]>
Commit | Line | Data |
---|---|---|
61f5b6f3 | 1 | /* evp_pbe.c */ |
cfcefcbe DSH |
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
3 | * project 1999. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
ec577822 BM |
60 | #include <openssl/evp.h> |
61 | #include <openssl/x509.h> | |
cfcefcbe DSH |
62 | #include "cryptlib.h" |
63 | ||
64 | /* Password based encryption (PBE) functions */ | |
65 | ||
66 | static STACK *pbe_algs; | |
67 | ||
68 | /* Setup a cipher context from a PBE algorithm */ | |
69 | ||
70 | typedef struct { | |
71 | int pbe_nid; | |
72 | EVP_CIPHER *cipher; | |
73 | EVP_MD *md; | |
74 | EVP_PBE_KEYGEN *keygen; | |
75 | } EVP_PBE_CTL; | |
76 | ||
61f5b6f3 | 77 | int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, |
6b691a5c UM |
78 | unsigned char *salt, int saltlen, int iter, EVP_CIPHER_CTX *ctx, |
79 | int en_de) | |
cfcefcbe DSH |
80 | { |
81 | ||
82 | EVP_PBE_CTL *pbetmp, pbelu; | |
83 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; | |
84 | int i; | |
85 | pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); | |
86 | if ((pbelu.pbe_nid != NID_undef) && pbe_algs) | |
87 | i = sk_find (pbe_algs, (char *)&pbelu); | |
88 | else i = -1; | |
89 | ||
90 | if (i == -1) { | |
91 | char obj_tmp[80]; | |
92 | EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); | |
93 | if (!pbe_obj) strcpy (obj_tmp, "NULL"); | |
94 | else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); | |
95 | ERR_add_error_data(2, "TYPE=", obj_tmp); | |
96 | return 0; | |
97 | } | |
e27cc13f | 98 | if (passlen == -1) passlen = strlen(pass); |
cfcefcbe DSH |
99 | pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); |
100 | i = (*pbetmp->keygen)(pass, passlen, salt, saltlen, iter, | |
101 | pbetmp->cipher, pbetmp->md, key, iv); | |
102 | if (!i) { | |
103 | EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); | |
104 | return 0; | |
105 | } | |
106 | EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de); | |
107 | return 1; | |
108 | } | |
109 | ||
110 | /* Setup a PBE algorithm but take most parameters from AlgorithmIdentifier */ | |
111 | ||
61f5b6f3 BL |
112 | int EVP_PBE_ALGOR_CipherInit (X509_ALGOR *algor, const char *pass, |
113 | int passlen, EVP_CIPHER_CTX *ctx, int en_de) | |
cfcefcbe DSH |
114 | { |
115 | PBEPARAM *pbe; | |
116 | int saltlen, iter; | |
117 | unsigned char *salt, *pbuf; | |
118 | ||
119 | /* Extract useful info from algor */ | |
61f5b6f3 | 120 | pbuf = algor->parameter->value.sequence->data; |
cfcefcbe DSH |
121 | if (!(pbe = d2i_PBEPARAM (NULL, &pbuf, |
122 | algor->parameter->value.sequence->length))) { | |
123 | EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_DECODE_ERROR); | |
124 | return 0; | |
125 | } | |
126 | ||
127 | if (!pbe->iter) iter = 1; | |
128 | else iter = ASN1_INTEGER_get (pbe->iter); | |
129 | salt = pbe->salt->data; | |
130 | saltlen = pbe->salt->length; | |
131 | ||
132 | if (!(EVP_PBE_CipherInit (algor->algorithm, pass, passlen, salt, | |
133 | saltlen, iter, ctx, en_de))) { | |
134 | EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_EVP_PBE_CIPHERINIT_ERROR); | |
135 | PBEPARAM_free(pbe); | |
136 | return 0; | |
137 | } | |
138 | PBEPARAM_free(pbe); | |
139 | return 1; | |
140 | } | |
141 | ||
142 | ||
6b691a5c | 143 | static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2) |
cfcefcbe DSH |
144 | { |
145 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); | |
146 | } | |
147 | ||
148 | /* Add a PBE algorithm */ | |
149 | ||
6b691a5c UM |
150 | int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md, |
151 | EVP_PBE_KEYGEN *keygen) | |
cfcefcbe DSH |
152 | { |
153 | EVP_PBE_CTL *pbe_tmp; | |
154 | if (!pbe_algs) pbe_algs = sk_new (pbe_cmp); | |
155 | if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) { | |
156 | EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); | |
157 | return 0; | |
158 | } | |
159 | pbe_tmp->pbe_nid = nid; | |
160 | pbe_tmp->cipher = cipher; | |
161 | pbe_tmp->md = md; | |
162 | pbe_tmp->keygen = keygen; | |
163 | sk_push (pbe_algs, (char *)pbe_tmp); | |
164 | return 1; | |
165 | } | |
ee0508d4 | 166 | |
6b691a5c | 167 | void EVP_PBE_cleanup(void) |
ee0508d4 DSH |
168 | { |
169 | sk_pop_free(pbe_algs, FreeFunc); | |
170 | } |