2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * HMAC low level APIs are deprecated for public use, but still ok for internal
14 #include "internal/deprecated.h"
17 #include "internal/cryptlib.h"
18 #include <openssl/crypto.h>
19 #include <openssl/hmac.h>
20 #include <openssl/rand.h>
21 #include <openssl/pkcs12.h>
22 #include "p12_local.h"
24 int PKCS12_mac_present(const PKCS12
*p12
)
26 return p12
->mac
? 1 : 0;
29 void PKCS12_get0_mac(const ASN1_OCTET_STRING
**pmac
,
30 const X509_ALGOR
**pmacalg
,
31 const ASN1_OCTET_STRING
**psalt
,
32 const ASN1_INTEGER
**piter
,
36 X509_SIG_get0(p12
->mac
->dinfo
, pmacalg
, pmac
);
38 *psalt
= p12
->mac
->salt
;
40 *piter
= p12
->mac
->iter
;
53 #define TK26_MAC_KEY_LEN 32
55 static int pkcs12_gen_gost_mac_key(const char *pass
, int passlen
,
56 const unsigned char *salt
, int saltlen
,
57 int iter
, int keylen
, unsigned char *key
,
60 unsigned char out
[96];
62 if (keylen
!= TK26_MAC_KEY_LEN
) {
66 if (!PKCS5_PBKDF2_HMAC(pass
, passlen
, salt
, saltlen
, iter
,
67 digest
, sizeof(out
), out
)) {
70 memcpy(key
, out
+ sizeof(out
) - TK26_MAC_KEY_LEN
, TK26_MAC_KEY_LEN
);
71 OPENSSL_cleanse(out
, sizeof(out
));
76 static int pkcs12_gen_mac(PKCS12
*p12
, const char *pass
, int passlen
,
77 unsigned char *mac
, unsigned int *maclen
,
78 int (*pkcs12_key_gen
)(const char *pass
, int passlen
,
79 unsigned char *salt
, int slen
,
80 int id
, int iter
, int n
,
82 const EVP_MD
*md_type
))
87 HMAC_CTX
*hmac
= NULL
;
88 unsigned char key
[EVP_MAX_MD_SIZE
], *salt
;
93 const X509_ALGOR
*macalg
;
94 const ASN1_OBJECT
*macoid
;
96 if (!PKCS7_type_is_data(p12
->authsafes
)) {
97 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_CONTENT_TYPE_NOT_DATA
);
101 if (p12
->authsafes
->d
.data
== NULL
) {
102 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_DECODE_ERROR
);
106 salt
= p12
->mac
->salt
->data
;
107 saltlen
= p12
->mac
->salt
->length
;
108 if (p12
->mac
->iter
== NULL
)
111 iter
= ASN1_INTEGER_get(p12
->mac
->iter
);
112 X509_SIG_get0(p12
->mac
->dinfo
, &macalg
, NULL
);
113 X509_ALGOR_get0(&macoid
, NULL
, NULL
, macalg
);
114 if (OBJ_obj2txt(md_name
, sizeof(md_name
), macoid
, 0) < 0)
117 (void)ERR_set_mark();
118 md
= md_fetch
= EVP_MD_fetch(p12
->authsafes
->ctx
.libctx
, md_name
,
119 p12
->authsafes
->ctx
.propq
);
121 md
= EVP_get_digestbynid(OBJ_obj2nid(macoid
));
124 (void)ERR_clear_last_mark();
125 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM
);
128 (void)ERR_pop_to_mark();
130 md_size
= EVP_MD_get_size(md
);
131 md_nid
= EVP_MD_get_type(md
);
134 if ((md_nid
== NID_id_GostR3411_94
135 || md_nid
== NID_id_GostR3411_2012_256
136 || md_nid
== NID_id_GostR3411_2012_512
)
137 && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL
) {
138 md_size
= TK26_MAC_KEY_LEN
;
139 if (!pkcs12_gen_gost_mac_key(pass
, passlen
, salt
, saltlen
, iter
,
141 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_KEY_GEN_ERROR
);
145 if (pkcs12_key_gen
!= NULL
) {
146 if (!(*pkcs12_key_gen
)(pass
, passlen
, salt
, saltlen
, PKCS12_MAC_ID
,
147 iter
, md_size
, key
, md
)) {
148 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_KEY_GEN_ERROR
);
152 /* Default to UTF-8 password */
153 if (!PKCS12_key_gen_utf8_ex(pass
, passlen
, salt
, saltlen
, PKCS12_MAC_ID
,
154 iter
, md_size
, key
, md
,
155 p12
->authsafes
->ctx
.libctx
,
156 p12
->authsafes
->ctx
.propq
)) {
157 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_KEY_GEN_ERROR
);
162 if ((hmac
= HMAC_CTX_new()) == NULL
163 || !HMAC_Init_ex(hmac
, key
, md_size
, md
, NULL
)
164 || !HMAC_Update(hmac
, p12
->authsafes
->d
.data
->data
,
165 p12
->authsafes
->d
.data
->length
)
166 || !HMAC_Final(hmac
, mac
, maclen
)) {
172 OPENSSL_cleanse(key
, sizeof(key
));
174 EVP_MD_free(md_fetch
);
178 int PKCS12_gen_mac(PKCS12
*p12
, const char *pass
, int passlen
,
179 unsigned char *mac
, unsigned int *maclen
)
181 return pkcs12_gen_mac(p12
, pass
, passlen
, mac
, maclen
, NULL
);
185 int PKCS12_verify_mac(PKCS12
*p12
, const char *pass
, int passlen
)
187 unsigned char mac
[EVP_MAX_MD_SIZE
];
189 const ASN1_OCTET_STRING
*macoct
;
191 if (p12
->mac
== NULL
) {
192 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_ABSENT
);
195 if (!pkcs12_gen_mac(p12
, pass
, passlen
, mac
, &maclen
, NULL
)) {
196 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_GENERATION_ERROR
);
199 X509_SIG_get0(p12
->mac
->dinfo
, NULL
, &macoct
);
200 if ((maclen
!= (unsigned int)ASN1_STRING_length(macoct
))
201 || CRYPTO_memcmp(mac
, ASN1_STRING_get0_data(macoct
), maclen
) != 0)
209 int PKCS12_set_mac(PKCS12
*p12
, const char *pass
, int passlen
,
210 unsigned char *salt
, int saltlen
, int iter
,
211 const EVP_MD
*md_type
)
213 unsigned char mac
[EVP_MAX_MD_SIZE
];
215 ASN1_OCTET_STRING
*macoct
;
218 /* No need to do a fetch as the md_type is used only to get a NID */
219 md_type
= EVP_sha256();
221 iter
= PKCS12_DEFAULT_ITER
;
222 if (PKCS12_setup_mac(p12
, iter
, salt
, saltlen
, md_type
) == PKCS12_ERROR
) {
223 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_SETUP_ERROR
);
227 * Note that output mac is forced to UTF-8...
229 if (!pkcs12_gen_mac(p12
, pass
, passlen
, mac
, &maclen
, NULL
)) {
230 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_GENERATION_ERROR
);
233 X509_SIG_getm(p12
->mac
->dinfo
, NULL
, &macoct
);
234 if (!ASN1_OCTET_STRING_set(macoct
, mac
, maclen
)) {
235 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_STRING_SET_ERROR
);
241 /* Set up a mac structure */
242 int PKCS12_setup_mac(PKCS12
*p12
, int iter
, unsigned char *salt
, int saltlen
,
243 const EVP_MD
*md_type
)
247 PKCS12_MAC_DATA_free(p12
->mac
);
250 if ((p12
->mac
= PKCS12_MAC_DATA_new()) == NULL
)
253 if ((p12
->mac
->iter
= ASN1_INTEGER_new()) == NULL
) {
254 ERR_raise(ERR_LIB_PKCS12
, ERR_R_ASN1_LIB
);
257 if (!ASN1_INTEGER_set(p12
->mac
->iter
, iter
)) {
258 ERR_raise(ERR_LIB_PKCS12
, ERR_R_ASN1_LIB
);
263 saltlen
= PKCS12_SALT_LEN
;
264 else if (saltlen
< 0)
266 if ((p12
->mac
->salt
->data
= OPENSSL_malloc(saltlen
)) == NULL
)
268 p12
->mac
->salt
->length
= saltlen
;
270 if (RAND_bytes_ex(p12
->authsafes
->ctx
.libctx
, p12
->mac
->salt
->data
,
271 (size_t)saltlen
, 0) <= 0)
274 memcpy(p12
->mac
->salt
->data
, salt
, saltlen
);
276 X509_SIG_getm(p12
->mac
->dinfo
, &macalg
, NULL
);
277 if (!X509_ALGOR_set0(macalg
, OBJ_nid2obj(EVP_MD_get_type(md_type
)),
278 V_ASN1_NULL
, NULL
)) {
279 ERR_raise(ERR_LIB_PKCS12
, ERR_R_ASN1_LIB
);