From 9da140fbf8dde92d862be485890b03bf414cc4cd Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Wed, 5 Sep 2018 12:38:57 +0200
Subject: [PATCH] drop float usage from pbkdf2

---
 pbkdf2.c           |  6 ++----
 tests/test_check.c | 39 +++++++++++++++++++--------------------
 2 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/pbkdf2.c b/pbkdf2.c
index 04c11e8afc..ade3077d9c 100644
--- a/pbkdf2.c
+++ b/pbkdf2.c
@@ -27,8 +27,6 @@
 #include "sha2.h"
 #include "memzero.h"
 
-#define CEILING_POS(X) ((X-(uint32_t)(X)) > 0 ? (uint32_t)(X+1) : (uint32_t)(X))
-
 void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t blocknr)
 {
 	SHA256_CTX ctx;
@@ -81,7 +79,7 @@ void pbkdf2_hmac_sha256_Final(PBKDF2_HMAC_SHA256_CTX *pctx, uint8_t *key)
 
 void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key, int keylen)
 {
-	uint32_t blocks_count = (uint32_t) CEILING_POS((float) keylen / SHA256_DIGEST_LENGTH);
+	uint32_t blocks_count = (keylen + SHA256_DIGEST_LENGTH - 1) / SHA256_DIGEST_LENGTH;
 
 	int unfinished_key_size = keylen;
 	for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
@@ -157,7 +155,7 @@ void pbkdf2_hmac_sha512_Final(PBKDF2_HMAC_SHA512_CTX *pctx, uint8_t *key)
 
 void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key, int keylen)
 {
-	uint32_t blocks_count = (uint32_t) CEILING_POS((float) keylen / SHA512_DIGEST_LENGTH);
+	uint32_t blocks_count = (keylen + SHA512_DIGEST_LENGTH - 1) / SHA512_DIGEST_LENGTH;
 
 	int unfinished_key_size = keylen;
 	for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
diff --git a/tests/test_check.c b/tests/test_check.c
index 6c6564564e..d9413b1343 100644
--- a/tests/test_check.c
+++ b/tests/test_check.c
@@ -2580,48 +2580,47 @@ START_TEST(test_blake2s)
 }
 END_TEST
 
-// test vectors from https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
 START_TEST(test_pbkdf2_hmac_sha256)
 {
-	uint8_t k[40], s[40];
+	uint8_t k[64];
 
-	strcpy((char *)s, "salt");
-	pbkdf2_hmac_sha256((uint8_t *)"password", 8, s, 4, 1, k, 32);
+	// test vectors from https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
+	pbkdf2_hmac_sha256((const uint8_t *)"password", 8, (const uint8_t *)"salt", 4, 1, k, 32);
 	ck_assert_mem_eq(k, fromhex("120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"), 32);
 
-	strcpy((char *)s, "salt");
-	pbkdf2_hmac_sha256((uint8_t *)"password", 8, s, 4, 2, k, 32);
+	pbkdf2_hmac_sha256((const uint8_t *)"password", 8, (const uint8_t *)"salt", 4, 2, k, 32);
 	ck_assert_mem_eq(k, fromhex("ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43"), 32);
 
-	strcpy((char *)s, "salt");
-	pbkdf2_hmac_sha256((uint8_t *)"password", 8, s, 4, 4096, k, 32);
+	pbkdf2_hmac_sha256((const uint8_t *)"password", 8, (const uint8_t *)"salt", 4, 4096, k, 32);
 	ck_assert_mem_eq(k, fromhex("c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a"), 32);
 
-	strcpy((char *)s, "saltSALTsaltSALTsaltSALTsaltSALTsalt");
-	pbkdf2_hmac_sha256((uint8_t *)"passwordPASSWORDpassword", 3*8, s, 9*4, 4096, k, 32);
-	ck_assert_mem_eq(k, fromhex("348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1"), 32);
+	pbkdf2_hmac_sha256((const uint8_t *)"passwordPASSWORDpassword", 3 * 8, (const uint8_t *)"saltSALTsaltSALTsaltSALTsaltSALTsalt", 9 * 4, 4096, k, 40);
+	ck_assert_mem_eq(k, fromhex("348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9"), 40);
+
+	pbkdf2_hmac_sha256((const uint8_t *)"pass\x00word", 9, (const uint8_t *)"sa\x00lt", 5, 4096, k, 16);
+	ck_assert_mem_eq(k, fromhex("89b69d0516f829893c696226650a8687"), 16);
+
+	// test vector from https://tools.ietf.org/html/rfc7914.html#section-11
+	pbkdf2_hmac_sha256((const uint8_t *)"passwd", 6, (const uint8_t *)"salt", 4, 1, k, 64);
+	ck_assert_mem_eq(k, fromhex("55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783"), 64);
 }
 END_TEST
 
 // test vectors from http://stackoverflow.com/questions/15593184/pbkdf2-hmac-sha-512-test-vectors
 START_TEST(test_pbkdf2_hmac_sha512)
 {
-	uint8_t k[64], s[40];
+	uint8_t k[64];
 
-	strcpy((char *)s, "salt");
-	pbkdf2_hmac_sha512((uint8_t *)"password", 8, s, 4, 1, k, 64);
+	pbkdf2_hmac_sha512((uint8_t *)"password", 8, (const uint8_t *)"salt", 4, 1, k, 64);
 	ck_assert_mem_eq(k, fromhex("867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce"), 64);
 
-	strcpy((char *)s, "salt");
-	pbkdf2_hmac_sha512((uint8_t *)"password", 8, s, 4, 2, k, 64);
+	pbkdf2_hmac_sha512((uint8_t *)"password", 8, (const uint8_t *)"salt", 4, 2, k, 64);
 	ck_assert_mem_eq(k, fromhex("e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e"), 64);
 
-	strcpy((char *)s, "salt");
-	pbkdf2_hmac_sha512((uint8_t *)"password", 8, s, 4, 4096, k, 64);
+	pbkdf2_hmac_sha512((uint8_t *)"password", 8, (const uint8_t *)"salt", 4, 4096, k, 64);
 	ck_assert_mem_eq(k, fromhex("d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5"), 64);
 
-	strcpy((char *)s, "saltSALTsaltSALTsaltSALTsaltSALTsalt");
-	pbkdf2_hmac_sha512((uint8_t *)"passwordPASSWORDpassword", 3*8, s, 9*4, 4096, k, 64);
+	pbkdf2_hmac_sha512((uint8_t *)"passwordPASSWORDpassword", 3 * 8, (const uint8_t *)"saltSALTsaltSALTsaltSALTsaltSALTsalt", 9 * 4, 4096, k, 64);
 	ck_assert_mem_eq(k, fromhex("8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8"), 64);
 }
 END_TEST