2 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * HMAC low level APIs are deprecated for public use, but still ok for internal
14 #include "internal/deprecated.h"
17 #include "internal/cryptlib.h"
18 #include <openssl/crypto.h>
19 #include <openssl/hmac.h>
20 #include <openssl/rand.h>
21 #include <openssl/pkcs12.h>
22 #include "p12_local.h"
24 int PKCS12_mac_present(const PKCS12
*p12
)
26 return p12
->mac
? 1 : 0;
29 void PKCS12_get0_mac(const ASN1_OCTET_STRING
**pmac
,
30 const X509_ALGOR
**pmacalg
,
31 const ASN1_OCTET_STRING
**psalt
,
32 const ASN1_INTEGER
**piter
,
36 X509_SIG_get0(p12
->mac
->dinfo
, pmacalg
, pmac
);
38 *psalt
= p12
->mac
->salt
;
40 *piter
= p12
->mac
->iter
;
53 #define TK26_MAC_KEY_LEN 32
55 static int pkcs12_gen_gost_mac_key(const char *pass
, int passlen
,
56 const unsigned char *salt
, int saltlen
,
57 int iter
, int keylen
, unsigned char *key
,
60 unsigned char out
[96];
62 if (keylen
!= TK26_MAC_KEY_LEN
) {
66 if (!PKCS5_PBKDF2_HMAC(pass
, passlen
, salt
, saltlen
, iter
,
67 digest
, sizeof(out
), out
)) {
70 memcpy(key
, out
+ sizeof(out
) - TK26_MAC_KEY_LEN
, TK26_MAC_KEY_LEN
);
71 OPENSSL_cleanse(out
, sizeof(out
));
76 static int pkcs12_gen_mac(PKCS12
*p12
, const char *pass
, int passlen
,
77 unsigned char *mac
, unsigned int *maclen
,
78 int (*pkcs12_key_gen
)(const char *pass
, int passlen
,
79 unsigned char *salt
, int slen
,
80 int id
, int iter
, int n
,
82 const EVP_MD
*md_type
))
85 const EVP_MD
*md_type
;
86 HMAC_CTX
*hmac
= NULL
;
87 unsigned char key
[EVP_MAX_MD_SIZE
], *salt
;
91 const X509_ALGOR
*macalg
;
92 const ASN1_OBJECT
*macoid
;
94 if (pkcs12_key_gen
== NULL
)
95 pkcs12_key_gen
= PKCS12_key_gen_utf8
;
97 if (!PKCS7_type_is_data(p12
->authsafes
)) {
98 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_CONTENT_TYPE_NOT_DATA
);
102 salt
= p12
->mac
->salt
->data
;
103 saltlen
= p12
->mac
->salt
->length
;
104 if (p12
->mac
->iter
== NULL
)
107 iter
= ASN1_INTEGER_get(p12
->mac
->iter
);
108 X509_SIG_get0(p12
->mac
->dinfo
, &macalg
, NULL
);
109 X509_ALGOR_get0(&macoid
, NULL
, NULL
, macalg
);
110 if ((md_type
= EVP_get_digestbyobj(macoid
)) == NULL
) {
111 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM
);
114 md_size
= EVP_MD_size(md_type
);
115 md_type_nid
= EVP_MD_type(md_type
);
118 if ((md_type_nid
== NID_id_GostR3411_94
119 || md_type_nid
== NID_id_GostR3411_2012_256
120 || md_type_nid
== NID_id_GostR3411_2012_512
)
121 && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL
) {
122 md_size
= TK26_MAC_KEY_LEN
;
123 if (!pkcs12_gen_gost_mac_key(pass
, passlen
, salt
, saltlen
, iter
,
124 md_size
, key
, md_type
)) {
125 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_KEY_GEN_ERROR
);
129 if (!(*pkcs12_key_gen
)(pass
, passlen
, salt
, saltlen
, PKCS12_MAC_ID
,
130 iter
, md_size
, key
, md_type
)) {
131 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_KEY_GEN_ERROR
);
134 if ((hmac
= HMAC_CTX_new()) == NULL
135 || !HMAC_Init_ex(hmac
, key
, md_size
, md_type
, NULL
)
136 || !HMAC_Update(hmac
, p12
->authsafes
->d
.data
->data
,
137 p12
->authsafes
->d
.data
->length
)
138 || !HMAC_Final(hmac
, mac
, maclen
)) {
144 OPENSSL_cleanse(key
, sizeof(key
));
149 int PKCS12_gen_mac(PKCS12
*p12
, const char *pass
, int passlen
,
150 unsigned char *mac
, unsigned int *maclen
)
152 return pkcs12_gen_mac(p12
, pass
, passlen
, mac
, maclen
, NULL
);
156 int PKCS12_verify_mac(PKCS12
*p12
, const char *pass
, int passlen
)
158 unsigned char mac
[EVP_MAX_MD_SIZE
];
160 const ASN1_OCTET_STRING
*macoct
;
162 if (p12
->mac
== NULL
) {
163 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_ABSENT
);
166 if (!pkcs12_gen_mac(p12
, pass
, passlen
, mac
, &maclen
,
167 PKCS12_key_gen_utf8
)) {
168 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_GENERATION_ERROR
);
171 X509_SIG_get0(p12
->mac
->dinfo
, NULL
, &macoct
);
172 if ((maclen
!= (unsigned int)ASN1_STRING_length(macoct
))
173 || CRYPTO_memcmp(mac
, ASN1_STRING_get0_data(macoct
), maclen
) != 0)
181 int PKCS12_set_mac(PKCS12
*p12
, const char *pass
, int passlen
,
182 unsigned char *salt
, int saltlen
, int iter
,
183 const EVP_MD
*md_type
)
185 unsigned char mac
[EVP_MAX_MD_SIZE
];
187 ASN1_OCTET_STRING
*macoct
;
190 md_type
= EVP_sha1();
191 if (PKCS12_setup_mac(p12
, iter
, salt
, saltlen
, md_type
) == PKCS12_ERROR
) {
192 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_SETUP_ERROR
);
196 * Note that output mac is forced to UTF-8...
198 if (!pkcs12_gen_mac(p12
, pass
, passlen
, mac
, &maclen
,
199 PKCS12_key_gen_utf8
)) {
200 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_GENERATION_ERROR
);
203 X509_SIG_getm(p12
->mac
->dinfo
, NULL
, &macoct
);
204 if (!ASN1_OCTET_STRING_set(macoct
, mac
, maclen
)) {
205 ERR_raise(ERR_LIB_PKCS12
, PKCS12_R_MAC_STRING_SET_ERROR
);
211 /* Set up a mac structure */
212 int PKCS12_setup_mac(PKCS12
*p12
, int iter
, unsigned char *salt
, int saltlen
,
213 const EVP_MD
*md_type
)
217 PKCS12_MAC_DATA_free(p12
->mac
);
220 if ((p12
->mac
= PKCS12_MAC_DATA_new()) == NULL
)
223 if ((p12
->mac
->iter
= ASN1_INTEGER_new()) == NULL
) {
224 ERR_raise(ERR_LIB_PKCS12
, ERR_R_MALLOC_FAILURE
);
227 if (!ASN1_INTEGER_set(p12
->mac
->iter
, iter
)) {
228 ERR_raise(ERR_LIB_PKCS12
, ERR_R_MALLOC_FAILURE
);
233 saltlen
= PKCS12_SALT_LEN
;
234 if ((p12
->mac
->salt
->data
= OPENSSL_malloc(saltlen
)) == NULL
) {
235 ERR_raise(ERR_LIB_PKCS12
, ERR_R_MALLOC_FAILURE
);
238 p12
->mac
->salt
->length
= saltlen
;
240 if (RAND_bytes(p12
->mac
->salt
->data
, saltlen
) <= 0)
243 memcpy(p12
->mac
->salt
->data
, salt
, saltlen
);
244 X509_SIG_getm(p12
->mac
->dinfo
, &macalg
, NULL
);
245 if (!X509_ALGOR_set0(macalg
, OBJ_nid2obj(EVP_MD_type(md_type
)),
246 V_ASN1_NULL
, NULL
)) {
247 ERR_raise(ERR_LIB_PKCS12
, ERR_R_MALLOC_FAILURE
);