/src/openssl/crypto/pkcs12/p12_key.c

Source (jump to first uncovered line)
/* p12_key.c */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>
#include <openssl/bn.h>

/* Uncomment out this line to get debugging info about key generation */
/*
 * #define DEBUG_KEYGEN
 */
#ifdef DEBUG_KEYGEN
# include <openssl/bio.h>
extern BIO *bio_err;
void h__dump(unsigned char *p, int len);
#endif

/* PKCS12 compatible key/IV generation */
#ifndef min
# define min(a,b) ((a) < (b) ? (a) : (b))
#endif

int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
                       int saltlen, int id, int iter, int n,
                       unsigned char *out, const EVP_MD *md_type)
{
    int ret;
    unsigned char *unipass;
    int uniplen;

    if (!pass) {
        unipass = NULL;
        uniplen = 0;
    } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                             id, iter, n, out, md_type);
    if (ret <= 0)
        return 0;
    if (unipass) {
        OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
        OPENSSL_free(unipass);
    }
    return ret;
}

int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                       int saltlen, int id, int iter, int n,
                       unsigned char *out, const EVP_MD *md_type)
{
    unsigned char *B, *D, *I, *p, *Ai;
    int Slen, Plen, Ilen, Ijlen;
    int i, j, u, v;
    int ret = 0;
    BIGNUM *Ij, *Bpl1;          /* These hold Ij and B + 1 */
    EVP_MD_CTX ctx;
#ifdef  DEBUG_KEYGEN
    unsigned char *tmpout = out;
    int tmpn = n;
#endif

#if 0
    if (!pass) {
        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
#endif

    EVP_MD_CTX_init(&ctx);
#ifdef  DEBUG_KEYGEN
    fprintf(stderr, "KEYGEN DEBUG\n");
    fprintf(stderr, "ID %d, ITER %d\n", id, iter);
    fprintf(stderr, "Password (length %d):\n", passlen);
    h__dump(pass, passlen);
    fprintf(stderr, "Salt (length %d):\n", saltlen);
    h__dump(salt, saltlen);
#endif
    v = EVP_MD_block_size(md_type);
    u = EVP_MD_size(md_type);
    if (u < 0)
        return 0;
    D = OPENSSL_malloc(v);
    Ai = OPENSSL_malloc(u);
    B = OPENSSL_malloc(v + 1);
    Slen = v * ((saltlen + v - 1) / v);
    if (passlen)
        Plen = v * ((passlen + v - 1) / v);
    else
        Plen = 0;
    Ilen = Slen + Plen;
    I = OPENSSL_malloc(Ilen);
    Ij = BN_new();
    Bpl1 = BN_new();
    if (!D || !Ai || !B || !I || !Ij || !Bpl1)
        goto err;
    for (i = 0; i < v; i++)
        D[i] = id;
    p = I;
    for (i = 0; i < Slen; i++)
        *p++ = salt[i % saltlen];
    for (i = 0; i < Plen; i++)
        *p++ = pass[i % passlen];
    for (;;) {
        if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
            || !EVP_DigestUpdate(&ctx, D, v)
            || !EVP_DigestUpdate(&ctx, I, Ilen)
            || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
            goto err;
        for (j = 1; j < iter; j++) {
            if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
                || !EVP_DigestUpdate(&ctx, Ai, u)
                || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
                goto err;
        }
        memcpy(out, Ai, min(n, u));
        if (u >= n) {
#ifdef DEBUG_KEYGEN
            fprintf(stderr, "Output KEY (length %d)\n", tmpn);
            h__dump(tmpout, tmpn);
#endif
            ret = 1;
            goto end;
        }
        n -= u;
        out += u;
        for (j = 0; j < v; j++)
            B[j] = Ai[j % u];
        /* Work out B + 1 first then can use B as tmp space */
        if (!BN_bin2bn(B, v, Bpl1))
            goto err;
        if (!BN_add_word(Bpl1, 1))
            goto err;
        for (j = 0; j < Ilen; j += v) {
            if (!BN_bin2bn(I + j, v, Ij))
                goto err;
            if (!BN_add(Ij, Ij, Bpl1))
                goto err;
            if (!BN_bn2bin(Ij, B))
                goto err;
            Ijlen = BN_num_bytes(Ij);
            /* If more than 2^(v*8) - 1 cut off MSB */
            if (Ijlen > v) {
                if (!BN_bn2bin(Ij, B))
                    goto err;
                memcpy(I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
                /* If less than v bytes pad with zeroes */
            } else if (Ijlen < v) {
                memset(I + j, 0, v - Ijlen);
                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
                    goto err;
#endif
            } else if (!BN_bn2bin(Ij, I + j))
                goto err;
        }
    }

 err:
    PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);

 end:
    OPENSSL_free(Ai);
    OPENSSL_free(B);
    OPENSSL_free(D);
    OPENSSL_free(I);
    BN_free(Ij);
    BN_free(Bpl1);
    EVP_MD_CTX_cleanup(&ctx);
    return ret;
}

#ifdef DEBUG_KEYGEN
void h__dump(unsigned char *p, int len)
{
    for (; len--; p++)
        fprintf(stderr, "%02X", *p);
    fprintf(stderr, "\n");
}
#endif

Coverage Report

Created: 2022-11-30 06:20

Line	Count	Source (jump to first uncovered line)
1		/* p12_key.c */
2		/*
3		* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4		* 1999.
5		*/
6		/* ====================================================================
7		* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8		*
9		* Redistribution and use in source and binary forms, with or without
10		* modification, are permitted provided that the following conditions
11		* are met:
12		*
13		* 1. Redistributions of source code must retain the above copyright
14		* notice, this list of conditions and the following disclaimer.
15		*
16		* 2. Redistributions in binary form must reproduce the above copyright
17		* notice, this list of conditions and the following disclaimer in
18		* the documentation and/or other materials provided with the
19		* distribution.
20		*
21		* 3. All advertising materials mentioning features or use of this
22		* software must display the following acknowledgment:
23		* "This product includes software developed by the OpenSSL Project
24		* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25		*
26		* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27		* endorse or promote products derived from this software without
28		* prior written permission. For written permission, please contact
29		* licensing@OpenSSL.org.
30		*
31		* 5. Products derived from this software may not be called "OpenSSL"
32		* nor may "OpenSSL" appear in their names without prior written
33		* permission of the OpenSSL Project.
34		*
35		* 6. Redistributions of any form whatsoever must retain the following
36		* acknowledgment:
37		* "This product includes software developed by the OpenSSL Project
38		* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39		*
40		* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41		* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43		* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51		* OF THE POSSIBILITY OF SUCH DAMAGE.
52		* ====================================================================
53		*
54		* This product includes cryptographic software written by Eric Young
55		* (eay@cryptsoft.com). This product includes software written by Tim
56		* Hudson (tjh@cryptsoft.com).
57		*
58		*/
59
60		#include <stdio.h>
61		#include "cryptlib.h"
62		#include <openssl/pkcs12.h>
63		#include <openssl/bn.h>
64
65		/* Uncomment out this line to get debugging info about key generation */
66		/*
67		* #define DEBUG_KEYGEN
68		*/
69		#ifdef DEBUG_KEYGEN
70		# include <openssl/bio.h>
71		extern BIO *bio_err;
72		void h__dump(unsigned char *p, int len);
73		#endif
74
75		/* PKCS12 compatible key/IV generation */
76		#ifndef min
77	0	# define min(a,b) ((a) < (b) ? (a) : (b))
78		#endif
79
80		int PKCS12_key_gen_asc(const char pass, int passlen, unsigned char salt,
81		int saltlen, int id, int iter, int n,
82		unsigned char out, const EVP_MD md_type)
83	0	{
84	0	int ret;
85	0	unsigned char *unipass;
86	0	int uniplen;
87
88	0	if (!pass) {
89	0	unipass = NULL;
90	0	uniplen = 0;
91	0	} else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
92	0	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
93	0	return 0;
94	0	}
95	0	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
96	0	id, iter, n, out, md_type);
97	0	if (ret <= 0)
98	0	return 0;
99	0	if (unipass) {
100	0	OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
101	0	OPENSSL_free(unipass);
102	0	}
103	0	return ret;
104	0	}
105
106		int PKCS12_key_gen_uni(unsigned char pass, int passlen, unsigned char salt,
107		int saltlen, int id, int iter, int n,
108		unsigned char out, const EVP_MD md_type)
109	0	{
110	0	unsigned char B, D, I, p, *Ai;
111	0	int Slen, Plen, Ilen, Ijlen;
112	0	int i, j, u, v;
113	0	int ret = 0;
114	0	BIGNUM Ij, Bpl1; /* These hold Ij and B + 1 */
115	0	EVP_MD_CTX ctx;
116		#ifdef DEBUG_KEYGEN
117		unsigned char *tmpout = out;
118		int tmpn = n;
119		#endif
120
121		#if 0
122		if (!pass) {
123		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
124		return 0;
125		}
126		#endif
127
128	0	EVP_MD_CTX_init(&ctx);
129		#ifdef DEBUG_KEYGEN
130		fprintf(stderr, "KEYGEN DEBUG\n");
131		fprintf(stderr, "ID %d, ITER %d\n", id, iter);
132		fprintf(stderr, "Password (length %d):\n", passlen);
133		h__dump(pass, passlen);
134		fprintf(stderr, "Salt (length %d):\n", saltlen);
135		h__dump(salt, saltlen);
136		#endif
137	0	v = EVP_MD_block_size(md_type);
138	0	u = EVP_MD_size(md_type);
139	0	if (u < 0)
140	0	return 0;
141	0	D = OPENSSL_malloc(v);
142	0	Ai = OPENSSL_malloc(u);
143	0	B = OPENSSL_malloc(v + 1);
144	0	Slen = v * ((saltlen + v - 1) / v);
145	0	if (passlen)
146	0	Plen = v * ((passlen + v - 1) / v);
147	0	else
148	0	Plen = 0;
149	0	Ilen = Slen + Plen;
150	0	I = OPENSSL_malloc(Ilen);
151	0	Ij = BN_new();
152	0	Bpl1 = BN_new();
153	0	if (!D \|\| !Ai \|\| !B \|\| !I \|\| !Ij \|\| !Bpl1)
154	0	goto err;
155	0	for (i = 0; i < v; i++)
156	0	D[i] = id;
157	0	p = I;
158	0	for (i = 0; i < Slen; i++)
159	0	*p++ = salt[i % saltlen];
160	0	for (i = 0; i < Plen; i++)
161	0	*p++ = pass[i % passlen];
162	0	for (;;) {
163	0	if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
164	0	\|\| !EVP_DigestUpdate(&ctx, D, v)
165	0	\|\| !EVP_DigestUpdate(&ctx, I, Ilen)
166	0	\|\| !EVP_DigestFinal_ex(&ctx, Ai, NULL))
167	0	goto err;
168	0	for (j = 1; j < iter; j++) {
169	0	if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
170	0	\|\| !EVP_DigestUpdate(&ctx, Ai, u)
171	0	\|\| !EVP_DigestFinal_ex(&ctx, Ai, NULL))
172	0	goto err;
173	0	}
174	0	memcpy(out, Ai, min(n, u));
175	0	if (u >= n) {
176		#ifdef DEBUG_KEYGEN
177		fprintf(stderr, "Output KEY (length %d)\n", tmpn);
178		h__dump(tmpout, tmpn);
179		#endif
180	0	ret = 1;
181	0	goto end;
182	0	}
183	0	n -= u;
184	0	out += u;
185	0	for (j = 0; j < v; j++)
186	0	B[j] = Ai[j % u];
187		/* Work out B + 1 first then can use B as tmp space */
188	0	if (!BN_bin2bn(B, v, Bpl1))
189	0	goto err;
190	0	if (!BN_add_word(Bpl1, 1))
191	0	goto err;
192	0	for (j = 0; j < Ilen; j += v) {
193	0	if (!BN_bin2bn(I + j, v, Ij))
194	0	goto err;
195	0	if (!BN_add(Ij, Ij, Bpl1))
196	0	goto err;
197	0	if (!BN_bn2bin(Ij, B))
198	0	goto err;
199	0	Ijlen = BN_num_bytes(Ij);
200		/* If more than 2^(v8) - 1 cut off MSB /
201	0	if (Ijlen > v) {
202	0	if (!BN_bn2bin(Ij, B))
203	0	goto err;
204	0	memcpy(I + j, B + 1, v);
205	0	#ifndef PKCS12_BROKEN_KEYGEN
206		/* If less than v bytes pad with zeroes */
207	0	} else if (Ijlen < v) {
208	0	memset(I + j, 0, v - Ijlen);
209	0	if (!BN_bn2bin(Ij, I + j + v - Ijlen))
210	0	goto err;
211	0	#endif
212	0	} else if (!BN_bn2bin(Ij, I + j))
213	0	goto err;
214	0	}
215	0	}
216
217	0	err:
218	0	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
219
220	0	end:
221	0	OPENSSL_free(Ai);
222	0	OPENSSL_free(B);
223	0	OPENSSL_free(D);
224	0	OPENSSL_free(I);
225	0	BN_free(Ij);
226	0	BN_free(Bpl1);
227	0	EVP_MD_CTX_cleanup(&ctx);
228	0	return ret;
229	0	}
230
231		#ifdef DEBUG_KEYGEN
232		void h__dump(unsigned char *p, int len)
233		{
234		for (; len--; p++)
235		fprintf(stderr, "%02X", *p);
236		fprintf(stderr, "\n");
237		}
238		#endif