/
0001-kcapi-enc.patch
84 lines (82 loc) · 2.26 KB
/
0001-kcapi-enc.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
diff -Nurp libkcapi-1.3.1/apps/kcapi-enc.c libkcapi-1.3.1_new/apps/kcapi-enc.c
--- libkcapi-1.3.1/apps/kcapi-enc.c 2021-05-17 20:34:44.000000000 +0800
+++ libkcapi-1.3.1_new/apps/kcapi-enc.c 2022-01-13 17:12:03.441098213 +0800
@@ -731,78 +731,9 @@ static int set_key(struct kcapi_handle *
/* Transform password into a key using PBKDF2. */
if (passwdptr && passwdlen) {
- uint8_t *saltbuf = NULL;
- uint32_t saltbuflen = 0;
-
- dolog(KCAPI_LOG_DEBUG, "password %s", passwdptr);
-
- /* Determine the number of PBKDF2 iterations. */
- if (!opts->pbkdf_iterations) {
- opts->pbkdf_iterations =
- kcapi_pbkdf_iteration_count(opts->pbkdf_hash, 0);
-
- dolog(KCAPI_LOG_WARN, "PBKDF2 iterations used: %u",
- opts->pbkdf_iterations);
- }
-
- /* Convert the salt hex representation into binary. */
- if (opts->salt) {
- ret = hex2bin_alloc(opts->salt,
- (uint32_t)strlen(opts->salt),
- &saltbuf, &saltbuflen);
- if (ret)
- goto out;
- } else {
- /* No salt provided, generate a random number. */
- struct kcapi_handle *rng;
- uint32_t j = 0;
-
- ret = kcapi_rng_init(&rng, "stdrng", 0);
- if (ret)
- goto out;
- ret = kcapi_rng_seed(rng, NULL, 0);
- if (ret) {
- kcapi_rng_destroy(rng);
- goto out;
- }
-
- saltbuflen = 32;
- saltbuf = malloc(saltbuflen);
- if (!saltbuf) {
- ret = -ENOMEM;
- kcapi_rng_destroy(rng);
- goto out;
- }
-
- while (j < saltbuflen) {
- ret = kcapi_rng_generate(rng, saltbuf,
- saltbuflen);
- if (ret < 0) {
- kcapi_rng_destroy(rng);
- free(saltbuf);
- goto out;
- }
- j += (uint32_t)ret;
- }
- kcapi_rng_destroy(rng);
-
- dolog_bin(KCAPI_LOG_WARN, saltbuf, saltbuflen,
- "PBKDF2 salt used");
- }
-
- /*
- * PBKDF2 operation: generate a key from password --
- * reading of sizeof(keybuf) implies 256 bit key.
- */
- ret = kcapi_pbkdf(opts->pbkdf_hash, passwdptr, passwdlen,
- saltbuf, saltbuflen, opts->pbkdf_iterations,
- keybuf, sizeof(keybuf));
- free(saltbuf);
- if (ret)
- goto out;
-
have_key = 1;
- keybuflen = sizeof(keybuf);
+ memcpy(keybuf,passwdptr,passwdlen);
+ keybuflen = passwdlen;
dolog(KCAPI_LOG_VERBOSE,
"Data Encryption Key derived from Password using PBKDF2 using %s with %u iterations",