/* * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include <config.h> #ifdef KRB5 #include <krb5-types.h> #endif #ifdef HAVE_COMMONCRYPTO_COMMONKEYDERIVATION_H #include <CommonCrypto/CommonKeyDerivation.h> #endif #include <stdio.h> #include <stdlib.h> #include <evp.h> #include <hmac.h> #include <roken.h> /** * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key. * * @param password Password. * @param password_len Length of password. * @param salt Salt * @param salt_len Length of salt. * @param iter iteration counter. * @param keylen the output key length. * @param key the output key. * * @return 1 on success, non 1 on failure. * * @ingroup hcrypto_misc */ int PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, const void * salt, size_t salt_len, unsigned long iter, size_t keylen, void *key) { #ifdef HAVE_COMMONCRYPTO_COMMONKEYDERIVATION_H if (CCKeyDerivationPBKDF(kCCPBKDF2, password, password_len, salt, salt_len, kCCPRFHmacAlgSHA1, iter, key, keylen) != 0) return 0; return 1; #else size_t datalen, leftofkey, checksumsize; char *data, *tmpcksum; uint32_t keypart; const EVP_MD *md; unsigned long i; int j; char *p; unsigned int hmacsize; md = EVP_sha1(); checksumsize = EVP_MD_size(md); datalen = salt_len + 4; tmpcksum = malloc(checksumsize + datalen); if (tmpcksum == NULL) return 0; data = &tmpcksum[checksumsize]; memcpy(data, salt, salt_len); keypart = 1; leftofkey = keylen; p = key; while (leftofkey) { int len; if (leftofkey > checksumsize) len = checksumsize; else len = leftofkey; data[datalen - 4] = (keypart >> 24) & 0xff; data[datalen - 3] = (keypart >> 16) & 0xff; data[datalen - 2] = (keypart >> 8) & 0xff; data[datalen - 1] = (keypart) & 0xff; HMAC(md, password, password_len, data, datalen, tmpcksum, &hmacsize); memcpy(p, tmpcksum, len); for (i = 1; i < iter; i++) { HMAC(md, password, password_len, tmpcksum, checksumsize, tmpcksum, &hmacsize); for (j = 0; j < len; j++) p[j] ^= tmpcksum[j]; } p += len; leftofkey -= len; keypart++; } free(tmpcksum); return 1; #endif }