p12_key.c 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. /*
  2. * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/pkcs12.h>
  12. #include <openssl/bn.h>
  13. #include <openssl/trace.h>
  14. #include <openssl/kdf.h>
  15. #include <openssl/core_names.h>
  16. #include "internal/provider.h"
  17. int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
  18. int saltlen, int id, int iter, int n,
  19. unsigned char *out, const EVP_MD *md_type)
  20. {
  21. int ret;
  22. unsigned char *unipass;
  23. int uniplen;
  24. if (pass == NULL) {
  25. unipass = NULL;
  26. uniplen = 0;
  27. } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
  28. ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
  29. return 0;
  30. }
  31. ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
  32. id, iter, n, out, md_type);
  33. OPENSSL_clear_free(unipass, uniplen);
  34. return ret > 0;
  35. }
  36. int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
  37. int saltlen, int id, int iter, int n,
  38. unsigned char *out, const EVP_MD *md_type)
  39. {
  40. int ret;
  41. unsigned char *unipass;
  42. int uniplen;
  43. if (pass == NULL) {
  44. unipass = NULL;
  45. uniplen = 0;
  46. } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
  47. ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
  48. return 0;
  49. }
  50. ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
  51. id, iter, n, out, md_type);
  52. OPENSSL_clear_free(unipass, uniplen);
  53. return ret > 0;
  54. }
  55. int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
  56. int saltlen, int id, int iter, int n,
  57. unsigned char *out, const EVP_MD *md_type)
  58. {
  59. int res = 0;
  60. EVP_KDF *kdf;
  61. EVP_KDF_CTX *ctx;
  62. OSSL_PARAM params[6], *p = params;
  63. if (n <= 0)
  64. return 0;
  65. /*
  66. * The parameter query isn't available but the library context can be
  67. * extracted from the passed digest.
  68. */
  69. kdf = EVP_KDF_fetch(ossl_provider_libctx(EVP_MD_provider(md_type)),
  70. "PKCS12KDF", NULL);
  71. if (kdf == NULL)
  72. return 0;
  73. ctx = EVP_KDF_CTX_new(kdf);
  74. EVP_KDF_free(kdf);
  75. if (ctx == NULL)
  76. return 0;
  77. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
  78. (char *)EVP_MD_name(md_type), 0);
  79. *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
  80. pass, passlen);
  81. *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
  82. salt, saltlen);
  83. *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS12_ID, &id);
  84. *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter);
  85. *p = OSSL_PARAM_construct_end();
  86. if (!EVP_KDF_CTX_set_params(ctx, params))
  87. goto err;
  88. OSSL_TRACE_BEGIN(PKCS12_KEYGEN) {
  89. BIO_printf(trc_out, "PKCS12_key_gen_uni(): ID %d, ITER %d\n", id, iter);
  90. BIO_printf(trc_out, "Password (length %d):\n", passlen);
  91. BIO_hex_string(trc_out, 0, passlen, pass, passlen);
  92. BIO_printf(trc_out, "\n");
  93. BIO_printf(trc_out, "Salt (length %d):\n", saltlen);
  94. BIO_hex_string(trc_out, 0, saltlen, salt, saltlen);
  95. BIO_printf(trc_out, "\n");
  96. } OSSL_TRACE_END(PKCS12_KEYGEN);
  97. if (EVP_KDF_derive(ctx, out, (size_t)n, NULL)) {
  98. res = 1;
  99. OSSL_TRACE_BEGIN(PKCS12_KEYGEN) {
  100. BIO_printf(trc_out, "Output KEY (length %d)\n", n);
  101. BIO_hex_string(trc_out, 0, n, out, n);
  102. BIO_printf(trc_out, "\n");
  103. } OSSL_TRACE_END(PKCS12_KEYGEN);
  104. }
  105. err:
  106. EVP_KDF_CTX_free(ctx);
  107. return res;
  108. }