OLD | NEW |
1 /* p12_key.c */ | 1 /* p12_key.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project 1999. | 3 * project 1999. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
62 #include <openssl/bn.h> | 62 #include <openssl/bn.h> |
63 | 63 |
64 /* Uncomment out this line to get debugging info about key generation */ | 64 /* Uncomment out this line to get debugging info about key generation */ |
65 /*#define DEBUG_KEYGEN*/ | 65 /*#define DEBUG_KEYGEN*/ |
66 #ifdef DEBUG_KEYGEN | 66 #ifdef DEBUG_KEYGEN |
67 #include <openssl/bio.h> | 67 #include <openssl/bio.h> |
68 extern BIO *bio_err; | 68 extern BIO *bio_err; |
69 void h__dump (unsigned char *p, int len); | 69 void h__dump (unsigned char *p, int len); |
70 #endif | 70 #endif |
71 | 71 |
72 #ifdef OPENSSL_SYS_NETWARE | |
73 /* Rename these functions to avoid name clashes on NetWare OS */ | |
74 #define uni2asc OPENSSL_uni2asc | |
75 #define asc2uni OPENSSL_asc2uni | |
76 #endif | |
77 | |
78 /* PKCS12 compatible key/IV generation */ | 72 /* PKCS12 compatible key/IV generation */ |
79 #ifndef min | 73 #ifndef min |
80 #define min(a,b) ((a) < (b) ? (a) : (b)) | 74 #define min(a,b) ((a) < (b) ? (a) : (b)) |
81 #endif | 75 #endif |
82 | 76 |
83 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, | 77 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
84 int saltlen, int id, int iter, int n, unsigned char *out, | 78 int saltlen, int id, int iter, int n, unsigned char *out, |
85 const EVP_MD *md_type) | 79 const EVP_MD *md_type) |
86 { | 80 { |
87 int ret; | 81 int ret; |
88 unsigned char *unipass; | 82 unsigned char *unipass; |
89 int uniplen; | 83 int uniplen; |
| 84 |
90 if(!pass) { | 85 if(!pass) { |
91 unipass = NULL; | 86 unipass = NULL; |
92 uniplen = 0; | 87 uniplen = 0; |
93 » } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { | 88 » } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { |
94 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); | 89 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); |
95 return 0; | 90 return 0; |
96 } | 91 } |
97 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, | 92 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, |
98 id, iter, n, out, md_type); | 93 id, iter, n, out, md_type); |
| 94 if (ret <= 0) |
| 95 return 0; |
99 if(unipass) { | 96 if(unipass) { |
100 OPENSSL_cleanse(unipass, uniplen); /* Clear password from m
emory */ | 97 OPENSSL_cleanse(unipass, uniplen); /* Clear password from m
emory */ |
101 OPENSSL_free(unipass); | 98 OPENSSL_free(unipass); |
102 } | 99 } |
103 return ret; | 100 return ret; |
104 } | 101 } |
105 | 102 |
106 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | 103 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, |
107 int saltlen, int id, int iter, int n, unsigned char *out, | 104 int saltlen, int id, int iter, int n, unsigned char *out, |
108 const EVP_MD *md_type) | 105 const EVP_MD *md_type) |
109 { | 106 { |
110 unsigned char *B, *D, *I, *p, *Ai; | 107 unsigned char *B, *D, *I, *p, *Ai; |
111 int Slen, Plen, Ilen, Ijlen; | 108 int Slen, Plen, Ilen, Ijlen; |
112 int i, j, u, v; | 109 int i, j, u, v; |
| 110 int ret = 0; |
113 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ | 111 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ |
114 EVP_MD_CTX ctx; | 112 EVP_MD_CTX ctx; |
115 #ifdef DEBUG_KEYGEN | 113 #ifdef DEBUG_KEYGEN |
116 unsigned char *tmpout = out; | 114 unsigned char *tmpout = out; |
117 int tmpn = n; | 115 int tmpn = n; |
118 #endif | 116 #endif |
119 | 117 |
120 #if 0 | 118 #if 0 |
121 if (!pass) { | 119 if (!pass) { |
122 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETE
R); | 120 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETE
R); |
123 return 0; | 121 return 0; |
124 } | 122 } |
125 #endif | 123 #endif |
126 | 124 |
127 EVP_MD_CTX_init(&ctx); | 125 EVP_MD_CTX_init(&ctx); |
128 #ifdef DEBUG_KEYGEN | 126 #ifdef DEBUG_KEYGEN |
129 fprintf(stderr, "KEYGEN DEBUG\n"); | 127 fprintf(stderr, "KEYGEN DEBUG\n"); |
130 fprintf(stderr, "ID %d, ITER %d\n", id, iter); | 128 fprintf(stderr, "ID %d, ITER %d\n", id, iter); |
131 fprintf(stderr, "Password (length %d):\n", passlen); | 129 fprintf(stderr, "Password (length %d):\n", passlen); |
132 h__dump(pass, passlen); | 130 h__dump(pass, passlen); |
133 fprintf(stderr, "Salt (length %d):\n", saltlen); | 131 fprintf(stderr, "Salt (length %d):\n", saltlen); |
134 h__dump(salt, saltlen); | 132 h__dump(salt, saltlen); |
135 #endif | 133 #endif |
136 v = EVP_MD_block_size (md_type); | 134 v = EVP_MD_block_size (md_type); |
137 u = EVP_MD_size (md_type); | 135 u = EVP_MD_size (md_type); |
| 136 if (u < 0) |
| 137 return 0; |
138 D = OPENSSL_malloc (v); | 138 D = OPENSSL_malloc (v); |
139 Ai = OPENSSL_malloc (u); | 139 Ai = OPENSSL_malloc (u); |
140 B = OPENSSL_malloc (v + 1); | 140 B = OPENSSL_malloc (v + 1); |
141 Slen = v * ((saltlen+v-1)/v); | 141 Slen = v * ((saltlen+v-1)/v); |
142 if(passlen) Plen = v * ((passlen+v-1)/v); | 142 if(passlen) Plen = v * ((passlen+v-1)/v); |
143 else Plen = 0; | 143 else Plen = 0; |
144 Ilen = Slen + Plen; | 144 Ilen = Slen + Plen; |
145 I = OPENSSL_malloc (Ilen); | 145 I = OPENSSL_malloc (Ilen); |
146 Ij = BN_new(); | 146 Ij = BN_new(); |
147 Bpl1 = BN_new(); | 147 Bpl1 = BN_new(); |
148 » if (!D || !Ai || !B || !I || !Ij || !Bpl1) { | 148 » if (!D || !Ai || !B || !I || !Ij || !Bpl1) |
149 » » PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); | 149 » » goto err; |
150 » » return 0; | |
151 » } | |
152 for (i = 0; i < v; i++) D[i] = id; | 150 for (i = 0; i < v; i++) D[i] = id; |
153 p = I; | 151 p = I; |
154 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; | 152 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; |
155 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; | 153 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; |
156 for (;;) { | 154 for (;;) { |
157 EVP_DigestInit_ex(&ctx, md_type, NULL); | 155 EVP_DigestInit_ex(&ctx, md_type, NULL); |
158 EVP_DigestUpdate(&ctx, D, v); | 156 EVP_DigestUpdate(&ctx, D, v); |
159 EVP_DigestUpdate(&ctx, I, Ilen); | 157 EVP_DigestUpdate(&ctx, I, Ilen); |
160 EVP_DigestFinal_ex(&ctx, Ai, NULL); | 158 EVP_DigestFinal_ex(&ctx, Ai, NULL); |
161 for (j = 1; j < iter; j++) { | 159 for (j = 1; j < iter; j++) { |
162 EVP_DigestInit_ex(&ctx, md_type, NULL); | 160 EVP_DigestInit_ex(&ctx, md_type, NULL); |
163 EVP_DigestUpdate(&ctx, Ai, u); | 161 EVP_DigestUpdate(&ctx, Ai, u); |
164 EVP_DigestFinal_ex(&ctx, Ai, NULL); | 162 EVP_DigestFinal_ex(&ctx, Ai, NULL); |
165 } | 163 } |
166 memcpy (out, Ai, min (n, u)); | 164 memcpy (out, Ai, min (n, u)); |
167 if (u >= n) { | 165 if (u >= n) { |
168 OPENSSL_free (Ai); | |
169 OPENSSL_free (B); | |
170 OPENSSL_free (D); | |
171 OPENSSL_free (I); | |
172 BN_free (Ij); | |
173 BN_free (Bpl1); | |
174 EVP_MD_CTX_cleanup(&ctx); | |
175 #ifdef DEBUG_KEYGEN | 166 #ifdef DEBUG_KEYGEN |
176 fprintf(stderr, "Output KEY (length %d)\n", tmpn); | 167 fprintf(stderr, "Output KEY (length %d)\n", tmpn); |
177 h__dump(tmpout, tmpn); | 168 h__dump(tmpout, tmpn); |
178 #endif | 169 #endif |
179 » » » return 1;» | 170 » » » ret = 1; |
| 171 » » » goto end; |
180 } | 172 } |
181 n -= u; | 173 n -= u; |
182 out += u; | 174 out += u; |
183 for (j = 0; j < v; j++) B[j] = Ai[j % u]; | 175 for (j = 0; j < v; j++) B[j] = Ai[j % u]; |
184 /* Work out B + 1 first then can use B as tmp space */ | 176 /* Work out B + 1 first then can use B as tmp space */ |
185 » » BN_bin2bn (B, v, Bpl1); | 177 » » if (!BN_bin2bn (B, v, Bpl1)) goto err; |
186 » » BN_add_word (Bpl1, 1); | 178 » » if (!BN_add_word (Bpl1, 1)) goto err; |
187 for (j = 0; j < Ilen ; j+=v) { | 179 for (j = 0; j < Ilen ; j+=v) { |
188 » » » BN_bin2bn (I + j, v, Ij); | 180 » » » if (!BN_bin2bn (I + j, v, Ij)) goto err; |
189 » » » BN_add (Ij, Ij, Bpl1); | 181 » » » if (!BN_add (Ij, Ij, Bpl1)) goto err; |
190 BN_bn2bin (Ij, B); | 182 BN_bn2bin (Ij, B); |
191 Ijlen = BN_num_bytes (Ij); | 183 Ijlen = BN_num_bytes (Ij); |
192 /* If more than 2^(v*8) - 1 cut off MSB */ | 184 /* If more than 2^(v*8) - 1 cut off MSB */ |
193 if (Ijlen > v) { | 185 if (Ijlen > v) { |
194 BN_bn2bin (Ij, B); | 186 BN_bn2bin (Ij, B); |
195 memcpy (I + j, B + 1, v); | 187 memcpy (I + j, B + 1, v); |
196 #ifndef PKCS12_BROKEN_KEYGEN | 188 #ifndef PKCS12_BROKEN_KEYGEN |
197 /* If less than v bytes pad with zeroes */ | 189 /* If less than v bytes pad with zeroes */ |
198 } else if (Ijlen < v) { | 190 } else if (Ijlen < v) { |
199 memset(I + j, 0, v - Ijlen); | 191 memset(I + j, 0, v - Ijlen); |
200 BN_bn2bin(Ij, I + j + v - Ijlen); | 192 BN_bn2bin(Ij, I + j + v - Ijlen); |
201 #endif | 193 #endif |
202 } else BN_bn2bin (Ij, I + j); | 194 } else BN_bn2bin (Ij, I + j); |
203 } | 195 } |
204 } | 196 } |
| 197 |
| 198 err: |
| 199 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); |
| 200 |
| 201 end: |
| 202 OPENSSL_free (Ai); |
| 203 OPENSSL_free (B); |
| 204 OPENSSL_free (D); |
| 205 OPENSSL_free (I); |
| 206 BN_free (Ij); |
| 207 BN_free (Bpl1); |
| 208 EVP_MD_CTX_cleanup(&ctx); |
| 209 return ret; |
205 } | 210 } |
206 #ifdef DEBUG_KEYGEN | 211 #ifdef DEBUG_KEYGEN |
207 void h__dump (unsigned char *p, int len) | 212 void h__dump (unsigned char *p, int len) |
208 { | 213 { |
209 for (; len --; p++) fprintf(stderr, "%02X", *p); | 214 for (; len --; p++) fprintf(stderr, "%02X", *p); |
210 fprintf(stderr, "\n"); | 215 fprintf(stderr, "\n"); |
211 } | 216 } |
212 #endif | 217 #endif |
OLD | NEW |