X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=libtomcrypt%2Fsrc%2Fmisc%2Fpkcs5%2Fpkcs_5_1.c;fp=libtomcrypt%2Fsrc%2Fmisc%2Fpkcs5%2Fpkcs_5_1.c;h=10325de221d82998e5d2159b734c624f77aea01b;hb=66bc25938679f1d6a1d1200f329093d82a5e99b4;hp=0000000000000000000000000000000000000000;hpb=a52ee0733f420ca20224049260d6fc5cf7d8f621;p=zpackage

diff --git a/libtomcrypt/src/misc/pkcs5/pkcs_5_1.c b/libtomcrypt/src/misc/pkcs5/pkcs_5_1.c
new file mode 100644
index 0000000..10325de
--- /dev/null
+++ b/libtomcrypt/src/misc/pkcs5/pkcs_5_1.c
@@ -0,0 +1,187 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt.h"
+
+/**
+   @file pkcs_5_1.c
+   PKCS #5, Algorithm #1, Tom St Denis
+*/
+#ifdef LTC_PKCS_5
+/**
+   Execute PKCS #5 v1 in strict or OpenSSL EVP_BytesToKey()-compat mode.
+
+   PKCS#5 v1 specifies that the output key length can be no larger than
+   the hash output length.  OpenSSL unilaterally extended that by repeating
+   the hash process on a block-by-block basis for as long as needed to make
+   bigger keys.  If you want to be compatible with KDF for e.g. "openssl enc",
+   you'll want that.
+
+   If you want strict PKCS behavior, turn openssl_compat off.  Or (more
+   likely), use one of the convenience functions below.
+
+   @param password         The password (or key)
+   @param password_len     The length of the password (octet)
+   @param salt             The salt (or nonce) which is 8 octets long
+   @param iteration_count  The PKCS #5 v1 iteration count
+   @param hash_idx         The index of the hash desired
+   @param out              [out] The destination for this algorithm
+   @param outlen           [in/out] The max size and resulting size of the algorithm output
+   @param openssl_compat   [in] Whether or not to grow the key to the buffer size ala OpenSSL
+   @return CRYPT_OK if successful
+*/
+static int _pkcs_5_alg1_common(const unsigned char *password,
+                       unsigned long password_len,
+                       const unsigned char *salt,
+                       int iteration_count,  int hash_idx,
+                       unsigned char *out,   unsigned long *outlen,
+                       int openssl_compat)
+{
+   int err;
+   unsigned long x;
+   hash_state    *md;
+   unsigned char *buf;
+   /* Storage vars in case we need to support > hashsize (OpenSSL compat) */
+   unsigned long block = 0, iter;
+   /* How many bytes to put in the outbut buffer (convenience calc) */
+   unsigned long outidx = 0, nb = 0;
+
+   LTC_ARGCHK(password != NULL);
+   LTC_ARGCHK(salt     != NULL);
+   LTC_ARGCHK(out      != NULL);
+   LTC_ARGCHK(outlen   != NULL);
+
+   /* test hash IDX */
+   if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* allocate memory */
+   md  = XMALLOC(sizeof(hash_state));
+   buf = XMALLOC(MAXBLOCKSIZE);
+   if (md == NULL || buf == NULL) {
+      if (md != NULL) {
+         XFREE(md);
+      }
+      if (buf != NULL) {
+         XFREE(buf);
+      }
+      return CRYPT_MEM;
+   }
+
+   while(block * hash_descriptor[hash_idx].hashsize < *outlen) {
+
+      /* hash initial (maybe previous hash) + password + salt */
+      if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) {
+          goto LBL_ERR;
+      }
+      /* in OpenSSL mode, we first hash the previous result for blocks 2-n */
+      if (openssl_compat && block) {
+          if ((err = hash_descriptor[hash_idx].process(md, buf, hash_descriptor[hash_idx].hashsize)) != CRYPT_OK) {
+              goto LBL_ERR;
+          }
+      }
+      if ((err = hash_descriptor[hash_idx].process(md, password, password_len)) != CRYPT_OK) {
+          goto LBL_ERR;
+      }
+      if ((err = hash_descriptor[hash_idx].process(md, salt, 8)) != CRYPT_OK) {
+          goto LBL_ERR;
+      }
+      if ((err = hash_descriptor[hash_idx].done(md, buf)) != CRYPT_OK) {
+          goto LBL_ERR;
+      }
+
+      iter = iteration_count;
+      while (--iter) {
+         /* code goes here. */
+         x = MAXBLOCKSIZE;
+         if ((err = hash_memory(hash_idx, buf, hash_descriptor[hash_idx].hashsize, buf, &x)) != CRYPT_OK) {
+            goto LBL_ERR;
+         }
+      }
+
+      /* limit the size of the copy to however many bytes we have left in
+         the output buffer (and how many bytes we have to copy) */
+      outidx = block*hash_descriptor[hash_idx].hashsize;
+      nb = hash_descriptor[hash_idx].hashsize;
+      if(outidx+nb > *outlen)
+          nb = *outlen - outidx;
+      if(nb > 0)
+          XMEMCPY(out+outidx, buf, nb);
+
+      block++;
+      if (!openssl_compat)
+          break;
+   }
+   /* In strict mode, we always return the hashsize, in compat we filled it
+      as much as was requested, so we leave it alone. */
+   if(!openssl_compat)
+      *outlen = hash_descriptor[hash_idx].hashsize;
+
+   err = CRYPT_OK;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(buf, MAXBLOCKSIZE);
+   zeromem(md, sizeof(hash_state));
+#endif
+
+   XFREE(buf);
+   XFREE(md);
+
+   return err;
+}
+
+/**
+   Execute PKCS #5 v1 - Strict mode (no OpenSSL-compatible extension)
+   @param password         The password (or key)
+   @param password_len     The length of the password (octet)
+   @param salt             The salt (or nonce) which is 8 octets long
+   @param iteration_count  The PKCS #5 v1 iteration count
+   @param hash_idx         The index of the hash desired
+   @param out              [out] The destination for this algorithm
+   @param outlen           [in/out] The max size and resulting size of the algorithm output
+   @return CRYPT_OK if successful
+*/
+int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
+                const unsigned char *salt,
+                int iteration_count,  int hash_idx,
+                unsigned char *out,   unsigned long *outlen)
+{
+   return _pkcs_5_alg1_common(password, password_len, salt, iteration_count,
+                             hash_idx, out, outlen, 0);
+}
+
+/**
+   Execute PKCS #5 v1 - OpenSSL-extension-compatible mode
+
+   Use this one if you need to derive keys as "openssl enc" does by default.
+   OpenSSL (for better or worse), uses MD5 as the hash and iteration_count=1.
+   @param password         The password (or key)
+   @param password_len     The length of the password (octet)
+   @param salt             The salt (or nonce) which is 8 octets long
+   @param iteration_count  The PKCS #5 v1 iteration count
+   @param hash_idx         The index of the hash desired
+   @param out              [out] The destination for this algorithm
+   @param outlen           [in/out] The max size and resulting size of the algorithm output
+   @return CRYPT_OK if successful
+*/
+int pkcs_5_alg1_openssl(const unsigned char *password,
+                        unsigned long password_len,
+                        const unsigned char *salt,
+                        int iteration_count,  int hash_idx,
+                        unsigned char *out,   unsigned long *outlen)
+{
+   return _pkcs_5_alg1_common(password, password_len, salt, iteration_count,
+                             hash_idx, out, outlen, 1);
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */