summaryrefslogtreecommitdiffstats
path: root/thirdparty/mbedtls/library/pkcs12.c
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/mbedtls/library/pkcs12.c')
-rw-r--r--thirdparty/mbedtls/library/pkcs12.c192
1 files changed, 80 insertions, 112 deletions
diff --git a/thirdparty/mbedtls/library/pkcs12.c b/thirdparty/mbedtls/library/pkcs12.c
index 55de216edb..a3467b9820 100644
--- a/thirdparty/mbedtls/library/pkcs12.c
+++ b/thirdparty/mbedtls/library/pkcs12.c
@@ -17,21 +17,21 @@
#include "mbedtls/pkcs12.h"
#include "mbedtls/asn1.h"
+#if defined(MBEDTLS_CIPHER_C)
#include "mbedtls/cipher.h"
+#endif /* MBEDTLS_CIPHER_C */
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "psa_util_internal.h"
+
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations)
@@ -119,47 +119,6 @@ static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_typ
#undef PKCS12_MAX_PWDLEN
-int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t len,
- unsigned char *output)
-{
-#if !defined(MBEDTLS_ARC4_C)
- ((void) pbe_params);
- ((void) mode);
- ((void) pwd);
- ((void) pwdlen);
- ((void) data);
- ((void) len);
- ((void) output);
- return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char key[16];
- mbedtls_arc4_context ctx;
- ((void) mode);
-
- mbedtls_arc4_init(&ctx);
-
- if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, MBEDTLS_MD_SHA1,
- pwd, pwdlen,
- key, 16, NULL, 0)) != 0) {
- return ret;
- }
-
- mbedtls_arc4_setup(&ctx, key, 16);
- if ((ret = mbedtls_arc4_crypt(&ctx, len, data, output)) != 0) {
- goto exit;
- }
-
-exit:
- mbedtls_platform_zeroize(key, sizeof(key));
- mbedtls_arc4_free(&ctx);
-
- return ret;
-#endif /* MBEDTLS_ARC4_C */
-}
-
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
@@ -169,6 +128,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
size_t *output_len);
#endif
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
@@ -185,6 +145,7 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
pwd, pwdlen, data, len, output, SIZE_MAX,
&output_len);
}
+#endif
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
@@ -198,6 +159,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
unsigned char iv[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t cipher_ctx;
+ size_t iv_len = 0;
size_t finish_olen = 0;
unsigned int padlen = 0;
@@ -210,7 +172,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
}
- keylen = cipher_info->key_bitlen / 8;
+ keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
if (output_size < len) {
@@ -225,9 +187,10 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
}
}
+ iv_len = mbedtls_cipher_info_get_iv_size(cipher_info);
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
key, keylen,
- iv, cipher_info->iv_size)) != 0) {
+ iv, iv_len)) != 0) {
return ret;
}
@@ -237,9 +200,8 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
goto exit;
}
- if ((ret =
- mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
- (mbedtls_operation_t) mode)) != 0) {
+ if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
+ (mbedtls_operation_t) mode)) != 0) {
goto exit;
}
@@ -263,20 +225,8 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
}
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
- output, output_len)) != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + (*output_len), &finish_olen)) != 0) {
+ ret = mbedtls_cipher_crypt(&cipher_ctx, iv, iv_len, data, len, output, &finish_olen);
+ if (ret == MBEDTLS_ERR_CIPHER_INVALID_PADDING) {
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
}
@@ -290,7 +240,7 @@ exit:
return ret;
}
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */
static void pkcs12_fill_buffer(unsigned char *data, size_t data_len,
const unsigned char *filler, size_t fill_len)
@@ -314,6 +264,65 @@ static void pkcs12_fill_buffer(unsigned char *data, size_t data_len,
}
}
+
+static int calculate_hashes(mbedtls_md_type_t md_type, int iterations,
+ unsigned char *diversifier, unsigned char *salt_block,
+ unsigned char *pwd_block, unsigned char *hash_output, int use_salt,
+ int use_password, size_t hlen, size_t v)
+{
+ int ret = -1;
+ size_t i;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_md_context_t md_ctx;
+ md_info = mbedtls_md_info_from_type(md_type);
+ if (md_info == NULL) {
+ return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
+ }
+
+ mbedtls_md_init(&md_ctx);
+
+ if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
+ return ret;
+ }
+ // Calculate hash( diversifier || salt_block || pwd_block )
+ if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_md_update(&md_ctx, diversifier, v)) != 0) {
+ goto exit;
+ }
+
+ if (use_salt != 0) {
+ if ((ret = mbedtls_md_update(&md_ctx, salt_block, v)) != 0) {
+ goto exit;
+ }
+ }
+
+ if (use_password != 0) {
+ if ((ret = mbedtls_md_update(&md_ctx, pwd_block, v)) != 0) {
+ goto exit;
+ }
+ }
+
+ if ((ret = mbedtls_md_finish(&md_ctx, hash_output)) != 0) {
+ goto exit;
+ }
+
+ // Perform remaining ( iterations - 1 ) recursive hash calculations
+ for (i = 1; i < (size_t) iterations; i++) {
+ if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output))
+ != 0) {
+ goto exit;
+ }
+ }
+
+exit:
+ mbedtls_md_free(&md_ctx);
+ return ret;
+}
+
+
int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *salt, size_t saltlen,
@@ -323,7 +332,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
unsigned int j;
unsigned char diversifier[128];
- unsigned char salt_block[128], pwd_block[128], hash_block[128];
+ unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 };
unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
unsigned char *p;
unsigned char c;
@@ -332,9 +341,6 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
size_t hlen, use_len, v, i;
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
-
// This version only allows max of 64 bytes of password or salt
if (datalen > 128 || pwdlen > 64 || saltlen > 64) {
return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
@@ -351,17 +357,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
use_password = (pwd && pwdlen != 0);
use_salt = (salt && saltlen != 0);
- md_info = mbedtls_md_info_from_type(md_type);
- if (md_info == NULL) {
- return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
- }
-
- mbedtls_md_init(&md_ctx);
-
- if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
- return ret;
- }
- hlen = mbedtls_md_get_size(md_info);
+ hlen = mbedtls_md_get_size_from_type(md_type);
if (hlen <= 32) {
v = 64;
@@ -381,38 +377,12 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
p = data;
while (datalen > 0) {
- // Calculate hash( diversifier || salt_block || pwd_block )
- if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_md_update(&md_ctx, diversifier, v)) != 0) {
- goto exit;
- }
-
- if (use_salt != 0) {
- if ((ret = mbedtls_md_update(&md_ctx, salt_block, v)) != 0) {
- goto exit;
- }
- }
-
- if (use_password != 0) {
- if ((ret = mbedtls_md_update(&md_ctx, pwd_block, v)) != 0) {
- goto exit;
- }
- }
-
- if ((ret = mbedtls_md_finish(&md_ctx, hash_output)) != 0) {
+ if (calculate_hashes(md_type, iterations, diversifier, salt_block,
+ pwd_block, hash_output, use_salt, use_password, hlen,
+ v) != 0) {
goto exit;
}
- // Perform remaining ( iterations - 1 ) recursive hash calculations
- for (i = 1; i < (size_t) iterations; i++) {
- if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output)) != 0) {
- goto exit;
- }
- }
-
use_len = (datalen > hlen) ? hlen : datalen;
memcpy(p, hash_output, use_len);
datalen -= use_len;
@@ -461,8 +431,6 @@ exit:
mbedtls_platform_zeroize(hash_block, sizeof(hash_block));
mbedtls_platform_zeroize(hash_output, sizeof(hash_output));
- mbedtls_md_free(&md_ctx);
-
return ret;
}