/src/openssl/crypto/asn1/p5_pbev2.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include "crypto/asn1.h" |
13 | | #include "crypto/evp.h" |
14 | | #include <openssl/asn1t.h> |
15 | | #include <openssl/core.h> |
16 | | #include <openssl/core_names.h> |
17 | | #include <openssl/x509.h> |
18 | | #include <openssl/rand.h> |
19 | | |
20 | | /* PKCS#5 v2.0 password based encryption structures */ |
21 | | |
22 | | ASN1_SEQUENCE(PBE2PARAM) = { |
23 | | ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), |
24 | | ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) |
25 | | } ASN1_SEQUENCE_END(PBE2PARAM) |
26 | | |
27 | | IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) |
28 | | |
29 | | ASN1_SEQUENCE(PBKDF2PARAM) = { |
30 | | ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), |
31 | | ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), |
32 | | ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), |
33 | | ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) |
34 | | } ASN1_SEQUENCE_END(PBKDF2PARAM) |
35 | | |
36 | | IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) |
37 | | |
38 | | ASN1_SEQUENCE(PBMAC1PARAM) = { |
39 | | ASN1_SIMPLE(PBMAC1PARAM, keyDerivationFunc, X509_ALGOR), |
40 | | ASN1_SIMPLE(PBMAC1PARAM, messageAuthScheme, X509_ALGOR) |
41 | | } ASN1_SEQUENCE_END(PBMAC1PARAM) |
42 | | |
43 | | IMPLEMENT_ASN1_FUNCTIONS(PBMAC1PARAM) |
44 | | |
45 | | /* |
46 | | * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know |
47 | | * this is horrible! Extended version to allow application supplied PRF NID |
48 | | * and IV. |
49 | | */ |
50 | | |
51 | | X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, |
52 | | unsigned char *salt, int saltlen, |
53 | | unsigned char *aiv, int prf_nid, |
54 | | OSSL_LIB_CTX *libctx) |
55 | 0 | { |
56 | 0 | X509_ALGOR *scheme = NULL, *ret = NULL; |
57 | 0 | int alg_nid, keylen, ivlen; |
58 | 0 | EVP_CIPHER_CTX *ctx = NULL; |
59 | 0 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
60 | 0 | PBE2PARAM *pbe2 = NULL; |
61 | |
|
62 | 0 | alg_nid = EVP_CIPHER_get_type(cipher); |
63 | 0 | if (alg_nid == NID_undef) { |
64 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); |
65 | 0 | goto err; |
66 | 0 | } |
67 | | |
68 | 0 | if ((pbe2 = PBE2PARAM_new()) == NULL) { |
69 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
70 | 0 | goto err; |
71 | 0 | } |
72 | | |
73 | | /* Setup the AlgorithmIdentifier for the encryption scheme */ |
74 | 0 | scheme = pbe2->encryption; |
75 | 0 | scheme->algorithm = OBJ_nid2obj(alg_nid); |
76 | 0 | if ((scheme->parameter = ASN1_TYPE_new()) == NULL) { |
77 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
78 | 0 | goto err; |
79 | 0 | } |
80 | | |
81 | | /* Create random IV */ |
82 | 0 | ivlen = EVP_CIPHER_get_iv_length(cipher); |
83 | 0 | if (ivlen > 0) { |
84 | 0 | if (aiv) |
85 | 0 | memcpy(iv, aiv, ivlen); |
86 | 0 | else if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) |
87 | 0 | goto err; |
88 | 0 | } |
89 | | |
90 | 0 | ctx = EVP_CIPHER_CTX_new(); |
91 | 0 | if (ctx == NULL) { |
92 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
93 | 0 | goto err; |
94 | 0 | } |
95 | | |
96 | | /* Dummy cipherinit to just setup the IV, and PRF */ |
97 | 0 | if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) |
98 | 0 | goto err; |
99 | 0 | if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { |
100 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); |
101 | 0 | goto err; |
102 | 0 | } |
103 | | /* |
104 | | * If prf NID unspecified see if cipher has a preference. An error is OK |
105 | | * here: just means use default PRF. |
106 | | */ |
107 | 0 | ERR_set_mark(); |
108 | 0 | if ((prf_nid == -1) && |
109 | 0 | EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { |
110 | 0 | prf_nid = NID_hmacWithSHA256; |
111 | 0 | } |
112 | 0 | ERR_pop_to_mark(); |
113 | 0 | EVP_CIPHER_CTX_free(ctx); |
114 | 0 | ctx = NULL; |
115 | | |
116 | | /* If its RC2 then we'd better setup the key length */ |
117 | |
|
118 | 0 | if (alg_nid == NID_rc2_cbc) |
119 | 0 | keylen = EVP_CIPHER_get_key_length(cipher); |
120 | 0 | else |
121 | 0 | keylen = -1; |
122 | | |
123 | | /* Setup keyfunc */ |
124 | |
|
125 | 0 | X509_ALGOR_free(pbe2->keyfunc); |
126 | |
|
127 | 0 | pbe2->keyfunc = PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, |
128 | 0 | libctx); |
129 | |
|
130 | 0 | if (pbe2->keyfunc == NULL) { |
131 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
132 | 0 | goto err; |
133 | 0 | } |
134 | | |
135 | | /* Now set up top level AlgorithmIdentifier */ |
136 | | |
137 | 0 | if ((ret = X509_ALGOR_new()) == NULL) { |
138 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_X509_LIB); |
139 | 0 | goto err; |
140 | 0 | } |
141 | | |
142 | 0 | ret->algorithm = OBJ_nid2obj(NID_pbes2); |
143 | | |
144 | | /* Encode PBE2PARAM into parameter */ |
145 | |
|
146 | 0 | if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, |
147 | 0 | &ret->parameter)) { |
148 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
149 | 0 | goto err; |
150 | 0 | } |
151 | | |
152 | 0 | PBE2PARAM_free(pbe2); |
153 | 0 | pbe2 = NULL; |
154 | |
|
155 | 0 | return ret; |
156 | | |
157 | 0 | err: |
158 | 0 | EVP_CIPHER_CTX_free(ctx); |
159 | 0 | PBE2PARAM_free(pbe2); |
160 | | /* Note 'scheme' is freed as part of pbe2 */ |
161 | 0 | X509_ALGOR_free(ret); |
162 | |
|
163 | 0 | return NULL; |
164 | 0 | } |
165 | | |
166 | | X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, |
167 | | unsigned char *salt, int saltlen, |
168 | | unsigned char *aiv, int prf_nid) |
169 | 0 | { |
170 | 0 | return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, aiv, prf_nid, |
171 | 0 | NULL); |
172 | 0 | } |
173 | | |
174 | | X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, |
175 | | unsigned char *salt, int saltlen) |
176 | 0 | { |
177 | 0 | return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, |
178 | 0 | NULL); |
179 | 0 | } |
180 | | |
181 | | |
182 | | X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, |
183 | | int prf_nid, int keylen, |
184 | | OSSL_LIB_CTX *libctx) |
185 | 0 | { |
186 | 0 | X509_ALGOR *keyfunc = NULL; |
187 | 0 | PBKDF2PARAM *kdf = NULL; |
188 | 0 | ASN1_OCTET_STRING *osalt = NULL; |
189 | |
|
190 | 0 | if ((kdf = PBKDF2PARAM_new()) == NULL) { |
191 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
192 | 0 | goto err; |
193 | 0 | } |
194 | 0 | if ((osalt = ASN1_OCTET_STRING_new()) == NULL) { |
195 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
196 | 0 | goto err; |
197 | 0 | } |
198 | | |
199 | 0 | kdf->salt->value.octet_string = osalt; |
200 | 0 | kdf->salt->type = V_ASN1_OCTET_STRING; |
201 | |
|
202 | 0 | if (saltlen < 0) { |
203 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT); |
204 | 0 | goto err; |
205 | 0 | } |
206 | 0 | if (saltlen == 0) |
207 | 0 | saltlen = PKCS5_DEFAULT_PBE2_SALT_LEN; |
208 | 0 | if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) |
209 | 0 | goto err; |
210 | | |
211 | | |
212 | 0 | osalt->length = saltlen; |
213 | |
|
214 | 0 | if (salt) { |
215 | 0 | memcpy(osalt->data, salt, saltlen); |
216 | 0 | } else if (RAND_bytes_ex(libctx, osalt->data, saltlen, 0) <= 0) { |
217 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_RAND_LIB); |
218 | 0 | goto err; |
219 | 0 | } |
220 | | |
221 | 0 | if (iter <= 0) |
222 | 0 | iter = PKCS5_DEFAULT_ITER; |
223 | |
|
224 | 0 | if (!ASN1_INTEGER_set(kdf->iter, iter)) { |
225 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
226 | 0 | goto err; |
227 | 0 | } |
228 | | |
229 | | /* If have a key len set it up */ |
230 | | |
231 | 0 | if (keylen > 0) { |
232 | 0 | if ((kdf->keylength = ASN1_INTEGER_new()) == NULL) { |
233 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
234 | 0 | goto err; |
235 | 0 | } |
236 | 0 | if (!ASN1_INTEGER_set(kdf->keylength, keylen)) { |
237 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
238 | 0 | goto err; |
239 | 0 | } |
240 | 0 | } |
241 | | |
242 | | /* prf can stay NULL if we are using hmacWithSHA1 */ |
243 | 0 | if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { |
244 | 0 | kdf->prf = ossl_X509_ALGOR_from_nid(prf_nid, V_ASN1_NULL, NULL); |
245 | 0 | if (kdf->prf == NULL) { |
246 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_X509_LIB); |
247 | 0 | goto err; |
248 | 0 | } |
249 | 0 | } |
250 | | |
251 | | /* Finally setup the keyfunc structure */ |
252 | | |
253 | 0 | keyfunc = X509_ALGOR_new(); |
254 | 0 | if (keyfunc == NULL) { |
255 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_X509_LIB); |
256 | 0 | goto err; |
257 | 0 | } |
258 | | |
259 | 0 | keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); |
260 | | |
261 | | /* Encode PBKDF2PARAM into parameter of pbe2 */ |
262 | |
|
263 | 0 | if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf, |
264 | 0 | &keyfunc->parameter)) { |
265 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); |
266 | 0 | goto err; |
267 | 0 | } |
268 | | |
269 | 0 | PBKDF2PARAM_free(kdf); |
270 | 0 | return keyfunc; |
271 | | |
272 | 0 | err: |
273 | 0 | PBKDF2PARAM_free(kdf); |
274 | 0 | X509_ALGOR_free(keyfunc); |
275 | 0 | return NULL; |
276 | 0 | } |
277 | | |
278 | | X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, |
279 | | int prf_nid, int keylen) |
280 | 0 | { |
281 | 0 | return PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, NULL); |
282 | 0 | } |
283 | | |