1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/*-
* Copyright (c) 2021 Ribose Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <cstdint>
#include <vector>
#include <algorithm>
#include <openssl/evp.h>
#include "hash.hpp"
#include "s2k.h"
#include "mem.h"
#include "logging.h"
int
pgp_s2k_iterated(pgp_hash_alg_t alg,
uint8_t * out,
size_t output_len,
const char * password,
const uint8_t *salt,
size_t iterations)
{
if ((iterations > 1) && !salt) {
RNP_LOG("Iterated S2K mus be salted as well.");
return 1;
}
size_t hash_len = rnp::Hash::size(alg);
if (!hash_len) {
RNP_LOG("Unknown digest: %d", (int) alg);
return 1;
}
try {
size_t pswd_len = strlen(password);
size_t salt_len = salt ? PGP_SALT_SIZE : 0;
rnp::secure_vector<uint8_t> data(salt_len + pswd_len);
if (salt_len) {
memcpy(data.data(), salt, PGP_SALT_SIZE);
}
memcpy(data.data() + salt_len, password, pswd_len);
size_t zeroes = 0;
while (output_len) {
/* create hash context */
auto hash = rnp::Hash::create(alg);
/* add leading zeroes */
for (size_t z = 0; z < zeroes; z++) {
uint8_t zero = 0;
hash->add(&zero, 1);
}
if (!data.empty()) {
/* if iteration is 1 then still hash the whole data chunk */
size_t left = std::max(data.size(), iterations);
while (left) {
size_t to_hash = std::min(left, data.size());
hash->add(data.data(), to_hash);
left -= to_hash;
}
}
rnp::secure_vector<uint8_t> dgst(hash_len);
size_t out_cpy = std::min(dgst.size(), output_len);
if (hash->finish(dgst.data()) != dgst.size()) {
RNP_LOG("Unexpected digest size.");
return 1;
}
memcpy(out, dgst.data(), out_cpy);
output_len -= out_cpy;
out += out_cpy;
zeroes++;
}
return 0;
} catch (const std::exception &e) {
RNP_LOG("s2k failed: %s", e.what());
return 1;
}
}
|
