Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | #include <stdio.h> | - |
60 | #include <stdlib.h> | - |
61 | #include <string.h> | - |
62 | | - |
63 | #include <openssl/opensslconf.h> | - |
64 | | - |
65 | #ifndef OPENSSL_NO_HMAC | - |
66 | | - |
67 | #include <openssl/err.h> | - |
68 | #include <openssl/hmac.h> | - |
69 | #include <openssl/pkcs12.h> | - |
70 | | - |
71 | | - |
72 | int | - |
73 | PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, | - |
74 | unsigned char *mac, unsigned int *maclen) | - |
75 | { | - |
76 | const EVP_MD *md_type; | - |
77 | HMAC_CTX hmac; | - |
78 | unsigned char key[EVP_MAX_MD_SIZE], *salt; | - |
79 | int saltlen, iter; | - |
80 | int md_size; | - |
81 | | - |
82 | if (!PKCS7_type_is_data(p12->authsafes)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
83 | PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); | - |
84 | return 0; never executed: return 0; | 0 |
85 | } | - |
86 | | - |
87 | salt = p12->mac->salt->data; | - |
88 | saltlen = p12->mac->salt->length; | - |
89 | if (!p12->mac->iter)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
90 | iter = 1; never executed: iter = 1; | 0 |
91 | else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
92 | PKCS12error(PKCS12_R_DECODE_ERROR); | - |
93 | return 0; never executed: return 0; | 0 |
94 | } | - |
95 | if (!(md_type = EVP_get_digestbyobj(TRUE | never evaluated | FALSE | never evaluated |
| 0 |
96 | p12->mac->dinfo->algor->algorithm))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
97 | PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); | - |
98 | return 0; never executed: return 0; | 0 |
99 | } | - |
100 | md_size = EVP_MD_size(md_type); | - |
101 | if (md_size < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
102 | return 0; never executed: return 0; | 0 |
103 | if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
104 | md_size, key, md_type)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
105 | PKCS12error(PKCS12_R_KEY_GEN_ERROR); | - |
106 | return 0; never executed: return 0; | 0 |
107 | } | - |
108 | HMAC_CTX_init(&hmac); | - |
109 | if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
110 | !HMAC_Update(&hmac, p12->authsafes->d.data->data,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
111 | p12->authsafes->d.data->length) ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
112 | !HMAC_Final(&hmac, mac, maclen)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
113 | HMAC_CTX_cleanup(&hmac); | - |
114 | return 0; never executed: return 0; | 0 |
115 | } | - |
116 | HMAC_CTX_cleanup(&hmac); | - |
117 | return 1; never executed: return 1; | 0 |
118 | } | - |
119 | | - |
120 | | - |
121 | int | - |
122 | PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) | - |
123 | { | - |
124 | unsigned char mac[EVP_MAX_MD_SIZE]; | - |
125 | unsigned int maclen; | - |
126 | | - |
127 | if (p12->mac == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
128 | PKCS12error(PKCS12_R_MAC_ABSENT); | - |
129 | return 0; never executed: return 0; | 0 |
130 | } | - |
131 | if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
132 | PKCS12error(PKCS12_R_MAC_GENERATION_ERROR); | - |
133 | return 0; never executed: return 0; | 0 |
134 | } | - |
135 | if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
136 | memcmp(mac, p12->mac->dinfo->digest->data, maclen))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
137 | return 0; never executed: return 0; | 0 |
138 | return 1; never executed: return 1; | 0 |
139 | } | - |
140 | | - |
141 | | - |
142 | | - |
143 | int | - |
144 | PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, | - |
145 | int saltlen, int iter, const EVP_MD *md_type) | - |
146 | { | - |
147 | unsigned char mac[EVP_MAX_MD_SIZE]; | - |
148 | unsigned int maclen; | - |
149 | | - |
150 | if (!md_type)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
151 | md_type = EVP_sha1(); never executed: md_type = EVP_sha1(); | 0 |
152 | if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==TRUE | never evaluated | FALSE | never evaluated |
| 0 |
153 | PKCS12_ERROR) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
154 | PKCS12error(PKCS12_R_MAC_SETUP_ERROR); | - |
155 | return 0; never executed: return 0; | 0 |
156 | } | - |
157 | if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
158 | PKCS12error(PKCS12_R_MAC_GENERATION_ERROR); | - |
159 | return 0; never executed: return 0; | 0 |
160 | } | - |
161 | if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
162 | PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR); | - |
163 | return 0; never executed: return 0; | 0 |
164 | } | - |
165 | return 1; never executed: return 1; | 0 |
166 | } | - |
167 | | - |
168 | | - |
169 | int | - |
170 | PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, | - |
171 | const EVP_MD *md_type) | - |
172 | { | - |
173 | if (!(p12->mac = PKCS12_MAC_DATA_new()))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
174 | return PKCS12_ERROR; never executed: return 0; | 0 |
175 | if (iter > 1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
176 | if (!(p12->mac->iter = ASN1_INTEGER_new())) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
177 | PKCS12error(ERR_R_MALLOC_FAILURE); | - |
178 | return 0; never executed: return 0; | 0 |
179 | } | - |
180 | if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
181 | PKCS12error(ERR_R_MALLOC_FAILURE); | - |
182 | return 0; never executed: return 0; | 0 |
183 | } | - |
184 | } never executed: end of block | 0 |
185 | if (!saltlen)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
186 | saltlen = PKCS12_SALT_LEN; never executed: saltlen = 8; | 0 |
187 | if (!(p12->mac->salt->data = malloc(saltlen))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
188 | PKCS12error(ERR_R_MALLOC_FAILURE); | - |
189 | return 0; never executed: return 0; | 0 |
190 | } | - |
191 | p12->mac->salt->length = saltlen; | - |
192 | if (!salt)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
193 | arc4random_buf(p12->mac->salt->data, saltlen); never executed: arc4random_buf(p12->mac->salt->data, saltlen); | 0 |
194 | else | - |
195 | memcpy (p12->mac->salt->data, salt, saltlen); never executed: memcpy (p12->mac->salt->data, salt, saltlen); | 0 |
196 | p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); | - |
197 | if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
198 | PKCS12error(ERR_R_MALLOC_FAILURE); | - |
199 | return 0; never executed: return 0; | 0 |
200 | } | - |
201 | p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; | - |
202 | | - |
203 | return 1; never executed: return 1; | 0 |
204 | } | - |
205 | #endif | - |
| | |