summaryrefslogtreecommitdiff
path: root/sbin/mount_vnd/pkcs5_pbkdf2.c
diff options
context:
space:
mode:
authorCharles Longeau <chl@cvs.openbsd.org>2008-05-03 13:18:09 +0000
committerCharles Longeau <chl@cvs.openbsd.org>2008-05-03 13:18:09 +0000
commit351632319bc7ed4e24d0f3049fd70e90063b4909 (patch)
tree222b317c22c9686dba3bd0a9a9268c9826488dae /sbin/mount_vnd/pkcs5_pbkdf2.c
parent34e09f8a56aa802ec7b4b61affd74d758a59fd3d (diff)
remove unused functions
from tobias@ ok ray@ tobias@
Diffstat (limited to 'sbin/mount_vnd/pkcs5_pbkdf2.c')
-rw-r--r--sbin/mount_vnd/pkcs5_pbkdf2.c80
1 files changed, 1 insertions, 79 deletions
diff --git a/sbin/mount_vnd/pkcs5_pbkdf2.c b/sbin/mount_vnd/pkcs5_pbkdf2.c
index 75e9f7ac705..a245b403a78 100644
--- a/sbin/mount_vnd/pkcs5_pbkdf2.c
+++ b/sbin/mount_vnd/pkcs5_pbkdf2.c
@@ -56,6 +56,7 @@
#include <sys/resource.h>
#include <assert.h>
+#include <err.h>
#include <stdlib.h>
#include <string.h>
@@ -66,7 +67,6 @@
static void int_encode(u_int8_t *, int);
static void prf_iterate(u_int8_t *, const u_int8_t *, int,
const u_int8_t *, int, int, int);
-static int pkcs5_pbkdf2_time(int, int);
void
memxor(void *res, const void *src, size_t len)
@@ -173,81 +173,3 @@ pkcs5_pbkdf2(u_int8_t **r, int dkLen, const u_int8_t *P, int Plen,
*/
return 0;
}
-
-/*
- * We use predefined lengths for the password and salt to ensure that
- * no analysis can be done on the output of the calibration based on
- * those parameters. We do not do the same for dkLen because:
- * 1. dkLen is known to the attacker if they know the iteration
- * count, and
- * 2. using the wrong dkLen will skew the calibration by an
- * integral factor n = (dkLen / 160).
- */
-
-#define CAL_PASSLEN 64
-#define CAL_SALTLEN 64
-#define CAL_TIME 30000 /* Minimum number of microseconds that
- * are considered significant.
- */
-
-/*
- * We return the user time in milliseconds that c iterations
- * of the algorithm take.
- */
-
-static int
-pkcs5_pbkdf2_time(int dkLen, int c)
-{
- struct rusage start;
- struct rusage end;
- int ret;
- u_int8_t *r = NULL;
- u_int8_t P[CAL_PASSLEN];
- u_int8_t S[CAL_SALTLEN];
-
- getrusage(RUSAGE_SELF, &start);
- /* XXX compat flag at end to be removed when _OLD keygen method is */
- ret = pkcs5_pbkdf2(&r, dkLen, P, sizeof(P), S, sizeof(S), c, 0);
- if (ret)
- return ret;
- getrusage(RUSAGE_SELF, &end);
- free(r);
-
- return (end.ru_utime.tv_sec - start.ru_utime.tv_sec) * 1000000
- + (end.ru_utime.tv_usec - start.ru_utime.tv_usec);
-}
-
-int
-pkcs5_pbkdf2_calibrate(int dkLen, int milliseconds)
-{
- int c;
- int t = 0;
- int ret;
-
- /*
- * First we get a meaningfully long time by doubling the
- * iteration count until it takes longer than CAL_TIME. This
- * should take approximately 2 * CAL_TIME.
- */
- for (c=1;; c *= 2) {
- t = pkcs5_pbkdf2_time(dkLen, c);
- if (t > CAL_TIME)
- break;
- }
-
- /* Now that we know that, we scale it. */
- ret = (int) ((u_int64_t) c * milliseconds / t);
-
- /*
- * Since it is quite important to not get this wrong,
- * we test the result.
- */
-
- t = pkcs5_pbkdf2_time(dkLen, 10000);
-
- /* if we are over 5% off, return an error */
- if (abs(milliseconds - t) > (milliseconds / 20))
- return -1;
-
- return ret;
-}