diff options
Diffstat (limited to 'src/daemon/https/x509/pkcs12_encr.c')
| -rw-r--r-- | src/daemon/https/x509/pkcs12_encr.c | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/src/daemon/https/x509/pkcs12_encr.c b/src/daemon/https/x509/pkcs12_encr.c deleted file mode 100644 index e534489c..00000000 --- a/src/daemon/https/x509/pkcs12_encr.c +++ /dev/null | |||
| @@ -1,169 +0,0 @@ | |||
| 1 | /* minip12.c - A mini pkcs-12 implementation (modified for gnutls) | ||
| 2 | * | ||
| 3 | * Copyright (C) 2002, 2004, 2005 Free Software Foundation, Inc. | ||
| 4 | * | ||
| 5 | * This file is part of GNUTLS. | ||
| 6 | * | ||
| 7 | * The GNUTLS library is free software; you can redistribute it and/or | ||
| 8 | * modify it under the terms of the GNU Lesser General Public License | ||
| 9 | * as published by the Free Software Foundation; either version 2.1 of | ||
| 10 | * the License, or (at your option) any later version. | ||
| 11 | * | ||
| 12 | * This library is distributed in the hope that it will be useful, but | ||
| 13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| 15 | * Lesser General Public License for more details. | ||
| 16 | * | ||
| 17 | * You should have received a copy of the GNU Lesser General Public | ||
| 18 | * License along with this library; if not, write to the Free Software | ||
| 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
| 20 | * USA | ||
| 21 | * | ||
| 22 | */ | ||
| 23 | |||
| 24 | #include <gnutls_int.h> | ||
| 25 | |||
| 26 | #ifdef ENABLE_PKI | ||
| 27 | |||
| 28 | #include <gcrypt.h> | ||
| 29 | #include <gc.h> | ||
| 30 | #include <gnutls_errors.h> | ||
| 31 | |||
| 32 | /* Returns 0 if the password is ok, or a negative error | ||
| 33 | * code instead. | ||
| 34 | */ | ||
| 35 | static int | ||
| 36 | MHD_pkcs12_check_pass (const char *pass, size_t plen) | ||
| 37 | { | ||
| 38 | const char *p = pass; | ||
| 39 | unsigned int i; | ||
| 40 | |||
| 41 | for (i = 0; i < plen; i++) | ||
| 42 | { | ||
| 43 | if (isascii (p[i])) | ||
| 44 | continue; | ||
| 45 | return GNUTLS_E_INVALID_PASSWORD; | ||
| 46 | } | ||
| 47 | |||
| 48 | return 0; | ||
| 49 | } | ||
| 50 | |||
| 51 | /* ID should be: | ||
| 52 | * 3 for MAC | ||
| 53 | * 2 for IV | ||
| 54 | * 1 for encryption key | ||
| 55 | */ | ||
| 56 | int | ||
| 57 | MHD_pkcs12_string_to_key (unsigned int id, const opaque * salt, | ||
| 58 | unsigned int salt_size, unsigned int iter, | ||
| 59 | const char *pw, unsigned int req_keylen, | ||
| 60 | opaque * keybuf) | ||
| 61 | { | ||
| 62 | int rc; | ||
| 63 | unsigned int i, j; | ||
| 64 | MHD_gc_hash_handle md; | ||
| 65 | mpi_t num_b1 = NULL; | ||
| 66 | unsigned int pwlen; | ||
| 67 | opaque hash[20], buf_b[64], buf_i[128], *p; | ||
| 68 | size_t cur_keylen; | ||
| 69 | size_t n; | ||
| 70 | |||
| 71 | cur_keylen = 0; | ||
| 72 | |||
| 73 | if (pw == NULL) | ||
| 74 | pwlen = 0; | ||
| 75 | else | ||
| 76 | pwlen = strlen (pw); | ||
| 77 | |||
| 78 | if (pwlen > 63 / 2) | ||
| 79 | { | ||
| 80 | MHD_gnutls_assert (); | ||
| 81 | return GNUTLS_E_INVALID_REQUEST; | ||
| 82 | } | ||
| 83 | |||
| 84 | if ((rc = MHD_pkcs12_check_pass (pw, pwlen)) < 0) | ||
| 85 | { | ||
| 86 | MHD_gnutls_assert (); | ||
| 87 | return rc; | ||
| 88 | } | ||
| 89 | |||
| 90 | /* Store salt and password in BUF_I */ | ||
| 91 | p = buf_i; | ||
| 92 | for (i = 0; i < 64; i++) | ||
| 93 | *p++ = salt[i % salt_size]; | ||
| 94 | if (pw) | ||
| 95 | { | ||
| 96 | for (i = j = 0; i < 64; i += 2) | ||
| 97 | { | ||
| 98 | *p++ = 0; | ||
| 99 | *p++ = pw[j]; | ||
| 100 | if (++j > pwlen) /* Note, that we include the trailing zero */ | ||
| 101 | j = 0; | ||
| 102 | } | ||
| 103 | } | ||
| 104 | else | ||
| 105 | memset (p, 0, 64); | ||
| 106 | |||
| 107 | for (;;) | ||
| 108 | { | ||
| 109 | rc = MHD_gc_hash_open (GC_SHA1, 0, &md); | ||
| 110 | if (rc) | ||
| 111 | { | ||
| 112 | MHD_gnutls_assert (); | ||
| 113 | return GNUTLS_E_DECRYPTION_FAILED; | ||
| 114 | } | ||
| 115 | for (i = 0; i < 64; i++) | ||
| 116 | { | ||
| 117 | unsigned char lid = id & 0xFF; | ||
| 118 | MHD_gc_hash_write (md, 1, (const char *) &lid); | ||
| 119 | } | ||
| 120 | MHD_gc_hash_write (md, pw ? 128 : 64, (const char *) buf_i); | ||
| 121 | memcpy (hash, MHD_gc_hash_read (md), 20); | ||
| 122 | MHD_gc_hash_close (md); | ||
| 123 | for (i = 1; i < iter; i++) | ||
| 124 | MHD_gc_hash_buffer (GC_SHA1, hash, 20, (char *) hash); | ||
| 125 | for (i = 0; i < 20 && cur_keylen < req_keylen; i++) | ||
| 126 | keybuf[cur_keylen++] = hash[i]; | ||
| 127 | if (cur_keylen == req_keylen) | ||
| 128 | { | ||
| 129 | gcry_mpi_release (num_b1); | ||
| 130 | return 0; /* ready */ | ||
| 131 | } | ||
| 132 | |||
| 133 | /* need more bytes. */ | ||
| 134 | for (i = 0; i < 64; i++) | ||
| 135 | buf_b[i] = hash[i % 20]; | ||
| 136 | n = 64; | ||
| 137 | rc = MHD_gtls_mpi_scan (&num_b1, buf_b, &n); | ||
| 138 | if (rc < 0) | ||
| 139 | { | ||
| 140 | MHD_gnutls_assert (); | ||
| 141 | return rc; | ||
| 142 | } | ||
| 143 | gcry_mpi_add_ui (num_b1, num_b1, 1); | ||
| 144 | for (i = 0; i < 128; i += 64) | ||
| 145 | { | ||
| 146 | mpi_t num_ij; | ||
| 147 | |||
| 148 | n = 64; | ||
| 149 | rc = MHD_gtls_mpi_scan (&num_ij, buf_i + i, &n); | ||
| 150 | if (rc < 0) | ||
| 151 | { | ||
| 152 | MHD_gnutls_assert (); | ||
| 153 | return rc; | ||
| 154 | } | ||
| 155 | gcry_mpi_add (num_ij, num_ij, num_b1); | ||
| 156 | gcry_mpi_clear_highbit (num_ij, 64 * 8); | ||
| 157 | n = 64; | ||
| 158 | rc = MHD_gtls_mpi_print (buf_i + i, &n, num_ij); | ||
| 159 | if (rc < 0) | ||
| 160 | { | ||
| 161 | MHD_gnutls_assert (); | ||
| 162 | return rc; | ||
| 163 | } | ||
| 164 | gcry_mpi_release (num_ij); | ||
| 165 | } | ||
| 166 | } | ||
| 167 | } | ||
| 168 | |||
| 169 | #endif /* ENABLE_PKI */ | ||