diff options
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c')
-rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c new file mode 100644 index 0000000000..78c3a34f52 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c @@ -0,0 +1,101 @@ +/** @file
+ PBKDF2 Key Derivation Function Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+/**
+ Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0
+ password based encryption key derivation function PBKDF2, as specified in RFC 2898.
+
+ If Password or Salt or OutKey is NULL, then return FALSE.
+ If the hash algorithm could not be determined, then return FALSE.
+
+ @param[in] PasswordLength Length of input password in bytes.
+ @param[in] Password Pointer to the array for the password.
+ @param[in] SaltLength Size of the Salt in bytes.
+ @param[in] Salt Pointer to the Salt.
+ @param[in] IterationCount Number of iterations to perform. Its value should be
+ greater than or equal to 1.
+ @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).
+ NOTE: DigestSize will be used to determine the hash algorithm.
+ Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.
+ @param[in] KeyLength Size of the derived key buffer in bytes.
+ @param[out] OutKey Pointer to the output derived key buffer.
+
+ @retval TRUE A key was derived successfully.
+ @retval FALSE One of the pointers was NULL or one of the sizes was too large.
+ @retval FALSE The hash algorithm could not be determined from the digest size.
+ @retval FALSE The key derivation operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs5HashPassword (
+ IN UINTN PasswordLength,
+ IN CONST CHAR8 *Password,
+ IN UINTN SaltLength,
+ IN CONST UINT8 *Salt,
+ IN UINTN IterationCount,
+ IN UINTN DigestSize,
+ IN UINTN KeyLength,
+ OUT UINT8 *OutKey
+ )
+{
+ CONST EVP_MD *HashAlg;
+
+ HashAlg = NULL;
+
+ //
+ // Parameter Checking.
+ //
+ if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {
+ return FALSE;
+ }
+ if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||
+ (SaltLength == 0) || (SaltLength > INT_MAX) ||
+ (KeyLength == 0) || (KeyLength > INT_MAX) ||
+ (IterationCount < 1) || (IterationCount > INT_MAX)) {
+ return FALSE;
+ }
+ //
+ // Make sure the digest algorithm is supported.
+ //
+ switch (DigestSize) {
+ case SHA1_DIGEST_SIZE:
+ HashAlg = EVP_sha1();
+ break;
+ case SHA256_DIGEST_SIZE:
+ HashAlg = EVP_sha256();
+ break;
+ default:
+ return FALSE;
+ break;
+ }
+
+ //
+ // Perform password-based key derivation routines.
+ //
+ return (BOOLEAN)PKCS5_PBKDF2_HMAC (
+ (const char *)Password,
+ (int)PasswordLength,
+ (const unsigned char *)Salt,
+ (int)SaltLength,
+ (int)IterationCount,
+ HashAlg,
+ (int)KeyLength,
+ (unsigned char *)OutKey
+ );
+}
|