[PATCH] pbkdf2: allow empty password

Milan Broz mbroz at redhat.com
Fri Oct 26 13:51:33 CEST 2012


While it is insecure, the PBKDF2 implementations usually
allows to derive password only from salt.

This particular case is used e.g. in cryptsetup when
you use empty file as keyfile for LUKS keyslot.
(I tried to switch to internal gcrypt kdf function
but this one corner case blocks that switch.)

Test vector is compared with two independent implementations.
---
 cipher/kdf.c  |    2 +-
 tests/t-kdf.c |   10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/cipher/kdf.c b/cipher/kdf.c
index d981022..222f81b 100644
--- a/cipher/kdf.c
+++ b/cipher/kdf.c
@@ -238,7 +238,7 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen,
 {
   gpg_err_code_t ec;
 
-  if (!passphrase || !passphraselen)
+  if (!passphrase)
     {
       ec = GPG_ERR_INV_DATA;
       goto leave;
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 7209525..06c0026 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -917,7 +917,15 @@ check_pbkdf2 (void)
       16,
       "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
       "\xd7\xf0\x34\x25\xe0\xc3"
-    }
+    },
+    { /* empty password test, not in RFC-6070 */
+      "", 0,
+      "salt", 4,
+      2,
+      20,
+      "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
+      "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97"
+    },
   };
   int tvidx;
   gpg_error_t err;
-- 
1.7.10.4




More information about the Gcrypt-devel mailing list