kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
1437 Коміти
12 Гілки
38 MiB
 
 
 
 
 
 
Дерево: bd15a8e748
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'bd15a8e748'
${ noResults }
boringssl/crypto/pkcs8/p5_pbev2.c

304 рядки
8.5 KiB
Неформатований Звинувачення Історія 

  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 1999-2004.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <string.h>

  57. 

  58. #include <openssl/asn1t.h>

  59. #include <openssl/cipher.h>

  60. #include <openssl/err.h>

  61. #include <openssl/mem.h>

  62. #include <openssl/pkcs8.h>

  63. #include <openssl/rand.h>

  64. #include <openssl/x509.h>

  65. 

  66. #include "internal.h"

  67. 

  68. 

  69. /* PKCS#5 v2.0 password based encryption structures */

  70. 

  71. ASN1_SEQUENCE(PBE2PARAM) = {

  72. 	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),

  73. 	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)

  74. } ASN1_SEQUENCE_END(PBE2PARAM)

  75. 

  76. IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)

  77. 

  78. ASN1_SEQUENCE(PBKDF2PARAM) = {

  79. 	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),

  80. 	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),

  81. 	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),

  82. 	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)

  83. } ASN1_SEQUENCE_END(PBKDF2PARAM)

  84. 

  85. IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM);

  86. 

  87. static int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)

  88. 	{

  89. 	ASN1_STRING *os;

  90. 

  91. 	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);

  92. 	if (!M_ASN1_OCTET_STRING_set(os,data,len))

  93. 		{

  94. 		M_ASN1_OCTET_STRING_free(os);

  95. 		return 0;

  96. 		}

  97. 	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);

  98. 	return(1);

  99. 	}

  100. 

  101. static int param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

  102. 	{

  103. 	unsigned iv_len;

  104. 

  105. 	iv_len = EVP_CIPHER_CTX_iv_length(c);

  106. 	return ASN1_TYPE_set_octetstring(type, c->oiv, iv_len);

  107. 	}

  108. 

  109. /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:

  110.  * yes I know this is horrible!

  111.  *

  112.  * Extended version to allow application supplied PRF NID and IV. */

  113. 

  114. X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,

  115. 				 unsigned char *salt, int saltlen,

  116. 				 unsigned char *aiv, int prf_nid)

  117. {

  118. 	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;

  119. 	int alg_nid, keylen;

  120. 	EVP_CIPHER_CTX ctx;

  121. 	unsigned char iv[EVP_MAX_IV_LENGTH];

  122. 	PBE2PARAM *pbe2 = NULL;

  123. 	const ASN1_OBJECT *obj;

  124. 

  125. 	alg_nid = EVP_CIPHER_nid(cipher);

  126. 	if(alg_nid == NID_undef) {

  127. 		OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe2_set_iv, PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);

  128. 		goto err;

  129. 	}

  130. 	obj = OBJ_nid2obj(alg_nid);

  131. 

  132. 	if(!(pbe2 = PBE2PARAM_new())) goto merr;

  133. 

  134. 	/* Setup the AlgorithmIdentifier for the encryption scheme */

  135. 	scheme = pbe2->encryption;

  136. 

  137. 	scheme->algorithm = (ASN1_OBJECT*) obj;

  138. 	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;

  139. 

  140. 	/* Create random IV */

  141. 	if (EVP_CIPHER_iv_length(cipher))

  142. 		{

  143. 		if (aiv)

  144. 			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));

  145. 		else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)))

  146.   			goto err;

  147. 		}

  148. 

  149. 	EVP_CIPHER_CTX_init(&ctx);

  150. 

  151. 	/* Dummy cipherinit to just setup the IV, and PRF */

  152. 	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))

  153. 		goto err;

  154. 	if(param_to_asn1(&ctx, scheme->parameter) < 0) {

  155. 		OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe2_set_iv, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS);

  156. 		EVP_CIPHER_CTX_cleanup(&ctx);

  157. 		goto err;

  158. 	}

  159. 	/* If prf NID unspecified see if cipher has a preference.

  160. 	 * An error is OK here: just means use default PRF.

  161. 	 */

  162. 	if ((prf_nid == -1) && 

  163. 	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)

  164. 		{

  165. 		ERR_clear_error();

  166. 		prf_nid = NID_hmacWithSHA1;

  167. 		}

  168. 	EVP_CIPHER_CTX_cleanup(&ctx);

  169. 

  170. 	/* If its RC2 then we'd better setup the key length */

  171. 

  172. 	if(alg_nid == NID_rc2_cbc)

  173. 		keylen = EVP_CIPHER_key_length(cipher);

  174. 	else

  175. 		keylen = -1;

  176. 

  177. 	/* Setup keyfunc */

  178. 

  179. 	X509_ALGOR_free(pbe2->keyfunc);

  180. 

  181. 	pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);

  182. 

  183. 	if (!pbe2->keyfunc)

  184. 		goto merr;

  185. 

  186. 	/* Now set up top level AlgorithmIdentifier */

  187. 

  188. 	if(!(ret = X509_ALGOR_new())) goto merr;

  189. 	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;

  190. 

  191. 	ret->algorithm = (ASN1_OBJECT*) OBJ_nid2obj(NID_pbes2);

  192. 

  193. 	/* Encode PBE2PARAM into parameter */

  194. 

  195. 	if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),

  196. 				 &ret->parameter->value.sequence)) goto merr;

  197. 	ret->parameter->type = V_ASN1_SEQUENCE;

  198. 

  199. 	PBE2PARAM_free(pbe2);

  200. 	pbe2 = NULL;

  201. 

  202. 	return ret;

  203. 

  204. 	merr:

  205. 	OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe2_set_iv, ERR_R_MALLOC_FAILURE);

  206. 

  207. 	err:

  208. 	PBE2PARAM_free(pbe2);

  209. 	/* Note 'scheme' is freed as part of pbe2 */

  210. 	X509_ALGOR_free(kalg);

  211. 	X509_ALGOR_free(ret);

  212. 

  213. 	return NULL;

  214. 

  215. }

  216. 

  217. X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,

  218. 				 unsigned char *salt, int saltlen)

  219. 	{

  220. 	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);

  221. 	}

  222. 

  223. X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,

  224. 				int prf_nid, int keylen)

  225. 	{

  226. 	X509_ALGOR *keyfunc = NULL;

  227. 	PBKDF2PARAM *kdf = NULL;

  228. 	ASN1_OCTET_STRING *osalt = NULL;

  229. 

  230. 	if(!(kdf = PBKDF2PARAM_new()))

  231. 		goto merr;

  232. 	if(!(osalt = M_ASN1_OCTET_STRING_new()))

  233. 		goto merr;

  234. 

  235. 	kdf->salt->value.octet_string = osalt;

  236. 	kdf->salt->type = V_ASN1_OCTET_STRING;

  237. 

  238. 	if (!saltlen)

  239. 		saltlen = PKCS5_SALT_LEN;

  240. 	if (!(osalt->data = OPENSSL_malloc (saltlen)))

  241. 		goto merr;

  242. 

  243. 	osalt->length = saltlen;

  244. 

  245. 	if (salt)

  246. 		memcpy (osalt->data, salt, saltlen);

  247. 	else if (!RAND_bytes(osalt->data, saltlen))

  248. 		goto merr;

  249. 

  250. 	if(iter <= 0)

  251. 		iter = PKCS5_DEFAULT_ITERATIONS;

  252. 

  253. 	if(!ASN1_INTEGER_set(kdf->iter, iter))

  254. 		goto merr;

  255. 

  256. 	/* If have a key len set it up */

  257. 

  258. 	if(keylen > 0) 

  259. 		{

  260. 		if(!(kdf->keylength = M_ASN1_INTEGER_new()))

  261. 			goto merr;

  262. 		if(!ASN1_INTEGER_set (kdf->keylength, keylen))

  263. 			goto merr;

  264. 		}

  265. 

  266. 	/* prf can stay NULL if we are using hmacWithSHA1 */

  267. 	if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)

  268. 		{

  269. 		kdf->prf = X509_ALGOR_new();

  270. 		if (!kdf->prf)

  271. 			goto merr;

  272. 		X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),

  273. 					V_ASN1_NULL, NULL);

  274. 		}

  275. 

  276. 	/* Finally setup the keyfunc structure */

  277. 

  278. 	keyfunc = X509_ALGOR_new();

  279. 	if (!keyfunc)

  280. 		goto merr;

  281. 

  282. 	keyfunc->algorithm = (ASN1_OBJECT*) OBJ_nid2obj(NID_id_pbkdf2);

  283. 

  284. 	/* Encode PBKDF2PARAM into parameter of pbe2 */

  285. 

  286. 	if(!(keyfunc->parameter = ASN1_TYPE_new()))

  287. 		goto merr;

  288. 

  289. 	if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),

  290. 			 &keyfunc->parameter->value.sequence))

  291. 		goto merr;

  292. 	keyfunc->parameter->type = V_ASN1_SEQUENCE;

  293. 

  294. 	PBKDF2PARAM_free(kdf);

  295. 	return keyfunc;

  296. 

  297. 	merr:

  298. 	OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbkdf2_set, ERR_R_MALLOC_FAILURE);

  299. 	PBKDF2PARAM_free(kdf);

  300. 	X509_ALGOR_free(keyfunc);

  301. 	return NULL;

  302. 	}