2
0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-28 20:07:48 +00:00

Replace PBKDF2 function with PyCrypto's version

Overlooked the existence of the servicable PBKDF2 function in PyCrypto.
Rectify that oversight (might break existing config db, but this
isn't even alpha code yet)
This commit is contained in:
Jarrod Johnson 2013-10-08 13:58:01 -04:00
parent 97a52ed775
commit 96ca623520

View File

@ -12,6 +12,7 @@ import confluent.config
import math
import os
import Crypto.Protocol.KDF as kdf
from Crypto.Cipher import AES
from Crypto.Hash import HMAC
from Crypto.Hash import SHA256
@ -21,33 +22,13 @@ _masterintegritykey = None
def _pbkdf2(passphrase, salt, iterations, size):
# Implement the PBKDF2 standard algorithm for deriving key data
# from a passphrase. See internet for details
blocks = int(math.ceil(size/32.0)) # Hardcoded to SHA256 behavior
retkey = ""
for block in xrange(blocks):
citerations = iterations
tsalt = salt + chr(block)
currval = HMAC.new(passphrase, tsalt, SHA256).digest()
currarray = array.array('L',currval)
while citerations > 1:
currval = HMAC.new(passphrase, currval).digest()
nextarray = array.array('L',currval)
for index in range(len(nextarray)):
currarray[index] = currarray[index] ^ nextarray[index]
currval = currarray.tostring()
currarray = nextarray
citerations = citerations - 1
retkey += currval
return retkey[:size]
def _derive_keys(passphrase, salt):
#implement our specific combination of pbkdf2 transforms to get at
#key. We bump the iterations up because we can afford to
tmpkey = _pbkdf2(passphrase, salt, 50000, 32)
finalkey = _pbkdf2(tmpkey, salt, 50000, 96)
tmpkey = kdf.PBKDF2(passphrase, salt, 32, 50000,
lambda p, s: HMAC.new(p, s, SHA256).digest())
finalkey = kdf.PBKDF2(tmpkey, salt, 32, 50000,
lambda p, s: HMAC.new(p, s, SHA256).digest())
return (finalkey[:32],finalkey[32:])