p5_pbev2.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221
  1. /*
  2. * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/asn1t.h>
  12. #include <openssl/x509.h>
  13. #include <openssl/rand.h>
  14. /* PKCS#5 v2.0 password based encryption structures */
  15. ASN1_SEQUENCE(PBE2PARAM) = {
  16. ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
  17. ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
  18. } ASN1_SEQUENCE_END(PBE2PARAM)
  19. IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
  20. ASN1_SEQUENCE(PBKDF2PARAM) = {
  21. ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
  22. ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
  23. ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
  24. ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
  25. } ASN1_SEQUENCE_END(PBKDF2PARAM)
  26. IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
  27. /*
  28. * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
  29. * this is horrible! Extended version to allow application supplied PRF NID
  30. * and IV.
  31. */
  32. X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
  33. unsigned char *salt, int saltlen,
  34. unsigned char *aiv, int prf_nid)
  35. {
  36. X509_ALGOR *scheme = NULL, *ret = NULL;
  37. int alg_nid, keylen;
  38. EVP_CIPHER_CTX *ctx = NULL;
  39. unsigned char iv[EVP_MAX_IV_LENGTH];
  40. PBE2PARAM *pbe2 = NULL;
  41. alg_nid = EVP_CIPHER_type(cipher);
  42. if (alg_nid == NID_undef) {
  43. ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
  44. ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
  45. goto err;
  46. }
  47. if ((pbe2 = PBE2PARAM_new()) == NULL)
  48. goto merr;
  49. /* Setup the AlgorithmIdentifier for the encryption scheme */
  50. scheme = pbe2->encryption;
  51. scheme->algorithm = OBJ_nid2obj(alg_nid);
  52. if ((scheme->parameter = ASN1_TYPE_new()) == NULL)
  53. goto merr;
  54. /* Create random IV */
  55. if (EVP_CIPHER_iv_length(cipher)) {
  56. if (aiv)
  57. memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
  58. else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
  59. goto err;
  60. }
  61. ctx = EVP_CIPHER_CTX_new();
  62. if (ctx == NULL)
  63. goto merr;
  64. /* Dummy cipherinit to just setup the IV, and PRF */
  65. if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
  66. goto err;
  67. if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
  68. ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
  69. goto err;
  70. }
  71. /*
  72. * If prf NID unspecified see if cipher has a preference. An error is OK
  73. * here: just means use default PRF.
  74. */
  75. if ((prf_nid == -1) &&
  76. EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
  77. ERR_clear_error();
  78. prf_nid = NID_hmacWithSHA256;
  79. }
  80. EVP_CIPHER_CTX_free(ctx);
  81. ctx = NULL;
  82. /* If its RC2 then we'd better setup the key length */
  83. if (alg_nid == NID_rc2_cbc)
  84. keylen = EVP_CIPHER_key_length(cipher);
  85. else
  86. keylen = -1;
  87. /* Setup keyfunc */
  88. X509_ALGOR_free(pbe2->keyfunc);
  89. pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
  90. if (pbe2->keyfunc == NULL)
  91. goto merr;
  92. /* Now set up top level AlgorithmIdentifier */
  93. if ((ret = X509_ALGOR_new()) == NULL)
  94. goto merr;
  95. ret->algorithm = OBJ_nid2obj(NID_pbes2);
  96. /* Encode PBE2PARAM into parameter */
  97. if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
  98. &ret->parameter))
  99. goto merr;
  100. PBE2PARAM_free(pbe2);
  101. pbe2 = NULL;
  102. return ret;
  103. merr:
  104. ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
  105. err:
  106. EVP_CIPHER_CTX_free(ctx);
  107. PBE2PARAM_free(pbe2);
  108. /* Note 'scheme' is freed as part of pbe2 */
  109. X509_ALGOR_free(ret);
  110. return NULL;
  111. }
  112. X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
  113. unsigned char *salt, int saltlen)
  114. {
  115. return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
  116. }
  117. X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
  118. int prf_nid, int keylen)
  119. {
  120. X509_ALGOR *keyfunc = NULL;
  121. PBKDF2PARAM *kdf = NULL;
  122. ASN1_OCTET_STRING *osalt = NULL;
  123. if ((kdf = PBKDF2PARAM_new()) == NULL)
  124. goto merr;
  125. if ((osalt = ASN1_OCTET_STRING_new()) == NULL)
  126. goto merr;
  127. kdf->salt->value.octet_string = osalt;
  128. kdf->salt->type = V_ASN1_OCTET_STRING;
  129. if (saltlen == 0)
  130. saltlen = PKCS5_SALT_LEN;
  131. if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL)
  132. goto merr;
  133. osalt->length = saltlen;
  134. if (salt)
  135. memcpy(osalt->data, salt, saltlen);
  136. else if (RAND_bytes(osalt->data, saltlen) <= 0)
  137. goto merr;
  138. if (iter <= 0)
  139. iter = PKCS5_DEFAULT_ITER;
  140. if (!ASN1_INTEGER_set(kdf->iter, iter))
  141. goto merr;
  142. /* If have a key len set it up */
  143. if (keylen > 0) {
  144. if ((kdf->keylength = ASN1_INTEGER_new()) == NULL)
  145. goto merr;
  146. if (!ASN1_INTEGER_set(kdf->keylength, keylen))
  147. goto merr;
  148. }
  149. /* prf can stay NULL if we are using hmacWithSHA1 */
  150. if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
  151. kdf->prf = X509_ALGOR_new();
  152. if (kdf->prf == NULL)
  153. goto merr;
  154. X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
  155. }
  156. /* Finally setup the keyfunc structure */
  157. keyfunc = X509_ALGOR_new();
  158. if (keyfunc == NULL)
  159. goto merr;
  160. keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
  161. /* Encode PBKDF2PARAM into parameter of pbe2 */
  162. if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf,
  163. &keyfunc->parameter))
  164. goto merr;
  165. PBKDF2PARAM_free(kdf);
  166. return keyfunc;
  167. merr:
  168. ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
  169. PBKDF2PARAM_free(kdf);
  170. X509_ALGOR_free(keyfunc);
  171. return NULL;
  172. }