git.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/pkcs12.c

   1 /*
   2  *  PKCS#12 Personal Information Exchange Syntax
   3  *
   4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
   5  *  SPDX-License-Identifier: GPL-2.0
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 2 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License along
  18  *  with this program; if not, write to the Free Software Foundation, Inc.,
  19  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  *  This file is part of mbed TLS (https://tls.mbed.org)
  22  */
  23 /*
  24  *  The PKCS #12 Personal Information Exchange Syntax Standard v1.1
  25  *
  26  *  http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
  27  *  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
  28  */
  29
  30 #if !defined(MBEDTLS_CONFIG_FILE)
  31 #include "mbedtls/config.h"
  32 #else
  33 #include MBEDTLS_CONFIG_FILE
  34 #endif
  35
  36 #if defined(MBEDTLS_PKCS12_C)
  37
  38 #include "mbedtls/pkcs12.h"
  39 #include "mbedtls/asn1.h"
  40 #include "mbedtls/cipher.h"
  41 #include "mbedtls/platform_util.h"
  42
  43 #include <string.h>
  44
  45 #if defined(MBEDTLS_ARC4_C)
  46 #include "mbedtls/arc4.h"
  47 #endif
  48
  49 #if defined(MBEDTLS_DES_C)
  50 #include "mbedtls/des.h"
  51 #endif
  52
  53 static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
  54                                     mbedtls_asn1_buf *salt, int *iterations )
  55 {
  56     int ret;
  57     unsigned char **p = &params->p;
  58     const unsigned char *end = params->p + params->len;
  59
  60     /*
  61      *  pkcs-12PbeParams ::= SEQUENCE {
  62      *    salt          OCTET STRING,
  63      *    iterations    INTEGER
  64      *  }
  65      *
  66      */
  67     if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
  68         return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
  69                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  70
  71     if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
  72         return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
  73
  74     salt->p = *p;
  75     *p += salt->len;
  76
  77     if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
  78         return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
  79
  80     if( *p != end )
  81         return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
  82                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  83
  84     return( 0 );
  85 }
  86
  87 #define PKCS12_MAX_PWDLEN 128
  88
  89 static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
  90                                      const unsigned char *pwd,  size_t pwdlen,
  91                                      unsigned char *key, size_t keylen,
  92                                      unsigned char *iv,  size_t ivlen )
  93 {
  94     int ret, iterations = 0;
  95     mbedtls_asn1_buf salt;
  96     size_t i;
  97     unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
  98
  99     if( pwdlen > PKCS12_MAX_PWDLEN )
 100         return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
 101
 102     memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
 103     memset( &unipwd, 0, sizeof(unipwd) );
 104
 105     if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
 106                                          &iterations ) ) != 0 )
 107         return( ret );
 108
 109     for( i = 0; i < pwdlen; i++ )
 110         unipwd[i * 2 + 1] = pwd[i];
 111
 112     if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
 113                                    salt.p, salt.len, md_type,
 114                                    MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
 115     {
 116         return( ret );
 117     }
 118
 119     if( iv == NULL || ivlen == 0 )
 120         return( 0 );
 121
 122     if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
 123                                    salt.p, salt.len, md_type,
 124                                    MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
 125     {
 126         return( ret );
 127     }
 128     return( 0 );
 129 }
 130
 131 #undef PKCS12_MAX_PWDLEN
 132
 133 int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
 134                              const unsigned char *pwd,  size_t pwdlen,
 135                              const unsigned char *data, size_t len,
 136                              unsigned char *output )
 137 {
 138 #if !defined(MBEDTLS_ARC4_C)
 139     ((void) pbe_params);
 140     ((void) mode);
 141     ((void) pwd);
 142     ((void) pwdlen);
 143     ((void) data);
 144     ((void) len);
 145     ((void) output);
 146     return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
 147 #else
 148     int ret;
 149     unsigned char key[16];
 150     mbedtls_arc4_context ctx;
 151     ((void) mode);
 152
 153     mbedtls_arc4_init( &ctx );
 154
 155     if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
 156                                           pwd, pwdlen,
 157                                           key, 16, NULL, 0 ) ) != 0 )
 158     {
 159         return( ret );
 160     }
 161
 162     mbedtls_arc4_setup( &ctx, key, 16 );
 163     if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
 164         goto exit;
 165
 166 exit:
 167     mbedtls_platform_zeroize( key, sizeof( key ) );
 168     mbedtls_arc4_free( &ctx );
 169
 170     return( ret );
 171 #endif /* MBEDTLS_ARC4_C */
 172 }
 173
 174 int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
 175                 mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
 176                 const unsigned char *pwd,  size_t pwdlen,
 177                 const unsigned char *data, size_t len,
 178                 unsigned char *output )
 179 {
 180     int ret, keylen = 0;
 181     unsigned char key[32];
 182     unsigned char iv[16];
 183     const mbedtls_cipher_info_t *cipher_info;
 184     mbedtls_cipher_context_t cipher_ctx;
 185     size_t olen = 0;
 186
 187     cipher_info = mbedtls_cipher_info_from_type( cipher_type );
 188     if( cipher_info == NULL )
 189         return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
 190
 191     keylen = cipher_info->key_bitlen / 8;
 192
 193     if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
 194                                           key, keylen,
 195                                           iv, cipher_info->iv_size ) ) != 0 )
 196     {
 197         return( ret );
 198     }
 199
 200     mbedtls_cipher_init( &cipher_ctx );
 201
 202     if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
 203         goto exit;
 204
 205     if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
 206         goto exit;
 207
 208     if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
 209         goto exit;
 210
 211     if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
 212         goto exit;
 213
 214     if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
 215                                 output, &olen ) ) != 0 )
 216     {
 217         goto exit;
 218     }
 219
 220     if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
 221         ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
 222
 223 exit:
 224     mbedtls_platform_zeroize( key, sizeof( key ) );
 225     mbedtls_platform_zeroize( iv,  sizeof( iv  ) );
 226     mbedtls_cipher_free( &cipher_ctx );
 227
 228     return( ret );
 229 }
 230
 231 static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
 232                                 const unsigned char *filler, size_t fill_len )
 233 {
 234     unsigned char *p = data;
 235     size_t use_len;
 236
 237     while( data_len > 0 )
 238     {
 239         use_len = ( data_len > fill_len ) ? fill_len : data_len;
 240         memcpy( p, filler, use_len );
 241         p += use_len;
 242         data_len -= use_len;
 243     }
 244 }
 245
 246 int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
 247                        const unsigned char *pwd, size_t pwdlen,
 248                        const unsigned char *salt, size_t saltlen,
 249                        mbedtls_md_type_t md_type, int id, int iterations )
 250 {
 251     int ret;
 252     unsigned int j;
 253
 254     unsigned char diversifier[128];
 255     unsigned char salt_block[128], pwd_block[128], hash_block[128];
 256     unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
 257     unsigned char *p;
 258     unsigned char c;
 259
 260     size_t hlen, use_len, v, i;
 261
 262     const mbedtls_md_info_t *md_info;
 263     mbedtls_md_context_t md_ctx;
 264
 265     // This version only allows max of 64 bytes of password or salt
 266     if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
 267         return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
 268
 269     md_info = mbedtls_md_info_from_type( md_type );
 270     if( md_info == NULL )
 271         return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
 272
 273     mbedtls_md_init( &md_ctx );
 274
 275     if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
 276         return( ret );
 277     hlen = mbedtls_md_get_size( md_info );
 278
 279     if( hlen <= 32 )
 280         v = 64;
 281     else
 282         v = 128;
 283
 284     memset( diversifier, (unsigned char) id, v );
 285
 286     pkcs12_fill_buffer( salt_block, v, salt, saltlen );
 287     pkcs12_fill_buffer( pwd_block,  v, pwd,  pwdlen  );
 288
 289     p = data;
 290     while( datalen > 0 )
 291     {
 292         // Calculate hash( diversifier || salt_block || pwd_block )
 293         if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
 294             goto exit;
 295
 296         if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
 297             goto exit;
 298
 299         if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
 300             goto exit;
 301
 302         if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
 303             goto exit;
 304
 305         if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
 306             goto exit;
 307
 308         // Perform remaining ( iterations - 1 ) recursive hash calculations
 309         for( i = 1; i < (size_t) iterations; i++ )
 310         {
 311             if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
 312                 goto exit;
 313         }
 314
 315         use_len = ( datalen > hlen ) ? hlen : datalen;
 316         memcpy( p, hash_output, use_len );
 317         datalen -= use_len;
 318         p += use_len;
 319
 320         if( datalen == 0 )
 321             break;
 322
 323         // Concatenating copies of hash_output into hash_block (B)
 324         pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
 325
 326         // B += 1
 327         for( i = v; i > 0; i-- )
 328             if( ++hash_block[i - 1] != 0 )
 329                 break;
 330
 331         // salt_block += B
 332         c = 0;
 333         for( i = v; i > 0; i-- )
 334         {
 335             j = salt_block[i - 1] + hash_block[i - 1] + c;
 336             c = (unsigned char) (j >> 8);
 337             salt_block[i - 1] = j & 0xFF;
 338         }
 339
 340         // pwd_block  += B
 341         c = 0;
 342         for( i = v; i > 0; i-- )
 343         {
 344             j = pwd_block[i - 1] + hash_block[i - 1] + c;
 345             c = (unsigned char) (j >> 8);
 346             pwd_block[i - 1] = j & 0xFF;
 347         }
 348     }
 349
 350     ret = 0;
 351
 352 exit:
 353     mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
 354     mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
 355     mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
 356     mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
 357
 358     mbedtls_md_free( &md_ctx );
 359
 360     return( ret );
 361 }
 362
 363 #endif /* MBEDTLS_PKCS12_C */