Add support for PKCS5_PBKDF2_HMAC_SHA1.

1 files changed, 89 insertions, 0 deletions

diff --git a/pkcs5.rs b/pkcs5.rs
new file mode 100644
index 00000000..468fe6b0
--- /dev/null
+++ b/pkcs5.rs
@@ -0,0 +1,89 @@
+import libc::{c_char, c_uchar, c_int};
+
+#[link_name = "crypto"]
+#[abi = "cdecl"]
+native mod _native {
+    fn PKCS5_PBKDF2_HMAC_SHA1(pass: *c_char, passlen: c_int,
+                              salt: *c_uchar, saltlen: c_int,
+                              iter: c_int, keylen: c_int,
+                              out: *c_uchar) -> c_int;
+}
+
+#[doc = "
+Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm.
+"]
+fn pbkdf2_hmac_sha1(pass: str, salt: [u8], iter: uint, keylen: uint) -> [u8] {
+    assert iter >= 1u;
+    assert keylen >= 1u;
+
+    str::as_c_str(pass) { |pass_buf|
+        vec::as_buf(salt) { |salt_buf|
+            let mut out = [];
+            vec::reserve(out, keylen);
+
+            vec::as_buf(out) { |out_buf|
+                let r = _native::PKCS5_PBKDF2_HMAC_SHA1(
+                    pass_buf, str::len(pass) as c_int,
+                    salt_buf, vec::len(salt) as c_int,
+                    iter as c_int, keylen as c_int,
+                    out_buf);
+
+                if r != 1 as c_int { fail; }
+
+                unsafe { vec::unsafe::set_len(out, keylen); }
+                out
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    // Test vectors from
+    // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06
+    #[test]
+    fn test_pbkdf2_hmac_sha1() {
+        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 1u, 20u) == [
+            0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8,
+            0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8,
+            0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8
+        ];
+
+        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 2u, 20u) == [
+            0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8,
+            0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8,
+            0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8
+        ];
+
+        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 4096u,
+                                20u) == [
+            0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8,
+            0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8,
+            0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8
+        ];
+
+        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 16777216u,
+                                20u) == [
+            0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8,
+            0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8,
+            0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8
+        ];
+
+        assert pbkdf2_hmac_sha1(
+                "passwordPASSWORDpassword",
+                str::bytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"),
+                4096u, 25u) == [
+            0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8,
+            0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8,
+            0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8,
+            0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8
+        ];
+
+       assert pbkdf2_hmac_sha1("pass\x00word", str::bytes("sa\x00lt"), 4096u,
+                               16u) == [
+            0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8,
+            0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8,
+            0xe0_u8, 0xc3_u8
+        ];
+    }
+}