1/* 2 * Copyright (c) 2006 Kungliga Tekniska H��gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include <config.h> 35 36#include <stdio.h> 37#include <stdlib.h> 38#include <assert.h> 39 40#include <pkcs12.h> 41#include <bn.h> 42 43#include <roken.h> 44 45int 46PKCS12_key_gen(const void *key, size_t keylen, 47 const void *salt, size_t saltlen, 48 int id, int iteration, size_t outkeysize, 49 void *out, const EVP_MD *md) 50{ 51 unsigned char *v, *I, hash[EVP_MAX_MD_SIZE]; 52 unsigned int size, size_I = 0; 53 unsigned char idc = id; 54 EVP_MD_CTX *ctx; 55 unsigned char *outp = out; 56 int i, vlen; 57 58 ctx = EVP_MD_CTX_create(); 59 if (ctx == NULL) 60 return 0; 61 62 vlen = EVP_MD_block_size(md); 63 v = malloc(vlen + 1); 64 if (v == NULL) { 65 EVP_MD_CTX_destroy(ctx); 66 return 0; 67 } 68 69 I = calloc(1, vlen * 2); 70 if (I == NULL) { 71 EVP_MD_CTX_destroy(ctx); 72 free(v); 73 return 0; 74 } 75 76 if (salt && saltlen > 0) { 77 for (i = 0; i < vlen; i++) 78 I[i] = ((unsigned char*)salt)[i % saltlen]; 79 size_I += vlen; 80 } 81 /* 82 * There is a diffrence between the no password string and the 83 * empty string, in the empty string the UTF16 NUL terminator is 84 * included into the string. 85 */ 86 if (key && keylen >= 0) { 87 for (i = 0; i < vlen / 2; i++) { 88 I[(i * 2) + size_I] = 0; 89 I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)]; 90 } 91 size_I += vlen; 92 } 93 94 while (1) { 95 BIGNUM *bnB, *bnOne; 96 97 if (!EVP_DigestInit_ex(ctx, md, NULL)) { 98 EVP_MD_CTX_destroy(ctx); 99 free(I); 100 free(v); 101 return 0; 102 } 103 for (i = 0; i < vlen; i++) 104 EVP_DigestUpdate(ctx, &idc, 1); 105 EVP_DigestUpdate(ctx, I, size_I); 106 EVP_DigestFinal_ex(ctx, hash, &size); 107 108 for (i = 1; i < iteration; i++) 109 EVP_Digest(hash, size, hash, &size, md, NULL); 110 111 memcpy(outp, hash, min(outkeysize, size)); 112 if (outkeysize < size) 113 break; 114 outkeysize -= size; 115 outp += size; 116 117 for (i = 0; i < vlen; i++) 118 v[i] = hash[i % size]; 119 120 bnB = BN_bin2bn(v, vlen, NULL); 121 bnOne = BN_new(); 122 BN_set_word(bnOne, 1); 123 124 BN_uadd(bnB, bnB, bnOne); 125 126 for (i = 0; i < vlen * 2; i += vlen) { 127 BIGNUM *bnI; 128 int j; 129 130 bnI = BN_bin2bn(I + i, vlen, NULL); 131 132 BN_uadd(bnI, bnI, bnB); 133 134 j = BN_num_bytes(bnI); 135 if (j > vlen) { 136 assert(j == vlen + 1); 137 BN_bn2bin(bnI, v); 138 memcpy(I + i, v + 1, vlen); 139 } else { 140 memset(I + i, 0, vlen - j); 141 BN_bn2bin(bnI, I + i + vlen - j); 142 } 143 BN_free(bnI); 144 } 145 BN_free(bnB); 146 BN_free(bnOne); 147 size_I = vlen * 2; 148 } 149 150 EVP_MD_CTX_destroy(ctx); 151 free(I); 152 free(v); 153 154 return 1; 155} 156