[swtpm.git] / src / swtpm / key.c

/*
 * key.c -- Common key handling code for swtpm and swtpm_cuse
 *
 * (c) Copyright IBM Corporation 2014, 2015.
 *
 * Author: Stefan Berger <stefanb@us.ibm.com>
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 *
 * Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
 *
 * Neither the names of the IBM Corporation nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "config.h"

#include <openssl/sha.h>
#include <openssl/evp.h>

#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>

#include "key.h"
#include "logging.h"

/*
 * key_format_from_string:
 * Convert the string into a key format identifier
 * @format: either 'hex' or 'binary'
 *
 * Returns a key format identifier
 */
enum key_format
key_format_from_string(const char *format)
{
    if (!strcmp(format, "hex")) {
        return KEY_FORMAT_HEX;
    } else if (!strcmp(format, "binary")) {
        return KEY_FORMAT_BINARY;
    }
    logprintf(STDERR_FILENO, "Unknown key format '%s'.\n", format);

    return KEY_FORMAT_UNKNOWN;
}

/*
 * encryption_mode_from_string:
 * Convert the string into a encryption mode identifier
 * @mode: string describing encryption mode
 *
 * Returns an encryption mode identifier
 */
enum encryption_mode
encryption_mode_from_string(const char *mode)
{
    if (!strcmp(mode, "aes-cbc")) {
        return ENCRYPTION_MODE_AES_CBC;
    }

    return ENCRYPTION_MODE_UNKNOWN;
}

/*
 * kdf_identifier_from_string:
 * Convert the string in a kdf identifier
 * @mode: string describing the kdf
 *
 * Return a kdf identifier
 */
enum kdf_identifier
kdf_identifier_from_string(const char *kdf)
{
    if (!strcmp(kdf, "sha512")) {
        return KDF_IDENTIFIER_SHA512;
    } else if (!strcmp(kdf, "pbkdf2")) {
        return KDF_IDENTIFIER_PBKDF2;
    }

    return KDF_IDENTIFIER_UNKNOWN;
}

/*
 * key_stream_to_bin
 * Convert a stream of ASCII hex digits into a key; convert a maximum of
 * bin_size bytes;
 *
 * @input: input data holding hex digits
 * @bin: output field of bin_size
 * @bin_size: max. number of bytes to convert
 *
 * Returns the number of digits that were converted.
 */
static ssize_t
key_stream_to_bin(const char *input, unsigned char *bin, size_t bin_size)
{
    ssize_t digits = 0;
    int n, num;

    while (input[digits] &&
           !isspace(input[digits]) &&
           bin_size > (size_t)digits / 2) {
        num = sscanf(&input[digits], "%2hhx%n", &bin[digits/2], &n);
        if (num != 1 || n != 2)
            return -1;
        digits += 2;
    }

    if (input[digits] && !isspace(input[digits]))
        return -1;

    return (digits != 0) ? digits : -1;
}

/*
 * key_parse_as_hexkey:
 * Parse the raw key data as a key in ASCII hex format; they key may
 * have a leading '0x'.
 * @rawkey: ASCII data for a hex key with possible leading '0x'
 * @key: buffer for key
 * @keylen: actual key len returned by this function
 * @maxkeylen: the max. size of the key; this is equivalent to the size of
 *             the key buffer
 * Returns 0 on success, -1 on failure
 */
static int
key_parse_as_hexkey(const char *rawkey,
                    unsigned char *key, size_t *keylen, size_t maxkeylen)
{
    ssize_t digits;
    off_t offset = 0;

    if (!strncmp(rawkey, "0x", 2))
        offset = 2;

    digits = key_stream_to_bin(&rawkey[offset], key, maxkeylen);
    if (digits < 0) {
        logprintf(STDERR_FILENO,
                  "Could not parse key hex string into %zu byte buffer.\n",
                  maxkeylen);
        return -1;
    } else if (digits == 128/4) {
        *keylen = 128/8;
    } else if (digits == 256/4) {
        *keylen = 256/8;
    } else {
        logprintf(STDERR_FILENO,
                  "Unsupported key length with %zu digits.\n",
                  digits);
        return -1;
    }
    if (*keylen < maxkeylen) {
        logprintf(STDERR_FILENO,
                  "The provided key is too short. Got %zu bytes, need %zu.\n",
                  *keylen, maxkeylen);
        return -1;
    }

    return 0;
}

/*
 * key_load_key:
 * Load the raw key data from a file and convert it to a key.
 * @filename: file holding the raw key data
 * @keyformat: the format the raw key data are in; may either indicate
 *             binary data or hex string
 * @key: the buffer for holding the converted key
 * @keylen: the actual key len of the converted key returned by this
 *          function
 * @maxkeylen: the max. size of the key; corresponds to the size of the
 *             key buffer
 */
int
key_load_key(const char *filename, enum key_format keyformat,
             unsigned char *key, size_t *keylen, size_t maxkeylen)
{
    int ret = -1;
    int fd;
    char filebuffer[2 + 256/4 + 1 + 1];
    ssize_t len;

    fd = open(filename, O_RDONLY);
    if (fd < 0) {
        logprintf(STDERR_FILENO, "Unable to open file %s: %s\n",
                  filename, strerror(errno));
        return -1;
    }
    len = read(fd, filebuffer, sizeof(filebuffer) - 1);
    close(fd);
    if (len < 0) {
        logprintf(STDERR_FILENO, "Unable to read key: %s\n",
                  strerror(errno));
        return -1;
    }
    filebuffer[len] = 0;

    switch (keyformat) {
    case KEY_FORMAT_BINARY:
        *keylen = len;
        if (maxkeylen < (size_t)len) {
            logprintf(STDERR_FILENO,
                      "Key is larger than buffer (%zu > %zu).\n",
                      len, maxkeylen);
            return -1;
        }
        memcpy(key, filebuffer, len);
        ret = 0;
        break;
    case KEY_FORMAT_HEX:
        if (key_parse_as_hexkey(filebuffer, key, keylen, maxkeylen) < 0)
            return -1;
        ret = 0;
        break;
    case KEY_FORMAT_UNKNOWN:
        break;
    }

    return ret;
}

/*
 * key_from_pwdfile:
 * Read the key from the given password file, convert the password into
 * a key by applying a SHA512 on the password and use the first bytes
 * of the hash as the key.
 * @filename: name of the file holding the password
 * @key: the buffer for holding the key
 * @keylen: the actual key len of the converted key returned by this
 *          function
 * @maxkeylen: the max. size of the key; corresponds to the size of the
 *             key buffer
 * @kdfid: the kdf to invoke to create the key
 */
int
key_from_pwdfile(const char *filename, unsigned char *key, size_t *keylen,
                 size_t maxkeylen, enum kdf_identifier kdfid)
{
    unsigned char *filebuffer = NULL;
    size_t filelen;
    int fd = -1;
    ssize_t len;
    unsigned char hashbuf[SHA512_DIGEST_LENGTH];
    struct stat statbuf;
    int ret = -1;
    const unsigned char salt[] = {'s','w','t','p','m'};

    if (maxkeylen > sizeof(hashbuf)) {
        logprintf(STDERR_FILENO,
                  "Request keylength is too big (%zu > %zu)\n",
                  maxkeylen, sizeof(hashbuf));
        return -1;
    }

    fd = open(filename, O_RDONLY);
    if (fd < 0) {
        logprintf(STDERR_FILENO,
                  "Unable to open file %s : %s\n",
                  filename, strerror(errno));
        return -1;
    }
    if (fstat(fd, &statbuf) < 0) {
        logprintf(STDERR_FILENO,
                  "Unable to stat file %s : %s\n",
                  filename, strerror(errno));
        goto exit_close;
    }
    filelen = statbuf.st_size;

    filebuffer = malloc(filelen);
    if (!filebuffer) {
        logprintf(STDERR_FILENO,
                  "Could not allocate %zu bytes for filebuffer\n",
                  filebuffer);
        goto exit_close;
    }

    len = read(fd, filebuffer, filelen);
    if (len < 0) {
        logprintf(STDERR_FILENO,
                  "Unable to read passphrase: %s\n",
                  strerror(errno));
        goto exit_close;
    }

    *keylen = maxkeylen;

    switch (kdfid) {
    case KDF_IDENTIFIER_SHA512:
        if (sizeof(hashbuf) < *keylen) {
            logprintf(STDERR_FILENO,
                      "Requested %zu bytes for key, only got %zu.\n",
                      *keylen, sizeof(hashbuf));
            goto exit_close;
        }
        SHA512(filebuffer, filelen, hashbuf);
        memcpy(key, hashbuf, *keylen);
        break;
    case KDF_IDENTIFIER_PBKDF2:
        if (PKCS5_PBKDF2_HMAC((const char *)filebuffer, len,
                              salt, sizeof(salt), 1000,
                              EVP_sha512(), *keylen, key) != 1) {
            logprintf(STDERR_FILENO,
                      "PKCS5_PBKDF2_HMAC with SHA512 failed\n");
            goto exit_close;
        }
        break;
    case KDF_IDENTIFIER_UNKNOWN:
        logprintf(STDERR_FILENO,
                  "Unknown KDF\n");
        goto exit_close;
    }

    ret =  0;

exit_close:
    if (fd >= 0)
        close(fd);

    free(filebuffer);

    return ret;
}
Commit	Line	Data
f163b202 SB	1	/*
	2	* key.c -- Common key handling code for swtpm and swtpm_cuse
	3	*
ad976d1a	4	* (c) Copyright IBM Corporation 2014, 2015.
f163b202 SB	5	*
	6	* Author: Stefan Berger <stefanb@us.ibm.com>
	7	*
	8	* All rights reserved.
	9	*
	10	* Redistribution and use in source and binary forms, with or without
	11	* modification, are permitted provided that the following conditions are
	12	* met:
	13	*
	14	* Redistributions of source code must retain the above copyright notice,
	15	* this list of conditions and the following disclaimer.
	16	*
	17	* Redistributions in binary form must reproduce the above copyright
	18	* notice, this list of conditions and the following disclaimer in the
	19	* documentation and/or other materials provided with the distribution.
	20	*
	21	* Neither the names of the IBM Corporation nor the names of its
	22	* contributors may be used to endorse or promote products derived from
	23	* this software without specific prior written permission.
	24	*
	25	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	26	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	27	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	28	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	29	* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	30	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	31	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	32	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	33	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	34	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	35	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	36	*/
	37
	38	#include "config.h"
	39
7849b6c6	40	#include <openssl/sha.h>
a39f098f	41	#include <openssl/evp.h>
f163b202 SB	42
	43	#include <ctype.h>
	44	#include <errno.h>
	45	#include <fcntl.h>
	46	#include <string.h>
	47	#include <stdio.h>
a39f098f	48	#include <stdlib.h>
f163b202 SB	49	#include <unistd.h>
	50	#include <sys/types.h>
	51	#include <sys/stat.h>
	52
	53	#include "key.h"
cba81569	54	#include "logging.h"
f163b202	55
58548ac6 SB	56	/*
	57	* key_format_from_string:
	58	* Convert the string into a key format identifier
	59	* @format: either 'hex' or 'binary'
	60	*
	61	* Returns a key format identifier
	62	*/
f163b202 SB	63	enum key_format
	64	key_format_from_string(const char *format)
	65	{
	66	if (!strcmp(format, "hex")) {
	67	return KEY_FORMAT_HEX;
	68	} else if (!strcmp(format, "binary")) {
	69	return KEY_FORMAT_BINARY;
	70	}
cba81569	71	logprintf(STDERR_FILENO, "Unknown key format '%s'.\n", format);
f163b202 SB	72
	73	return KEY_FORMAT_UNKNOWN;
	74	}
	75
58548ac6 SB	76	/*
	77	* encryption_mode_from_string:
	78	* Convert the string into a encryption mode identifier
	79	* @mode: string describing encryption mode
	80	*
	81	* Returns an encryption mode identifier
	82	*/
f163b202 SB	83	enum encryption_mode
	84	encryption_mode_from_string(const char *mode)
	85	{
	86	if (!strcmp(mode, "aes-cbc")) {
	87	return ENCRYPTION_MODE_AES_CBC;
	88	}
	89
	90	return ENCRYPTION_MODE_UNKNOWN;
	91	}
	92
a39f098f SB	93	/*
	94	* kdf_identifier_from_string:
	95	* Convert the string in a kdf identifier
	96	* @mode: string describing the kdf
	97	*
	98	* Return a kdf identifier
	99	*/
	100	enum kdf_identifier
	101	kdf_identifier_from_string(const char *kdf)
	102	{
	103	if (!strcmp(kdf, "sha512")) {
	104	return KDF_IDENTIFIER_SHA512;
	105	} else if (!strcmp(kdf, "pbkdf2")) {
	106	return KDF_IDENTIFIER_PBKDF2;
	107	}
	108
	109	return KDF_IDENTIFIER_UNKNOWN;
	110	}
	111
58548ac6 SB	112	/*
	113	* key_stream_to_bin
	114	* Convert a stream of ASCII hex digits into a key; convert a maximum of
	115	* bin_size bytes;
	116	*
	117	* @input: input data holding hex digits
	118	* @bin: output field of bin_size
	119	* @bin_size: max. number of bytes to convert
	120	*
	121	* Returns the number of digits that were converted.
	122	*/
f163b202 SB	123	static ssize_t
	124	key_stream_to_bin(const char input, unsigned char bin, size_t bin_size)
	125	{
	126	ssize_t digits = 0;
	127	int n, num;
	128
	129	while (input[digits] &&
	130	!isspace(input[digits]) &&
	131	bin_size > (size_t)digits / 2) {
	132	num = sscanf(&input[digits], "%2hhx%n", &bin[digits/2], &n);
	133	if (num != 1 \|\| n != 2)
	134	return -1;
	135	digits += 2;
	136	}
	137
	138	if (input[digits] && !isspace(input[digits]))
	139	return -1;
	140
	141	return (digits != 0) ? digits : -1;
	142	}
	143
58548ac6 SB	144	/*
	145	* key_parse_as_hexkey:
	146	* Parse the raw key data as a key in ASCII hex format; they key may
	147	* have a leading '0x'.
	148	* @rawkey: ASCII data for a hex key with possible leading '0x'
	149	* @key: buffer for key
	150	* @keylen: actual key len returned by this function
	151	* @maxkeylen: the max. size of the key; this is equivalent to the size of
	152	* the key buffer
	153	* Returns 0 on success, -1 on failure
	154	*/
f163b202 SB	155	static int
	156	key_parse_as_hexkey(const char *rawkey,
	157	unsigned char key, size_t keylen, size_t maxkeylen)
	158	{
	159	ssize_t digits;
	160	off_t offset = 0;
	161
	162	if (!strncmp(rawkey, "0x", 2))
	163	offset = 2;
	164
	165	digits = key_stream_to_bin(&rawkey[offset], key, maxkeylen);
	166	if (digits < 0) {
cba81569 SB	167	logprintf(STDERR_FILENO,
	168	"Could not parse key hex string into %zu byte buffer.\n",
	169	maxkeylen);
f163b202 SB	170	return -1;
	171	} else if (digits == 128/4) {
	172	*keylen = 128/8;
748df6ee SB	173	} else if (digits == 256/4) {
748df6ee SB	174	*keylen = 256/8;
f163b202	175	} else {
cba81569 SB	176	logprintf(STDERR_FILENO,
	177	"Unsupported key length with %zu digits.\n",
	178	digits);
f163b202 SB	179	return -1;
f163b202 SB	180	}
748df6ee SB	181	if (*keylen < maxkeylen) {
	182	logprintf(STDERR_FILENO,
	183	"The provided key is too short. Got %zu bytes, need %zu.\n",
	184	*keylen, maxkeylen);
	185	return -1;
	186	}
f163b202 SB	187
	188	return 0;
	189	}
	190
58548ac6 SB	191	/*
	192	* key_load_key:
	193	* Load the raw key data from a file and convert it to a key.
	194	* @filename: file holding the raw key data
	195	* @keyformat: the format the raw key data are in; may either indicate
	196	* binary data or hex string
	197	* @key: the buffer for holding the converted key
	198	* @keylen: the actual key len of the converted key returned by this
	199	* function
	200	* @maxkeylen: the max. size of the key; corresponds to the size of the
	201	* key buffer
	202	*/
f163b202 SB	203	int
	204	key_load_key(const char *filename, enum key_format keyformat,
	205	unsigned char key, size_t keylen, size_t maxkeylen)
	206	{
	207	int ret = -1;
	208	int fd;
748df6ee	209	char filebuffer[2 + 256/4 + 1 + 1];
da521f04	210	ssize_t len;
f163b202 SB	211
	212	fd = open(filename, O_RDONLY);
	213	if (fd < 0) {
cba81569 SB	214	logprintf(STDERR_FILENO, "Unable to open file %s: %s\n",
cba81569 SB	215	filename, strerror(errno));
f163b202 SB	216	return -1;
	217	}
	218	len = read(fd, filebuffer, sizeof(filebuffer) - 1);
	219	close(fd);
	220	if (len < 0) {
cba81569 SB	221	logprintf(STDERR_FILENO, "Unable to read key: %s\n",
cba81569 SB	222	strerror(errno));
f163b202 SB	223	return -1;
	224	}
	225	filebuffer[len] = 0;
	226
	227	switch (keyformat) {
	228	case KEY_FORMAT_BINARY:
	229	*keylen = len;
da521f04	230	if (maxkeylen < (size_t)len) {
cba81569 SB	231	logprintf(STDERR_FILENO,
	232	"Key is larger than buffer (%zu > %zu).\n",
	233	len, maxkeylen);
f163b202 SB	234	return -1;
	235	}
	236	memcpy(key, filebuffer, len);
	237	ret = 0;
	238	break;
	239	case KEY_FORMAT_HEX:
	240	if (key_parse_as_hexkey(filebuffer, key, keylen, maxkeylen) < 0)
	241	return -1;
	242	ret = 0;
	243	break;
	244	case KEY_FORMAT_UNKNOWN:
	245	break;
	246	}
	247
	248	return ret;
	249	}
	250
58548ac6 SB	251	/*
	252	* key_from_pwdfile:
	253	* Read the key from the given password file, convert the password into
	254	* a key by applying a SHA512 on the password and use the first bytes
	255	* of the hash as the key.
	256	* @filename: name of the file holding the password
	257	* @key: the buffer for holding the key
58548ac6 SB	258	* @keylen: the actual key len of the converted key returned by this
	259	* function
	260	* @maxkeylen: the max. size of the key; corresponds to the size of the
	261	* key buffer
a39f098f	262	* @kdfid: the kdf to invoke to create the key
58548ac6	263	*/
f163b202 SB	264	int
f163b202 SB	265	key_from_pwdfile(const char filename, unsigned char key, size_t *keylen,
a39f098f	266	size_t maxkeylen, enum kdf_identifier kdfid)
f163b202	267	{
a39f098f SB	268	unsigned char *filebuffer = NULL;
	269	size_t filelen;
	270	int fd = -1;
0268ef45	271	ssize_t len;
3bbdd7bc	272	unsigned char hashbuf[SHA512_DIGEST_LENGTH];
a39f098f SB	273	struct stat statbuf;
	274	int ret = -1;
	275	const unsigned char salt[] = {'s','w','t','p','m'};
f163b202 SB	276
f163b202 SB	277	if (maxkeylen > sizeof(hashbuf)) {
cba81569 SB	278	logprintf(STDERR_FILENO,
	279	"Request keylength is too big (%zu > %zu)\n",
	280	maxkeylen, sizeof(hashbuf));
f163b202 SB	281	return -1;
	282	}
	283
	284	fd = open(filename, O_RDONLY);
	285	if (fd < 0) {
cba81569 SB	286	logprintf(STDERR_FILENO,
	287	"Unable to open file %s : %s\n",
	288	filename, strerror(errno));
f163b202 SB	289	return -1;
f163b202 SB	290	}
a39f098f SB	291	if (fstat(fd, &statbuf) < 0) {
	292	logprintf(STDERR_FILENO,
	293	"Unable to stat file %s : %s\n",
	294	filename, strerror(errno));
	295	goto exit_close;
	296	}
	297	filelen = statbuf.st_size;
f163b202	298
a39f098f SB	299	filebuffer = malloc(filelen);
	300	if (!filebuffer) {
	301	logprintf(STDERR_FILENO,
	302	"Could not allocate %zu bytes for filebuffer\n",
	303	filebuffer);
	304	goto exit_close;
	305	}
	306
	307	len = read(fd, filebuffer, filelen);
f163b202	308	if (len < 0) {
cba81569 SB	309	logprintf(STDERR_FILENO,
	310	"Unable to read passphrase: %s\n",
	311	strerror(errno));
a39f098f	312	goto exit_close;
f163b202 SB	313	}
f163b202 SB	314
f163b202	315	*keylen = maxkeylen;
f163b202	316
a39f098f SB	317	switch (kdfid) {
a39f098f SB	318	case KDF_IDENTIFIER_SHA512:
748df6ee SB	319	if (sizeof(hashbuf) < *keylen) {
	320	logprintf(STDERR_FILENO,
	321	"Requested %zu bytes for key, only got %zu.\n",
	322	*keylen, sizeof(hashbuf));
	323	goto exit_close;
	324	}
a39f098f SB	325	SHA512(filebuffer, filelen, hashbuf);
	326	memcpy(key, hashbuf, *keylen);
	327	break;
	328	case KDF_IDENTIFIER_PBKDF2:
	329	if (PKCS5_PBKDF2_HMAC((const char *)filebuffer, len,
	330	salt, sizeof(salt), 1000,
	331	EVP_sha512(), *keylen, key) != 1) {
	332	logprintf(STDERR_FILENO,
	333	"PKCS5_PBKDF2_HMAC with SHA512 failed\n");
	334	goto exit_close;
	335	}
	336	break;
	337	case KDF_IDENTIFIER_UNKNOWN:
	338	logprintf(STDERR_FILENO,
	339	"Unknown KDF\n");
	340	goto exit_close;
	341	}
	342
	343	ret = 0;
	344
	345	exit_close:
	346	if (fd >= 0)
	347	close(fd);
	348
	349	free(filebuffer);
	350
	351	return ret;
f163b202	352	}