1 | /*
|
---|
2 | * PKCS#12 Personal Information Exchange Syntax
|
---|
3 | *
|
---|
4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
5 | * SPDX-License-Identifier: Apache-2.0
|
---|
6 | *
|
---|
7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
8 | * not use this file except in compliance with the License.
|
---|
9 | * You may obtain a copy of the License at
|
---|
10 | *
|
---|
11 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
12 | *
|
---|
13 | * Unless required by applicable law or agreed to in writing, software
|
---|
14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
16 | * See the License for the specific language governing permissions and
|
---|
17 | * limitations under the License.
|
---|
18 | *
|
---|
19 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
20 | */
|
---|
21 | /*
|
---|
22 | * The PKCS #12 Personal Information Exchange Syntax Standard v1.1
|
---|
23 | *
|
---|
24 | * http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
|
---|
25 | * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
|
---|
26 | */
|
---|
27 |
|
---|
28 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
29 | #include "mbedtls/config.h"
|
---|
30 | #else
|
---|
31 | #include MBEDTLS_CONFIG_FILE
|
---|
32 | #endif
|
---|
33 |
|
---|
34 | #if defined(MBEDTLS_PKCS12_C)
|
---|
35 |
|
---|
36 | #include "mbedtls/pkcs12.h"
|
---|
37 | #include "mbedtls/asn1.h"
|
---|
38 | #include "mbedtls/cipher.h"
|
---|
39 | #include "mbedtls/platform_util.h"
|
---|
40 |
|
---|
41 | #include <string.h>
|
---|
42 |
|
---|
43 | #if defined(MBEDTLS_ARC4_C)
|
---|
44 | #include "mbedtls/arc4.h"
|
---|
45 | #endif
|
---|
46 |
|
---|
47 | #if defined(MBEDTLS_DES_C)
|
---|
48 | #include "mbedtls/des.h"
|
---|
49 | #endif
|
---|
50 |
|
---|
51 | #if defined(MBEDTLS_ASN1_PARSE_C)
|
---|
52 |
|
---|
53 | static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
|
---|
54 | mbedtls_asn1_buf *salt, int *iterations )
|
---|
55 | {
|
---|
56 | int ret;
|
---|
57 | unsigned char **p = ¶ms->p;
|
---|
58 | const unsigned char *end = params->p + params->len;
|
---|
59 |
|
---|
60 | /*
|
---|
61 | * pkcs-12PbeParams ::= SEQUENCE {
|
---|
62 | * salt OCTET STRING,
|
---|
63 | * iterations INTEGER
|
---|
64 | * }
|
---|
65 | *
|
---|
66 | */
|
---|
67 | if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
|
---|
68 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
|
---|
69 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
---|
70 |
|
---|
71 | if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
72 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
---|
73 |
|
---|
74 | salt->p = *p;
|
---|
75 | *p += salt->len;
|
---|
76 |
|
---|
77 | if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
|
---|
78 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
---|
79 |
|
---|
80 | if( *p != end )
|
---|
81 | return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
|
---|
82 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
83 |
|
---|
84 | return( 0 );
|
---|
85 | }
|
---|
86 |
|
---|
87 | #define PKCS12_MAX_PWDLEN 128
|
---|
88 |
|
---|
89 | static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
|
---|
90 | const unsigned char *pwd, size_t pwdlen,
|
---|
91 | unsigned char *key, size_t keylen,
|
---|
92 | unsigned char *iv, size_t ivlen )
|
---|
93 | {
|
---|
94 | int ret, iterations = 0;
|
---|
95 | mbedtls_asn1_buf salt;
|
---|
96 | size_t i;
|
---|
97 | unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
|
---|
98 |
|
---|
99 | if( pwdlen > PKCS12_MAX_PWDLEN )
|
---|
100 | return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
---|
101 |
|
---|
102 | memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
|
---|
103 | memset( &unipwd, 0, sizeof(unipwd) );
|
---|
104 |
|
---|
105 | if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
|
---|
106 | &iterations ) ) != 0 )
|
---|
107 | return( ret );
|
---|
108 |
|
---|
109 | for( i = 0; i < pwdlen; i++ )
|
---|
110 | unipwd[i * 2 + 1] = pwd[i];
|
---|
111 |
|
---|
112 | if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
|
---|
113 | salt.p, salt.len, md_type,
|
---|
114 | MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
|
---|
115 | {
|
---|
116 | return( ret );
|
---|
117 | }
|
---|
118 |
|
---|
119 | if( iv == NULL || ivlen == 0 )
|
---|
120 | return( 0 );
|
---|
121 |
|
---|
122 | if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
|
---|
123 | salt.p, salt.len, md_type,
|
---|
124 | MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
|
---|
125 | {
|
---|
126 | return( ret );
|
---|
127 | }
|
---|
128 | return( 0 );
|
---|
129 | }
|
---|
130 |
|
---|
131 | #undef PKCS12_MAX_PWDLEN
|
---|
132 |
|
---|
133 | int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
|
---|
134 | const unsigned char *pwd, size_t pwdlen,
|
---|
135 | const unsigned char *data, size_t len,
|
---|
136 | unsigned char *output )
|
---|
137 | {
|
---|
138 | #if !defined(MBEDTLS_ARC4_C)
|
---|
139 | ((void) pbe_params);
|
---|
140 | ((void) mode);
|
---|
141 | ((void) pwd);
|
---|
142 | ((void) pwdlen);
|
---|
143 | ((void) data);
|
---|
144 | ((void) len);
|
---|
145 | ((void) output);
|
---|
146 | return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
---|
147 | #else
|
---|
148 | int ret;
|
---|
149 | unsigned char key[16];
|
---|
150 | mbedtls_arc4_context ctx;
|
---|
151 | ((void) mode);
|
---|
152 |
|
---|
153 | mbedtls_arc4_init( &ctx );
|
---|
154 |
|
---|
155 | if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
|
---|
156 | pwd, pwdlen,
|
---|
157 | key, 16, NULL, 0 ) ) != 0 )
|
---|
158 | {
|
---|
159 | return( ret );
|
---|
160 | }
|
---|
161 |
|
---|
162 | mbedtls_arc4_setup( &ctx, key, 16 );
|
---|
163 | if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
|
---|
164 | goto exit;
|
---|
165 |
|
---|
166 | exit:
|
---|
167 | mbedtls_platform_zeroize( key, sizeof( key ) );
|
---|
168 | mbedtls_arc4_free( &ctx );
|
---|
169 |
|
---|
170 | return( ret );
|
---|
171 | #endif /* MBEDTLS_ARC4_C */
|
---|
172 | }
|
---|
173 |
|
---|
174 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
---|
175 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
---|
176 | const unsigned char *pwd, size_t pwdlen,
|
---|
177 | const unsigned char *data, size_t len,
|
---|
178 | unsigned char *output )
|
---|
179 | {
|
---|
180 | int ret, keylen = 0;
|
---|
181 | unsigned char key[32];
|
---|
182 | unsigned char iv[16];
|
---|
183 | const mbedtls_cipher_info_t *cipher_info;
|
---|
184 | mbedtls_cipher_context_t cipher_ctx;
|
---|
185 | size_t olen = 0;
|
---|
186 |
|
---|
187 | cipher_info = mbedtls_cipher_info_from_type( cipher_type );
|
---|
188 | if( cipher_info == NULL )
|
---|
189 | return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
---|
190 |
|
---|
191 | keylen = cipher_info->key_bitlen / 8;
|
---|
192 |
|
---|
193 | if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
|
---|
194 | key, keylen,
|
---|
195 | iv, cipher_info->iv_size ) ) != 0 )
|
---|
196 | {
|
---|
197 | return( ret );
|
---|
198 | }
|
---|
199 |
|
---|
200 | mbedtls_cipher_init( &cipher_ctx );
|
---|
201 |
|
---|
202 | if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
|
---|
203 | goto exit;
|
---|
204 |
|
---|
205 | if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
|
---|
206 | goto exit;
|
---|
207 |
|
---|
208 | if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
|
---|
209 | goto exit;
|
---|
210 |
|
---|
211 | if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
|
---|
212 | goto exit;
|
---|
213 |
|
---|
214 | if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
|
---|
215 | output, &olen ) ) != 0 )
|
---|
216 | {
|
---|
217 | goto exit;
|
---|
218 | }
|
---|
219 |
|
---|
220 | if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
|
---|
221 | ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
|
---|
222 |
|
---|
223 | exit:
|
---|
224 | mbedtls_platform_zeroize( key, sizeof( key ) );
|
---|
225 | mbedtls_platform_zeroize( iv, sizeof( iv ) );
|
---|
226 | mbedtls_cipher_free( &cipher_ctx );
|
---|
227 |
|
---|
228 | return( ret );
|
---|
229 | }
|
---|
230 |
|
---|
231 | #endif /* MBEDTLS_ASN1_PARSE_C */
|
---|
232 |
|
---|
233 | static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
|
---|
234 | const unsigned char *filler, size_t fill_len )
|
---|
235 | {
|
---|
236 | unsigned char *p = data;
|
---|
237 | size_t use_len;
|
---|
238 |
|
---|
239 | while( data_len > 0 )
|
---|
240 | {
|
---|
241 | use_len = ( data_len > fill_len ) ? fill_len : data_len;
|
---|
242 | memcpy( p, filler, use_len );
|
---|
243 | p += use_len;
|
---|
244 | data_len -= use_len;
|
---|
245 | }
|
---|
246 | }
|
---|
247 |
|
---|
248 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
---|
249 | const unsigned char *pwd, size_t pwdlen,
|
---|
250 | const unsigned char *salt, size_t saltlen,
|
---|
251 | mbedtls_md_type_t md_type, int id, int iterations )
|
---|
252 | {
|
---|
253 | int ret;
|
---|
254 | unsigned int j;
|
---|
255 |
|
---|
256 | unsigned char diversifier[128];
|
---|
257 | unsigned char salt_block[128], pwd_block[128], hash_block[128];
|
---|
258 | unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
|
---|
259 | unsigned char *p;
|
---|
260 | unsigned char c;
|
---|
261 |
|
---|
262 | size_t hlen, use_len, v, i;
|
---|
263 |
|
---|
264 | const mbedtls_md_info_t *md_info;
|
---|
265 | mbedtls_md_context_t md_ctx;
|
---|
266 |
|
---|
267 | // This version only allows max of 64 bytes of password or salt
|
---|
268 | if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
|
---|
269 | return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
---|
270 |
|
---|
271 | md_info = mbedtls_md_info_from_type( md_type );
|
---|
272 | if( md_info == NULL )
|
---|
273 | return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
---|
274 |
|
---|
275 | mbedtls_md_init( &md_ctx );
|
---|
276 |
|
---|
277 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
---|
278 | return( ret );
|
---|
279 | hlen = mbedtls_md_get_size( md_info );
|
---|
280 |
|
---|
281 | if( hlen <= 32 )
|
---|
282 | v = 64;
|
---|
283 | else
|
---|
284 | v = 128;
|
---|
285 |
|
---|
286 | memset( diversifier, (unsigned char) id, v );
|
---|
287 |
|
---|
288 | pkcs12_fill_buffer( salt_block, v, salt, saltlen );
|
---|
289 | pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
|
---|
290 |
|
---|
291 | p = data;
|
---|
292 | while( datalen > 0 )
|
---|
293 | {
|
---|
294 | // Calculate hash( diversifier || salt_block || pwd_block )
|
---|
295 | if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
|
---|
296 | goto exit;
|
---|
297 |
|
---|
298 | if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
|
---|
299 | goto exit;
|
---|
300 |
|
---|
301 | if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
|
---|
302 | goto exit;
|
---|
303 |
|
---|
304 | if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
|
---|
305 | goto exit;
|
---|
306 |
|
---|
307 | if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
|
---|
308 | goto exit;
|
---|
309 |
|
---|
310 | // Perform remaining ( iterations - 1 ) recursive hash calculations
|
---|
311 | for( i = 1; i < (size_t) iterations; i++ )
|
---|
312 | {
|
---|
313 | if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
|
---|
314 | goto exit;
|
---|
315 | }
|
---|
316 |
|
---|
317 | use_len = ( datalen > hlen ) ? hlen : datalen;
|
---|
318 | memcpy( p, hash_output, use_len );
|
---|
319 | datalen -= use_len;
|
---|
320 | p += use_len;
|
---|
321 |
|
---|
322 | if( datalen == 0 )
|
---|
323 | break;
|
---|
324 |
|
---|
325 | // Concatenating copies of hash_output into hash_block (B)
|
---|
326 | pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
|
---|
327 |
|
---|
328 | // B += 1
|
---|
329 | for( i = v; i > 0; i-- )
|
---|
330 | if( ++hash_block[i - 1] != 0 )
|
---|
331 | break;
|
---|
332 |
|
---|
333 | // salt_block += B
|
---|
334 | c = 0;
|
---|
335 | for( i = v; i > 0; i-- )
|
---|
336 | {
|
---|
337 | j = salt_block[i - 1] + hash_block[i - 1] + c;
|
---|
338 | c = (unsigned char) (j >> 8);
|
---|
339 | salt_block[i - 1] = j & 0xFF;
|
---|
340 | }
|
---|
341 |
|
---|
342 | // pwd_block += B
|
---|
343 | c = 0;
|
---|
344 | for( i = v; i > 0; i-- )
|
---|
345 | {
|
---|
346 | j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
---|
347 | c = (unsigned char) (j >> 8);
|
---|
348 | pwd_block[i - 1] = j & 0xFF;
|
---|
349 | }
|
---|
350 | }
|
---|
351 |
|
---|
352 | ret = 0;
|
---|
353 |
|
---|
354 | exit:
|
---|
355 | mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
|
---|
356 | mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
|
---|
357 | mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
|
---|
358 | mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
|
---|
359 |
|
---|
360 | mbedtls_md_free( &md_ctx );
|
---|
361 |
|
---|
362 | return( ret );
|
---|
363 | }
|
---|
364 |
|
---|
365 | #endif /* MBEDTLS_PKCS12_C */
|
---|