]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | PBKDF2 Key Derivation Function Wrapper Implementation over OpenSSL.\r | |
3 | \r | |
4 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | **/\r | |
8 | \r | |
9 | #include "InternalCryptLib.h"\r | |
10 | #include <openssl/evp.h>\r | |
11 | #include <openssl/hmac.h>\r | |
12 | \r | |
13 | /**\r | |
14 | Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r | |
15 | password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r | |
16 | \r | |
17 | If Password or Salt or OutKey is NULL, then return FALSE.\r | |
18 | If the hash algorithm could not be determined, then return FALSE.\r | |
19 | \r | |
20 | @param[in] PasswordLength Length of input password in bytes.\r | |
21 | @param[in] Password Pointer to the array for the password.\r | |
22 | @param[in] SaltLength Size of the Salt in bytes.\r | |
23 | @param[in] Salt Pointer to the Salt.\r | |
24 | @param[in] IterationCount Number of iterations to perform. Its value should be\r | |
25 | greater than or equal to 1.\r | |
26 | @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).\r | |
27 | NOTE: DigestSize will be used to determine the hash algorithm.\r | |
28 | Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.\r | |
29 | @param[in] KeyLength Size of the derived key buffer in bytes.\r | |
30 | @param[out] OutKey Pointer to the output derived key buffer.\r | |
31 | \r | |
32 | @retval TRUE A key was derived successfully.\r | |
33 | @retval FALSE One of the pointers was NULL or one of the sizes was too large.\r | |
34 | @retval FALSE The hash algorithm could not be determined from the digest size.\r | |
35 | @retval FALSE The key derivation operation failed.\r | |
36 | \r | |
37 | **/\r | |
38 | BOOLEAN\r | |
39 | EFIAPI\r | |
40 | Pkcs5HashPassword (\r | |
41 | IN UINTN PasswordLength,\r | |
42 | IN CONST CHAR8 *Password,\r | |
43 | IN UINTN SaltLength,\r | |
44 | IN CONST UINT8 *Salt,\r | |
45 | IN UINTN IterationCount,\r | |
46 | IN UINTN DigestSize,\r | |
47 | IN UINTN KeyLength,\r | |
48 | OUT UINT8 *OutKey\r | |
49 | )\r | |
50 | {\r | |
51 | CONST EVP_MD *HashAlg;\r | |
52 | \r | |
53 | HashAlg = NULL;\r | |
54 | \r | |
55 | //\r | |
56 | // Parameter Checking.\r | |
57 | //\r | |
58 | if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {\r | |
59 | return FALSE;\r | |
60 | }\r | |
61 | if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||\r | |
62 | (SaltLength == 0) || (SaltLength > INT_MAX) ||\r | |
63 | (KeyLength == 0) || (KeyLength > INT_MAX) ||\r | |
64 | (IterationCount < 1) || (IterationCount > INT_MAX)) {\r | |
65 | return FALSE;\r | |
66 | }\r | |
67 | //\r | |
68 | // Make sure the digest algorithm is supported.\r | |
69 | //\r | |
70 | switch (DigestSize) {\r | |
71 | case SHA1_DIGEST_SIZE:\r | |
72 | HashAlg = EVP_sha1();\r | |
73 | break;\r | |
74 | case SHA256_DIGEST_SIZE:\r | |
75 | HashAlg = EVP_sha256();\r | |
76 | break;\r | |
77 | default:\r | |
78 | return FALSE;\r | |
79 | break;\r | |
80 | }\r | |
81 | \r | |
82 | //\r | |
83 | // Perform password-based key derivation routines.\r | |
84 | //\r | |
85 | return (BOOLEAN)PKCS5_PBKDF2_HMAC (\r | |
86 | (const char *)Password,\r | |
87 | (int)PasswordLength,\r | |
88 | (const unsigned char *)Salt,\r | |
89 | (int)SaltLength,\r | |
90 | (int)IterationCount,\r | |
91 | HashAlg,\r | |
92 | (int)KeyLength,\r | |
93 | (unsigned char *)OutKey\r | |
94 | );\r | |
95 | }\r |