]>
Commit | Line | Data |
---|---|---|
a95fb9e3 | 1 | /* |
fbd2ece1 | 2 | * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. |
a95fb9e3 | 3 | * |
4a8b0c55 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
62867571 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
a95fb9e3 DSH |
8 | */ |
9 | ||
a95fb9e3 | 10 | #include <openssl/evp.h> |
fef034f8 | 11 | #include <openssl/err.h> |
5a285add | 12 | #include <openssl/kdf.h> |
7707526b | 13 | #include <openssl/core_names.h> |
546ca2f4 | 14 | #include "internal/numbers.h" |
a95fb9e3 | 15 | |
b0809bc8 RS |
16 | #ifndef OPENSSL_NO_SCRYPT |
17 | ||
a95fb9e3 DSH |
18 | /* |
19 | * Maximum permitted memory allow this to be overridden with Configuration | |
20 | * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. | |
21 | */ | |
22 | ||
23 | #ifdef SCRYPT_MAX_MEM | |
24 | # if SCRYPT_MAX_MEM == 0 | |
25 | # undef SCRYPT_MAX_MEM | |
26 | /* | |
27 | * Although we could theoretically allocate SIZE_MAX memory that would leave | |
28 | * no memory available for anything else so set limit as half that. | |
29 | */ | |
30 | # define SCRYPT_MAX_MEM (SIZE_MAX/2) | |
31 | # endif | |
32 | #else | |
33 | /* Default memory limit: 32 MB */ | |
34 | # define SCRYPT_MAX_MEM (1024 * 1024 * 32) | |
35 | #endif | |
36 | ||
37 | int EVP_PBE_scrypt(const char *pass, size_t passlen, | |
38 | const unsigned char *salt, size_t saltlen, | |
39 | uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, | |
40 | unsigned char *key, size_t keylen) | |
41 | { | |
5a285add DM |
42 | const char *empty = ""; |
43 | int rv = 1; | |
7707526b | 44 | EVP_KDF *kdf; |
5a285add | 45 | EVP_KDF_CTX *kctx; |
7707526b | 46 | OSSL_PARAM params[7], *z = params; |
5a285add | 47 | |
4c3941c2 | 48 | if (r > UINT32_MAX || p > UINT32_MAX) { |
5ccada09 | 49 | EVPerr(0, EVP_R_PARAMETER_TOO_LARGE); |
4c3941c2 MC |
50 | return 0; |
51 | } | |
52 | ||
5a285add DM |
53 | /* Maintain existing behaviour. */ |
54 | if (pass == NULL) { | |
55 | pass = empty; | |
56 | passlen = 0; | |
a95fb9e3 | 57 | } |
253d7622 VS |
58 | if (salt == NULL) { |
59 | salt = (const unsigned char *)empty; | |
60 | saltlen = 0; | |
61 | } | |
a95fb9e3 DSH |
62 | if (maxmem == 0) |
63 | maxmem = SCRYPT_MAX_MEM; | |
44589b5d | 64 | |
b4250010 | 65 | /* Use OSSL_LIB_CTX_set0_default() if you need a library context */ |
64115f05 | 66 | kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL); |
660c5344 | 67 | kctx = EVP_KDF_CTX_new(kdf); |
7707526b | 68 | EVP_KDF_free(kdf); |
5a285add | 69 | if (kctx == NULL) |
a95fb9e3 | 70 | return 0; |
a95fb9e3 | 71 | |
7707526b P |
72 | *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, |
73 | (unsigned char *)pass, | |
74 | passlen); | |
75 | *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
76 | (unsigned char *)salt, saltlen); | |
77 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N); | |
78 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r); | |
79 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); | |
80 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); | |
81 | *z = OSSL_PARAM_construct_end(); | |
660c5344 | 82 | if (EVP_KDF_CTX_set_params(kctx, params) != 1 |
5a285add DM |
83 | || EVP_KDF_derive(kctx, key, keylen) != 1) |
84 | rv = 0; | |
85 | ||
660c5344 | 86 | EVP_KDF_CTX_free(kctx); |
a95fb9e3 DSH |
87 | return rv; |
88 | } | |
5a285add | 89 | |
b0809bc8 | 90 | #endif |