crypto/evp/pbe_scrypt.c

   1 /*
   2  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/evp.h>
  11 #include <openssl/err.h>
  12 #include <openssl/kdf.h>
  13 #include <openssl/core_names.h>
  14 #include "internal/numbers.h"
  15
  16 #ifndef OPENSSL_NO_SCRYPT
  17
  18 /*
  19  * Maximum permitted memory allow this to be overridden with Configuration
  20  * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
  21  */
  22
  23 #ifdef SCRYPT_MAX_MEM
  24 # if SCRYPT_MAX_MEM == 0
  25 #  undef SCRYPT_MAX_MEM
  26 /*
  27  * Although we could theoretically allocate SIZE_MAX memory that would leave
  28  * no memory available for anything else so set limit as half that.
  29  */
  30 #  define SCRYPT_MAX_MEM (SIZE_MAX/2)
  31 # endif
  32 #else
  33 /* Default memory limit: 32 MB */
  34 # define SCRYPT_MAX_MEM  (1024 * 1024 * 32)
  35 #endif
  36
  37 int EVP_PBE_scrypt(const char *pass, size_t passlen,
  38                    const unsigned char *salt, size_t saltlen,
  39                    uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
  40                    unsigned char *key, size_t keylen)
  41 {
  42     const char *empty = "";
  43     int rv = 1;
  44     EVP_KDF *kdf;
  45     EVP_KDF_CTX *kctx;
  46     OSSL_PARAM params[7], *z = params;
  47
  48     if (r > UINT32_MAX || p > UINT32_MAX) {
  49         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
  50         return 0;
  51     }
  52
  53     /* Maintain existing behaviour. */
  54     if (pass == NULL) {
  55         pass = empty;
  56         passlen = 0;
  57     }
  58     if (salt == NULL) {
  59         salt = (const unsigned char *)empty;
  60         saltlen = 0;
  61     }
  62     if (maxmem == 0)
  63         maxmem = SCRYPT_MAX_MEM;
  64
  65     kdf = EVP_KDF_fetch(NULL, SN_id_scrypt, NULL);
  66     kctx = EVP_KDF_CTX_new(kdf);
  67     EVP_KDF_free(kdf);
  68     if (kctx == NULL)
  69         return 0;
  70
  71     *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
  72                                               (unsigned char *)pass,
  73                                                       passlen);
  74     *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
  75                                              (unsigned char *)salt, saltlen);
  76     *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N);
  77     *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r);
  78     *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p);
  79     *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
  80     *z = OSSL_PARAM_construct_end();
  81     if (EVP_KDF_CTX_set_params(kctx, params) != 1
  82             || EVP_KDF_derive(kctx, key, keylen) != 1)
  83         rv = 0;
  84
  85     EVP_KDF_CTX_free(kctx);
  86     return rv;
  87 }
  88
  89 #endif