]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/crmf/crmf_pbm.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
2nd chunk: CRMF code (crypto/crmf/, ) and its integration
[thirdparty/openssl.git] / crypto / crmf / crmf_pbm.c
1 /*-
2 * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2018
4 * Copyright Siemens AG 2015-2018
5 *
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 *
11 * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12 */
13
14
15 #include <openssl/rand.h>
16 #include <openssl/evp.h>
17
18 #include "crmf_int.h"
19
20 /* explicit #includes not strictly needed since implied by the above: */
21 #include <openssl/asn1t.h>
22 #include <openssl/crmf.h>
23 #include <openssl/err.h>
24 #include <openssl/evp.h>
25
26 /*-
27 * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4)
28 * |slen| SHOULD be > 8 (16 is common)
29 * |owfnid| e.g., NID_sha256
30 * |itercnt| MUST be > 100 (500 is common)
31 * |macnid| e.g., NID_hmac_sha1
32 * returns pointer to OSSL_CRMF_PBMPARAMETER on success, NULL on error
33 */
34 OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid,
35 int itercnt, int macnid)
36 {
37 OSSL_CRMF_PBMPARAMETER *pbm = NULL;
38 unsigned char *salt = NULL;
39
40 if ((pbm = OSSL_CRMF_PBMPARAMETER_new()) == NULL) {
41 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, ERR_R_MALLOC_FAILURE);
42 goto err;
43 }
44
45 /*
46 * salt contains a randomly generated value used in computing the key
47 * of the MAC process. The salt SHOULD be at least 8 octets (64
48 * bits) long.
49 */
50 if ((salt = OPENSSL_malloc(slen)) == NULL) {
51 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, ERR_R_MALLOC_FAILURE);
52 goto err;
53 }
54 if (RAND_bytes(salt, (int)slen) <= 0) {
55 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_FAILURE_OBTAINING_RANDOM);
56 goto err;
57 }
58 if (!ASN1_OCTET_STRING_set(pbm->salt, salt, (int)slen))
59 goto err;
60
61 /*
62 * owf identifies the hash algorithm and associated parameters used to
63 * compute the key used in the MAC process. All implementations MUST
64 * support SHA-1.
65 */
66 if (!X509_ALGOR_set0(pbm->owf, OBJ_nid2obj(owfnid), V_ASN1_UNDEF, NULL)) {
67 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_SETTING_OWF_ALGOR_FAILURE);
68 goto err;
69 }
70
71 /*
72 * iterationCount identifies the number of times the hash is applied
73 * during the key computation process. The iterationCount MUST be a
74 * minimum of 100. Many people suggest using values as high as 1000
75 * iterations as the minimum value. The trade off here is between
76 * protection of the password from attacks and the time spent by the
77 * server processing all of the different iterations in deriving
78 * passwords. Hashing is generally considered a cheap operation but
79 * this may not be true with all hash functions in the future.
80 */
81 if (itercnt < 100) {
82 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_ITERATIONCOUNT_BELOW_100);
83 goto err;
84 }
85
86 if (!ASN1_INTEGER_set(pbm->iterationCount, itercnt)) {
87 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_CRMFERROR);
88 goto err;
89 }
90
91 /*
92 * mac identifies the algorithm and associated parameters of the MAC
93 * function to be used. All implementations MUST support HMAC-SHA1 [HMAC].
94 * All implementations SHOULD support DES-MAC and Triple-DES-MAC [PKCS11].
95 */
96 if (!X509_ALGOR_set0(pbm->mac, OBJ_nid2obj(macnid), V_ASN1_UNDEF, NULL)) {
97 CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_SETTING_MAC_ALGOR_FAILURE);
98 goto err;
99 }
100
101 OPENSSL_free(salt);
102 return pbm;
103 err:
104 OPENSSL_free(salt);
105 OSSL_CRMF_PBMPARAMETER_free(pbm);
106 return NULL;
107 }
108
109 /*-
110 * calculates the PBM based on the settings of the given OSSL_CRMF_PBMPARAMETER
111 * |pbmp| identifies the algorithms, salt to use
112 * |msg| message to apply the PBM for
113 * |msglen| length of the message
114 * |sec| key to use
115 * |seclen| length of the key
116 * |mac| pointer to the computed mac, will be set on success
117 * |maclen| if not NULL, will set variable to the length of the mac on success
118 * returns 1 on success, 0 on error
119 */
120 int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
121 const unsigned char *msg, size_t msglen,
122 const unsigned char *sec, size_t seclen,
123 unsigned char **mac, size_t *maclen)
124 {
125 int mac_nid, hmac_md_nid = NID_undef;
126 const EVP_MD *m = NULL;
127 EVP_MD_CTX *ctx = NULL;
128 unsigned char basekey[EVP_MAX_MD_SIZE];
129 unsigned int bklen = EVP_MAX_MD_SIZE;
130 int64_t iterations;
131 unsigned char *mac_res = 0;
132 int ok = 0;
133 EVP_MAC_CTX *mctx = NULL;
134
135 if (mac == NULL || pbmp == NULL || pbmp->mac == NULL
136 || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) {
137 CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_NULL_ARGUMENT);
138 goto err;
139 }
140 if ((mac_res = OPENSSL_malloc(EVP_MAX_MD_SIZE)) == NULL) {
141 CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, ERR_R_MALLOC_FAILURE);
142 goto err;
143 }
144
145 /*
146 * owf identifies the hash algorithm and associated parameters used to
147 * compute the key used in the MAC process. All implementations MUST
148 * support SHA-1.
149 */
150 if ((m = EVP_get_digestbyobj(pbmp->owf->algorithm)) == NULL) {
151 CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_UNSUPPORTED_ALGORITHM);
152 goto err;
153 }
154
155 if ((ctx = EVP_MD_CTX_new()) == NULL) {
156 CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, ERR_R_MALLOC_FAILURE);
157 goto err;
158 }
159
160 /* compute the basekey of the salted secret */
161 if (!EVP_DigestInit_ex(ctx, m, NULL))
162 goto err;
163 /* first the secret */
164 if (!EVP_DigestUpdate(ctx, sec, seclen))
165 goto err;
166 /* then the salt */
167 if (!EVP_DigestUpdate(ctx, pbmp->salt->data, pbmp->salt->length))
168 goto err;
169 if (!EVP_DigestFinal_ex(ctx, basekey, &bklen))
170 goto err;
171 if (!ASN1_INTEGER_get_int64(&iterations, pbmp->iterationCount)
172 || iterations < 100 /* min from RFC */
173 || iterations > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) {
174 CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_BAD_PBM_ITERATIONCOUNT);
175 goto err;
176 }
177
178 /* the first iteration was already done above */
179 while (--iterations > 0) {
180 if (!EVP_DigestInit_ex(ctx, m, NULL))
181 goto err;
182 if (!EVP_DigestUpdate(ctx, basekey, bklen))
183 goto err;
184 if (!EVP_DigestFinal_ex(ctx, basekey, &bklen))
185 goto err;
186 }
187
188 /*
189 * mac identifies the algorithm and associated parameters of the MAC
190 * function to be used. All implementations MUST support HMAC-SHA1 [HMAC].
191 * All implementations SHOULD support DES-MAC and Triple-DES-MAC [PKCS11].
192 */
193 mac_nid = OBJ_obj2nid(pbmp->mac->algorithm);
194
195 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL)
196 || ((m = EVP_get_digestbynid(hmac_md_nid)) == NULL)) {
197 CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_UNSUPPORTED_ALGORITHM);
198 goto err;
199 }
200
201 if ((mctx = EVP_MAC_CTX_new(EVP_get_macbyname("HMAC"))) == NULL
202 || EVP_MAC_ctrl(mctx, EVP_MAC_CTRL_SET_MD, m) <= 0
203 || EVP_MAC_ctrl(mctx, EVP_MAC_CTRL_SET_KEY, basekey, bklen) <= 0
204 || !EVP_MAC_init(mctx)
205 || !EVP_MAC_update(mctx, msg, msglen)
206 || !EVP_MAC_final(mctx, mac_res, maclen))
207 goto err;
208
209 ok = 1;
210
211 err:
212 /* cleanup */
213 OPENSSL_cleanse(basekey, bklen);
214 EVP_MAC_CTX_free(mctx);
215 EVP_MD_CTX_free(ctx);
216
217 if (ok == 1) {
218 *mac = mac_res;
219 return 1;
220 }
221
222 OPENSSL_free(mac_res);
223
224 if (pbmp != NULL && pbmp->mac != NULL) {
225 char buf[128];
226
227 if (OBJ_obj2txt(buf, sizeof(buf), pbmp->mac->algorithm, 0))
228 ERR_add_error_data(1, buf);
229 }
230 return 0;
231 }
A mirror of the official openssl repository