/** * Given the identifier for the cipher algorithm return the block size. * * @param Cipher The cipher algorithm in question. * @return The modulus of the buffer (in bytes) required for this cipher. */ int get_cipher_block_size(Cipher c) { if (_is_cipher_symmetric(c)) { const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c); if (info) { return info->block_size; } } else { } return 0; }
static int cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key, void *IV) { const mbedtls_cipher_info_t *cipher_info = NULL; int rc; mbedtls_cipher_init(&cipher->encrypt_ctx); cipher_info = mbedtls_cipher_info_from_type(cipher->type); rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed"); goto error; } rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key, cipher_info->key_bitlen, MBEDTLS_ENCRYPT); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed"); goto error; } rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed"); goto error; } /* libssh only encypts and decrypts packets that are multiples of a block * size, and no padding is used */ rc = mbedtls_cipher_set_padding_mode(&cipher->encrypt_ctx, MBEDTLS_PADDING_NONE); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed"); goto error; } rc = mbedtls_cipher_reset(&cipher->encrypt_ctx); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); goto error; } return SSH_OK; error: mbedtls_cipher_free(&cipher->encrypt_ctx); return SSH_ERROR; }
static int cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key, void *IV) { const mbedtls_cipher_info_t *cipher_info; int rc; mbedtls_cipher_init(&cipher->decrypt_ctx); cipher_info = mbedtls_cipher_info_from_type(cipher->type); rc = mbedtls_cipher_setup(&cipher->decrypt_ctx, cipher_info); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed"); goto error; } rc = mbedtls_cipher_setkey(&cipher->decrypt_ctx, key, cipher_info->key_bitlen, MBEDTLS_DECRYPT); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed"); goto error; } rc = mbedtls_cipher_set_iv(&cipher->decrypt_ctx, IV, cipher_info->iv_size); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed"); goto error; } rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx, MBEDTLS_PADDING_NONE); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed"); goto error; } mbedtls_cipher_reset(&cipher->decrypt_ctx); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); goto error; } return SSH_OK; error: mbedtls_cipher_free(&cipher->decrypt_ctx); return SSH_ERROR; }
int cipherList(State & state){ Stack * stack = state.stack; CipherInfo * interfaceCipherInfo = OBJECT_IFACE(CipherInfo); const int * list = mbedtls_cipher_list(); stack->newTable(); while (*list != 0){ const mbedtls_cipher_info_t * info = mbedtls_cipher_info_from_type(static_cast<mbedtls_cipher_type_t>(*list)); stack->push<int>(*list); interfaceCipherInfo->push(const_cast<mbedtls_cipher_info_t *>(info)); stack->setTable(); list++; } return 1; }
void show_available_ciphers() { const int *ciphers = mbedtls_cipher_list(); #ifndef ENABLE_SMALL printf("The following ciphers and cipher modes are available for use\n" "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n" "parameter to the --cipher option. Using a CBC or GCM mode is\n" "recommended. In static key mode only CBC mode is allowed.\n\n"); #endif while (*ciphers != 0) { const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers); if (info && cipher_kt_block_size(info) >= 128/8) { print_cipher(info); } ciphers++; } printf("\nThe following ciphers have a block size of less than 128 bits, \n" "and are therefore deprecated. Do not use unless you have to.\n\n"); ciphers = mbedtls_cipher_list(); while (*ciphers != 0) { const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers); if (info && cipher_kt_block_size(info) < 128/8) { print_cipher(info); } ciphers++; } printf("\n"); }
/** * Given the indirected identifier for the cipher algorithm return its label. * * @param Cipher The cipher algorithm in question. * @return The label for the cipher. */ const char* get_cipher_label(Cipher c) { if (_is_cipher_symmetric(c)) { const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c); if (info) { return info->name; } } else { const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c); if (info) { return info->name; } } return "<UNKNOWN>"; }
/** * Given the identifier for the cipher algorithm return the block size. * * @param Cipher The cipher algorithm in question. * @param int The starting length of the input data. * @return The modulus of the buffer (in bytes) required for this cipher. */ int get_cipher_aligned_size(Cipher c, int base_len) { if (_is_cipher_symmetric(c)) { const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c); if (info) { int len = base_len; if (0 != len % info->block_size) { len += (info->block_size - (len % info->block_size)); } return len; } } else { } return base_len; }
/** * Given the identifier for the cipher algorithm return the key size. * * @param Cipher The cipher algorithm in question. * @return The size of the buffer (in bytes) required to hold the cipher key. */ int get_cipher_key_length(Cipher c) { if (_is_cipher_symmetric(c)) { const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c); if (info) { return info->key_bitlen; } } else { const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c); if (info) { //return info->key_bitlen; } //mbedtls_pk_get_bitlen } return 0; }
static int cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { const mbedtls_cipher_info_t *cipher_info = NULL; int rc; mbedtls_cipher_init(&cipher->encrypt_ctx); cipher_info = mbedtls_cipher_info_from_type(cipher->type); rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed"); goto error; } rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key, cipher_info->key_bitlen, MBEDTLS_ENCRYPT); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed"); goto error; } rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed"); goto error; } rc = mbedtls_cipher_reset(&cipher->encrypt_ctx); if (rc != 0) { SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); goto error; } return SSH_OK; error: mbedtls_cipher_free(&cipher->encrypt_ctx); return SSH_ERROR; }
int cipherInfo(State & state){ Stack * stack = state.stack; CipherInfo * interfaceCipherInfo = OBJECT_IFACE(CipherInfo); mbedtls_cipher_info_t * info = nullptr; if (stack->is<LUA_TNUMBER>(1)){ mbedtls_cipher_type_t type = static_cast<mbedtls_cipher_type_t>(stack->to<int>(1)); info = const_cast<mbedtls_cipher_info_t*>(mbedtls_cipher_info_from_type(type)); } else if (stack->is<LUA_TSTRING>(1)){ const std::string name = stack->to<const std::string>(1); info = const_cast<mbedtls_cipher_info_t*>(mbedtls_cipher_info_from_string(name.c_str())); } if (info){ interfaceCipherInfo->push(info); return 1; } else{ return 0; } }
int main( int argc, char *argv[] ) { int i; unsigned char tmp[200]; char title[TITLE_LEN]; todo_list todo; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char alloc_buf[HEAP_SIZE] = { 0 }; #endif if( argc <= 1 ) { memset( &todo, 1, sizeof( todo ) ); } else { memset( &todo, 0, sizeof( todo ) ); for( i = 1; i < argc; i++ ) { if( strcmp( argv[i], "md4" ) == 0 ) todo.md4 = 1; else if( strcmp( argv[i], "md5" ) == 0 ) todo.md5 = 1; else if( strcmp( argv[i], "ripemd160" ) == 0 ) todo.ripemd160 = 1; else if( strcmp( argv[i], "sha1" ) == 0 ) todo.sha1 = 1; else if( strcmp( argv[i], "sha256" ) == 0 ) todo.sha256 = 1; else if( strcmp( argv[i], "sha512" ) == 0 ) todo.sha512 = 1; else if( strcmp( argv[i], "arc4" ) == 0 ) todo.arc4 = 1; else if( strcmp( argv[i], "des3" ) == 0 ) todo.des3 = 1; else if( strcmp( argv[i], "des" ) == 0 ) todo.des = 1; else if( strcmp( argv[i], "aes_cbc" ) == 0 ) todo.aes_cbc = 1; else if( strcmp( argv[i], "aes_gcm" ) == 0 ) todo.aes_gcm = 1; else if( strcmp( argv[i], "aes_ccm" ) == 0 ) todo.aes_ccm = 1; else if( strcmp( argv[i], "aes_cmac" ) == 0 ) todo.aes_cmac = 1; else if( strcmp( argv[i], "des3_cmac" ) == 0 ) todo.des3_cmac = 1; else if( strcmp( argv[i], "camellia" ) == 0 ) todo.camellia = 1; else if( strcmp( argv[i], "blowfish" ) == 0 ) todo.blowfish = 1; else if( strcmp( argv[i], "havege" ) == 0 ) todo.havege = 1; else if( strcmp( argv[i], "ctr_drbg" ) == 0 ) todo.ctr_drbg = 1; else if( strcmp( argv[i], "hmac_drbg" ) == 0 ) todo.hmac_drbg = 1; else if( strcmp( argv[i], "rsa" ) == 0 ) todo.rsa = 1; else if( strcmp( argv[i], "dhm" ) == 0 ) todo.dhm = 1; else if( strcmp( argv[i], "ecdsa" ) == 0 ) todo.ecdsa = 1; else if( strcmp( argv[i], "ecdh" ) == 0 ) todo.ecdh = 1; else { mbedtls_printf( "Unrecognized option: %s\n", argv[i] ); mbedtls_printf( "Available options: " OPTIONS ); } } } mbedtls_printf( "\n" ); #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) ); #endif memset( buf, 0xAA, sizeof( buf ) ); memset( tmp, 0xBB, sizeof( tmp ) ); #if defined(MBEDTLS_MD4_C) if( todo.md4 ) TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) if( todo.arc4 ) { mbedtls_arc4_context arc4; mbedtls_arc4_init( &arc4 ); mbedtls_arc4_setup( &arc4, tmp, 32 ); TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) ); mbedtls_arc4_free( &arc4 ); } #endif #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.des3 ) { mbedtls_des3_context des3; mbedtls_des3_init( &des3 ); mbedtls_des3_set3key_enc( &des3, tmp ); TIME_AND_TSC( "3DES", mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des3_free( &des3 ); } if( todo.des ) { mbedtls_des_context des; mbedtls_des_init( &des ); mbedtls_des_setkey_enc( &des, tmp ); TIME_AND_TSC( "DES", mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des_free( &des ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CMAC_C) if( todo.des3_cmac ) { unsigned char output[8]; const mbedtls_cipher_info_t *cipher_info; memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB ); TIME_AND_TSC( "3DES-CMAC", mbedtls_cipher_cmac( cipher_info, tmp, 192, buf, BUFSIZE, output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.aes_cbc ) { int keysize; mbedtls_aes_context aes; mbedtls_aes_init( &aes ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_aes_setkey_enc( &aes, tmp, keysize ); TIME_AND_TSC( title, mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } mbedtls_aes_free( &aes ); } #endif #if defined(MBEDTLS_GCM_C) if( todo.aes_gcm ) { int keysize; mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); TIME_AND_TSC( title, mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, 12, NULL, 0, buf, buf, 16, tmp ) ); mbedtls_gcm_free( &gcm ); } } #endif #if defined(MBEDTLS_CCM_C) if( todo.aes_ccm ) { int keysize; mbedtls_ccm_context ccm; mbedtls_ccm_init( &ccm ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); TIME_AND_TSC( title, mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp, 12, NULL, 0, buf, buf, tmp, 16 ) ); mbedtls_ccm_free( &ccm ); } } #endif #if defined(MBEDTLS_CMAC_C) if( todo.aes_cmac ) { unsigned char output[16]; const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_type_t cipher_type; int keysize; for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; keysize <= 256; keysize += 64, cipher_type++ ) { mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); cipher_info = mbedtls_cipher_info_from_type( cipher_type ); TIME_AND_TSC( title, mbedtls_cipher_cmac( cipher_info, tmp, keysize, buf, BUFSIZE, output ) ); } memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); TIME_AND_TSC( "AES-CMAC-PRF-128", mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE, output ) ); } #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.camellia ) { int keysize; mbedtls_camellia_context camellia; mbedtls_camellia_init( &camellia ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_camellia_setkey_enc( &camellia, tmp, keysize ); TIME_AND_TSC( title, mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } mbedtls_camellia_free( &camellia ); } #endif #if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.blowfish ) { int keysize; mbedtls_blowfish_context blowfish; mbedtls_blowfish_init( &blowfish ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); mbedtls_blowfish_setkey( &blowfish, tmp, keysize ); TIME_AND_TSC( title, mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } mbedtls_blowfish_free( &blowfish ); } #endif #if defined(MBEDTLS_HAVEGE_C) if( todo.havege ) { mbedtls_havege_state hs; mbedtls_havege_init( &hs ); TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) ); mbedtls_havege_free( &hs ); } #endif #if defined(MBEDTLS_CTR_DRBG_C) if( todo.ctr_drbg ) { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init( &ctr_drbg ); if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); TIME_AND_TSC( "CTR_DRBG (NOPR)", if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) mbedtls_exit(1) ); if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON ); TIME_AND_TSC( "CTR_DRBG (PR)", if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) mbedtls_exit(1) ); mbedtls_ctr_drbg_free( &ctr_drbg ); }
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output ) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end; mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params; mbedtls_asn1_buf salt; mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1; unsigned char key[32], iv[32]; size_t olen = 0; const mbedtls_md_info_t *md_info; const mbedtls_cipher_info_t *cipher_info; mbedtls_md_context_t md_ctx; mbedtls_cipher_type_t cipher_alg; mbedtls_cipher_context_t cipher_ctx; p = pbe_params->p; end = p + pbe_params->len; /* * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } */ if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 ) return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); // Only PBKDF2 supported at the moment // if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params, &salt, &iterations, &keylen, &md_type ) ) != 0 ) { return( ret ); } md_info = mbedtls_md_info_from_type( md_type ); if( md_info == NULL ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, &enc_scheme_params ) ) != 0 ) { return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); } if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); cipher_info = mbedtls_cipher_info_from_type( cipher_alg ); if( cipher_info == NULL ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); /* * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored * since it is optional and we don't know if it was set or not */ keylen = cipher_info->key_bitlen / 8; if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING || enc_scheme_params.len != cipher_info->iv_size ) { return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT ); } mbedtls_md_init( &md_ctx ); mbedtls_cipher_init( &cipher_ctx ); memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) goto exit; if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, iterations, keylen, key ) ) != 0 ) { goto exit; } if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 ) goto exit; if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 ) goto exit; if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len, data, datalen, output, &olen ) ) != 0 ) ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH; exit: mbedtls_md_free( &md_ctx ); mbedtls_cipher_free( &cipher_ctx ); return( ret ); }
int DeviceKey::get_derived_key(uint32_t *ikey_buff, size_t ikey_size, const unsigned char *isalt, size_t isalt_size, unsigned char *output, uint32_t ikey_type) { //KDF in counter mode implementation as described in Section 5.1 //of NIST SP 800-108, Recommendation for Key Derivation Using Pseudorandom Functions int ret; size_t counter = 0; char separator = 0x00; mbedtls_cipher_context_t ctx; unsigned char output_len_enc[ 4 ] = {0}; unsigned char counter_enc[ 1 ] = {0}; DEVKEY_WRITE_UINT32_LE(output_len_enc, ikey_type); mbedtls_cipher_type_t mbedtls_cipher_type = MBEDTLS_CIPHER_AES_128_ECB; if (DEVICE_KEY_32BYTE == ikey_size) { mbedtls_cipher_type = MBEDTLS_CIPHER_AES_256_ECB; } const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_type(mbedtls_cipher_type); do { mbedtls_cipher_init(&ctx); ret = mbedtls_cipher_setup(&ctx, cipher_info); if (ret != 0) { goto finish; } ret = mbedtls_cipher_cmac_starts(&ctx, (unsigned char *)ikey_buff, ikey_size * 8); if (ret != 0) { goto finish; } DEVKEY_WRITE_UINT8_LE(counter_enc, (counter + 1)); ret = mbedtls_cipher_cmac_update(&ctx, (unsigned char *)counter_enc, sizeof(counter_enc)); if (ret != 0) { goto finish; } ret = mbedtls_cipher_cmac_update(&ctx, isalt, isalt_size); if (ret != 0) { goto finish; } ret = mbedtls_cipher_cmac_update(&ctx, (unsigned char *)&separator, sizeof(char)); if (ret != 0) { goto finish; } ret = mbedtls_cipher_cmac_update(&ctx, (unsigned char *)&output_len_enc, sizeof(output_len_enc)); if (ret != 0) { goto finish; } ret = mbedtls_cipher_cmac_finish(&ctx, output + (DEVICE_KEY_16BYTE * (counter))); if (ret != 0) { goto finish; } mbedtls_cipher_free(&ctx); counter++; } while (DEVICE_KEY_16BYTE * counter < ikey_type); finish: if (DEVICEKEY_SUCCESS != ret) { mbedtls_cipher_free(&ctx); return DEVICEKEY_ERR_CMAC_GENERIC_FAILURE; } return DEVICEKEY_SUCCESS; }