pkcs5.c
Go to the documentation of this file.
1 /**
2  * @file pkcs5.c
3  * @brief PKCS #5 (Password-Based Cryptography Standard)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCrypto Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "kdf/pkcs5.h"
37 #include "mac/hmac.h"
38 
39 //Check crypto library configuration
40 #if (PKCS5_SUPPORT == ENABLED)
41 
42 //PKCS #5 OID (1.2.840.113549.1.5)
43 const uint8_t PKCS5_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05};
44 //PBKDF2 OID (1.2.840.113549.1.5.12)
45 const uint8_t PBKDF2_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C};
46 
47 
48 /**
49  * @brief PBKDF1 key derivation function
50  *
51  * PBKDF1 applies a hash function, which shall be MD2, MD5 or SHA-1, to derive
52  * keys. The length of the derived key is bounded by the length of the hash
53  * function output, which is 16 octets for MD2 and MD5 and 20 octets for SHA-1
54  *
55  * @param[in] hash Underlying hash function (MD2, MD5 or SHA-1)
56  * @param[in] p Password, an octet string
57  * @param[in] pLen Length in octets of password
58  * @param[in] s Salt, an octet string
59  * @param[in] sLen Length in octets of salt
60  * @param[in] c Iteration count
61  * @param[out] dk Derived key
62  * @param[in] dkLen Intended length in octets of the derived key
63  * @return Error code
64  **/
65 
66 error_t pbkdf1(const HashAlgo *hash, const uint8_t *p, size_t pLen,
67  const uint8_t *s, size_t sLen, uint_t c, uint8_t *dk, size_t dkLen)
68 {
69  uint_t i;
70  HashContext *hashContext;
71  uint8_t t[MAX_HASH_DIGEST_SIZE];
72 
73  //Check parameters
74  if(hash == NULL || p == NULL || s == NULL || dk == NULL)
76 
77  //The iteration count must be a positive integer
78  if(c < 1)
80 
81  //Check the intended length of the derived key
82  if(dkLen > hash->digestSize)
83  return ERROR_INVALID_LENGTH;
84 
85  //Allocate a memory buffer to hold the hash context
86  hashContext = cryptoAllocMem(hash->contextSize);
87  //Failed to allocate memory?
88  if(hashContext == NULL)
89  return ERROR_OUT_OF_MEMORY;
90 
91  //Apply the hash function to the concatenation of P and S
92  hash->init(hashContext);
93  hash->update(hashContext, p, pLen);
94  hash->update(hashContext, s, sLen);
95  hash->final(hashContext, t);
96 
97  //Iterate as many times as required
98  for(i = 1; i < c; i++)
99  {
100  //Apply the hash function to T(i - 1)
101  hash->init(hashContext);
102  hash->update(hashContext, t, hash->digestSize);
103  hash->final(hashContext, t);
104  }
105 
106  //Output the derived key DK
107  cryptoMemcpy(dk, t, dkLen);
108 
109  //Free previously allocated memory
110  cryptoFreeMem(hashContext);
111 
112  //Successful processing
113  return NO_ERROR;
114 }
115 
116 
117 /**
118  * @brief PBKDF2 key derivation function
119  *
120  * PBKDF2 applies a pseudorandom function to derive keys. The
121  * length of the derived key is essentially unbounded
122  *
123  * @param[in] hash Hash algorithm used by the underlying PRF
124  * @param[in] p Password, an octet string
125  * @param[in] pLen Length in octets of password
126  * @param[in] s Salt, an octet string
127  * @param[in] sLen Length in octets of salt
128  * @param[in] c Iteration count
129  * @param[out] dk Derived key
130  * @param[in] dkLen Intended length in octets of the derived key
131  * @return Error code
132  **/
133 
134 error_t pbkdf2(const HashAlgo *hash, const uint8_t *p, size_t pLen,
135  const uint8_t *s, size_t sLen, uint_t c, uint8_t *dk, size_t dkLen)
136 {
137  uint_t i;
138  uint_t j;
139  uint_t k;
140  HmacContext *hashContext;
141  uint8_t a[4];
142  uint8_t t[MAX_HASH_DIGEST_SIZE];
143  uint8_t u[MAX_HASH_DIGEST_SIZE];
144 
145  //Check parameters
146  if(hash == NULL || p == NULL || s == NULL || dk == NULL)
148 
149  //The iteration count must be a positive integer
150  if(c < 1)
152 
153  //Allocate a memory buffer to hold the HMAC context
154  hashContext = cryptoAllocMem(sizeof(HmacContext));
155  //Failed to allocate memory?
156  if(hashContext == NULL)
157  return ERROR_OUT_OF_MEMORY;
158 
159  //For each block of the derived key apply the function F
160  for(i = 1; dkLen > 0; i++)
161  {
162  //Calculate the 4-octet encoding of the integer i (MSB first)
163  STORE32BE(i, a);
164 
165  //Compute U1 = PRF(P, S || INT(i))
166  hmacInit(hashContext, hash, p, pLen);
167  hmacUpdate(hashContext, s, sLen);
168  hmacUpdate(hashContext, a, 4);
169  hmacFinal(hashContext, u);
170 
171  //Save the resulting HMAC value
172  cryptoMemcpy(t, u, hash->digestSize);
173 
174  //Iterate as many times as required
175  for(j = 1; j < c; j++)
176  {
177  //Compute U(j) = PRF(P, U(j-1))
178  hmacInit(hashContext, hash, p, pLen);
179  hmacUpdate(hashContext, u, hash->digestSize);
180  hmacFinal(hashContext, u);
181 
182  //Compute T = U(1) xor U(2) xor ... xor U(c)
183  for(k = 0; k < hash->digestSize; k++)
184  {
185  t[k] ^= u[k];
186  }
187  }
188 
189  //Number of octets in the current block
190  k = MIN(dkLen, hash->digestSize);
191  //Save the resulting block
192  cryptoMemcpy(dk, t, k);
193 
194  //Point to the next block
195  dk += k;
196  dkLen -= k;
197  }
198 
199  //Free previously allocated memory
200  cryptoFreeMem(hashContext);
201 
202  //Successful processing
203  return NO_ERROR;
204 }
205 
206 #endif
HMAC algorithm context.
Definition: hmac.h:182
uint8_t a
Definition: ndp.h:410
uint8_t p
Definition: ndp.h:298
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
PKCS #5 (Password-Based Cryptography Standard)
uint8_t t
Definition: llmnr_common.h:81
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
error_t
Error codes.
Definition: error.h:42
const uint8_t PBKDF2_OID[9]
Definition: pkcs5.c:45
void hmacFinal(HmacContext *context, uint8_t *digest)
Finish the HMAC calculation.
Definition: hmac.c:185
@ ERROR_INVALID_LENGTH
Definition: error.h:109
General definitions for cryptographic algorithms.
#define MIN(a, b)
Definition: os_port.h:62
uint8_t hash
Definition: tls.h:1369
void hmacInit(HmacContext *context, const HashAlgo *hash, const void *key, size_t keyLen)
Initialize HMAC calculation.
Definition: hmac.c:118
void hmacUpdate(HmacContext *context, const void *data, size_t length)
Update the HMAC context with a portion of the message being hashed.
Definition: hmac.c:168
error_t pbkdf2(const HashAlgo *hash, const uint8_t *p, size_t pLen, const uint8_t *s, size_t sLen, uint_t c, uint8_t *dk, size_t dkLen)
PBKDF2 key derivation function.
Definition: pkcs5.c:134
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:642
#define cryptoFreeMem(p)
Definition: crypto.h:630
const uint8_t PKCS5_OID[8]
Definition: pkcs5.c:43
uint8_t s
#define cryptoAllocMem(size)
Definition: crypto.h:625
Common interface for hash algorithms.
Definition: crypto.h:1128
#define MAX_HASH_DIGEST_SIZE
Definition: crypto.h:811
unsigned int uint_t
Definition: compiler_port.h:45
Generic hash algorithm context.
Definition: crypto.h:1118
#define STORE32BE(a, p)
Definition: cpu_endian.h:270
error_t pbkdf1(const HashAlgo *hash, const uint8_t *p, size_t pLen, const uint8_t *s, size_t sLen, uint_t c, uint8_t *dk, size_t dkLen)
PBKDF1 key derivation function.
Definition: pkcs5.c:66
@ NO_ERROR
Success.
Definition: error.h:44
uint8_t c
Definition: ndp.h:513
HMAC (Keyed-Hashing for Message Authentication)