Wrapping PBKDF PKCS#12 algorithm.

2016-01-10 10:50:02 +01:00
parent db1f321ae3
commit 03fd89bc45
3 changed files with 50 additions and 1 deletions
--- a/swig/README
+++ b/swig/README
@ -15,6 +15,8 @@ Please send questions to support@wolfssl.com
    make
    sudo make install

+   NOTE: if you want to use pbkdf pkcs #12 algorithm you should build CyaSSL with --enable-pwdbased:
+   ./configure --disable-shared --enable-pwdbased CFLAGS=-fpic

 2) start the example server from the root directory
    ./examples/server/server -d
@ -41,4 +43,3 @@ Please send questions to support@wolfssl.com
    python library that isn't included by default
 7) The outputs _wolfssl.pyd and wolfssl.py are the wolfssl import library
 8) Can now run python runme.py from the swig directory
-
--- a/swig/pbkdf_pkcs12.py
+++ b/swig/pbkdf_pkcs12.py
@ -0,0 +1,44 @@
+"""A simple example how to use PBKDF PKCS #12 algorithm."""
+
+import wolfssl
+import os
+import random
+import string
+
+
+PASSWORD_LENGTH = 16
+SALT_LENGTH = 8
+KEY_LENGTH = 16
+ITERATIONS = 256
+SHA256 = 2  # Hashtype, stands for Sha256 in wolfssl.
+
+
+def to_c_byte_array(content):
+    output = wolfssl.byteArray(len(content))
+    for i, ch in enumerate(content):
+        output[i] = ord(ch)
+    return output
+
+
+password = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(PASSWORD_LENGTH))
+salt = os.urandom(SALT_LENGTH)
+key = wolfssl.byteArray(KEY_LENGTH)
+
+# params:
+# key :: bytearray output
+# passwd :: bytearray password that is used to derive the key
+# pLen :: password length
+# salt :: bytearray salt
+# sLen :: salt length
+# iterations :: number of iterations
+# kLen :: key length
+# hashType :: int, SHA256 stands for 2
+# purpose :: int, not really sure what it does, 1 was used in the tests
+wolfssl.wc_PKCS12_PBKDF(key, to_c_byte_array(password), PASSWORD_LENGTH, to_c_byte_array(salt), SALT_LENGTH, ITERATIONS,
+                        KEY_LENGTH, SHA256, 1)
+key = wolfssl.cdata(key, KEY_LENGTH)
+assert len(key) == KEY_LENGTH, "Generated key has length %s, whereas should have length %s" % (len(key), KEY_LENGTH)
+
+print 'Generated key: %s\nfor password: %s' % (key, password)
+print 'Bytes:'
+print [b for b in key]
--- a/swig/wolfssl.i
+++ b/swig/wolfssl.i
@ -23,6 +23,7 @@
 %{
    #include <wolfssl/ssl.h>
    #include <wolfssl/wolfcrypt/rsa.h>
+    #include <wolfssl/wolfcrypt/pwdbased.h>

    /* defn adds */
    char* wolfSSL_error_string(int err);
@ -44,6 +45,9 @@ int             wolfSSL_Init(void);
 char*           wolfSSL_error_string(int);
 int             wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);

+int         wc_PKCS12_PBKDF(unsigned char* output, const unsigned char* passwd, int pLen, const unsigned char* salt,
+                        int sLen, int iterations, int kLen, int hashType, int purpose);
+
 int         wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);

 int         wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);