3 * PKCS #5 password-based key derivation function PBKDF2, see RFC 2898.
6 /* nettle, low-level cryptographics library
8 * Copyright (C) 2012 Simon Josefsson, Niels Möller
10 * The nettle library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published by
12 * the Free Software Foundation; either version 2.1 of the License, or (at your
13 * option) any later version.
15 * The nettle library is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
18 * License for more details.
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with the nettle library; see the file COPYING.LIB. If not, write to
22 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
38 #include "nettle-internal.h"
41 pbkdf2 (void *mac_ctx,
42 nettle_hash_update_func *update,
43 nettle_hash_digest_func *digest,
44 unsigned digest_size, unsigned iterations,
45 unsigned salt_length, const uint8_t *salt,
46 unsigned length, uint8_t *dst)
48 TMP_DECL(U, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
49 TMP_DECL(T, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
53 assert (iterations > 0);
58 TMP_ALLOC (U, digest_size);
59 TMP_ALLOC (T, digest_size);
62 i++, dst += digest_size, length -= digest_size)
68 WRITE_UINT32 (tmp, i);
70 update (mac_ctx, salt_length, salt);
71 update (mac_ctx, sizeof(tmp), tmp);
72 digest (mac_ctx, digest_size, T);
76 for (u = 1; u < iterations; u++, prev = U)
78 update (mac_ctx, digest_size, prev);
79 digest (mac_ctx, digest_size, U);
81 memxor (T, U, digest_size);
84 if (length <= digest_size)
86 memcpy (dst, T, length);
89 memcpy (dst, T, digest_size);