3 * OpenPGP string2key functions.
5 * Copyright (c) 2005 Marko Kreen
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * contrib/pgcrypto/pgp-s2k.c
39 calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
43 uint8 buf[PGP_MAX_DIGEST];
46 uint8 *dst = s2k->key;
48 md_rlen = px_md_result_size(md);
50 remain = s2k->key_len;
58 memset(buf, 0, preload);
59 px_md_update(md, buf, preload);
63 px_md_update(md, key, key_len);
64 px_md_finish(md, buf);
68 memcpy(dst, buf, md_rlen);
74 memcpy(dst, buf, remain);
78 px_memset(buf, 0, sizeof(buf));
83 calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
86 uint8 buf[PGP_MAX_DIGEST];
91 md_rlen = px_md_result_size(md);
94 remain = s2k->key_len;
101 memset(buf, 0, preload);
102 px_md_update(md, buf, preload);
106 px_md_update(md, s2k->salt, PGP_S2K_SALT);
107 px_md_update(md, key, key_len);
108 px_md_finish(md, buf);
110 if (remain > md_rlen)
112 memcpy(dst, buf, md_rlen);
118 memcpy(dst, buf, remain);
122 px_memset(buf, 0, sizeof(buf));
127 calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
131 uint8 buf[PGP_MAX_DIGEST];
133 unsigned preload = 0;
139 count = s2k_decode_count(s2k->iter);
141 md_rlen = px_md_result_size(md);
143 remain = s2k->key_len;
151 memset(buf, 0, preload);
152 px_md_update(md, buf, preload);
156 px_md_update(md, s2k->salt, PGP_S2K_SALT);
157 px_md_update(md, key, key_len);
158 curcnt = PGP_S2K_SALT + key_len;
160 while (curcnt < count)
162 if (curcnt + PGP_S2K_SALT < count)
166 px_md_update(md, s2k->salt, c);
169 if (curcnt + key_len < count)
171 else if (curcnt < count)
175 px_md_update(md, key, c);
178 px_md_finish(md, buf);
180 if (remain > md_rlen)
182 memcpy(dst, buf, md_rlen);
188 memcpy(dst, buf, remain);
192 px_memset(buf, 0, sizeof(buf));
197 * Decide PGP_S2K_ISALTED iteration count (in OpenPGP one-byte representation)
201 * gpg defaults to 96 => 65536 iters
203 * For our default (count=-1) we let it float a bit: 96 + 32 => between 65536
204 * and 262144 iterations.
206 * Otherwise, find the smallest number which provides at least the specified
210 decide_s2k_iter(unsigned rand_byte, int count)
215 return 96 + (rand_byte & 0x1F);
216 /* this is a bit brute-force, but should be quick enough */
217 for (iter = 0; iter <= 255; iter++)
218 if (s2k_decode_count(iter) >= count)
224 pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo, int count)
230 s2k->digest_algo = digest_algo;
237 if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
238 return PXE_NO_RANDOM;
240 case PGP_S2K_ISALTED:
241 if (!pg_strong_random(s2k->salt, PGP_S2K_SALT))
242 return PXE_NO_RANDOM;
243 if (!pg_strong_random(&tmp, 1))
244 return PXE_NO_RANDOM;
245 s2k->iter = decide_s2k_iter(tmp, count);
248 res = PXE_PGP_BAD_S2K_MODE;
254 pgp_s2k_read(PullFilter *src, PGP_S2K *s2k)
258 GETBYTE(src, s2k->mode);
259 GETBYTE(src, s2k->digest_algo);
265 res = pullf_read_fixed(src, 8, s2k->salt);
268 res = pullf_read_fixed(src, 8, s2k->salt);
271 GETBYTE(src, s2k->iter);
274 res = PXE_PGP_BAD_S2K_MODE;
280 pgp_s2k_process(PGP_S2K *s2k, int cipher, const uint8 *key, int key_len)
285 s2k->key_len = pgp_get_cipher_key_size(cipher);
286 if (s2k->key_len <= 0)
287 return PXE_PGP_UNSUPPORTED_CIPHER;
289 res = pgp_load_digest(s2k->digest_algo, &md);
296 res = calc_s2k_simple(s2k, md, key, key_len);
299 res = calc_s2k_salted(s2k, md, key, key_len);
302 res = calc_s2k_iter_salted(s2k, md, key, key_len);
305 res = PXE_PGP_BAD_S2K_MODE;