CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c

   1 /** @file
   2   PBKDF2 Key Derivation Function Wrapper Implementation over OpenSSL.
   3
   4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
   5 SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include "InternalCryptLib.h"
  10 #include <openssl/evp.h>
  11 #include <openssl/hmac.h>
  12
  13 /**
  14   Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0
  15   password based encryption key derivation function PBKDF2, as specified in RFC 2898.
  16
  17   If Password or Salt or OutKey is NULL, then return FALSE.
  18   If the hash algorithm could not be determined, then return FALSE.
  19
  20   @param[in]  PasswordLength  Length of input password in bytes.
  21   @param[in]  Password        Pointer to the array for the password.
  22   @param[in]  SaltLength      Size of the Salt in bytes.
  23   @param[in]  Salt            Pointer to the Salt.
  24   @param[in]  IterationCount  Number of iterations to perform. Its value should be
  25                               greater than or equal to 1.
  26   @param[in]  DigestSize      Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).
  27                               NOTE: DigestSize will be used to determine the hash algorithm.
  28                                     Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.
  29   @param[in]  KeyLength       Size of the derived key buffer in bytes.
  30   @param[out] OutKey          Pointer to the output derived key buffer.
  31
  32   @retval  TRUE   A key was derived successfully.
  33   @retval  FALSE  One of the pointers was NULL or one of the sizes was too large.
  34   @retval  FALSE  The hash algorithm could not be determined from the digest size.
  35   @retval  FALSE  The key derivation operation failed.
  36
  37 **/
  38 BOOLEAN
  39 EFIAPI
  40 Pkcs5HashPassword (
  41   IN  UINTN        PasswordLength,
  42   IN  CONST CHAR8  *Password,
  43   IN  UINTN        SaltLength,
  44   IN  CONST UINT8  *Salt,
  45   IN  UINTN        IterationCount,
  46   IN  UINTN        DigestSize,
  47   IN  UINTN        KeyLength,
  48   OUT UINT8        *OutKey
  49   )
  50 {
  51   CONST EVP_MD  *HashAlg;
  52
  53   HashAlg = NULL;
  54
  55   //
  56   // Parameter Checking.
  57   //
  58   if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {
  59     return FALSE;
  60   }
  61
  62   if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||
  63       (SaltLength == 0) || (SaltLength > INT_MAX) ||
  64       (KeyLength == 0) || (KeyLength > INT_MAX) ||
  65       (IterationCount < 1) || (IterationCount > INT_MAX))
  66   {
  67     return FALSE;
  68   }
  69
  70   //
  71   // Make sure the digest algorithm is supported.
  72   //
  73   switch (DigestSize) {
  74     case SHA1_DIGEST_SIZE:
  75       HashAlg = EVP_sha1 ();
  76       break;
  77     case SHA256_DIGEST_SIZE:
  78       HashAlg = EVP_sha256 ();
  79       break;
  80     default:
  81       return FALSE;
  82       break;
  83   }
  84
  85   //
  86   // Perform password-based key derivation routines.
  87   //
  88   return (BOOLEAN)PKCS5_PBKDF2_HMAC (
  89                     (const char *)Password,
  90                     (int)PasswordLength,
  91                     (const unsigned char *)Salt,
  92                     (int)SaltLength,
  93                     (int)IterationCount,
  94                     HashAlg,
  95                     (int)KeyLength,
  96                     (unsigned char *)OutKey
  97                     );
  98 }