| ︙ | | | ︙ | |
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
*
* Side effects:
* Sets result to a list of key and iv values, or an error message
*
*-------------------------------------------------------------------
*/
static int KDF_PBKDF2(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
int pass_len = 0, salt_len = 0, fn;
int iklen, ivlen, iter = 1;
unsigned char *pass = NULL, *salt = NULL;
const EVP_MD *md = NULL;
const EVP_CIPHER *cipher = NULL;
int buf_len = (EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH)*4, dk_len = buf_len;
unsigned char tmpkeyiv[(EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH)*4];
(void) clientData;
|
|
|
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
*
* Side effects:
* Sets result to a list of key and iv values, or an error message
*
*-------------------------------------------------------------------
*/
static int KDF_PBKDF2(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
Tcl_Size fn, salt_len = 0, pass_len = 0;
int iklen, ivlen, iter = 1;
unsigned char *pass = NULL, *salt = NULL;
const EVP_MD *md = NULL;
const EVP_CIPHER *cipher = NULL;
int buf_len = (EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH)*4, dk_len = buf_len;
unsigned char tmpkeyiv[(EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH)*4];
(void) clientData;
|
| ︙ | | | ︙ | |
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
/* Get option */
if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
return TCL_ERROR;
}
/* Validate arg has a value */
if (++idx >= objc) {
Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", NULL);
return TCL_ERROR;
}
switch(fn) {
case _opt_cipher:
if ((cipher = Util_GetCipher(interp, objv[idx], TRUE)) == NULL) {
return TCL_ERROR;
|
|
|
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
/* Get option */
if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
return TCL_ERROR;
}
/* Validate arg has a value */
if (++idx >= objc) {
Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL);
return TCL_ERROR;
}
switch(fn) {
case _opt_cipher:
if ((cipher = Util_GetCipher(interp, objv[idx], TRUE)) == NULL) {
return TCL_ERROR;
|
| ︙ | | | ︙ | |
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
}
break;
}
}
/* Validate options */
if (md == NULL) {
Tcl_AppendResult(interp, "no digest", NULL);
return TCL_ERROR;
}
/* Set output type sizes */
if (cipher == NULL) {
if (dk_len > buf_len) dk_len = buf_len;
iklen = dk_len;
ivlen = 0;
} else {
iklen = EVP_CIPHER_key_length(cipher);
ivlen = EVP_CIPHER_iv_length(cipher);
dk_len = iklen+ivlen;
}
/* Derive key */
if (!PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, md, dk_len, tmpkeyiv)) {
Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), NULL);
return TCL_ERROR;
}
/* Set result to key and iv */
if (cipher == NULL) {
Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(tmpkeyiv, dk_len));
} else {
Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
LAPPEND_BARRAY(interp, resultObj, "key", tmpkeyiv, iklen);
LAPPEND_BARRAY(interp, resultObj, "iv", tmpkeyiv+iklen, ivlen);
Tcl_SetObjResult(interp, resultObj);
}
/* Clear data */
memset(tmpkeyiv, 0, buf_len);
return TCL_OK;
}
|
|
|
|
|
|
|
|
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
}
break;
}
}
/* Validate options */
if (md == NULL) {
Tcl_AppendResult(interp, "no digest", (char *) NULL);
return TCL_ERROR;
}
/* Set output type sizes */
if (cipher == NULL) {
if (dk_len > buf_len) dk_len = buf_len;
iklen = dk_len;
ivlen = 0;
} else {
iklen = EVP_CIPHER_key_length(cipher);
ivlen = EVP_CIPHER_iv_length(cipher);
dk_len = iklen+ivlen;
}
/* Derive key */
if (!PKCS5_PBKDF2_HMAC(pass, (int) pass_len, salt, (int) salt_len, iter, md, dk_len, tmpkeyiv)) {
Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), (char *) NULL);
return TCL_ERROR;
}
/* Set result to key and iv */
if (cipher == NULL) {
Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(tmpkeyiv, (Tcl_Size) dk_len));
} else {
Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
LAPPEND_BARRAY(interp, resultObj, "key", tmpkeyiv, (Tcl_Size) iklen);
LAPPEND_BARRAY(interp, resultObj, "iv", tmpkeyiv+iklen, (Tcl_Size) ivlen);
Tcl_SetObjResult(interp, resultObj);
}
/* Clear data */
memset(tmpkeyiv, 0, buf_len);
return TCL_OK;
}
|
| ︙ | | | ︙ | |
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
*
*-------------------------------------------------------------------
*/
static int KDF_HKDF(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
EVP_PKEY_CTX *pctx = NULL;
const EVP_MD *md = NULL;
unsigned char *salt = NULL, *key = NULL, *info = NULL, *out = NULL;
int salt_len = 0, key_len = 0, info_len = 0, res = TCL_OK, fn;
int dk_len = EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH;
size_t out_len;
Tcl_Obj *resultObj;
(void) clientData;
dprintf("Called");
|
|
>
>
|
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
*
*-------------------------------------------------------------------
*/
static int KDF_HKDF(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
EVP_PKEY_CTX *pctx = NULL;
const EVP_MD *md = NULL;
unsigned char *salt = NULL, *key = NULL, *info = NULL, *out = NULL;
Tcl_Size salt_len = 0, key_len = 0, info_len = 0;
int res = TCL_OK;
Tcl_Size fn;
int dk_len = EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH;
size_t out_len;
Tcl_Obj *resultObj;
(void) clientData;
dprintf("Called");
|
| ︙ | | | ︙ | |
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
/* Get option */
if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
return TCL_ERROR;
}
/* Validate arg has a value */
if (++idx >= objc) {
Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", NULL);
return TCL_ERROR;
}
switch(fn) {
case _opt_digest:
case _opt_hash:
if ((md = Util_GetDigest(interp, objv[idx], TRUE)) == NULL) {
|
|
|
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
/* Get option */
if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
return TCL_ERROR;
}
/* Validate arg has a value */
if (++idx >= objc) {
Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL);
return TCL_ERROR;
}
switch(fn) {
case _opt_digest:
case _opt_hash:
if ((md = Util_GetDigest(interp, objv[idx], TRUE)) == NULL) {
|
| ︙ | | | ︙ | |
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
|
goto error;
}
break;
}
}
if (md == NULL) {
Tcl_AppendResult(interp, "no digest", NULL);
goto error;
}
if (key == NULL) {
Tcl_AppendResult(interp, "no key", NULL);
goto error;
}
/* Create context */
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
if (pctx == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", NULL);
goto error;
}
if (EVP_PKEY_derive_init(pctx) < 1) {
Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
goto error;
}
/* Set config parameters */
if (EVP_PKEY_CTX_set_hkdf_md(pctx, md) < 1) {
Tcl_AppendResult(interp, "Set digest failed: ", REASON(), NULL);
goto error;
}
if (EVP_PKEY_CTX_set1_hkdf_key(pctx, key, key_len) < 1) {
Tcl_AppendResult(interp, "Set key failed: ", REASON(), NULL);
goto error;
}
if (salt != NULL && EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) < 1) {
Tcl_AppendResult(interp, "Set salt failed: ", REASON(), NULL);
goto error;
}
if (info != NULL && EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) < 1) {
Tcl_AppendResult(interp, "Set info failed: ", REASON(), NULL);
goto error;
}
/* Get buffer */
resultObj = Tcl_NewObj();
if ((out = Tcl_SetByteArrayLength(resultObj, dk_len)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
out_len = (size_t) dk_len;
/* Derive key */
if (EVP_PKEY_derive(pctx, out, &out_len) > 0) {
/* Shrink buffer to actual size */
Tcl_SetByteArrayLength(resultObj, (int) out_len);
Tcl_SetObjResult(interp, resultObj);
res = TCL_OK;
goto done;
} else {
Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), NULL);
Tcl_DecrRefCount(resultObj);
}
error:
res = TCL_ERROR;
done:
if (pctx != NULL) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
goto error;
}
break;
}
}
if (md == NULL) {
Tcl_AppendResult(interp, "no digest", (char *) NULL);
goto error;
}
if (key == NULL) {
Tcl_AppendResult(interp, "no key", (char *) NULL);
goto error;
}
/* Create context */
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
if (pctx == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
if (EVP_PKEY_derive_init(pctx) < 1) {
Tcl_AppendResult(interp, "Initialize failed: ", REASON(), (char *) NULL);
goto error;
}
/* Set config parameters */
if (EVP_PKEY_CTX_set_hkdf_md(pctx, md) < 1) {
Tcl_AppendResult(interp, "Set digest failed: ", REASON(), (char *) NULL);
goto error;
}
if (EVP_PKEY_CTX_set1_hkdf_key(pctx, key, (int) key_len) < 1) {
Tcl_AppendResult(interp, "Set key failed: ", REASON(), (char *) NULL);
goto error;
}
if (salt != NULL && EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, (int) salt_len) < 1) {
Tcl_AppendResult(interp, "Set salt failed: ", REASON(), (char *) NULL);
goto error;
}
if (info != NULL && EVP_PKEY_CTX_add1_hkdf_info(pctx, info, (int) info_len) < 1) {
Tcl_AppendResult(interp, "Set info failed: ", REASON(), (char *) NULL);
goto error;
}
/* Get buffer */
resultObj = Tcl_NewObj();
if ((out = Tcl_SetByteArrayLength(resultObj, (Tcl_Size) dk_len)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
out_len = (size_t) dk_len;
/* Derive key */
if (EVP_PKEY_derive(pctx, out, &out_len) > 0) {
/* Shrink buffer to actual size */
Tcl_SetByteArrayLength(resultObj, (Tcl_Size) out_len);
Tcl_SetObjResult(interp, resultObj);
res = TCL_OK;
goto done;
} else {
Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), (char *) NULL);
Tcl_DecrRefCount(resultObj);
}
error:
res = TCL_ERROR;
done:
if (pctx != NULL) {
|
| ︙ | | | ︙ | |
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
|
* Sets result to a list of key and iv values, or an error message
*
*-------------------------------------------------------------------
*/
static int KDF_Scrypt(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
EVP_PKEY_CTX *pctx = NULL;
unsigned char *salt = NULL, *pass = NULL, *out = NULL;
int salt_len = 0, pass_len = 0, dk_len = 64, res = TCL_OK, fn;
uint64_t N = 0, p = 0, r = 0, maxmem = 0;
size_t out_len;
Tcl_Obj *resultObj;
(void) clientData;
dprintf("Called");
|
>
|
>
|
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
|
* Sets result to a list of key and iv values, or an error message
*
*-------------------------------------------------------------------
*/
static int KDF_Scrypt(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
EVP_PKEY_CTX *pctx = NULL;
unsigned char *salt = NULL, *pass = NULL, *out = NULL;
Tcl_Size salt_len = 0, pass_len = 0;
int dk_len = 64, res = TCL_OK;
Tcl_Size fn;
uint64_t N = 0, p = 0, r = 0, maxmem = 0;
size_t out_len;
Tcl_Obj *resultObj;
(void) clientData;
dprintf("Called");
|
| ︙ | | | ︙ | |
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
|
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
if (pctx == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
if (EVP_PKEY_derive_init(pctx) < 1) {
Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
goto error;
}
/* Set config parameters */
if (EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, pass_len) < 1) {
Tcl_AppendResult(interp, "Set key failed: ", REASON(), NULL);
goto error;
}
if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, salt_len) < 1) {
Tcl_AppendResult(interp, "Set salt failed: ", REASON(), NULL);
goto error;
}
if (N != 0 && EVP_PKEY_CTX_set_scrypt_N(pctx, N) < 1) {
Tcl_AppendResult(interp, "Set cost parameter (N) failed: ", REASON(), NULL);
goto error;
}
if (r != 0 && EVP_PKEY_CTX_set_scrypt_r(pctx, r) < 1) {
Tcl_AppendResult(interp, "Set lock size parameter (r) failed: ", REASON(), NULL);
goto error;
}
if (p != 0 && EVP_PKEY_CTX_set_scrypt_p(pctx, p) < 1) {
Tcl_AppendResult(interp, "Set Parallelization parameter (p) failed: ", REASON(), NULL);
goto error;
}
if (maxmem != 0 && EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem) < 1) {
Tcl_AppendResult(interp, "Set max memory failed: ", REASON(), NULL);
goto error;
}
/* Get buffer */
resultObj = Tcl_NewObj();
if ((out = Tcl_SetByteArrayLength(resultObj, dk_len)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
out_len = (size_t) dk_len;
/* Derive key */
if (EVP_PKEY_derive(pctx, out, &out_len) > 0) {
/* Shrink buffer to actual size */
Tcl_SetByteArrayLength(resultObj, (int) out_len);
Tcl_SetObjResult(interp, resultObj);
goto done;
} else {
Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), NULL);
Tcl_DecrRefCount(resultObj);
}
error:
res = TCL_ERROR;
done:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
|
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
if (pctx == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
if (EVP_PKEY_derive_init(pctx) < 1) {
Tcl_AppendResult(interp, "Initialize failed: ", REASON(), (char *) NULL);
goto error;
}
/* Set config parameters */
if (EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, (int) pass_len) < 1) {
Tcl_AppendResult(interp, "Set key failed: ", REASON(), (char *) NULL);
goto error;
}
if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, (int) salt_len) < 1) {
Tcl_AppendResult(interp, "Set salt failed: ", REASON(), (char *) NULL);
goto error;
}
if (N != 0 && EVP_PKEY_CTX_set_scrypt_N(pctx, N) < 1) {
Tcl_AppendResult(interp, "Set cost parameter (N) failed: ", REASON(), (char *) NULL);
goto error;
}
if (r != 0 && EVP_PKEY_CTX_set_scrypt_r(pctx, r) < 1) {
Tcl_AppendResult(interp, "Set lock size parameter (r) failed: ", REASON(), (char *) NULL);
goto error;
}
if (p != 0 && EVP_PKEY_CTX_set_scrypt_p(pctx, p) < 1) {
Tcl_AppendResult(interp, "Set Parallelization parameter (p) failed: ", REASON(), (char *) NULL);
goto error;
}
if (maxmem != 0 && EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem) < 1) {
Tcl_AppendResult(interp, "Set max memory failed: ", REASON(), (char *) NULL);
goto error;
}
/* Get buffer */
resultObj = Tcl_NewObj();
if ((out = Tcl_SetByteArrayLength(resultObj, (Tcl_Size) dk_len)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
goto error;
}
out_len = (size_t) dk_len;
/* Derive key */
if (EVP_PKEY_derive(pctx, out, &out_len) > 0) {
/* Shrink buffer to actual size */
Tcl_SetByteArrayLength(resultObj, (Tcl_Size) out_len);
Tcl_SetObjResult(interp, resultObj);
goto done;
} else {
Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), (char *) NULL);
Tcl_DecrRefCount(resultObj);
}
error:
res = TCL_ERROR;
done:
|
| ︙ | | | ︙ | |