GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/asn1/p5_pbev2.c Lines: 68 92 73.9 %
Date: 2017-11-13 Branches: 27 58 46.6 %

Line Branch Exec Source
1
/* $OpenBSD: p5_pbev2.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 1999-2004.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
#include <stdlib.h>
61
#include <string.h>
62
63
#include <openssl/asn1t.h>
64
#include <openssl/err.h>
65
#include <openssl/x509.h>
66
67
/* PKCS#5 v2.0 password based encryption structures */
68
69
static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = {
70
	{
71
		.offset = offsetof(PBE2PARAM, keyfunc),
72
		.field_name = "keyfunc",
73
		.item = &X509_ALGOR_it,
74
	},
75
	{
76
		.offset = offsetof(PBE2PARAM, encryption),
77
		.field_name = "encryption",
78
		.item = &X509_ALGOR_it,
79
	},
80
};
81
82
const ASN1_ITEM PBE2PARAM_it = {
83
	.itype = ASN1_ITYPE_SEQUENCE,
84
	.utype = V_ASN1_SEQUENCE,
85
	.templates = PBE2PARAM_seq_tt,
86
	.tcount = sizeof(PBE2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
87
	.size = sizeof(PBE2PARAM),
88
	.sname = "PBE2PARAM",
89
};
90
91
92
PBE2PARAM *
93
d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len)
94
{
95
92
	return (PBE2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
96
	    &PBE2PARAM_it);
97
}
98
99
int
100
i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out)
101
{
102
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBE2PARAM_it);
103
}
104
105
PBE2PARAM *
106
PBE2PARAM_new(void)
107
{
108
32
	return (PBE2PARAM *)ASN1_item_new(&PBE2PARAM_it);
109
}
110
111
void
112
PBE2PARAM_free(PBE2PARAM *a)
113
{
114
124
	ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it);
115
62
}
116
117
static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = {
118
	{
119
		.offset = offsetof(PBKDF2PARAM, salt),
120
		.field_name = "salt",
121
		.item = &ASN1_ANY_it,
122
	},
123
	{
124
		.offset = offsetof(PBKDF2PARAM, iter),
125
		.field_name = "iter",
126
		.item = &ASN1_INTEGER_it,
127
	},
128
	{
129
		.flags = ASN1_TFLG_OPTIONAL,
130
		.offset = offsetof(PBKDF2PARAM, keylength),
131
		.field_name = "keylength",
132
		.item = &ASN1_INTEGER_it,
133
	},
134
	{
135
		.flags = ASN1_TFLG_OPTIONAL,
136
		.offset = offsetof(PBKDF2PARAM, prf),
137
		.field_name = "prf",
138
		.item = &X509_ALGOR_it,
139
	},
140
};
141
142
const ASN1_ITEM PBKDF2PARAM_it = {
143
	.itype = ASN1_ITYPE_SEQUENCE,
144
	.utype = V_ASN1_SEQUENCE,
145
	.templates = PBKDF2PARAM_seq_tt,
146
	.tcount = sizeof(PBKDF2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
147
	.size = sizeof(PBKDF2PARAM),
148
	.sname = "PBKDF2PARAM",
149
};
150
151
152
PBKDF2PARAM *
153
d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len)
154
{
155
92
	return (PBKDF2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
156
	    &PBKDF2PARAM_it);
157
}
158
159
int
160
i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out)
161
{
162
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBKDF2PARAM_it);
163
}
164
165
PBKDF2PARAM *
166
PBKDF2PARAM_new(void)
167
{
168
32
	return (PBKDF2PARAM *)ASN1_item_new(&PBKDF2PARAM_it);
169
}
170
171
void
172
PBKDF2PARAM_free(PBKDF2PARAM *a)
173
{
174
124
	ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it);
175
62
}
176
177
/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
178
 * yes I know this is horrible!
179
 *
180
 * Extended version to allow application supplied PRF NID and IV.
181
 */
182
183
X509_ALGOR *
184
PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
185
    int saltlen, unsigned char *aiv, int prf_nid)
186
{
187
	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
188
	int alg_nid, keylen;
189
16
	EVP_CIPHER_CTX ctx;
190
16
	unsigned char iv[EVP_MAX_IV_LENGTH];
191
	PBE2PARAM *pbe2 = NULL;
192
	ASN1_OBJECT *obj;
193
194
16
	alg_nid = EVP_CIPHER_type(cipher);
195
16
	if (alg_nid == NID_undef) {
196
		ASN1error(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
197
		goto err;
198
	}
199
16
	obj = OBJ_nid2obj(alg_nid);
200
201
16
	if (!(pbe2 = PBE2PARAM_new()))
202
		goto merr;
203
204
	/* Setup the AlgorithmIdentifier for the encryption scheme */
205
16
	scheme = pbe2->encryption;
206
207
16
	scheme->algorithm = obj;
208
16
	if (!(scheme->parameter = ASN1_TYPE_new()))
209
		goto merr;
210
211
	/* Create random IV */
212
16
	if (EVP_CIPHER_iv_length(cipher)) {
213
16
		if (aiv)
214
			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
215
		else
216
16
			arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
217
	}
218
219
16
	EVP_CIPHER_CTX_init(&ctx);
220
221
	/* Dummy cipherinit to just setup the IV, and PRF */
222
16
	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
223
		goto err;
224
16
	if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
225
		ASN1error(ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
226
		EVP_CIPHER_CTX_cleanup(&ctx);
227
		goto err;
228
	}
229
	/* If prf NID unspecified see if cipher has a preference.
230
	 * An error is OK here: just means use default PRF.
231
	 */
232

32
	if ((prf_nid == -1) &&
233
16
	    EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
234
16
		ERR_clear_error();
235
16
		prf_nid = NID_hmacWithSHA1;
236
16
	}
237
16
	EVP_CIPHER_CTX_cleanup(&ctx);
238
239
	/* If its RC2 then we'd better setup the key length */
240
241
16
	if (alg_nid == NID_rc2_cbc)
242
		keylen = EVP_CIPHER_key_length(cipher);
243
	else
244
		keylen = -1;
245
246
	/* Setup keyfunc */
247
248
16
	X509_ALGOR_free(pbe2->keyfunc);
249
250
16
	pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
251
252
16
	if (!pbe2->keyfunc)
253
		goto merr;
254
255
	/* Now set up top level AlgorithmIdentifier */
256
257
16
	if (!(ret = X509_ALGOR_new()))
258
		goto merr;
259
16
	if (!(ret->parameter = ASN1_TYPE_new()))
260
		goto merr;
261
262
16
	ret->algorithm = OBJ_nid2obj(NID_pbes2);
263
264
	/* Encode PBE2PARAM into parameter */
265
266
32
	if (!ASN1_item_pack(pbe2, &PBE2PARAM_it,
267
16
		&ret->parameter->value.sequence)) goto merr;
268
16
	ret->parameter->type = V_ASN1_SEQUENCE;
269
270
16
	PBE2PARAM_free(pbe2);
271
	pbe2 = NULL;
272
273
16
	return ret;
274
275
merr:
276
	ASN1error(ERR_R_MALLOC_FAILURE);
277
278
err:
279
	PBE2PARAM_free(pbe2);
280
	/* Note 'scheme' is freed as part of pbe2 */
281
	X509_ALGOR_free(kalg);
282
	X509_ALGOR_free(ret);
283
284
	return NULL;
285
16
}
286
287
X509_ALGOR *
288
PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
289
    int saltlen)
290
{
291
32
	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
292
}
293
294
X509_ALGOR *
295
PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
296
    int keylen)
297
{
298
	X509_ALGOR *keyfunc = NULL;
299
	PBKDF2PARAM *kdf = NULL;
300
	ASN1_OCTET_STRING *osalt = NULL;
301
302
32
	if (!(kdf = PBKDF2PARAM_new()))
303
		goto merr;
304
16
	if (!(osalt = ASN1_OCTET_STRING_new()))
305
		goto merr;
306
307
16
	kdf->salt->value.octet_string = osalt;
308
16
	kdf->salt->type = V_ASN1_OCTET_STRING;
309
310
16
	if (!saltlen)
311
16
		saltlen = PKCS5_SALT_LEN;
312
16
	if (!(osalt->data = malloc (saltlen)))
313
		goto merr;
314
315
16
	osalt->length = saltlen;
316
317
16
	if (salt)
318
		memcpy (osalt->data, salt, saltlen);
319
	else
320
16
		arc4random_buf(osalt->data, saltlen);
321
322
16
	if (iter <= 0)
323
12
		iter = PKCS5_DEFAULT_ITER;
324
325
16
	if (!ASN1_INTEGER_set(kdf->iter, iter))
326
		goto merr;
327
328
	/* If have a key len set it up */
329
330
16
	if (keylen > 0) {
331
		if (!(kdf->keylength = ASN1_INTEGER_new()))
332
			goto merr;
333
		if (!ASN1_INTEGER_set(kdf->keylength, keylen))
334
			goto merr;
335
	}
336
337
	/* prf can stay NULL if we are using hmacWithSHA1 */
338
16
	if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
339
		kdf->prf = X509_ALGOR_new();
340
		if (!kdf->prf)
341
			goto merr;
342
		X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
343
		V_ASN1_NULL, NULL);
344
	}
345
346
	/* Finally setup the keyfunc structure */
347
348
16
	keyfunc = X509_ALGOR_new();
349
16
	if (!keyfunc)
350
		goto merr;
351
352
16
	keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
353
354
	/* Encode PBKDF2PARAM into parameter of pbe2 */
355
356
16
	if (!(keyfunc->parameter = ASN1_TYPE_new()))
357
		goto merr;
358
359
32
	if (!ASN1_item_pack(kdf, &PBKDF2PARAM_it,
360
16
		&keyfunc->parameter->value.sequence))
361
		goto merr;
362
16
	keyfunc->parameter->type = V_ASN1_SEQUENCE;
363
364
16
	PBKDF2PARAM_free(kdf);
365
16
	return keyfunc;
366
367
merr:
368
	ASN1error(ERR_R_MALLOC_FAILURE);
369
	PBKDF2PARAM_free(kdf);
370
	X509_ALGOR_free(keyfunc);
371
	return NULL;
372
16
}