diff options
Diffstat (limited to 'src/daemon/https/x509/pkcs12_encr.c')
-rw-r--r-- | src/daemon/https/x509/pkcs12_encr.c | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/src/daemon/https/x509/pkcs12_encr.c b/src/daemon/https/x509/pkcs12_encr.c deleted file mode 100644 index e534489c..00000000 --- a/src/daemon/https/x509/pkcs12_encr.c +++ /dev/null | |||
@@ -1,169 +0,0 @@ | |||
1 | /* minip12.c - A mini pkcs-12 implementation (modified for gnutls) | ||
2 | * | ||
3 | * Copyright (C) 2002, 2004, 2005 Free Software Foundation, Inc. | ||
4 | * | ||
5 | * This file is part of GNUTLS. | ||
6 | * | ||
7 | * The GNUTLS library is free software; you can redistribute it and/or | ||
8 | * modify it under the terms of the GNU Lesser General Public License | ||
9 | * as published by the Free Software Foundation; either version 2.1 of | ||
10 | * the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
20 | * USA | ||
21 | * | ||
22 | */ | ||
23 | |||
24 | #include <gnutls_int.h> | ||
25 | |||
26 | #ifdef ENABLE_PKI | ||
27 | |||
28 | #include <gcrypt.h> | ||
29 | #include <gc.h> | ||
30 | #include <gnutls_errors.h> | ||
31 | |||
32 | /* Returns 0 if the password is ok, or a negative error | ||
33 | * code instead. | ||
34 | */ | ||
35 | static int | ||
36 | MHD_pkcs12_check_pass (const char *pass, size_t plen) | ||
37 | { | ||
38 | const char *p = pass; | ||
39 | unsigned int i; | ||
40 | |||
41 | for (i = 0; i < plen; i++) | ||
42 | { | ||
43 | if (isascii (p[i])) | ||
44 | continue; | ||
45 | return GNUTLS_E_INVALID_PASSWORD; | ||
46 | } | ||
47 | |||
48 | return 0; | ||
49 | } | ||
50 | |||
51 | /* ID should be: | ||
52 | * 3 for MAC | ||
53 | * 2 for IV | ||
54 | * 1 for encryption key | ||
55 | */ | ||
56 | int | ||
57 | MHD_pkcs12_string_to_key (unsigned int id, const opaque * salt, | ||
58 | unsigned int salt_size, unsigned int iter, | ||
59 | const char *pw, unsigned int req_keylen, | ||
60 | opaque * keybuf) | ||
61 | { | ||
62 | int rc; | ||
63 | unsigned int i, j; | ||
64 | MHD_gc_hash_handle md; | ||
65 | mpi_t num_b1 = NULL; | ||
66 | unsigned int pwlen; | ||
67 | opaque hash[20], buf_b[64], buf_i[128], *p; | ||
68 | size_t cur_keylen; | ||
69 | size_t n; | ||
70 | |||
71 | cur_keylen = 0; | ||
72 | |||
73 | if (pw == NULL) | ||
74 | pwlen = 0; | ||
75 | else | ||
76 | pwlen = strlen (pw); | ||
77 | |||
78 | if (pwlen > 63 / 2) | ||
79 | { | ||
80 | MHD_gnutls_assert (); | ||
81 | return GNUTLS_E_INVALID_REQUEST; | ||
82 | } | ||
83 | |||
84 | if ((rc = MHD_pkcs12_check_pass (pw, pwlen)) < 0) | ||
85 | { | ||
86 | MHD_gnutls_assert (); | ||
87 | return rc; | ||
88 | } | ||
89 | |||
90 | /* Store salt and password in BUF_I */ | ||
91 | p = buf_i; | ||
92 | for (i = 0; i < 64; i++) | ||
93 | *p++ = salt[i % salt_size]; | ||
94 | if (pw) | ||
95 | { | ||
96 | for (i = j = 0; i < 64; i += 2) | ||
97 | { | ||
98 | *p++ = 0; | ||
99 | *p++ = pw[j]; | ||
100 | if (++j > pwlen) /* Note, that we include the trailing zero */ | ||
101 | j = 0; | ||
102 | } | ||
103 | } | ||
104 | else | ||
105 | memset (p, 0, 64); | ||
106 | |||
107 | for (;;) | ||
108 | { | ||
109 | rc = MHD_gc_hash_open (GC_SHA1, 0, &md); | ||
110 | if (rc) | ||
111 | { | ||
112 | MHD_gnutls_assert (); | ||
113 | return GNUTLS_E_DECRYPTION_FAILED; | ||
114 | } | ||
115 | for (i = 0; i < 64; i++) | ||
116 | { | ||
117 | unsigned char lid = id & 0xFF; | ||
118 | MHD_gc_hash_write (md, 1, (const char *) &lid); | ||
119 | } | ||
120 | MHD_gc_hash_write (md, pw ? 128 : 64, (const char *) buf_i); | ||
121 | memcpy (hash, MHD_gc_hash_read (md), 20); | ||
122 | MHD_gc_hash_close (md); | ||
123 | for (i = 1; i < iter; i++) | ||
124 | MHD_gc_hash_buffer (GC_SHA1, hash, 20, (char *) hash); | ||
125 | for (i = 0; i < 20 && cur_keylen < req_keylen; i++) | ||
126 | keybuf[cur_keylen++] = hash[i]; | ||
127 | if (cur_keylen == req_keylen) | ||
128 | { | ||
129 | gcry_mpi_release (num_b1); | ||
130 | return 0; /* ready */ | ||
131 | } | ||
132 | |||
133 | /* need more bytes. */ | ||
134 | for (i = 0; i < 64; i++) | ||
135 | buf_b[i] = hash[i % 20]; | ||
136 | n = 64; | ||
137 | rc = MHD_gtls_mpi_scan (&num_b1, buf_b, &n); | ||
138 | if (rc < 0) | ||
139 | { | ||
140 | MHD_gnutls_assert (); | ||
141 | return rc; | ||
142 | } | ||
143 | gcry_mpi_add_ui (num_b1, num_b1, 1); | ||
144 | for (i = 0; i < 128; i += 64) | ||
145 | { | ||
146 | mpi_t num_ij; | ||
147 | |||
148 | n = 64; | ||
149 | rc = MHD_gtls_mpi_scan (&num_ij, buf_i + i, &n); | ||
150 | if (rc < 0) | ||
151 | { | ||
152 | MHD_gnutls_assert (); | ||
153 | return rc; | ||
154 | } | ||
155 | gcry_mpi_add (num_ij, num_ij, num_b1); | ||
156 | gcry_mpi_clear_highbit (num_ij, 64 * 8); | ||
157 | n = 64; | ||
158 | rc = MHD_gtls_mpi_print (buf_i + i, &n, num_ij); | ||
159 | if (rc < 0) | ||
160 | { | ||
161 | MHD_gnutls_assert (); | ||
162 | return rc; | ||
163 | } | ||
164 | gcry_mpi_release (num_ij); | ||
165 | } | ||
166 | } | ||
167 | } | ||
168 | |||
169 | #endif /* ENABLE_PKI */ | ||