Merge pull request #9 from str4d/pbkdf2

Replace PKCS5_PBKDF2_HMAC_SHA1 with crates
This commit is contained in:
Tony Arcieri
2019-11-20 13:44:26 -08:00
committed by GitHub
3 changed files with 13 additions and 56 deletions
+3
View File
@@ -18,6 +18,9 @@ keywords = ["ccid", "ecdsa", "rsa", "piv", "yubikey"]
[dependencies]
getrandom = "0.1"
hmac = "0.7"
libc = "0.2"
log = "0.4"
pbkdf2 = "0.3"
sha-1 = "0.8"
zeroize = "1"
-32
View File
@@ -60,15 +60,6 @@ extern "C" {
);
fn DES_is_weak_key(key: *mut [u8; 8]) -> i32;
fn DES_set_key_unchecked(key: *mut [u8; 8], schedule: *mut DesSubKey);
fn PKCS5_PBKDF2_HMAC_SHA1(
pass: *const u8,
passlen: i32,
salt: *const u8,
saltlen: i32,
iter: i32,
keylen: i32,
out: *mut u8,
) -> i32;
}
/// DES-related errors
@@ -244,29 +235,6 @@ pub enum Pkcs5ErrorKind {
GeneralError = -1,
}
/// Decrypt a PKCS#5 key
pub unsafe fn pkcs5_pbkdf2_sha1(
password: *const u8,
cb_password: usize,
salt: *const u8,
cb_salt: usize,
iterations: usize,
key: *const u8,
cb_key: usize,
) -> Pkcs5ErrorKind {
PKCS5_PBKDF2_HMAC_SHA1(
password,
cb_password as (i32),
salt,
cb_salt as (i32),
iterations as (i32),
cb_key as (i32),
key as (*mut u8),
);
Pkcs5ErrorKind::Ok
}
/// Strip whitespace
// TODO(tarcieri): implement this
pub unsafe fn _strip_ws(sz: *mut c_char) -> *mut c_char {
+7 -21
View File
@@ -35,8 +35,11 @@
use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*};
use getrandom::getrandom;
use hmac::Hmac;
use libc::{calloc, free, memcpy, memmove, realloc, time};
use log::{error, warn};
use pbkdf2::pbkdf2;
use sha1::Sha1;
use std::ops::DerefMut;
use std::{ffi::CString, mem, os::raw::c_void, ptr};
use zeroize::{Zeroize, Zeroizing};
@@ -1463,19 +1466,14 @@ impl Drop for YkPivMgm {
/// Get derived management key (MGM)
pub unsafe fn ykpiv_util_get_derived_mgm(
state: &mut YubiKey,
pin: *const u8,
pin_len: usize,
mgm: *mut YkPivMgm,
pin: &[u8],
mgm: &mut YkPivMgm,
) -> Result<(), ErrorKind> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_data: usize = data.len();
let mut p_item: *mut u8 = ptr::null_mut();
let mut cb_item: usize = 0;
if pin.is_null() || pin_len == 0 || mgm.is_null() {
return Err(ErrorKind::GenericError);
}
_ykpiv_begin_transaction(state)?;
let mut res = _ykpiv_ensure_application_selected(state);
@@ -1503,25 +1501,13 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
"derived mgm salt exists, but is incorrect size = {}",
cb_item,
);
}
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::GenericError);
}
let p5rc = pkcs5_pbkdf2_sha1(
pin,
pin_len,
p_item,
cb_item,
ITER_MGM_PBKDF2,
(*mgm).0.as_mut_ptr(),
(*mgm).0.len(),
);
if p5rc != Pkcs5ErrorKind::Ok {
error!("pbkdf2 failure, err = {:?}", p5rc);
res = Err(ErrorKind::GenericError);
let salt = std::slice::from_raw_parts_mut(p_item, cb_item);
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut (*mgm).0);
}
}