1 /* $NetBSD: pkcs12.c,v 1.1.1.2 2014/04/24 12:45:30 pettai Exp $ */
4 * Copyright (c) 2006 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
45 #include <krb5/roken.h>
48 PKCS12_key_gen(const void *key
, size_t keylen
,
49 const void *salt
, size_t saltlen
,
50 int id
, int iteration
, size_t outkeysize
,
51 void *out
, const EVP_MD
*md
)
53 unsigned char *v
, *I
, hash
[EVP_MAX_MD_SIZE
];
54 unsigned int size
, size_I
= 0;
55 unsigned char idc
= id
;
57 unsigned char *outp
= out
;
61 * The argument key is pointing to an utf16 string, and thus
62 * keylen that is no a multiple of 2 is invalid.
67 ctx
= EVP_MD_CTX_create();
71 vlen
= EVP_MD_block_size(md
);
74 EVP_MD_CTX_destroy(ctx
);
78 I
= calloc(1, vlen
* 2);
80 EVP_MD_CTX_destroy(ctx
);
85 if (salt
&& saltlen
> 0) {
86 for (i
= 0; i
< vlen
; i
++)
87 I
[i
] = ((unsigned char*)salt
)[i
% saltlen
];
91 * There is a diffrence between the no password string and the
92 * empty string, in the empty string the UTF16 NUL terminator is
93 * included into the string.
96 for (i
= 0; i
< vlen
/ 2; i
++) {
97 I
[(i
* 2) + size_I
] = 0;
98 I
[(i
* 2) + size_I
+ 1] = ((unsigned char*)key
)[i
% (keylen
+ 1)];
106 if (!EVP_DigestInit_ex(ctx
, md
, NULL
)) {
107 EVP_MD_CTX_destroy(ctx
);
112 for (i
= 0; i
< vlen
; i
++)
113 EVP_DigestUpdate(ctx
, &idc
, 1);
114 EVP_DigestUpdate(ctx
, I
, size_I
);
115 EVP_DigestFinal_ex(ctx
, hash
, &size
);
117 for (i
= 1; i
< iteration
; i
++)
118 EVP_Digest(hash
, size
, hash
, &size
, md
, NULL
);
120 memcpy(outp
, hash
, min(outkeysize
, size
));
121 if (outkeysize
< size
)
126 for (i
= 0; i
< vlen
; i
++)
127 v
[i
] = hash
[i
% size
];
129 bnB
= BN_bin2bn(v
, vlen
, NULL
);
131 BN_set_word(bnOne
, 1);
133 BN_uadd(bnB
, bnB
, bnOne
);
135 for (i
= 0; i
< vlen
* 2; i
+= vlen
) {
139 bnI
= BN_bin2bn(I
+ i
, vlen
, NULL
);
141 BN_uadd(bnI
, bnI
, bnB
);
143 j
= BN_num_bytes(bnI
);
145 assert(j
== vlen
+ 1);
147 memcpy(I
+ i
, v
+ 1, vlen
);
149 memset(I
+ i
, 0, vlen
- j
);
150 BN_bn2bin(bnI
, I
+ i
+ vlen
- j
);
159 EVP_MD_CTX_destroy(ctx
);