|
1 /* p12_key.c */ |
|
2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
|
3 * project 1999. |
|
4 */ |
|
5 /* ==================================================================== |
|
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
|
7 * |
|
8 * Redistribution and use in source and binary forms, with or without |
|
9 * modification, are permitted provided that the following conditions |
|
10 * are met: |
|
11 * |
|
12 * 1. Redistributions of source code must retain the above copyright |
|
13 * notice, this list of conditions and the following disclaimer. |
|
14 * |
|
15 * 2. Redistributions in binary form must reproduce the above copyright |
|
16 * notice, this list of conditions and the following disclaimer in |
|
17 * the documentation and/or other materials provided with the |
|
18 * distribution. |
|
19 * |
|
20 * 3. All advertising materials mentioning features or use of this |
|
21 * software must display the following acknowledgment: |
|
22 * "This product includes software developed by the OpenSSL Project |
|
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
24 * |
|
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
26 * endorse or promote products derived from this software without |
|
27 * prior written permission. For written permission, please contact |
|
28 * licensing@OpenSSL.org. |
|
29 * |
|
30 * 5. Products derived from this software may not be called "OpenSSL" |
|
31 * nor may "OpenSSL" appear in their names without prior written |
|
32 * permission of the OpenSSL Project. |
|
33 * |
|
34 * 6. Redistributions of any form whatsoever must retain the following |
|
35 * acknowledgment: |
|
36 * "This product includes software developed by the OpenSSL Project |
|
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
38 * |
|
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
50 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
51 * ==================================================================== |
|
52 * |
|
53 * This product includes cryptographic software written by Eric Young |
|
54 * (eay@cryptsoft.com). This product includes software written by Tim |
|
55 * Hudson (tjh@cryptsoft.com). |
|
56 * |
|
57 */ |
|
58 |
|
59 #include <stdio.h> |
|
60 #include "cryptlib.h" |
|
61 #include <openssl/pkcs12.h> |
|
62 #include <openssl/bn.h> |
|
63 |
|
64 /* Uncomment out this line to get debugging info about key generation */ |
|
65 /*#define DEBUG_KEYGEN*/ |
|
66 #ifdef DEBUG_KEYGEN |
|
67 #include <openssl/bio.h> |
|
68 extern BIO *bio_err; |
|
69 void h__dump (unsigned char *p, int len); |
|
70 #endif |
|
71 |
|
72 /* PKCS12 compatible key/IV generation */ |
|
73 #ifndef min |
|
74 #define min(a,b) ((a) < (b) ? (a) : (b)) |
|
75 #endif |
|
76 |
|
77 EXPORT_C int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
|
78 int saltlen, int id, int iter, int n, unsigned char *out, |
|
79 const EVP_MD *md_type) |
|
80 { |
|
81 int ret; |
|
82 unsigned char *unipass; |
|
83 int uniplen; |
|
84 if(!pass) { |
|
85 unipass = NULL; |
|
86 uniplen = 0; |
|
87 } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { |
|
88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); |
|
89 return 0; |
|
90 } |
|
91 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, |
|
92 id, iter, n, out, md_type); |
|
93 if(unipass) { |
|
94 OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ |
|
95 OPENSSL_free(unipass); |
|
96 } |
|
97 return ret; |
|
98 } |
|
99 |
|
100 EXPORT_C int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, |
|
101 int saltlen, int id, int iter, int n, unsigned char *out, |
|
102 const EVP_MD *md_type) |
|
103 { |
|
104 unsigned char *B, *D, *I, *p, *Ai; |
|
105 int Slen, Plen, Ilen, Ijlen; |
|
106 int i, j, u, v; |
|
107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ |
|
108 EVP_MD_CTX ctx; |
|
109 #ifdef DEBUG_KEYGEN |
|
110 unsigned char *tmpout = out; |
|
111 int tmpn = n; |
|
112 #endif |
|
113 |
|
114 #if 0 |
|
115 if (!pass) { |
|
116 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER); |
|
117 return 0; |
|
118 } |
|
119 #endif |
|
120 |
|
121 EVP_MD_CTX_init(&ctx); |
|
122 #ifdef DEBUG_KEYGEN |
|
123 fprintf(stderr, "KEYGEN DEBUG\n"); |
|
124 fprintf(stderr, "ID %d, ITER %d\n", id, iter); |
|
125 fprintf(stderr, "Password (length %d):\n", passlen); |
|
126 h__dump(pass, passlen); |
|
127 fprintf(stderr, "Salt (length %d):\n", saltlen); |
|
128 h__dump(salt, saltlen); |
|
129 #endif |
|
130 v = EVP_MD_block_size (md_type); |
|
131 u = EVP_MD_size (md_type); |
|
132 D = OPENSSL_malloc (v); |
|
133 Ai = OPENSSL_malloc (u); |
|
134 B = OPENSSL_malloc (v + 1); |
|
135 Slen = v * ((saltlen+v-1)/v); |
|
136 if(passlen) Plen = v * ((passlen+v-1)/v); |
|
137 else Plen = 0; |
|
138 Ilen = Slen + Plen; |
|
139 I = OPENSSL_malloc (Ilen); |
|
140 Ij = BN_new(); |
|
141 Bpl1 = BN_new(); |
|
142 if (!D || !Ai || !B || !I || !Ij || !Bpl1) { |
|
143 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); |
|
144 return 0; |
|
145 } |
|
146 for (i = 0; i < v; i++) D[i] = id; |
|
147 p = I; |
|
148 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; |
|
149 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; |
|
150 for (;;) { |
|
151 EVP_DigestInit_ex(&ctx, md_type, NULL); |
|
152 EVP_DigestUpdate(&ctx, D, v); |
|
153 EVP_DigestUpdate(&ctx, I, Ilen); |
|
154 EVP_DigestFinal_ex(&ctx, Ai, NULL); |
|
155 for (j = 1; j < iter; j++) { |
|
156 EVP_DigestInit_ex(&ctx, md_type, NULL); |
|
157 EVP_DigestUpdate(&ctx, Ai, u); |
|
158 EVP_DigestFinal_ex(&ctx, Ai, NULL); |
|
159 } |
|
160 memcpy (out, Ai, min (n, u)); |
|
161 if (u >= n) { |
|
162 OPENSSL_free (Ai); |
|
163 OPENSSL_free (B); |
|
164 OPENSSL_free (D); |
|
165 OPENSSL_free (I); |
|
166 BN_free (Ij); |
|
167 BN_free (Bpl1); |
|
168 EVP_MD_CTX_cleanup(&ctx); |
|
169 #ifdef DEBUG_KEYGEN |
|
170 fprintf(stderr, "Output KEY (length %d)\n", tmpn); |
|
171 h__dump(tmpout, tmpn); |
|
172 #endif |
|
173 return 1; |
|
174 } |
|
175 n -= u; |
|
176 out += u; |
|
177 for (j = 0; j < v; j++) B[j] = Ai[j % u]; |
|
178 /* Work out B + 1 first then can use B as tmp space */ |
|
179 BN_bin2bn (B, v, Bpl1); |
|
180 BN_add_word (Bpl1, 1); |
|
181 for (j = 0; j < Ilen ; j+=v) { |
|
182 BN_bin2bn (I + j, v, Ij); |
|
183 BN_add (Ij, Ij, Bpl1); |
|
184 BN_bn2bin (Ij, B); |
|
185 Ijlen = BN_num_bytes (Ij); |
|
186 /* If more than 2^(v*8) - 1 cut off MSB */ |
|
187 if (Ijlen > v) { |
|
188 BN_bn2bin (Ij, B); |
|
189 memcpy (I + j, B + 1, v); |
|
190 #ifndef PKCS12_BROKEN_KEYGEN |
|
191 /* If less than v bytes pad with zeroes */ |
|
192 } else if (Ijlen < v) { |
|
193 memset(I + j, 0, v - Ijlen); |
|
194 BN_bn2bin(Ij, I + j + v - Ijlen); |
|
195 #endif |
|
196 } else BN_bn2bin (Ij, I + j); |
|
197 } |
|
198 } |
|
199 } |
|
200 #ifdef DEBUG_KEYGEN |
|
201 void h__dump (unsigned char *p, int len) |
|
202 { |
|
203 for (; len --; p++) fprintf(stderr, "%02X", *p); |
|
204 fprintf(stderr, "\n"); |
|
205 } |
|
206 #endif |