2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 # include "internal/cryptlib.h"
12 # include <openssl/crypto.h>
13 # include <openssl/hmac.h>
14 # include <openssl/rand.h>
15 # include <openssl/pkcs12.h>
18 int PKCS12_mac_present(const PKCS12
*p12
)
20 return p12
->mac
? 1 : 0;
23 void PKCS12_get0_mac(const ASN1_OCTET_STRING
**pmac
,
24 const X509_ALGOR
**pmacalg
,
25 const ASN1_OCTET_STRING
**psalt
,
26 const ASN1_INTEGER
**piter
,
30 X509_SIG_get0(p12
->mac
->dinfo
, pmacalg
, pmac
);
32 *psalt
= p12
->mac
->salt
;
34 *piter
= p12
->mac
->iter
;
47 # define TK26_MAC_KEY_LEN 32
49 static int pkcs12_gen_gost_mac_key(const char *pass
, int passlen
,
50 const unsigned char *salt
, int saltlen
,
51 int iter
, int keylen
, unsigned char *key
,
54 unsigned char out
[96];
56 if (keylen
!= TK26_MAC_KEY_LEN
) {
60 if (!PKCS5_PBKDF2_HMAC(pass
, passlen
, salt
, saltlen
, iter
,
61 digest
, sizeof(out
), out
)) {
64 memcpy(key
, out
+ sizeof(out
) - TK26_MAC_KEY_LEN
, TK26_MAC_KEY_LEN
);
65 OPENSSL_cleanse(out
, sizeof(out
));
70 static int pkcs12_gen_mac(PKCS12
*p12
, const char *pass
, int passlen
,
71 unsigned char *mac
, unsigned int *maclen
,
72 int (*pkcs12_key_gen
)(const char *pass
, int passlen
,
73 unsigned char *salt
, int slen
,
74 int id
, int iter
, int n
,
76 const EVP_MD
*md_type
))
78 const EVP_MD
*md_type
;
79 HMAC_CTX
*hmac
= NULL
;
80 unsigned char key
[EVP_MAX_MD_SIZE
], *salt
;
84 const X509_ALGOR
*macalg
;
85 const ASN1_OBJECT
*macoid
;
87 if (pkcs12_key_gen
== NULL
)
88 pkcs12_key_gen
= PKCS12_key_gen_utf8
;
90 if (!PKCS7_type_is_data(p12
->authsafes
)) {
91 PKCS12err(PKCS12_F_PKCS12_GEN_MAC
, PKCS12_R_CONTENT_TYPE_NOT_DATA
);
95 salt
= p12
->mac
->salt
->data
;
96 saltlen
= p12
->mac
->salt
->length
;
100 iter
= ASN1_INTEGER_get(p12
->mac
->iter
);
101 X509_SIG_get0(p12
->mac
->dinfo
, &macalg
, NULL
);
102 X509_ALGOR_get0(&macoid
, NULL
, NULL
, macalg
);
103 if ((md_type
= EVP_get_digestbyobj(macoid
)) == NULL
) {
104 PKCS12err(PKCS12_F_PKCS12_GEN_MAC
, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM
);
107 md_size
= EVP_MD_size(md_type
);
108 md_type_nid
= EVP_MD_type(md_type
);
111 if ((md_type_nid
== NID_id_GostR3411_94
112 || md_type_nid
== NID_id_GostR3411_2012_256
113 || md_type_nid
== NID_id_GostR3411_2012_512
)
114 && !getenv("LEGACY_GOST_PKCS12")) {
115 md_size
= TK26_MAC_KEY_LEN
;
116 if (!pkcs12_gen_gost_mac_key(pass
, passlen
, salt
, saltlen
, iter
,
117 md_size
, key
, md_type
)) {
118 PKCS12err(PKCS12_F_PKCS12_GEN_MAC
, PKCS12_R_KEY_GEN_ERROR
);
122 if (!(*pkcs12_key_gen
)(pass
, passlen
, salt
, saltlen
, PKCS12_MAC_ID
,
123 iter
, md_size
, key
, md_type
)) {
124 PKCS12err(PKCS12_F_PKCS12_GEN_MAC
, PKCS12_R_KEY_GEN_ERROR
);
127 if ((hmac
= HMAC_CTX_new()) == NULL
128 || !HMAC_Init_ex(hmac
, key
, md_size
, md_type
, NULL
)
129 || !HMAC_Update(hmac
, p12
->authsafes
->d
.data
->data
,
130 p12
->authsafes
->d
.data
->length
)
131 || !HMAC_Final(hmac
, mac
, maclen
)) {
139 int PKCS12_gen_mac(PKCS12
*p12
, const char *pass
, int passlen
,
140 unsigned char *mac
, unsigned int *maclen
)
142 return pkcs12_gen_mac(p12
, pass
, passlen
, mac
, maclen
, NULL
);
146 int PKCS12_verify_mac(PKCS12
*p12
, const char *pass
, int passlen
)
148 unsigned char mac
[EVP_MAX_MD_SIZE
];
150 const ASN1_OCTET_STRING
*macoct
;
152 if (p12
->mac
== NULL
) {
153 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC
, PKCS12_R_MAC_ABSENT
);
156 if (!pkcs12_gen_mac(p12
, pass
, passlen
, mac
, &maclen
,
157 PKCS12_key_gen_utf8
)) {
158 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC
, PKCS12_R_MAC_GENERATION_ERROR
);
161 X509_SIG_get0(p12
->mac
->dinfo
, NULL
, &macoct
);
162 if ((maclen
!= (unsigned int)ASN1_STRING_length(macoct
))
163 || CRYPTO_memcmp(mac
, ASN1_STRING_get0_data(macoct
), maclen
) != 0)
171 int PKCS12_set_mac(PKCS12
*p12
, const char *pass
, int passlen
,
172 unsigned char *salt
, int saltlen
, int iter
,
173 const EVP_MD
*md_type
)
175 unsigned char mac
[EVP_MAX_MD_SIZE
];
177 ASN1_OCTET_STRING
*macoct
;
180 md_type
= EVP_sha1();
181 if (PKCS12_setup_mac(p12
, iter
, salt
, saltlen
, md_type
) == PKCS12_ERROR
) {
182 PKCS12err(PKCS12_F_PKCS12_SET_MAC
, PKCS12_R_MAC_SETUP_ERROR
);
186 * Note that output mac is forced to UTF-8...
188 if (!pkcs12_gen_mac(p12
, pass
, passlen
, mac
, &maclen
,
189 PKCS12_key_gen_utf8
)) {
190 PKCS12err(PKCS12_F_PKCS12_SET_MAC
, PKCS12_R_MAC_GENERATION_ERROR
);
193 X509_SIG_getm(p12
->mac
->dinfo
, NULL
, &macoct
);
194 if (!ASN1_OCTET_STRING_set(macoct
, mac
, maclen
)) {
195 PKCS12err(PKCS12_F_PKCS12_SET_MAC
, PKCS12_R_MAC_STRING_SET_ERROR
);
201 /* Set up a mac structure */
202 int PKCS12_setup_mac(PKCS12
*p12
, int iter
, unsigned char *salt
, int saltlen
,
203 const EVP_MD
*md_type
)
207 PKCS12_MAC_DATA_free(p12
->mac
);
210 if ((p12
->mac
= PKCS12_MAC_DATA_new()) == NULL
)
213 if ((p12
->mac
->iter
= ASN1_INTEGER_new()) == NULL
) {
214 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC
, ERR_R_MALLOC_FAILURE
);
217 if (!ASN1_INTEGER_set(p12
->mac
->iter
, iter
)) {
218 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC
, ERR_R_MALLOC_FAILURE
);
223 saltlen
= PKCS12_SALT_LEN
;
224 if ((p12
->mac
->salt
->data
= OPENSSL_malloc(saltlen
)) == NULL
) {
225 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC
, ERR_R_MALLOC_FAILURE
);
228 p12
->mac
->salt
->length
= saltlen
;
230 if (RAND_bytes(p12
->mac
->salt
->data
, saltlen
) <= 0)
233 memcpy(p12
->mac
->salt
->data
, salt
, saltlen
);
234 X509_SIG_getm(p12
->mac
->dinfo
, &macalg
, NULL
);
235 if (!X509_ALGOR_set0(macalg
, OBJ_nid2obj(EVP_MD_type(md_type
)),
236 V_ASN1_NULL
, NULL
)) {
237 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC
, ERR_R_MALLOC_FAILURE
);