scrypt in pkcs8 util

Add support for PKCS#8 private key encryption using the scrypt algorithm
in the pkcs8 utility. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>

apps/pkcs8.c

@@ -68,7 +68,8 @@ typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
     OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED,
-    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P
 } OPTION_CHOICE;
 
 OPTIONS pkcs8_options[] = {
@@ -93,6 +94,10 @@ OPTIONS pkcs8_options[] = {
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
+    {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
+    {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
+    {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
+    {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
     {NULL}
 };
 
@@ -110,6 +115,7 @@ int pkcs8_main(int argc, char **argv)
     OPTION_CHOICE o;
     int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
+    uint64_t scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
 
     prog = opt_init(argc, argv, pkcs8_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -188,6 +194,25 @@ int pkcs8_main(int argc, char **argv)
         case OPT_ENGINE:
             e = setup_engine(opt_arg(), 0);
             break;
+        case OPT_SCRYPT:
+            scrypt_N = 1024;
+            scrypt_r = 8;
+            scrypt_p = 16;
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_SCRYPT_N:
+            if (!opt_ulong(opt_arg(), &scrypt_N))
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_R:
+            if (!opt_ulong(opt_arg(), &scrypt_r))
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_P:
+            if (!opt_ulong(opt_arg(), &scrypt_p))
+                goto opthelp;
+            break;
         }
     }
     argc = opt_num_rest();
@@ -227,10 +252,16 @@ int pkcs8_main(int argc, char **argv)
             }
         } else {
             X509_ALGOR *pbe;
-            if (cipher)
+            if (cipher) {
-                pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, pbe_nid);
+                if (scrypt_N && scrypt_r && scrypt_p)
-            else
+                    pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
+                                                scrypt_N, scrypt_r, scrypt_p);
+                else
+                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
+                                            pbe_nid);
+            } else {
                 pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
+            }
             if (pbe == NULL) {
                 BIO_printf(bio_err, "Error setting PBE algorithm\n");
                 ERR_print_errors(bio_err);

doc/apps/pkcs8.pod

@@ -24,6 +24,10 @@ B<openssl> B<pkcs8>
 [B<-v2prf alg>]
 [B<-v1 alg>]
 [B<-engine id>]
+[B<-scrypt>]
+[B<-scrypt_N N>]
+[B<-scrypt_r r>]
+[B<-scrypt_p p>]
 
 =head1 DESCRIPTION
 
@@ -144,6 +148,17 @@ to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
 
+=item B<-scrypt>
+
+uses the B<scrypt> algorithm for private key encryption using default
+parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit
+key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
+B<-scrypt_p> and B<-v2> options.
+
+B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p>
+
+sets the scrypt B<N>, B<r> or B<p> parameters.
+
 =back
 
 =head1 NOTES