| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include <stdio.h> |
| 11 | #include "internal/cryptlib.h" |
| 12 | #include <openssl/asn1t.h> |
| 13 | #include <openssl/x509.h> |
| 14 | #include <openssl/rand.h> |
| 15 | |
| 16 | /* PKCS#5 v2.0 password based encryption structures */ |
| 17 | |
| 18 | ASN1_SEQUENCE(PBE2PARAM) = { |
| 19 | ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), |
| 20 | ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) |
| 21 | } ASN1_SEQUENCE_END(PBE2PARAM) |
| 22 | |
| 23 | IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) |
| 24 | |
| 25 | ASN1_SEQUENCE(PBKDF2PARAM) = { |
| 26 | ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), |
| 27 | ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), |
| 28 | ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), |
| 29 | ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) |
| 30 | } ASN1_SEQUENCE_END(PBKDF2PARAM) |
| 31 | |
| 32 | IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) |
| 33 | |
| 34 | /* |
| 35 | * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know |
| 36 | * this is horrible! Extended version to allow application supplied PRF NID |
| 37 | * and IV. |
| 38 | */ |
| 39 | |
| 40 | X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, |
| 41 | unsigned char *salt, int saltlen, |
| 42 | unsigned char *aiv, int prf_nid) |
| 43 | { |
| 44 | X509_ALGOR *scheme = NULL, *ret = NULL; |
| 45 | int alg_nid, keylen; |
| 46 | EVP_CIPHER_CTX *ctx = NULL; |
| 47 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| 48 | PBE2PARAM *pbe2 = NULL; |
| 49 | |
| 50 | alg_nid = EVP_CIPHER_type(cipher); |
| 51 | if (alg_nid == NID_undef) { |
| 52 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, |
| 53 | ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); |
| 54 | goto err; |
| 55 | } |
| 56 | |
| 57 | if ((pbe2 = PBE2PARAM_new()) == NULL) |
| 58 | goto merr; |
| 59 | |
| 60 | /* Setup the AlgorithmIdentifier for the encryption scheme */ |
| 61 | scheme = pbe2->encryption; |
| 62 | scheme->algorithm = OBJ_nid2obj(alg_nid); |
| 63 | if ((scheme->parameter = ASN1_TYPE_new()) == NULL) |
| 64 | goto merr; |
| 65 | |
| 66 | /* Create random IV */ |
| 67 | if (EVP_CIPHER_iv_length(cipher)) { |
| 68 | if (aiv) |
| 69 | memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); |
| 70 | else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) |
| 71 | goto err; |
| 72 | } |
| 73 | |
| 74 | ctx = EVP_CIPHER_CTX_new(); |
| 75 | if (ctx == NULL) |
| 76 | goto merr; |
| 77 | |
| 78 | /* Dummy cipherinit to just setup the IV, and PRF */ |
| 79 | if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) |
| 80 | goto err; |
| 81 | if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { |
| 82 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); |
| 83 | goto err; |
| 84 | } |
| 85 | /* |
| 86 | * If prf NID unspecified see if cipher has a preference. An error is OK |
| 87 | * here: just means use default PRF. |
| 88 | */ |
| 89 | if ((prf_nid == -1) && |
| 90 | EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { |
| 91 | ERR_clear_error(); |
| 92 | prf_nid = NID_hmacWithSHA256; |
| 93 | } |
| 94 | EVP_CIPHER_CTX_free(ctx); |
| 95 | ctx = NULL; |
| 96 | |
| 97 | /* If its RC2 then we'd better setup the key length */ |
| 98 | |
| 99 | if (alg_nid == NID_rc2_cbc) |
| 100 | keylen = EVP_CIPHER_key_length(cipher); |
| 101 | else |
| 102 | keylen = -1; |
| 103 | |
| 104 | /* Setup keyfunc */ |
| 105 | |
| 106 | X509_ALGOR_free(pbe2->keyfunc); |
| 107 | |
| 108 | pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen); |
| 109 | |
| 110 | if (!pbe2->keyfunc) |
| 111 | goto merr; |
| 112 | |
| 113 | /* Now set up top level AlgorithmIdentifier */ |
| 114 | |
| 115 | if ((ret = X509_ALGOR_new()) == NULL) |
| 116 | goto merr; |
| 117 | |
| 118 | ret->algorithm = OBJ_nid2obj(NID_pbes2); |
| 119 | |
| 120 | /* Encode PBE2PARAM into parameter */ |
| 121 | |
| 122 | if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, |
| 123 | &ret->parameter)) |
| 124 | goto merr; |
| 125 | |
| 126 | PBE2PARAM_free(pbe2); |
| 127 | pbe2 = NULL; |
| 128 | |
| 129 | return ret; |
| 130 | |
| 131 | merr: |
| 132 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); |
| 133 | |
| 134 | err: |
| 135 | EVP_CIPHER_CTX_free(ctx); |
| 136 | PBE2PARAM_free(pbe2); |
| 137 | /* Note 'scheme' is freed as part of pbe2 */ |
| 138 | X509_ALGOR_free(ret); |
| 139 | |
| 140 | return NULL; |
| 141 | } |
| 142 | |
| 143 | X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, |
| 144 | unsigned char *salt, int saltlen) |
| 145 | { |
| 146 | return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); |
| 147 | } |
| 148 | |
| 149 | X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, |
| 150 | int prf_nid, int keylen) |
| 151 | { |
| 152 | X509_ALGOR *keyfunc = NULL; |
| 153 | PBKDF2PARAM *kdf = NULL; |
| 154 | ASN1_OCTET_STRING *osalt = NULL; |
| 155 | |
| 156 | if ((kdf = PBKDF2PARAM_new()) == NULL) |
| 157 | goto merr; |
| 158 | if ((osalt = ASN1_OCTET_STRING_new()) == NULL) |
| 159 | goto merr; |
| 160 | |
| 161 | kdf->salt->value.octet_string = osalt; |
| 162 | kdf->salt->type = V_ASN1_OCTET_STRING; |
| 163 | |
| 164 | if (saltlen == 0) |
| 165 | saltlen = PKCS5_SALT_LEN; |
| 166 | if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) |
| 167 | goto merr; |
| 168 | |
| 169 | osalt->length = saltlen; |
| 170 | |
| 171 | if (salt) |
| 172 | memcpy(osalt->data, salt, saltlen); |
| 173 | else if (RAND_bytes(osalt->data, saltlen) <= 0) |
| 174 | goto merr; |
| 175 | |
| 176 | if (iter <= 0) |
| 177 | iter = PKCS5_DEFAULT_ITER; |
| 178 | |
| 179 | if (!ASN1_INTEGER_set(kdf->iter, iter)) |
| 180 | goto merr; |
| 181 | |
| 182 | /* If have a key len set it up */ |
| 183 | |
| 184 | if (keylen > 0) { |
| 185 | if ((kdf->keylength = ASN1_INTEGER_new()) == NULL) |
| 186 | goto merr; |
| 187 | if (!ASN1_INTEGER_set(kdf->keylength, keylen)) |
| 188 | goto merr; |
| 189 | } |
| 190 | |
| 191 | /* prf can stay NULL if we are using hmacWithSHA1 */ |
| 192 | if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { |
| 193 | kdf->prf = X509_ALGOR_new(); |
| 194 | if (kdf->prf == NULL) |
| 195 | goto merr; |
| 196 | X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); |
| 197 | } |
| 198 | |
| 199 | /* Finally setup the keyfunc structure */ |
| 200 | |
| 201 | keyfunc = X509_ALGOR_new(); |
| 202 | if (keyfunc == NULL) |
| 203 | goto merr; |
| 204 | |
| 205 | keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); |
| 206 | |
| 207 | /* Encode PBKDF2PARAM into parameter of pbe2 */ |
| 208 | |
| 209 | if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf, |
| 210 | &keyfunc->parameter)) |
| 211 | goto merr; |
| 212 | |
| 213 | PBKDF2PARAM_free(kdf); |
| 214 | return keyfunc; |
| 215 | |
| 216 | merr: |
| 217 | ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE); |
| 218 | PBKDF2PARAM_free(kdf); |
| 219 | X509_ALGOR_free(keyfunc); |
| 220 | return NULL; |
| 221 | } |