krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07
This commit is contained in:
Luke Howard
@@ -98,6 +98,7 @@
|
||||
#define EVP_sha256 hc_EVP_sha256
|
||||
#define EVP_sha384 hc_EVP_sha384
|
||||
#define EVP_sha512 hc_EVP_sha512
|
||||
#define PKCS5_PBKDF2_HMAC hc_PKCS5_PBKDF2_HMAC
|
||||
#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1
|
||||
#define EVP_BytesToKey hc_EVP_BytesToKey
|
||||
#define EVP_get_cipherbyname hc_EVP_get_cipherbyname
|
||||
@@ -333,6 +334,9 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, void *, int *);
|
||||
|
||||
int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
|
||||
|
||||
int PKCS5_PBKDF2_HMAC(const void *, size_t, const void *, size_t,
|
||||
unsigned long, const EVP_MD *, size_t, void *);
|
||||
|
||||
int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t,
|
||||
unsigned long, size_t, void *);
|
||||
|
||||
|
||||
@@ -276,6 +276,7 @@ EXPORTS
|
||||
hc_OpenSSL_add_all_algorithms_conf
|
||||
hc_OpenSSL_add_all_algorithms_noconf
|
||||
hc_PKCS12_key_gen
|
||||
hc_PKCS5_PBKDF2_HMAC
|
||||
hc_PKCS5_PBKDF2_HMAC_SHA1
|
||||
hc_RAND_add
|
||||
hc_RAND_bytes
|
||||
|
||||
@@ -49,6 +49,7 @@
|
||||
* @param salt Salt
|
||||
* @param salt_len Length of salt.
|
||||
* @param iter iteration counter.
|
||||
* @param md the digest function.
|
||||
* @param keylen the output key length.
|
||||
* @param key the output key.
|
||||
*
|
||||
@@ -58,21 +59,23 @@
|
||||
*/
|
||||
|
||||
int
|
||||
PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
|
||||
const void * salt, size_t salt_len,
|
||||
unsigned long iter,
|
||||
size_t keylen, void *key)
|
||||
PKCS5_PBKDF2_HMAC(const void * password, size_t password_len,
|
||||
const void * salt, size_t salt_len,
|
||||
unsigned long iter,
|
||||
const EVP_MD *md,
|
||||
size_t keylen, void *key)
|
||||
{
|
||||
size_t datalen, leftofkey, checksumsize;
|
||||
char *data, *tmpcksum;
|
||||
uint32_t keypart;
|
||||
const EVP_MD *md;
|
||||
unsigned long i;
|
||||
int j;
|
||||
char *p;
|
||||
unsigned int hmacsize;
|
||||
|
||||
md = EVP_sha1();
|
||||
if (md == NULL)
|
||||
return 0;
|
||||
|
||||
checksumsize = EVP_MD_size(md);
|
||||
datalen = salt_len + 4;
|
||||
|
||||
@@ -122,3 +125,28 @@ PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key.
|
||||
*
|
||||
* @param password Password.
|
||||
* @param password_len Length of password.
|
||||
* @param salt Salt
|
||||
* @param salt_len Length of salt.
|
||||
* @param iter iteration counter.
|
||||
* @param keylen the output key length.
|
||||
* @param key the output key.
|
||||
*
|
||||
* @return 1 on success, non 1 on failure.
|
||||
*
|
||||
* @ingroup hcrypto_misc
|
||||
*/
|
||||
int
|
||||
PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
|
||||
const void * salt, size_t salt_len,
|
||||
unsigned long iter,
|
||||
size_t keylen, void *key)
|
||||
{
|
||||
return PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, iter,
|
||||
EVP_sha1(), keylen, key);
|
||||
}
|
||||
|
||||
@@ -107,24 +107,24 @@ test_pkcs5_pbe2(const struct tests *t)
|
||||
unsigned char key[32];
|
||||
int ret, error = 0;
|
||||
|
||||
ret = PKCS5_PBKDF2_HMAC_SHA1(t->password, strlen(t->password),
|
||||
t->salt, strlen(t->salt),
|
||||
t->iterations,
|
||||
16, key);
|
||||
ret = PKCS5_PBKDF2_HMAC(t->password, strlen(t->password),
|
||||
t->salt, strlen(t->salt),
|
||||
t->iterations, EVP_sha1(),
|
||||
16, key);
|
||||
if (ret != 1)
|
||||
errx(1, "PKCS5_PBKDF2_HMAC_SHA1: %d", ret);
|
||||
errx(1, "PKCS5_PBKDF2_HMAC: %d", ret);
|
||||
|
||||
if (memcmp(t->pbkdf2_128, key, 16) != 0) {
|
||||
printf("incorrect 128 key\n");
|
||||
error++;
|
||||
}
|
||||
|
||||
ret = PKCS5_PBKDF2_HMAC_SHA1(t->password, strlen(t->password),
|
||||
t->salt, strlen(t->salt),
|
||||
t->iterations,
|
||||
32, key);
|
||||
ret = PKCS5_PBKDF2_HMAC(t->password, strlen(t->password),
|
||||
t->salt, strlen(t->salt),
|
||||
t->iterations, EVP_sha1(),
|
||||
32, key);
|
||||
if (ret != 1)
|
||||
errx(1, "PKCS5_PBKDF2_HMAC_SHA1: %d", ret);
|
||||
errx(1, "PKCS5_PBKDF2_HMAC: %d", ret);
|
||||
|
||||
if (memcmp(t->pbkdf2_256, key, 32) != 0) {
|
||||
printf("incorrect 256 key\n");
|
||||
|
||||
@@ -133,6 +133,7 @@
|
||||
#undef EVP_sha256
|
||||
#undef EVP_sha384
|
||||
#undef EVP_sha512
|
||||
#undef PKCS5_PBKDF2_HMAC
|
||||
#undef PKCS5_PBKDF2_HMAC_SHA1
|
||||
#undef EVP_BytesToKey
|
||||
#undef EVP_get_cipherbyname
|
||||
|
||||
@@ -261,6 +261,7 @@ HEIMDAL_CRYPTO_1.0 {
|
||||
hc_OpenSSL_add_all_algorithms_conf;
|
||||
hc_OpenSSL_add_all_algorithms_noconf;
|
||||
hc_PKCS12_key_gen;
|
||||
hc_PKCS5_PBKDF2_HMAC;
|
||||
hc_PKCS5_PBKDF2_HMAC_SHA1;
|
||||
hc_RAND_add;
|
||||
hc_RAND_bytes;
|
||||
|
||||
Reference in New Issue
Block a user