p5_pbev2.c revision 280297
155714Skris/* p5_pbev2.c */ 2280297Sjkim/* 3280297Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4280297Sjkim * 1999-2004. 555714Skris */ 655714Skris/* ==================================================================== 755714Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14280297Sjkim * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris 6055714Skris#include <stdio.h> 6155714Skris#include "cryptlib.h" 62109998Smarkm#include <openssl/asn1t.h> 6355714Skris#include <openssl/x509.h> 6455714Skris#include <openssl/rand.h> 6555714Skris 6655714Skris/* PKCS#5 v2.0 password based encryption structures */ 6755714Skris 68109998SmarkmASN1_SEQUENCE(PBE2PARAM) = { 69280297Sjkim ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), 70280297Sjkim ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) 71109998Smarkm} ASN1_SEQUENCE_END(PBE2PARAM) 7255714Skris 73109998SmarkmIMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) 7455714Skris 75109998SmarkmASN1_SEQUENCE(PBKDF2PARAM) = { 76280297Sjkim ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), 77280297Sjkim ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), 78280297Sjkim ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), 79280297Sjkim ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) 80109998Smarkm} ASN1_SEQUENCE_END(PBKDF2PARAM) 8155714Skris 82109998SmarkmIMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) 8355714Skris 84280297Sjkim/* 85280297Sjkim * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know 86280297Sjkim * this is horrible! Extended version to allow application supplied PRF NID 87280297Sjkim * and IV. 8855714Skris */ 8955714Skris 90238405SjkimX509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, 91280297Sjkim unsigned char *salt, int saltlen, 92280297Sjkim unsigned char *aiv, int prf_nid) 9355714Skris{ 94280297Sjkim X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; 95280297Sjkim int alg_nid, keylen; 96280297Sjkim EVP_CIPHER_CTX ctx; 97280297Sjkim unsigned char iv[EVP_MAX_IV_LENGTH]; 98280297Sjkim PBE2PARAM *pbe2 = NULL; 99280297Sjkim ASN1_OBJECT *obj; 10055714Skris 101280297Sjkim alg_nid = EVP_CIPHER_type(cipher); 102280297Sjkim if (alg_nid == NID_undef) { 103280297Sjkim ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, 104280297Sjkim ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 105280297Sjkim goto err; 106280297Sjkim } 107280297Sjkim obj = OBJ_nid2obj(alg_nid); 10859191Skris 109280297Sjkim if (!(pbe2 = PBE2PARAM_new())) 110280297Sjkim goto merr; 11155714Skris 112280297Sjkim /* Setup the AlgorithmIdentifier for the encryption scheme */ 113280297Sjkim scheme = pbe2->encryption; 11455714Skris 115280297Sjkim scheme->algorithm = obj; 116280297Sjkim if (!(scheme->parameter = ASN1_TYPE_new())) 117280297Sjkim goto merr; 11855714Skris 119280297Sjkim /* Create random IV */ 120280297Sjkim if (EVP_CIPHER_iv_length(cipher)) { 121280297Sjkim if (aiv) 122280297Sjkim memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); 123280297Sjkim else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) 124280297Sjkim goto err; 125280297Sjkim } 12655714Skris 127280297Sjkim EVP_CIPHER_CTX_init(&ctx); 128109998Smarkm 129280297Sjkim /* Dummy cipherinit to just setup the IV, and PRF */ 130280297Sjkim if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) 131280297Sjkim goto err; 132280297Sjkim if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { 133280297Sjkim ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); 134280297Sjkim EVP_CIPHER_CTX_cleanup(&ctx); 135280297Sjkim goto err; 136280297Sjkim } 137280297Sjkim /* 138280297Sjkim * If prf NID unspecified see if cipher has a preference. An error is OK 139280297Sjkim * here: just means use default PRF. 140280297Sjkim */ 141280297Sjkim if ((prf_nid == -1) && 142280297Sjkim EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { 143280297Sjkim ERR_clear_error(); 144280297Sjkim prf_nid = NID_hmacWithSHA1; 145280297Sjkim } 146280297Sjkim EVP_CIPHER_CTX_cleanup(&ctx); 14755714Skris 148280297Sjkim /* If its RC2 then we'd better setup the key length */ 14955714Skris 150280297Sjkim if (alg_nid == NID_rc2_cbc) 151280297Sjkim keylen = EVP_CIPHER_key_length(cipher); 152280297Sjkim else 153280297Sjkim keylen = -1; 15455714Skris 155280297Sjkim /* Setup keyfunc */ 15655714Skris 157280297Sjkim X509_ALGOR_free(pbe2->keyfunc); 15855714Skris 159280297Sjkim pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen); 16055714Skris 161280297Sjkim if (!pbe2->keyfunc) 162280297Sjkim goto merr; 16355714Skris 164280297Sjkim /* Now set up top level AlgorithmIdentifier */ 16555714Skris 166280297Sjkim if (!(ret = X509_ALGOR_new())) 167280297Sjkim goto merr; 168280297Sjkim if (!(ret->parameter = ASN1_TYPE_new())) 169280297Sjkim goto merr; 17055714Skris 171280297Sjkim ret->algorithm = OBJ_nid2obj(NID_pbes2); 17255714Skris 173280297Sjkim /* Encode PBE2PARAM into parameter */ 17455714Skris 175280297Sjkim if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), 176280297Sjkim &ret->parameter->value.sequence)) 177280297Sjkim goto merr; 178280297Sjkim ret->parameter->type = V_ASN1_SEQUENCE; 17955714Skris 180280297Sjkim PBE2PARAM_free(pbe2); 181280297Sjkim pbe2 = NULL; 18255714Skris 183280297Sjkim return ret; 18455714Skris 185280297Sjkim merr: 186280297Sjkim ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); 18755714Skris 188280297Sjkim err: 189280297Sjkim PBE2PARAM_free(pbe2); 190280297Sjkim /* Note 'scheme' is freed as part of pbe2 */ 191280297Sjkim X509_ALGOR_free(kalg); 192280297Sjkim X509_ALGOR_free(ret); 19355714Skris 194280297Sjkim return NULL; 19555714Skris 19655714Skris} 197238405Sjkim 198238405SjkimX509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 199280297Sjkim unsigned char *salt, int saltlen) 200280297Sjkim{ 201280297Sjkim return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); 202280297Sjkim} 203238405Sjkim 204238405SjkimX509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, 205280297Sjkim int prf_nid, int keylen) 206280297Sjkim{ 207280297Sjkim X509_ALGOR *keyfunc = NULL; 208280297Sjkim PBKDF2PARAM *kdf = NULL; 209280297Sjkim ASN1_OCTET_STRING *osalt = NULL; 210238405Sjkim 211280297Sjkim if (!(kdf = PBKDF2PARAM_new())) 212280297Sjkim goto merr; 213280297Sjkim if (!(osalt = M_ASN1_OCTET_STRING_new())) 214280297Sjkim goto merr; 215238405Sjkim 216280297Sjkim kdf->salt->value.octet_string = osalt; 217280297Sjkim kdf->salt->type = V_ASN1_OCTET_STRING; 218238405Sjkim 219280297Sjkim if (!saltlen) 220280297Sjkim saltlen = PKCS5_SALT_LEN; 221280297Sjkim if (!(osalt->data = OPENSSL_malloc(saltlen))) 222280297Sjkim goto merr; 223238405Sjkim 224280297Sjkim osalt->length = saltlen; 225238405Sjkim 226280297Sjkim if (salt) 227280297Sjkim memcpy(osalt->data, salt, saltlen); 228280297Sjkim else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0) 229280297Sjkim goto merr; 230238405Sjkim 231280297Sjkim if (iter <= 0) 232280297Sjkim iter = PKCS5_DEFAULT_ITER; 233238405Sjkim 234280297Sjkim if (!ASN1_INTEGER_set(kdf->iter, iter)) 235280297Sjkim goto merr; 236238405Sjkim 237280297Sjkim /* If have a key len set it up */ 238238405Sjkim 239280297Sjkim if (keylen > 0) { 240280297Sjkim if (!(kdf->keylength = M_ASN1_INTEGER_new())) 241280297Sjkim goto merr; 242280297Sjkim if (!ASN1_INTEGER_set(kdf->keylength, keylen)) 243280297Sjkim goto merr; 244280297Sjkim } 245238405Sjkim 246280297Sjkim /* prf can stay NULL if we are using hmacWithSHA1 */ 247280297Sjkim if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { 248280297Sjkim kdf->prf = X509_ALGOR_new(); 249280297Sjkim if (!kdf->prf) 250280297Sjkim goto merr; 251280297Sjkim X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); 252280297Sjkim } 253238405Sjkim 254280297Sjkim /* Finally setup the keyfunc structure */ 255238405Sjkim 256280297Sjkim keyfunc = X509_ALGOR_new(); 257280297Sjkim if (!keyfunc) 258280297Sjkim goto merr; 259238405Sjkim 260280297Sjkim keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); 261238405Sjkim 262280297Sjkim /* Encode PBKDF2PARAM into parameter of pbe2 */ 263238405Sjkim 264280297Sjkim if (!(keyfunc->parameter = ASN1_TYPE_new())) 265280297Sjkim goto merr; 266238405Sjkim 267280297Sjkim if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), 268280297Sjkim &keyfunc->parameter->value.sequence)) 269280297Sjkim goto merr; 270280297Sjkim keyfunc->parameter->type = V_ASN1_SEQUENCE; 271238405Sjkim 272280297Sjkim PBKDF2PARAM_free(kdf); 273280297Sjkim return keyfunc; 274238405Sjkim 275280297Sjkim merr: 276280297Sjkim ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE); 277280297Sjkim PBKDF2PARAM_free(kdf); 278280297Sjkim X509_ALGOR_free(keyfunc); 279280297Sjkim return NULL; 280280297Sjkim} 281