xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/hcrypto/pkcs12.c (revision d3273b5b76f5afaafe308cead5511dbb8df8c5e9) 
1 /*	$NetBSD: pkcs12.c,v 1.2 2017/01/28 21:31:47 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 2006 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <config.h>
37 #include <krb5/roken.h>
38 #include <assert.h>
39 
40 #include <pkcs12.h>
41 #include <bn.h>
42 
43 int
PKCS12_key_gen(const void * key,size_t keylen,const void * salt,size_t saltlen,int id,int iteration,size_t outkeysize,void * out,const EVP_MD * md)44 PKCS12_key_gen(const void *key, size_t keylen,
45 	       const void *salt, size_t saltlen,
46 	       int id, int iteration, size_t outkeysize,
47 	       void *out, const EVP_MD *md)
48 {
49     unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
50     unsigned int size, size_I = 0;
51     unsigned char idc = id;
52     EVP_MD_CTX *ctx;
53     unsigned char *outp = out;
54     int i, vlen;
55 
56     /**
57      * The argument key is pointing to an utf16 string, and thus
58      * keylen that is no a multiple of 2 is invalid.
59      */
60     if (keylen & 1)
61 	return 0;
62 
63     ctx = EVP_MD_CTX_create();
64     if (ctx == NULL)
65 	return 0;
66 
67     vlen = EVP_MD_block_size(md);
68     v = malloc(vlen + 1);
69     if (v == NULL) {
70 	EVP_MD_CTX_destroy(ctx);
71 	return 0;
72     }
73 
74     I = calloc(1, vlen * 2);
75     if (I == NULL) {
76 	EVP_MD_CTX_destroy(ctx);
77 	free(v);
78 	return 0;
79     }
80 
81     if (salt && saltlen > 0) {
82 	for (i = 0; i < vlen; i++)
83 	    I[i] = ((unsigned char*)salt)[i % saltlen];
84 	size_I += vlen;
85     }
86     /*
87      * There is a diffrence between the no password string and the
88      * empty string, in the empty string the UTF16 NUL terminator is
89      * included into the string.
90      */
91     if (key) {
92 	for (i = 0; i < vlen / 2; i++) {
93 	    I[(i * 2) + size_I] = 0;
94 	    I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
95 	}
96 	size_I += vlen;
97     }
98 
99     while (1) {
100 	BIGNUM *bnB, *bnOne;
101 
102 	if (!EVP_DigestInit_ex(ctx, md, NULL)) {
103 	    EVP_MD_CTX_destroy(ctx);
104 	    free(I);
105 	    free(v);
106 	    return 0;
107 	}
108 	for (i = 0; i < vlen; i++)
109 	    EVP_DigestUpdate(ctx, &idc, 1);
110 	EVP_DigestUpdate(ctx, I, size_I);
111 	EVP_DigestFinal_ex(ctx, hash, &size);
112 
113 	for (i = 1; i < iteration; i++)
114 	    EVP_Digest(hash, size, hash, &size, md, NULL);
115 
116 	memcpy(outp, hash, min(outkeysize, size));
117 	if (outkeysize < size)
118 	    break;
119 	outkeysize -= size;
120 	outp += size;
121 
122 	for (i = 0; i < vlen; i++)
123 	    v[i] = hash[i % size];
124 
125 	bnB = BN_bin2bn(v, vlen, NULL);
126 	bnOne = BN_new();
127 	BN_set_word(bnOne, 1);
128 
129 	BN_uadd(bnB, bnB, bnOne);
130 
131 	for (i = 0; i < vlen * 2; i += vlen) {
132 	    BIGNUM *bnI;
133 	    int j;
134 
135 	    bnI = BN_bin2bn(I + i, vlen, NULL);
136 
137 	    BN_uadd(bnI, bnI, bnB);
138 
139 	    j = BN_num_bytes(bnI);
140 	    if (j > vlen) {
141 		assert(j == vlen + 1);
142 		BN_bn2bin(bnI, v);
143 		memcpy(I + i, v + 1, vlen);
144 	    } else {
145 		memset(I + i, 0, vlen - j);
146 		BN_bn2bin(bnI, I + i + vlen - j);
147 	    }
148 	    BN_free(bnI);
149 	}
150 	BN_free(bnB);
151 	BN_free(bnOne);
152 	size_I = vlen * 2;
153     }
154 
155     EVP_MD_CTX_destroy(ctx);
156     free(I);
157     free(v);
158 
159     return 1;
160 }
161