p12_mutl.c 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242
  1. /*
  2. * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. # include <stdio.h>
  10. # include "internal/cryptlib.h"
  11. # include <openssl/crypto.h>
  12. # include <openssl/hmac.h>
  13. # include <openssl/rand.h>
  14. # include <openssl/pkcs12.h>
  15. # include "p12_lcl.h"
  16. int PKCS12_mac_present(const PKCS12 *p12)
  17. {
  18. return p12->mac ? 1 : 0;
  19. }
  20. void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
  21. const X509_ALGOR **pmacalg,
  22. const ASN1_OCTET_STRING **psalt,
  23. const ASN1_INTEGER **piter,
  24. const PKCS12 *p12)
  25. {
  26. if (p12->mac) {
  27. X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
  28. if (psalt)
  29. *psalt = p12->mac->salt;
  30. if (piter)
  31. *piter = p12->mac->iter;
  32. } else {
  33. if (pmac)
  34. *pmac = NULL;
  35. if (pmacalg)
  36. *pmacalg = NULL;
  37. if (psalt)
  38. *psalt = NULL;
  39. if (piter)
  40. *piter = NULL;
  41. }
  42. }
  43. # define TK26_MAC_KEY_LEN 32
  44. static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
  45. const unsigned char *salt, int saltlen,
  46. int iter, int keylen, unsigned char *key,
  47. const EVP_MD *digest)
  48. {
  49. unsigned char out[96];
  50. if (keylen != TK26_MAC_KEY_LEN) {
  51. return 0;
  52. }
  53. if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
  54. digest, sizeof(out), out)) {
  55. return 0;
  56. }
  57. memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
  58. OPENSSL_cleanse(out, sizeof(out));
  59. return 1;
  60. }
  61. /* Generate a MAC */
  62. static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
  63. unsigned char *mac, unsigned int *maclen,
  64. int (*pkcs12_key_gen)(const char *pass, int passlen,
  65. unsigned char *salt, int slen,
  66. int id, int iter, int n,
  67. unsigned char *out,
  68. const EVP_MD *md_type))
  69. {
  70. const EVP_MD *md_type;
  71. HMAC_CTX *hmac = NULL;
  72. unsigned char key[EVP_MAX_MD_SIZE], *salt;
  73. int saltlen, iter;
  74. int md_size = 0;
  75. int md_type_nid;
  76. const X509_ALGOR *macalg;
  77. const ASN1_OBJECT *macoid;
  78. if (pkcs12_key_gen == NULL)
  79. pkcs12_key_gen = PKCS12_key_gen_utf8;
  80. if (!PKCS7_type_is_data(p12->authsafes)) {
  81. PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
  82. return 0;
  83. }
  84. salt = p12->mac->salt->data;
  85. saltlen = p12->mac->salt->length;
  86. if (!p12->mac->iter)
  87. iter = 1;
  88. else
  89. iter = ASN1_INTEGER_get(p12->mac->iter);
  90. X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
  91. X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
  92. if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
  93. PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
  94. return 0;
  95. }
  96. md_size = EVP_MD_size(md_type);
  97. md_type_nid = EVP_MD_type(md_type);
  98. if (md_size < 0)
  99. return 0;
  100. if ((md_type_nid == NID_id_GostR3411_94
  101. || md_type_nid == NID_id_GostR3411_2012_256
  102. || md_type_nid == NID_id_GostR3411_2012_512)
  103. && !getenv("LEGACY_GOST_PKCS12")) {
  104. md_size = TK26_MAC_KEY_LEN;
  105. if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
  106. md_size, key, md_type)) {
  107. PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
  108. return 0;
  109. }
  110. } else
  111. if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
  112. iter, md_size, key, md_type)) {
  113. PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
  114. return 0;
  115. }
  116. if ((hmac = HMAC_CTX_new()) == NULL
  117. || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
  118. || !HMAC_Update(hmac, p12->authsafes->d.data->data,
  119. p12->authsafes->d.data->length)
  120. || !HMAC_Final(hmac, mac, maclen)) {
  121. HMAC_CTX_free(hmac);
  122. return 0;
  123. }
  124. HMAC_CTX_free(hmac);
  125. return 1;
  126. }
  127. int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
  128. unsigned char *mac, unsigned int *maclen)
  129. {
  130. return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
  131. }
  132. /* Verify the mac */
  133. int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
  134. {
  135. unsigned char mac[EVP_MAX_MD_SIZE];
  136. unsigned int maclen;
  137. const ASN1_OCTET_STRING *macoct;
  138. if (p12->mac == NULL) {
  139. PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
  140. return 0;
  141. }
  142. if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
  143. PKCS12_key_gen_utf8)) {
  144. PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
  145. return 0;
  146. }
  147. X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
  148. if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
  149. || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
  150. return 0;
  151. return 1;
  152. }
  153. /* Set a mac */
  154. int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
  155. unsigned char *salt, int saltlen, int iter,
  156. const EVP_MD *md_type)
  157. {
  158. unsigned char mac[EVP_MAX_MD_SIZE];
  159. unsigned int maclen;
  160. ASN1_OCTET_STRING *macoct;
  161. if (!md_type)
  162. md_type = EVP_sha1();
  163. if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
  164. PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
  165. return 0;
  166. }
  167. /*
  168. * Note that output mac is forced to UTF-8...
  169. */
  170. if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
  171. PKCS12_key_gen_utf8)) {
  172. PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
  173. return 0;
  174. }
  175. X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
  176. if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
  177. PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
  178. return 0;
  179. }
  180. return 1;
  181. }
  182. /* Set up a mac structure */
  183. int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
  184. const EVP_MD *md_type)
  185. {
  186. X509_ALGOR *macalg;
  187. PKCS12_MAC_DATA_free(p12->mac);
  188. p12->mac = NULL;
  189. if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
  190. return PKCS12_ERROR;
  191. if (iter > 1) {
  192. if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
  193. PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
  194. return 0;
  195. }
  196. if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
  197. PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
  198. return 0;
  199. }
  200. }
  201. if (!saltlen)
  202. saltlen = PKCS12_SALT_LEN;
  203. if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
  204. PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
  205. return 0;
  206. }
  207. p12->mac->salt->length = saltlen;
  208. if (!salt) {
  209. if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
  210. return 0;
  211. } else
  212. memcpy(p12->mac->salt->data, salt, saltlen);
  213. X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
  214. if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
  215. V_ASN1_NULL, NULL)) {
  216. PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
  217. return 0;
  218. }
  219. return 1;
  220. }