1 /* minip12.c - A mini pkcs-12 implementation (modified for gnutls)
3 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
5 * This file is part of GnuTLS.
7 * The GnuTLS is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public License
9 * as published by the Free Software Foundation; either version 3 of
10 * the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>
22 #include <gnutls_int.h>
24 #include <gnutls_mpi.h>
25 #include <gnutls_errors.h>
28 /* Returns 0 if the password is ok, or a negative error
32 _pkcs12_check_pass (const char *pass
, size_t plen
)
36 for (i
= 0; i
< plen
; i
++)
38 if (isascii (pass
[i
]))
40 return GNUTLS_E_INVALID_PASSWORD
;
49 * 1 for encryption key
52 _gnutls_pkcs12_string_to_key (unsigned int id
, const uint8_t * salt
,
53 unsigned int salt_size
, unsigned int iter
,
54 const char *pw
, unsigned int req_keylen
,
60 bigint_t num_b1
= NULL
, num_ij
= NULL
;
61 bigint_t mpi512
= NULL
;
63 uint8_t hash
[20], buf_b
[64], buf_i
[128], *p
;
66 const uint8_t buf_512
[] = /* 2^64 */
67 { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
85 return GNUTLS_E_INVALID_REQUEST
;
88 if ((rc
= _pkcs12_check_pass (pw
, pwlen
)) < 0)
94 rc
= _gnutls_mpi_scan (&mpi512
, buf_512
, sizeof (buf_512
));
101 /* Store salt and password in BUF_I */
103 for (i
= 0; i
< 64; i
++)
104 *p
++ = salt
[i
% salt_size
];
107 for (i
= j
= 0; i
< 64; i
+= 2)
111 if (++j
> pwlen
) /* Note, that we include the trailing (0) */
120 rc
= _gnutls_hash_init (&md
, GNUTLS_MAC_SHA1
);
126 for (i
= 0; i
< 64; i
++)
128 unsigned char lid
= id
& 0xFF;
129 _gnutls_hash (&md
, &lid
, 1);
131 _gnutls_hash (&md
, buf_i
, pw
? 128 : 64);
132 _gnutls_hash_deinit (&md
, hash
);
133 for (i
= 1; i
< iter
; i
++)
135 rc
= _gnutls_hash_init (&md
, GNUTLS_MAC_SHA1
);
141 _gnutls_hash (&md
, hash
, 20);
142 _gnutls_hash_deinit (&md
, hash
);
144 for (i
= 0; i
< 20 && cur_keylen
< req_keylen
; i
++)
145 keybuf
[cur_keylen
++] = hash
[i
];
146 if (cur_keylen
== req_keylen
)
152 /* need more bytes. */
153 for (i
= 0; i
< 64; i
++)
154 buf_b
[i
] = hash
[i
% 20];
156 rc
= _gnutls_mpi_scan (&num_b1
, buf_b
, n
);
162 _gnutls_mpi_add_ui (num_b1
, num_b1
, 1);
163 for (i
= 0; i
< 128; i
+= 64)
166 rc
= _gnutls_mpi_scan (&num_ij
, buf_i
+ i
, n
);
172 _gnutls_mpi_addm (num_ij
, num_ij
, num_b1
, mpi512
);
174 #ifndef PKCS12_BROKEN_KEYGEN
175 m
= (_gnutls_mpi_get_nbits (num_ij
) + 7) / 8;
179 memset (buf_i
+ i
, 0, n
- m
);
180 rc
= _gnutls_mpi_print (num_ij
, buf_i
+ i
+ n
- m
, &n
);
186 _gnutls_mpi_release (&num_ij
);
190 _gnutls_mpi_release (&num_ij
);
191 _gnutls_mpi_release (&num_b1
);
192 _gnutls_mpi_release (&mpi512
);