|
1 /* p5_pbev2.c */ |
|
2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
|
3 * project 1999-2004. |
|
4 */ |
|
5 /* ==================================================================== |
|
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
|
7 * |
|
8 * Redistribution and use in source and binary forms, with or without |
|
9 * modification, are permitted provided that the following conditions |
|
10 * are met: |
|
11 * |
|
12 * 1. Redistributions of source code must retain the above copyright |
|
13 * notice, this list of conditions and the following disclaimer. |
|
14 * |
|
15 * 2. Redistributions in binary form must reproduce the above copyright |
|
16 * notice, this list of conditions and the following disclaimer in |
|
17 * the documentation and/or other materials provided with the |
|
18 * distribution. |
|
19 * |
|
20 * 3. All advertising materials mentioning features or use of this |
|
21 * software must display the following acknowledgment: |
|
22 * "This product includes software developed by the OpenSSL Project |
|
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
24 * |
|
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
26 * endorse or promote products derived from this software without |
|
27 * prior written permission. For written permission, please contact |
|
28 * licensing@OpenSSL.org. |
|
29 * |
|
30 * 5. Products derived from this software may not be called "OpenSSL" |
|
31 * nor may "OpenSSL" appear in their names without prior written |
|
32 * permission of the OpenSSL Project. |
|
33 * |
|
34 * 6. Redistributions of any form whatsoever must retain the following |
|
35 * acknowledgment: |
|
36 * "This product includes software developed by the OpenSSL Project |
|
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
38 * |
|
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
50 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
51 * ==================================================================== |
|
52 * |
|
53 * This product includes cryptographic software written by Eric Young |
|
54 * (eay@cryptsoft.com). This product includes software written by Tim |
|
55 * Hudson (tjh@cryptsoft.com). |
|
56 * |
|
57 */ |
|
58 |
|
59 #include <stdio.h> |
|
60 #include "cryptlib.h" |
|
61 #include <openssl/asn1t.h> |
|
62 #include <openssl/x509.h> |
|
63 #include <openssl/rand.h> |
|
64 |
|
65 /* PKCS#5 v2.0 password based encryption structures */ |
|
66 |
|
67 ASN1_SEQUENCE(PBE2PARAM) = { |
|
68 ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), |
|
69 ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) |
|
70 } ASN1_SEQUENCE_END(PBE2PARAM) |
|
71 |
|
72 IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) |
|
73 |
|
74 ASN1_SEQUENCE(PBKDF2PARAM) = { |
|
75 ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), |
|
76 ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), |
|
77 ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), |
|
78 ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) |
|
79 } ASN1_SEQUENCE_END(PBKDF2PARAM) |
|
80 |
|
81 IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) |
|
82 |
|
83 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: |
|
84 * yes I know this is horrible! |
|
85 */ |
|
86 |
|
87 EXPORT_C X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, |
|
88 unsigned char *salt, int saltlen) |
|
89 { |
|
90 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; |
|
91 int alg_nid; |
|
92 EVP_CIPHER_CTX ctx; |
|
93 unsigned char iv[EVP_MAX_IV_LENGTH]; |
|
94 PBKDF2PARAM *kdf = NULL; |
|
95 PBE2PARAM *pbe2 = NULL; |
|
96 ASN1_OCTET_STRING *osalt = NULL; |
|
97 ASN1_OBJECT *obj; |
|
98 |
|
99 alg_nid = EVP_CIPHER_type(cipher); |
|
100 if(alg_nid == NID_undef) { |
|
101 ASN1err(ASN1_F_PKCS5_PBE2_SET, |
|
102 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); |
|
103 goto err; |
|
104 } |
|
105 obj = OBJ_nid2obj(alg_nid); |
|
106 |
|
107 if(!(pbe2 = PBE2PARAM_new())) goto merr; |
|
108 |
|
109 /* Setup the AlgorithmIdentifier for the encryption scheme */ |
|
110 scheme = pbe2->encryption; |
|
111 |
|
112 scheme->algorithm = obj; |
|
113 if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; |
|
114 |
|
115 /* Create random IV */ |
|
116 if (EVP_CIPHER_iv_length(cipher) && |
|
117 RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) |
|
118 goto err; |
|
119 |
|
120 EVP_CIPHER_CTX_init(&ctx); |
|
121 |
|
122 /* Dummy cipherinit to just setup the IV */ |
|
123 EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); |
|
124 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { |
|
125 ASN1err(ASN1_F_PKCS5_PBE2_SET, |
|
126 ASN1_R_ERROR_SETTING_CIPHER_PARAMS); |
|
127 EVP_CIPHER_CTX_cleanup(&ctx); |
|
128 goto err; |
|
129 } |
|
130 EVP_CIPHER_CTX_cleanup(&ctx); |
|
131 |
|
132 if(!(kdf = PBKDF2PARAM_new())) goto merr; |
|
133 if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr; |
|
134 |
|
135 if (!saltlen) saltlen = PKCS5_SALT_LEN; |
|
136 if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr; |
|
137 osalt->length = saltlen; |
|
138 if (salt) memcpy (osalt->data, salt, saltlen); |
|
139 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr; |
|
140 |
|
141 if(iter <= 0) iter = PKCS5_DEFAULT_ITER; |
|
142 if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; |
|
143 |
|
144 /* Now include salt in kdf structure */ |
|
145 kdf->salt->value.octet_string = osalt; |
|
146 kdf->salt->type = V_ASN1_OCTET_STRING; |
|
147 osalt = NULL; |
|
148 |
|
149 /* If its RC2 then we'd better setup the key length */ |
|
150 |
|
151 if(alg_nid == NID_rc2_cbc) { |
|
152 if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; |
|
153 if(!ASN1_INTEGER_set (kdf->keylength, |
|
154 EVP_CIPHER_key_length(cipher))) goto merr; |
|
155 } |
|
156 |
|
157 /* prf can stay NULL because we are using hmacWithSHA1 */ |
|
158 |
|
159 /* Now setup the PBE2PARAM keyfunc structure */ |
|
160 |
|
161 pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); |
|
162 |
|
163 /* Encode PBKDF2PARAM into parameter of pbe2 */ |
|
164 |
|
165 if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; |
|
166 |
|
167 if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, |
|
168 &pbe2->keyfunc->parameter->value.sequence)) goto merr; |
|
169 pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; |
|
170 |
|
171 PBKDF2PARAM_free(kdf); |
|
172 kdf = NULL; |
|
173 |
|
174 /* Now set up top level AlgorithmIdentifier */ |
|
175 |
|
176 if(!(ret = X509_ALGOR_new())) goto merr; |
|
177 if(!(ret->parameter = ASN1_TYPE_new())) goto merr; |
|
178 |
|
179 ret->algorithm = OBJ_nid2obj(NID_pbes2); |
|
180 |
|
181 /* Encode PBE2PARAM into parameter */ |
|
182 |
|
183 if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, |
|
184 &ret->parameter->value.sequence)) goto merr; |
|
185 ret->parameter->type = V_ASN1_SEQUENCE; |
|
186 |
|
187 PBE2PARAM_free(pbe2); |
|
188 pbe2 = NULL; |
|
189 |
|
190 return ret; |
|
191 |
|
192 merr: |
|
193 ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE); |
|
194 |
|
195 err: |
|
196 PBE2PARAM_free(pbe2); |
|
197 /* Note 'scheme' is freed as part of pbe2 */ |
|
198 M_ASN1_OCTET_STRING_free(osalt); |
|
199 PBKDF2PARAM_free(kdf); |
|
200 X509_ALGOR_free(kalg); |
|
201 X509_ALGOR_free(ret); |
|
202 |
|
203 return NULL; |
|
204 |
|
205 } |