1 /* $NetBSD: pkcs5_pbkdf2.c,v 1.1 2002/10/04 18:37:20 elric Exp $ */ 2 3 /*- 4 * Copyright (c) 2002 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Roland C. Dowdeswell. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the NetBSD 21 * Foundation, Inc. and its contributors. 22 * 4. Neither the name of The NetBSD Foundation nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39 /* 40 * This code is an implementation of PKCS #5 PBKDF2 which is described 41 * in: 42 * 43 * ``PKCS #5 v2.0: Password-Based Cryptography Standard'', RSA Laboratories, 44 * March 25, 1999. 45 * 46 * and can be found at the following URL: 47 * 48 * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/ 49 * 50 * It was also republished as RFC 2898. 51 */ 52 53 54 #include <sys/cdefs.h> 55 #ifndef lint 56 __RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.1 2002/10/04 18:37:20 elric Exp $"); 57 #endif 58 59 #include <assert.h> 60 #include <malloc.h> 61 #include <stdlib.h> 62 #include <string.h> 63 64 #include <openssl/hmac.h> 65 66 #include "pkcs5_pbkdf2.h" 67 #include "utils.h" 68 69 static void int_encode(u_int8_t *, int); 70 static void prf_iterate(u_int8_t *, const u_int8_t *, int, 71 const u_int8_t *, int, int, int); 72 73 #define PRF_BLOCKLEN 20 74 75 /* 76 * int_encode encodes i as a four octet integer, most significant 77 * octet first. (from the end of Step 3). 78 */ 79 80 static void 81 int_encode(u_int8_t *res, int i) 82 { 83 84 *res++ = (i >> 24) & 0xff; 85 *res++ = (i >> 16) & 0xff; 86 *res++ = (i >> 8) & 0xff; 87 *res = (i ) & 0xff; 88 } 89 90 void 91 prf_iterate(u_int8_t *r, const u_int8_t *P, int Plen, 92 const u_int8_t *S, int Slen, int c, int ind) 93 { 94 int first_time = 1; 95 int i; 96 int datalen; 97 int tmplen; 98 u_int8_t *data; 99 u_int8_t tmp[EVP_MAX_MD_SIZE]; 100 101 data = malloc(Slen + 4); 102 memcpy(data, S, Slen); 103 int_encode(data + Slen, ind); 104 datalen = Slen + 4; 105 106 for (i=0; i < c; i++) { 107 HMAC(EVP_sha1(), P, Plen, data, datalen, tmp, &tmplen); 108 109 assert(tmplen == PRF_BLOCKLEN); 110 111 if (first_time) { 112 memcpy(r, tmp, PRF_BLOCKLEN); 113 first_time = 0; 114 } else 115 memxor(r, tmp, PRF_BLOCKLEN); 116 memcpy(data, tmp, PRF_BLOCKLEN); 117 datalen = PRF_BLOCKLEN; 118 } 119 free(data); 120 } 121 122 /* 123 * pkcs5_pbkdf2 takes all of its lengths in bytes. 124 */ 125 126 int 127 pkcs5_pbkdf2(u_int8_t **r, int dkLen, const u_int8_t *P, int Plen, 128 const u_int8_t *S, int Slen, int c) 129 { 130 int i; 131 int l; 132 133 /* sanity */ 134 if (!r) 135 return -1; 136 if (dkLen <= 0) 137 return -1; 138 if (c < 1) 139 return -1; 140 141 /* Step 2 */ 142 l = (dkLen + PRF_BLOCKLEN - 1) / PRF_BLOCKLEN; 143 144 /* allocate the output */ 145 *r = malloc(l * PRF_BLOCKLEN); 146 if (!*r) 147 return -1; 148 149 /* Step 3 */ 150 for (i=0; i < l; i++) 151 prf_iterate(*r + (PRF_BLOCKLEN * i), P, Plen, S, Slen, c, i); 152 153 /* Step 4 and 5 154 * by the structure of the code, we do not need to concatenate 155 * the blocks, they're already concatenated. We do not extract 156 * the first dkLen octets, since we [naturally] assume that the 157 * calling function will use only the octets that it needs and 158 * the free(3) will free all of the allocated memory. 159 */ 160 return 0; 161 } 162