From b6b16bddc39b95ca2f459fb42a6a51d38f688725 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 11 Mar 2015 11:20:43 +0000 Subject: [PATCH] Drop pbkdf2 module (superseded by pkcs5) --- ChangeLog | 1 + include/mbedtls/config.h | 14 ----- include/mbedtls/pbkdf2.h | 79 ------------------------- library/CMakeLists.txt | 1 - library/Makefile | 3 +- library/error.c | 9 --- library/pbkdf2.c | 61 ------------------- programs/test/selftest.c | 10 +--- tests/CMakeLists.txt | 1 - tests/Makefile | 2 +- tests/suites/test_suite_pbkdf2.data | 19 ------ tests/suites/test_suite_pbkdf2.function | 48 --------------- visualc/VS2010/mbedTLS.vcxproj | 2 - visualc/VS6/mbedtls.dsp | 8 --- 14 files changed, 5 insertions(+), 253 deletions(-) delete mode 100644 include/mbedtls/pbkdf2.h delete mode 100644 library/pbkdf2.c delete mode 100644 tests/suites/test_suite_pbkdf2.data delete mode 100644 tests/suites/test_suite_pbkdf2.function diff --git a/ChangeLog b/ChangeLog index 2aad56964..ae9b11bd6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Features * Support for DTLS 1.0 and 1.2 (RFC 6347). API Changes + * Remove the PBKDF2 module (use PKCS5). * Remove POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()). * Headers are now found in the 'mbedtls' directory (previously 'polarssl'). * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 79387521c..05b568da5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1814,20 +1814,6 @@ */ #define POLARSSL_PADLOCK_C -/** - * \def POLARSSL_PBKDF2_C - * - * Enable PKCS#5 PBKDF2 key derivation function. - * DEPRECATED: Use POLARSSL_PKCS5_C instead - * - * Module: library/pbkdf2.c - * - * Requires: POLARSSL_PKCS5_C - * - * This module adds support for the PKCS#5 PBKDF2 key derivation function. - */ -#define POLARSSL_PBKDF2_C - /** * \def POLARSSL_PEM_PARSE_C * diff --git a/include/mbedtls/pbkdf2.h b/include/mbedtls/pbkdf2.h deleted file mode 100644 index 5c06bfb0d..000000000 --- a/include/mbedtls/pbkdf2.h +++ /dev/null @@ -1,79 +0,0 @@ -/** - * \file pbkdf2.h - * - * \brief Password-Based Key Derivation Function 2 (from PKCS#5) - * DEPRECATED: use pkcs5.h instead. - * - * \author Mathias Olsson - * - * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved - * - * This file is part of mbed TLS (https://tls.mbed.org) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ -#ifndef POLARSSL_PBKDF2_H -#define POLARSSL_PBKDF2_H - -#include "md.h" - -#include - -#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) -#include -typedef UINT32 uint32_t; -#else -#include -#endif - -#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Bad input parameters to function. */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief PKCS#5 PBKDF2 using HMAC - * DEPRECATED: Use pkcs5_pbkdf2_hmac() instead! - * - * \param ctx Generic HMAC context - * \param password Password to use when generating key - * \param plen Length of password - * \param salt Salt to use when generating key - * \param slen Length of salt - * \param iteration_count Iteration count - * \param key_length Length of generated key - * \param output Generated key. Must be at least as big as key_length - * - * \returns 0 on success, or a POLARSSL_ERR_xxx code if verification fails. - */ -int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, - size_t plen, const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ); - -/** - * \brief Checkup routine - * DEPRECATED: Use pkcs5_self_test() instead! - * - * \return 0 if successful, or 1 if the test failed - */ -int pbkdf2_self_test( int verbose ); - -#ifdef __cplusplus -} -#endif - -#endif /* pbkdf2.h */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b67fb2c85..f42c3d9fd 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -39,7 +39,6 @@ set(src net.c oid.c padlock.c - pbkdf2.c pem.c pkcs5.c pkcs11.c diff --git a/library/Makefile b/library/Makefile index 81a164c30..846dee904 100644 --- a/library/Makefile +++ b/library/Makefile @@ -56,8 +56,7 @@ OBJS= aes.o aesni.o arc4.o \ md.o md_wrap.o md2.o \ md4.o md5.o \ memory_buffer_alloc.o net.o \ - oid.o \ - padlock.o pbkdf2.o pem.o \ + oid.o padlock.o pem.o \ pkcs5.o pkcs11.o pkcs12.o \ pk.o pk_wrap.o pkparse.o \ pkwrite.o platform.o ripemd160.o \ diff --git a/library/error.c b/library/error.c index cc23352fa..9d7924028 100644 --- a/library/error.c +++ b/library/error.c @@ -125,10 +125,6 @@ #include "mbedtls/padlock.h" #endif -#if defined(POLARSSL_PBKDF2_C) -#include "mbedtls/pbkdf2.h" -#endif - #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C) #include "mbedtls/pem.h" #endif @@ -701,11 +697,6 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); #endif /* POLARSSL_PADLOCK_C */ -#if defined(POLARSSL_PBKDF2_C) - if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) ) - polarssl_snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" ); -#endif /* POLARSSL_PBKDF2_C */ - #if defined(POLARSSL_RIPEMD160_C) if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) ) polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" ); diff --git a/library/pbkdf2.c b/library/pbkdf2.c deleted file mode 100644 index 863d01693..000000000 --- a/library/pbkdf2.c +++ /dev/null @@ -1,61 +0,0 @@ -/** - * \file pbkdf2.c - * - * \brief Password-Based Key Derivation Function 2 (from PKCS#5) - * DEPRECATED: Use pkcs5.c instead - * - * \author Mathias Olsson - * - * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved - * - * This file is part of mbed TLS (https://tls.mbed.org) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ -/* - * PBKDF2 is part of PKCS#5 - * - * http://tools.ietf.org/html/rfc2898 (Specification) - * http://tools.ietf.org/html/rfc6070 (Test vectors) - */ - -#if !defined(POLARSSL_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include POLARSSL_CONFIG_FILE -#endif - -#if defined(POLARSSL_PBKDF2_C) - -#include "mbedtls/pbkdf2.h" -#include "mbedtls/pkcs5.h" - -int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen, - const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ) -{ - return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count, - key_length, output ); -} - -#if defined(POLARSSL_SELF_TEST) -int pbkdf2_self_test( int verbose ) -{ - return pkcs5_self_test( verbose ); -} -#endif /* POLARSSL_SELF_TEST */ - -#endif /* POLARSSL_PBKDF2_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 0e1a8bedc..d4ce1f783 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -49,7 +49,6 @@ #include "mbedtls/x509.h" #include "mbedtls/xtea.h" #include "mbedtls/pkcs5.h" -#include "mbedtls/pbkdf2.h" #include "mbedtls/ecp.h" #include "mbedtls/timing.h" @@ -203,17 +202,12 @@ int main( int argc, char *argv[] ) return( ret ); #endif -/* Slow tests last */ - -#if defined(POLARSSL_PBKDF2_C) - if( ( ret = pbkdf2_self_test( v ) ) != 0 ) - return( ret ); -#else #if defined(POLARSSL_PKCS5_C) if( ( ret = pkcs5_self_test( v ) ) != 0 ) return( ret ); #endif -#endif + +/* Slow tests last */ /* Not stable enough on Windows and FreeBSD yet */ #if __linux__ && defined(POLARSSL_TIMING_C) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 2cfbc1890..af4b75fe9 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -75,7 +75,6 @@ add_test_suite(md) add_test_suite(mdx) add_test_suite(memory_buffer_alloc) add_test_suite(mpi) -add_test_suite(pbkdf2) add_test_suite(pem) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) diff --git a/tests/Makefile b/tests/Makefile index 408e95331..6aeee7957 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -74,7 +74,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_hmac_drbg.pr$(EXEXT) \ test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \ test_suite_memory_buffer_alloc$(EXEXT) \ - test_suite_mpi$(EXEXT) test_suite_pbkdf2$(EXEXT) \ + test_suite_mpi$(EXEXT) \ test_suite_pem$(EXEXT) \ test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \ test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \ diff --git a/tests/suites/test_suite_pbkdf2.data b/tests/suites/test_suite_pbkdf2.data deleted file mode 100644 index 7ee036006..000000000 --- a/tests/suites/test_suite_pbkdf2.data +++ /dev/null @@ -1,19 +0,0 @@ -PBKDF2 RFC 6070 Test Vector #1 (SHA1) -depends_on:POLARSSL_SHA1_C -pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":1:20:"0c60c80f961f0e71f3a9b524af6012062fe037a6" - -PBKDF2 RFC 6070 Test Vector #2 (SHA1) -depends_on:POLARSSL_SHA1_C -pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":2:20:"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957" - -PBKDF2 RFC 6070 Test Vector #3 (SHA1) -depends_on:POLARSSL_SHA1_C -pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":4096:20:"4b007901b765489abead49d926f721d065a429c1" - -PBKDF2 RFC 6070 Test Vector #5 (SHA1) -depends_on:POLARSSL_SHA1_C -pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" - -PBKDF2 RFC 6070 Test Vector #6 (SHA1) -depends_on:POLARSSL_SHA1_C -pbkdf2_hmac:POLARSSL_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" diff --git a/tests/suites/test_suite_pbkdf2.function b/tests/suites/test_suite_pbkdf2.function deleted file mode 100644 index 6b8b2783a..000000000 --- a/tests/suites/test_suite_pbkdf2.function +++ /dev/null @@ -1,48 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/pbkdf2.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:POLARSSL_PBKDF2_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void pbkdf2_hmac( int hash, char *hex_password_string, char *hex_salt_string, - int it_cnt, int key_len, char *result_key_string ) -{ - unsigned char pw_str[100]; - unsigned char salt_str[100]; - unsigned char dst_str[100]; - - md_context_t ctx; - const md_info_t *info; - - int pw_len, salt_len; - unsigned char key[100]; - - md_init( &ctx ); - - memset(pw_str, 0x00, 100); - memset(salt_str, 0x00, 100); - memset(dst_str, 0x00, 100); - - pw_len = unhexify( pw_str, hex_password_string ); - salt_len = unhexify( salt_str, hex_salt_string ); - - - info = md_info_from_type( hash ); - TEST_ASSERT( info != NULL ); - if( info == NULL ) - return; - TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); - TEST_ASSERT( pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len, - it_cnt, key_len, key ) == 0 ); - - hexify( dst_str, key, key_len ); - TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 ); - -exit: - md_free( &ctx ); -} -/* END_CASE */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 56390db50..a7d0a309b 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -180,7 +180,6 @@ - @@ -243,7 +242,6 @@ - diff --git a/visualc/VS6/mbedtls.dsp b/visualc/VS6/mbedtls.dsp index 3591b3419..872502a50 100644 --- a/visualc/VS6/mbedtls.dsp +++ b/visualc/VS6/mbedtls.dsp @@ -229,10 +229,6 @@ SOURCE=..\..\library\padlock.c # End Source File # Begin Source File -SOURCE=..\..\library\pbkdf2.c -# End Source File -# Begin Source File - SOURCE=..\..\library\pem.c # End Source File # Begin Source File @@ -517,10 +513,6 @@ SOURCE=..\..\include\mbedtls\padlock.h # End Source File # Begin Source File -SOURCE=..\..\include\mbedtls\pbkdf2.h -# End Source File -# Begin Source File - SOURCE=..\..\include\mbedtls\pem.h # End Source File # Begin Source File