/src/samba/third_party/heimdal/lib/hcrypto/pkcs5.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2006 Kungliga Tekniska Högskolan |
3 | | * (Royal Institute of Technology, Stockholm, Sweden). |
4 | | * All rights reserved. |
5 | | * |
6 | | * Redistribution and use in source and binary forms, with or without |
7 | | * modification, are permitted provided that the following conditions |
8 | | * are met: |
9 | | * |
10 | | * 1. Redistributions of source code must retain the above copyright |
11 | | * notice, this list of conditions and the following disclaimer. |
12 | | * |
13 | | * 2. Redistributions in binary form must reproduce the above copyright |
14 | | * notice, this list of conditions and the following disclaimer in the |
15 | | * documentation and/or other materials provided with the distribution. |
16 | | * |
17 | | * 3. Neither the name of the Institute nor the names of its contributors |
18 | | * may be used to endorse or promote products derived from this software |
19 | | * without specific prior written permission. |
20 | | * |
21 | | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
22 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
25 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | | * SUCH DAMAGE. |
32 | | */ |
33 | | |
34 | | #include <config.h> |
35 | | #include <roken.h> |
36 | | |
37 | | #ifdef KRB5 |
38 | | #include <krb5-types.h> |
39 | | #endif |
40 | | |
41 | | #include <evp.h> |
42 | | #include <hmac.h> |
43 | | |
44 | | /** |
45 | | * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key. |
46 | | * |
47 | | * @param password Password. |
48 | | * @param password_len Length of password. |
49 | | * @param salt Salt |
50 | | * @param salt_len Length of salt. |
51 | | * @param iter iteration counter. |
52 | | * @param md the digest function. |
53 | | * @param keylen the output key length. |
54 | | * @param key the output key. |
55 | | * |
56 | | * @return 1 on success, non 1 on failure. |
57 | | * |
58 | | * @ingroup hcrypto_misc |
59 | | */ |
60 | | |
61 | | int |
62 | | PKCS5_PBKDF2_HMAC(const void * password, size_t password_len, |
63 | | const void * salt, size_t salt_len, |
64 | | unsigned long iter, |
65 | | const EVP_MD *md, |
66 | | size_t keylen, void *key) |
67 | 0 | { |
68 | 0 | size_t datalen, leftofkey, checksumsize; |
69 | 0 | char *data, *tmpcksum; |
70 | 0 | uint32_t keypart; |
71 | 0 | unsigned long i; |
72 | 0 | int j; |
73 | 0 | char *p; |
74 | 0 | unsigned int hmacsize; |
75 | |
|
76 | 0 | if (md == NULL) |
77 | 0 | return 0; |
78 | | |
79 | 0 | checksumsize = EVP_MD_size(md); |
80 | 0 | datalen = salt_len + 4; |
81 | |
|
82 | 0 | tmpcksum = malloc(checksumsize + datalen); |
83 | 0 | if (tmpcksum == NULL) |
84 | 0 | return 0; |
85 | | |
86 | 0 | data = &tmpcksum[checksumsize]; |
87 | |
|
88 | 0 | if (salt_len) |
89 | 0 | memcpy(data, salt, salt_len); |
90 | |
|
91 | 0 | keypart = 1; |
92 | 0 | leftofkey = keylen; |
93 | 0 | p = key; |
94 | |
|
95 | 0 | while (leftofkey) { |
96 | 0 | int len; |
97 | |
|
98 | 0 | if (leftofkey > checksumsize) |
99 | 0 | len = checksumsize; |
100 | 0 | else |
101 | 0 | len = leftofkey; |
102 | |
|
103 | 0 | data[datalen - 4] = (keypart >> 24) & 0xff; |
104 | 0 | data[datalen - 3] = (keypart >> 16) & 0xff; |
105 | 0 | data[datalen - 2] = (keypart >> 8) & 0xff; |
106 | 0 | data[datalen - 1] = (keypart) & 0xff; |
107 | |
|
108 | 0 | HMAC(md, password, password_len, data, datalen, |
109 | 0 | tmpcksum, &hmacsize); |
110 | |
|
111 | 0 | memcpy(p, tmpcksum, len); |
112 | 0 | for (i = 1; i < iter; i++) { |
113 | 0 | HMAC(md, password, password_len, tmpcksum, checksumsize, |
114 | 0 | tmpcksum, &hmacsize); |
115 | |
|
116 | 0 | for (j = 0; j < len; j++) |
117 | 0 | p[j] ^= tmpcksum[j]; |
118 | 0 | } |
119 | |
|
120 | 0 | p += len; |
121 | 0 | leftofkey -= len; |
122 | 0 | keypart++; |
123 | 0 | } |
124 | |
|
125 | 0 | free(tmpcksum); |
126 | |
|
127 | 0 | return 1; |
128 | 0 | } |
129 | | |
130 | | /** |
131 | | * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key. |
132 | | * |
133 | | * @param password Password. |
134 | | * @param password_len Length of password. |
135 | | * @param salt Salt |
136 | | * @param salt_len Length of salt. |
137 | | * @param iter iteration counter. |
138 | | * @param keylen the output key length. |
139 | | * @param key the output key. |
140 | | * |
141 | | * @return 1 on success, non 1 on failure. |
142 | | * |
143 | | * @ingroup hcrypto_misc |
144 | | */ |
145 | | int |
146 | | PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, |
147 | | const void * salt, size_t salt_len, |
148 | | unsigned long iter, |
149 | | size_t keylen, void *key) |
150 | 0 | { |
151 | 0 | return PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, iter, |
152 | 0 | EVP_sha1(), keylen, key); |
153 | 0 | } |