1 /* 2 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/core.h> 13 #include <openssl/core_names.h> 14 #include "crypto/evp.h" 15 #include <openssl/pkcs12.h> 16 17 /* PKCS#12 PBE algorithms now in static table */ 18 19 void PKCS12_PBE_add(void) 20 { 21 } 22 23 int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 24 ASN1_TYPE *param, const EVP_CIPHER *cipher, 25 const EVP_MD *md, int en_de, 26 OSSL_LIB_CTX *libctx, const char *propq) 27 { 28 PBEPARAM *pbe; 29 int saltlen, iter, ret; 30 unsigned char *salt; 31 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 32 unsigned char *piv = iv; 33 34 if (cipher == NULL) 35 return 0; 36 37 /* Extract useful info from parameter */ 38 39 pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); 40 if (pbe == NULL) { 41 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); 42 return 0; 43 } 44 45 if (pbe->iter == NULL) 46 iter = 1; 47 else 48 iter = ASN1_INTEGER_get(pbe->iter); 49 salt = pbe->salt->data; 50 saltlen = pbe->salt->length; 51 if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_KEY_ID, 52 iter, EVP_CIPHER_get_key_length(cipher), 53 key, md, 54 libctx, propq)) { 55 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); 56 PBEPARAM_free(pbe); 57 return 0; 58 } 59 if (EVP_CIPHER_get_iv_length(cipher) > 0) { 60 if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_IV_ID, 61 iter, EVP_CIPHER_get_iv_length(cipher), 62 iv, md, 63 libctx, propq)) { 64 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR); 65 PBEPARAM_free(pbe); 66 return 0; 67 } 68 } else { 69 piv = NULL; 70 } 71 PBEPARAM_free(pbe); 72 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, piv, en_de); 73 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); 74 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); 75 return ret; 76 } 77 78 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 79 ASN1_TYPE *param, const EVP_CIPHER *cipher, 80 const EVP_MD *md, int en_de) 81 { 82 return PKCS12_PBE_keyivgen_ex(ctx, pass, passlen, param, cipher, md, en_de, 83 NULL, NULL); 84 } 85 86