prosody
61bc5c52c941

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

9969:61bc5c52c941

util.hashes: Allow specifying output key length This is not needed for SCRAM but PBKDF2 takes this argument.
author Kim Alvefur <zash@zash.se>
date Sat, 20 Apr 2019 15:11:04 +0200
parents 9968:d536796a305f
children 9970:4a43feb9ab15
files spec/util_hashes_spec.lua util-src/hashes.c
diffstat 2 files changed, 28 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/spec/util_hashes_spec.lua	Sun Jan 13 13:59:26 2019 +0100
+++ b/spec/util_hashes_spec.lua	Sat Apr 20 15:11:04 2019 +0200
@@ -33,5 +33,21 @@
 		local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984";
 		assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c)));
 	end);
+	it("test vector 5", function ()
+		local P = "passwordPASSWORDpassword"
+		local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+		local c = 4096
+		local dkLen = 25
+		local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
+		assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen)));
+	end);
+	it("works", function ()
+		local P = "pass\0word"
+		local S = "sa\0lt"
+		local c = 4096
+		local dkLen = 16
+		local DK = "56fa6aa75548099dcc37d7f03425e0c3"
+		assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen)));
+	end);
 end);
 
--- a/util-src/hashes.c	Sun Jan 13 13:59:26 2019 +0100
+++ b/util-src/hashes.c	Sat Apr 20 15:11:04 2019 +0200
@@ -100,36 +100,39 @@
 MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX)
 
 static int Lpbkdf2_sha1(lua_State *L) {
-	unsigned char out[SHA_DIGEST_LENGTH];
-
 	size_t pass_len, salt_len;
 	const char *pass = luaL_checklstring(L, 1, &pass_len);
 	const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len);
 	const int iter = luaL_checkinteger(L, 3);
+	const size_t len = luaL_optinteger(L, 4, SHA_DIGEST_LENGTH);
 
-	if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), SHA_DIGEST_LENGTH, out) == 0) {
+	luaL_Buffer b;
+	unsigned char *out = (unsigned char *)luaL_buffinitsize(L, &b, len);
+
+	if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha1(), len, out) == 0) {
 		return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed");
 	}
 
-	lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH);
-
+	luaL_pushresultsize(&b, len);
 	return 1;
 }
 
 
 static int Lpbkdf2_sha256(lua_State *L) {
-	unsigned char out[SHA256_DIGEST_LENGTH];
-
 	size_t pass_len, salt_len;
 	const char *pass = luaL_checklstring(L, 1, &pass_len);
 	const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len);
 	const int iter = luaL_checkinteger(L, 3);
+	const int len = luaL_optinteger(L, 4, SHA256_DIGEST_LENGTH);
 
-	if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha256(), SHA256_DIGEST_LENGTH, out) == 0) {
+	luaL_Buffer b;
+	unsigned char *out = (unsigned char *)luaL_buffinitsize(L, &b, len);
+
+	if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, EVP_sha256(), len, out) == 0) {
 		return luaL_error(L, "PKCS5_PBKDF2_HMAC() failed");
 	}
 
-	lua_pushlstring(L, (char *)out, SHA_DIGEST_LENGTH);
+	luaL_pushresultsize(&b, len);
 	return 1;
 }