From 14a222cef2699bd3da884662f7e56e097a12b1a0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 18 Jun 2013 16:35:48 +0200 Subject: [PATCH] Moved PKCS#12 PBE functions to cipher / md layer where possible The 3-key and 2-key Triple DES PBE functions have been replaced with a single pkcs12_pbe() function that handles both situations (and more). In addition this allows for some PASSWORD_MISMATCH checking --- include/polarssl/error.h | 2 +- include/polarssl/pkcs12.h | 36 ++++----- library/error.c | 2 + library/pkcs12.c | 105 +++++++++---------------- library/x509parse.c | 37 ++++++--- tests/suites/test_suite_x509parse.data | 24 ++++++ 6 files changed, 103 insertions(+), 103 deletions(-) diff --git a/include/polarssl/error.h b/include/polarssl/error.h index cc1b4c762..94c73a8f2 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -73,7 +73,7 @@ * High-level module nr (3 bits - 0x1...-0x8...) * Name ID Nr of Errors * PEM 1 9 - * PKCS#12 1 3 (Started from top) + * PKCS#12 1 4 (Started from top) * X509 2 23 * DHM 3 6 * PKCS5 3 4 (Started from top) diff --git a/include/polarssl/pkcs12.h b/include/polarssl/pkcs12.h index 2a28c7128..9a4577173 100644 --- a/include/polarssl/pkcs12.h +++ b/include/polarssl/pkcs12.h @@ -30,18 +30,20 @@ #include #include "md.h" +#include "cipher.h" #include "asn1.h" #define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ #define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ #define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ +#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */ #define PKCS12_DERIVE_KEY 1 /*< encryption/decryption key */ #define PKCS12_DERIVE_IV 2 /*< initialization vector */ #define PKCS12_DERIVE_MAC_KEY 3 /*< integrity / MAC key */ +#define PKCS12_PBE_DECRYPT 0 #define PKCS12_PBE_ENCRYPT 1 -#define PKCS12_PBE_DECRYPT 2 /* * PKCS#12 PBE types @@ -66,6 +68,8 @@ extern "C" { * \param input the input data * \param len data length * \param output the output buffer + * + * \return 0 if successful, or a PolarSSL error code */ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, @@ -74,37 +78,25 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, /** * \brief PKCS12 Password Based function (encryption / decryption) - * for pbeWithSHAAnd3-KeyTripleDES-CBC + * for cipher-based and md-based PBE's * * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT + * \param cipher_type the cipher used + * \param md_type the md used * \param pwd the password used (may be NULL if no password is used) * \param pwdlen length of the password (may be 0) * \param input the input data * \param len data length * \param output the output buffer - */ -int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); - -/** - * \brief PKCS12 Password Based function (encryption / decryption) - * for pbeWithSHAAnd2-KeyTripleDES-CBC * - * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure - * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT - * \param pwd the password used (may be NULL if no password is used) - * \param pwdlen length of the password (may be 0) - * \param input the input data - * \param len data length - * \param output the output buffer + * \return 0 if successful, or a PolarSSL error code */ -int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); +int pkcs12_pbe( asn1_buf *pbe_params, int mode, + cipher_type_t cipher_type, md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output ); /** * \brief The PKCS#12 derivation function uses a password and a salt diff --git a/library/error.c b/library/error.c index cb64d6b5a..036b834f1 100644 --- a/library/error.c +++ b/library/error.c @@ -231,6 +231,8 @@ void error_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); if( use_ret == -(POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT) ) snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" ); + if( use_ret == -(POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH) ) + snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" ); #endif /* POLARSSL_PKCS12_C */ #if defined(POLARSSL_PKCS5_C) diff --git a/library/pkcs12.c b/library/pkcs12.c index b8f16bf56..2ee9c5ea2 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -35,6 +35,7 @@ #include "polarssl/pkcs12.h" #include "polarssl/asn1.h" +#include "polarssl/cipher.h" #if defined(POLARSSL_ARC4_C) #include "polarssl/arc4.h" @@ -82,7 +83,7 @@ static int pkcs12_parse_pbe_params( unsigned char **p, return( 0 ); } -static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, +static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen ) @@ -106,7 +107,7 @@ static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, unipwd[i * 2 + 1] = pwd[i]; if( ( ret = pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2, - salt.p, salt.len, POLARSSL_MD_SHA1, + salt.p, salt.len, md_type, PKCS12_DERIVE_KEY, iterations ) ) != 0 ) { return( ret ); @@ -116,7 +117,7 @@ static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, return( 0 ); if( ( ret = pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2, - salt.p, salt.len, POLARSSL_MD_SHA1, + salt.p, salt.len, md_type, PKCS12_DERIVE_IV, iterations ) ) != 0 ) { return( ret ); @@ -144,7 +145,8 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, arc4_context ctx; ((void) mode); - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen, + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, POLARSSL_MD_SHA1, + pwd, pwdlen, key, 16, NULL, 0 ) ) != 0 ) { return( ret ); @@ -158,86 +160,51 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, #endif /* POLARSSL_ARC4_C */ } -int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) +int pkcs12_pbe( asn1_buf *pbe_params, int mode, + cipher_type_t cipher_type, md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output ) { -#if !defined(POLARSSL_DES_C) - ((void) pbe_params); - ((void) mode); - ((void) pwd); - ((void) pwdlen); - ((void) data); - ((void) len); - ((void) output); - return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); -#else - int ret; - unsigned char key[16]; - unsigned char iv[8]; - des3_context ctx; + int ret, keylen = 0; + unsigned char key[32]; + unsigned char iv[16]; + const cipher_info_t *cipher_info; + cipher_context_t cipher_ctx; + size_t olen = 0; - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen, - key, 16, iv, 8 ) ) != 0 ) + cipher_info = cipher_info_from_type( cipher_type ); + if( cipher_info == NULL ) + return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); + + keylen = cipher_info->key_length / 8; + + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen, + key, keylen, + iv, cipher_info->iv_size ) ) != 0 ) { return( ret ); } - if( mode == PKCS12_PBE_ENCRYPT ) - { - des3_set2key_enc( &ctx, key ); - des3_crypt_cbc( &ctx, DES_ENCRYPT, len, iv, data, output ); - } - else - { - des3_set2key_dec( &ctx, key ); - des3_crypt_cbc( &ctx, DES_DECRYPT, len, iv, data, output ); - } + if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) + return( ret ); - return( 0 ); -#endif /* POLARSSL_DES_C */ -} + if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) + return( ret ); -int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) -{ -#if !defined(POLARSSL_DES_C) - ((void) pbe_params); - ((void) mode); - ((void) pwd); - ((void) pwdlen); - ((void) data); - ((void) len); - ((void) output); - return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); -#else - int ret; - unsigned char key[24]; - unsigned char iv[8]; - des3_context ctx; + if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 ) + return( ret ); - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen, - key, 24, iv, 8 ) ) != 0 ) + if( ( ret = cipher_update( &cipher_ctx, data, len, + output, &olen ) ) != 0 ) { return( ret ); } - if( mode == PKCS12_PBE_ENCRYPT ) - { - des3_set3key_enc( &ctx, key ); - des3_crypt_cbc( &ctx, DES_ENCRYPT, len, iv, data, output ); - } - else - { - des3_set3key_dec( &ctx, key ); - des3_crypt_cbc( &ctx, DES_DECRYPT, len, iv, data, output ); - } + if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) + return( POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ); return( 0 ); -#endif /* POLARSSL_DES_C */ } static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, diff --git a/library/x509parse.c b/library/x509parse.c index ce5628923..459a9836b 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -61,10 +61,12 @@ #include "polarssl/sha4.h" #endif #include "polarssl/dhm.h" -#include "polarssl/pkcs12.h" #if defined(POLARSSL_PKCS5_C) #include "polarssl/pkcs5.h" #endif +#if defined(POLARSSL_PKCS12_C) +#include "polarssl/pkcs12.h" +#endif #include #include @@ -2278,23 +2280,28 @@ static int x509parse_key_pkcs8_encrypted_der( /* * Decrypt EncryptedData with appropriate PDE */ +#if defined(POLARSSL_PKCS12_C) if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) ) { - if( ( ret = pkcs12_pbe_sha1_des3_ede_cbc( &pbe_params, - PKCS12_PBE_DECRYPT, - pwd, pwdlen, - p, len, buf ) ) != 0 ) + if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT, + POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, + pwd, pwdlen, p, len, buf ) ) != 0 ) { + if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ) + return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); + return( ret ); } } else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) ) { - if( ( ret = pkcs12_pbe_sha1_des2_ede_cbc( &pbe_params, - PKCS12_PBE_DECRYPT, - pwd, pwdlen, - p, len, buf ) ) != 0 ) + if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT, + POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_MD_SHA1, + pwd, pwdlen, p, len, buf ) ) != 0 ) { + if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ) + return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); + return( ret ); } } @@ -2307,9 +2314,17 @@ static int x509parse_key_pkcs8_encrypted_der( { return( ret ); } + + // Best guess for password mismatch when using RC4. If first tag is + // not ASN1_CONSTRUCTED | ASN1_SEQUENCE + // + if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) + return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); } + else +#endif /* POLARSSL_PKCS12_C */ #if defined(POLARSSL_PKCS5_C) - else if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) ) + if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) ) { if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen, p, len, buf ) ) != 0 ) @@ -2320,8 +2335,8 @@ static int x509parse_key_pkcs8_encrypted_der( return( ret ); } } -#endif /* POLARSSL_PKCS5_C */ else +#endif /* POLARSSL_PKCS5_C */ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index defb06c55..b42cbbcfe 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -118,6 +118,14 @@ X509 Parse Key #10 (PKCS#8 encrypted SHA1-3DES) depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0 +X509 Parse Key #10.1 (PKCS#8 encrypted SHA1-3DES, wrong PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTes":POLARSSL_ERR_X509_PASSWORD_MISMATCH + +X509 Parse Key #10.2 (PKCS#8 encrypted SHA1-3DES, no PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED + X509 Parse Key #11 (PKCS#8 encrypted SHA1-3DES DER) depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0 @@ -126,10 +134,26 @@ X509 Parse Key #12 (PKCS#8 encrypted SHA1-2DES) depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_keyfile:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0 +X509 Parse Key #12.1 (PKCS#8 encrypted SHA1-2DES, wrong PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSLTest":POLARSSL_ERR_X509_PASSWORD_MISMATCH + +X509 Parse Key #12.2 (PKCS#8 encrypted SHA1-2DES, no PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_2des.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED + X509 Parse Key #13 (PKCS#8 encrypted SHA1-RC4-128) depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_keyfile:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 +X509 Parse Key #13.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) +depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":POLARSSL_ERR_X509_PASSWORD_MISMATCH + +X509 Parse Key #13.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) +depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED + X509 Parse Key #14 (PKCS#8 encrypted v2 PBDFK2 3DES) depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_keyfile:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0