Blame - library/pkcs12.c - mirror/mbed-crypto

blob: ccebd4d033e34e66354b915af1207d6a1784e6ba [file] [log] [blame]

Jaeden Amero	e54e693	2018-08-06 16:19:58 +0100	[diff] [blame]	1	/*
				2	* PKCS#12 Personal Information Exchange Syntax
				3	*
				4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
				5	* SPDX-License-Identifier: Apache-2.0
				6	*
				7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				8	* not use this file except in compliance with the License.
				9	* You may obtain a copy of the License at
				10	*
				11	* http://www.apache.org/licenses/LICENSE-2.0
				12	*
				13	* Unless required by applicable law or agreed to in writing, software
				14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				16	* See the License for the specific language governing permissions and
				17	* limitations under the License.
				18	*
				19	* This file is part of Mbed Crypto (https://tls.mbed.org)
				20	*/
				21	/*
				22	* The PKCS #12 Personal Information Exchange Syntax Standard v1.1
				23	*
				24	* http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
				25	* ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
				26	*/
				27
				28	#if !defined(MBEDCRYPTO_CONFIG_FILE)
				29	#include "mbedcrypto/config.h"
				30	#else
				31	#include MBEDCRYPTO_CONFIG_FILE
				32	#endif
				33
				34	#if defined(MBEDCRYPTO_PKCS12_C)
				35
				36	#include "mbedcrypto/pkcs12.h"
				37	#include "mbedcrypto/asn1.h"
				38	#include "mbedcrypto/cipher.h"
				39	#include "mbedcrypto/platform_util.h"
				40
				41	#include <string.h>
				42
				43	#if defined(MBEDCRYPTO_ARC4_C)
				44	#include "mbedcrypto/arc4.h"
				45	#endif
				46
				47	#if defined(MBEDCRYPTO_DES_C)
				48	#include "mbedcrypto/des.h"
				49	#endif
				50
				51	static int pkcs12_parse_pbe_params( mbedcrypto_asn1_buf *params,
				52	mbedcrypto_asn1_buf salt, int iterations )
				53	{
				54	int ret;
				55	unsigned char **p = &params->p;
				56	const unsigned char *end = params->p + params->len;
				57
				58	/*
				59	* pkcs-12PbeParams ::= SEQUENCE {
				60	* salt OCTET STRING,
				61	* iterations INTEGER
				62	* }
				63	*
				64	*/
				65	if( params->tag != ( MBEDCRYPTO_ASN1_CONSTRUCTED \| MBEDCRYPTO_ASN1_SEQUENCE ) )
				66	return( MBEDCRYPTO_ERR_PKCS12_PBE_INVALID_FORMAT +
				67	MBEDCRYPTO_ERR_ASN1_UNEXPECTED_TAG );
				68
				69	if( ( ret = mbedcrypto_asn1_get_tag( p, end, &salt->len, MBEDCRYPTO_ASN1_OCTET_STRING ) ) != 0 )
				70	return( MBEDCRYPTO_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
				71
				72	salt->p = *p;
				73	*p += salt->len;
				74
				75	if( ( ret = mbedcrypto_asn1_get_int( p, end, iterations ) ) != 0 )
				76	return( MBEDCRYPTO_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
				77
				78	if( *p != end )
				79	return( MBEDCRYPTO_ERR_PKCS12_PBE_INVALID_FORMAT +
				80	MBEDCRYPTO_ERR_ASN1_LENGTH_MISMATCH );
				81
				82	return( 0 );
				83	}
				84
				85	#define PKCS12_MAX_PWDLEN 128
				86
				87	static int pkcs12_pbe_derive_key_iv( mbedcrypto_asn1_buf *pbe_params, mbedcrypto_md_type_t md_type,
				88	const unsigned char *pwd, size_t pwdlen,
				89	unsigned char *key, size_t keylen,
				90	unsigned char *iv, size_t ivlen )
				91	{
				92	int ret, iterations = 0;
				93	mbedcrypto_asn1_buf salt;
				94	size_t i;
				95	unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
				96
				97	if( pwdlen > PKCS12_MAX_PWDLEN )
				98	return( MBEDCRYPTO_ERR_PKCS12_BAD_INPUT_DATA );
				99
				100	memset( &salt, 0, sizeof(mbedcrypto_asn1_buf) );
				101	memset( &unipwd, 0, sizeof(unipwd) );
				102
				103	if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
				104	&iterations ) ) != 0 )
				105	return( ret );
				106
				107	for( i = 0; i < pwdlen; i++ )
				108	unipwd[i * 2 + 1] = pwd[i];
				109
				110	if( ( ret = mbedcrypto_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
				111	salt.p, salt.len, md_type,
				112	MBEDCRYPTO_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
				113	{
				114	return( ret );
				115	}
				116
				117	if( iv == NULL \|\| ivlen == 0 )
				118	return( 0 );
				119
				120	if( ( ret = mbedcrypto_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
				121	salt.p, salt.len, md_type,
				122	MBEDCRYPTO_PKCS12_DERIVE_IV, iterations ) ) != 0 )
				123	{
				124	return( ret );
				125	}
				126	return( 0 );
				127	}
				128
				129	#undef PKCS12_MAX_PWDLEN
				130
				131	int mbedcrypto_pkcs12_pbe_sha1_rc4_128( mbedcrypto_asn1_buf *pbe_params, int mode,
				132	const unsigned char *pwd, size_t pwdlen,
				133	const unsigned char *data, size_t len,
				134	unsigned char *output )
				135	{
				136	#if !defined(MBEDCRYPTO_ARC4_C)
				137	((void) pbe_params);
				138	((void) mode);
				139	((void) pwd);
				140	((void) pwdlen);
				141	((void) data);
				142	((void) len);
				143	((void) output);
				144	return( MBEDCRYPTO_ERR_PKCS12_FEATURE_UNAVAILABLE );
				145	#else
				146	int ret;
				147	unsigned char key[16];
				148	mbedcrypto_arc4_context ctx;
				149	((void) mode);
				150
				151	mbedcrypto_arc4_init( &ctx );
				152
				153	if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDCRYPTO_MD_SHA1,
				154	pwd, pwdlen,
				155	key, 16, NULL, 0 ) ) != 0 )
				156	{
				157	return( ret );
				158	}
				159
				160	mbedcrypto_arc4_setup( &ctx, key, 16 );
				161	if( ( ret = mbedcrypto_arc4_crypt( &ctx, len, data, output ) ) != 0 )
				162	goto exit;
				163
				164	exit:
				165	mbedcrypto_platform_zeroize( key, sizeof( key ) );
				166	mbedcrypto_arc4_free( &ctx );
				167
				168	return( ret );
				169	#endif /* MBEDCRYPTO_ARC4_C */
				170	}
				171
				172	int mbedcrypto_pkcs12_pbe( mbedcrypto_asn1_buf *pbe_params, int mode,
				173	mbedcrypto_cipher_type_t cipher_type, mbedcrypto_md_type_t md_type,
				174	const unsigned char *pwd, size_t pwdlen,
				175	const unsigned char *data, size_t len,
				176	unsigned char *output )
				177	{
				178	int ret, keylen = 0;
				179	unsigned char key[32];
				180	unsigned char iv[16];
				181	const mbedcrypto_cipher_info_t *cipher_info;
				182	mbedcrypto_cipher_context_t cipher_ctx;
				183	size_t olen = 0;
				184
				185	cipher_info = mbedcrypto_cipher_info_from_type( cipher_type );
				186	if( cipher_info == NULL )
				187	return( MBEDCRYPTO_ERR_PKCS12_FEATURE_UNAVAILABLE );
				188
				189	keylen = cipher_info->key_bitlen / 8;
				190
				191	if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
				192	key, keylen,
				193	iv, cipher_info->iv_size ) ) != 0 )
				194	{
				195	return( ret );
				196	}
				197
				198	mbedcrypto_cipher_init( &cipher_ctx );
				199
				200	if( ( ret = mbedcrypto_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
				201	goto exit;
				202
				203	if( ( ret = mbedcrypto_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedcrypto_operation_t) mode ) ) != 0 )
				204	goto exit;
				205
				206	if( ( ret = mbedcrypto_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
				207	goto exit;
				208
				209	if( ( ret = mbedcrypto_cipher_reset( &cipher_ctx ) ) != 0 )
				210	goto exit;
				211
				212	if( ( ret = mbedcrypto_cipher_update( &cipher_ctx, data, len,
				213	output, &olen ) ) != 0 )
				214	{
				215	goto exit;
				216	}
				217
				218	if( ( ret = mbedcrypto_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
				219	ret = MBEDCRYPTO_ERR_PKCS12_PASSWORD_MISMATCH;
				220
				221	exit:
				222	mbedcrypto_platform_zeroize( key, sizeof( key ) );
				223	mbedcrypto_platform_zeroize( iv, sizeof( iv ) );
				224	mbedcrypto_cipher_free( &cipher_ctx );
				225
				226	return( ret );
				227	}
				228
				229	static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
				230	const unsigned char *filler, size_t fill_len )
				231	{
				232	unsigned char *p = data;
				233	size_t use_len;
				234
				235	while( data_len > 0 )
				236	{
				237	use_len = ( data_len > fill_len ) ? fill_len : data_len;
				238	memcpy( p, filler, use_len );
				239	p += use_len;
				240	data_len -= use_len;
				241	}
				242	}
				243
				244	int mbedcrypto_pkcs12_derivation( unsigned char *data, size_t datalen,
				245	const unsigned char *pwd, size_t pwdlen,
				246	const unsigned char *salt, size_t saltlen,
				247	mbedcrypto_md_type_t md_type, int id, int iterations )
				248	{
				249	int ret;
				250	unsigned int j;
				251
				252	unsigned char diversifier[128];
				253	unsigned char salt_block[128], pwd_block[128], hash_block[128];
				254	unsigned char hash_output[MBEDCRYPTO_MD_MAX_SIZE];
				255	unsigned char *p;
				256	unsigned char c;
				257
				258	size_t hlen, use_len, v, i;
				259
				260	const mbedcrypto_md_info_t *md_info;
				261	mbedcrypto_md_context_t md_ctx;
				262
				263	// This version only allows max of 64 bytes of password or salt
				264	if( datalen > 128 \|\| pwdlen > 64 \|\| saltlen > 64 )
				265	return( MBEDCRYPTO_ERR_PKCS12_BAD_INPUT_DATA );
				266
				267	md_info = mbedcrypto_md_info_from_type( md_type );
				268	if( md_info == NULL )
				269	return( MBEDCRYPTO_ERR_PKCS12_FEATURE_UNAVAILABLE );
				270
				271	mbedcrypto_md_init( &md_ctx );
				272
				273	if( ( ret = mbedcrypto_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
				274	return( ret );
				275	hlen = mbedcrypto_md_get_size( md_info );
				276
				277	if( hlen <= 32 )
				278	v = 64;
				279	else
				280	v = 128;
				281
				282	memset( diversifier, (unsigned char) id, v );
				283
				284	pkcs12_fill_buffer( salt_block, v, salt, saltlen );
				285	pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
				286
				287	p = data;
				288	while( datalen > 0 )
				289	{
				290	// Calculate hash( diversifier \|\| salt_block \|\| pwd_block )
				291	if( ( ret = mbedcrypto_md_starts( &md_ctx ) ) != 0 )
				292	goto exit;
				293
				294	if( ( ret = mbedcrypto_md_update( &md_ctx, diversifier, v ) ) != 0 )
				295	goto exit;
				296
				297	if( ( ret = mbedcrypto_md_update( &md_ctx, salt_block, v ) ) != 0 )
				298	goto exit;
				299
				300	if( ( ret = mbedcrypto_md_update( &md_ctx, pwd_block, v ) ) != 0 )
				301	goto exit;
				302
				303	if( ( ret = mbedcrypto_md_finish( &md_ctx, hash_output ) ) != 0 )
				304	goto exit;
				305
				306	// Perform remaining ( iterations - 1 ) recursive hash calculations
				307	for( i = 1; i < (size_t) iterations; i++ )
				308	{
				309	if( ( ret = mbedcrypto_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
				310	goto exit;
				311	}
				312
				313	use_len = ( datalen > hlen ) ? hlen : datalen;
				314	memcpy( p, hash_output, use_len );
				315	datalen -= use_len;
				316	p += use_len;
				317
				318	if( datalen == 0 )
				319	break;
				320
				321	// Concatenating copies of hash_output into hash_block (B)
				322	pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
				323
				324	// B += 1
				325	for( i = v; i > 0; i-- )
				326	if( ++hash_block[i - 1] != 0 )
				327	break;
				328
				329	// salt_block += B
				330	c = 0;
				331	for( i = v; i > 0; i-- )
				332	{
				333	j = salt_block[i - 1] + hash_block[i - 1] + c;
				334	c = (unsigned char) (j >> 8);
				335	salt_block[i - 1] = j & 0xFF;
				336	}
				337
				338	// pwd_block += B
				339	c = 0;
				340	for( i = v; i > 0; i-- )
				341	{
				342	j = pwd_block[i - 1] + hash_block[i - 1] + c;
				343	c = (unsigned char) (j >> 8);
				344	pwd_block[i - 1] = j & 0xFF;
				345	}
				346	}
				347
				348	ret = 0;
				349
				350	exit:
				351	mbedcrypto_platform_zeroize( salt_block, sizeof( salt_block ) );
				352	mbedcrypto_platform_zeroize( pwd_block, sizeof( pwd_block ) );
				353	mbedcrypto_platform_zeroize( hash_block, sizeof( hash_block ) );
				354	mbedcrypto_platform_zeroize( hash_output, sizeof( hash_output ) );
				355
				356	mbedcrypto_md_free( &md_ctx );
				357
				358	return( ret );
				359	}
				360
				361	#endif /* MBEDCRYPTO_PKCS12_C */