crypto/libressl/crypto/asn1/p5_pbev2.c

   1 /* $OpenBSD: p5_pbev2.c,v 1.22 2015/09/30 17:30:15 jsing Exp $ */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project 1999-2004.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  *
  53  * This product includes cryptographic software written by Eric Young
  54  * (eay@cryptsoft.com).  This product includes software written by Tim
  55  * Hudson (tjh@cryptsoft.com).
  56  *
  57  */
  58
  59 #include <stdio.h>
  60 #include <stdlib.h>
  61 #include <string.h>
  62
  63 #include <openssl/asn1t.h>
  64 #include <openssl/err.h>
  65 #include <openssl/x509.h>
  66
  67 /* PKCS#5 v2.0 password based encryption structures */
  68
  69 static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = {
  70         {
  71                 .offset = offsetof(PBE2PARAM, keyfunc),
  72                 .field_name = "keyfunc",
  73                 .item = &X509_ALGOR_it,
  74         },
  75         {
  76                 .offset = offsetof(PBE2PARAM, encryption),
  77                 .field_name = "encryption",
  78                 .item = &X509_ALGOR_it,
  79         },
  80 };
  81
  82 const ASN1_ITEM PBE2PARAM_it = {
  83         .itype = ASN1_ITYPE_SEQUENCE,
  84         .utype = V_ASN1_SEQUENCE,
  85         .templates = PBE2PARAM_seq_tt,
  86         .tcount = sizeof(PBE2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
  87         .size = sizeof(PBE2PARAM),
  88         .sname = "PBE2PARAM",
  89 };
  90
  91
  92 PBE2PARAM *
  93 d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len)
  94 {
  95         return (PBE2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
  96             &PBE2PARAM_it);
  97 }
  98
  99 int
 100 i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out)
 101 {
 102         return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBE2PARAM_it);
 103 }
 104
 105 PBE2PARAM *
 106 PBE2PARAM_new(void)
 107 {
 108         return (PBE2PARAM *)ASN1_item_new(&PBE2PARAM_it);
 109 }
 110
 111 void
 112 PBE2PARAM_free(PBE2PARAM *a)
 113 {
 114         ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it);
 115 }
 116
 117 static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = {
 118         {
 119                 .offset = offsetof(PBKDF2PARAM, salt),
 120                 .field_name = "salt",
 121                 .item = &ASN1_ANY_it,
 122         },
 123         {
 124                 .offset = offsetof(PBKDF2PARAM, iter),
 125                 .field_name = "iter",
 126                 .item = &ASN1_INTEGER_it,
 127         },
 128         {
 129                 .flags = ASN1_TFLG_OPTIONAL,
 130                 .offset = offsetof(PBKDF2PARAM, keylength),
 131                 .field_name = "keylength",
 132                 .item = &ASN1_INTEGER_it,
 133         },
 134         {
 135                 .flags = ASN1_TFLG_OPTIONAL,
 136                 .offset = offsetof(PBKDF2PARAM, prf),
 137                 .field_name = "prf",
 138                 .item = &X509_ALGOR_it,
 139         },
 140 };
 141
 142 const ASN1_ITEM PBKDF2PARAM_it = {
 143         .itype = ASN1_ITYPE_SEQUENCE,
 144         .utype = V_ASN1_SEQUENCE,
 145         .templates = PBKDF2PARAM_seq_tt,
 146         .tcount = sizeof(PBKDF2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
 147         .size = sizeof(PBKDF2PARAM),
 148         .sname = "PBKDF2PARAM",
 149 };
 150
 151
 152 PBKDF2PARAM *
 153 d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len)
 154 {
 155         return (PBKDF2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 156             &PBKDF2PARAM_it);
 157 }
 158
 159 int
 160 i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out)
 161 {
 162         return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBKDF2PARAM_it);
 163 }
 164
 165 PBKDF2PARAM *
 166 PBKDF2PARAM_new(void)
 167 {
 168         return (PBKDF2PARAM *)ASN1_item_new(&PBKDF2PARAM_it);
 169 }
 170
 171 void
 172 PBKDF2PARAM_free(PBKDF2PARAM *a)
 173 {
 174         ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it);
 175 }
 176
 177 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
 178  * yes I know this is horrible!
 179  *
 180  * Extended version to allow application supplied PRF NID and IV.
 181  */
 182
 183 X509_ALGOR *
 184 PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 185     int saltlen, unsigned char *aiv, int prf_nid)
 186 {
 187         X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
 188         int alg_nid, keylen;
 189         EVP_CIPHER_CTX ctx;
 190         unsigned char iv[EVP_MAX_IV_LENGTH];
 191         PBE2PARAM *pbe2 = NULL;
 192         ASN1_OBJECT *obj;
 193
 194         alg_nid = EVP_CIPHER_type(cipher);
 195         if (alg_nid == NID_undef) {
 196                 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
 197                 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
 198                 goto err;
 199         }
 200         obj = OBJ_nid2obj(alg_nid);
 201
 202         if (!(pbe2 = PBE2PARAM_new()))
 203                 goto merr;
 204
 205         /* Setup the AlgorithmIdentifier for the encryption scheme */
 206         scheme = pbe2->encryption;
 207
 208         scheme->algorithm = obj;
 209         if (!(scheme->parameter = ASN1_TYPE_new()))
 210                 goto merr;
 211
 212         /* Create random IV */
 213         if (EVP_CIPHER_iv_length(cipher)) {
 214                 if (aiv)
 215                         memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
 216                 else
 217                         arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
 218         }
 219
 220         EVP_CIPHER_CTX_init(&ctx);
 221
 222         /* Dummy cipherinit to just setup the IV, and PRF */
 223         if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
 224                 goto err;
 225         if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
 226                 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
 227                 ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
 228                 EVP_CIPHER_CTX_cleanup(&ctx);
 229                 goto err;
 230         }
 231         /* If prf NID unspecified see if cipher has a preference.
 232          * An error is OK here: just means use default PRF.
 233          */
 234         if ((prf_nid == -1) &&
 235             EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
 236                 ERR_clear_error();
 237                 prf_nid = NID_hmacWithSHA1;
 238         }
 239         EVP_CIPHER_CTX_cleanup(&ctx);
 240
 241         /* If its RC2 then we'd better setup the key length */
 242
 243         if (alg_nid == NID_rc2_cbc)
 244                 keylen = EVP_CIPHER_key_length(cipher);
 245         else
 246                 keylen = -1;
 247
 248         /* Setup keyfunc */
 249
 250         X509_ALGOR_free(pbe2->keyfunc);
 251
 252         pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
 253
 254         if (!pbe2->keyfunc)
 255                 goto merr;
 256
 257         /* Now set up top level AlgorithmIdentifier */
 258
 259         if (!(ret = X509_ALGOR_new()))
 260                 goto merr;
 261         if (!(ret->parameter = ASN1_TYPE_new()))
 262                 goto merr;
 263
 264         ret->algorithm = OBJ_nid2obj(NID_pbes2);
 265
 266         /* Encode PBE2PARAM into parameter */
 267
 268         if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
 269                 &ret->parameter->value.sequence)) goto merr;
 270         ret->parameter->type = V_ASN1_SEQUENCE;
 271
 272         PBE2PARAM_free(pbe2);
 273         pbe2 = NULL;
 274
 275         return ret;
 276
 277 merr:
 278         ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
 279
 280 err:
 281         PBE2PARAM_free(pbe2);
 282         /* Note 'scheme' is freed as part of pbe2 */
 283         X509_ALGOR_free(kalg);
 284         X509_ALGOR_free(ret);
 285
 286         return NULL;
 287 }
 288
 289 X509_ALGOR *
 290 PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 291     int saltlen)
 292 {
 293         return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
 294 }
 295
 296 X509_ALGOR *
 297 PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
 298     int keylen)
 299 {
 300         X509_ALGOR *keyfunc = NULL;
 301         PBKDF2PARAM *kdf = NULL;
 302         ASN1_OCTET_STRING *osalt = NULL;
 303
 304         if (!(kdf = PBKDF2PARAM_new()))
 305                 goto merr;
 306         if (!(osalt = ASN1_OCTET_STRING_new()))
 307                 goto merr;
 308
 309         kdf->salt->value.octet_string = osalt;
 310         kdf->salt->type = V_ASN1_OCTET_STRING;
 311
 312         if (!saltlen)
 313                 saltlen = PKCS5_SALT_LEN;
 314         if (!(osalt->data = malloc (saltlen)))
 315                 goto merr;
 316
 317         osalt->length = saltlen;
 318
 319         if (salt)
 320                 memcpy (osalt->data, salt, saltlen);
 321         else
 322                 arc4random_buf(osalt->data, saltlen);
 323
 324         if (iter <= 0)
 325                 iter = PKCS5_DEFAULT_ITER;
 326
 327         if (!ASN1_INTEGER_set(kdf->iter, iter))
 328                 goto merr;
 329
 330         /* If have a key len set it up */
 331
 332         if (keylen > 0) {
 333                 if (!(kdf->keylength = ASN1_INTEGER_new()))
 334                         goto merr;
 335                 if (!ASN1_INTEGER_set(kdf->keylength, keylen))
 336                         goto merr;
 337         }
 338
 339         /* prf can stay NULL if we are using hmacWithSHA1 */
 340         if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
 341                 kdf->prf = X509_ALGOR_new();
 342                 if (!kdf->prf)
 343                         goto merr;
 344                 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
 345                 V_ASN1_NULL, NULL);
 346         }
 347
 348         /* Finally setup the keyfunc structure */
 349
 350         keyfunc = X509_ALGOR_new();
 351         if (!keyfunc)
 352                 goto merr;
 353
 354         keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
 355
 356         /* Encode PBKDF2PARAM into parameter of pbe2 */
 357
 358         if (!(keyfunc->parameter = ASN1_TYPE_new()))
 359                 goto merr;
 360
 361         if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
 362                 &keyfunc->parameter->value.sequence))
 363                 goto merr;
 364         keyfunc->parameter->type = V_ASN1_SEQUENCE;
 365
 366         PBKDF2PARAM_free(kdf);
 367         return keyfunc;
 368
 369 merr:
 370         ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
 371         PBKDF2PARAM_free(kdf);
 372         X509_ALGOR_free(keyfunc);
 373         return NULL;
 374 }