]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecPBKDF.c
Security-58286.20.16.tar.gz
[apple/security.git] / OSX / sec / Security / SecPBKDF.c
1 /*
2 * SecPBKDF.c
3 *
4 * Copyright (c) 2010,2012 Apple Inc. All Rights Reserved.
5 *
6 */
7
8 #include "Security/SecPBKDF.h"
9 #include "Security/pbkdf2.h"
10
11 #include <CommonCrypto/CommonHMAC.h>
12
13 #include <string.h>
14
15 /* CC Based HMAC PRF functions */
16 void hmac_sha1_PRF(const uint8_t *key,
17 size_t key_len,
18 const uint8_t *text,
19 size_t text_len,
20 uint8_t digest[CC_SHA1_DIGEST_LENGTH])
21 {
22 CCHmacContext hmac_sha1_context;
23
24 CCHmacInit(&hmac_sha1_context, kCCHmacAlgSHA1, key, key_len);
25 CCHmacUpdate(&hmac_sha1_context, text, text_len);
26 CCHmacFinal(&hmac_sha1_context, digest);
27 }
28
29 void hmac_sha256_PRF(const uint8_t *key,
30 size_t key_len,
31 const uint8_t *text,
32 size_t text_len,
33 uint8_t digest[CC_SHA256_DIGEST_LENGTH])
34 {
35 CCHmacContext hmac_sha256_context;
36
37 CCHmacInit(&hmac_sha256_context, kCCHmacAlgSHA256, key, key_len);
38 CCHmacUpdate(&hmac_sha256_context, text, text_len);
39 CCHmacFinal(&hmac_sha256_context, digest);
40 }
41
42
43 /* This implements the HMAC SHA-1 version of pbkdf2 and allocates a local buffer for the HMAC */
44 void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen,
45 const uint8_t *saltPtr, size_t saltLen,
46 uint32_t iterationCount,
47 void *dkPtr, size_t dkLen)
48 {
49 // MAX(salt_length + 4, 20 /* SHA1 Digest size */) + 2 * 20;
50 // salt_length + HASH_SIZE is bigger than either salt + 4 and digestSize.
51 const size_t kBigEnoughSize = (saltLen + CC_SHA1_DIGEST_LENGTH) + 2 * CC_SHA1_DIGEST_LENGTH;
52 uint8_t temp_data[kBigEnoughSize];
53
54 pbkdf2(hmac_sha1_PRF, CC_SHA1_DIGEST_LENGTH,
55 passwordPtr, passwordLen,
56 saltPtr, saltLen,
57 iterationCount,
58 dkPtr, dkLen,
59 temp_data);
60
61 bzero(temp_data, kBigEnoughSize);
62 }
63
64 /* This implements the HMAC SHA-256 version of pbkdf2 and allocates a local buffer for the HMAC */
65 void pbkdf2_hmac_sha256(const uint8_t *passwordPtr, size_t passwordLen,
66 const uint8_t *saltPtr, size_t saltLen,
67 uint32_t iterationCount,
68 void *dkPtr, size_t dkLen)
69 {
70 // MAX(salt_length + 4, 32 /* SHA1 Digest size */) + 2 * 32;
71 // salt_length + HASH_SIZE is bigger than either salt + 4 and digestSize.
72 const size_t kBigEnoughSize = (saltLen + CC_SHA256_DIGEST_LENGTH) + 2 * CC_SHA256_DIGEST_LENGTH;
73 uint8_t temp_data[kBigEnoughSize];
74
75 pbkdf2(hmac_sha256_PRF, CC_SHA256_DIGEST_LENGTH,
76 passwordPtr, passwordLen,
77 saltPtr, saltLen,
78 iterationCount,
79 dkPtr, dkLen,
80 temp_data);
81
82 bzero(temp_data, kBigEnoughSize);
83 }
84
85 void SecKeyFromPassphraseDataHMACSHA1(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey)
86 {
87 pbkdf2_hmac_sha1(CFDataGetBytePtr(password), CFDataGetLength(password),
88 CFDataGetBytePtr(salt), CFDataGetLength(salt),
89 interationCount,
90 CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey));
91
92 }
93
94 void SecKeyFromPassphraseDataHMACSHA256(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey)
95 {
96 pbkdf2_hmac_sha256(CFDataGetBytePtr(password), CFDataGetLength(password),
97 CFDataGetBytePtr(salt), CFDataGetLength(salt),
98 interationCount,
99 CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey));
100
101 }