[331] | 1 | /*
|
---|
| 2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | # include <stdio.h>
|
---|
| 11 | # include "internal/cryptlib.h"
|
---|
| 12 | # include <openssl/crypto.h>
|
---|
| 13 | # include <openssl/hmac.h>
|
---|
| 14 | # include <openssl/rand.h>
|
---|
| 15 | # include <openssl/pkcs12.h>
|
---|
| 16 | # include "p12_lcl.h"
|
---|
| 17 |
|
---|
| 18 | int PKCS12_mac_present(const PKCS12 *p12)
|
---|
| 19 | {
|
---|
| 20 | return p12->mac ? 1 : 0;
|
---|
| 21 | }
|
---|
| 22 |
|
---|
| 23 | void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
|
---|
| 24 | const X509_ALGOR **pmacalg,
|
---|
| 25 | const ASN1_OCTET_STRING **psalt,
|
---|
| 26 | const ASN1_INTEGER **piter,
|
---|
| 27 | const PKCS12 *p12)
|
---|
| 28 | {
|
---|
| 29 | if (p12->mac) {
|
---|
| 30 | X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
|
---|
| 31 | if (psalt)
|
---|
| 32 | *psalt = p12->mac->salt;
|
---|
| 33 | if (piter)
|
---|
| 34 | *piter = p12->mac->iter;
|
---|
| 35 | } else {
|
---|
| 36 | if (pmac)
|
---|
| 37 | *pmac = NULL;
|
---|
| 38 | if (pmacalg)
|
---|
| 39 | *pmacalg = NULL;
|
---|
| 40 | if (psalt)
|
---|
| 41 | *psalt = NULL;
|
---|
| 42 | if (piter)
|
---|
| 43 | *piter = NULL;
|
---|
| 44 | }
|
---|
| 45 | }
|
---|
| 46 |
|
---|
| 47 | # define TK26_MAC_KEY_LEN 32
|
---|
| 48 |
|
---|
| 49 | static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
|
---|
| 50 | const unsigned char *salt, int saltlen,
|
---|
| 51 | int iter, int keylen, unsigned char *key,
|
---|
| 52 | const EVP_MD *digest)
|
---|
| 53 | {
|
---|
| 54 | unsigned char out[96];
|
---|
| 55 |
|
---|
| 56 | if (keylen != TK26_MAC_KEY_LEN) {
|
---|
| 57 | return 0;
|
---|
| 58 | }
|
---|
| 59 |
|
---|
| 60 | if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
|
---|
| 61 | digest, sizeof(out), out)) {
|
---|
| 62 | return 0;
|
---|
| 63 | }
|
---|
| 64 | memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
|
---|
| 65 | OPENSSL_cleanse(out, sizeof(out));
|
---|
| 66 | return 1;
|
---|
| 67 | }
|
---|
| 68 |
|
---|
| 69 | /* Generate a MAC */
|
---|
| 70 | static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
|
---|
| 71 | unsigned char *mac, unsigned int *maclen,
|
---|
| 72 | int (*pkcs12_key_gen)(const char *pass, int passlen,
|
---|
| 73 | unsigned char *salt, int slen,
|
---|
| 74 | int id, int iter, int n,
|
---|
| 75 | unsigned char *out,
|
---|
| 76 | const EVP_MD *md_type))
|
---|
| 77 | {
|
---|
| 78 | const EVP_MD *md_type;
|
---|
| 79 | HMAC_CTX *hmac = NULL;
|
---|
| 80 | unsigned char key[EVP_MAX_MD_SIZE], *salt;
|
---|
| 81 | int saltlen, iter;
|
---|
| 82 | int md_size = 0;
|
---|
| 83 | int md_type_nid;
|
---|
| 84 | const X509_ALGOR *macalg;
|
---|
| 85 | const ASN1_OBJECT *macoid;
|
---|
| 86 |
|
---|
| 87 | if (pkcs12_key_gen == NULL)
|
---|
| 88 | pkcs12_key_gen = PKCS12_key_gen_utf8;
|
---|
| 89 |
|
---|
| 90 | if (!PKCS7_type_is_data(p12->authsafes)) {
|
---|
| 91 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
---|
| 92 | return 0;
|
---|
| 93 | }
|
---|
| 94 |
|
---|
| 95 | salt = p12->mac->salt->data;
|
---|
| 96 | saltlen = p12->mac->salt->length;
|
---|
| 97 | if (!p12->mac->iter)
|
---|
| 98 | iter = 1;
|
---|
| 99 | else
|
---|
| 100 | iter = ASN1_INTEGER_get(p12->mac->iter);
|
---|
| 101 | X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
|
---|
| 102 | X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
|
---|
| 103 | if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
|
---|
| 104 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
|
---|
| 105 | return 0;
|
---|
| 106 | }
|
---|
| 107 | md_size = EVP_MD_size(md_type);
|
---|
| 108 | md_type_nid = EVP_MD_type(md_type);
|
---|
| 109 | if (md_size < 0)
|
---|
| 110 | return 0;
|
---|
| 111 | if ((md_type_nid == NID_id_GostR3411_94
|
---|
| 112 | || md_type_nid == NID_id_GostR3411_2012_256
|
---|
| 113 | || md_type_nid == NID_id_GostR3411_2012_512)
|
---|
| 114 | && !getenv("LEGACY_GOST_PKCS12")) {
|
---|
| 115 | md_size = TK26_MAC_KEY_LEN;
|
---|
| 116 | if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
|
---|
| 117 | md_size, key, md_type)) {
|
---|
| 118 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
|
---|
| 119 | return 0;
|
---|
| 120 | }
|
---|
| 121 | } else
|
---|
| 122 | if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
|
---|
| 123 | iter, md_size, key, md_type)) {
|
---|
| 124 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
|
---|
| 125 | return 0;
|
---|
| 126 | }
|
---|
| 127 | hmac = HMAC_CTX_new();
|
---|
| 128 | if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
|
---|
| 129 | || !HMAC_Update(hmac, p12->authsafes->d.data->data,
|
---|
| 130 | p12->authsafes->d.data->length)
|
---|
| 131 | || !HMAC_Final(hmac, mac, maclen)) {
|
---|
| 132 | HMAC_CTX_free(hmac);
|
---|
| 133 | return 0;
|
---|
| 134 | }
|
---|
| 135 | HMAC_CTX_free(hmac);
|
---|
| 136 | return 1;
|
---|
| 137 | }
|
---|
| 138 |
|
---|
| 139 | int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
|
---|
| 140 | unsigned char *mac, unsigned int *maclen)
|
---|
| 141 | {
|
---|
| 142 | return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
|
---|
| 143 | }
|
---|
| 144 |
|
---|
| 145 | /* Verify the mac */
|
---|
| 146 | int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
|
---|
| 147 | {
|
---|
| 148 | unsigned char mac[EVP_MAX_MD_SIZE];
|
---|
| 149 | unsigned int maclen;
|
---|
| 150 | const ASN1_OCTET_STRING *macoct;
|
---|
| 151 |
|
---|
| 152 | if (p12->mac == NULL) {
|
---|
| 153 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
|
---|
| 154 | return 0;
|
---|
| 155 | }
|
---|
| 156 | if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
|
---|
| 157 | PKCS12_key_gen_utf8)) {
|
---|
| 158 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
|
---|
| 159 | return 0;
|
---|
| 160 | }
|
---|
| 161 | X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
|
---|
| 162 | if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
|
---|
| 163 | || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
|
---|
| 164 | return 0;
|
---|
| 165 |
|
---|
| 166 | return 1;
|
---|
| 167 | }
|
---|
| 168 |
|
---|
| 169 | /* Set a mac */
|
---|
| 170 |
|
---|
| 171 | int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
|
---|
| 172 | unsigned char *salt, int saltlen, int iter,
|
---|
| 173 | const EVP_MD *md_type)
|
---|
| 174 | {
|
---|
| 175 | unsigned char mac[EVP_MAX_MD_SIZE];
|
---|
| 176 | unsigned int maclen;
|
---|
| 177 | ASN1_OCTET_STRING *macoct;
|
---|
| 178 |
|
---|
| 179 | if (!md_type)
|
---|
| 180 | md_type = EVP_sha1();
|
---|
| 181 | if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
|
---|
| 182 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
|
---|
| 183 | return 0;
|
---|
| 184 | }
|
---|
| 185 | /*
|
---|
| 186 | * Note that output mac is forced to UTF-8...
|
---|
| 187 | */
|
---|
| 188 | if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
|
---|
| 189 | PKCS12_key_gen_utf8)) {
|
---|
| 190 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
|
---|
| 191 | return 0;
|
---|
| 192 | }
|
---|
| 193 | X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
|
---|
| 194 | if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
|
---|
| 195 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
|
---|
| 196 | return 0;
|
---|
| 197 | }
|
---|
| 198 | return 1;
|
---|
| 199 | }
|
---|
| 200 |
|
---|
| 201 | /* Set up a mac structure */
|
---|
| 202 | int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
|
---|
| 203 | const EVP_MD *md_type)
|
---|
| 204 | {
|
---|
| 205 | X509_ALGOR *macalg;
|
---|
| 206 |
|
---|
| 207 | if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
|
---|
| 208 | return PKCS12_ERROR;
|
---|
| 209 | if (iter > 1) {
|
---|
| 210 | if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
|
---|
| 211 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
---|
| 212 | return 0;
|
---|
| 213 | }
|
---|
| 214 | if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
|
---|
| 215 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
---|
| 216 | return 0;
|
---|
| 217 | }
|
---|
| 218 | }
|
---|
| 219 | if (!saltlen)
|
---|
| 220 | saltlen = PKCS12_SALT_LEN;
|
---|
| 221 | if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
|
---|
| 222 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
---|
| 223 | return 0;
|
---|
| 224 | }
|
---|
| 225 | p12->mac->salt->length = saltlen;
|
---|
| 226 | if (!salt) {
|
---|
| 227 | if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
|
---|
| 228 | return 0;
|
---|
| 229 | } else
|
---|
| 230 | memcpy(p12->mac->salt->data, salt, saltlen);
|
---|
| 231 | X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
|
---|
| 232 | if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
|
---|
| 233 | V_ASN1_NULL, NULL)) {
|
---|
| 234 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
---|
| 235 | return 0;
|
---|
| 236 | }
|
---|
| 237 |
|
---|
| 238 | return 1;
|
---|
| 239 | }
|
---|