Moved PKCS#12 cipher layer based PBE detection to use OID database

2013-06-28 17:28:20 +02:00 · 2013-06-28 17:28:20 +02:00 · 7749a22974
commit 7749a22974
parent dd1150e846
4 changed files with 62 additions and 22 deletions
--- a/library/oid.c
+++ b/library/oid.c
@ -414,6 +414,34 @@ int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str )
    return( POLARSSL_ERR_OID_NOT_FOUND );
 }

+/*
+ * For PKCS#12 PBEs
+ */
+typedef struct {
+    oid_descriptor_t    descriptor;
+    md_type_t           md_alg;
+    cipher_type_t       cipher_alg;
+} oid_pkcs12_pbe_alg_t;
+
+static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
+{
+    {
+        { OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
+        POLARSSL_MD_SHA1,      POLARSSL_CIPHER_DES_EDE3_CBC,
+    },
+    {
+        { OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
+        POLARSSL_MD_SHA1,      POLARSSL_CIPHER_DES_EDE_CBC,
+    },
+    {
+        { NULL, NULL, NULL },
+        0, 0,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg);
+FN_OID_GET_ATTR2(oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, md_type_t, md_alg, cipher_type_t, cipher_alg);
+
 #if defined _MSC_VER && !defined snprintf
 #include <stdarg.h>

--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -2193,6 +2193,10 @@ static int x509parse_key_pkcs8_encrypted_der(
    unsigned char *p, *end, *end2;
    x509_buf pbe_alg_oid, pbe_params;
    unsigned char buf[2048];
+#if defined(POLARSSL_PKCS12_C)
+    cipher_type_t cipher_alg;
+    md_type_t md_alg;
+#endif

    memset(buf, 0, 2048);

@ -2256,22 +2260,10 @@ static int x509parse_key_pkcs8_encrypted_der(
     * Decrypt EncryptedData with appropriate PDE
     */
 #if defined(POLARSSL_PKCS12_C)
-    if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
+    if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
    {
        if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
-                                POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1,
-                                pwd, pwdlen, p, len, buf ) ) != 0 )
-        {
-            if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
-                return( POLARSSL_ERR_X509_PASSWORD_MISMATCH );
-
-            return( ret );
-        }
-    }
-    else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
-    {
-        if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
-                                POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_MD_SHA1,
+                                cipher_alg, md_alg,
                                pwd, pwdlen, p, len, buf ) ) != 0 )
        {
            if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )