首页 发现 帮助
注册 登录
Apq
/
winscp
镜像自地址 https://github.com/winscp/winscp.git
1
0
派生 0
文件 工单管理 0 Wiki
目录树: 63acc45b4b
分支列表 标签列表
winscp
/
libs
/
openssl
/
crypto
/
kdf
/
scrypt.c

scrypt.c 6.5 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266 
  1. /*
    2. 

  2.  * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the OpenSSL license (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #include <stdlib.h>
    11. 

  11. #include <string.h>
    12. 

  12. #include <openssl/hmac.h>
    13. 

  13. #include <openssl/kdf.h>
    14. 

  14. #include <openssl/evp.h>
    15. 

  15. #include "internal/cryptlib.h"
    16. 

  16. #include "internal/evp_int.h"
    17. 

  17. 

  18. #ifndef OPENSSL_NO_SCRYPT
    19. 

  19. 

  20. static int atou64(const char *nptr, uint64_t *result);
    21. 

  21. 

  22. typedef struct {
    23. 

  23.     unsigned char *pass;
    24. 

  24.     size_t pass_len;
    25. 

  25.     unsigned char *salt;
    26. 

  26.     size_t salt_len;
    27. 

  27.     uint64_t N, r, p;
    28. 

  28.     uint64_t maxmem_bytes;
    29. 

  29. } SCRYPT_PKEY_CTX;
    30. 

  30. 

  31. /* Custom uint64_t parser since we do not have strtoull */
    32. 

  32. static int atou64(const char *nptr, uint64_t *result)
    33. 

  33. {
    34. 

  34.     uint64_t value = 0;
    35. 

  35. 

  36.     while (*nptr) {
    37. 

  37.         unsigned int digit;
    38. 

  38.         uint64_t new_value;
    39. 

  39. 

  40.         if ((*nptr < '0') || (*nptr > '9')) {
    41. 

  41.             return 0;
    42. 

  42.         }
    43. 

  43.         digit = (unsigned int)(*nptr - '0');
    44. 

  44.         new_value = (value * 10) + digit;
    45. 

  45.         if ((new_value < digit) || ((new_value - digit) / 10 != value)) {
    46. 

  46.             /* Overflow */
    47. 

  47.             return 0;
    48. 

  48.         }
    49. 

  49.         value = new_value;
    50. 

  50.         nptr++;
    51. 

  51.     }
    52. 

  52.     *result = value;
    53. 

  53.     return 1;
    54. 

  54. }
    55. 

  55. 

  56. static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
    57. 

  57. {
    58. 

  58.     SCRYPT_PKEY_CTX *kctx;
    59. 

  59. 

  60.     kctx = OPENSSL_zalloc(sizeof(*kctx));
    61. 

  61.     if (kctx == NULL) {
    62. 

  62.         KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
    63. 

  63.         return 0;
    64. 

  64.     }
    65. 

  65. 

  66.     /* Default values are the most conservative recommendation given in the
    67. 

  67.      * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
    68. 

  68.      * for this parameter choice (approx. 128 * r * (N + p) bytes).
    69. 

  69.      */
    70. 

  70.     kctx->N = 1 << 20;
    71. 

  71.     kctx->r = 8;
    72. 

  72.     kctx->p = 1;
    73. 

  73.     kctx->maxmem_bytes = 1025 * 1024 * 1024;
    74. 

  74. 

  75.     ctx->data = kctx;
    76. 

  76. 

  77.     return 1;
    78. 

  78. }
    79. 

  79. 

  80. static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx)
    81. 

  81. {
    82. 

  82.     SCRYPT_PKEY_CTX *kctx = ctx->data;
    83. 

  83. 

  84.     OPENSSL_clear_free(kctx->salt, kctx->salt_len);
    85. 

  85.     OPENSSL_clear_free(kctx->pass, kctx->pass_len);
    86. 

  86.     OPENSSL_free(kctx);
    87. 

  87. }
    88. 

  88. 

  89. static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
    90. 

  90.                                   const unsigned char *new_buffer,
    91. 

  91.                                   const int new_buflen)
    92. 

  92. {
    93. 

  93.     if (new_buffer == NULL)
    94. 

  94.         return 1;
    95. 

  95. 

  96.     if (new_buflen < 0)
    97. 

  97.         return 0;
    98. 

  98. 

  99.     if (*buffer != NULL)
    100. 

  100.         OPENSSL_clear_free(*buffer, *buflen);
    101. 

  101. 

  102.     if (new_buflen > 0) {
    103. 

  103.         *buffer = OPENSSL_memdup(new_buffer, new_buflen);
    104. 

  104.     } else {
    105. 

  105.         *buffer = OPENSSL_malloc(1);
    106. 

  106.     }
    107. 

  107.     if (*buffer == NULL) {
    108. 

  108.         KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
    109. 

  109.         return 0;
    110. 

  110.     }
    111. 

  111. 

  112.     *buflen = new_buflen;
    113. 

  113.     return 1;
    114. 

  114. }
    115. 

  115. 

  116. static int is_power_of_two(uint64_t value)
    117. 

  117. {
    118. 

  118.     return (value != 0) && ((value & (value - 1)) == 0);
    119. 

  119. }
    120. 

  120. 

  121. static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
    122. 

  122. {
    123. 

  123.     SCRYPT_PKEY_CTX *kctx = ctx->data;
    124. 

  124.     uint64_t u64_value;
    125. 

  125. 

  126.     switch (type) {
    127. 

  127.     case EVP_PKEY_CTRL_PASS:
    128. 

  128.         return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1);
    129. 

  129. 

  130.     case EVP_PKEY_CTRL_SCRYPT_SALT:
    131. 

  131.         return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1);
    132. 

  132. 

  133.     case EVP_PKEY_CTRL_SCRYPT_N:
    134. 

  134.         u64_value = *((uint64_t *)p2);
    135. 

  135.         if ((u64_value <= 1) || !is_power_of_two(u64_value))
    136. 

  136.             return 0;
    137. 

  137.         kctx->N = u64_value;
    138. 

  138.         return 1;
    139. 

  139. 

  140.     case EVP_PKEY_CTRL_SCRYPT_R:
    141. 

  141.         u64_value = *((uint64_t *)p2);
    142. 

  142.         if (u64_value < 1)
    143. 

  143.             return 0;
    144. 

  144.         kctx->r = u64_value;
    145. 

  145.         return 1;
    146. 

  146. 

  147.     case EVP_PKEY_CTRL_SCRYPT_P:
    148. 

  148.         u64_value = *((uint64_t *)p2);
    149. 

  149.         if (u64_value < 1)
    150. 

  150.             return 0;
    151. 

  151.         kctx->p = u64_value;
    152. 

  152.         return 1;
    153. 

  153. 

  154.     case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
    155. 

  155.         u64_value = *((uint64_t *)p2);
    156. 

  156.         if (u64_value < 1)
    157. 

  157.             return 0;
    158. 

  158.         kctx->maxmem_bytes = u64_value;
    159. 

  159.         return 1;
    160. 

  160. 

  161.     default:
    162. 

  162.         return -2;
    163. 

  163. 

  164.     }
    165. 

  165. }
    166. 

  166. 

  167. static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type,
    168. 

  168.                                    const char *value)
    169. 

  169. {
    170. 

  170.     uint64_t int_value;
    171. 

  171. 

  172.     if (!atou64(value, &int_value)) {
    173. 

  173.         KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
    174. 

  174.         return 0;
    175. 

  175.     }
    176. 

  176.     return pkey_scrypt_ctrl(ctx, type, 0, &int_value);
    177. 

  177. }
    178. 

  178. 

  179. static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
    180. 

  180.                                 const char *value)
    181. 

  181. {
    182. 

  182.     if (value == NULL) {
    183. 

  183.         KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
    184. 

  184.         return 0;
    185. 

  185.     }
    186. 

  186. 

  187.     if (strcmp(type, "pass") == 0)
    188. 

  188.         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
    189. 

  189. 

  190.     if (strcmp(type, "hexpass") == 0)
    191. 

  191.         return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
    192. 

  192. 

  193.     if (strcmp(type, "salt") == 0)
    194. 

  194.         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
    195. 

  195. 

  196.     if (strcmp(type, "hexsalt") == 0)
    197. 

  197.         return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
    198. 

  198. 

  199.     if (strcmp(type, "N") == 0)
    200. 

  200.         return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value);
    201. 

  201. 

  202.     if (strcmp(type, "r") == 0)
    203. 

  203.         return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value);
    204. 

  204. 

  205.     if (strcmp(type, "p") == 0)
    206. 

  206.         return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value);
    207. 

  207. 

  208.     if (strcmp(type, "maxmem_bytes") == 0)
    209. 

  209.         return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
    210. 

  210.                                        value);
    211. 

  211. 

  212.     KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
    213. 

  213.     return -2;
    214. 

  214. }
    215. 

  215. 

  216. static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
    217. 

  217.                               size_t *keylen)
    218. 

  218. {
    219. 

  219.     SCRYPT_PKEY_CTX *kctx = ctx->data;
    220. 

  220. 

  221.     if (kctx->pass == NULL) {
    222. 

  222.         KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
    223. 

  223.         return 0;
    224. 

  224.     }
    225. 

  225. 

  226.     if (kctx->salt == NULL) {
    227. 

  227.         KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
    228. 

  228.         return 0;
    229. 

  229.     }
    230. 

  230. 

  231.     return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt,
    232. 

  232.                           kctx->salt_len, kctx->N, kctx->r, kctx->p,
    233. 

  233.                           kctx->maxmem_bytes, key, *keylen);
    234. 

  234. }
    235. 

  235. 

  236. const EVP_PKEY_METHOD scrypt_pkey_meth = {
    237. 

  237.     EVP_PKEY_SCRYPT,
    238. 

  238.     0,
    239. 

  239.     pkey_scrypt_init,
    240. 

  240.     0,
    241. 

  241.     pkey_scrypt_cleanup,
    242. 

  242. 

  243.     0, 0,
    244. 

  244.     0, 0,
    245. 

  245. 

  246.     0,
    247. 

  247.     0,
    248. 

  248. 

  249.     0,
    250. 

  250.     0,
    251. 

  251. 

  252.     0, 0,
    253. 

  253. 

  254.     0, 0, 0, 0,
    255. 

  255. 

  256.     0, 0,
    257. 

  257. 

  258.     0, 0,
    259. 

  259. 

  260.     0,
    261. 

  261.     pkey_scrypt_derive,
    262. 

  262.     pkey_scrypt_ctrl,
    263. 

  263.     pkey_scrypt_ctrl_str
    264. 

  264. };
    265. 

  265. 

  266. #endif
    267.