mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 18:45:43 +01:00
PKCS#5 PBES2 now uses OID database for algorithm detection
This commit is contained in:
parent
6d72f33441
commit
9b5e885611
@ -29,6 +29,7 @@
|
|||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "asn1.h"
|
#include "asn1.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "md.h"
|
#include "md.h"
|
||||||
#include "pk.h"
|
#include "pk.h"
|
||||||
#include "x509.h"
|
#include "x509.h"
|
||||||
@ -55,7 +56,10 @@
|
|||||||
* ISO Identified organization OID parts
|
* ISO Identified organization OID parts
|
||||||
*/
|
*/
|
||||||
#define OID_ORG_DOD "\x06" /* {dod(6)} */
|
#define OID_ORG_DOD "\x06" /* {dod(6)} */
|
||||||
#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a"
|
#define OID_ORG_OIW "\x0e"
|
||||||
|
#define OID_OIW_SECSIG OID_ORG_OIW "\x03"
|
||||||
|
#define OID_OIW_SECSIG_ALG OID_OIW_SECSIG "\x02"
|
||||||
|
#define OID_OIW_SECSIG_SHA1 OID_OIW_SECSIG_ALG "\x1a"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ISO ITU OID parts
|
* ISO ITU OID parts
|
||||||
@ -143,10 +147,18 @@
|
|||||||
#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
|
#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
|
||||||
#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
|
#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PKCS definition OIDs
|
||||||
|
*/
|
||||||
|
|
||||||
#define OID_PKCS OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
|
#define OID_PKCS OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
|
||||||
#define OID_PKCS1 OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
|
#define OID_PKCS1 OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
|
||||||
|
#define OID_PKCS5 OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
|
||||||
#define OID_PKCS9 OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
|
#define OID_PKCS9 OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PKCS#1 OIDs
|
||||||
|
*/
|
||||||
#define OID_PKCS1_RSA OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
|
#define OID_PKCS1_RSA OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
|
||||||
#define OID_PKCS1_MD2 OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
|
#define OID_PKCS1_MD2 OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
|
||||||
#define OID_PKCS1_MD4 OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
|
#define OID_PKCS1_MD4 OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
|
||||||
@ -161,6 +173,9 @@
|
|||||||
|
|
||||||
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
|
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Digest algorithms
|
||||||
|
*/
|
||||||
#define OID_DIGEST_ALG_MD2 OID_RSA_COMPANY "\x02\x02" /**< id-md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
|
#define OID_DIGEST_ALG_MD2 OID_RSA_COMPANY "\x02\x02" /**< id-md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
|
||||||
#define OID_DIGEST_ALG_MD4 OID_RSA_COMPANY "\x02\x04" /**< id-md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
|
#define OID_DIGEST_ALG_MD4 OID_RSA_COMPANY "\x02\x04" /**< id-md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
|
||||||
#define OID_DIGEST_ALG_MD5 OID_RSA_COMPANY "\x02\x05" /**< id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
|
#define OID_DIGEST_ALG_MD5 OID_RSA_COMPANY "\x02\x05" /**< id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
|
||||||
@ -172,6 +187,31 @@
|
|||||||
|
|
||||||
#define OID_DIGEST_ALG_SHA512 OID_GOV "\x03\x04\x02\x03" /**< id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
|
#define OID_DIGEST_ALG_SHA512 OID_GOV "\x03\x04\x02\x03" /**< id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
|
||||||
|
|
||||||
|
#define OID_HMAC_SHA1 OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Encryption algorithms
|
||||||
|
*/
|
||||||
|
#define OID_DES_CBC OID_ISO_IDENTIFIED_ORG OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
|
||||||
|
#define OID_DES_EDE3_CBC OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PKCS#5 OIDs
|
||||||
|
*/
|
||||||
|
#define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
|
||||||
|
#define OID_PKCS5_PBES2 OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
|
||||||
|
#define OID_PKCS5_PBMAC1 OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PKCS#5 PBES1 algorithms
|
||||||
|
*/
|
||||||
|
#define OID_PKCS5_PBE_MD2_DES_CBC OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
|
||||||
|
#define OID_PKCS5_PBE_MD2_RC2_CBC OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
|
||||||
|
#define OID_PKCS5_PBE_MD5_DES_CBC OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
|
||||||
|
#define OID_PKCS5_PBE_MD5_RC2_CBC OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
|
||||||
|
#define OID_PKCS5_PBE_SHA1_DES_CBC OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
|
||||||
|
#define OID_PKCS5_PBE_SHA1_RC2_CBC OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
@ -294,6 +334,16 @@ int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc );
|
|||||||
*/
|
*/
|
||||||
int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str );
|
int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Translate encryption algorithm OID into cipher_type
|
||||||
|
*
|
||||||
|
* \param oid OID to use
|
||||||
|
* \param cipher_alg place to store cipher algorithm
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
|
||||||
|
*/
|
||||||
|
int oid_get_cipher_alg( const asn1_buf *oid, cipher_type_t *cipher_alg );
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -49,24 +49,6 @@ typedef UINT32 uint32_t;
|
|||||||
#define PKCS5_DECRYPT 0
|
#define PKCS5_DECRYPT 0
|
||||||
#define PKCS5_ENCRYPT 1
|
#define PKCS5_ENCRYPT 1
|
||||||
|
|
||||||
/*
|
|
||||||
* PKCS#5 OIDs
|
|
||||||
*/
|
|
||||||
#define OID_PKCS5 "\x2a\x86\x48\x86\xf7\x0d\x01\x05"
|
|
||||||
#define OID_PKCS5_PBES2 OID_PKCS5 "\x0d"
|
|
||||||
#define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Encryption Algorithm OIDs
|
|
||||||
*/
|
|
||||||
#define OID_DES_CBC "\x2b\x0e\x03\x02\x07"
|
|
||||||
#define OID_DES_EDE3_CBC "\x2a\x86\x48\x86\xf7\x0d\x03\x07"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Digest Algorithm OIDs
|
|
||||||
*/
|
|
||||||
#define OID_HMAC_SHA1 "\x2a\x86\x48\x86\xf7\x0d\x02\x07"
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
@ -30,7 +30,6 @@
|
|||||||
#if defined(POLARSSL_OID_C)
|
#if defined(POLARSSL_OID_C)
|
||||||
|
|
||||||
#include "polarssl/oid.h"
|
#include "polarssl/oid.h"
|
||||||
#include "polarssl/md.h"
|
|
||||||
#include "polarssl/rsa.h"
|
#include "polarssl/rsa.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -201,6 +200,30 @@ static const oid_pk_alg_t oid_pk_alg[] =
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* For PKCS#5 PBES2 encryption algorithm
|
||||||
|
*/
|
||||||
|
typedef struct {
|
||||||
|
oid_descriptor_t descriptor;
|
||||||
|
cipher_type_t cipher_alg;
|
||||||
|
} oid_cipher_alg_t;
|
||||||
|
|
||||||
|
static const oid_cipher_alg_t oid_cipher_alg[] =
|
||||||
|
{
|
||||||
|
{
|
||||||
|
{ OID_DES_CBC, "desCBC", "DES-CBC" },
|
||||||
|
POLARSSL_CIPHER_DES_CBC,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
{ OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC" },
|
||||||
|
POLARSSL_CIPHER_DES_EDE3_CBC,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
{ NULL, NULL, NULL },
|
||||||
|
0,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* For digestAlgorithm
|
* For digestAlgorithm
|
||||||
*/
|
*/
|
||||||
@ -452,6 +475,14 @@ static const oid_md_alg_t *oid_md_alg_from_asn1( const asn1_buf *oid )
|
|||||||
oid );
|
oid );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const oid_cipher_alg_t *oid_cipher_alg_from_asn1( const asn1_buf *oid )
|
||||||
|
{
|
||||||
|
return (const oid_cipher_alg_t *) oid_descriptor_from_asn1(
|
||||||
|
oid_cipher_alg,
|
||||||
|
sizeof(oid_cipher_alg_t),
|
||||||
|
oid );
|
||||||
|
}
|
||||||
|
|
||||||
int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name )
|
int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name )
|
||||||
{
|
{
|
||||||
const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid );
|
const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid );
|
||||||
@ -554,4 +585,17 @@ int oid_get_oid_by_md( md_type_t md_alg,
|
|||||||
return( POLARSSL_ERR_OID_NOT_FOUND );
|
return( POLARSSL_ERR_OID_NOT_FOUND );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int oid_get_cipher_alg( const asn1_buf *oid,
|
||||||
|
cipher_type_t *cipher_alg )
|
||||||
|
{
|
||||||
|
const oid_cipher_alg_t *data = oid_cipher_alg_from_asn1( oid );
|
||||||
|
|
||||||
|
if( data == NULL )
|
||||||
|
return( POLARSSL_ERR_OID_NOT_FOUND );
|
||||||
|
|
||||||
|
*cipher_alg = data->cipher_alg;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* POLARSSL_OID_C */
|
#endif /* POLARSSL_OID_C */
|
||||||
|
@ -40,6 +40,7 @@
|
|||||||
#include "polarssl/pkcs5.h"
|
#include "polarssl/pkcs5.h"
|
||||||
#include "polarssl/asn1.h"
|
#include "polarssl/asn1.h"
|
||||||
#include "polarssl/cipher.h"
|
#include "polarssl/cipher.h"
|
||||||
|
#include "polarssl/oid.h"
|
||||||
|
|
||||||
static int pkcs5_parse_pbkdf2_params( unsigned char **p,
|
static int pkcs5_parse_pbkdf2_params( unsigned char **p,
|
||||||
const unsigned char *end,
|
const unsigned char *end,
|
||||||
@ -117,6 +118,7 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
|
|||||||
const md_info_t *md_info;
|
const md_info_t *md_info;
|
||||||
const cipher_info_t *cipher_info;
|
const cipher_info_t *cipher_info;
|
||||||
md_context_t md_ctx;
|
md_context_t md_ctx;
|
||||||
|
cipher_type_t cipher_alg;
|
||||||
cipher_context_t cipher_ctx;
|
cipher_context_t cipher_ctx;
|
||||||
|
|
||||||
p = pbe_params->p;
|
p = pbe_params->p;
|
||||||
@ -178,21 +180,10 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
|
|||||||
enc_scheme_oid.p = p;
|
enc_scheme_oid.p = p;
|
||||||
p += enc_scheme_oid.len;
|
p += enc_scheme_oid.len;
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
if ( oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
|
||||||
// Only DES-CBC and DES-EDE3-CBC supported at the moment
|
|
||||||
//
|
|
||||||
if( OID_CMP( OID_DES_EDE3_CBC, &enc_scheme_oid ) )
|
|
||||||
{
|
|
||||||
cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
|
|
||||||
}
|
|
||||||
else if( OID_CMP( OID_DES_CBC, &enc_scheme_oid ) )
|
|
||||||
{
|
|
||||||
cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_CBC );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* POLARSSL_DES_C */
|
|
||||||
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
cipher_info = cipher_info_from_type( cipher_alg );
|
||||||
if( cipher_info == NULL )
|
if( cipher_info == NULL )
|
||||||
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user