Add the Labs projects provided in the V10.2.1_191129 zip file.

[freertos] / FreeRTOS-Labs / Source / mbedtls / library / pkcs12.c

/*\r
 *  PKCS#12 Personal Information Exchange Syntax\r
 *\r
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved\r
 *  SPDX-License-Identifier: Apache-2.0\r
 *\r
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\r
 *  not use this file except in compliance with the License.\r
 *  You may obtain a copy of the License at\r
 *\r
 *  http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 *  Unless required by applicable law or agreed to in writing, software\r
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 *  See the License for the specific language governing permissions and\r
 *  limitations under the License.\r
 *\r
 *  This file is part of mbed TLS (https://tls.mbed.org)\r
 */\r
/*\r
 *  The PKCS #12 Personal Information Exchange Syntax Standard v1.1\r
 *\r
 *  http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf\r
 *  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn\r
 */\r
\r
#if !defined(MBEDTLS_CONFIG_FILE)\r
#include "mbedtls/config.h"\r
#else\r
#include MBEDTLS_CONFIG_FILE\r
#endif\r
\r
#if defined(MBEDTLS_PKCS12_C)\r
\r
#include "mbedtls/pkcs12.h"\r
#include "mbedtls/asn1.h"\r
#include "mbedtls/cipher.h"\r
#include "mbedtls/platform_util.h"\r
\r
#include <string.h>\r
\r
#if defined(MBEDTLS_ARC4_C)\r
#include "mbedtls/arc4.h"\r
#endif\r
\r
#if defined(MBEDTLS_DES_C)\r
#include "mbedtls/des.h"\r
#endif\r
\r
#if defined(MBEDTLS_ASN1_PARSE_C)\r
\r
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,\r
                                    mbedtls_asn1_buf *salt, int *iterations )\r
{\r
    int ret;\r
    unsigned char **p = &params->p;\r
    const unsigned char *end = params->p + params->len;\r
\r
    /*\r
     *  pkcs-12PbeParams ::= SEQUENCE {\r
     *    salt          OCTET STRING,\r
     *    iterations    INTEGER\r
     *  }\r
     *\r
     */\r
    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )\r
        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +\r
                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );\r
\r
    if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )\r
        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );\r
\r
    salt->p = *p;\r
    *p += salt->len;\r
\r
    if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )\r
        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );\r
\r
    if( *p != end )\r
        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +\r
                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );\r
\r
    return( 0 );\r
}\r
\r
#define PKCS12_MAX_PWDLEN 128\r
\r
static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,\r
                                     const unsigned char *pwd,  size_t pwdlen,\r
                                     unsigned char *key, size_t keylen,\r
                                     unsigned char *iv,  size_t ivlen )\r
{\r
    int ret, iterations = 0;\r
    mbedtls_asn1_buf salt;\r
    size_t i;\r
    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];\r
\r
    if( pwdlen > PKCS12_MAX_PWDLEN )\r
        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );\r
\r
    memset( &salt, 0, sizeof(mbedtls_asn1_buf) );\r
    memset( &unipwd, 0, sizeof(unipwd) );\r
\r
    if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,\r
                                         &iterations ) ) != 0 )\r
        return( ret );\r
\r
    for( i = 0; i < pwdlen; i++ )\r
        unipwd[i * 2 + 1] = pwd[i];\r
\r
    if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,\r
                                   salt.p, salt.len, md_type,\r
                                   MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )\r
    {\r
        return( ret );\r
    }\r
\r
    if( iv == NULL || ivlen == 0 )\r
        return( 0 );\r
\r
    if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,\r
                                   salt.p, salt.len, md_type,\r
                                   MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )\r
    {\r
        return( ret );\r
    }\r
    return( 0 );\r
}\r
\r
#undef PKCS12_MAX_PWDLEN\r
\r
int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,\r
                             const unsigned char *pwd,  size_t pwdlen,\r
                             const unsigned char *data, size_t len,\r
                             unsigned char *output )\r
{\r
#if !defined(MBEDTLS_ARC4_C)\r
    ((void) pbe_params);\r
    ((void) mode);\r
    ((void) pwd);\r
    ((void) pwdlen);\r
    ((void) data);\r
    ((void) len);\r
    ((void) output);\r
    return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );\r
#else\r
    int ret;\r
    unsigned char key[16];\r
    mbedtls_arc4_context ctx;\r
    ((void) mode);\r
\r
    mbedtls_arc4_init( &ctx );\r
\r
    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,\r
                                          pwd, pwdlen,\r
                                          key, 16, NULL, 0 ) ) != 0 )\r
    {\r
        return( ret );\r
    }\r
\r
    mbedtls_arc4_setup( &ctx, key, 16 );\r
    if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )\r
        goto exit;\r
\r
exit:\r
    mbedtls_platform_zeroize( key, sizeof( key ) );\r
    mbedtls_arc4_free( &ctx );\r
\r
    return( ret );\r
#endif /* MBEDTLS_ARC4_C */\r
}\r
\r
int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,\r
                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,\r
                const unsigned char *pwd,  size_t pwdlen,\r
                const unsigned char *data, size_t len,\r
                unsigned char *output )\r
{\r
    int ret, keylen = 0;\r
    unsigned char key[32];\r
    unsigned char iv[16];\r
    const mbedtls_cipher_info_t *cipher_info;\r
    mbedtls_cipher_context_t cipher_ctx;\r
    size_t olen = 0;\r
\r
    cipher_info = mbedtls_cipher_info_from_type( cipher_type );\r
    if( cipher_info == NULL )\r
        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );\r
\r
    keylen = cipher_info->key_bitlen / 8;\r
\r
    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,\r
                                          key, keylen,\r
                                          iv, cipher_info->iv_size ) ) != 0 )\r
    {\r
        return( ret );\r
    }\r
\r
    mbedtls_cipher_init( &cipher_ctx );\r
\r
    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )\r
        goto exit;\r
\r
    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )\r
        goto exit;\r
\r
    if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )\r
        goto exit;\r
\r
    if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )\r
        goto exit;\r
\r
    if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,\r
                                output, &olen ) ) != 0 )\r
    {\r
        goto exit;\r
    }\r
\r
    if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )\r
        ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;\r
\r
exit:\r
    mbedtls_platform_zeroize( key, sizeof( key ) );\r
    mbedtls_platform_zeroize( iv,  sizeof( iv  ) );\r
    mbedtls_cipher_free( &cipher_ctx );\r
\r
    return( ret );\r
}\r
\r
#endif /* MBEDTLS_ASN1_PARSE_C */\r
\r
static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,\r
                                const unsigned char *filler, size_t fill_len )\r
{\r
    unsigned char *p = data;\r
    size_t use_len;\r
\r
    while( data_len > 0 )\r
    {\r
        use_len = ( data_len > fill_len ) ? fill_len : data_len;\r
        memcpy( p, filler, use_len );\r
        p += use_len;\r
        data_len -= use_len;\r
    }\r
}\r
\r
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,\r
                       const unsigned char *pwd, size_t pwdlen,\r
                       const unsigned char *salt, size_t saltlen,\r
                       mbedtls_md_type_t md_type, int id, int iterations )\r
{\r
    int ret;\r
    unsigned int j;\r
\r
    unsigned char diversifier[128];\r
    unsigned char salt_block[128], pwd_block[128], hash_block[128];\r
    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];\r
    unsigned char *p;\r
    unsigned char c;\r
\r
    size_t hlen, use_len, v, i;\r
\r
    const mbedtls_md_info_t *md_info;\r
    mbedtls_md_context_t md_ctx;\r
\r
    // This version only allows max of 64 bytes of password or salt\r
    if( datalen > 128 || pwdlen > 64 || saltlen > 64 )\r
        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );\r
\r
    md_info = mbedtls_md_info_from_type( md_type );\r
    if( md_info == NULL )\r
        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );\r
\r
    mbedtls_md_init( &md_ctx );\r
\r
    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )\r
        return( ret );\r
    hlen = mbedtls_md_get_size( md_info );\r
\r
    if( hlen <= 32 )\r
        v = 64;\r
    else\r
        v = 128;\r
\r
    memset( diversifier, (unsigned char) id, v );\r
\r
    pkcs12_fill_buffer( salt_block, v, salt, saltlen );\r
    pkcs12_fill_buffer( pwd_block,  v, pwd,  pwdlen  );\r
\r
    p = data;\r
    while( datalen > 0 )\r
    {\r
        // Calculate hash( diversifier || salt_block || pwd_block )\r
        if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )\r
            goto exit;\r
\r
        if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )\r
            goto exit;\r
\r
        if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )\r
            goto exit;\r
\r
        if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )\r
            goto exit;\r
\r
        if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )\r
            goto exit;\r
\r
        // Perform remaining ( iterations - 1 ) recursive hash calculations\r
        for( i = 1; i < (size_t) iterations; i++ )\r
        {\r
            if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )\r
                goto exit;\r
        }\r
\r
        use_len = ( datalen > hlen ) ? hlen : datalen;\r
        memcpy( p, hash_output, use_len );\r
        datalen -= use_len;\r
        p += use_len;\r
\r
        if( datalen == 0 )\r
            break;\r
\r
        // Concatenating copies of hash_output into hash_block (B)\r
        pkcs12_fill_buffer( hash_block, v, hash_output, hlen );\r
\r
        // B += 1\r
        for( i = v; i > 0; i-- )\r
            if( ++hash_block[i - 1] != 0 )\r
                break;\r
\r
        // salt_block += B\r
        c = 0;\r
        for( i = v; i > 0; i-- )\r
        {\r
            j = salt_block[i - 1] + hash_block[i - 1] + c;\r
            c = (unsigned char) (j >> 8);\r
            salt_block[i - 1] = j & 0xFF;\r
        }\r
\r
        // pwd_block  += B\r
        c = 0;\r
        for( i = v; i > 0; i-- )\r
        {\r
            j = pwd_block[i - 1] + hash_block[i - 1] + c;\r
            c = (unsigned char) (j >> 8);\r
            pwd_block[i - 1] = j & 0xFF;\r
        }\r
    }\r
\r
    ret = 0;\r
\r
exit:\r
    mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );\r
    mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );\r
    mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );\r
    mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );\r
\r
    mbedtls_md_free( &md_ctx );\r
\r
    return( ret );\r
}\r
\r
#endif /* MBEDTLS_PKCS12_C */\r