diff options
author | Milan Broz <mbroz@redhat.com> | 2012-10-29 17:18:09 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2012-10-30 10:10:48 +0100 |
commit | 8528f1ba40e587dc17e02822e529fbd7ac69a189 (patch) | |
tree | 75ab17500a13ce3b2edebcdf90eb4276190335dd /tests/t-kdf.c | |
parent | 2c54c4da19d3a79e9f749740828026dd41f0521a (diff) | |
download | libgcrypt-8528f1ba40e587dc17e02822e529fbd7ac69a189.tar.gz |
PBKDF2: Allow empty passphrase.
* cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
* tests/t-kdf.c (check_pbkdf2): Add test case for above.
--
While it is insecure, the PBKDF2 implementations usually
allows to derive key only from salt.
This particular case is used e.g. in cryptsetup when
you use empty file as keyfile for LUKS keyslot.
Test vector is compared with two independent implementations.
Signed-off-by: Milan Broz <mbroz@redhat.com>
Diffstat (limited to 'tests/t-kdf.c')
-rw-r--r-- | tests/t-kdf.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 72095253..06c00263 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -917,7 +917,15 @@ check_pbkdf2 (void) 16, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" "\xd7\xf0\x34\x25\xe0\xc3" - } + }, + { /* empty password test, not in RFC-6070 */ + "", 0, + "salt", 4, + 2, + 20, + "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" + "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97" + }, }; int tvidx; gpg_error_t err; |