From: Richard Levitte <levitte@lp.se>
Date: Wed, 1 Oct 2008 14:01:30 +0000 (+0000)
Subject: Let ykp_AES_key_from_passphrase() take an optional salt as well
X-Git-Tag: yubikey-personalisation_1.3.5-1~4^2~204
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=399c1ee295da306c387ec28ff58153c9a5b46744;p=yubikey-personalization.old

Let ykp_AES_key_from_passphrase() take an optional salt as well
---

diff --git a/ykpers.c b/ykpers.c
index fc31aac..de0c58d 100644
--- a/ykpers.c
+++ b/ykpers.c
@@ -68,7 +68,8 @@ int ykp_free_config(CONFIG *cfg)
 	return 0;
 }
 
-int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase)
+int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase,
+				const char *salt)
 {
 	if (cfg) {
 		char *random_places[] = {
@@ -78,31 +79,38 @@ int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase)
 			0
 		};
 		char **random_place;
-		uint8_t salt[8];
-		size_t salt_len = 0;
+		uint8_t _salt[8];
+		size_t _salt_len = 0;
 
-		for (random_place = random_places;
-		     *random_place;
-		     random_place++) {
-			FILE *random_file = fopen(*random_place, "r");
-			if (random_file) {
-				size_t read_bytes = 0;
+		if (salt) {
+			_salt_len = strlen(salt);
+			if (_salt_len > 8)
+				_salt_len = 8;
+			memcpy(_salt, salt, _salt_len);
+		} else {
+			for (random_place = random_places;
+			     *random_place;
+			     random_place++) {
+				FILE *random_file = fopen(*random_place, "r");
+				if (random_file) {
+					size_t read_bytes = 0;
 
-				while (read_bytes < sizeof(salt)) {
-					size_t n = fread(&cfg->key[read_bytes],
-							 1, KEY_SIZE - read_bytes,
-							 random_file);
-					read_bytes += n;
-				}
+					while (read_bytes < sizeof(_salt)) {
+						size_t n = fread(&cfg->key[read_bytes],
+								 1, KEY_SIZE - read_bytes,
+								 random_file);
+						read_bytes += n;
+					}
 
-				fclose(random_file);
+					fclose(random_file);
 
-				salt_len = sizeof(salt);
+					_salt_len = sizeof(_salt);
 
-				break; /* from for loop */
+					break; /* from for loop */
+				}
 			}
 		}
-		if (salt_len == 0) {
+		if (_salt_len == 0) {
 			/* There was no randomness files, so create a cheap
 			   salt from time */
 #                       include <ykpbkdf2.h>
@@ -113,12 +121,12 @@ int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase)
 			yk_hmac_sha1.prf_fn(passphrase, strlen(passphrase),
 					    (char *)&t, sizeof(t),
 					    output, sizeof(output));
-			memcpy(salt, output, sizeof(salt));
-			salt_len = sizeof(salt);
+			memcpy(_salt, output, sizeof(_salt));
+			_salt_len = sizeof(_salt);
 		}
 
 		return yk_pbkdf2(passphrase,
-				 salt, salt_len,
+				 _salt, _salt_len,
 				 1024,
 				 cfg->key, sizeof(cfg->key),
 				 &yk_hmac_sha1);
diff --git a/ykpers.h b/ykpers.h
index 02dad5c..3438f29 100644
--- a/ykpers.h
+++ b/ykpers.h
@@ -36,7 +36,8 @@
 CONFIG *ykp_create_config(void);
 int ykp_free_config(CONFIG *cfg);
 
-int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase);
+int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase,
+				const char *salt);
 int ykp_set_access_code(CONFIG *cfg, unsigned char *access_code);
 
 int ykp_write_config(const CONFIG *cfg,