Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: c8ed250af3
Branches Tags
winscp
/
libs
/
openssl
/
crypto
/
pkcs12
/
p12_key.c

p12_key.c 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209 
  1. /*
    2. 

  2.  * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the OpenSSL license (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #include <stdio.h>
    11. 

  11. #include "internal/cryptlib.h"
    12. 

  12. #include <openssl/pkcs12.h>
    13. 

  13. #include <openssl/bn.h>
    14. 

  14. 

  15. /* Uncomment out this line to get debugging info about key generation */
    16. 

  16. /*
    17. 

  17.  * #define OPENSSL_DEBUG_KEYGEN
    18. 

  18.  */
    19. 

  19. #ifdef OPENSSL_DEBUG_KEYGEN
    20. 

  20. # include <openssl/bio.h>
    21. 

  21. extern BIO *bio_err;
    22. 

  22. void h__dump(unsigned char *p, int len);
    23. 

  23. #endif
    24. 

  24. 

  25. /* PKCS12 compatible key/IV generation */
    26. 

  26. #ifndef min
    27. 

  27. # define min(a,b) ((a) < (b) ? (a) : (b))
    28. 

  28. #endif
    29. 

  29. 

  30. #if defined(WINSCP) && defined(PBE_UNICODE)
    31. 

  31. #undef PKCS12_key_gen_uni
    32. 

  32. 

  33. int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
    34. 

  34.                        int saltlen, int id, int iter, int n,
    35. 

  35.                        unsigned char *out, const EVP_MD *md_type);
    36. 

  36. 

  37. int PKCS12_key_gen_wrap(unsigned char *pass, int passlen, unsigned char *salt,
    38. 

  38.                         int saltlen, int id, int iter, int n,
    39. 

  39.                         unsigned char *out, const EVP_MD *md_type)
    40. 

  40. {
    41. 

  41.     if (pass == NULL)
    42. 

  42.     {
    43. 

  43.         // noop
    44. 

  44.     }
    45. 

  45.     // PKCS12_key_gen_uni cannot handle -1 length (contrary to PKCS12_key_gen_asc).
    46. 

  46.     // OPENSSL_asc2uni adds the trailing \0 to the length,
    47. 

  47.     // even if input ascii password length does not include it.
    48. 

  48.     else if (passlen < 0)
    49. 

  49.     {
    50. 

  50.         passlen = (wcslen((wchar_t*)pass) * sizeof(wchar_t)) + sizeof(wchar_t);
    51. 

  51.     }
    52. 

  52.     return PKCS12_key_gen_uni(pass, passlen, salt, saltlen, id, iter, n, out, md_type);
    53. 

  53. }
    54. 

  54. #endif
    55. 

  55. 

  56. int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
    57. 

  57.                        int saltlen, int id, int iter, int n,
    58. 

  58.                        unsigned char *out, const EVP_MD *md_type)
    59. 

  59. {
    60. 

  60.     int ret;
    61. 

  61.     unsigned char *unipass;
    62. 

  62.     int uniplen;
    63. 

  63. 

  64.     if (!pass) {
    65. 

  65.         unipass = NULL;
    66. 

  66.         uniplen = 0;
    67. 

  67.     } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
    68. 

  68.         PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
    69. 

  69.         return 0;
    70. 

  70.     }
    71. 

  71.     ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
    72. 

  72.                              id, iter, n, out, md_type);
    73. 

  73.     if (ret <= 0)
    74. 

  74.         return 0;
    75. 

  75.     OPENSSL_clear_free(unipass, uniplen);
    76. 

  76.     return ret;
    77. 

  77. }
    78. 

  78. 

  79. int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
    80. 

  80.                         int saltlen, int id, int iter, int n,
    81. 

  81.                         unsigned char *out, const EVP_MD *md_type)
    82. 

  82. {
    83. 

  83.     int ret;
    84. 

  84.     unsigned char *unipass;
    85. 

  85.     int uniplen;
    86. 

  86. 

  87.     if (!pass) {
    88. 

  88.         unipass = NULL;
    89. 

  89.         uniplen = 0;
    90. 

  90.     } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
    91. 

  91.         PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE);
    92. 

  92.         return 0;
    93. 

  93.     }
    94. 

  94.     ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
    95. 

  95.                              id, iter, n, out, md_type);
    96. 

  96.     if (ret <= 0)
    97. 

  97.         return 0;
    98. 

  98.     OPENSSL_clear_free(unipass, uniplen);
    99. 

  99.     return ret;
    100. 

  100. }
    101. 

  101. 

  102. int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
    103. 

  103.                        int saltlen, int id, int iter, int n,
    104. 

  104.                        unsigned char *out, const EVP_MD *md_type)
    105. 

  105. {
    106. 

  106.     unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
    107. 

  107.     int Slen, Plen, Ilen;
    108. 

  108.     int i, j, u, v;
    109. 

  109.     int ret = 0;
    110. 

  110.     EVP_MD_CTX *ctx = NULL;
    111. 

  111. #ifdef  OPENSSL_DEBUG_KEYGEN
    112. 

  112.     unsigned char *tmpout = out;
    113. 

  113.     int tmpn = n;
    114. 

  114. #endif
    115. 

  115. 

  116.     ctx = EVP_MD_CTX_new();
    117. 

  117.     if (ctx == NULL)
    118. 

  118.         goto err;
    119. 

  119. 

  120. #ifdef  OPENSSL_DEBUG_KEYGEN
    121. 

  121.     fprintf(stderr, "KEYGEN DEBUG\n");
    122. 

  122.     fprintf(stderr, "ID %d, ITER %d\n", id, iter);
    123. 

  123.     fprintf(stderr, "Password (length %d):\n", passlen);
    124. 

  124.     h__dump(pass, passlen);
    125. 

  125.     fprintf(stderr, "Salt (length %d):\n", saltlen);
    126. 

  126.     h__dump(salt, saltlen);
    127. 

  127. #endif
    128. 

  128.     v = EVP_MD_block_size(md_type);
    129. 

  129.     u = EVP_MD_size(md_type);
    130. 

  130.     if (u < 0 || v <= 0)
    131. 

  131.         goto err;
    132. 

  132.     D = OPENSSL_malloc(v);
    133. 

  133.     Ai = OPENSSL_malloc(u);
    134. 

  134.     B = OPENSSL_malloc(v + 1);
    135. 

  135.     Slen = v * ((saltlen + v - 1) / v);
    136. 

  136.     if (passlen)
    137. 

  137.         Plen = v * ((passlen + v - 1) / v);
    138. 

  138.     else
    139. 

  139.         Plen = 0;
    140. 

  140.     Ilen = Slen + Plen;
    141. 

  141.     I = OPENSSL_malloc(Ilen);
    142. 

  142.     if (D == NULL || Ai == NULL || B == NULL || I == NULL)
    143. 

  143.         goto err;
    144. 

  144.     for (i = 0; i < v; i++)
    145. 

  145.         D[i] = id;
    146. 

  146.     p = I;
    147. 

  147.     for (i = 0; i < Slen; i++)
    148. 

  148.         *p++ = salt[i % saltlen];
    149. 

  149.     for (i = 0; i < Plen; i++)
    150. 

  150.         *p++ = pass[i % passlen];
    151. 

  151.     for (;;) {
    152. 

  152.         if (!EVP_DigestInit_ex(ctx, md_type, NULL)
    153. 

  153.             || !EVP_DigestUpdate(ctx, D, v)
    154. 

  154.             || !EVP_DigestUpdate(ctx, I, Ilen)
    155. 

  155.             || !EVP_DigestFinal_ex(ctx, Ai, NULL))
    156. 

  156.             goto err;
    157. 

  157.         for (j = 1; j < iter; j++) {
    158. 

  158.             if (!EVP_DigestInit_ex(ctx, md_type, NULL)
    159. 

  159.                 || !EVP_DigestUpdate(ctx, Ai, u)
    160. 

  160.                 || !EVP_DigestFinal_ex(ctx, Ai, NULL))
    161. 

  161.                 goto err;
    162. 

  162.         }
    163. 

  163.         memcpy(out, Ai, min(n, u));
    164. 

  164.         if (u >= n) {
    165. 

  165. #ifdef OPENSSL_DEBUG_KEYGEN
    166. 

  166.             fprintf(stderr, "Output KEY (length %d)\n", tmpn);
    167. 

  167.             h__dump(tmpout, tmpn);
    168. 

  168. #endif
    169. 

  169.             ret = 1;
    170. 

  170.             goto end;
    171. 

  171.         }
    172. 

  172.         n -= u;
    173. 

  173.         out += u;
    174. 

  174.         for (j = 0; j < v; j++)
    175. 

  175.             B[j] = Ai[j % u];
    176. 

  176.         for (j = 0; j < Ilen; j += v) {
    177. 

  177.             int k;
    178. 

  178.             unsigned char *Ij = I + j;
    179. 

  179.             uint16_t c = 1;
    180. 

  180. 

  181.             /* Work out Ij = Ij + B + 1 */
    182. 

  182.             for (k = v - 1; k >= 0; k--) {
    183. 

  183.                 c += Ij[k] + B[k];
    184. 

  184.                 Ij[k] = (unsigned char)c;
    185. 

  185.                 c >>= 8;
    186. 

  186.             }
    187. 

  187.         }
    188. 

  188.     }
    189. 

  189. 

  190.  err:
    191. 

  191.     PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
    192. 

  192. 

  193.  end:
    194. 

  194.     OPENSSL_free(Ai);
    195. 

  195.     OPENSSL_free(B);
    196. 

  196.     OPENSSL_free(D);
    197. 

  197.     OPENSSL_free(I);
    198. 

  198.     EVP_MD_CTX_free(ctx);
    199. 

  199.     return ret;
    200. 

  200. }
    201. 

  201. 

  202. #ifdef OPENSSL_DEBUG_KEYGEN
    203. 

  203. void h__dump(unsigned char *p, int len)
    204. 

  204. {
    205. 

  205.     for (; len--; p++)
    206. 

  206.         fprintf(stderr, "%02X", *p);
    207. 

  207.     fprintf(stderr, "\n");
    208. 

  208. }
    209. 

  209. #endif
    210.