X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/OSX/sec/Security/SecPBKDF.c diff --git a/OSX/sec/Security/SecPBKDF.c b/OSX/sec/Security/SecPBKDF.c new file mode 100644 index 00000000..0aa2bc24 --- /dev/null +++ b/OSX/sec/Security/SecPBKDF.c @@ -0,0 +1,59 @@ +/* + * SecPBKDF.c + * + * Copyright (c) 2010,2012 Apple Inc. All Rights Reserved. + * + */ + +#include "Security/SecPBKDF.h" +#include "Security/pbkdf2.h" + +#include + +#include + +/* CC Based HMAC PRF functions */ +void hmac_sha1_PRF(const uint8_t *key, + size_t key_len, + const uint8_t *text, + size_t text_len, + uint8_t digest[CC_SHA1_DIGEST_LENGTH]) +{ + CCHmacContext hmac_sha1_context; + + CCHmacInit(&hmac_sha1_context, kCCHmacAlgSHA1, key, key_len); + CCHmacUpdate(&hmac_sha1_context, text, text_len); + CCHmacFinal(&hmac_sha1_context, digest); +} + + +/* This implements the HMAC SHA-1 version of pbkdf2 and allocates a local buffer for the HMAC */ +void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, + const uint8_t *saltPtr, size_t saltLen, + uint32_t iterationCount, + void *dkPtr, size_t dkLen) +{ + // MAX(salt_length + 4, 20 /* SHA1 Digest size */) + 2 * 20; + // salt_length + HASH_SIZE is bigger than either salt + 4 and digestSize. + const size_t kBigEnoughSize = (saltLen + CC_SHA1_DIGEST_LENGTH) + 2 * CC_SHA1_DIGEST_LENGTH; + uint8_t temp_data[kBigEnoughSize]; + + pbkdf2(hmac_sha1_PRF, CC_SHA1_DIGEST_LENGTH, + passwordPtr, passwordLen, + saltPtr, saltLen, + iterationCount, + dkPtr, dkLen, + temp_data); + + bzero(temp_data, kBigEnoughSize); +} + + +void SecKeyFromPassphraseDataHMACSHA1(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey) +{ + pbkdf2_hmac_sha1(CFDataGetBytePtr(password), CFDataGetLength(password), + CFDataGetBytePtr(salt), CFDataGetLength(salt), + interationCount, + CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey)); + +}