Skip to content

Commit bc6d43b

Browse files
lukebakkenlukebakken
committed
Use pubkey_pbe:pbdkdf2/7
Even though this is not a public API we have CI coverage should it ever go away Related to rabbitmq/rabbitmq-server#3350
1 parent f8efbfb commit bc6d43b

File tree

1 file changed

+1
-40
lines changed

1 file changed

+1
-40
lines changed

src/credentials_obfuscation_pbe.erl

+1-40
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ decrypt(Cipher, Hash, Iterations, Secret, {encrypted, Base64Binary}) ->
9191
%% Generate a key from a secret.
9292

9393
make_key(Cipher, Hash, Iterations, Secret, Salt) ->
94-
Key = pbdkdf2(Secret, Salt, Iterations, key_length(Cipher),
94+
Key = pubkey_pbe:pbdkdf2(Secret, Salt, Iterations, key_length(Cipher),
9595
fun hmac/4, Hash, hash_length(Hash)),
9696
if
9797
Cipher =:= des3_cbc; Cipher =:= des3_cbf; Cipher =:= des3_cfb;
@@ -129,42 +129,3 @@ key_length(Type) ->
129129

130130
block_size(Type) ->
131131
maps:get(block_size, crypto:cipher_info(Type)).
132-
133-
%% The following was taken from OTP's lib/public_key/src/pubkey_pbe.erl
134-
%%
135-
%% This is an undocumented interface to password-based encryption algorithms.
136-
%% These functions have been copied here to stay compatible with R16B03.
137-
138-
%%--------------------------------------------------------------------
139-
-spec pbdkdf2(iodata(), iodata(), integer(), integer(), fun(), atom(), integer())
140-
-> binary().
141-
%%
142-
%% Description: Implements password based decryption key derive function 2.
143-
%% Exported mainly for testing purposes.
144-
%%--------------------------------------------------------------------
145-
pbdkdf2(Password, Salt, Count, DerivedKeyLen, Prf, PrfHash, PrfOutputLen)->
146-
NumBlocks = ceiling(DerivedKeyLen / PrfOutputLen),
147-
NumLastBlockOctets = DerivedKeyLen - (NumBlocks - 1) * PrfOutputLen ,
148-
blocks(NumBlocks, NumLastBlockOctets, 1, Password, Salt,
149-
Count, Prf, PrfHash, PrfOutputLen, <<>>).
150-
151-
blocks(1, N, Index, Password, Salt, Count, Prf, PrfHash, PrfLen, Acc) ->
152-
<<XorSum:N/binary, _/binary>> = xor_sum(Password, Salt, Count, Index, Prf, PrfHash, PrfLen),
153-
<<Acc/binary, XorSum/binary>>;
154-
blocks(NumBlocks, N, Index, Password, Salt, Count, Prf, PrfHash, PrfLen, Acc) ->
155-
XorSum = xor_sum(Password, Salt, Count, Index, Prf, PrfHash, PrfLen),
156-
blocks(NumBlocks -1, N, Index +1, Password, Salt, Count, Prf, PrfHash,
157-
PrfLen, <<Acc/binary, XorSum/binary>>).
158-
159-
xor_sum(Password, Salt, Count, Index, Prf, PrfHash, PrfLen) ->
160-
Result = Prf(PrfHash, Password, [Salt,<<Index:32/unsigned-big-integer>>], PrfLen),
161-
do_xor_sum(Prf, PrfHash, PrfLen, Result, Password, Count-1, Result).
162-
163-
do_xor_sum(_, _, _, _, _, 0, Acc) ->
164-
Acc;
165-
do_xor_sum(Prf, PrfHash, PrfLen, Prev, Password, Count, Acc) ->
166-
Result = Prf(PrfHash, Password, Prev, PrfLen),
167-
do_xor_sum(Prf, PrfHash, PrfLen, Result, Password, Count-1, crypto:exor(Acc, Result)).
168-
169-
ceiling(Float) ->
170-
erlang:round(Float + 0.5).

0 commit comments

Comments
 (0)