aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-04-20 15:11:04 +0200
committerKim Alvefur <zash@zash.se>2019-04-20 15:11:04 +0200
commit265d5cbec07c6297c811b72cf5416acb446869da (patch)
treea472872759824855130084577e300a89a652254a
parentd73c6a8327c79775989303c823bfa9be22e26116 (diff)
downloadprosody-265d5cbec07c6297c811b72cf5416acb446869da.tar.gz
prosody-265d5cbec07c6297c811b72cf5416acb446869da.zip
util.hashes: Allow specifying output key length
This is not needed for SCRAM but PBKDF2 takes this argument.
-rw-r--r--spec/util_hashes_spec.lua16
-rw-r--r--util-src/hashes.c21
2 files changed, 28 insertions, 9 deletions
diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua
index 1e6187bb..9099145a 100644
--- a/spec/util_hashes_spec.lua
+++ b/spec/util_hashes_spec.lua
@@ -33,5 +33,21 @@ describe("PBKDF2-SHA1", function ()
local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984";
assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c)));
end);
+ it("test vector 5", function ()
+ local P = "passwordPASSWORDpassword"
+ local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+ local c = 4096
+ local dkLen = 25
+ local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
+ assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen)));
+ end);
+ it("works", function ()
+ local P = "pass\0word"
+ local S = "sa\0lt"
+ local c = 4096
+ local dkLen = 16
+ local DK = "56fa6aa75548099dcc37d7f03425e0c3"
+ assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen)));
+ end);
end);
diff --git a/util-src/hashes.c b/util-src/hashes.c
index 4c48b26f..3fb849b9 100644
--- a/util-src/hashes.c
+++ b/util-src/hashes.c
@@ -100,36 +100,39 @@ MAKE_HMAC_FUNCTION(Lhmac_sha512, EVP_sha512, SHA512_DIGEST_LENGTH, SHA512_CTX)
MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX)
static int Lpbkdf2_sha1(lua_State *L) {
- unsigned char out[SHA_DIGEST_LENGTH];
-
size_t pass_len, salt_len;
const char *pass = luaL_checklstring(L, 1, &pass_len);
const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len);
const int iter = luaL_checkinteger(L, 3);
+ const size_t len = luaL_optinteger(L, 4, SHA_DIGEST_LENGTH);
+
+ luaL_Buffer b;
+ unsigned char *out = (unsigned char *)luaL_buffinitsize(L, &b, len);
- if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), SHA_DIGEST_LENGTH, out) == 0) {
+ if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), len, out) == 0) {
return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed");
}
- lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH);
-
+ luaL_pushresultsize(&b, len);
return 1;
}
static int Lpbkdf2_sha256(lua_State *L) {
- unsigned char out[SHA256_DIGEST_LENGTH];
-
size_t pass_len, salt_len;
const char *pass = luaL_checklstring(L, 1, &pass_len);
const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len);
const int iter = luaL_checkinteger(L, 3);
+ const int len = luaL_optinteger(L, 4, SHA256_DIGEST_LENGTH);
+
+ luaL_Buffer b;
+ unsigned char *out = (unsigned char *)luaL_buffinitsize(L, &b, len);
- if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha256(), SHA256_DIGEST_LENGTH, out) == 0) {
+ if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha256(), len, out) == 0) {
return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed");
}
- lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH);
+ luaL_pushresultsize(&b, len);
return 1;
}