void show_available_ciphers () { const int *ciphers = cipher_list(); #ifndef ENABLE_SMALL printf ("The following ciphers and cipher modes are available\n" "for use with " PACKAGE_NAME ". Each cipher shown below may be\n" "used as a parameter to the --cipher option. The default\n" "key size is shown as well as whether or not it can be\n" "changed with the --keysize directive. Using a CBC mode\n" "is recommended.\n\n"); #endif while (*ciphers != 0) { const cipher_info_t *info = cipher_info_from_type(*ciphers); if (info && info->mode == POLARSSL_MODE_CBC && is_allowed_data_channel_cipher(info->name)) printf ("%s %d bit default key\n", cipher_kt_name(info), cipher_kt_key_size(info) * 8); ciphers++; } printf ("\n"); }
const cipher_info_t *cipher_info_from_string( const char *cipher_name ) { if( NULL == cipher_name ) return NULL; /* Get the appropriate cipher information */ #if defined(POLARSSL_CAMELLIA_C) if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC ); if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC ); if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC ); #if defined(POLARSSL_CIPHER_MODE_CFB) if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 ); if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 ); if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 ); #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ #if defined(POLARSSL_CIPHER_MODE_CTR) if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR ); if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR ); if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR ); #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ #endif #if defined(POLARSSL_AES_C) if( !strcasecmp( "AES-128-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC ); if( !strcasecmp( "AES-192-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC ); if( !strcasecmp( "AES-256-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC ); #if defined(POLARSSL_CIPHER_MODE_CFB) if( !strcasecmp( "AES-128-CFB128", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 ); if( !strcasecmp( "AES-192-CFB128", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 ); if( !strcasecmp( "AES-256-CFB128", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 ); #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ #if defined(POLARSSL_CIPHER_MODE_CTR) if( !strcasecmp( "AES-128-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR ); if( !strcasecmp( "AES-192-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR ); if( !strcasecmp( "AES-256-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR ); #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ #endif #if defined(POLARSSL_DES_C) if( !strcasecmp( "DES-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC ); if( !strcasecmp( "DES-EDE-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC ); if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC ); #endif #if defined(POLARSSL_BLOWFISH_C) if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC ); #if defined(POLARSSL_CIPHER_MODE_CFB) if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 ); #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ #if defined(POLARSSL_CIPHER_MODE_CTR) if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR ); #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ #endif #if defined(POLARSSL_CIPHER_NULL_CIPHER) if( !strcasecmp( "NULL", cipher_name ) ) return cipher_info_from_type( POLARSSL_CIPHER_NULL ); #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ return NULL; }
int pkcs5_pbes2( asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output ) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end, *end2; asn1_buf kdf_alg_oid, enc_scheme_oid, salt; md_type_t md_type = POLARSSL_MD_SHA1; unsigned char key[32], iv[32]; size_t len = 0, olen = 0; const md_info_t *md_info; const cipher_info_t *cipher_info; md_context_t md_ctx; cipher_context_t cipher_ctx; p = pbe_params->p; end = p + pbe_params->len; /* * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } end2 = p + len; if( ( ret = asn1_get_tag( &p, end2, &kdf_alg_oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); kdf_alg_oid.p = p; p += kdf_alg_oid.len; // Only PBKDF2 supported at the moment // if( !OID_CMP( OID_PKCS5_PBKDF2, &kdf_alg_oid ) ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = pkcs5_parse_pbkdf2_params( &p, end2, &salt, &iterations, &keylen, &md_type ) ) != 0 ) { return( ret ); } md_info = md_info_from_type( md_type ); if( md_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } end2 = p + len; if( ( ret = asn1_get_tag( &p, end2, &enc_scheme_oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); enc_scheme_oid.p = p; p += enc_scheme_oid.len; #if defined(POLARSSL_DES_C) // Only DES-CBC and DES-EDE3-CBC supported at the moment // if( OID_CMP( OID_DES_EDE3_CBC, &enc_scheme_oid ) ) { cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC ); } else if( OID_CMP( OID_DES_CBC, &enc_scheme_oid ) ) { cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_CBC ); } else #endif /* POLARSSL_DES_C */ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( cipher_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); keylen = cipher_info->key_length / 8; if( ( ret = asn1_get_tag( &p, end2, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); if( len != cipher_info->iv_size ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT ); memcpy( iv, p, len ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) return( ret ); if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) return( ret ); if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, iterations, keylen, key ) ) != 0 ) { return( ret ); } if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) return( ret ); if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 ) return( ret ); if( ( ret = cipher_update( &cipher_ctx, data, datalen, output, &olen ) ) != 0 ) { return( ret ); } if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) return( POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ); return( 0 ); }