lib/hcrypto/pkcs12.c

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include <config.h>
  35
  36 #include <stdio.h>
  37 #include <stdlib.h>
  38 #include <assert.h>
  39
  40 #include <pkcs12.h>
  41 #include <bn.h>
  42
  43 #include <roken.h>
  44
  45 int
  46 PKCS12_key_gen(const void *key, size_t keylen,
  47                const void *salt, size_t saltlen,
  48                int id, int iteration, size_t outkeysize,
  49                void *out, const EVP_MD *md)
  50 {
  51     unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
  52     unsigned int size, size_I = 0;
  53     unsigned char idc = id;
  54     EVP_MD_CTX *ctx;
  55     unsigned char *outp = out;
  56     int i, vlen;
  57
  58     /**
  59      * The argument key is pointing to an utf16 string, and thus
  60      * keylen that is no a multiple of 2 is invalid.
  61      */
  62     if (keylen & 1)
  63         return 0;
  64
  65     ctx = EVP_MD_CTX_create();
  66     if (ctx == NULL)
  67         return 0;
  68
  69     vlen = EVP_MD_block_size(md);
  70     v = malloc(vlen + 1);
  71     if (v == NULL) {
  72         EVP_MD_CTX_destroy(ctx);
  73         return 0;
  74     }
  75
  76     I = calloc(1, vlen * 2);
  77     if (I == NULL) {
  78         EVP_MD_CTX_destroy(ctx);
  79         free(v);
  80         return 0;
  81     }
  82
  83     if (salt && saltlen > 0) {
  84         for (i = 0; i < vlen; i++)
  85             I[i] = ((unsigned char*)salt)[i % saltlen];
  86         size_I += vlen;
  87     }
  88     /*
  89      * There is a diffrence between the no password string and the
  90      * empty string, in the empty string the UTF16 NUL terminator is
  91      * included into the string.
  92      */
  93     if (key) {
  94         for (i = 0; i < vlen / 2; i++) {
  95             I[(i * 2) + size_I] = 0;
  96             I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
  97         }
  98         size_I += vlen;
  99     }
 100
 101     while (1) {
 102         BIGNUM *bnB, *bnOne;
 103
 104         if (!EVP_DigestInit_ex(ctx, md, NULL)) {
 105             EVP_MD_CTX_destroy(ctx);
 106             free(I);
 107             free(v);
 108             return 0;
 109         }
 110         for (i = 0; i < vlen; i++)
 111             EVP_DigestUpdate(ctx, &idc, 1);
 112         EVP_DigestUpdate(ctx, I, size_I);
 113         EVP_DigestFinal_ex(ctx, hash, &size);
 114
 115         for (i = 1; i < iteration; i++)
 116             EVP_Digest(hash, size, hash, &size, md, NULL);
 117
 118         memcpy(outp, hash, min(outkeysize, size));
 119         if (outkeysize < size)
 120             break;
 121         outkeysize -= size;
 122         outp += size;
 123
 124         for (i = 0; i < vlen; i++)
 125             v[i] = hash[i % size];
 126
 127         bnB = BN_bin2bn(v, vlen, NULL);
 128         bnOne = BN_new();
 129         BN_set_word(bnOne, 1);
 130
 131         BN_uadd(bnB, bnB, bnOne);
 132
 133         for (i = 0; i < vlen * 2; i += vlen) {
 134             BIGNUM *bnI;
 135             int j;
 136
 137             bnI = BN_bin2bn(I + i, vlen, NULL);
 138
 139             BN_uadd(bnI, bnI, bnB);
 140
 141             j = BN_num_bytes(bnI);
 142             if (j > vlen) {
 143                 assert(j == vlen + 1);
 144                 BN_bn2bin(bnI, v);
 145                 memcpy(I + i, v + 1, vlen);
 146             } else {
 147                 memset(I + i, 0, vlen - j);
 148                 BN_bn2bin(bnI, I + i + vlen - j);
 149             }
 150             BN_free(bnI);
 151         }
 152         BN_free(bnB);
 153         BN_free(bnOne);
 154         size_I = vlen * 2;
 155     }
 156
 157     EVP_MD_CTX_destroy(ctx);
 158     free(I);
 159     free(v);
 160
 161     return 1;
 162 }