cleaned up errno handling.
[gnutls.git] / lib / x509 / pkcs12_encr.c
blob68b528686434823e41e911d75846f08e8c9b3db0
1 /* minip12.c - A mini pkcs-12 implementation (modified for gnutls)
3 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
5 * This file is part of GnuTLS.
7 * The GnuTLS is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public License
9 * as published by the Free Software Foundation; either version 3 of
10 * the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>
22 #include <gnutls_int.h>
24 #include <gnutls_mpi.h>
25 #include <gnutls_errors.h>
26 #include <x509_int.h>
28 /* Returns 0 if the password is ok, or a negative error
29 * code instead.
31 static int
32 _pkcs12_check_pass (const char *pass, size_t plen)
34 unsigned int i;
36 for (i = 0; i < plen; i++)
38 if (isascii (pass[i]))
39 continue;
40 return GNUTLS_E_INVALID_PASSWORD;
43 return 0;
46 /* ID should be:
47 * 3 for MAC
48 * 2 for IV
49 * 1 for encryption key
51 int
52 _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
53 unsigned int salt_size, unsigned int iter,
54 const char *pw, unsigned int req_keylen,
55 uint8_t * keybuf)
57 int rc;
58 unsigned int i, j;
59 digest_hd_st md;
60 bigint_t num_b1 = NULL, num_ij = NULL;
61 bigint_t mpi512 = NULL;
62 unsigned int pwlen;
63 uint8_t hash[20], buf_b[64], buf_i[128], *p;
64 size_t cur_keylen;
65 size_t n, m;
66 const uint8_t buf_512[] = /* 2^64 */
67 { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
75 cur_keylen = 0;
77 if (pw == NULL)
78 pwlen = 0;
79 else
80 pwlen = strlen (pw);
82 if (pwlen > 63 / 2)
84 gnutls_assert ();
85 return GNUTLS_E_INVALID_REQUEST;
88 if ((rc = _pkcs12_check_pass (pw, pwlen)) < 0)
90 gnutls_assert ();
91 return rc;
94 rc = _gnutls_mpi_scan (&mpi512, buf_512, sizeof (buf_512));
95 if (rc < 0)
97 gnutls_assert ();
98 return rc;
101 /* Store salt and password in BUF_I */
102 p = buf_i;
103 for (i = 0; i < 64; i++)
104 *p++ = salt[i % salt_size];
105 if (pw)
107 for (i = j = 0; i < 64; i += 2)
109 *p++ = 0;
110 *p++ = pw[j];
111 if (++j > pwlen) /* Note, that we include the trailing (0) */
112 j = 0;
115 else
116 memset (p, 0, 64);
118 for (;;)
120 rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
121 if (rc < 0)
123 gnutls_assert ();
124 goto cleanup;
126 for (i = 0; i < 64; i++)
128 unsigned char lid = id & 0xFF;
129 _gnutls_hash (&md, &lid, 1);
131 _gnutls_hash (&md, buf_i, pw ? 128 : 64);
132 _gnutls_hash_deinit (&md, hash);
133 for (i = 1; i < iter; i++)
135 rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
136 if (rc < 0)
138 gnutls_assert ();
139 goto cleanup;
141 _gnutls_hash (&md, hash, 20);
142 _gnutls_hash_deinit (&md, hash);
144 for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
145 keybuf[cur_keylen++] = hash[i];
146 if (cur_keylen == req_keylen)
148 rc = 0; /* ready */
149 goto cleanup;
152 /* need more bytes. */
153 for (i = 0; i < 64; i++)
154 buf_b[i] = hash[i % 20];
155 n = 64;
156 rc = _gnutls_mpi_scan (&num_b1, buf_b, n);
157 if (rc < 0)
159 gnutls_assert ();
160 goto cleanup;
162 _gnutls_mpi_add_ui (num_b1, num_b1, 1);
163 for (i = 0; i < 128; i += 64)
165 n = 64;
166 rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
167 if (rc < 0)
169 gnutls_assert ();
170 goto cleanup;
172 _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
173 n = 64;
174 #ifndef PKCS12_BROKEN_KEYGEN
175 m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
176 #else
177 m = n;
178 #endif
179 memset (buf_i + i, 0, n - m);
180 rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
181 if (rc < 0)
183 gnutls_assert ();
184 goto cleanup;
186 _gnutls_mpi_release (&num_ij);
189 cleanup:
190 _gnutls_mpi_release (&num_ij);
191 _gnutls_mpi_release (&num_b1);
192 _gnutls_mpi_release (&mpi512);
194 return rc;