155714Skris/* p12_key.c */ 2280304Sjkim/* 3280304Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4280304Sjkim * 1999. 555714Skris */ 655714Skris/* ==================================================================== 755714Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris 6055714Skris#include <stdio.h> 6155714Skris#include "cryptlib.h" 6255714Skris#include <openssl/pkcs12.h> 63160814Ssimon#include <openssl/bn.h> 6455714Skris 6555714Skris/* Uncomment out this line to get debugging info about key generation */ 66280304Sjkim/* 67280304Sjkim * #define DEBUG_KEYGEN 68280304Sjkim */ 6955714Skris#ifdef DEBUG_KEYGEN 70280304Sjkim# include <openssl/bio.h> 7155714Skrisextern BIO *bio_err; 72280304Sjkimvoid h__dump(unsigned char *p, int len); 7355714Skris#endif 7455714Skris 7555714Skris/* PKCS12 compatible key/IV generation */ 7655714Skris#ifndef min 77280304Sjkim# define min(a,b) ((a) < (b) ? (a) : (b)) 7855714Skris#endif 7955714Skris 8068651Skrisint PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, 81280304Sjkim int saltlen, int id, int iter, int n, 82280304Sjkim unsigned char *out, const EVP_MD *md_type) 8355714Skris{ 84280304Sjkim int ret; 85280304Sjkim unsigned char *unipass; 86280304Sjkim int uniplen; 87238405Sjkim 88280304Sjkim if (!pass) { 89280304Sjkim unipass = NULL; 90280304Sjkim uniplen = 0; 91280304Sjkim } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { 92280304Sjkim PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE); 93280304Sjkim return 0; 94280304Sjkim } 95280304Sjkim ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, 96280304Sjkim id, iter, n, out, md_type); 97280304Sjkim if (ret <= 0) 98280304Sjkim return 0; 99280304Sjkim if (unipass) { 100280304Sjkim OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ 101280304Sjkim OPENSSL_free(unipass); 102280304Sjkim } 103280304Sjkim return ret; 10455714Skris} 10555714Skris 10668651Skrisint PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, 107280304Sjkim int saltlen, int id, int iter, int n, 108280304Sjkim unsigned char *out, const EVP_MD *md_type) 10955714Skris{ 110280304Sjkim unsigned char *B, *D, *I, *p, *Ai; 111280304Sjkim int Slen, Plen, Ilen, Ijlen; 112280304Sjkim int i, j, u, v; 113280304Sjkim int ret = 0; 114280304Sjkim BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ 115280304Sjkim EVP_MD_CTX ctx; 11655714Skris#ifdef DEBUG_KEYGEN 117280304Sjkim unsigned char *tmpout = out; 118280304Sjkim int tmpn = n; 11955714Skris#endif 12059191Skris 12168651Skris#if 0 122280304Sjkim if (!pass) { 123280304Sjkim PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); 124280304Sjkim return 0; 125280304Sjkim } 12668651Skris#endif 12759191Skris 128280304Sjkim EVP_MD_CTX_init(&ctx); 12959191Skris#ifdef DEBUG_KEYGEN 130280304Sjkim fprintf(stderr, "KEYGEN DEBUG\n"); 131280304Sjkim fprintf(stderr, "ID %d, ITER %d\n", id, iter); 132280304Sjkim fprintf(stderr, "Password (length %d):\n", passlen); 133280304Sjkim h__dump(pass, passlen); 134280304Sjkim fprintf(stderr, "Salt (length %d):\n", saltlen); 135280304Sjkim h__dump(salt, saltlen); 13659191Skris#endif 137280304Sjkim v = EVP_MD_block_size(md_type); 138280304Sjkim u = EVP_MD_size(md_type); 139280304Sjkim if (u < 0) 140280304Sjkim return 0; 141280304Sjkim D = OPENSSL_malloc(v); 142280304Sjkim Ai = OPENSSL_malloc(u); 143280304Sjkim B = OPENSSL_malloc(v + 1); 144280304Sjkim Slen = v * ((saltlen + v - 1) / v); 145280304Sjkim if (passlen) 146280304Sjkim Plen = v * ((passlen + v - 1) / v); 147280304Sjkim else 148280304Sjkim Plen = 0; 149280304Sjkim Ilen = Slen + Plen; 150280304Sjkim I = OPENSSL_malloc(Ilen); 151280304Sjkim Ij = BN_new(); 152280304Sjkim Bpl1 = BN_new(); 153280304Sjkim if (!D || !Ai || !B || !I || !Ij || !Bpl1) 154280304Sjkim goto err; 155280304Sjkim for (i = 0; i < v; i++) 156280304Sjkim D[i] = id; 157280304Sjkim p = I; 158280304Sjkim for (i = 0; i < Slen; i++) 159280304Sjkim *p++ = salt[i % saltlen]; 160280304Sjkim for (i = 0; i < Plen; i++) 161280304Sjkim *p++ = pass[i % passlen]; 162280304Sjkim for (;;) { 163280304Sjkim if (!EVP_DigestInit_ex(&ctx, md_type, NULL) 164280304Sjkim || !EVP_DigestUpdate(&ctx, D, v) 165280304Sjkim || !EVP_DigestUpdate(&ctx, I, Ilen) 166280304Sjkim || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) 167280304Sjkim goto err; 168280304Sjkim for (j = 1; j < iter; j++) { 169280304Sjkim if (!EVP_DigestInit_ex(&ctx, md_type, NULL) 170280304Sjkim || !EVP_DigestUpdate(&ctx, Ai, u) 171280304Sjkim || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) 172280304Sjkim goto err; 173280304Sjkim } 174280304Sjkim memcpy(out, Ai, min(n, u)); 175280304Sjkim if (u >= n) { 17655714Skris#ifdef DEBUG_KEYGEN 177280304Sjkim fprintf(stderr, "Output KEY (length %d)\n", tmpn); 178280304Sjkim h__dump(tmpout, tmpn); 17955714Skris#endif 180280304Sjkim ret = 1; 181280304Sjkim goto end; 182280304Sjkim } 183280304Sjkim n -= u; 184280304Sjkim out += u; 185280304Sjkim for (j = 0; j < v; j++) 186280304Sjkim B[j] = Ai[j % u]; 187280304Sjkim /* Work out B + 1 first then can use B as tmp space */ 188280304Sjkim if (!BN_bin2bn(B, v, Bpl1)) 189280304Sjkim goto err; 190280304Sjkim if (!BN_add_word(Bpl1, 1)) 191280304Sjkim goto err; 192280304Sjkim for (j = 0; j < Ilen; j += v) { 193280304Sjkim if (!BN_bin2bn(I + j, v, Ij)) 194280304Sjkim goto err; 195280304Sjkim if (!BN_add(Ij, Ij, Bpl1)) 196280304Sjkim goto err; 197280304Sjkim if (!BN_bn2bin(Ij, B)) 198280304Sjkim goto err; 199280304Sjkim Ijlen = BN_num_bytes(Ij); 200280304Sjkim /* If more than 2^(v*8) - 1 cut off MSB */ 201280304Sjkim if (Ijlen > v) { 202280304Sjkim if (!BN_bn2bin(Ij, B)) 203280304Sjkim goto err; 204280304Sjkim memcpy(I + j, B + 1, v); 20576866Skris#ifndef PKCS12_BROKEN_KEYGEN 206280304Sjkim /* If less than v bytes pad with zeroes */ 207280304Sjkim } else if (Ijlen < v) { 208280304Sjkim memset(I + j, 0, v - Ijlen); 209280304Sjkim if (!BN_bn2bin(Ij, I + j + v - Ijlen)) 210280304Sjkim goto err; 21176866Skris#endif 212280304Sjkim } else if (!BN_bn2bin(Ij, I + j)) 213280304Sjkim goto err; 214280304Sjkim } 215280304Sjkim } 216215697Ssimon 217280304Sjkim err: 218280304Sjkim PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE); 219215697Ssimon 220280304Sjkim end: 221280304Sjkim OPENSSL_free(Ai); 222280304Sjkim OPENSSL_free(B); 223280304Sjkim OPENSSL_free(D); 224280304Sjkim OPENSSL_free(I); 225280304Sjkim BN_free(Ij); 226280304Sjkim BN_free(Bpl1); 227280304Sjkim EVP_MD_CTX_cleanup(&ctx); 228280304Sjkim return ret; 22955714Skris} 230280304Sjkim 23155714Skris#ifdef DEBUG_KEYGEN 232280304Sjkimvoid h__dump(unsigned char *p, int len) 23355714Skris{ 234280304Sjkim for (; len--; p++) 235280304Sjkim fprintf(stderr, "%02X", *p); 236280304Sjkim fprintf(stderr, "\n"); 23755714Skris} 23855714Skris#endif 239