result_t crypto_base::pbkdf2(int32_t algo, Buffer_base* password,
Buffer_base* salt, int32_t iterations,
int32_t size, obj_ptr<Buffer_base>& retVal)
{
if (algo < hash_base::_MD2 || algo > hash_base::_RIPEMD160)
return CHECK_ERROR(CALL_E_INVALIDARG);
qstring str_pass;
qstring str_salt;
qstring str_key;
password->toString(str_pass);
salt->toString(str_salt);
str_key.resize(size);
mbedtls_md_context_t ctx;
mbedtls_md_setup(&ctx, mbedtls_md_info_from_type((mbedtls_md_type_t)algo), 1);
mbedtls_pkcs5_pbkdf2_hmac(&ctx, (const unsigned char *)str_pass.c_str(), str_pass.length(),
(const unsigned char *)str_salt.c_str(), str_salt.length(),
iterations, size, (unsigned char *)&str_key[0]);
mbedtls_md_free(&ctx);
retVal = new Buffer(str_key);
return 0;
}
/*JSON{
"type" : "staticmethod",
"class" : "crypto",
"name" : "PBKDF2",
"generate" : "jswrap_crypto_PBKDF2",
"params" : [
["passphrase","JsVar","Passphrase"],
["salt","JsVar","Salt for turning passphrase into a key"],
["options","JsVar","Object of Options, `{ keySize: 8 (in 32 bit words), iterations: 10, hasher: 'SHA1'/'SHA224'/'SHA256'/'SHA384'/'SHA512' }`"]
],
"return" : ["JsVar","Returns an ArrayBuffer"],
"return_object" : "ArrayBuffer",
"ifdef" : "USE_TLS"
}
Password-Based Key Derivation Function 2 algorithm, using SHA512
*/
JsVar *jswrap_crypto_PBKDF2(JsVar *passphrase, JsVar *salt, JsVar *options) {
int iterations = 1;
int keySize = 128/32;
mbedtls_md_type_t hasher = MBEDTLS_MD_SHA1;
if (jsvIsObject(options)) {
keySize = jsvGetIntegerAndUnLock(jsvObjectGetChild(options, "keySize", 0));
if (keySize<=0) keySize=128/32;
iterations = jsvGetIntegerAndUnLock(jsvObjectGetChild(options, "iterations", 0));
if (iterations<1) iterations = 1;
JsVar *hashVar = jsvObjectGetChild(options, "hasher", 0);
if (!jsvIsUndefined(hashVar))
hasher = jswrap_crypto_getHasher(hashVar);
jsvUnLock(hashVar);
} else if (!jsvIsUndefined(options))
jsError("Options should be an object or undefined, got %t", options);
if (hasher == MBEDTLS_MD_NONE)
return 0; // already shown an error
JSV_GET_AS_CHAR_ARRAY(passPtr, passLen, passphrase);
if (!passPtr) return 0;
JSV_GET_AS_CHAR_ARRAY(saltPtr, saltLen, salt);
if (!saltPtr) return 0;
int err;
mbedtls_md_context_t ctx;
mbedtls_md_init( &ctx );
err = mbedtls_md_setup( &ctx, mbedtls_md_info_from_type( hasher ), 1 );
assert(err==0);
char *keyPtr = 0;
JsVar *keyArr = jsvNewArrayBufferWithPtr((unsigned)keySize*4, &keyPtr);
if (!keyPtr) {
jsError("Not enough memory for result");
return 0;
}
err = mbedtls_pkcs5_pbkdf2_hmac( &ctx,
(unsigned char*)passPtr, passLen,
(unsigned char*)saltPtr, saltLen,
(unsigned)iterations,
(unsigned)keySize*4, (unsigned char*)keyPtr );
mbedtls_md_free( &ctx );
if (!err) {
return keyArr;
} else {
jswrap_crypto_error(err);
jsvUnLock(keyArr);
return 0;
}
}
int mbedtls_pkcs5_self_test( int verbose )
{
mbedtls_md_context_t sha1_ctx;
const mbedtls_md_info_t *info_sha1;
int ret, i;
unsigned char key[64];
mbedtls_md_init( &sha1_ctx );
info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
if( info_sha1 == NULL )
{
ret = 1;
goto exit;
}
if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
{
ret = 1;
goto exit;
}
for( i = 0; i < MAX_TESTS; i++ )
{
if( verbose != 0 )
mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i );
ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
slen[i], it_cnt[i], key_len[i], key );
if( ret != 0 ||
memcmp( result_key[i], key, key_len[i] ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
ret = 1;
goto exit;
}
if( verbose != 0 )
mbedtls_printf( "passed\n" );
}
if( verbose != 0 )
mbedtls_printf( "\n" );
exit:
mbedtls_md_free( &sha1_ctx );
return( ret );
}
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output )
{
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end;
mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
mbedtls_asn1_buf salt;
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
size_t olen = 0;
const mbedtls_md_info_t *md_info;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_md_context_t md_ctx;
mbedtls_cipher_type_t cipher_alg;
mbedtls_cipher_context_t cipher_ctx;
p = pbe_params->p;
end = p + pbe_params->len;
/*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
* }
*/
if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
// Only PBKDF2 supported at the moment
//
if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
&salt, &iterations, &keylen,
&md_type ) ) != 0 )
{
return( ret );
}
md_info = mbedtls_md_info_from_type( md_type );
if( md_info == NULL )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
&enc_scheme_params ) ) != 0 )
{
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
}
if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
if( cipher_info == NULL )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
/*
* The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
* since it is optional and we don't know if it was set or not
*/
keylen = cipher_info->key_bitlen / 8;
if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
enc_scheme_params.len != cipher_info->iv_size )
{
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
}
mbedtls_md_init( &md_ctx );
mbedtls_cipher_init( &cipher_ctx );
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
goto exit;
if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
iterations, keylen, key ) ) != 0 )
{
goto exit;
}
if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
goto exit;
if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
data, datalen, output, &olen ) ) != 0 )
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
exit:
mbedtls_md_free( &md_ctx );
mbedtls_cipher_free( &cipher_ctx );
return( ret );
}
