diff options
author | Kim Alvefur <zash@zash.se> | 2019-04-20 15:11:04 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-04-20 15:11:04 +0200 |
commit | 165ee3a5ef1247468e98d0d4cba6fc43e15f92d7 (patch) | |
tree | a472872759824855130084577e300a89a652254a | |
parent | ffc422e2f6d8806dee551491feaac71f54adf0d7 (diff) | |
download | prosody-165ee3a5ef1247468e98d0d4cba6fc43e15f92d7.tar.gz prosody-165ee3a5ef1247468e98d0d4cba6fc43e15f92d7.zip |
util.hashes: Allow specifying output key length
This is not needed for SCRAM but PBKDF2 takes this argument.
-rw-r--r-- | spec/util_hashes_spec.lua | 16 | ||||
-rw-r--r-- | util-src/hashes.c | 21 |
2 files changed, 28 insertions, 9 deletions
diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 1e6187bb..9099145a 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -33,5 +33,21 @@ describe("PBKDF2-SHA1", function () local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); end); + it("test vector 5", function () + local P = "passwordPASSWORDpassword" + local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" + local c = 4096 + local dkLen = 25 + local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); + end); + it("works", function () + local P = "pass\0word" + local S = "sa\0lt" + local c = 4096 + local dkLen = 16 + local DK = "56fa6aa75548099dcc37d7f03425e0c3" + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); + end); end); diff --git a/util-src/hashes.c b/util-src/hashes.c index 4c48b26f..3fb849b9 100644 --- a/util-src/hashes.c +++ b/util-src/hashes.c @@ -100,36 +100,39 @@ MAKE_HMAC_FUNCTION(Lhmac_sha512, EVP_sha512, SHA512_DIGEST_LENGTH, SHA512_CTX) MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX) static int Lpbkdf2_sha1(lua_State *L) { - unsigned char out[SHA_DIGEST_LENGTH]; - size_t pass_len, salt_len; const char *pass = luaL_checklstring(L, 1, &pass_len); const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len); const int iter = luaL_checkinteger(L, 3); + const size_t len = luaL_optinteger(L, 4, SHA_DIGEST_LENGTH); + + luaL_Buffer b; + unsigned char *out = (unsigned char *)luaL_buffinitsize(L, &b, len); - if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), SHA_DIGEST_LENGTH, out) == 0) { + if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), len, out) == 0) { return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed"); } - lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH); - + luaL_pushresultsize(&b, len); return 1; } static int Lpbkdf2_sha256(lua_State *L) { - unsigned char out[SHA256_DIGEST_LENGTH]; - size_t pass_len, salt_len; const char *pass = luaL_checklstring(L, 1, &pass_len); const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len); const int iter = luaL_checkinteger(L, 3); + const int len = luaL_optinteger(L, 4, SHA256_DIGEST_LENGTH); + + luaL_Buffer b; + unsigned char *out = (unsigned char *)luaL_buffinitsize(L, &b, len); - if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha256(), SHA256_DIGEST_LENGTH, out) == 0) { + if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha256(), len, out) == 0) { return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed"); } - lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH); + luaL_pushresultsize(&b, len); return 1; } |