From 96ca623520d353edb6bdc925f372aea55a16d36d Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Tue, 8 Oct 2013 13:58:01 -0400 Subject: [PATCH] Replace PBKDF2 function with PyCrypto's version Overlooked the existence of the servicable PBKDF2 function in PyCrypto. Rectify that oversight (might break existing config db, but this isn't even alpha code yet) --- confluent/crypto.py | 29 +++++------------------------ 1 file changed, 5 insertions(+), 24 deletions(-) diff --git a/confluent/crypto.py b/confluent/crypto.py index fba14cb5..ef8774c0 100644 --- a/confluent/crypto.py +++ b/confluent/crypto.py @@ -12,6 +12,7 @@ import confluent.config import math import os +import Crypto.Protocol.KDF as kdf from Crypto.Cipher import AES from Crypto.Hash import HMAC from Crypto.Hash import SHA256 @@ -21,33 +22,13 @@ _masterintegritykey = None -def _pbkdf2(passphrase, salt, iterations, size): - # Implement the PBKDF2 standard algorithm for deriving key data - # from a passphrase. See internet for details - blocks = int(math.ceil(size/32.0)) # Hardcoded to SHA256 behavior - retkey = "" - for block in xrange(blocks): - citerations = iterations - tsalt = salt + chr(block) - currval = HMAC.new(passphrase, tsalt, SHA256).digest() - currarray = array.array('L',currval) - while citerations > 1: - currval = HMAC.new(passphrase, currval).digest() - nextarray = array.array('L',currval) - for index in range(len(nextarray)): - currarray[index] = currarray[index] ^ nextarray[index] - currval = currarray.tostring() - currarray = nextarray - citerations = citerations - 1 - retkey += currval - return retkey[:size] - - def _derive_keys(passphrase, salt): #implement our specific combination of pbkdf2 transforms to get at #key. We bump the iterations up because we can afford to - tmpkey = _pbkdf2(passphrase, salt, 50000, 32) - finalkey = _pbkdf2(tmpkey, salt, 50000, 96) + tmpkey = kdf.PBKDF2(passphrase, salt, 32, 50000, + lambda p, s: HMAC.new(p, s, SHA256).digest()) + finalkey = kdf.PBKDF2(tmpkey, salt, 32, 50000, + lambda p, s: HMAC.new(p, s, SHA256).digest()) return (finalkey[:32],finalkey[32:])