Blob Blame History Raw
diff -up libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest libgcrypt-1.8.5/cipher/kdf.c
--- libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest	2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/cipher/kdf.c	2020-06-15 18:14:26.494995669 +0200
@@ -305,3 +305,99 @@ _gcry_kdf_derive (const void *passphrase
  leave:
   return ec;
 }
+
+
+/* PBKDF2 selftests.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2019, 2020 Red Hat, Inc.
+ */
+
+/* Check one PBKDF2 call with HASH ALGO using the regular KDF
+ * API. (passphrase,passphraselen) is the password to be derived,
+ * (salt,saltlen) the salt for the key derivation,
+ * iterations is the number of the kdf iterations,
+ * and (expect,expectlen) the expected result. Returns NULL on
+ * success or a string describing the failure.  */
+
+static const char *
+check_one (int algo,
+           const void *passphrase, size_t passphraselen,
+           const void *salt, size_t saltlen,
+           unsigned long iterations,
+           const void *expect, size_t expectlen)
+{
+  unsigned char key[512]; /* hardcoded to avoid allocation */
+  size_t keysize = expectlen;
+
+  if (keysize > sizeof(key))
+    return "invalid tests data";
+
+  if (_gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_PBKDF2,
+                        algo, salt, saltlen, iterations,
+                         keysize, key))
+    return "gcry_kdf_derive failed";
+
+  if (memcmp (key, expect, expectlen))
+    return "does not match";
+
+  return NULL;
+}
+
+static gpg_err_code_t
+run_pbkdf2_selftest (int extended, selftest_report_func_t report)
+{
+  const char *what;
+  const char *errtxt;
+
+  what = "Basic PBKDF2 SHA256";
+  errtxt = check_one (GCRY_MD_SHA256,
+        "password", 8,
+        "salt", 4,
+        2,
+        "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0"
+        "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
+  if (errtxt)
+    goto failed;
+
+  if (extended)
+    {
+      what = "Extended PBKDF2 SHA256";
+      errtxt = check_one (GCRY_MD_SHA256,
+        "passwordPASSWORDpassword", 24,
+        "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+        4096,
+        "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
+        "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
+        "\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
+      if (errtxt)
+        goto failed;
+    }
+
+  return 0; /* Succeeded. */
+
+ failed:
+  if (report)
+    report ("kdf", GCRY_KDF_PBKDF2, what, errtxt);
+  return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run the selftests for KDF with KDF algorithm ALGO with optional
+   reporting function REPORT.  */
+gpg_error_t
+_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report)
+{
+  gcry_err_code_t ec = 0;
+
+  if (algo == GCRY_KDF_PBKDF2)
+    {
+      ec = run_pbkdf2_selftest (extended, report);
+    }
+  else
+    {
+      ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
+      if (report)
+        report ("kdf", algo, "module", "algorithm not available");
+    }
+  return gpg_error (ec);
+}
diff -up libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest libgcrypt-1.8.5/src/cipher-proto.h
--- libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest	2020-06-15 18:03:25.785353036 +0200
+++ libgcrypt-1.8.5/src/cipher-proto.h	2020-06-15 18:03:25.788353061 +0200
@@ -259,6 +259,8 @@ gcry_error_t _gcry_hmac_selftest (int al
                                   selftest_report_func_t report);
 gcry_error_t _gcry_cmac_selftest (int algo, int extended,
                                   selftest_report_func_t report);
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
+                                  selftest_report_func_t report);
 
 gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
 
diff -up libgcrypt-1.8.5/src/fips.c.kdf-selftest libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.kdf-selftest	2020-06-15 18:03:25.777352968 +0200
+++ libgcrypt-1.8.5/src/fips.c	2020-06-15 18:08:40.651028096 +0200
@@ -490,6 +490,29 @@ run_mac_selftests (int extended)
   return anyerr;
 }
 
+/* Run self-tests for all KDF algorithms.  Return 0 on success. */
+static int
+run_kdf_selftests (int extended)
+{
+  static int algos[] =
+    {
+      GCRY_KDF_PBKDF2,
+      0
+    };
+  int idx;
+  gpg_error_t err;
+  int anyerr = 0;
+
+  for (idx=0; algos[idx]; idx++)
+    {
+      err = _gcry_kdf_selftest (algos[idx], extended, reporter);
+      reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
+      if (err)
+        anyerr = 1;
+    }
+  return anyerr;
+}
+
 
 /* Run self-tests for all required public key algorithms.  Return 0 on
    success. */
@@ -673,6 +696,9 @@ _gcry_fips_run_selftests (int extended)
   if (run_mac_selftests (extended))
     goto leave;
 
+  if (run_kdf_selftests (extended))
+    goto leave;
+
   /* Run random tests before the pubkey tests because the latter
      require random.  */
   if (run_random_selftests ())