Commit 30d68d0f authored by Stephane Glondu's avatar Stephane Glondu

Add OCaml implementation of pbkdf2 and drop dep to Node.js

parent 333369be
......@@ -18,13 +18,6 @@ To run basic command-line tools, you will need:
* [Atdgen](http://mjambon.com/atdgen)
* [Yojson](http://mjambon.com/yojson.html)
To generate credentials, you will need:
* [Node.js](http://nodejs.org/)
On some systems, the Node.js interpreter might be available as either
`node` or `nodejs`, please adapt `stuff/derive_key.js` accordingly.
To run the web server, you will additionally need:
* [Eliom](http://ocsigen.org/eliom/) version 3
......
......@@ -18,15 +18,13 @@ let token_length = 14
let n58 = Z.of_int 58
let n53 = Z.of_int 53
let smjs_template = format_of_string "./stuff/derive_key.js %s %s"
let public_key_of_token uuid x =
let ic = Printf.ksprintf Unix.open_process_in smjs_template x uuid in
let hex = input_line ic in
if Unix.(close_process_in ic <> WEXITED 0) then (
Printf.eprintf "Error while running nodejs!";
exit 2;
);
let open Cryptokit in
let salt = transform_string (Hexa.decode ()) uuid in
let hex =
pbkdf2 ~prf:MAC.hmac_sha256 ~iterations:1000 ~size:1 ~salt x |>
transform_string (Hexa.encode ())
in
let x = Z.(of_string_base 16 hex mod q) in
let y = G.(g **~ x) in
Z.to_string y
......
......@@ -130,3 +130,39 @@ let sha256_b64 x = Cryptokit.(x |>
let option_map f = function
| Some x -> Some (f x)
| None -> None
let int_msb i =
let result = String.create 4 in
result.[0] <- char_of_int (i lsr 24);
result.[1] <- char_of_int ((i lsr 16) land 0xff);
result.[2] <- char_of_int ((i lsr 8) land 0xff);
result.[3] <- char_of_int (i land 0xff);
result
let xor a b =
let n = String.length a in
assert (n = String.length b);
let result = String.create n in
for i = 0 to n-1 do
result.[i] <- char_of_int (int_of_char a.[i] lxor int_of_char b.[i])
done;
result
let pbkdf2 ~prf ~salt ~iterations ~size password =
let c = iterations - 1 in
let hLen = (prf password)#hash_size in
let result = String.create (hLen * size) in
let one_iteration i =
let u = Cryptokit.hash_string (prf password) (salt ^ int_msb i) in
let rec loop c u accu =
if c > 0 then
let u' = Cryptokit.hash_string (prf password) u in
loop (c-1) u' (xor accu u')
else accu
in loop c u u
in
for i = 1 to size do
let offset = (i-1) * hLen in
String.blit (one_iteration i) 0 result offset hLen;
done;
result
......@@ -33,3 +33,9 @@ val sha256_hex : string -> string
val sha256_b64 : string -> string
val option_map : ('a -> 'b) -> 'a option -> 'b option
val pbkdf2 :
prf:(string -> Cryptokit.hash) ->
salt:string ->
iterations:int -> size:int ->
string -> string
......@@ -6,7 +6,6 @@ Package: belenios-deps-minimal
Version: 0.0.1
Maintainer: Stéphane Glondu <Stephane.Glondu@inria.fr>
Depends:
nodejs,
build-essential,
ocaml-findlib,
libzarith-ocaml-dev,
......
#!/usr/bin/env nodejs
// Hack taken from http://stackoverflow.com/questions/5625569/include-external-js-file-in-node-js-app
var fs = require('fs');
var vm = require('vm');
var includeInThisContext = function(path) {
var code = fs.readFileSync(path);
vm.runInThisContext(code, path);
}.bind(this);
// Use SJCL to derive the key
includeInThisContext(__dirname+"/../media/booth/js/jscrypto/sjcl.js");
var seed = process.argv[2];
var salt = process.argv[3];
console.log(sjcl.codec.hex.fromBits(sjcl.misc.pbkdf2(seed, sjcl.codec.hex.toBits(salt), 1000, 256)));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment