[398] | 1 | /*
|
---|
| 2 | * PKCS#12 Personal Information Exchange Syntax
|
---|
| 3 | *
|
---|
| 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
| 5 | * SPDX-License-Identifier: Apache-2.0
|
---|
| 6 | *
|
---|
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
| 8 | * not use this file except in compliance with the License.
|
---|
| 9 | * You may obtain a copy of the License at
|
---|
| 10 | *
|
---|
| 11 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
| 12 | *
|
---|
| 13 | * Unless required by applicable law or agreed to in writing, software
|
---|
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
| 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
| 16 | * See the License for the specific language governing permissions and
|
---|
| 17 | * limitations under the License.
|
---|
| 18 | *
|
---|
| 19 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
| 20 | */
|
---|
| 21 | /*
|
---|
| 22 | * The PKCS #12 Personal Information Exchange Syntax Standard v1.1
|
---|
| 23 | *
|
---|
| 24 | * http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
|
---|
| 25 | * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
|
---|
| 26 | */
|
---|
| 27 |
|
---|
| 28 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
| 29 | #include "mbedtls/config.h"
|
---|
| 30 | #else
|
---|
| 31 | #include MBEDTLS_CONFIG_FILE
|
---|
| 32 | #endif
|
---|
| 33 |
|
---|
| 34 | #if defined(MBEDTLS_PKCS12_C)
|
---|
| 35 |
|
---|
| 36 | #include "mbedtls/pkcs12.h"
|
---|
| 37 | #include "mbedtls/asn1.h"
|
---|
| 38 | #include "mbedtls/cipher.h"
|
---|
| 39 | #include "mbedtls/platform_util.h"
|
---|
| 40 |
|
---|
| 41 | #include <string.h>
|
---|
| 42 |
|
---|
| 43 | #if defined(MBEDTLS_ARC4_C)
|
---|
| 44 | #include "mbedtls/arc4.h"
|
---|
| 45 | #endif
|
---|
| 46 |
|
---|
| 47 | #if defined(MBEDTLS_DES_C)
|
---|
| 48 | #include "mbedtls/des.h"
|
---|
| 49 | #endif
|
---|
| 50 |
|
---|
| 51 | #if defined(MBEDTLS_ASN1_PARSE_C)
|
---|
| 52 |
|
---|
| 53 | static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
|
---|
| 54 | mbedtls_asn1_buf *salt, int *iterations )
|
---|
| 55 | {
|
---|
| 56 | int ret;
|
---|
| 57 | unsigned char **p = ¶ms->p;
|
---|
| 58 | const unsigned char *end = params->p + params->len;
|
---|
| 59 |
|
---|
| 60 | /*
|
---|
| 61 | * pkcs-12PbeParams ::= SEQUENCE {
|
---|
| 62 | * salt OCTET STRING,
|
---|
| 63 | * iterations INTEGER
|
---|
| 64 | * }
|
---|
| 65 | *
|
---|
| 66 | */
|
---|
| 67 | if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
|
---|
| 68 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
|
---|
| 69 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
---|
| 70 |
|
---|
| 71 | if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
| 72 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
---|
| 73 |
|
---|
| 74 | salt->p = *p;
|
---|
| 75 | *p += salt->len;
|
---|
| 76 |
|
---|
| 77 | if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
|
---|
| 78 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
---|
| 79 |
|
---|
| 80 | if( *p != end )
|
---|
| 81 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
|
---|
| 82 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 83 |
|
---|
| 84 | return( 0 );
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | #define PKCS12_MAX_PWDLEN 128
|
---|
| 88 |
|
---|
| 89 | static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
|
---|
| 90 | const unsigned char *pwd, size_t pwdlen,
|
---|
| 91 | unsigned char *key, size_t keylen,
|
---|
| 92 | unsigned char *iv, size_t ivlen )
|
---|
| 93 | {
|
---|
| 94 | int ret, iterations = 0;
|
---|
| 95 | mbedtls_asn1_buf salt;
|
---|
| 96 | size_t i;
|
---|
| 97 | unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
|
---|
| 98 |
|
---|
| 99 | if( pwdlen > PKCS12_MAX_PWDLEN )
|
---|
| 100 | return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
---|
| 101 |
|
---|
| 102 | memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
|
---|
| 103 | memset( &unipwd, 0, sizeof(unipwd) );
|
---|
| 104 |
|
---|
| 105 | if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
|
---|
| 106 | &iterations ) ) != 0 )
|
---|
| 107 | return( ret );
|
---|
| 108 |
|
---|
| 109 | for( i = 0; i < pwdlen; i++ )
|
---|
| 110 | unipwd[i * 2 + 1] = pwd[i];
|
---|
| 111 |
|
---|
| 112 | if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
|
---|
| 113 | salt.p, salt.len, md_type,
|
---|
| 114 | MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
|
---|
| 115 | {
|
---|
| 116 | return( ret );
|
---|
| 117 | }
|
---|
| 118 |
|
---|
| 119 | if( iv == NULL || ivlen == 0 )
|
---|
| 120 | return( 0 );
|
---|
| 121 |
|
---|
| 122 | if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
|
---|
| 123 | salt.p, salt.len, md_type,
|
---|
| 124 | MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
|
---|
| 125 | {
|
---|
| 126 | return( ret );
|
---|
| 127 | }
|
---|
| 128 | return( 0 );
|
---|
| 129 | }
|
---|
| 130 |
|
---|
| 131 | #undef PKCS12_MAX_PWDLEN
|
---|
| 132 |
|
---|
| 133 | int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
|
---|
| 134 | const unsigned char *pwd, size_t pwdlen,
|
---|
| 135 | const unsigned char *data, size_t len,
|
---|
| 136 | unsigned char *output )
|
---|
| 137 | {
|
---|
| 138 | #if !defined(MBEDTLS_ARC4_C)
|
---|
| 139 | ((void) pbe_params);
|
---|
| 140 | ((void) mode);
|
---|
| 141 | ((void) pwd);
|
---|
| 142 | ((void) pwdlen);
|
---|
| 143 | ((void) data);
|
---|
| 144 | ((void) len);
|
---|
| 145 | ((void) output);
|
---|
| 146 | return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
---|
| 147 | #else
|
---|
| 148 | int ret;
|
---|
| 149 | unsigned char key[16];
|
---|
| 150 | mbedtls_arc4_context ctx;
|
---|
| 151 | ((void) mode);
|
---|
| 152 |
|
---|
| 153 | mbedtls_arc4_init( &ctx );
|
---|
| 154 |
|
---|
| 155 | if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
|
---|
| 156 | pwd, pwdlen,
|
---|
| 157 | key, 16, NULL, 0 ) ) != 0 )
|
---|
| 158 | {
|
---|
| 159 | return( ret );
|
---|
| 160 | }
|
---|
| 161 |
|
---|
| 162 | mbedtls_arc4_setup( &ctx, key, 16 );
|
---|
| 163 | if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
|
---|
| 164 | goto exit;
|
---|
| 165 |
|
---|
| 166 | exit:
|
---|
| 167 | mbedtls_platform_zeroize( key, sizeof( key ) );
|
---|
| 168 | mbedtls_arc4_free( &ctx );
|
---|
| 169 |
|
---|
| 170 | return( ret );
|
---|
| 171 | #endif /* MBEDTLS_ARC4_C */
|
---|
| 172 | }
|
---|
| 173 |
|
---|
| 174 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
---|
| 175 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
---|
| 176 | const unsigned char *pwd, size_t pwdlen,
|
---|
| 177 | const unsigned char *data, size_t len,
|
---|
| 178 | unsigned char *output )
|
---|
| 179 | {
|
---|
| 180 | int ret, keylen = 0;
|
---|
| 181 | unsigned char key[32];
|
---|
| 182 | unsigned char iv[16];
|
---|
| 183 | const mbedtls_cipher_info_t *cipher_info;
|
---|
| 184 | mbedtls_cipher_context_t cipher_ctx;
|
---|
| 185 | size_t olen = 0;
|
---|
| 186 |
|
---|
| 187 | cipher_info = mbedtls_cipher_info_from_type( cipher_type );
|
---|
| 188 | if( cipher_info == NULL )
|
---|
| 189 | return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
---|
| 190 |
|
---|
| 191 | keylen = cipher_info->key_bitlen / 8;
|
---|
| 192 |
|
---|
| 193 | if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
|
---|
| 194 | key, keylen,
|
---|
| 195 | iv, cipher_info->iv_size ) ) != 0 )
|
---|
| 196 | {
|
---|
| 197 | return( ret );
|
---|
| 198 | }
|
---|
| 199 |
|
---|
| 200 | mbedtls_cipher_init( &cipher_ctx );
|
---|
| 201 |
|
---|
| 202 | if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
|
---|
| 203 | goto exit;
|
---|
| 204 |
|
---|
| 205 | if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
|
---|
| 206 | goto exit;
|
---|
| 207 |
|
---|
| 208 | if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
|
---|
| 209 | goto exit;
|
---|
| 210 |
|
---|
| 211 | if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
|
---|
| 212 | goto exit;
|
---|
| 213 |
|
---|
| 214 | if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
|
---|
| 215 | output, &olen ) ) != 0 )
|
---|
| 216 | {
|
---|
| 217 | goto exit;
|
---|
| 218 | }
|
---|
| 219 |
|
---|
| 220 | if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
|
---|
| 221 | ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
|
---|
| 222 |
|
---|
| 223 | exit:
|
---|
| 224 | mbedtls_platform_zeroize( key, sizeof( key ) );
|
---|
| 225 | mbedtls_platform_zeroize( iv, sizeof( iv ) );
|
---|
| 226 | mbedtls_cipher_free( &cipher_ctx );
|
---|
| 227 |
|
---|
| 228 | return( ret );
|
---|
| 229 | }
|
---|
| 230 |
|
---|
| 231 | #endif /* MBEDTLS_ASN1_PARSE_C */
|
---|
| 232 |
|
---|
| 233 | static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
|
---|
| 234 | const unsigned char *filler, size_t fill_len )
|
---|
| 235 | {
|
---|
| 236 | unsigned char *p = data;
|
---|
| 237 | size_t use_len;
|
---|
| 238 |
|
---|
| 239 | while( data_len > 0 )
|
---|
| 240 | {
|
---|
| 241 | use_len = ( data_len > fill_len ) ? fill_len : data_len;
|
---|
| 242 | memcpy( p, filler, use_len );
|
---|
| 243 | p += use_len;
|
---|
| 244 | data_len -= use_len;
|
---|
| 245 | }
|
---|
| 246 | }
|
---|
| 247 |
|
---|
| 248 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
---|
| 249 | const unsigned char *pwd, size_t pwdlen,
|
---|
| 250 | const unsigned char *salt, size_t saltlen,
|
---|
| 251 | mbedtls_md_type_t md_type, int id, int iterations )
|
---|
| 252 | {
|
---|
| 253 | int ret;
|
---|
| 254 | unsigned int j;
|
---|
| 255 |
|
---|
| 256 | unsigned char diversifier[128];
|
---|
| 257 | unsigned char salt_block[128], pwd_block[128], hash_block[128];
|
---|
| 258 | unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
|
---|
| 259 | unsigned char *p;
|
---|
| 260 | unsigned char c;
|
---|
| 261 |
|
---|
| 262 | size_t hlen, use_len, v, i;
|
---|
| 263 |
|
---|
| 264 | const mbedtls_md_info_t *md_info;
|
---|
| 265 | mbedtls_md_context_t md_ctx;
|
---|
| 266 |
|
---|
| 267 | // This version only allows max of 64 bytes of password or salt
|
---|
| 268 | if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
|
---|
| 269 | return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
---|
| 270 |
|
---|
| 271 | md_info = mbedtls_md_info_from_type( md_type );
|
---|
| 272 | if( md_info == NULL )
|
---|
| 273 | return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
---|
| 274 |
|
---|
| 275 | mbedtls_md_init( &md_ctx );
|
---|
| 276 |
|
---|
| 277 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
---|
| 278 | return( ret );
|
---|
| 279 | hlen = mbedtls_md_get_size( md_info );
|
---|
| 280 |
|
---|
| 281 | if( hlen <= 32 )
|
---|
| 282 | v = 64;
|
---|
| 283 | else
|
---|
| 284 | v = 128;
|
---|
| 285 |
|
---|
| 286 | memset( diversifier, (unsigned char) id, v );
|
---|
| 287 |
|
---|
| 288 | pkcs12_fill_buffer( salt_block, v, salt, saltlen );
|
---|
| 289 | pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
|
---|
| 290 |
|
---|
| 291 | p = data;
|
---|
| 292 | while( datalen > 0 )
|
---|
| 293 | {
|
---|
| 294 | // Calculate hash( diversifier || salt_block || pwd_block )
|
---|
| 295 | if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
|
---|
| 296 | goto exit;
|
---|
| 297 |
|
---|
| 298 | if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
|
---|
| 299 | goto exit;
|
---|
| 300 |
|
---|
| 301 | if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
|
---|
| 302 | goto exit;
|
---|
| 303 |
|
---|
| 304 | if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
|
---|
| 305 | goto exit;
|
---|
| 306 |
|
---|
| 307 | if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
|
---|
| 308 | goto exit;
|
---|
| 309 |
|
---|
| 310 | // Perform remaining ( iterations - 1 ) recursive hash calculations
|
---|
| 311 | for( i = 1; i < (size_t) iterations; i++ )
|
---|
| 312 | {
|
---|
| 313 | if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
|
---|
| 314 | goto exit;
|
---|
| 315 | }
|
---|
| 316 |
|
---|
| 317 | use_len = ( datalen > hlen ) ? hlen : datalen;
|
---|
| 318 | memcpy( p, hash_output, use_len );
|
---|
| 319 | datalen -= use_len;
|
---|
| 320 | p += use_len;
|
---|
| 321 |
|
---|
| 322 | if( datalen == 0 )
|
---|
| 323 | break;
|
---|
| 324 |
|
---|
| 325 | // Concatenating copies of hash_output into hash_block (B)
|
---|
| 326 | pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
|
---|
| 327 |
|
---|
| 328 | // B += 1
|
---|
| 329 | for( i = v; i > 0; i-- )
|
---|
| 330 | if( ++hash_block[i - 1] != 0 )
|
---|
| 331 | break;
|
---|
| 332 |
|
---|
| 333 | // salt_block += B
|
---|
| 334 | c = 0;
|
---|
| 335 | for( i = v; i > 0; i-- )
|
---|
| 336 | {
|
---|
| 337 | j = salt_block[i - 1] + hash_block[i - 1] + c;
|
---|
| 338 | c = (unsigned char) (j >> 8);
|
---|
| 339 | salt_block[i - 1] = j & 0xFF;
|
---|
| 340 | }
|
---|
| 341 |
|
---|
| 342 | // pwd_block += B
|
---|
| 343 | c = 0;
|
---|
| 344 | for( i = v; i > 0; i-- )
|
---|
| 345 | {
|
---|
| 346 | j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
---|
| 347 | c = (unsigned char) (j >> 8);
|
---|
| 348 | pwd_block[i - 1] = j & 0xFF;
|
---|
| 349 | }
|
---|
| 350 | }
|
---|
| 351 |
|
---|
| 352 | ret = 0;
|
---|
| 353 |
|
---|
| 354 | exit:
|
---|
| 355 | mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
|
---|
| 356 | mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
|
---|
| 357 | mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
|
---|
| 358 | mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
|
---|
| 359 |
|
---|
| 360 | mbedtls_md_free( &md_ctx );
|
---|
| 361 |
|
---|
| 362 | return( ret );
|
---|
| 363 | }
|
---|
| 364 |
|
---|
| 365 | #endif /* MBEDTLS_PKCS12_C */
|
---|