155714Skris/* p12_crpt.c */
2280304Sjkim/*
3280304Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4280304Sjkim * 1999.
555714Skris */
655714Skris/* ====================================================================
755714Skris * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
855714Skris *
955714Skris * Redistribution and use in source and binary forms, with or without
1055714Skris * modification, are permitted provided that the following conditions
1155714Skris * are met:
1255714Skris *
1355714Skris * 1. Redistributions of source code must retain the above copyright
14280304Sjkim *    notice, this list of conditions and the following disclaimer.
1555714Skris *
1655714Skris * 2. Redistributions in binary form must reproduce the above copyright
1755714Skris *    notice, this list of conditions and the following disclaimer in
1855714Skris *    the documentation and/or other materials provided with the
1955714Skris *    distribution.
2055714Skris *
2155714Skris * 3. All advertising materials mentioning features or use of this
2255714Skris *    software must display the following acknowledgment:
2355714Skris *    "This product includes software developed by the OpenSSL Project
2455714Skris *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
2555714Skris *
2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2755714Skris *    endorse or promote products derived from this software without
2855714Skris *    prior written permission. For written permission, please contact
2955714Skris *    licensing@OpenSSL.org.
3055714Skris *
3155714Skris * 5. Products derived from this software may not be called "OpenSSL"
3255714Skris *    nor may "OpenSSL" appear in their names without prior written
3355714Skris *    permission of the OpenSSL Project.
3455714Skris *
3555714Skris * 6. Redistributions of any form whatsoever must retain the following
3655714Skris *    acknowledgment:
3755714Skris *    "This product includes software developed by the OpenSSL Project
3855714Skris *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3955714Skris *
4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4355714Skris * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE.
5255714Skris * ====================================================================
5355714Skris *
5455714Skris * This product includes cryptographic software written by Eric Young
5555714Skris * (eay@cryptsoft.com).  This product includes software written by Tim
5655714Skris * Hudson (tjh@cryptsoft.com).
5755714Skris *
5855714Skris */
5955714Skris
6055714Skris#include <stdio.h>
6155714Skris#include "cryptlib.h"
6255714Skris#include <openssl/pkcs12.h>
6355714Skris
64238405Sjkim/* PKCS#12 PBE algorithms now in static table */
6555714Skris
6655714Skrisvoid PKCS12_PBE_add(void)
6755714Skris{
6855714Skris}
6955714Skris
70160814Ssimonint PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
71280304Sjkim                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
72280304Sjkim                        const EVP_MD *md, int en_de)
7355714Skris{
74280304Sjkim    PBEPARAM *pbe;
75280304Sjkim    int saltlen, iter, ret;
76280304Sjkim    unsigned char *salt;
77280304Sjkim    const unsigned char *pbuf;
78280304Sjkim    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
7955714Skris
80291721Sjkim    if (cipher == NULL)
81291721Sjkim        return 0;
82291721Sjkim
83280304Sjkim    /* Extract useful info from parameter */
84280304Sjkim    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
85280304Sjkim        param->value.sequence == NULL) {
86280304Sjkim        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
87280304Sjkim        return 0;
88280304Sjkim    }
89160814Ssimon
90280304Sjkim    pbuf = param->value.sequence->data;
91280304Sjkim    if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
92280304Sjkim        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
93280304Sjkim        return 0;
94280304Sjkim    }
9555714Skris
96280304Sjkim    if (!pbe->iter)
97280304Sjkim        iter = 1;
98280304Sjkim    else
99280304Sjkim        iter = ASN1_INTEGER_get(pbe->iter);
100280304Sjkim    salt = pbe->salt->data;
101280304Sjkim    saltlen = pbe->salt->length;
102280304Sjkim    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
103280304Sjkim                        iter, EVP_CIPHER_key_length(cipher), key, md)) {
104280304Sjkim        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
105280304Sjkim        PBEPARAM_free(pbe);
106280304Sjkim        return 0;
107280304Sjkim    }
108280304Sjkim    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
109280304Sjkim                        iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
110280304Sjkim        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
111280304Sjkim        PBEPARAM_free(pbe);
112280304Sjkim        return 0;
113280304Sjkim    }
114280304Sjkim    PBEPARAM_free(pbe);
115280304Sjkim    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
116280304Sjkim    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
117280304Sjkim    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
118280304Sjkim    return ret;
11955714Skris}
120