From mbroz at redhat.com Fri Oct 26 13:51:33 2012 From: mbroz at redhat.com (Milan Broz) Date: Fri, 26 Oct 2012 13:51:33 +0200 Subject: [PATCH] pbkdf2: allow empty password Message-ID: <1351252294-4225-1-git-send-email-mbroz@redhat.com> While it is insecure, the PBKDF2 implementations usually allows to derive password only from salt. This particular case is used e.g. in cryptsetup when you use empty file as keyfile for LUKS keyslot. (I tried to switch to internal gcrypt kdf function but this one corner case blocks that switch.) Test vector is compared with two independent implementations. --- cipher/kdf.c | 2 +- tests/t-kdf.c | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cipher/kdf.c b/cipher/kdf.c index d981022..222f81b 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -238,7 +238,7 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, { gpg_err_code_t ec; - if (!passphrase || !passphraselen) + if (!passphrase) { ec = GPG_ERR_INV_DATA; goto leave; diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 7209525..06c0026 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -917,7 +917,15 @@ check_pbkdf2 (void) 16, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" "\xd7\xf0\x34\x25\xe0\xc3" - } + }, + { /* empty password test, not in RFC-6070 */ + "", 0, + "salt", 4, + 2, + 20, + "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" + "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97" + }, }; int tvidx; gpg_error_t err; -- 1.7.10.4 From wk at gnupg.org Mon Oct 29 16:40:13 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 29 Oct 2012 16:40:13 +0100 Subject: [PATCH] pbkdf2: allow empty password In-Reply-To: <1351252294-4225-1-git-send-email-mbroz@redhat.com> (Milan Broz's message of "Fri, 26 Oct 2012 13:51:33 +0200") References: <1351252294-4225-1-git-send-email-mbroz@redhat.com> Message-ID: <87wqy98exu.fsf@vigenere.g10code.de> On Fri, 26 Oct 2012 13:51, mbroz at redhat.com said: > While it is insecure, the PBKDF2 implementations usually > allows to derive password only from salt. Please revise your patch so that it allows an empty passphrase only for PBKDF2. I doubt that we should do this for OpenPGP or future KDFs. You should also write ChnageLog entries. See doc/HACKING. Example commit message would be: ===== pbkdf2: allow empty password * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2. * tests/t-kdf.c (check_pbkdf2): Add test case for above. -- Everything after the above tear off line won't go in the tarball's ChangeLog. Use this for comments which don't make sense in a ChangeLog. It is optional of course. For typo corrections you may use the tear off line directly after the first empty line - in this case no ChangeLog entry will be created. ===== Thanks, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mbroz at redhat.com Mon Oct 29 17:18:09 2012 From: mbroz at redhat.com (Milan Broz) Date: Mon, 29 Oct 2012 17:18:09 +0100 Subject: [PATCH] PBKDF2: Allow empty passphrase. In-Reply-To: <87wqy98exu.fsf@vigenere.g10code.de> References: <87wqy98exu.fsf@vigenere.g10code.de> Message-ID: <1351527489-27391-1-git-send-email-mbroz@redhat.com> * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2. * tests/t-kdf.c (check_pbkdf2): Add test case for above. -- While it is insecure, the PBKDF2 implementations usually allows to derive key only from salt. This particular case is used e.g. in cryptsetup when you use empty file as keyfile for LUKS keyslot. Test vector is compared with two independent implementations. Signed-off-by: Milan Broz --- cipher/kdf.c | 2 +- tests/t-kdf.c | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cipher/kdf.c b/cipher/kdf.c index d981022..46e8550 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -238,7 +238,7 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, { gpg_err_code_t ec; - if (!passphrase || !passphraselen) + if (!passphrase || (!passphraselen && algo != GCRY_KDF_PBKDF2)) { ec = GPG_ERR_INV_DATA; goto leave; diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 7209525..06c0026 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -917,7 +917,15 @@ check_pbkdf2 (void) 16, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" "\xd7\xf0\x34\x25\xe0\xc3" - } + }, + { /* empty password test, not in RFC-6070 */ + "", 0, + "salt", 4, + 2, + 20, + "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" + "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97" + }, }; int tvidx; gpg_error_t err; -- 1.7.10.4