Skip to content

sys/hashes/pbkdf2: Add PBKDF2-sha256 implementation.#12211

Closed
jcarrano wants to merge 2 commits intoRIOT-OS:masterfrom
jcarrano:pbkdf2-sha256
Closed

sys/hashes/pbkdf2: Add PBKDF2-sha256 implementation.#12211
jcarrano wants to merge 2 commits intoRIOT-OS:masterfrom
jcarrano:pbkdf2-sha256

Conversation

@jcarrano
Copy link
Contributor

@jcarrano jcarrano commented Sep 12, 2019

Contribution description

This add an implementation of PBKDF2 using sha256 hmac. Only one derived key length is supported (32) though it should not be hard to extend it.

Testing procedure

The testing is done with both random (with fixed seed) vectors and vectors from rfc7914. As usual, I ran into weirdness with interactive tests so I enabled it only for native. Using miniterm.py everything is fine (at least on samr21-xpro)

Issues/PRs references

Taken from #12191 .

@jcarrano jcarrano added Type: new feature The issue requests / The PR implemements a new feature for RIOT CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Area: crypto Area: Cryptographic libraries Area: security Area: Security-related libraries and subsystems labels Sep 12, 2019
@jcarrano jcarrano removed the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Sep 12, 2019
@jcarrano jcarrano added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Sep 12, 2019
@jcarrano
sys/hashes/pbkdf2: Add PBKDF2-sha256 implementation.
3e75ba6 
This add an implementation of PBKDF2 using sha256 hmac. Only one derived
key length is supported (32) though it should not be hard to extend it.

The testing is done with both random (with fixed seed) vectors amd vectors
from rfc7914.
@jcarrano
Copy link
Contributor Author

jcarrano commented Sep 12, 2019 

	ERROR: Doxygen generates the following warnings:
	sys/include/hashes/pbkdf2.h:31: warning: Member PBKDF2_KEY_SIZE (macro definition) of file pbkdf2.h is not documented.
	sys/include/hashes/pbkdf2.h:39: warning: The following parameters of pbkdf2_sha256(const uint8_t *password, size_t password_len, const uint8_t *salt, size_t salt_len, int iterations, uint8_t *output) are not documented:

This is stupid. Is there any way to suppress this nonsense?

@jcarrano
sys/hashes/pbkdf2: wipe local variables, prevents leaks.
0cc7f46 
Wipe temporary buffers and sha256 contexts so that no remnants of the
password is left on the stack

This ensures that the password is not leaked if some function reads
the stack afterwards.
@benpicco benpicco added CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR and removed CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Sep 11, 2020
@cgundogan cgundogan added CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR and removed CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Sep 14, 2020
@fjmolinas fjmolinas mentioned this pull request Oct 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann

Assignees

No one assigned

Labels

Area: crypto Area: Cryptographic libraries Area: security Area: Security-related libraries and subsystems CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: new feature The issue requests / The PR implemements a new feature for RIOT

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jcarrano @cgundogan @benpicco