xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/hcrypto/pkcs12.c (revision 6a493d6bc668897c91594964a732d38505b70cbb) 
1 /*	$NetBSD: pkcs12.c,v 1.1.1.1 2011/04/13 18:14:50 elric Exp $	*/
2 
3 /*
4  * Copyright (c) 2006 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <config.h>
37 
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <assert.h>
41 
42 #include <pkcs12.h>
43 #include <bn.h>
44 
45 #include <krb5/roken.h>
46 
47 int
48 PKCS12_key_gen(const void *key, size_t keylen,
49 	       const void *salt, size_t saltlen,
50 	       int id, int iteration, size_t outkeysize,
51 	       void *out, const EVP_MD *md)
52 {
53     unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
54     unsigned int size, size_I = 0;
55     unsigned char idc = id;
56     EVP_MD_CTX *ctx;
57     unsigned char *outp = out;
58     int i, vlen;
59 
60     ctx = EVP_MD_CTX_create();
61     if (ctx == NULL)
62 	return 0;
63 
64     vlen = EVP_MD_block_size(md);
65     v = malloc(vlen + 1);
66     if (v == NULL) {
67 	EVP_MD_CTX_destroy(ctx);
68 	return 0;
69     }
70 
71     I = calloc(1, vlen * 2);
72     if (I == NULL) {
73 	EVP_MD_CTX_destroy(ctx);
74 	free(v);
75 	return 0;
76     }
77 
78     if (salt && saltlen > 0) {
79 	for (i = 0; i < vlen; i++)
80 	    I[i] = ((unsigned char*)salt)[i % saltlen];
81 	size_I += vlen;
82     }
83     /*
84      * There is a diffrence between the no password string and the
85      * empty string, in the empty string the UTF16 NUL terminator is
86      * included into the string.
87      */
88     if (key && keylen >= 0) {
89 	for (i = 0; i < vlen / 2; i++) {
90 	    I[(i * 2) + size_I] = 0;
91 	    I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
92 	}
93 	size_I += vlen;
94     }
95 
96     while (1) {
97 	BIGNUM *bnB, *bnOne;
98 
99 	if (!EVP_DigestInit_ex(ctx, md, NULL)) {
100 	    EVP_MD_CTX_destroy(ctx);
101 	    free(I);
102 	    free(v);
103 	    return 0;
104 	}
105 	for (i = 0; i < vlen; i++)
106 	    EVP_DigestUpdate(ctx, &idc, 1);
107 	EVP_DigestUpdate(ctx, I, size_I);
108 	EVP_DigestFinal_ex(ctx, hash, &size);
109 
110 	for (i = 1; i < iteration; i++)
111 	    EVP_Digest(hash, size, hash, &size, md, NULL);
112 
113 	memcpy(outp, hash, min(outkeysize, size));
114 	if (outkeysize < size)
115 	    break;
116 	outkeysize -= size;
117 	outp += size;
118 
119 	for (i = 0; i < vlen; i++)
120 	    v[i] = hash[i % size];
121 
122 	bnB = BN_bin2bn(v, vlen, NULL);
123 	bnOne = BN_new();
124 	BN_set_word(bnOne, 1);
125 
126 	BN_uadd(bnB, bnB, bnOne);
127 
128 	for (i = 0; i < vlen * 2; i += vlen) {
129 	    BIGNUM *bnI;
130 	    int j;
131 
132 	    bnI = BN_bin2bn(I + i, vlen, NULL);
133 
134 	    BN_uadd(bnI, bnI, bnB);
135 
136 	    j = BN_num_bytes(bnI);
137 	    if (j > vlen) {
138 		assert(j == vlen + 1);
139 		BN_bn2bin(bnI, v);
140 		memcpy(I + i, v + 1, vlen);
141 	    } else {
142 		memset(I + i, 0, vlen - j);
143 		BN_bn2bin(bnI, I + i + vlen - j);
144 	    }
145 	    BN_free(bnI);
146 	}
147 	BN_free(bnB);
148 	BN_free(bnOne);
149 	size_I = vlen * 2;
150     }
151 
152     EVP_MD_CTX_destroy(ctx);
153     free(I);
154     free(v);
155 
156     return 1;
157 }
158