mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 16:28:15 +00:00
Moved PKCS#12 cipher layer based PBE detection to use OID database
This commit is contained in:
parent
dd1150e846
commit
7749a22974
4 changed files with 62 additions and 22 deletions
|
@ -155,6 +155,7 @@
|
|||
#define OID_PKCS1 OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
|
||||
#define OID_PKCS5 OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
|
||||
#define OID_PKCS9 OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
|
||||
#define OID_PKCS12 OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
|
||||
|
||||
/*
|
||||
* PKCS#1 OIDs
|
||||
|
@ -212,6 +213,18 @@
|
|||
#define OID_PKCS5_PBE_SHA1_DES_CBC OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
|
||||
#define OID_PKCS5_PBE_SHA1_RC2_CBC OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
|
||||
|
||||
/*
|
||||
* PKCS#12 PBE OIDs
|
||||
*/
|
||||
#define OID_PKCS12_PBE OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
|
||||
|
||||
#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
|
||||
#define OID_PKCS12_PBE_SHA1_RC4_40 OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
|
||||
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
|
||||
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
|
||||
#define OID_PKCS12_PBE_SHA1_RC2_128_CBC OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
|
||||
#define OID_PKCS12_PBE_SHA1_RC2_40_CBC OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -344,6 +357,21 @@ int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str );
|
|||
*/
|
||||
int oid_get_cipher_alg( const asn1_buf *oid, cipher_type_t *cipher_alg );
|
||||
|
||||
#if defined(POLARSSL_PKCS12_C)
|
||||
/**
|
||||
* \brief Translate PKCS#12 PBE algorithm OID into md_type and
|
||||
* cipher_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_alg place to store message digest algorithm
|
||||
* \param cipher_alg place to store cipher algorithm
|
||||
*
|
||||
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int oid_get_pkcs12_pbe_alg( const asn1_buf *oid, md_type_t *md_alg,
|
||||
cipher_type_t *cipher_alg );
|
||||
#endif /* POLARSSL_PKCS12_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -45,14 +45,6 @@
|
|||
#define PKCS12_PBE_DECRYPT 0
|
||||
#define PKCS12_PBE_ENCRYPT 1
|
||||
|
||||
/*
|
||||
* PKCS#12 PBE types
|
||||
*/
|
||||
#define OID_PKCS12 "\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
|
||||
#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12 "\x01\x01"
|
||||
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12 "\x01\x03"
|
||||
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12 "\x01\x04"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
|
|
@ -414,6 +414,34 @@ int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str )
|
|||
return( POLARSSL_ERR_OID_NOT_FOUND );
|
||||
}
|
||||
|
||||
/*
|
||||
* For PKCS#12 PBEs
|
||||
*/
|
||||
typedef struct {
|
||||
oid_descriptor_t descriptor;
|
||||
md_type_t md_alg;
|
||||
cipher_type_t cipher_alg;
|
||||
} oid_pkcs12_pbe_alg_t;
|
||||
|
||||
static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
|
||||
{
|
||||
{
|
||||
{ OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
|
||||
POLARSSL_MD_SHA1, POLARSSL_CIPHER_DES_EDE3_CBC,
|
||||
},
|
||||
{
|
||||
{ OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
|
||||
POLARSSL_MD_SHA1, POLARSSL_CIPHER_DES_EDE_CBC,
|
||||
},
|
||||
{
|
||||
{ NULL, NULL, NULL },
|
||||
0, 0,
|
||||
},
|
||||
};
|
||||
|
||||
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg);
|
||||
FN_OID_GET_ATTR2(oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, md_type_t, md_alg, cipher_type_t, cipher_alg);
|
||||
|
||||
#if defined _MSC_VER && !defined snprintf
|
||||
#include <stdarg.h>
|
||||
|
||||
|
|
|
@ -2193,6 +2193,10 @@ static int x509parse_key_pkcs8_encrypted_der(
|
|||
unsigned char *p, *end, *end2;
|
||||
x509_buf pbe_alg_oid, pbe_params;
|
||||
unsigned char buf[2048];
|
||||
#if defined(POLARSSL_PKCS12_C)
|
||||
cipher_type_t cipher_alg;
|
||||
md_type_t md_alg;
|
||||
#endif
|
||||
|
||||
memset(buf, 0, 2048);
|
||||
|
||||
|
@ -2256,22 +2260,10 @@ static int x509parse_key_pkcs8_encrypted_der(
|
|||
* Decrypt EncryptedData with appropriate PDE
|
||||
*/
|
||||
#if defined(POLARSSL_PKCS12_C)
|
||||
if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
|
||||
if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
|
||||
{
|
||||
if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1,
|
||||
pwd, pwdlen, p, len, buf ) ) != 0 )
|
||||
{
|
||||
if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
|
||||
return( POLARSSL_ERR_X509_PASSWORD_MISMATCH );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
|
||||
{
|
||||
if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
|
||||
POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_MD_SHA1,
|
||||
cipher_alg, md_alg,
|
||||
pwd, pwdlen, p, len, buf ) ) != 0 )
|
||||
{
|
||||
if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
|
||||
|
|
Loading…
Reference in a new issue