2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #include <krb5-types.h>
45 * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key.
47 * @param password Password.
48 * @param password_len Length of password.
50 * @param salt_len Length of salt.
51 * @param iter iteration counter.
52 * @param md the digest function.
53 * @param keylen the output key length.
54 * @param key the output key.
56 * @return 1 on success, non 1 on failure.
58 * @ingroup hcrypto_misc
62 PKCS5_PBKDF2_HMAC(const void * password
, size_t password_len
,
63 const void * salt
, size_t salt_len
,
66 size_t keylen
, void *key
)
68 size_t datalen
, leftofkey
, checksumsize
;
69 char *data
, *tmpcksum
;
74 unsigned int hmacsize
;
79 checksumsize
= EVP_MD_size(md
);
80 datalen
= salt_len
+ 4;
82 tmpcksum
= malloc(checksumsize
+ datalen
);
86 data
= &tmpcksum
[checksumsize
];
88 memcpy(data
, salt
, salt_len
);
97 if (leftofkey
> checksumsize
)
102 data
[datalen
- 4] = (keypart
>> 24) & 0xff;
103 data
[datalen
- 3] = (keypart
>> 16) & 0xff;
104 data
[datalen
- 2] = (keypart
>> 8) & 0xff;
105 data
[datalen
- 1] = (keypart
) & 0xff;
107 HMAC(md
, password
, password_len
, data
, datalen
,
108 tmpcksum
, &hmacsize
);
110 memcpy(p
, tmpcksum
, len
);
111 for (i
= 1; i
< iter
; i
++) {
112 HMAC(md
, password
, password_len
, tmpcksum
, checksumsize
,
113 tmpcksum
, &hmacsize
);
115 for (j
= 0; j
< len
; j
++)
130 * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key.
132 * @param password Password.
133 * @param password_len Length of password.
135 * @param salt_len Length of salt.
136 * @param iter iteration counter.
137 * @param keylen the output key length.
138 * @param key the output key.
140 * @return 1 on success, non 1 on failure.
142 * @ingroup hcrypto_misc
145 PKCS5_PBKDF2_HMAC_SHA1(const void * password
, size_t password_len
,
146 const void * salt
, size_t salt_len
,
148 size_t keylen
, void *key
)
150 return PKCS5_PBKDF2_HMAC(password
, password_len
, salt
, salt_len
, iter
,
151 EVP_sha1(), keylen
, key
);