1/* $NetBSD: pkcs12.c,v 1.2 2017/01/28 21:31:47 christos Exp $ */ 2 3/* 4 * Copyright (c) 2006 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <config.h> 37#include <krb5/roken.h> 38#include <assert.h> 39 40#include <pkcs12.h> 41#include <bn.h> 42 43int 44PKCS12_key_gen(const void *key, size_t keylen, 45 const void *salt, size_t saltlen, 46 int id, int iteration, size_t outkeysize, 47 void *out, const EVP_MD *md) 48{ 49 unsigned char *v, *I, hash[EVP_MAX_MD_SIZE]; 50 unsigned int size, size_I = 0; 51 unsigned char idc = id; 52 EVP_MD_CTX *ctx; 53 unsigned char *outp = out; 54 int i, vlen; 55 56 /** 57 * The argument key is pointing to an utf16 string, and thus 58 * keylen that is no a multiple of 2 is invalid. 59 */ 60 if (keylen & 1) 61 return 0; 62 63 ctx = EVP_MD_CTX_create(); 64 if (ctx == NULL) 65 return 0; 66 67 vlen = EVP_MD_block_size(md); 68 v = malloc(vlen + 1); 69 if (v == NULL) { 70 EVP_MD_CTX_destroy(ctx); 71 return 0; 72 } 73 74 I = calloc(1, vlen * 2); 75 if (I == NULL) { 76 EVP_MD_CTX_destroy(ctx); 77 free(v); 78 return 0; 79 } 80 81 if (salt && saltlen > 0) { 82 for (i = 0; i < vlen; i++) 83 I[i] = ((unsigned char*)salt)[i % saltlen]; 84 size_I += vlen; 85 } 86 /* 87 * There is a diffrence between the no password string and the 88 * empty string, in the empty string the UTF16 NUL terminator is 89 * included into the string. 90 */ 91 if (key) { 92 for (i = 0; i < vlen / 2; i++) { 93 I[(i * 2) + size_I] = 0; 94 I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)]; 95 } 96 size_I += vlen; 97 } 98 99 while (1) { 100 BIGNUM *bnB, *bnOne; 101 102 if (!EVP_DigestInit_ex(ctx, md, NULL)) { 103 EVP_MD_CTX_destroy(ctx); 104 free(I); 105 free(v); 106 return 0; 107 } 108 for (i = 0; i < vlen; i++) 109 EVP_DigestUpdate(ctx, &idc, 1); 110 EVP_DigestUpdate(ctx, I, size_I); 111 EVP_DigestFinal_ex(ctx, hash, &size); 112 113 for (i = 1; i < iteration; i++) 114 EVP_Digest(hash, size, hash, &size, md, NULL); 115 116 memcpy(outp, hash, min(outkeysize, size)); 117 if (outkeysize < size) 118 break; 119 outkeysize -= size; 120 outp += size; 121 122 for (i = 0; i < vlen; i++) 123 v[i] = hash[i % size]; 124 125 bnB = BN_bin2bn(v, vlen, NULL); 126 bnOne = BN_new(); 127 BN_set_word(bnOne, 1); 128 129 BN_uadd(bnB, bnB, bnOne); 130 131 for (i = 0; i < vlen * 2; i += vlen) { 132 BIGNUM *bnI; 133 int j; 134 135 bnI = BN_bin2bn(I + i, vlen, NULL); 136 137 BN_uadd(bnI, bnI, bnB); 138 139 j = BN_num_bytes(bnI); 140 if (j > vlen) { 141 assert(j == vlen + 1); 142 BN_bn2bin(bnI, v); 143 memcpy(I + i, v + 1, vlen); 144 } else { 145 memset(I + i, 0, vlen - j); 146 BN_bn2bin(bnI, I + i + vlen - j); 147 } 148 BN_free(bnI); 149 } 150 BN_free(bnB); 151 BN_free(bnOne); 152 size_I = vlen * 2; 153 } 154 155 EVP_MD_CTX_destroy(ctx); 156 free(I); 157 free(v); 158 159 return 1; 160} 161