patterncMinor
OpenSSL PBKDF2-HMAC-SHAx proof of concept
Viewed 0 times
opensslconcepthmacshaxpbkdf2proof
Problem
I have regrettably been away from C programming for a very long time, so I'd like to get a quick code review of a first proof of concept, before I get too far into adding capabilities, using the getopt library for arguments, alternate output and input character sets, a PolarSSL implementation, and so on and so forth.
Target platforms: gcc 4.5+ for MinGW for Windows, gcc 4.7+ for Linux.
My ranking of concerns:
As a purely secondary interest, if anyone has advice on the getopt library, C code for Base32/Base64/etc output formats, or PolarSSL use, I'd appreciate it.
Linux compilation:
Windows compilation:
The code:
```
#include
#include
#include
#include
#include
// Originally from http://stackoverflow.com/questions/10067729/fast-sha-2-authentication-with-apache-is-it-even-possible
void PBKDF2_HMAC_SHA_256(const char pass, const unsigned char salt, int32_t iterations, uint32_t outputbytes, char* HexResult)
{
unsigned int i;
unsigned char digest[outputbytes];
PKCS5_PBKDF2_HMAC(pass, strlen(pass), salt, strlen(salt), iterations, EVP_sha256(), outputbytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(HexResult + (i * 2), "%02x", 255 & digest[i]);
}
void PBKDF2_HMAC_SHA_512(const char pass, const unsigned char salt, int32_t iterations, uint32_t outputbytes, char* HexResult)
{
unsigned int i;
unsigned char digest[outputbytes];
PKCS5_PBKDF2_HMAC(pass, strlen(pass), salt, strlen(salt), iterations, EVP_sha512(), outputbytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(HexResult + (i * 2), "%02x", 255 & digest[i]);
}
int
Target platforms: gcc 4.5+ for MinGW for Windows, gcc 4.7+ for Linux.
My ranking of concerns:
- Security holes
- Incorrect use of OpenSSL
- Memory leaks
- Performance
- Suboptimal or incorrect compilation commands
- Inefficient code
- deviations from ANSI C/portability
- Unclean code
- Suggestions for improvement
- other
As a purely secondary interest, if anyone has advice on the getopt library, C code for Base32/Base64/etc output formats, or PolarSSL use, I'd appreciate it.
Linux compilation:
gcc -O3 -lssl pbkdf2.c -o pbkdf2Windows compilation:
gcc -O3 -I OpenSSLLibraryPath\include -L OpenSSLBinariesPath -leay32 pbkdf2.c -o pbkdf2The code:
```
#include
#include
#include
#include
#include
// Originally from http://stackoverflow.com/questions/10067729/fast-sha-2-authentication-with-apache-is-it-even-possible
void PBKDF2_HMAC_SHA_256(const char pass, const unsigned char salt, int32_t iterations, uint32_t outputbytes, char* HexResult)
{
unsigned int i;
unsigned char digest[outputbytes];
PKCS5_PBKDF2_HMAC(pass, strlen(pass), salt, strlen(salt), iterations, EVP_sha256(), outputbytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(HexResult + (i * 2), "%02x", 255 & digest[i]);
}
void PBKDF2_HMAC_SHA_512(const char pass, const unsigned char salt, int32_t iterations, uint32_t outputbytes, char* HexResult)
{
unsigned int i;
unsigned char digest[outputbytes];
PKCS5_PBKDF2_HMAC(pass, strlen(pass), salt, strlen(salt), iterations, EVP_sha512(), outputbytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(HexResult + (i * 2), "%02x", 255 & digest[i]);
}
int
Solution
Things you did well on:
-
Looks like you weren't too rusty based on this code. Looks very nice organizationally.
-
You
Things you could improve on:
Standards
-
Initialize
Syntax
-
Don't over-compact your code.
Let it breathe a bit.
-
Use
-
You don't follow proper C naming conventions.
Either use camelCase, or snake_case with variable names.
-
Your indentation is a bit odd.
But that could be a copy-paste issue.
Commenting:
-
The only comments I see are a link to a Stack Overflow post, and a commented-out bit of old code. Use more comments to explain what your code does, and how it accomplishes that/why it works.
Look at it as if a new developer was going to look at your code. You should try to explain it so that he could understand it's basic function and how it works right away. You might thank yourself when you return back to this project in the future, forgetting completely how it works. ;)
-
Looks like you weren't too rusty based on this code. Looks very nice organizationally.
-
You
return different values for different error conditions.Things you could improve on:
Standards
-
Initialize
i in your for loops.(C99)for (unsigned int i = 0; i < sizeof(digest); i++)Syntax
-
Don't over-compact your code.
if(argc != 6){printf("Incorrect number of parameters.\n");return 2;};Let it breathe a bit.
if(argc != 6)
{
printf("Incorrect number of parameters.\n");
return 2;
}-
Use
puts() instead of printf() when you aren't formatting a string.puts("Incorrect number of parameters.");-
You don't follow proper C naming conventions.
char HexResult[2*outputbytes-1];Either use camelCase, or snake_case with variable names.
-
Your indentation is a bit odd.
if (strcmp(argv[1],"SHA-512")==0)
{
PBKDF2_HMAC_SHA_512(pass, salt, iterations, outputbytes, HexResult);
}But that could be a copy-paste issue.
Commenting:
-
The only comments I see are a link to a Stack Overflow post, and a commented-out bit of old code. Use more comments to explain what your code does, and how it accomplishes that/why it works.
Look at it as if a new developer was going to look at your code. You should try to explain it so that he could understand it's basic function and how it works right away. You might thank yourself when you return back to this project in the future, forgetting completely how it works. ;)
Code Snippets
for (unsigned int i = 0; i < sizeof(digest); i++)if(argc != 6){printf("Incorrect number of parameters.\n");return 2;};if(argc != 6)
{
printf("Incorrect number of parameters.\n");
return 2;
}puts("Incorrect number of parameters.");char HexResult[2*outputbytes-1];Context
StackExchange Code Review Q#42492, answer score: 8
Revisions (0)
No revisions yet.