PBKDF2: Allow empty passphrase.

* cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2. * tests/t-kdf.c (check_pbkdf2): Add test case for above. -- While it is insecure, the PBKDF2 implementations usually allows to derive key only from salt. This particular case is used e.g. in cryptsetup when you use empty file as keyfile for LUKS keyslot. Test vector is compared with two independent implementations. Signed-off-by: Milan Broz <mbroz@redhat.com>
author: Milan Broz <mbroz@redhat.com> 2012-10-29 17:18:09 +0100
committer: Werner Koch <wk@gnupg.org> 2012-10-30 10:10:48 +0100
commit: 8528f1ba40e587dc17e02822e529fbd7ac69a189 (patch)
tree: 75ab17500a13ce3b2edebcdf90eb4276190335dd /tests/t-kdf.c
parent: 2c54c4da19d3a79e9f749740828026dd41f0521a (diff)
download: libgcrypt-8528f1ba40e587dc17e02822e529fbd7ac69a189.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 72095253..06c00263 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -917,7 +917,15 @@ check_pbkdf2 (void)
       16,
       "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
       "\xd7\xf0\x34\x25\xe0\xc3"
-    }
+    },
+    { /* empty password test, not in RFC-6070 */
+      "", 0,
+      "salt", 4,
+      2,
+      20,
+      "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
+      "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97"
+    },
   };
   int tvidx;
   gpg_error_t err;
author	Milan Broz <mbroz@redhat.com>	2012-10-29 17:18:09 +0100
committer	Werner Koch <wk@gnupg.org>	2012-10-30 10:10:48 +0100
commit	8528f1ba40e587dc17e02822e529fbd7ac69a189 (patch)
tree	75ab17500a13ce3b2edebcdf90eb4276190335dd /tests/t-kdf.c
parent	2c54c4da19d3a79e9f749740828026dd41f0521a (diff)
download	libgcrypt-8528f1ba40e587dc17e02822e529fbd7ac69a189.tar.gz