oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add support for sha256 and sha512 for the nist kdf

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-04-25 14:46:38 -07:00
parent e062131344
commit 66c15e7caf
2 changed files with 108 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/krb5/crypto-pk.c
View File

@@ -192,6 +192,8 @@ encode_otherinfo(krb5_context context,
return 0;
}
krb5_error_code
_krb5_pk_kdf(krb5_context context,
const struct AlgorithmIdentifier *ai,
@@ -211,10 +213,17 @@ _krb5_pk_kdf(krb5_context context,
size_t keylen, offset;
uint32_t counter;
unsigned char *keydata;
unsigned char shaoutput[SHA_DIGEST_LENGTH];
unsigned char shaoutput[SHA512_DIGEST_LENGTH];
const EVP_MD *md;
EVP_MD_CTX *m;
if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) != 0) {
if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) {
md = EVP_sha1();
} else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) {
md = EVP_sha256();
} else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) {
md = EVP_sha512();
} else {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("KDF not supported", ""));
return KRB5_PROG_ETYPE_NOSUPP;
@@ -264,7 +273,7 @@ _krb5_pk_kdf(krb5_context context,
do {
unsigned char cdata[4];
EVP_DigestInit_ex(m, EVP_sha1(), NULL);
EVP_DigestInit_ex(m, md, NULL);
_krb5_put_int(cdata, counter, 4);
EVP_DigestUpdate(m, cdata, 4);
EVP_DigestUpdate(m, dhdata, dhsize);
@@ -274,9 +283,9 @@ _krb5_pk_kdf(krb5_context context,
memcpy((unsigned char *)keydata + offset,
shaoutput,
min(keylen - offset, sizeof(shaoutput)));
min(keylen - offset, EVP_MD_CTX_size(m)));
offset += sizeof(shaoutput);
offset += EVP_MD_CTX_size(m);
counter++;
} while(offset < keylen);
memset(shaoutput, 0, sizeof(shaoutput));