diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-07 14:06:33 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-07 14:06:33 +0900 |
commit | 08ab32228ad20fd730979d700bf46b18e469703c (patch) | |
tree | 3f86d18ed4f38c77761d2cf549421bad7887fcdc /tests | |
parent | e257fe39b8ffafa3b1fc72b00db1ea43d29c9983 (diff) | |
download | libgcrypt-08ab32228ad20fd730979d700bf46b18e469703c.tar.gz |
kdf: Add experimental Balloon KDF.
* cipher/kdf.c (prng_aes_ctr_init, prng_aes_ctr_get_rand64): New.
(prng_aes_ctr_fini, ballon_context_size): New.
(balloon_open): Implement with SHA-256.
(balloon_xor_block, balloon_compress, balloon_expand): New.
(balloon_compute_fill, balloon_compute_mix, balloon_compute): New.
(balloon_compute_all, balloon_final, balloon_close): New.
(_gcry_kdf_open): Check argument for GCRY_KDF_BALLOON.
(_gcry_kdf_compute): Dispatch for GCRY_KDF_BALLOON.
(_gcry_kdf_final, _gcry_kdf_close): Likewise.
* tests/t-kdf.c (check_balloon): New.
(main): Add check_balloon.
--
GnuPG-bug-id: 5817
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/t-kdf.c | 122 |
1 files changed, 118 insertions, 4 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 4c82fed8..234bbac6 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -1451,10 +1451,10 @@ check_argon2 (void) pass, 32, salt, 16, key, 8, ad, 12, 32, out); if (err) - fail ("argon2 test %d failed: %s\n", 0, gpg_strerror (err)); + fail ("argon2 test %d failed: %s\n", count*2+0, gpg_strerror (err)); else if (memcmp (out, expected[count], 32)) { - fail ("argon2 test %d failed: mismatch\n", 0); + fail ("argon2 test %d failed: mismatch\n", count*2+0); fputs ("got:", stderr); for (i=0; i < 32; i++) fprintf (stderr, " %02x", out[i]); @@ -1467,10 +1467,10 @@ check_argon2 (void) pass, 32, salt, 16, key, 8, ad, 12, 32, out); if (err) - fail ("argon2 test %d failed: %s\n", 1, gpg_strerror (err)); + fail ("argon2 test %d failed: %s\n", count*2+1, gpg_strerror (err)); else if (memcmp (out, expected[count], 32)) { - fail ("argon2 test %d failed: mismatch\n", 1); + fail ("argon2 test %d failed: mismatch\n", count*2+1); fputs ("got:", stderr); for (i=0; i < 32; i++) fprintf (stderr, " %02x", out[i]); @@ -1490,6 +1490,119 @@ check_argon2 (void) } +static void +check_balloon (void) +{ + /* Two test vectors generated by the research prototype implementation. + $ balloon abcdefghijklmno + t_cost = 1 + s_cost = 1024 + p_cost = 1 + passwd = abcdefghijklmno + Time total : 0.0527251 + Hashes per sec : 18.9663 + Output : $balloon$v=1$s=1024,t=1,p=1 + $FRzqOiIuPvuoy55vGfKzyse+2f28F7m9iFHCctnEBwg= + $NxOGNPyTPZzKiJjgj7H6pJDLIgR05HI7VaxJpxEao5Q= + $ balloon -t 12 -s 4096 -p 4 Long_sentence_used_as_passphrase + t_cost = 12 + s_cost = 4096 + p_cost = 4 + passwd = Long_sentence_used_as_passphrase + Time total : 3.70399 + Hashes per sec : 0.269979 + Output : $balloon$v=1$s=4096,t=12,p=4 + $8Yor74EqTwBrrdaeYeSVx0VXVAgDrsILAnJWdVUy93s= + $FaNb9ofeWEggzhW9BUSODgZH5/awzNz5Adoub48+BgQ= + */ + gcry_error_t err; + const unsigned long param[2][4] = { + { 1024, 1, 1 }, + { 4096, 12, 4 } + }; + const unsigned char *pass[2] = { + (const unsigned char *)"abcdefghijklmno", + (const unsigned char *)"Long_sentence_used_as_passphrase" + }; + const unsigned char salt[2][32] = { + { + 0x15, 0x1c, 0xea, 0x3a, 0x22, 0x2e, 0x3e, 0xfb, + 0xa8, 0xcb, 0x9e, 0x6f, 0x19, 0xf2, 0xb3, 0xca, + 0xc7, 0xbe, 0xd9, 0xfd, 0xbc, 0x17, 0xb9, 0xbd, + 0x88, 0x51, 0xc2, 0x72, 0xd9, 0xc4, 0x07, 0x08 + }, + { + 0xf1, 0x8a, 0x2b, 0xef, 0x81, 0x2a, 0x4f, 0x00, + 0x6b, 0xad, 0xd6, 0x9e, 0x61, 0xe4, 0x95, 0xc7, + 0x45, 0x57, 0x54, 0x08, 0x03, 0xae, 0xc2, 0x0b, + 0x02, 0x72, 0x56, 0x75, 0x55, 0x32, 0xf7, 0x7b + } + }; + const unsigned char expected[2][32] = { + { + 0x37, 0x13, 0x86, 0x34, 0xfc, 0x93, 0x3d, 0x9c, + 0xca, 0x88, 0x98, 0xe0, 0x8f, 0xb1, 0xfa, 0xa4, + 0x90, 0xcb, 0x22, 0x04, 0x74, 0xe4, 0x72, 0x3b, + 0x55, 0xac, 0x49, 0xa7, 0x11, 0x1a, 0xa3, 0x94 + }, + { + 0x15, 0xa3, 0x5b, 0xf6, 0x87, 0xde, 0x58, 0x48, + 0x20, 0xce, 0x15, 0xbd, 0x05, 0x44, 0x8e, 0x0e, + 0x06, 0x47, 0xe7, 0xf6, 0xb0, 0xcc, 0xdc, 0xf9, + 0x01, 0xda, 0x2e, 0x6f, 0x8f, 0x3e, 0x06, 0x04 + } + }; + unsigned char out[32]; + int i; + int subalgo = GCRY_MD_SHA256; + int count = 0; + + again: + + if (verbose) + fprintf (stderr, "checking Balloon test vector %d\n", count); + + err = my_kdf_derive (0, + GCRY_KDF_BALLOON, subalgo, param[count], 3, + pass[count], strlen ((char *)pass[count]), + salt[count], 32, NULL, 0, NULL, 0, + 32, out); + if (err) + fail ("balloon test %d failed: %s\n", count*2+0, gpg_strerror (err)); + else if (memcmp (out, expected[count], 32)) + { + fail ("balloon test %d failed: mismatch\n", count*2+0); + fputs ("got:", stderr); + for (i=0; i < 32; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } + +#ifdef HAVE_PTHREAD + err = my_kdf_derive (1, + GCRY_KDF_BALLOON, subalgo, param[count], 3, + pass[count], strlen ((char *)pass[count]), + salt[count], 32, NULL, 0, NULL, 0, + 32, out); + if (err) + fail ("balloon test %d failed: %s\n", count*2+1, gpg_strerror (err)); + else if (memcmp (out, expected[count], 32)) + { + fail ("balloon test %d failed: mismatch\n", count*2+1); + fputs ("got:", stderr); + for (i=0; i < 32; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } +#endif + + /* Next test vector */ + count++; + if (count < 2) + goto again; +} + + int main (int argc, char **argv) { @@ -1567,6 +1680,7 @@ main (int argc, char **argv) check_pbkdf2 (); check_scrypt (); check_argon2 (); + check_balloon (); } return error_count ? 1 : 0; |