Add test case for SCRYPT and rework the code.

* tests/t-kdf.c (check_scrypt): New.
(main): Call new test.

* configure.ac: Support disabling of the scrypt algorithm.  Make KDF
enabling similar to the other algorithm classes.  Disable scrypt if we
don't have a 64 bit type.
* cipher/memxor.c, cipher/memxor.h: Remove.
* cipher/scrypt.h: Remove.
* cipher/kdf-internal.h: New.
* cipher/Makefile.am: Remove files.  Add new file.  Move scrypt.c to
EXTRA_libcipher_la_SOURCES.
(GCRYPT_MODULES): Add GCRYPT_KDFS.
* src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value.
* cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2.
(_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0.
(gcry_kdf_derive): Allow for a passwordlen of zero for scrypt.  Check
for SALTLEN > 0 for GCRY_KDF_PBKDF2.  Pass algo to _gcry_kdf_scrypt.
(gcry_kdf_derive) [!USE_SCRYPT]: Return an error.
* cipher/scrypt.c: Replace memxor.h by bufhelp.h.  Replace scrypt.h by
kdf-internal.h.  Enable code only if HAVE_U64_TYPEDEF is defined.
Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types.
(_SALSA20_INPUT_LENGTH): Remove underscore from identifier.
(_scryptBlockMix): Replace memxor by buf_xor.
(_gcry_kdf_scrypt): Use gcry_malloc and gcry_free.  Check for integer
overflow.  Add hack to support blocksize of 1 for tests.  Return
errors from calls to _gcry_kdf_pkdf2.

* cipher/kdf.c (openpgp_s2k): Make static.
--

This patch prepares the addition of more KDF functions, brings the
code into Libgcrypt shape, adds a test case and makes the code more
robust.  For example, scrypt would have fail silently if Libgcrypt was
not build with SHA256 support.  Also fixed symbol naming for systems
without a visibility support.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 100 insertions, 3 deletions

diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 06c00263..50deba08 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -35,6 +35,7 @@
 
 /* Program option flags.  */
 static int verbose;
+static int debug;
 static int error_count;
 
 static void
@@ -925,7 +926,7 @@ check_pbkdf2 (void)
       20,
       "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
       "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97"
-    },
+    }
   };
   int tvidx;
   gpg_error_t err;
@@ -957,11 +958,106 @@ check_pbkdf2 (void)
 }
 
 
+static void
+check_scrypt (void)
+{
+  /* Test vectors are from draft-josefsson-scrypt-kdf-01.  */
+  static struct {
+    const char *p;        /* Passphrase.  */
+    size_t plen;          /* Length of P. */
+    const char *salt;
+    size_t saltlen;
+    int parm_n;           /* CPU/memory cost.  */
+    int parm_r;           /* blocksize */
+    unsigned long parm_p; /* parallelization. */
+    int dklen;            /* Requested key length.  */
+    const char *dk;       /* Derived key.  */
+    int disabled;
+  } tv[] = {
+    {
+      "", 0,
+      "", 0,
+      16,
+      1,
+      1,
+      64,
+      "\x77\xd6\x57\x62\x38\x65\x7b\x20\x3b\x19\xca\x42\xc1\x8a\x04\x97"
+      "\xf1\x6b\x48\x44\xe3\x07\x4a\xe8\xdf\xdf\xfa\x3f\xed\xe2\x14\x42"
+      "\xfc\xd0\x06\x9d\xed\x09\x48\xf8\x32\x6a\x75\x3a\x0f\xc8\x1f\x17"
+      "\xe8\xd3\xe0\xfb\x2e\x0d\x36\x28\xcf\x35\xe2\x0c\x38\xd1\x89\x06"
+    },
+    {
+      "password", 8,
+      "NaCl", 4,
+      1024,
+      8,
+      16,
+      64,
+      "\xfd\xba\xbe\x1c\x9d\x34\x72\x00\x78\x56\xe7\x19\x0d\x01\xe9\xfe"
+      "\x7c\x6a\xd7\xcb\xc8\x23\x78\x30\xe7\x73\x76\x63\x4b\x37\x31\x62"
+      "\x2e\xaf\x30\xd9\x2e\x22\xa3\x88\x6f\xf1\x09\x27\x9d\x98\x30\xda"
+      "\xc7\x27\xaf\xb9\x4a\x83\xee\x6d\x83\x60\xcb\xdf\xa2\xcc\x06\x40"
+    },
+    {
+      "pleaseletmein", 13,
+      "SodiumChloride", 14,
+      16384,
+      8,
+      1,
+      64,
+      "\x70\x23\xbd\xcb\x3a\xfd\x73\x48\x46\x1c\x06\xcd\x81\xfd\x38\xeb"
+      "\xfd\xa8\xfb\xba\x90\x4f\x8e\x3e\xa9\xb5\x43\xf6\x54\x5d\xa1\xf2"
+      "\xd5\x43\x29\x55\x61\x3f\x0f\xcf\x62\xd4\x97\x05\x24\x2a\x9a\xf9"
+      "\xe6\x1e\x85\xdc\x0d\x65\x1e\x40\xdf\xcf\x01\x7b\x45\x57\x58\x87"
+    },
+    {
+      "pleaseletmein", 13,
+      "SodiumChloride", 14,
+      1048576,
+      8,
+      1,
+      64,
+      "\x21\x01\xcb\x9b\x6a\x51\x1a\xae\xad\xdb\xbe\x09\xcf\x70\xf8\x81"
+      "\xec\x56\x8d\x57\x4a\x2f\xfd\x4d\xab\xe5\xee\x98\x20\xad\xaa\x47"
+      "\x8e\x56\xfd\x8f\x4b\xa5\xd0\x9f\xfa\x1c\x6d\x92\x7c\x40\xf4\xc3"
+      "\x37\x30\x40\x49\xe8\xa9\x52\xfb\xcb\xf4\x5c\x6f\xa7\x7a\x41\xa4",
+      2 /* Only in debug mode.  */
+    }
+  };
+  int tvidx;
+  gpg_error_t err;
+  unsigned char outbuf[64];
+  int i;
+
+  for (tvidx=0; tvidx < DIM(tv); tvidx++)
+    {
+      if (tv[tvidx].disabled && !(tv[tvidx].disabled == 2 && debug))
+        continue;
+      if (verbose)
+        fprintf (stderr, "checking SCRYPT test vector %d\n", tvidx);
+      assert (tv[tvidx].dklen <= sizeof outbuf);
+      err = gcry_kdf_derive (tv[tvidx].p, tv[tvidx].plen,
+                             tv[tvidx].parm_r == 1 ? 41 : GCRY_KDF_SCRYPT,
+                             tv[tvidx].parm_n,
+                             tv[tvidx].salt, tv[tvidx].saltlen,
+                             tv[tvidx].parm_p, tv[tvidx].dklen, outbuf);
+      if (err)
+        fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err));
+      else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
+        {
+          fail ("scrypt test %d failed: mismatch\n", tvidx);
+          fputs ("got:", stderr);
+          for (i=0; i < tv[tvidx].dklen; i++)
+            fprintf (stderr, " %02x", outbuf[i]);
+          putc ('\n', stderr);
+        }
+    }
+}
+
+
 int
 main (int argc, char **argv)
 {
-  int debug = 0;
-
   if (argc > 1 && !strcmp (argv[1], "--verbose"))
     verbose = 1;
   else if (argc > 1 && !strcmp (argv[1], "--debug"))
@@ -977,6 +1073,7 @@ main (int argc, char **argv)
 
   check_openpgp ();
   check_pbkdf2 ();
+  check_scrypt ();
 
   return error_count ? 1 : 0;
 }