projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| a8f37449 QL |
1 | /** @file\r |
| 2 | PBKDF2 Key Derivation Function Wrapper Implementation over OpenSSL.\r | |
| 3 | \r | |
| 4 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
| 2009f6b4 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
| a8f37449 QL |
6 | \r |
| 7 | **/\r | |
| 8 | \r | |
| 9 | #include "InternalCryptLib.h"\r | |
| 10 | #include <openssl/evp.h>\r | |
| 11 | #include <openssl/hmac.h>\r | |
| 12 | \r | |
| 13 | /**\r | |
| 14 | Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r | |
| 15 | password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r | |
| 16 | \r | |
| 17 | If Password or Salt or OutKey is NULL, then return FALSE.\r | |
| 18 | If the hash algorithm could not be determined, then return FALSE.\r | |
| 19 | \r | |
| 20 | @param[in] PasswordLength Length of input password in bytes.\r | |
| 21 | @param[in] Password Pointer to the array for the password.\r | |
| 22 | @param[in] SaltLength Size of the Salt in bytes.\r | |
| 23 | @param[in] Salt Pointer to the Salt.\r | |
| 24 | @param[in] IterationCount Number of iterations to perform. Its value should be\r | |
| 25 | greater than or equal to 1.\r | |
| 26 | @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).\r | |
| 27 | NOTE: DigestSize will be used to determine the hash algorithm.\r | |
| 28 | Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.\r | |
| 29 | @param[in] KeyLength Size of the derived key buffer in bytes.\r | |
| 30 | @param[out] OutKey Pointer to the output derived key buffer.\r | |
| 31 | \r | |
| 32 | @retval TRUE A key was derived successfully.\r | |
| 33 | @retval FALSE One of the pointers was NULL or one of the sizes was too large.\r | |
| 34 | @retval FALSE The hash algorithm could not be determined from the digest size.\r | |
| 35 | @retval FALSE The key derivation operation failed.\r | |
| 36 | \r | |
| 37 | **/\r | |
| 38 | BOOLEAN\r | |
| 39 | EFIAPI\r | |
| 40 | Pkcs5HashPassword (\r | |
| 41 | IN UINTN PasswordLength,\r | |
| 42 | IN CONST CHAR8 *Password,\r | |
| 43 | IN UINTN SaltLength,\r | |
| 44 | IN CONST UINT8 *Salt,\r | |
| 45 | IN UINTN IterationCount,\r | |
| 46 | IN UINTN DigestSize,\r | |
| 47 | IN UINTN KeyLength,\r | |
| 48 | OUT UINT8 *OutKey\r | |
| 49 | )\r | |
| 50 | {\r | |
| 51 | CONST EVP_MD *HashAlg;\r | |
| 52 | \r | |
| 53 | HashAlg = NULL;\r | |
| 54 | \r | |
| 55 | //\r | |
| 56 | // Parameter Checking.\r | |
| 57 | //\r | |
| 58 | if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {\r | |
| 59 | return FALSE;\r | |
| 60 | }\r | |
| 7c342378 | 61 | \r |
| a8f37449 QL |
62 | if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||\r |
| 63 | (SaltLength == 0) || (SaltLength > INT_MAX) ||\r | |
| 64 | (KeyLength == 0) || (KeyLength > INT_MAX) ||\r | |
| 7c342378 MK |
65 | (IterationCount < 1) || (IterationCount > INT_MAX))\r |
| 66 | {\r | |
| a8f37449 QL |
67 | return FALSE;\r |
| 68 | }\r | |
| 7c342378 | 69 | \r |
| a8f37449 QL |
70 | //\r |
| 71 | // Make sure the digest algorithm is supported.\r | |
| 72 | //\r | |
| 73 | switch (DigestSize) {\r | |
| 7c342378 MK |
74 | case SHA1_DIGEST_SIZE:\r |
| 75 | HashAlg = EVP_sha1 ();\r | |
| 76 | break;\r | |
| 77 | case SHA256_DIGEST_SIZE:\r | |
| 78 | HashAlg = EVP_sha256 ();\r | |
| 79 | break;\r | |
| 80 | default:\r | |
| 81 | return FALSE;\r | |
| 82 | break;\r | |
| a8f37449 QL |
83 | }\r |
| 84 | \r | |
| 85 | //\r | |
| 86 | // Perform password-based key derivation routines.\r | |
| 87 | //\r | |
| 88 | return (BOOLEAN)PKCS5_PBKDF2_HMAC (\r | |
| 89 | (const char *)Password,\r | |
| 90 | (int)PasswordLength,\r | |
| 91 | (const unsigned char *)Salt,\r | |
| 92 | (int)SaltLength,\r | |
| 93 | (int)IterationCount,\r | |
| 94 | HashAlg,\r | |
| 95 | (int)KeyLength,\r | |
| 96 | (unsigned char *)OutKey\r | |
| 97 | );\r | |
| 98 | }\r |