1/*
2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/evp.h>
11#include <openssl/err.h>
12#include <openssl/kdf.h>
13#include <openssl/core_names.h>
14#include "internal/numbers.h"
15
16#ifndef OPENSSL_NO_SCRYPT
17
18/*
19 * Maximum permitted memory allow this to be overridden with Configuration
20 * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
21 */
22
23#ifdef SCRYPT_MAX_MEM
24# if SCRYPT_MAX_MEM == 0
25# undef SCRYPT_MAX_MEM
26/*
27 * Although we could theoretically allocate SIZE_MAX memory that would leave
28 * no memory available for anything else so set limit as half that.
29 */
30# define SCRYPT_MAX_MEM (SIZE_MAX/2)
31# endif
32#else
33/* Default memory limit: 32 MB */
34# define SCRYPT_MAX_MEM (1024 * 1024 * 32)
35#endif
36
37int EVP_PBE_scrypt(const char *pass, size_t passlen,
38 const unsigned char *salt, size_t saltlen,
39 uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
40 unsigned char *key, size_t keylen)
41{
42 const char *empty = "";
43 int rv = 1;
44 EVP_KDF *kdf;
45 EVP_KDF_CTX *kctx;
46 OSSL_PARAM params[7], *z = params;
47
48 if (r > UINT32_MAX || p > UINT32_MAX) {
49 EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
50 return 0;
51 }
52
53 /* Maintain existing behaviour. */
54 if (pass == NULL) {
55 pass = empty;
56 passlen = 0;
57 }
58 if (salt == NULL) {
59 salt = (const unsigned char *)empty;
60 saltlen = 0;
61 }
62 if (maxmem == 0)
63 maxmem = SCRYPT_MAX_MEM;
64
65 kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL);
66 kctx = EVP_KDF_CTX_new(kdf);
67 EVP_KDF_free(kdf);
68 if (kctx == NULL)
69 return 0;
70
71 *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
72 (unsigned char *)pass,
73 passlen);
74 *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
75 (unsigned char *)salt, saltlen);
76 *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N);
77 *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r);
78 *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p);
79 *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
80 *z = OSSL_PARAM_construct_end();
81 if (EVP_KDF_CTX_set_params(kctx, params) != 1
82 || EVP_KDF_derive(kctx, key, keylen) != 1)
83 rv = 0;
84
85 EVP_KDF_CTX_free(kctx);
86 return rv;
87}
88
89#endif
90