/**
* Given the identifier for the cipher algorithm return the block size.
*
* @param Cipher The cipher algorithm in question.
* @return The modulus of the buffer (in bytes) required for this cipher.
*/
int get_cipher_block_size(Cipher c) {
if (_is_cipher_symmetric(c)) {
const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c);
if (info) {
return info->block_size;
}
}
else {
}
return 0;
}
static int cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info = NULL;
int rc;
mbedtls_cipher_init(&cipher->encrypt_ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
goto error;
}
rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key,
cipher_info->key_bitlen,
MBEDTLS_ENCRYPT);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
/* libssh only encypts and decrypts packets that are multiples of a block
* size, and no padding is used */
rc = mbedtls_cipher_set_padding_mode(&cipher->encrypt_ctx,
MBEDTLS_PADDING_NONE);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
goto error;
}
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
return SSH_OK;
error:
mbedtls_cipher_free(&cipher->encrypt_ctx);
return SSH_ERROR;
}
static int cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info;
int rc;
mbedtls_cipher_init(&cipher->decrypt_ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
rc = mbedtls_cipher_setup(&cipher->decrypt_ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_setkey(&cipher->decrypt_ctx, key,
cipher_info->key_bitlen,
MBEDTLS_DECRYPT);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_set_iv(&cipher->decrypt_ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx,
MBEDTLS_PADDING_NONE);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
goto error;
}
mbedtls_cipher_reset(&cipher->decrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
return SSH_OK;
error:
mbedtls_cipher_free(&cipher->decrypt_ctx);
return SSH_ERROR;
}
int cipherList(State & state){
Stack * stack = state.stack;
CipherInfo * interfaceCipherInfo = OBJECT_IFACE(CipherInfo);
const int * list = mbedtls_cipher_list();
stack->newTable();
while (*list != 0){
const mbedtls_cipher_info_t * info = mbedtls_cipher_info_from_type(static_cast<mbedtls_cipher_type_t>(*list));
stack->push<int>(*list);
interfaceCipherInfo->push(const_cast<mbedtls_cipher_info_t *>(info));
stack->setTable();
list++;
}
return 1;
}
void
show_available_ciphers()
{
const int *ciphers = mbedtls_cipher_list();
#ifndef ENABLE_SMALL
printf("The following ciphers and cipher modes are available for use\n"
"with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
"parameter to the --cipher option. Using a CBC or GCM mode is\n"
"recommended. In static key mode only CBC mode is allowed.\n\n");
#endif
while (*ciphers != 0)
{
const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers);
if (info && cipher_kt_block_size(info) >= 128/8)
{
print_cipher(info);
}
ciphers++;
}
printf("\nThe following ciphers have a block size of less than 128 bits, \n"
"and are therefore deprecated. Do not use unless you have to.\n\n");
ciphers = mbedtls_cipher_list();
while (*ciphers != 0)
{
const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers);
if (info && cipher_kt_block_size(info) < 128/8)
{
print_cipher(info);
}
ciphers++;
}
printf("\n");
}
/**
* Given the indirected identifier for the cipher algorithm return its label.
*
* @param Cipher The cipher algorithm in question.
* @return The label for the cipher.
*/
const char* get_cipher_label(Cipher c) {
if (_is_cipher_symmetric(c)) {
const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c);
if (info) {
return info->name;
}
}
else {
const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c);
if (info) {
return info->name;
}
}
return "<UNKNOWN>";
}
/**
* Given the identifier for the cipher algorithm return the block size.
*
* @param Cipher The cipher algorithm in question.
* @param int The starting length of the input data.
* @return The modulus of the buffer (in bytes) required for this cipher.
*/
int get_cipher_aligned_size(Cipher c, int base_len) {
if (_is_cipher_symmetric(c)) {
const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c);
if (info) {
int len = base_len;
if (0 != len % info->block_size) {
len += (info->block_size - (len % info->block_size));
}
return len;
}
}
else {
}
return base_len;
}
/**
* Given the identifier for the cipher algorithm return the key size.
*
* @param Cipher The cipher algorithm in question.
* @return The size of the buffer (in bytes) required to hold the cipher key.
*/
int get_cipher_key_length(Cipher c) {
if (_is_cipher_symmetric(c)) {
const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c);
if (info) {
return info->key_bitlen;
}
}
else {
const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c);
if (info) {
//return info->key_bitlen;
}
//mbedtls_pk_get_bitlen
}
return 0;
}
static int cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, void *key,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info = NULL;
int rc;
mbedtls_cipher_init(&cipher->encrypt_ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
goto error;
}
rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key,
cipher_info->key_bitlen,
MBEDTLS_ENCRYPT);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
return SSH_OK;
error:
mbedtls_cipher_free(&cipher->encrypt_ctx);
return SSH_ERROR;
}
int cipherInfo(State & state){
Stack * stack = state.stack;
CipherInfo * interfaceCipherInfo = OBJECT_IFACE(CipherInfo);
mbedtls_cipher_info_t * info = nullptr;
if (stack->is<LUA_TNUMBER>(1)){
mbedtls_cipher_type_t type = static_cast<mbedtls_cipher_type_t>(stack->to<int>(1));
info = const_cast<mbedtls_cipher_info_t*>(mbedtls_cipher_info_from_type(type));
}
else if (stack->is<LUA_TSTRING>(1)){
const std::string name = stack->to<const std::string>(1);
info = const_cast<mbedtls_cipher_info_t*>(mbedtls_cipher_info_from_string(name.c_str()));
}
if (info){
interfaceCipherInfo->push(info);
return 1;
}
else{
return 0;
}
}
int main( int argc, char *argv[] )
{
int i;
unsigned char tmp[200];
char title[TITLE_LEN];
todo_list todo;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[HEAP_SIZE] = { 0 };
#endif
if( argc <= 1 )
{
memset( &todo, 1, sizeof( todo ) );
}
else
{
memset( &todo, 0, sizeof( todo ) );
for( i = 1; i < argc; i++ )
{
if( strcmp( argv[i], "md4" ) == 0 )
todo.md4 = 1;
else if( strcmp( argv[i], "md5" ) == 0 )
todo.md5 = 1;
else if( strcmp( argv[i], "ripemd160" ) == 0 )
todo.ripemd160 = 1;
else if( strcmp( argv[i], "sha1" ) == 0 )
todo.sha1 = 1;
else if( strcmp( argv[i], "sha256" ) == 0 )
todo.sha256 = 1;
else if( strcmp( argv[i], "sha512" ) == 0 )
todo.sha512 = 1;
else if( strcmp( argv[i], "arc4" ) == 0 )
todo.arc4 = 1;
else if( strcmp( argv[i], "des3" ) == 0 )
todo.des3 = 1;
else if( strcmp( argv[i], "des" ) == 0 )
todo.des = 1;
else if( strcmp( argv[i], "aes_cbc" ) == 0 )
todo.aes_cbc = 1;
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
todo.aes_gcm = 1;
else if( strcmp( argv[i], "aes_ccm" ) == 0 )
todo.aes_ccm = 1;
else if( strcmp( argv[i], "aes_cmac" ) == 0 )
todo.aes_cmac = 1;
else if( strcmp( argv[i], "des3_cmac" ) == 0 )
todo.des3_cmac = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
todo.blowfish = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
todo.ctr_drbg = 1;
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
todo.hmac_drbg = 1;
else if( strcmp( argv[i], "rsa" ) == 0 )
todo.rsa = 1;
else if( strcmp( argv[i], "dhm" ) == 0 )
todo.dhm = 1;
else if( strcmp( argv[i], "ecdsa" ) == 0 )
todo.ecdsa = 1;
else if( strcmp( argv[i], "ecdh" ) == 0 )
todo.ecdh = 1;
else
{
mbedtls_printf( "Unrecognized option: %s\n", argv[i] );
mbedtls_printf( "Available options: " OPTIONS );
}
}
}
mbedtls_printf( "\n" );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
#endif
memset( buf, 0xAA, sizeof( buf ) );
memset( tmp, 0xBB, sizeof( tmp ) );
#if defined(MBEDTLS_MD4_C)
if( todo.md4 )
TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_MD5_C)
if( todo.md5 )
TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( todo.ripemd160 )
TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA1_C)
if( todo.sha1 )
TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA256_C)
if( todo.sha256 )
TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
if( todo.sha512 )
TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_ARC4_C)
if( todo.arc4 )
{
mbedtls_arc4_context arc4;
mbedtls_arc4_init( &arc4 );
mbedtls_arc4_setup( &arc4, tmp, 32 );
TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
mbedtls_arc4_free( &arc4 );
}
#endif
#if defined(MBEDTLS_DES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.des3 )
{
mbedtls_des3_context des3;
mbedtls_des3_init( &des3 );
mbedtls_des3_set3key_enc( &des3, tmp );
TIME_AND_TSC( "3DES",
mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des3_free( &des3 );
}
if( todo.des )
{
mbedtls_des_context des;
mbedtls_des_init( &des );
mbedtls_des_setkey_enc( &des, tmp );
TIME_AND_TSC( "DES",
mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des_free( &des );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CMAC_C)
if( todo.des3_cmac )
{
unsigned char output[8];
const mbedtls_cipher_info_t *cipher_info;
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB );
TIME_AND_TSC( "3DES-CMAC",
mbedtls_cipher_cmac( cipher_info, tmp, 192, buf,
BUFSIZE, output ) );
}
#endif /* MBEDTLS_CMAC_C */
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.aes_cbc )
{
int keysize;
mbedtls_aes_context aes;
mbedtls_aes_init( &aes );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_aes_setkey_enc( &aes, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
mbedtls_aes_free( &aes );
}
#endif
#if defined(MBEDTLS_GCM_C)
if( todo.aes_gcm )
{
int keysize;
mbedtls_gcm_context gcm;
mbedtls_gcm_init( &gcm );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
12, NULL, 0, buf, buf, 16, tmp ) );
mbedtls_gcm_free( &gcm );
}
}
#endif
#if defined(MBEDTLS_CCM_C)
if( todo.aes_ccm )
{
int keysize;
mbedtls_ccm_context ccm;
mbedtls_ccm_init( &ccm );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
12, NULL, 0, buf, buf, tmp, 16 ) );
mbedtls_ccm_free( &ccm );
}
}
#endif
#if defined(MBEDTLS_CMAC_C)
if( todo.aes_cmac )
{
unsigned char output[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_type_t cipher_type;
int keysize;
for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
keysize <= 256;
keysize += 64, cipher_type++ )
{
mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
cipher_info = mbedtls_cipher_info_from_type( cipher_type );
TIME_AND_TSC( title,
mbedtls_cipher_cmac( cipher_info, tmp, keysize,
buf, BUFSIZE, output ) );
}
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
TIME_AND_TSC( "AES-CMAC-PRF-128",
mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE,
output ) );
}
#endif /* MBEDTLS_CMAC_C */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.camellia )
{
int keysize;
mbedtls_camellia_context camellia;
mbedtls_camellia_init( &camellia );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_camellia_setkey_enc( &camellia, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT,
BUFSIZE, tmp, buf, buf ) );
}
mbedtls_camellia_free( &camellia );
}
#endif
#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.blowfish )
{
int keysize;
mbedtls_blowfish_context blowfish;
mbedtls_blowfish_init( &blowfish );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_blowfish_setkey( &blowfish, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
tmp, buf, buf ) );
}
mbedtls_blowfish_free( &blowfish );
}
#endif
#if defined(MBEDTLS_HAVEGE_C)
if( todo.havege )
{
mbedtls_havege_state hs;
mbedtls_havege_init( &hs );
TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) );
mbedtls_havege_free( &hs );
}
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if( todo.ctr_drbg )
{
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init( &ctr_drbg );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
mbedtls_exit(1) );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
TIME_AND_TSC( "CTR_DRBG (PR)",
if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
mbedtls_exit(1) );
mbedtls_ctr_drbg_free( &ctr_drbg );
}
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output )
{
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end;
mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
mbedtls_asn1_buf salt;
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
size_t olen = 0;
const mbedtls_md_info_t *md_info;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_md_context_t md_ctx;
mbedtls_cipher_type_t cipher_alg;
mbedtls_cipher_context_t cipher_ctx;
p = pbe_params->p;
end = p + pbe_params->len;
/*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
* }
*/
if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
// Only PBKDF2 supported at the moment
//
if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
&salt, &iterations, &keylen,
&md_type ) ) != 0 )
{
return( ret );
}
md_info = mbedtls_md_info_from_type( md_type );
if( md_info == NULL )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
&enc_scheme_params ) ) != 0 )
{
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
}
if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
if( cipher_info == NULL )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
/*
* The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
* since it is optional and we don't know if it was set or not
*/
keylen = cipher_info->key_bitlen / 8;
if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
enc_scheme_params.len != cipher_info->iv_size )
{
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
}
mbedtls_md_init( &md_ctx );
mbedtls_cipher_init( &cipher_ctx );
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
goto exit;
if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
iterations, keylen, key ) ) != 0 )
{
goto exit;
}
if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
goto exit;
if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
data, datalen, output, &olen ) ) != 0 )
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
exit:
mbedtls_md_free( &md_ctx );
mbedtls_cipher_free( &cipher_ctx );
return( ret );
}
int DeviceKey::get_derived_key(uint32_t *ikey_buff, size_t ikey_size, const unsigned char *isalt,
size_t isalt_size, unsigned char *output, uint32_t ikey_type)
{
//KDF in counter mode implementation as described in Section 5.1
//of NIST SP 800-108, Recommendation for Key Derivation Using Pseudorandom Functions
int ret;
size_t counter = 0;
char separator = 0x00;
mbedtls_cipher_context_t ctx;
unsigned char output_len_enc[ 4 ] = {0};
unsigned char counter_enc[ 1 ] = {0};
DEVKEY_WRITE_UINT32_LE(output_len_enc, ikey_type);
mbedtls_cipher_type_t mbedtls_cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
if (DEVICE_KEY_32BYTE == ikey_size) {
mbedtls_cipher_type = MBEDTLS_CIPHER_AES_256_ECB;
}
const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_type(mbedtls_cipher_type);
do {
mbedtls_cipher_init(&ctx);
ret = mbedtls_cipher_setup(&ctx, cipher_info);
if (ret != 0) {
goto finish;
}
ret = mbedtls_cipher_cmac_starts(&ctx, (unsigned char *)ikey_buff, ikey_size * 8);
if (ret != 0) {
goto finish;
}
DEVKEY_WRITE_UINT8_LE(counter_enc, (counter + 1));
ret = mbedtls_cipher_cmac_update(&ctx, (unsigned char *)counter_enc, sizeof(counter_enc));
if (ret != 0) {
goto finish;
}
ret = mbedtls_cipher_cmac_update(&ctx, isalt, isalt_size);
if (ret != 0) {
goto finish;
}
ret = mbedtls_cipher_cmac_update(&ctx, (unsigned char *)&separator, sizeof(char));
if (ret != 0) {
goto finish;
}
ret = mbedtls_cipher_cmac_update(&ctx, (unsigned char *)&output_len_enc, sizeof(output_len_enc));
if (ret != 0) {
goto finish;
}
ret = mbedtls_cipher_cmac_finish(&ctx, output + (DEVICE_KEY_16BYTE * (counter)));
if (ret != 0) {
goto finish;
}
mbedtls_cipher_free(&ctx);
counter++;
} while (DEVICE_KEY_16BYTE * counter < ikey_type);
finish:
if (DEVICEKEY_SUCCESS != ret) {
mbedtls_cipher_free(&ctx);
return DEVICEKEY_ERR_CMAC_GENERIC_FAILURE;
}
return DEVICEKEY_SUCCESS;
}
