GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/crypto/../../libssl/src/crypto/asn1/p5_pbev2.c Lines: 0 109 0.0 %
Date: 2016-12-06 Branches: 0 58 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: p5_pbev2.c,v 1.23 2015/09/30 18:41:06 jsing Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 1999-2004.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
#include <stdlib.h>
61
#include <string.h>
62
63
#include <openssl/asn1t.h>
64
#include <openssl/err.h>
65
#include <openssl/x509.h>
66
67
/* PKCS#5 v2.0 password based encryption structures */
68
69
static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = {
70
	{
71
		.offset = offsetof(PBE2PARAM, keyfunc),
72
		.field_name = "keyfunc",
73
		.item = &X509_ALGOR_it,
74
	},
75
	{
76
		.offset = offsetof(PBE2PARAM, encryption),
77
		.field_name = "encryption",
78
		.item = &X509_ALGOR_it,
79
	},
80
};
81
82
const ASN1_ITEM PBE2PARAM_it = {
83
	.itype = ASN1_ITYPE_SEQUENCE,
84
	.utype = V_ASN1_SEQUENCE,
85
	.templates = PBE2PARAM_seq_tt,
86
	.tcount = sizeof(PBE2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
87
	.size = sizeof(PBE2PARAM),
88
	.sname = "PBE2PARAM",
89
};
90
91
92
PBE2PARAM *
93
d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len)
94
{
95
	return (PBE2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
96
	    &PBE2PARAM_it);
97
}
98
99
int
100
i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out)
101
{
102
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBE2PARAM_it);
103
}
104
105
PBE2PARAM *
106
PBE2PARAM_new(void)
107
{
108
	return (PBE2PARAM *)ASN1_item_new(&PBE2PARAM_it);
109
}
110
111
void
112
PBE2PARAM_free(PBE2PARAM *a)
113
{
114
	ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it);
115
}
116
117
static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = {
118
	{
119
		.offset = offsetof(PBKDF2PARAM, salt),
120
		.field_name = "salt",
121
		.item = &ASN1_ANY_it,
122
	},
123
	{
124
		.offset = offsetof(PBKDF2PARAM, iter),
125
		.field_name = "iter",
126
		.item = &ASN1_INTEGER_it,
127
	},
128
	{
129
		.flags = ASN1_TFLG_OPTIONAL,
130
		.offset = offsetof(PBKDF2PARAM, keylength),
131
		.field_name = "keylength",
132
		.item = &ASN1_INTEGER_it,
133
	},
134
	{
135
		.flags = ASN1_TFLG_OPTIONAL,
136
		.offset = offsetof(PBKDF2PARAM, prf),
137
		.field_name = "prf",
138
		.item = &X509_ALGOR_it,
139
	},
140
};
141
142
const ASN1_ITEM PBKDF2PARAM_it = {
143
	.itype = ASN1_ITYPE_SEQUENCE,
144
	.utype = V_ASN1_SEQUENCE,
145
	.templates = PBKDF2PARAM_seq_tt,
146
	.tcount = sizeof(PBKDF2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
147
	.size = sizeof(PBKDF2PARAM),
148
	.sname = "PBKDF2PARAM",
149
};
150
151
152
PBKDF2PARAM *
153
d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len)
154
{
155
	return (PBKDF2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
156
	    &PBKDF2PARAM_it);
157
}
158
159
int
160
i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out)
161
{
162
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBKDF2PARAM_it);
163
}
164
165
PBKDF2PARAM *
166
PBKDF2PARAM_new(void)
167
{
168
	return (PBKDF2PARAM *)ASN1_item_new(&PBKDF2PARAM_it);
169
}
170
171
void
172
PBKDF2PARAM_free(PBKDF2PARAM *a)
173
{
174
	ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it);
175
}
176
177
/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
178
 * yes I know this is horrible!
179
 *
180
 * Extended version to allow application supplied PRF NID and IV.
181
 */
182
183
X509_ALGOR *
184
PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
185
    int saltlen, unsigned char *aiv, int prf_nid)
186
{
187
	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
188
	int alg_nid, keylen;
189
	EVP_CIPHER_CTX ctx;
190
	unsigned char iv[EVP_MAX_IV_LENGTH];
191
	PBE2PARAM *pbe2 = NULL;
192
	ASN1_OBJECT *obj;
193
194
	alg_nid = EVP_CIPHER_type(cipher);
195
	if (alg_nid == NID_undef) {
196
		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
197
		ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
198
		goto err;
199
	}
200
	obj = OBJ_nid2obj(alg_nid);
201
202
	if (!(pbe2 = PBE2PARAM_new()))
203
		goto merr;
204
205
	/* Setup the AlgorithmIdentifier for the encryption scheme */
206
	scheme = pbe2->encryption;
207
208
	scheme->algorithm = obj;
209
	if (!(scheme->parameter = ASN1_TYPE_new()))
210
		goto merr;
211
212
	/* Create random IV */
213
	if (EVP_CIPHER_iv_length(cipher)) {
214
		if (aiv)
215
			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
216
		else
217
			arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
218
	}
219
220
	EVP_CIPHER_CTX_init(&ctx);
221
222
	/* Dummy cipherinit to just setup the IV, and PRF */
223
	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
224
		goto err;
225
	if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
226
		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
227
		ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
228
		EVP_CIPHER_CTX_cleanup(&ctx);
229
		goto err;
230
	}
231
	/* If prf NID unspecified see if cipher has a preference.
232
	 * An error is OK here: just means use default PRF.
233
	 */
234
	if ((prf_nid == -1) &&
235
	    EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
236
		ERR_clear_error();
237
		prf_nid = NID_hmacWithSHA1;
238
	}
239
	EVP_CIPHER_CTX_cleanup(&ctx);
240
241
	/* If its RC2 then we'd better setup the key length */
242
243
	if (alg_nid == NID_rc2_cbc)
244
		keylen = EVP_CIPHER_key_length(cipher);
245
	else
246
		keylen = -1;
247
248
	/* Setup keyfunc */
249
250
	X509_ALGOR_free(pbe2->keyfunc);
251
252
	pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
253
254
	if (!pbe2->keyfunc)
255
		goto merr;
256
257
	/* Now set up top level AlgorithmIdentifier */
258
259
	if (!(ret = X509_ALGOR_new()))
260
		goto merr;
261
	if (!(ret->parameter = ASN1_TYPE_new()))
262
		goto merr;
263
264
	ret->algorithm = OBJ_nid2obj(NID_pbes2);
265
266
	/* Encode PBE2PARAM into parameter */
267
268
	if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
269
		&ret->parameter->value.sequence)) goto merr;
270
	ret->parameter->type = V_ASN1_SEQUENCE;
271
272
	PBE2PARAM_free(pbe2);
273
	pbe2 = NULL;
274
275
	return ret;
276
277
merr:
278
	ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
279
280
err:
281
	PBE2PARAM_free(pbe2);
282
	/* Note 'scheme' is freed as part of pbe2 */
283
	X509_ALGOR_free(kalg);
284
	X509_ALGOR_free(ret);
285
286
	return NULL;
287
}
288
289
X509_ALGOR *
290
PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
291
    int saltlen)
292
{
293
	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
294
}
295
296
X509_ALGOR *
297
PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
298
    int keylen)
299
{
300
	X509_ALGOR *keyfunc = NULL;
301
	PBKDF2PARAM *kdf = NULL;
302
	ASN1_OCTET_STRING *osalt = NULL;
303
304
	if (!(kdf = PBKDF2PARAM_new()))
305
		goto merr;
306
	if (!(osalt = ASN1_OCTET_STRING_new()))
307
		goto merr;
308
309
	kdf->salt->value.octet_string = osalt;
310
	kdf->salt->type = V_ASN1_OCTET_STRING;
311
312
	if (!saltlen)
313
		saltlen = PKCS5_SALT_LEN;
314
	if (!(osalt->data = malloc (saltlen)))
315
		goto merr;
316
317
	osalt->length = saltlen;
318
319
	if (salt)
320
		memcpy (osalt->data, salt, saltlen);
321
	else
322
		arc4random_buf(osalt->data, saltlen);
323
324
	if (iter <= 0)
325
		iter = PKCS5_DEFAULT_ITER;
326
327
	if (!ASN1_INTEGER_set(kdf->iter, iter))
328
		goto merr;
329
330
	/* If have a key len set it up */
331
332
	if (keylen > 0) {
333
		if (!(kdf->keylength = ASN1_INTEGER_new()))
334
			goto merr;
335
		if (!ASN1_INTEGER_set(kdf->keylength, keylen))
336
			goto merr;
337
	}
338
339
	/* prf can stay NULL if we are using hmacWithSHA1 */
340
	if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
341
		kdf->prf = X509_ALGOR_new();
342
		if (!kdf->prf)
343
			goto merr;
344
		X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
345
		V_ASN1_NULL, NULL);
346
	}
347
348
	/* Finally setup the keyfunc structure */
349
350
	keyfunc = X509_ALGOR_new();
351
	if (!keyfunc)
352
		goto merr;
353
354
	keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
355
356
	/* Encode PBKDF2PARAM into parameter of pbe2 */
357
358
	if (!(keyfunc->parameter = ASN1_TYPE_new()))
359
		goto merr;
360
361
	if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
362
		&keyfunc->parameter->value.sequence))
363
		goto merr;
364
	keyfunc->parameter->type = V_ASN1_SEQUENCE;
365
366
	PBKDF2PARAM_free(kdf);
367
	return keyfunc;
368
369
merr:
370
	ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
371
	PBKDF2PARAM_free(kdf);
372
	X509_ALGOR_free(keyfunc);
373
	return NULL;
374
}