mbed TLS library
Dependents: HTTPClient-SSL WS_SERVER
polarssl/pkcs12.c@0:137634ff4186, 2015-06-11 (annotated)
- Committer:
- ansond
- Date:
- Thu Jun 11 03:27:03 2015 +0000
- Revision:
- 0:137634ff4186
initial commit
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ansond | 0:137634ff4186 | 1 | /* |
ansond | 0:137634ff4186 | 2 | * PKCS#12 Personal Information Exchange Syntax |
ansond | 0:137634ff4186 | 3 | * |
ansond | 0:137634ff4186 | 4 | * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved |
ansond | 0:137634ff4186 | 5 | * |
ansond | 0:137634ff4186 | 6 | * This file is part of mbed TLS (https://tls.mbed.org) |
ansond | 0:137634ff4186 | 7 | * |
ansond | 0:137634ff4186 | 8 | * This program is free software; you can redistribute it and/or modify |
ansond | 0:137634ff4186 | 9 | * it under the terms of the GNU General Public License as published by |
ansond | 0:137634ff4186 | 10 | * the Free Software Foundation; either version 2 of the License, or |
ansond | 0:137634ff4186 | 11 | * (at your option) any later version. |
ansond | 0:137634ff4186 | 12 | * |
ansond | 0:137634ff4186 | 13 | * This program is distributed in the hope that it will be useful, |
ansond | 0:137634ff4186 | 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
ansond | 0:137634ff4186 | 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
ansond | 0:137634ff4186 | 16 | * GNU General Public License for more details. |
ansond | 0:137634ff4186 | 17 | * |
ansond | 0:137634ff4186 | 18 | * You should have received a copy of the GNU General Public License along |
ansond | 0:137634ff4186 | 19 | * with this program; if not, write to the Free Software Foundation, Inc., |
ansond | 0:137634ff4186 | 20 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
ansond | 0:137634ff4186 | 21 | */ |
ansond | 0:137634ff4186 | 22 | /* |
ansond | 0:137634ff4186 | 23 | * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 |
ansond | 0:137634ff4186 | 24 | * |
ansond | 0:137634ff4186 | 25 | * http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf |
ansond | 0:137634ff4186 | 26 | * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn |
ansond | 0:137634ff4186 | 27 | */ |
ansond | 0:137634ff4186 | 28 | |
ansond | 0:137634ff4186 | 29 | #if !defined(POLARSSL_CONFIG_FILE) |
ansond | 0:137634ff4186 | 30 | #include "polarssl/config.h" |
ansond | 0:137634ff4186 | 31 | #else |
ansond | 0:137634ff4186 | 32 | #include POLARSSL_CONFIG_FILE |
ansond | 0:137634ff4186 | 33 | #endif |
ansond | 0:137634ff4186 | 34 | |
ansond | 0:137634ff4186 | 35 | #if defined(POLARSSL_PKCS12_C) |
ansond | 0:137634ff4186 | 36 | |
ansond | 0:137634ff4186 | 37 | #include "polarssl/pkcs12.h" |
ansond | 0:137634ff4186 | 38 | #include "polarssl/asn1.h" |
ansond | 0:137634ff4186 | 39 | #include "polarssl/cipher.h" |
ansond | 0:137634ff4186 | 40 | |
ansond | 0:137634ff4186 | 41 | #include <string.h> |
ansond | 0:137634ff4186 | 42 | |
ansond | 0:137634ff4186 | 43 | #if defined(POLARSSL_ARC4_C) |
ansond | 0:137634ff4186 | 44 | #include "polarssl/arc4.h" |
ansond | 0:137634ff4186 | 45 | #endif |
ansond | 0:137634ff4186 | 46 | |
ansond | 0:137634ff4186 | 47 | #if defined(POLARSSL_DES_C) |
ansond | 0:137634ff4186 | 48 | #include "polarssl/des.h" |
ansond | 0:137634ff4186 | 49 | #endif |
ansond | 0:137634ff4186 | 50 | |
ansond | 0:137634ff4186 | 51 | /* Implementation that should never be optimized out by the compiler */ |
ansond | 0:137634ff4186 | 52 | static void polarssl_zeroize( void *v, size_t n ) { |
ansond | 0:137634ff4186 | 53 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
ansond | 0:137634ff4186 | 54 | } |
ansond | 0:137634ff4186 | 55 | |
ansond | 0:137634ff4186 | 56 | static int pkcs12_parse_pbe_params( asn1_buf *params, |
ansond | 0:137634ff4186 | 57 | asn1_buf *salt, int *iterations ) |
ansond | 0:137634ff4186 | 58 | { |
ansond | 0:137634ff4186 | 59 | int ret; |
ansond | 0:137634ff4186 | 60 | unsigned char **p = ¶ms->p; |
ansond | 0:137634ff4186 | 61 | const unsigned char *end = params->p + params->len; |
ansond | 0:137634ff4186 | 62 | |
ansond | 0:137634ff4186 | 63 | /* |
ansond | 0:137634ff4186 | 64 | * pkcs-12PbeParams ::= SEQUENCE { |
ansond | 0:137634ff4186 | 65 | * salt OCTET STRING, |
ansond | 0:137634ff4186 | 66 | * iterations INTEGER |
ansond | 0:137634ff4186 | 67 | * } |
ansond | 0:137634ff4186 | 68 | * |
ansond | 0:137634ff4186 | 69 | */ |
ansond | 0:137634ff4186 | 70 | if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) |
ansond | 0:137634ff4186 | 71 | return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + |
ansond | 0:137634ff4186 | 72 | POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); |
ansond | 0:137634ff4186 | 73 | |
ansond | 0:137634ff4186 | 74 | if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 ) |
ansond | 0:137634ff4186 | 75 | return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); |
ansond | 0:137634ff4186 | 76 | |
ansond | 0:137634ff4186 | 77 | salt->p = *p; |
ansond | 0:137634ff4186 | 78 | *p += salt->len; |
ansond | 0:137634ff4186 | 79 | |
ansond | 0:137634ff4186 | 80 | if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 ) |
ansond | 0:137634ff4186 | 81 | return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); |
ansond | 0:137634ff4186 | 82 | |
ansond | 0:137634ff4186 | 83 | if( *p != end ) |
ansond | 0:137634ff4186 | 84 | return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + |
ansond | 0:137634ff4186 | 85 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
ansond | 0:137634ff4186 | 86 | |
ansond | 0:137634ff4186 | 87 | return( 0 ); |
ansond | 0:137634ff4186 | 88 | } |
ansond | 0:137634ff4186 | 89 | |
ansond | 0:137634ff4186 | 90 | static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type, |
ansond | 0:137634ff4186 | 91 | const unsigned char *pwd, size_t pwdlen, |
ansond | 0:137634ff4186 | 92 | unsigned char *key, size_t keylen, |
ansond | 0:137634ff4186 | 93 | unsigned char *iv, size_t ivlen ) |
ansond | 0:137634ff4186 | 94 | { |
ansond | 0:137634ff4186 | 95 | int ret, iterations; |
ansond | 0:137634ff4186 | 96 | asn1_buf salt; |
ansond | 0:137634ff4186 | 97 | size_t i; |
ansond | 0:137634ff4186 | 98 | unsigned char unipwd[258]; |
ansond | 0:137634ff4186 | 99 | |
ansond | 0:137634ff4186 | 100 | memset( &salt, 0, sizeof(asn1_buf) ); |
ansond | 0:137634ff4186 | 101 | memset( &unipwd, 0, sizeof(unipwd) ); |
ansond | 0:137634ff4186 | 102 | |
ansond | 0:137634ff4186 | 103 | if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt, |
ansond | 0:137634ff4186 | 104 | &iterations ) ) != 0 ) |
ansond | 0:137634ff4186 | 105 | return( ret ); |
ansond | 0:137634ff4186 | 106 | |
ansond | 0:137634ff4186 | 107 | for( i = 0; i < pwdlen; i++ ) |
ansond | 0:137634ff4186 | 108 | unipwd[i * 2 + 1] = pwd[i]; |
ansond | 0:137634ff4186 | 109 | |
ansond | 0:137634ff4186 | 110 | if( ( ret = pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2, |
ansond | 0:137634ff4186 | 111 | salt.p, salt.len, md_type, |
ansond | 0:137634ff4186 | 112 | PKCS12_DERIVE_KEY, iterations ) ) != 0 ) |
ansond | 0:137634ff4186 | 113 | { |
ansond | 0:137634ff4186 | 114 | return( ret ); |
ansond | 0:137634ff4186 | 115 | } |
ansond | 0:137634ff4186 | 116 | |
ansond | 0:137634ff4186 | 117 | if( iv == NULL || ivlen == 0 ) |
ansond | 0:137634ff4186 | 118 | return( 0 ); |
ansond | 0:137634ff4186 | 119 | |
ansond | 0:137634ff4186 | 120 | if( ( ret = pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2, |
ansond | 0:137634ff4186 | 121 | salt.p, salt.len, md_type, |
ansond | 0:137634ff4186 | 122 | PKCS12_DERIVE_IV, iterations ) ) != 0 ) |
ansond | 0:137634ff4186 | 123 | { |
ansond | 0:137634ff4186 | 124 | return( ret ); |
ansond | 0:137634ff4186 | 125 | } |
ansond | 0:137634ff4186 | 126 | return( 0 ); |
ansond | 0:137634ff4186 | 127 | } |
ansond | 0:137634ff4186 | 128 | |
ansond | 0:137634ff4186 | 129 | int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, |
ansond | 0:137634ff4186 | 130 | const unsigned char *pwd, size_t pwdlen, |
ansond | 0:137634ff4186 | 131 | const unsigned char *data, size_t len, |
ansond | 0:137634ff4186 | 132 | unsigned char *output ) |
ansond | 0:137634ff4186 | 133 | { |
ansond | 0:137634ff4186 | 134 | #if !defined(POLARSSL_ARC4_C) |
ansond | 0:137634ff4186 | 135 | ((void) pbe_params); |
ansond | 0:137634ff4186 | 136 | ((void) mode); |
ansond | 0:137634ff4186 | 137 | ((void) pwd); |
ansond | 0:137634ff4186 | 138 | ((void) pwdlen); |
ansond | 0:137634ff4186 | 139 | ((void) data); |
ansond | 0:137634ff4186 | 140 | ((void) len); |
ansond | 0:137634ff4186 | 141 | ((void) output); |
ansond | 0:137634ff4186 | 142 | return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); |
ansond | 0:137634ff4186 | 143 | #else |
ansond | 0:137634ff4186 | 144 | int ret; |
ansond | 0:137634ff4186 | 145 | unsigned char key[16]; |
ansond | 0:137634ff4186 | 146 | arc4_context ctx; |
ansond | 0:137634ff4186 | 147 | ((void) mode); |
ansond | 0:137634ff4186 | 148 | |
ansond | 0:137634ff4186 | 149 | arc4_init( &ctx ); |
ansond | 0:137634ff4186 | 150 | |
ansond | 0:137634ff4186 | 151 | if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, POLARSSL_MD_SHA1, |
ansond | 0:137634ff4186 | 152 | pwd, pwdlen, |
ansond | 0:137634ff4186 | 153 | key, 16, NULL, 0 ) ) != 0 ) |
ansond | 0:137634ff4186 | 154 | { |
ansond | 0:137634ff4186 | 155 | return( ret ); |
ansond | 0:137634ff4186 | 156 | } |
ansond | 0:137634ff4186 | 157 | |
ansond | 0:137634ff4186 | 158 | arc4_setup( &ctx, key, 16 ); |
ansond | 0:137634ff4186 | 159 | if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 ) |
ansond | 0:137634ff4186 | 160 | goto exit; |
ansond | 0:137634ff4186 | 161 | |
ansond | 0:137634ff4186 | 162 | exit: |
ansond | 0:137634ff4186 | 163 | polarssl_zeroize( key, sizeof( key ) ); |
ansond | 0:137634ff4186 | 164 | arc4_free( &ctx ); |
ansond | 0:137634ff4186 | 165 | |
ansond | 0:137634ff4186 | 166 | return( ret ); |
ansond | 0:137634ff4186 | 167 | #endif /* POLARSSL_ARC4_C */ |
ansond | 0:137634ff4186 | 168 | } |
ansond | 0:137634ff4186 | 169 | |
ansond | 0:137634ff4186 | 170 | int pkcs12_pbe( asn1_buf *pbe_params, int mode, |
ansond | 0:137634ff4186 | 171 | cipher_type_t cipher_type, md_type_t md_type, |
ansond | 0:137634ff4186 | 172 | const unsigned char *pwd, size_t pwdlen, |
ansond | 0:137634ff4186 | 173 | const unsigned char *data, size_t len, |
ansond | 0:137634ff4186 | 174 | unsigned char *output ) |
ansond | 0:137634ff4186 | 175 | { |
ansond | 0:137634ff4186 | 176 | int ret, keylen = 0; |
ansond | 0:137634ff4186 | 177 | unsigned char key[32]; |
ansond | 0:137634ff4186 | 178 | unsigned char iv[16]; |
ansond | 0:137634ff4186 | 179 | const cipher_info_t *cipher_info; |
ansond | 0:137634ff4186 | 180 | cipher_context_t cipher_ctx; |
ansond | 0:137634ff4186 | 181 | size_t olen = 0; |
ansond | 0:137634ff4186 | 182 | |
ansond | 0:137634ff4186 | 183 | cipher_info = cipher_info_from_type( cipher_type ); |
ansond | 0:137634ff4186 | 184 | if( cipher_info == NULL ) |
ansond | 0:137634ff4186 | 185 | return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); |
ansond | 0:137634ff4186 | 186 | |
ansond | 0:137634ff4186 | 187 | keylen = cipher_info->key_length / 8; |
ansond | 0:137634ff4186 | 188 | |
ansond | 0:137634ff4186 | 189 | if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen, |
ansond | 0:137634ff4186 | 190 | key, keylen, |
ansond | 0:137634ff4186 | 191 | iv, cipher_info->iv_size ) ) != 0 ) |
ansond | 0:137634ff4186 | 192 | { |
ansond | 0:137634ff4186 | 193 | return( ret ); |
ansond | 0:137634ff4186 | 194 | } |
ansond | 0:137634ff4186 | 195 | |
ansond | 0:137634ff4186 | 196 | cipher_init( &cipher_ctx ); |
ansond | 0:137634ff4186 | 197 | |
ansond | 0:137634ff4186 | 198 | if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) |
ansond | 0:137634ff4186 | 199 | goto exit; |
ansond | 0:137634ff4186 | 200 | |
ansond | 0:137634ff4186 | 201 | if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, (operation_t) mode ) ) != 0 ) |
ansond | 0:137634ff4186 | 202 | goto exit; |
ansond | 0:137634ff4186 | 203 | |
ansond | 0:137634ff4186 | 204 | if( ( ret = cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 ) |
ansond | 0:137634ff4186 | 205 | goto exit; |
ansond | 0:137634ff4186 | 206 | |
ansond | 0:137634ff4186 | 207 | if( ( ret = cipher_reset( &cipher_ctx ) ) != 0 ) |
ansond | 0:137634ff4186 | 208 | goto exit; |
ansond | 0:137634ff4186 | 209 | |
ansond | 0:137634ff4186 | 210 | if( ( ret = cipher_update( &cipher_ctx, data, len, |
ansond | 0:137634ff4186 | 211 | output, &olen ) ) != 0 ) |
ansond | 0:137634ff4186 | 212 | { |
ansond | 0:137634ff4186 | 213 | goto exit; |
ansond | 0:137634ff4186 | 214 | } |
ansond | 0:137634ff4186 | 215 | |
ansond | 0:137634ff4186 | 216 | if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) |
ansond | 0:137634ff4186 | 217 | ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH; |
ansond | 0:137634ff4186 | 218 | |
ansond | 0:137634ff4186 | 219 | exit: |
ansond | 0:137634ff4186 | 220 | polarssl_zeroize( key, sizeof( key ) ); |
ansond | 0:137634ff4186 | 221 | polarssl_zeroize( iv, sizeof( iv ) ); |
ansond | 0:137634ff4186 | 222 | cipher_free( &cipher_ctx ); |
ansond | 0:137634ff4186 | 223 | |
ansond | 0:137634ff4186 | 224 | return( ret ); |
ansond | 0:137634ff4186 | 225 | } |
ansond | 0:137634ff4186 | 226 | |
ansond | 0:137634ff4186 | 227 | static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, |
ansond | 0:137634ff4186 | 228 | const unsigned char *filler, size_t fill_len ) |
ansond | 0:137634ff4186 | 229 | { |
ansond | 0:137634ff4186 | 230 | unsigned char *p = data; |
ansond | 0:137634ff4186 | 231 | size_t use_len; |
ansond | 0:137634ff4186 | 232 | |
ansond | 0:137634ff4186 | 233 | while( data_len > 0 ) |
ansond | 0:137634ff4186 | 234 | { |
ansond | 0:137634ff4186 | 235 | use_len = ( data_len > fill_len ) ? fill_len : data_len; |
ansond | 0:137634ff4186 | 236 | memcpy( p, filler, use_len ); |
ansond | 0:137634ff4186 | 237 | p += use_len; |
ansond | 0:137634ff4186 | 238 | data_len -= use_len; |
ansond | 0:137634ff4186 | 239 | } |
ansond | 0:137634ff4186 | 240 | } |
ansond | 0:137634ff4186 | 241 | |
ansond | 0:137634ff4186 | 242 | int pkcs12_derivation( unsigned char *data, size_t datalen, |
ansond | 0:137634ff4186 | 243 | const unsigned char *pwd, size_t pwdlen, |
ansond | 0:137634ff4186 | 244 | const unsigned char *salt, size_t saltlen, |
ansond | 0:137634ff4186 | 245 | md_type_t md_type, int id, int iterations ) |
ansond | 0:137634ff4186 | 246 | { |
ansond | 0:137634ff4186 | 247 | int ret; |
ansond | 0:137634ff4186 | 248 | unsigned int j; |
ansond | 0:137634ff4186 | 249 | |
ansond | 0:137634ff4186 | 250 | unsigned char diversifier[128]; |
ansond | 0:137634ff4186 | 251 | unsigned char salt_block[128], pwd_block[128], hash_block[128]; |
ansond | 0:137634ff4186 | 252 | unsigned char hash_output[POLARSSL_MD_MAX_SIZE]; |
ansond | 0:137634ff4186 | 253 | unsigned char *p; |
ansond | 0:137634ff4186 | 254 | unsigned char c; |
ansond | 0:137634ff4186 | 255 | |
ansond | 0:137634ff4186 | 256 | size_t hlen, use_len, v, i; |
ansond | 0:137634ff4186 | 257 | |
ansond | 0:137634ff4186 | 258 | const md_info_t *md_info; |
ansond | 0:137634ff4186 | 259 | md_context_t md_ctx; |
ansond | 0:137634ff4186 | 260 | |
ansond | 0:137634ff4186 | 261 | // This version only allows max of 64 bytes of password or salt |
ansond | 0:137634ff4186 | 262 | if( datalen > 128 || pwdlen > 64 || saltlen > 64 ) |
ansond | 0:137634ff4186 | 263 | return( POLARSSL_ERR_PKCS12_BAD_INPUT_DATA ); |
ansond | 0:137634ff4186 | 264 | |
ansond | 0:137634ff4186 | 265 | md_info = md_info_from_type( md_type ); |
ansond | 0:137634ff4186 | 266 | if( md_info == NULL ) |
ansond | 0:137634ff4186 | 267 | return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); |
ansond | 0:137634ff4186 | 268 | |
ansond | 0:137634ff4186 | 269 | md_init( &md_ctx ); |
ansond | 0:137634ff4186 | 270 | |
ansond | 0:137634ff4186 | 271 | if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) |
ansond | 0:137634ff4186 | 272 | return( ret ); |
ansond | 0:137634ff4186 | 273 | hlen = md_get_size( md_info ); |
ansond | 0:137634ff4186 | 274 | |
ansond | 0:137634ff4186 | 275 | if( hlen <= 32 ) |
ansond | 0:137634ff4186 | 276 | v = 64; |
ansond | 0:137634ff4186 | 277 | else |
ansond | 0:137634ff4186 | 278 | v = 128; |
ansond | 0:137634ff4186 | 279 | |
ansond | 0:137634ff4186 | 280 | memset( diversifier, (unsigned char) id, v ); |
ansond | 0:137634ff4186 | 281 | |
ansond | 0:137634ff4186 | 282 | pkcs12_fill_buffer( salt_block, v, salt, saltlen ); |
ansond | 0:137634ff4186 | 283 | pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); |
ansond | 0:137634ff4186 | 284 | |
ansond | 0:137634ff4186 | 285 | p = data; |
ansond | 0:137634ff4186 | 286 | while( datalen > 0 ) |
ansond | 0:137634ff4186 | 287 | { |
ansond | 0:137634ff4186 | 288 | // Calculate hash( diversifier || salt_block || pwd_block ) |
ansond | 0:137634ff4186 | 289 | if( ( ret = md_starts( &md_ctx ) ) != 0 ) |
ansond | 0:137634ff4186 | 290 | goto exit; |
ansond | 0:137634ff4186 | 291 | |
ansond | 0:137634ff4186 | 292 | if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 ) |
ansond | 0:137634ff4186 | 293 | goto exit; |
ansond | 0:137634ff4186 | 294 | |
ansond | 0:137634ff4186 | 295 | if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 ) |
ansond | 0:137634ff4186 | 296 | goto exit; |
ansond | 0:137634ff4186 | 297 | |
ansond | 0:137634ff4186 | 298 | if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 ) |
ansond | 0:137634ff4186 | 299 | goto exit; |
ansond | 0:137634ff4186 | 300 | |
ansond | 0:137634ff4186 | 301 | if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 ) |
ansond | 0:137634ff4186 | 302 | goto exit; |
ansond | 0:137634ff4186 | 303 | |
ansond | 0:137634ff4186 | 304 | // Perform remaining ( iterations - 1 ) recursive hash calculations |
ansond | 0:137634ff4186 | 305 | for( i = 1; i < (size_t) iterations; i++ ) |
ansond | 0:137634ff4186 | 306 | { |
ansond | 0:137634ff4186 | 307 | if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 ) |
ansond | 0:137634ff4186 | 308 | goto exit; |
ansond | 0:137634ff4186 | 309 | } |
ansond | 0:137634ff4186 | 310 | |
ansond | 0:137634ff4186 | 311 | use_len = ( datalen > hlen ) ? hlen : datalen; |
ansond | 0:137634ff4186 | 312 | memcpy( p, hash_output, use_len ); |
ansond | 0:137634ff4186 | 313 | datalen -= use_len; |
ansond | 0:137634ff4186 | 314 | p += use_len; |
ansond | 0:137634ff4186 | 315 | |
ansond | 0:137634ff4186 | 316 | if( datalen == 0 ) |
ansond | 0:137634ff4186 | 317 | break; |
ansond | 0:137634ff4186 | 318 | |
ansond | 0:137634ff4186 | 319 | // Concatenating copies of hash_output into hash_block (B) |
ansond | 0:137634ff4186 | 320 | pkcs12_fill_buffer( hash_block, v, hash_output, hlen ); |
ansond | 0:137634ff4186 | 321 | |
ansond | 0:137634ff4186 | 322 | // B += 1 |
ansond | 0:137634ff4186 | 323 | for( i = v; i > 0; i-- ) |
ansond | 0:137634ff4186 | 324 | if( ++hash_block[i - 1] != 0 ) |
ansond | 0:137634ff4186 | 325 | break; |
ansond | 0:137634ff4186 | 326 | |
ansond | 0:137634ff4186 | 327 | // salt_block += B |
ansond | 0:137634ff4186 | 328 | c = 0; |
ansond | 0:137634ff4186 | 329 | for( i = v; i > 0; i-- ) |
ansond | 0:137634ff4186 | 330 | { |
ansond | 0:137634ff4186 | 331 | j = salt_block[i - 1] + hash_block[i - 1] + c; |
ansond | 0:137634ff4186 | 332 | c = (unsigned char) (j >> 8); |
ansond | 0:137634ff4186 | 333 | salt_block[i - 1] = j & 0xFF; |
ansond | 0:137634ff4186 | 334 | } |
ansond | 0:137634ff4186 | 335 | |
ansond | 0:137634ff4186 | 336 | // pwd_block += B |
ansond | 0:137634ff4186 | 337 | c = 0; |
ansond | 0:137634ff4186 | 338 | for( i = v; i > 0; i-- ) |
ansond | 0:137634ff4186 | 339 | { |
ansond | 0:137634ff4186 | 340 | j = pwd_block[i - 1] + hash_block[i - 1] + c; |
ansond | 0:137634ff4186 | 341 | c = (unsigned char) (j >> 8); |
ansond | 0:137634ff4186 | 342 | pwd_block[i - 1] = j & 0xFF; |
ansond | 0:137634ff4186 | 343 | } |
ansond | 0:137634ff4186 | 344 | } |
ansond | 0:137634ff4186 | 345 | |
ansond | 0:137634ff4186 | 346 | ret = 0; |
ansond | 0:137634ff4186 | 347 | |
ansond | 0:137634ff4186 | 348 | exit: |
ansond | 0:137634ff4186 | 349 | polarssl_zeroize( salt_block, sizeof( salt_block ) ); |
ansond | 0:137634ff4186 | 350 | polarssl_zeroize( pwd_block, sizeof( pwd_block ) ); |
ansond | 0:137634ff4186 | 351 | polarssl_zeroize( hash_block, sizeof( hash_block ) ); |
ansond | 0:137634ff4186 | 352 | polarssl_zeroize( hash_output, sizeof( hash_output ) ); |
ansond | 0:137634ff4186 | 353 | |
ansond | 0:137634ff4186 | 354 | md_free( &md_ctx ); |
ansond | 0:137634ff4186 | 355 | |
ansond | 0:137634ff4186 | 356 | return( ret ); |
ansond | 0:137634ff4186 | 357 | } |
ansond | 0:137634ff4186 | 358 | |
ansond | 0:137634ff4186 | 359 | #endif /* POLARSSL_PKCS12_C */ |
ansond | 0:137634ff4186 | 360 |