* Nettle crypto backend implementation
*
* Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2012, Milan Broz
+ * Copyright (C) 2011-2014, Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <errno.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
+#include <nettle/pbkdf2.h>
#include "crypto_backend.h"
static char *version = "Nettle";
int crypt_hmac_destroy(struct crypt_hmac *ctx)
{
memset(ctx->key, 0, ctx->key_length);
- memset(ctx, 0, sizeof(*ctx));
free(ctx->key);
+ memset(ctx, 0, sizeof(*ctx));
free(ctx);
return 0;
}
char *key, size_t key_length,
unsigned int iterations)
{
+ struct crypt_hmac *h;
+ int r;
+
if (!kdf || strncmp(kdf, "pbkdf2", 6))
return -EINVAL;
- /* FIXME: switch to internal implementation in Nettle 2.6 */
- return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
- iterations, key_length, key);
+ r = crypt_hmac_init(&h, hash, password, password_length);
+ if (r < 0)
+ return r;
+
+ nettle_pbkdf2(&h->nettle_ctx, h->hash->nettle_hmac_update,
+ h->hash->nettle_hmac_digest, h->hash->length, iterations,
+ salt_length, (const uint8_t *)salt, key_length,
+ (uint8_t *)key);
+ crypt_hmac_destroy(h);
+
+ return 0;
}