Add scrypt PBE algorithm code.

This adds support for the ASN.1 structures in draft-josefsson-scrypt-kdf-03 Private keys encrypted by scrypt can now be decrypted transparently as long as they don't exceed the memory limits. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-05-20 13:23:06 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-05-21 12:48:02 +0100
commit: e98aa30d555cb5a656d320a0f86ab5b3b1dce2db (patch)
tree: 5ea26c5e2258ee325abd0757ea253d82dedaa91c /include
parent: 96b96d6c456befe49d5845a029e2bb0a4addc58d (diff)
download: openssl-e98aa30d555cb5a656d320a0f86ab5b3b1dce2db.tar.gz
3 files changed, 14 insertions, 0 deletions
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index cdd587bab7..06ee0369db 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1033,9 +1033,11 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_OID_MODULE_INIT                           174
 # define ASN1_F_PARSE_TAGGING                             182
 # define ASN1_F_PKCS5_PBE2_SET_IV                         167
+# define ASN1_F_PKCS5_PBE2_SET_SCRYPT                     231
 # define ASN1_F_PKCS5_PBE_SET                             202
 # define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
 # define ASN1_F_PKCS5_PBKDF2_SET                          219
+# define ASN1_F_PKCS5_SCRYPT_SET                          232
 # define ASN1_F_SMIME_READ_ASN1                           212
 # define ASN1_F_SMIME_TEXT                                213
 # define ASN1_F_STBL_MODULE_INIT                          223
@@ -1109,6 +1111,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_INVALID_MODIFIER                          186
 # define ASN1_R_INVALID_NUMBER                            187
 # define ASN1_R_INVALID_OBJECT_ENCODING                   216
+# define ASN1_R_INVALID_SCRYPT_PARAMETERS                 227
 # define ASN1_R_INVALID_SEPARATOR                         131
 # define ASN1_R_INVALID_STRING_TABLE_VALUE                218
 # define ASN1_R_INVALID_TIME_FORMAT                       132
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index d5af5ed192..3a4bcbd505 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1072,6 +1072,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
                    uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
                    unsigned char *key, size_t keylen);
 
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+
 void PKCS5_PBE_add(void);
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
@@ -1489,6 +1493,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_F_PKCS5_PBE_KEYIVGEN                         117
 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
+# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
 # define EVP_F_PKCS8_SET_BROKEN                           112
 # define EVP_F_PKEY_SET_TYPE                              158
 # define EVP_F_RC2_MAGIC_TO_METH                          109
@@ -1524,6 +1529,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 # define EVP_R_EXPECTING_A_EC_KEY                         142
 # define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
 # define EVP_R_INITIALIZATION_ERROR                       134
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_DIGEST                             152
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 6f481b590b..0c2d19a97b 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1107,6 +1107,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                               unsigned char *salt, int saltlen,
                               unsigned char *aiv, int prf_nid);
 
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p);
+
 X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
                              int prf_nid, int keylen);
author	Dr. Stephen Henson <steve@openssl.org>	2015-05-20 13:23:06 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-05-21 12:48:02 +0100
commit	e98aa30d555cb5a656d320a0f86ab5b3b1dce2db (patch)
tree	5ea26c5e2258ee325abd0757ea253d82dedaa91c /include
parent	96b96d6c456befe49d5845a029e2bb0a4addc58d (diff)
download	openssl-e98aa30d555cb5a656d320a0f86ab5b3b1dce2db.tar.gz