| 1 | /*
|
|---|
| 2 | * Copyright (c) 2006 Kungliga Tekniska Högskolan
|
|---|
| 3 | * (Royal Institute of Technology, Stockholm, Sweden).
|
|---|
| 4 | * All rights reserved.
|
|---|
| 5 | *
|
|---|
| 6 | * Redistribution and use in source and binary forms, with or without
|
|---|
| 7 | * modification, are permitted provided that the following conditions
|
|---|
| 8 | * are met:
|
|---|
| 9 | *
|
|---|
| 10 | * 1. Redistributions of source code must retain the above copyright
|
|---|
| 11 | * notice, this list of conditions and the following disclaimer.
|
|---|
| 12 | *
|
|---|
| 13 | * 2. Redistributions in binary form must reproduce the above copyright
|
|---|
| 14 | * notice, this list of conditions and the following disclaimer in the
|
|---|
| 15 | * documentation and/or other materials provided with the distribution.
|
|---|
| 16 | *
|
|---|
| 17 | * 3. Neither the name of the Institute nor the names of its contributors
|
|---|
| 18 | * may be used to endorse or promote products derived from this software
|
|---|
| 19 | * without specific prior written permission.
|
|---|
| 20 | *
|
|---|
| 21 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|---|
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|---|
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|---|
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|---|
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|---|
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|---|
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|---|
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|---|
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|---|
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|---|
| 31 | * SUCH DAMAGE.
|
|---|
| 32 | */
|
|---|
| 33 |
|
|---|
| 34 | #include <config.h>
|
|---|
| 35 |
|
|---|
| 36 | #include <stdio.h>
|
|---|
| 37 | #include <stdlib.h>
|
|---|
| 38 | #include <assert.h>
|
|---|
| 39 |
|
|---|
| 40 | #include <pkcs12.h>
|
|---|
| 41 | #include <bn.h>
|
|---|
| 42 |
|
|---|
| 43 | #include <roken.h>
|
|---|
| 44 |
|
|---|
| 45 | int
|
|---|
| 46 | PKCS12_key_gen(const void *key, size_t keylen,
|
|---|
| 47 | const void *salt, size_t saltlen,
|
|---|
| 48 | int id, int iteration, size_t outkeysize,
|
|---|
| 49 | void *out, const EVP_MD *md)
|
|---|
| 50 | {
|
|---|
| 51 | unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
|
|---|
| 52 | unsigned int size, size_I = 0;
|
|---|
| 53 | unsigned char idc = id;
|
|---|
| 54 | EVP_MD_CTX *ctx;
|
|---|
| 55 | unsigned char *outp = out;
|
|---|
| 56 | int i, vlen;
|
|---|
| 57 |
|
|---|
| 58 | ctx = EVP_MD_CTX_create();
|
|---|
| 59 | if (ctx == NULL)
|
|---|
| 60 | return 0;
|
|---|
| 61 |
|
|---|
| 62 | vlen = EVP_MD_block_size(md);
|
|---|
| 63 | v = malloc(vlen + 1);
|
|---|
| 64 | if (v == NULL) {
|
|---|
| 65 | EVP_MD_CTX_destroy(ctx);
|
|---|
| 66 | return 0;
|
|---|
| 67 | }
|
|---|
| 68 |
|
|---|
| 69 | I = calloc(1, vlen * 2);
|
|---|
| 70 | if (I == NULL) {
|
|---|
| 71 | EVP_MD_CTX_destroy(ctx);
|
|---|
| 72 | free(v);
|
|---|
| 73 | return 0;
|
|---|
| 74 | }
|
|---|
| 75 |
|
|---|
| 76 | if (salt && saltlen > 0) {
|
|---|
| 77 | for (i = 0; i < vlen; i++)
|
|---|
| 78 | I[i] = ((unsigned char*)salt)[i % saltlen];
|
|---|
| 79 | size_I += vlen;
|
|---|
| 80 | }
|
|---|
| 81 | /*
|
|---|
| 82 | * There is a diffrence between the no password string and the
|
|---|
| 83 | * empty string, in the empty string the UTF16 NUL terminator is
|
|---|
| 84 | * included into the string.
|
|---|
| 85 | */
|
|---|
| 86 | if (key && keylen >= 0) {
|
|---|
| 87 | for (i = 0; i < vlen / 2; i++) {
|
|---|
| 88 | I[(i * 2) + size_I] = 0;
|
|---|
| 89 | I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
|
|---|
| 90 | }
|
|---|
| 91 | size_I += vlen;
|
|---|
| 92 | }
|
|---|
| 93 |
|
|---|
| 94 | while (1) {
|
|---|
| 95 | BIGNUM *bnB, *bnOne;
|
|---|
| 96 |
|
|---|
| 97 | if (!EVP_DigestInit_ex(ctx, md, NULL)) {
|
|---|
| 98 | EVP_MD_CTX_destroy(ctx);
|
|---|
| 99 | free(I);
|
|---|
| 100 | free(v);
|
|---|
| 101 | return 0;
|
|---|
| 102 | }
|
|---|
| 103 | for (i = 0; i < vlen; i++)
|
|---|
| 104 | EVP_DigestUpdate(ctx, &idc, 1);
|
|---|
| 105 | EVP_DigestUpdate(ctx, I, size_I);
|
|---|
| 106 | EVP_DigestFinal_ex(ctx, hash, &size);
|
|---|
| 107 |
|
|---|
| 108 | for (i = 1; i < iteration; i++)
|
|---|
| 109 | EVP_Digest(hash, size, hash, &size, md, NULL);
|
|---|
| 110 |
|
|---|
| 111 | memcpy(outp, hash, min(outkeysize, size));
|
|---|
| 112 | if (outkeysize < size)
|
|---|
| 113 | break;
|
|---|
| 114 | outkeysize -= size;
|
|---|
| 115 | outp += size;
|
|---|
| 116 |
|
|---|
| 117 | for (i = 0; i < vlen; i++)
|
|---|
| 118 | v[i] = hash[i % size];
|
|---|
| 119 |
|
|---|
| 120 | bnB = BN_bin2bn(v, vlen, NULL);
|
|---|
| 121 | bnOne = BN_new();
|
|---|
| 122 | BN_set_word(bnOne, 1);
|
|---|
| 123 |
|
|---|
| 124 | BN_uadd(bnB, bnB, bnOne);
|
|---|
| 125 |
|
|---|
| 126 | for (i = 0; i < vlen * 2; i += vlen) {
|
|---|
| 127 | BIGNUM *bnI;
|
|---|
| 128 | int j;
|
|---|
| 129 |
|
|---|
| 130 | bnI = BN_bin2bn(I + i, vlen, NULL);
|
|---|
| 131 |
|
|---|
| 132 | BN_uadd(bnI, bnI, bnB);
|
|---|
| 133 |
|
|---|
| 134 | j = BN_num_bytes(bnI);
|
|---|
| 135 | if (j > vlen) {
|
|---|
| 136 | assert(j == vlen + 1);
|
|---|
| 137 | BN_bn2bin(bnI, v);
|
|---|
| 138 | memcpy(I + i, v + 1, vlen);
|
|---|
| 139 | } else {
|
|---|
| 140 | memset(I + i, 0, vlen - j);
|
|---|
| 141 | BN_bn2bin(bnI, I + i + vlen - j);
|
|---|
| 142 | }
|
|---|
| 143 | BN_free(bnI);
|
|---|
| 144 | }
|
|---|
| 145 | BN_free(bnB);
|
|---|
| 146 | BN_free(bnOne);
|
|---|
| 147 | size_I = vlen * 2;
|
|---|
| 148 | }
|
|---|
| 149 |
|
|---|
| 150 | EVP_MD_CTX_destroy(ctx);
|
|---|
| 151 | free(I);
|
|---|
| 152 | free(v);
|
|---|
| 153 |
|
|---|
| 154 | return 1;
|
|---|
| 155 | }
|
|---|
