/* int max_len: for returned value */ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len) { asn1_int_oct *atmp = NULL; int ret = -1, n; if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { goto err; } atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a); if (atmp == NULL) goto err; if (num != NULL) *num = atmp->num; ret = ASN1_STRING_length(atmp->oct); if (max_len > ret) n = ret; else n = max_len; if (data != NULL) memcpy(data, ASN1_STRING_data(atmp->oct), n); if (ret == -1) { err: ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); } M_ASN1_free_of(atmp, asn1_int_oct); return ret; }
static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), alg->parameter); }
int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; EVP_PBE_KEYGEN *kdf; int rv = 0; pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param); if (pbe2 == NULL) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); goto err; } /* See if we recognise the key derivation function */ if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), NULL, NULL, &kdf)) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); goto err; } /* * lets see if we recognise the encryption algorithm. */ cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); if (!cipher) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER); goto err; } /* Fixup cipher based on AlgorithmIdentifier */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) goto err; if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); goto err; } rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de); err: PBE2PARAM_free(pbe2); return rv; }
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { RSA_OAEP_PARAMS *pss; *pmaskHash = NULL; pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), alg->parameter); if (!pss) return NULL; *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc); return pss; }
int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { PBEPARAM *pbe; int saltlen, iter, ret; unsigned char *salt; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; if (cipher == NULL) return 0; /* Extract useful info from parameter */ pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); if (pbe == NULL) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); return 0; } if (!pbe->iter) iter = 1; else iter = ASN1_INTEGER_get(pbe->iter); salt = pbe->salt->data; saltlen = pbe->salt->length; if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, iter, EVP_CIPHER_key_length(cipher), key, md)) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, iter, EVP_CIPHER_iv_length(cipher), iv, md)) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); return 0; } PBEPARAM_free(pbe); ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return ret; }
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) { RSA_OAEP_PARAMS *oaep; oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), alg->parameter); if (oaep == NULL) return NULL; if (oaep->maskGenFunc != NULL) { oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc); if (oaep->maskHash == NULL) { RSA_OAEP_PARAMS_free(oaep); return NULL; } } return oaep; }
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg) { RSA_PSS_PARAMS *pss; pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), alg->parameter); if (pss == NULL) return NULL; if (pss->maskGenAlgorithm != NULL) { pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); if (pss->maskHash == NULL) { RSA_PSS_PARAMS_free(pss); return NULL; } } return pss; }
int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; uint64_t p, r, N; size_t saltlen; size_t keylen = 0; int rv = 0; SCRYPT_PARAMS *sparam = NULL; if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET); goto err; } /* Decode parameter */ sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param); if (sparam == NULL) { EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR); goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); /* Now check the parameters of sparam */ if (sparam->keyLength) { uint64_t spkeylen; if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0) || (spkeylen != keylen)) { EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; } } /* Check all parameters fit in uint64_t and are acceptable to scrypt */ if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0 || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_ILLEGAL_SCRYPT_PARAMETERS); goto err; } /* it seems that its all OK */ salt = sparam->salt->data; saltlen = sparam->salt->length; if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen) == 0) goto err; rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); err: if (keylen) OPENSSL_cleanse(key, keylen); SCRYPT_PARAMS_free(sparam); return rv; }
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; int mdsize; int rv = 0; /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || param->value.sequence == NULL) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); return 0; } pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); if (pbe == NULL) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); return 0; } if (!pbe->iter) iter = 1; else iter = ASN1_INTEGER_get(pbe->iter); salt = pbe->salt->data; saltlen = pbe->salt->length; if (!pass) passlen = 0; else if (passlen == -1) passlen = strlen(pass); ctx = EVP_MD_CTX_new(); if (ctx == NULL) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_DigestInit_ex(ctx, md, NULL)) goto err; if (!EVP_DigestUpdate(ctx, pass, passlen)) goto err; if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); if (mdsize < 0) return 0; for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(ctx, md, NULL)) goto err; if (!EVP_DigestUpdate(ctx, md_tmp, mdsize)) goto err; if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: EVP_MD_CTX_free(ctx); return rv; }
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; int saltlen, iter; int rv = 0; unsigned int keylen = 0; int prf_nid, hmac_md_nid; PBKDF2PARAM *kdf = NULL; const EVP_MD *prfmd; if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); OPENSSL_assert(keylen <= sizeof(key)); /* Decode parameter */ kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param); if (kdf == NULL) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); /* Now check the parameters of the kdf */ if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; } if (kdf->prf) prf_nid = OBJ_obj2nid(kdf->prf->algorithm); else prf_nid = NID_hmacWithSHA1; if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); goto err; } prfmd = EVP_get_digestbynid(hmac_md_nid); if (prfmd == NULL) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); goto err; } if (kdf->salt->type != V_ASN1_OCTET_STRING) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE); goto err; } /* it seems that its all OK */ salt = kdf->salt->value.octet_string->data; saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, keylen, key)) goto err; rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); err: OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); return rv; }
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, int en_de) { CMS_EncryptedContentInfo *ec; CMS_PasswordRecipientInfo *pwri; int r = 0; X509_ALGOR *algtmp, *kekalg = NULL; EVP_CIPHER_CTX *kekctx = NULL; const EVP_CIPHER *kekcipher; unsigned char *key = NULL; size_t keylen; ec = cms->d.envelopedData->encryptedContentInfo; pwri = ri->d.pwri; if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); return 0; } algtmp = pwri->keyEncryptionAlgorithm; if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); return 0; } kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), algtmp->parameter); if (kekalg == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); return 0; } kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); if (!kekcipher) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER); return 0; } kekctx = EVP_CIPHER_CTX_new(); if (kekctx == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); return 0; } /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; EVP_CIPHER_CTX_set_padding(kekctx, 0); if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } algtmp = pwri->keyDerivationAlgorithm; /* Finish password based key derivation to setup key in "ctx" */ if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); goto err; } /* Finally wrap/unwrap the key */ if (en_de) { if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx)) goto err; key = OPENSSL_malloc(keylen); if (key == NULL) goto err; if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx)) goto err; pwri->encryptedKey->data = key; pwri->encryptedKey->length = keylen; } else { key = OPENSSL_malloc(pwri->encryptedKey->length); if (key == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data, pwri->encryptedKey->length, kekctx)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE); goto err; } ec->key = key; ec->keylen = keylen; } r = 1; err: EVP_CIPHER_CTX_free(kekctx); if (!r) OPENSSL_free(key); X509_ALGOR_free(kekalg); return r; }