1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 17:32:44 +01:00

Merge pull request #18932 from maribu/sys/hashes/pbkdf2

tests/pbkdf2: de-flanky-fy test
This commit is contained in:
benpicco 2022-11-18 23:48:36 +01:00 committed by GitHub
commit e0688991dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 104 additions and 290 deletions

View File

@ -43,8 +43,8 @@ static void inplace_xor_digests(uint8_t *d1, const uint8_t *d2)
} }
} }
void pbkdf2_sha256(const uint8_t *password, size_t password_len, void pbkdf2_sha256(const void *password, size_t password_len,
const uint8_t *salt, size_t salt_len, const void *salt, size_t salt_len,
int iterations, int iterations,
uint8_t *output) uint8_t *output)
{ {

View File

@ -47,8 +47,8 @@ extern "C" {
* recommended 10000 * recommended 10000
* @param[out] output array of size PBKDF2_KEY_SIZE * @param[out] output array of size PBKDF2_KEY_SIZE
*/ */
void pbkdf2_sha256(const uint8_t *password, size_t password_len, void pbkdf2_sha256(const void *password, size_t password_len,
const uint8_t *salt, size_t salt_len, const void *salt, size_t salt_len,
int iterations, int iterations,
uint8_t *output); uint8_t *output);

View File

@ -1,19 +1,6 @@
include ../Makefile.tests_common include ../Makefile.tests_common
# This application uses getchar and thus expects input from stdio
USEMODULE += stdin
USEMODULE += hashes USEMODULE += hashes
USEMODULE += base64 USEMODULE += fmt
# Use a terminal that does not introduce extra characters into the stream.
RIOT_TERMINAL ?= socat
#ensure the rx buffer has some room even with large test patterns
CFLAGS += -DSTDIO_UART_RX_BUFSIZE=128
include $(RIOTBASE)/Makefile.include include $(RIOTBASE)/Makefile.include
# Increase Stack size for AVR
ifneq (,$(filter avr8_common,$(USEMODULE)))
CFLAGS += -DTHREAD_STACKSIZE_MAIN=THREAD_STACKSIZE_LARGE
endif

View File

@ -1,5 +1,6 @@
/* /*
* Copyright (C) 2019 Freie Universität Berlin. * Copyright (C) 2019 Freie Universität Berlin.
* 2022 Otto-von-Guericke-Universität Magdeburg
* *
* This file is subject to the terms and conditions of the GNU Lesser * This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level * General Public License v2.1. See the file LICENSE in the top level
@ -13,132 +14,104 @@
* @brief Test PBKDF2-sha256 implementation. * @brief Test PBKDF2-sha256 implementation.
* *
* @author Juan Carrano <j.carrano@fu-berlin.de> * @author Juan Carrano <j.carrano@fu-berlin.de>
* @author Marian Buschsieweke <marian.buschsieweke@ovgu.de>
* *
* This application reads (password, salt, iterations) tuples from the
* standard input and outputs the derived key.
*
* The salt must be base64 encoded. The key is printed as base64.
* @} * @}
*/ */
#include <assert.h>
#include <stdbool.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <assert.h>
#include "base64.h" #include "container.h"
#include "fmt.h"
#include "hashes/pbkdf2.h" #include "hashes/pbkdf2.h"
#include "hashes/sha256.h"
#include "kernel_defines.h"
const char error_message[] = "{error}"; static uint8_t key[SHA256_DIGEST_LENGTH];
const char input_message[] = "{ready}";
#define LINEBUF_SZ (128) struct testcase {
const char *password;
enum TEST_STATE { const char *salt;
TEST_READ_PASS, uint16_t iterations;
TEST_READ_SALT, const uint8_t digest[sizeof(key)];
TEST_READ_ITERS,
TEST_COMPUTE,
TEST_ERROR
}; };
static void _clear_input(void) struct testcase testcases[] = {
{ {
/* clear input buffer */ .password = "passwd",
int c; .salt = "salt",
while ( (c = getchar()) != '\n' && c != EOF ) { } .iterations = 1,
/* dig = hashlib.pbkdf2_hmac("sha256", "passwd".encode("utf-8"),
* "salt".encode("utf-8"), 1)
* "".join("0x{:02x}, ".format(b) for b in dig)
*/
.digest = {
0x55, 0xac, 0x04, 0x6e, 0x56, 0xe3, 0x08, 0x9f,
0xec, 0x16, 0x91, 0xc2, 0x25, 0x44, 0xb6, 0x05,
0xf9, 0x41, 0x85, 0x21, 0x6d, 0xde, 0x04, 0x65,
0xe6, 0x8b, 0x9d, 0x57, 0xc2, 0x0d, 0xac, 0xbc,
} }
},
{
.password = "RIOT",
.salt = "rocks",
.iterations = 16,
/* dig = hashlib.pbkdf2_hmac("sha256", "RIOT".encode("utf-8"),
* "rocks".encode("utf-8"), 16)
* "".join("0x{:02x}, ".format(b) for b in dig)
*/
.digest = {
0x72, 0xa6, 0x06, 0xbb, 0x5c, 0xbe, 0x92, 0x4a,
0xd2, 0x0a, 0xee, 0xc2, 0x4e, 0xa5, 0x17, 0xc4,
0xd7, 0xb1, 0x1d, 0x04, 0x9d, 0x84, 0xbb, 0x29,
0x6b, 0x36, 0xad, 0x90, 0x4d, 0x6f, 0x79, 0xdf,
}
},
{
.password = "This is a secure password", /* <-- no it is NOT! */
.salt = "and this salt is even more secure",
.iterations = 13,
/* dig = hashlib.pbkdf2_hmac("sha256",
* "This is a secure password".encode("utf-8"),
* "and this salt is even more secure".encode("utf-8"),
* 13)
* "".join("0x{:02x}, ".format(b) for b in dig)
*/
.digest = {
0x9a, 0x41, 0x83, 0x2b, 0x77, 0xc4, 0x61, 0x64,
0x06, 0xd3, 0x2e, 0x97, 0x06, 0x5e, 0xc5, 0xc7,
0xe1, 0xa0, 0x18, 0x75, 0x01, 0xfe, 0xb8, 0xc8,
0x70, 0x92, 0x28, 0x0e, 0x1d, 0x1a, 0x00, 0xb6,
}
},
};
int main(void) int main(void)
{ {
static char linebuf[LINEBUF_SZ]; bool failed = false;
for (size_t i = 0; i < ARRAY_SIZE(testcases); i++) {
struct testcase *tc = &testcases[i];
size_t password_len = strlen(tc->password);
size_t salt_len = strlen(tc->salt);
memset(key, 0x00, sizeof(key));
pbkdf2_sha256(tc->password, password_len, tc->salt, salt_len,
tc->iterations, key);
/* There will be a few bytes wasted here */ if (memcmp(tc->digest, key, sizeof(key)) != 0) {
static char password[LINEBUF_SZ]; failed = true;
static uint8_t salt[LINEBUF_SZ]; print_str("Test vector ");
static uint8_t key[PBKDF2_KEY_SIZE]; print_u32_dec((uint32_t)i);
print_str(": FAILED\n");
size_t passwd_len = 0, salt_len = 0;
int iterations = 0;
enum TEST_STATE state = TEST_READ_PASS;
_clear_input();
while ((puts(input_message), fgets(linebuf, LINEBUF_SZ, stdin) != NULL)) {
char *s_end;
int conversion_status, line_len = strlen(linebuf)-1;
size_t b64_buff_size;
linebuf[line_len] = '\0';
switch (state) {
case TEST_READ_PASS:
strcpy(password, linebuf);
passwd_len = line_len;
state++;
break;
case TEST_READ_SALT:
/* work around bug in base64_decode */
if (line_len == 0) {
salt_len = 0;
conversion_status = BASE64_SUCCESS;
} else {
salt_len = sizeof(salt);
conversion_status = base64_decode((uint8_t*)linebuf,
line_len+1,
salt, &salt_len);
} }
if (conversion_status == BASE64_SUCCESS) {
state++;
} else {
state = TEST_ERROR;
} }
break; if (!failed) {
case TEST_READ_ITERS: print_str("TEST PASSED\n");
iterations = strtol(linebuf, &s_end, 10);
if (*s_end != '\0') {
state = TEST_ERROR;
} else {
state++;
}
break;
default:
assert(1);
break;
}
switch (state) {
case TEST_COMPUTE:
pbkdf2_sha256((uint8_t*)password, passwd_len, salt, salt_len,
iterations, key);
b64_buff_size = sizeof(linebuf);
conversion_status = base64_encode(key, sizeof(key),
(uint8_t*)linebuf,
&b64_buff_size);
if (conversion_status == BASE64_SUCCESS) {
linebuf[b64_buff_size] = 0;
puts(linebuf);
} else {
puts(error_message);
}
state = TEST_READ_PASS;
break;
case TEST_ERROR:
puts(error_message);
state = TEST_READ_PASS;
break;
default:
break;
}
} }
return 0; return 0;

View File

@ -1,42 +0,0 @@
#!/usr/bin/env python3
# Copyright (C) 2019 Freie Universität Berlin
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
# Author: Juan Carrano <j.carrano@fu-berlin.de>
"""Vector from RFC 7914 section 11"""
import os
import hashlib
import test_base
KEY_SIZE = hashlib.sha256().digest_size
v_easy = """55 ac 04 6e 56 e3 08 9f ec 16 91 c2 25 44 b6 05
f9 41 85 21 6d de 04 65 e6 8b 9d 57 c2 0d ac bc
49 ca 9c cc f1 79 b6 45 99 16 64 b3 9d 77 ef 31
7c 71 b8 45 b1 e3 0b d5 09 11 20 41 d3 a1 97 83"""
v_hard = """
4d dc d8 f6 0b 98 be 21 83 0c ee 5e f2 27 01 f9
64 1a 44 18 d0 4c 04 14 ae ff 08 87 6b 34 ab 56
a1 d4 25 a1 22 58 33 54 9a db 84 1b 51 c9 b3 17
6a 27 2b de bb a1 d0 78 47 8f 62 b3 97 f3 3c 8d"""
def process_octets(s):
return bytes(int(x, 16) for x in s.split())[:KEY_SIZE]
VECTORS = [
('passwd', b"salt", 1, process_octets(v_easy))
]
if os.environ.get('BOARD') == 'native':
VECTORS.append(("Password", b"NaCl", 80000, process_octets(v_hard)))
if __name__ == "__main__":
test_base.main(VECTORS)

20
tests/pbkdf2/tests/01-run.py Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env python3
# Copyright (C) 2020 Otto-von-Guericke-Universität Magdeburg
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
# @author Marian Buschsieweke <marian.buschsieweke@ovgu.de>
import sys
from testrunner import run
def testfunc(child):
child.expect("TEST PASSED")
if __name__ == "__main__":
sys.exit(run(testfunc))

View File

@ -1,80 +0,0 @@
#!/usr/bin/env python3
# Copyright (C) 2019 Freie Universität Berlin
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
# Author: Juan Carrano <j.carrano@fu-berlin.de>
"""Random test vectors"""
from bisect import bisect as _bisect
from itertools import accumulate as _accumulate
import hashlib
import random as rand
import test_base
_pass_chars = [c for c in (chr(x) for x in range(128))
if c.isprintable()]
class random2(rand.Random):
# Murdock uses python 3.5 where random.choices is not available, this
# is a verbatim copy from python 3.6
def choices(self, population, weights=None, *, cum_weights=None, k=1):
"""Return a k sized list of population elements chosen with replacement.
If the relative weights or cumulative weights are not specified,
the selections are made with equal probability.
"""
random = self.random
if cum_weights is None:
if weights is None:
_int = int
total = len(population)
return [population[_int(random() * total)] for i in range(k)]
cum_weights = list(_accumulate(weights))
elif weights is not None:
raise TypeError('Cannot specify both weights and cumulative weights')
if len(cum_weights) != len(population):
raise ValueError('The number of weights does not match the population')
bisect = _bisect.bisect
total = cum_weights[-1]
hi = len(cum_weights) - 1
return [population[bisect(cum_weights, random() * total, 0, hi)]
for i in range(k)]
randgen = random2(42)
def randompass(length):
return "".join(randgen.choices(_pass_chars, k=length))
def randomsalt(bytes_):
return (randgen.getrandbits(bytes_*8).to_bytes(bytes_, 'big')
if bytes_ else b'')
def randomvector(pass_len, salt_len, iters):
pass_ = randompass(pass_len)
salt = randomsalt(salt_len)
key = hashlib.pbkdf2_hmac('sha256', pass_.encode('ascii'), salt, iters)
return pass_, salt, iters, key
VECTORS = [
randomvector(0, 16, 10),
randomvector(8, 0, 10),
randomvector(9, 64, 1),
randomvector(65, 38, 20),
randomvector(32, 15, 12),
randomvector(48, 32, 15),
]
if __name__ == "__main__":
test_base.main(VECTORS)

View File

@ -1,44 +0,0 @@
# Copyright (C) 2019 Freie Universität Berlin
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
# Author: Juan Carrano <j.carrano@fu-berlin.de>
import sys
import base64
from functools import partial
from testrunner import run
MAX_LINE = 128
def safe_encode(data):
"""Empty lines will confuse the target, replace them with padding."""
return base64.b64encode(data).decode('ascii') if data else ""
def test(vectors, child):
def _safe_expect_exact(s):
idx = child.expect_exact([s+'\r\n', '{error}\r\n'])
assert idx == 0
return idx
def _safe_sendline(line):
assert len(line) < MAX_LINE
_safe_expect_exact('{ready}')
child.sendline(line)
for passwd, salt, iters, key in vectors:
_safe_sendline(passwd)
_safe_sendline(safe_encode(salt))
_safe_sendline(str(iters))
expected_key = base64.b64encode(key).decode('ascii')
_safe_expect_exact(expected_key)
def main(vectors):
sys.exit(run(partial(test, vectors)))