Commit 6be21469 authored by Milan Broz's avatar Milan Broz

Use internel PBKDF2 in Nettle library for Nettle crypto backend.

This also requires Nettle >= 2.6.
parent e0d3ff8a
......@@ -210,13 +210,13 @@ AC_DEFUN([CONFIGURE_NETTLE], [
[AC_MSG_ERROR([You need Nettle cryptographic library.])])
saved_LIBS=$LIBS
AC_CHECK_LIB(nettle, nettle_ripemd160_init,,
[AC_MSG_ERROR([You need Nettle library version 2.4 or more recent.])])
AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,,
[AC_MSG_ERROR([You need Nettle library version 2.6 or more recent.])])
CRYPTO_LIBS=$LIBS
LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
use_internal_pbkdf2=1
use_internal_pbkdf2=0
NO_FIPS([])
])
......
......@@ -24,6 +24,7 @@
#include <errno.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
#include <nettle/pbkdf2.h>
#include "crypto_backend.h"
static char *version = "Nettle";
......@@ -284,10 +285,21 @@ int crypt_pbkdf(const char *kdf, const char *hash,
char *key, size_t key_length,
unsigned int iterations)
{
struct crypt_hmac *h;
int r;
if (!kdf || strncmp(kdf, "pbkdf2", 6))
return -EINVAL;
/* FIXME: switch to internal implementation in Nettle 2.6 */
return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
iterations, key_length, key, 0);
r = crypt_hmac_init(&h, hash, password, password_length);
if (r < 0)
return r;
nettle_pbkdf2(&h->nettle_ctx, h->hash->nettle_hmac_update,
h->hash->nettle_hmac_digest, h->hash->length, iterations,
salt_length, (const uint8_t *)salt, key_length,
(uint8_t *)key);
crypt_hmac_destroy(h);
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment