PBKDF2: Allow empty passphrase.
authorMilan Broz <mbroz@redhat.com>
Mon, 29 Oct 2012 16:18:09 +0000 (17:18 +0100)
committerWerner Koch <wk@gnupg.org>
Tue, 30 Oct 2012 09:10:48 +0000 (10:10 +0100)
* cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
* tests/t-kdf.c (check_pbkdf2): Add test case for above.
--

While it is insecure, the PBKDF2 implementations usually
allows to derive key only from salt.

This particular case is used e.g. in cryptsetup when
you use empty file as keyfile for LUKS keyslot.

Test vector is compared with two independent implementations.

Signed-off-by: Milan Broz <mbroz@redhat.com>
cipher/kdf.c
tests/t-kdf.c

index d981022..46e8550 100644 (file)
@@ -238,7 +238,7 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen,
 {
   gpg_err_code_t ec;
 
-  if (!passphrase || !passphraselen)
+  if (!passphrase || (!passphraselen && algo != GCRY_KDF_PBKDF2))
     {
       ec = GPG_ERR_INV_DATA;
       goto leave;
index 7209525..06c0026 100644 (file)
@@ -917,7 +917,15 @@ check_pbkdf2 (void)
       16,
       "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
       "\xd7\xf0\x34\x25\xe0\xc3"
-    }
+    },
+    { /* empty password test, not in RFC-6070 */
+      "", 0,
+      "salt", 4,
+      2,
+      20,
+      "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
+      "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97"
+    },
   };
   int tvidx;
   gpg_error_t err;