1/* 2 * Copyright (c) 2006 Kungliga Tekniska H��gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include <config.h> 35 36#ifdef KRB5 37#include <krb5-types.h> 38#endif 39 40#include <stdio.h> 41#include <stdlib.h> 42 43#include <evp.h> 44#include <hmac.h> 45 46#include <roken.h> 47 48/** 49 * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key. 50 * 51 * @param password Password. 52 * @param password_len Length of password. 53 * @param salt Salt 54 * @param salt_len Length of salt. 55 * @param iter iteration counter. 56 * @param keylen the output key length. 57 * @param key the output key. 58 * 59 * @return 1 on success, non 1 on failure. 60 * 61 * @ingroup hcrypto_misc 62 */ 63 64int 65PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, 66 const void * salt, size_t salt_len, 67 unsigned long iter, 68 size_t keylen, void *key) 69{ 70 size_t datalen, leftofkey, checksumsize; 71 char *data, *tmpcksum; 72 uint32_t keypart; 73 const EVP_MD *md; 74 unsigned long i; 75 int j; 76 char *p; 77 unsigned int hmacsize; 78 79 md = EVP_sha1(); 80 checksumsize = EVP_MD_size(md); 81 datalen = salt_len + 4; 82 83 tmpcksum = malloc(checksumsize + datalen); 84 if (tmpcksum == NULL) 85 return 0; 86 87 data = &tmpcksum[checksumsize]; 88 89 memcpy(data, salt, salt_len); 90 91 keypart = 1; 92 leftofkey = keylen; 93 p = key; 94 95 while (leftofkey) { 96 int len; 97 98 if (leftofkey > checksumsize) 99 len = checksumsize; 100 else 101 len = leftofkey; 102 103 data[datalen - 4] = (keypart >> 24) & 0xff; 104 data[datalen - 3] = (keypart >> 16) & 0xff; 105 data[datalen - 2] = (keypart >> 8) & 0xff; 106 data[datalen - 1] = (keypart) & 0xff; 107 108 HMAC(md, password, password_len, data, datalen, 109 tmpcksum, &hmacsize); 110 111 memcpy(p, tmpcksum, len); 112 for (i = 1; i < iter; i++) { 113 HMAC(md, password, password_len, tmpcksum, checksumsize, 114 tmpcksum, &hmacsize); 115 116 for (j = 0; j < len; j++) 117 p[j] ^= tmpcksum[j]; 118 } 119 120 p += len; 121 leftofkey -= len; 122 keypart++; 123 } 124 125 free(tmpcksum); 126 127 return 1; 128} 129