From f513939ebba7e6461319f58254f072023763cde3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 11 Jul 1999 12:40:46 +0000 Subject: [PATCH] Add a debugging option to PKCS#5 v2.0 key generation function. --- CHANGES | 5 +++++ crypto/evp/p5_crpt2.c | 36 ++++++++++++++++++++++++++++++------ 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 94cae7d52..fc8e884e2 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.3a and 0.9.4 + *) Add a debugging option to PKCS#5 v2 key generation function: when + you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and + derived keys are printed to stderr. + [Steve Henson] + *) Copy the flags in ASN1_STRING_dup(). [Roman E. Pavlov ] diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index dd23bd24e..2de3a2c9d 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -55,7 +55,6 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(NO_HMAC) && !defined(NO_SHA) #include #include #include @@ -63,6 +62,13 @@ #include #include "cryptlib.h" +/* set this to print out info about the keygen algorithm */ +/* #define DEBUG_PKCS5V2 */ + +#ifdef DEBUG_PKCS5V2 + static void h__dump (const unsigned char *p, int len); +#endif + /* This is an implementation of PKCS#5 v2.0 password based encryption key * derivation function PBKDF2 using the only currently defined function HMAC * with SHA1. Verified against test vectors posted by Peter Gutmann @@ -74,14 +80,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, int keylen, unsigned char *out) { unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; - int cplen, j, k; + int cplen, j, k, tkeylen; unsigned long i = 1; HMAC_CTX hctx; p = out; + tkeylen = keylen; if(passlen == -1) passlen = strlen(pass); - while(keylen) { - if(keylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; - else cplen = keylen; + while(tkeylen) { + if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; + else cplen = tkeylen; /* We are unlikely to ever use more than 256 blocks (5120 bits!) * but just in case... */ @@ -99,11 +106,20 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } - keylen-= cplen; + tkeylen-= cplen; i++; p+= cplen; } HMAC_cleanup(&hctx); +#ifdef DEBUG_PKCS5V2 + fprintf(stderr, "Password:\n"); + h__dump (pass, passlen); + fprintf(stderr, "Salt:\n"); + h__dump (salt, saltlen); + fprintf(stderr, "Iteration count %d\n", iter); + fprintf(stderr, "Key:\n"); + h__dump (out, keylen); +#endif return 1; } @@ -219,4 +235,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, PBKDF2PARAM_free(kdf); return 0; } + +#ifdef DEBUG_PKCS5V2 +static void h__dump (const unsigned char *p, int len) +{ + for (; len --; p++) fprintf(stderr, "%02X ", *p); + fprintf(stderr, "\n"); +} #endif +