aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/block
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-03-23 15:45:50 -0400
committerJack Lloyd <[email protected]>2017-03-24 10:55:38 -0400
commitc0901e801d72bb2fdf3a205f6debf5ed954567f8 (patch)
treea959f1ce5fb348d8160938a5bb4fb2070f3a6c71 /src/lib/block
parentc936086354203ddf275435fff611d3e2c99e6975 (diff)
Fix incorrect password truncation in bcrypt password hashing.
The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
Diffstat (limited to 'src/lib/block')
-rw-r--r--src/lib/block/blowfish/blowfish.cpp18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/lib/block/blowfish/blowfish.cpp b/src/lib/block/blowfish/blowfish.cpp
index 17ac00a1f..68d73cafd 100644
--- a/src/lib/block/blowfish/blowfish.cpp
+++ b/src/lib/block/blowfish/blowfish.cpp
@@ -291,27 +291,31 @@ void Blowfish::key_expansion(const uint8_t key[],
void Blowfish::eks_key_schedule(const uint8_t key[], size_t length,
const uint8_t salt[16], size_t workfactor)
{
- // Truncate longer passwords to the 56 byte limit Blowfish enforces
- length = std::min<size_t>(length, 55);
-
- if(workfactor == 0)
- throw Invalid_Argument("Bcrypt work factor must be at least 1");
/*
* On a 2.8 GHz Core-i7, workfactor == 18 takes about 25 seconds to
* hash a password. This seems like a reasonable upper bound for the
* time being.
+ * Bcrypt allows up to work factor 31 (2^31 iterations)
*/
if(workfactor > 18)
throw Invalid_Argument("Requested Bcrypt work factor " +
- std::to_string(workfactor) + " too large");
+ std::to_string(workfactor) + " too large");
+
+ if(workfactor < 4)
+ throw Invalid_Argument("Bcrypt requires work factor at least 4");
+
+ if(length > 72)
+ {
+ // Truncate longer passwords to the 72 char bcrypt limit
+ length = 72;
+ }
m_P.resize(18);
copy_mem(m_P.data(), P_INIT, 18);
m_S.resize(1024);
copy_mem(m_S.data(), S_INIT, 1024);
-
key_expansion(key, length, salt);
const uint8_t null_salt[16] = { 0 };