Tor  0.4.7.0-alpha-dev
Macros | Functions
crypto_s2k.c File Reference

Functions for deriving keys from human-readable passphrases. More...

#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_hkdf.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_s2k.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/ctime/di_ops.h"
#include "lib/log/util_bug.h"
#include "lib/intmath/cmp.h"
#include <string.h>

Go to the source code of this file.

Macros

#define CRYPTO_S2K_PRIVATE
 
#define S2K_TYPE_RFC2440   0
 
#define S2K_TYPE_PBKDF2   1
 
#define S2K_TYPE_SCRYPT   2
 
#define PBKDF2_SPEC_LEN   17
 
#define PBKDF2_KEY_LEN   20
 
#define SCRYPT_SPEC_LEN   18
 
#define SCRYPT_KEY_LEN   32
 
#define EXPBIAS   6
 

Functions

static int secret_to_key_spec_len (uint8_t type)
 
static int secret_to_key_key_len (uint8_t type)
 
static int secret_to_key_get_type (const uint8_t *spec_and_key, size_t spec_and_key_len, int key_included, int *legacy_out)
 
static int make_specifier (uint8_t *spec_out, uint8_t type, unsigned flags)
 
void secret_to_key_rfc2440 (char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier)
 
STATIC int secret_to_key_compute_key (uint8_t *key_out, size_t key_out_len, const uint8_t *spec, size_t spec_len, const char *secret, size_t secret_len, int type)
 
int secret_to_key_derivekey (uint8_t *key_out, size_t key_out_len, const uint8_t *spec, size_t spec_len, const char *secret, size_t secret_len)
 
int secret_to_key_make_specifier (uint8_t *buf, size_t buf_len, unsigned flags)
 
int secret_to_key_new (uint8_t *buf, size_t buf_len, size_t *len_out, const char *secret, size_t secret_len, unsigned flags)
 
int secret_to_key_check (const uint8_t *spec_and_key, size_t spec_and_key_len, const char *secret, size_t secret_len)
 

Detailed Description

Functions for deriving keys from human-readable passphrases.

Definition in file crypto_s2k.c.

Function Documentation

◆ make_specifier()

static int make_specifier ( uint8_t *  spec_out,
uint8_t  type,
unsigned  flags 
)
static

Write a new random s2k specifier of type type, without prefixing type byte, to spec_out, which must have enough room. May adjust parameter choice based on flags.

Definition at line 159 of file crypto_s2k.c.

◆ secret_to_key_check()

int secret_to_key_check ( const uint8_t *  spec_and_key,
size_t  spec_and_key_len,
const char *  secret,
size_t  secret_len 
)

Given a hashed passphrase in spec_and_key of length spec_and_key_len as generated by secret_to_key_new(), verify whether it is a hash of the passphrase secret of length secret_len. Return S2K_OKAY on a match, S2K_BAD_SECRET on a well-formed hash that doesn't match this secret, and another error code on other errors.

Definition at line 486 of file crypto_s2k.c.

◆ secret_to_key_compute_key()

STATIC int secret_to_key_compute_key ( uint8_t *  key_out,
size_t  key_out_len,
const uint8_t *  spec,
size_t  spec_len,
const char *  secret,
size_t  secret_len,
int  type 
)

Helper: given a valid specifier without prefix type byte in spec, whose length must be correct, and given a secret passphrase secret of length secret_len, compute the key and store it into key_out, which must have enough room for secret_to_key_key_len(type) bytes. Return the number of bytes written on success and an error code on failure.

Definition at line 258 of file crypto_s2k.c.

◆ secret_to_key_derivekey()

int secret_to_key_derivekey ( uint8_t *  key_out,
size_t  key_out_len,
const uint8_t *  spec,
size_t  spec_len,
const char *  secret,
size_t  secret_len 
)

Given a specifier previously constructed with secret_to_key_make_specifier in spec of length spec_len, and a secret password in secret of length secret_len, generate key_out_len bytes of cryptographic material in key_out. The native output of the secret-to-key function will be truncated if key_out_len is short, and expanded with HKDF if key_out_len is long. Returns S2K_OKAY on success, and an error code on failure.

Definition at line 370 of file crypto_s2k.c.

◆ secret_to_key_get_type()

static int secret_to_key_get_type ( const uint8_t *  spec_and_key,
size_t  spec_and_key_len,
int  key_included,
int *  legacy_out 
)
static

Given a specifier in spec_and_key of length spec_and_key_len, along with its prefix algorithm ID byte, and along with a key if key_included is true, check whether the whole specifier-and-key is of valid length, and return the algorithm type if it is. Set *legacy_out to 1 iff this is a legacy password hash or legacy specifier. Return an error code on failure.

Definition at line 117 of file crypto_s2k.c.

◆ secret_to_key_key_len()

static int secret_to_key_key_len ( uint8_t  type)
static

Given an algorithm ID (one of S2K_TYPE_*), return the length of the its preferred output.

Definition at line 92 of file crypto_s2k.c.

◆ secret_to_key_make_specifier()

int secret_to_key_make_specifier ( uint8_t *  buf,
size_t  buf_len,
unsigned  flags 
)

Construct a new s2k algorithm specifier and salt in buf, according to the bitwise-or of some S2K_FLAG_* options in flags. Up to buf_len bytes of storage may be used in buf. Return the number of bytes used on success and an error code on failure.

Definition at line 405 of file crypto_s2k.c.

◆ secret_to_key_new()

int secret_to_key_new ( uint8_t *  buf,
size_t  buf_len,
size_t *  len_out,
const char *  secret,
size_t  secret_len,
unsigned  flags 
)

Hash a passphrase from secret of length secret_len, according to the bitwise-or of some S2K_FLAG_* options in flags, and store the hash along with salt and hashing parameters into buf. Up to buf_len bytes of storage may be used in buf. Set *len_out to the number of bytes used and return S2K_OKAY on success; and return an error code on failure.

Definition at line 442 of file crypto_s2k.c.

◆ secret_to_key_rfc2440()

void secret_to_key_rfc2440 ( char *  key_out,
size_t  key_out_len,
const char *  secret,
size_t  secret_len,
const char *  s2k_specifier 
)

Implement RFC2440-style iterated-salted S2K conversion: convert the secret_len-byte secret into a key_out_len byte key_out. As in RFC2440, the first 8 bytes of s2k_specifier are a salt; the 9th byte describes how much iteration to do. If key_out_len > DIGEST_LEN, use HDKF to expand the result.

Definition at line 203 of file crypto_s2k.c.

Referenced by do_hash_password().

◆ secret_to_key_spec_len()

static int secret_to_key_spec_len ( uint8_t  type)
static

Given an algorithm ID (one of S2K_TYPE_*), return the length of the specifier part of it, without the prefix type byte. Return -1 if it is not a valid algorithm ID.

Definition at line 75 of file crypto_s2k.c.