Camellia cipher, contributed by NTT
[openssl.git] / crypto / asn1 / p5_pbev2.c
index 82526f38fdb635b509999e342a0a1b4382f122d0..dac66d8c4f1dd543cad144fb3676e1dd24e70e9a 100644 (file)
@@ -1,6 +1,6 @@
 /* p5_pbev2.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
+ * project 1999-2004.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -67,7 +67,7 @@
 ASN1_SEQUENCE(PBE2PARAM) = {
        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBE2PARAM);
+} ASN1_SEQUENCE_END(PBE2PARAM)
 
 IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
 
@@ -76,16 +76,19 @@ ASN1_SEQUENCE(PBKDF2PARAM) = {
        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBKDF2PARAM);
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
 
 IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
+ *
+ * Extended version to allow application supplied PRF NID and IV.
  */
 
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                                unsigned char *salt, int saltlen)
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                                unsigned char *salt, int saltlen,
+                                unsigned char *aiv, int prf_nid)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
        int alg_nid;
@@ -113,16 +116,33 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
 
        /* Create random IV */
-       if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-               goto err;
-
-       /* Dummy cipherinit to just setup the IV */
-       EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+       if (EVP_CIPHER_iv_length(cipher))
+               {
+               if (aiv)
+                       memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+               else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                       goto err;
+               }
+
+       EVP_CIPHER_CTX_init(&ctx);
+
+       /* Dummy cipherinit to just setup the IV, and PRF */
+       EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET,
                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+               EVP_CIPHER_CTX_cleanup(&ctx);
                goto err;
        }
+       /* If prf NID unspecified see if cipher has a preference.
+        * An error is OK here: just means use default PRF.
+        */
+       if ((prf_nid == -1) && 
+       EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
+               {
+               ERR_clear_error();
+               prf_nid = NID_hmacWithSHA1;
+               }
        EVP_CIPHER_CTX_cleanup(&ctx);
 
        if(!(kdf = PBKDF2PARAM_new())) goto merr;
@@ -150,7 +170,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                 EVP_CIPHER_key_length(cipher))) goto merr;
        }
 
-       /* prf can stay NULL because we are using hmacWithSHA1 */
+       /* prf can stay NULL if we are using hmacWithSHA1 */
+       if (prf_nid != NID_hmacWithSHA1)
+               {
+               kdf->prf = X509_ALGOR_new();
+               if (!kdf->prf)
+                       goto merr;
+               X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
+                                       V_ASN1_NULL, NULL);
+               }
 
        /* Now setup the PBE2PARAM keyfunc structure */
 
@@ -160,7 +188,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 
        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
 
-       if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
+       if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
 
@@ -176,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 
        /* Encode PBE2PARAM into parameter */
 
-       if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
+       if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
                                 &ret->parameter->value.sequence)) goto merr;
        ret->parameter->type = V_ASN1_SEQUENCE;
 
@@ -199,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        return NULL;
 
 }
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                unsigned char *salt, int saltlen)
+       {
+       return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+       }