diff options
author | Charles Longeau <chl@cvs.openbsd.org> | 2008-05-03 13:18:09 +0000 |
---|---|---|
committer | Charles Longeau <chl@cvs.openbsd.org> | 2008-05-03 13:18:09 +0000 |
commit | 351632319bc7ed4e24d0f3049fd70e90063b4909 (patch) | |
tree | 222b317c22c9686dba3bd0a9a9268c9826488dae | |
parent | 34e09f8a56aa802ec7b4b61affd74d758a59fd3d (diff) |
remove unused functions
from tobias@
ok ray@ tobias@
-rw-r--r-- | sbin/mount_vnd/pkcs5_pbkdf2.c | 80 | ||||
-rw-r--r-- | sbin/mount_vnd/pkcs5_pbkdf2.h | 1 |
2 files changed, 1 insertions, 80 deletions
diff --git a/sbin/mount_vnd/pkcs5_pbkdf2.c b/sbin/mount_vnd/pkcs5_pbkdf2.c index 75e9f7ac705..a245b403a78 100644 --- a/sbin/mount_vnd/pkcs5_pbkdf2.c +++ b/sbin/mount_vnd/pkcs5_pbkdf2.c @@ -56,6 +56,7 @@ #include <sys/resource.h> #include <assert.h> +#include <err.h> #include <stdlib.h> #include <string.h> @@ -66,7 +67,6 @@ static void int_encode(u_int8_t *, int); static void prf_iterate(u_int8_t *, const u_int8_t *, int, const u_int8_t *, int, int, int); -static int pkcs5_pbkdf2_time(int, int); void memxor(void *res, const void *src, size_t len) @@ -173,81 +173,3 @@ pkcs5_pbkdf2(u_int8_t **r, int dkLen, const u_int8_t *P, int Plen, */ return 0; } - -/* - * We use predefined lengths for the password and salt to ensure that - * no analysis can be done on the output of the calibration based on - * those parameters. We do not do the same for dkLen because: - * 1. dkLen is known to the attacker if they know the iteration - * count, and - * 2. using the wrong dkLen will skew the calibration by an - * integral factor n = (dkLen / 160). - */ - -#define CAL_PASSLEN 64 -#define CAL_SALTLEN 64 -#define CAL_TIME 30000 /* Minimum number of microseconds that - * are considered significant. - */ - -/* - * We return the user time in milliseconds that c iterations - * of the algorithm take. - */ - -static int -pkcs5_pbkdf2_time(int dkLen, int c) -{ - struct rusage start; - struct rusage end; - int ret; - u_int8_t *r = NULL; - u_int8_t P[CAL_PASSLEN]; - u_int8_t S[CAL_SALTLEN]; - - getrusage(RUSAGE_SELF, &start); - /* XXX compat flag at end to be removed when _OLD keygen method is */ - ret = pkcs5_pbkdf2(&r, dkLen, P, sizeof(P), S, sizeof(S), c, 0); - if (ret) - return ret; - getrusage(RUSAGE_SELF, &end); - free(r); - - return (end.ru_utime.tv_sec - start.ru_utime.tv_sec) * 1000000 - + (end.ru_utime.tv_usec - start.ru_utime.tv_usec); -} - -int -pkcs5_pbkdf2_calibrate(int dkLen, int milliseconds) -{ - int c; - int t = 0; - int ret; - - /* - * First we get a meaningfully long time by doubling the - * iteration count until it takes longer than CAL_TIME. This - * should take approximately 2 * CAL_TIME. - */ - for (c=1;; c *= 2) { - t = pkcs5_pbkdf2_time(dkLen, c); - if (t > CAL_TIME) - break; - } - - /* Now that we know that, we scale it. */ - ret = (int) ((u_int64_t) c * milliseconds / t); - - /* - * Since it is quite important to not get this wrong, - * we test the result. - */ - - t = pkcs5_pbkdf2_time(dkLen, 10000); - - /* if we are over 5% off, return an error */ - if (abs(milliseconds - t) > (milliseconds / 20)) - return -1; - - return ret; -} diff --git a/sbin/mount_vnd/pkcs5_pbkdf2.h b/sbin/mount_vnd/pkcs5_pbkdf2.h index 443e3e4298c..4b2c7e8eb47 100644 --- a/sbin/mount_vnd/pkcs5_pbkdf2.h +++ b/sbin/mount_vnd/pkcs5_pbkdf2.h @@ -42,6 +42,5 @@ __BEGIN_DECLS int pkcs5_pbkdf2(u_int8_t **, int, const u_int8_t *, int, const u_int8_t *, int, int, int); -int pkcs5_pbkdf2_calibrate(int, int); __END_DECLS #endif |