155714Skris/* p12_crpt.c */
2194206Ssimon/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
355714Skris * project 1999.
455714Skris */
555714Skris/* ====================================================================
655714Skris * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
755714Skris *
855714Skris * Redistribution and use in source and binary forms, with or without
955714Skris * modification, are permitted provided that the following conditions
1055714Skris * are met:
1155714Skris *
1255714Skris * 1. Redistributions of source code must retain the above copyright
1355714Skris *    notice, this list of conditions and the following disclaimer.
1455714Skris *
1555714Skris * 2. Redistributions in binary form must reproduce the above copyright
1655714Skris *    notice, this list of conditions and the following disclaimer in
1755714Skris *    the documentation and/or other materials provided with the
1855714Skris *    distribution.
1955714Skris *
2055714Skris * 3. All advertising materials mentioning features or use of this
2155714Skris *    software must display the following acknowledgment:
2255714Skris *    "This product includes software developed by the OpenSSL Project
2355714Skris *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
2455714Skris *
2555714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2655714Skris *    endorse or promote products derived from this software without
2755714Skris *    prior written permission. For written permission, please contact
2855714Skris *    licensing@OpenSSL.org.
2955714Skris *
3055714Skris * 5. Products derived from this software may not be called "OpenSSL"
3155714Skris *    nor may "OpenSSL" appear in their names without prior written
3255714Skris *    permission of the OpenSSL Project.
3355714Skris *
3455714Skris * 6. Redistributions of any form whatsoever must retain the following
3555714Skris *    acknowledgment:
3655714Skris *    "This product includes software developed by the OpenSSL Project
3755714Skris *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3855714Skris *
3955714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4055714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4155714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4255714Skris * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
4355714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4455714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4555714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4655714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4755714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4855714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4955714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
5055714Skris * OF THE POSSIBILITY OF SUCH DAMAGE.
5155714Skris * ====================================================================
5255714Skris *
5355714Skris * This product includes cryptographic software written by Eric Young
5455714Skris * (eay@cryptsoft.com).  This product includes software written by Tim
5555714Skris * Hudson (tjh@cryptsoft.com).
5655714Skris *
5755714Skris */
5855714Skris
5955714Skris#include <stdio.h>
6055714Skris#include "cryptlib.h"
6155714Skris#include <openssl/pkcs12.h>
6255714Skris
63238405Sjkim/* PKCS#12 PBE algorithms now in static table */
6455714Skris
6555714Skrisvoid PKCS12_PBE_add(void)
6655714Skris{
6755714Skris}
6855714Skris
69160814Ssimonint PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
70109998Smarkm		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
7155714Skris{
7255714Skris	PBEPARAM *pbe;
73160814Ssimon	int saltlen, iter, ret;
74160814Ssimon	unsigned char *salt;
75160814Ssimon	const unsigned char *pbuf;
7655714Skris	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
7755714Skris
7855714Skris	/* Extract useful info from parameter */
79160814Ssimon	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
80160814Ssimon	    param->value.sequence == NULL) {
81160814Ssimon		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
82160814Ssimon		return 0;
83160814Ssimon	}
84160814Ssimon
8555714Skris	pbuf = param->value.sequence->data;
86160814Ssimon	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
87160814Ssimon		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
8855714Skris		return 0;
8955714Skris	}
9055714Skris
9155714Skris	if (!pbe->iter) iter = 1;
9255714Skris	else iter = ASN1_INTEGER_get (pbe->iter);
9355714Skris	salt = pbe->salt->data;
9455714Skris	saltlen = pbe->salt->length;
9555714Skris	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
9655714Skris			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
9755714Skris		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
9855714Skris		PBEPARAM_free(pbe);
9955714Skris		return 0;
10055714Skris	}
10155714Skris	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
10255714Skris				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
10355714Skris		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
10455714Skris		PBEPARAM_free(pbe);
10555714Skris		return 0;
10655714Skris	}
10755714Skris	PBEPARAM_free(pbe);
108160814Ssimon	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
109109998Smarkm	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
110109998Smarkm	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
111160814Ssimon	return ret;
11255714Skris}
113