/suites/test_suite_pbkdf2.data

@@ -1,19 +0,0 @@
-PBKDF2 RFC 6070 Test Vector #1 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":1:20:"0c60c80f961f0e71f3a9b524af6012062fe037a6"
-
-PBKDF2 RFC 6070 Test Vector #2 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":2:20:"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
-
-PBKDF2 RFC 6070 Test Vector #3 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":4096:20:"4b007901b765489abead49d926f721d065a429c1"
-
-PBKDF2 RFC 6070 Test Vector #5 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
-
-PBKDF2 RFC 6070 Test Vector #6 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"

tests/suites/test_suite_pbkdf2.function

@@ -1,48 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/pbkdf2.h"
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:POLARSSL_PBKDF2_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void pbkdf2_hmac( int hash, char *hex_password_string, char *hex_salt_string,
-                  int it_cnt, int key_len, char *result_key_string )
-{
-    unsigned char pw_str[100];
-    unsigned char salt_str[100];
-    unsigned char dst_str[100];
-
-    md_context_t ctx;
-    const md_info_t *info;
-
-    int pw_len, salt_len;
-    unsigned char key[100];
-
-    md_init( &ctx );
-
-    memset(pw_str, 0x00, 100);
-    memset(salt_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
-
-    pw_len = unhexify( pw_str, hex_password_string );
-    salt_len = unhexify( salt_str, hex_salt_string );
-
-
-    info = md_info_from_type( hash );
-    TEST_ASSERT( info != NULL );
-    if( info == NULL )
-        return;
-    TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
-    TEST_ASSERT( pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
-                              it_cnt, key_len, key ) == 0 );
-
-    hexify( dst_str, key, key_len );
-    TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
-
-exit:
-    md_free( &ctx );
-}
-/* END_CASE */

visualc/VS2010/mbedTLS.vcxproj

@@ -180,7 +180,6 @@
     <ClInclude Include="..\..\include\mbedtls\net.h" />
     <ClInclude Include="..\..\include\mbedtls\oid.h" />
     <ClInclude Include="..\..\include\mbedtls\padlock.h" />
-    <ClInclude Include="..\..\include\mbedtls\pbkdf2.h" />
     <ClInclude Include="..\..\include\mbedtls\pem.h" />
     <ClInclude Include="..\..\include\mbedtls\pk.h" />
     <ClInclude Include="..\..\include\mbedtls\pk_wrap.h" />
@@ -243,7 +242,6 @@
     <ClCompile Include="..\..\library\net.c" />
     <ClCompile Include="..\..\library\oid.c" />
     <ClCompile Include="..\..\library\padlock.c" />
-    <ClCompile Include="..\..\library\pbkdf2.c" />
     <ClCompile Include="..\..\library\pem.c" />
     <ClCompile Include="..\..\library\pk.c" />
     <ClCompile Include="..\..\library\pk_wrap.c" />

visualc/VS6/mbedtls.dsp

@@ -229,10 +229,6 @@ SOURCE=..\..\library\padlock.c
 # End Source File
 # Begin Source File
 
-SOURCE=..\..\library\pbkdf2.c
-# End Source File
-# Begin Source File
-
 SOURCE=..\..\library\pem.c
 # End Source File
 # Begin Source File
@@ -517,10 +513,6 @@ SOURCE=..\..\include\mbedtls\padlock.h
 # End Source File
 # Begin Source File
 
-SOURCE=..\..\include\mbedtls\pbkdf2.h
-# End Source File
-# Begin Source File
-
 SOURCE=..\..\include\mbedtls\pem.h
 # End Source File
 # Begin Source File