projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| b1ab9ed8 A |
1 | /* |
| 2 | * SecPBKDF.h | |
| 3 | * | |
| d8f41ccd | 4 | * Copyright (c) 2010,2012 Apple Inc. All Rights Reserved. |
| b1ab9ed8 A |
5 | * |
| 6 | */ | |
| 7 | ||
| 8 | #include <CoreFoundation/CFData.h> | |
| 9 | ||
| 10 | #include <CommonCrypto/CommonHMAC.h> | |
| 11 | ||
| 12 | /* CC Based HMAC PRF functions */ | |
| 13 | void hmac_sha1_PRF(const uint8_t *key, | |
| 14 | size_t key_len, | |
| 15 | const uint8_t *text, | |
| 16 | size_t text_len, | |
| 17 | uint8_t digest[CC_SHA1_DIGEST_LENGTH]); | |
| 18 | ||
| 6b200bc3 A |
19 | void hmac_sha256_PRF(const uint8_t *key, |
| 20 | size_t key_len, | |
| 21 | const uint8_t *text, | |
| 22 | size_t text_len, | |
| 23 | uint8_t digest[CC_SHA256_DIGEST_LENGTH]); | |
| b1ab9ed8 | 24 | |
| 79b9da22 A |
25 | |
| 26 | /** | |
| 27 | PBKDF2 key derivation with HMAC-SHA1. | |
| 28 | ||
| 29 | @param passwordPtr The pointer to the passsword data | |
| 30 | @param passwordLen The password data length | |
| 31 | @param saltPtr The pointer to the salt | |
| 32 | @param saltLen The salt length | |
| 33 | @param iterationCount Number of PBKDF2 iterations | |
| 34 | @param dkPtr The pointer to the derived key | |
| 35 | @param dkLen The derived key length | |
| 36 | @return errSecMemoryError on a failure to allocate the buffer. errSecSuccess otherwise. | |
| 37 | */ | |
| 38 | OSStatus pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, | |
| b1ab9ed8 A |
39 | const uint8_t *saltPtr, size_t saltLen, |
| 40 | uint32_t iterationCount, | |
| 41 | void *dkPtr, size_t dkLen); | |
| 42 | ||
| 79b9da22 A |
43 | /** |
| 44 | PBKDF2 key derivation with HMAC-SHA256. | |
| 45 | ||
| 46 | @param passwordPtr The pointer to the passsword data | |
| 47 | @param passwordLen The password data length | |
| 48 | @param saltPtr The pointer to the salt | |
| 49 | @param saltLen The salt length | |
| 50 | @param iterationCount Number of PBKDF2 iterations | |
| 51 | @param dkPtr The pointer to the derived key | |
| 52 | @param dkLen The derived key length | |
| 53 | @return errSecMemoryError on a failure to allocate the buffer. errSecSuccess otherwise. | |
| 54 | */ | |
| 55 | OSStatus pbkdf2_hmac_sha256(const uint8_t *passwordPtr, size_t passwordLen, | |
| 6b200bc3 A |
56 | const uint8_t *saltPtr, size_t saltLen, |
| 57 | uint32_t iterationCount, | |
| 58 | void *dkPtr, size_t dkLen); | |
| b1ab9ed8 A |
59 | |
| 60 | /* Transformation conveninces from and to CFData where the password bytes used are the UTF-8 representation and 1000 iterations | |
| 61 | ||
| 62 | This routine promises not to make any copies of the password or salt that aren't | |
| 63 | eradicated before completion. | |
| 64 | ||
| 65 | The size of the result buffer is used to produce the derivedKey. | |
| 66 | ||
| 67 | Be careful when using CFTypes for secrets, they tend to copy data more than you'd like. | |
| 68 | If your password and or salt aren't already in CF types use the buffer versions above. | |
| 69 | ||
| 70 | If you already have the data in this form, the interface will unwrap and not copy the data anywhere extra for you. | |
| 71 | ||
| 72 | void SecKeyFromPassword_HMAC_sha1(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey) | |
| 73 | { | |
| 74 | pbkdf2_hmac_sha1(CFDataGetBytePtr(password), CFDataGetLength(password), | |
| 75 | CFDataGetBytePtr(salt), CFDataGetLength(salt), | |
| 76 | interationCount, | |
| 77 | CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey)); | |
| b1ab9ed8 A |
78 | } |
| 79 | ||
| 80 | Suggested way to transform strings into data: | |
| 81 | ||
| 82 | CFDataRef *passwordData = CFStringCreateExternalRepresentation(NULL, password, kCFStringEncodingUTF8, 0); | |
| 83 | ||
| 84 | ... | |
| 85 | ||
| 86 | CFReleaseSafe(passwordData); | |
| 87 | ||
| 88 | */ | |
| 89 | ||
| 79b9da22 A |
90 | /** |
| 91 | PBKDF2 key derivation with HMAC-SHA1. | |
| 92 | ||
| 93 | @param password Password data | |
| 94 | @param salt Salt data | |
| 95 | @param interationCount Number of PBKDF2 iterations | |
| 96 | @param derivedKey Mutable data reference to write the result of the key derivation | |
| 97 | @return errSecMemoryError on a failure to allocate the buffer. errSecSuccess otherwise. | |
| 98 | */ | |
| 99 | OSStatus SecKeyFromPassphraseDataHMACSHA1(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey); | |
| 100 | ||
| 101 | /** | |
| 102 | PBKDF2 key derivation with HMAC-SHA256. | |
| 103 | ||
| 104 | @param password Password data | |
| 105 | @param salt Salt data | |
| 106 | @param interationCount Number of PBKDF2 iterations | |
| 107 | @param derivedKey Mutable data reference to write the result of the key derivation | |
| 108 | @return errSecMemoryError on a failure to allocate the buffer. errSecSuccess otherwise. | |
| 109 | */ | |
| 110 | OSStatus SecKeyFromPassphraseDataHMACSHA256(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey); |