eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pem.c: adjust for bulid without md

Browse source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-08-04 08:42:06 +02:00
parent 55c17430be
commit a68d08f7d1
1 changed files with 126 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

134
library/pem.c
View file

@ -29,6 +29,7 @@
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "legacy_or_psa.h"
#include <string.h> #include <string.h>
@ -40,13 +41,17 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
void mbedtls_pem_init( mbedtls_pem_context *ctx ) void mbedtls_pem_init( mbedtls_pem_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_pem_context ) ); memset( ctx, 0, sizeof( mbedtls_pem_context ) );
} }
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
/* /*
* Read a 16-byte hex string and convert it to binary * Read a 16-byte hex string and convert it to binary
@ -73,6 +78,118 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv,
return( 0 ); return( 0 );
} }
#if !defined(MBEDTLS_MD5_C)
static int pem_pbkdf1( unsigned char *key, size_t keylen,
unsigned char *iv,
const unsigned char *pwd, size_t pwdlen )
{
unsigned char md5sum[16];
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
size_t output_length = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
status = psa_hash_setup( &operation, PSA_ALG_MD5 );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_update( &operation, pwd, pwdlen );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_update( &operation, iv, 8 );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_finish( &operation, md5sum,
PSA_HASH_LENGTH( PSA_ALG_MD5 ),
&output_length );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_abort( &operation );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
/*
* key[ 0..15] = MD5(pwd || IV)
*/
if( keylen <= 16 )
{
memcpy( key, md5sum, keylen );
goto exit;
}
memcpy( key, md5sum, 16 );
/*
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
*/
status = psa_hash_setup( &operation, PSA_ALG_MD5 );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_update( &operation, md5sum, 16 );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_update( &operation, pwd, pwdlen );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_update( &operation, iv, 8 );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_finish( &operation, md5sum,
PSA_HASH_LENGTH( PSA_ALG_MD5 ),
&output_length );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
status = psa_hash_abort( &operation );
if( status != PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto exit;
}
size_t use_len = 16;
if( keylen < 32 )
use_len = keylen - 16;
memcpy( key + 16, md5sum, use_len );
exit:
mbedtls_platform_zeroize( md5sum, 16 );
if( status == PSA_SUCCESS )
ret = 0;
return( ret );
}
#else
static int pem_pbkdf1( unsigned char *key, size_t keylen, static int pem_pbkdf1( unsigned char *key, size_t keylen,
unsigned char *iv, unsigned char *iv,
const unsigned char *pwd, size_t pwdlen ) const unsigned char *pwd, size_t pwdlen )
@ -130,6 +247,7 @@ exit:
return( ret ); return( ret );
} }
#endif
#if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_DES_C)
/* /*
@ -219,7 +337,7 @@ exit:
} }
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_AES_C */
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
@ -230,14 +348,14 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
size_t len; size_t len;
unsigned char *buf; unsigned char *buf;
const unsigned char *s1, *s2, *end; const unsigned char *s1, *s2, *end;
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
unsigned char pem_iv[16]; unsigned char pem_iv[16];
mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE; mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
#else #else
((void) pwd); ((void) pwd);
((void) pwdlen); ((void) pwdlen);
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
if( ctx == NULL ) if( ctx == NULL )
@ -270,7 +388,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{ {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
enc++; enc++;
@ -333,7 +451,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
else return( MBEDTLS_ERR_PEM_INVALID_DATA ); else return( MBEDTLS_ERR_PEM_INVALID_DATA );
#else #else
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
} }
@ -357,7 +475,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
if( enc != 0 ) if( enc != 0 )
{ {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
if( pwd == NULL ) if( pwd == NULL )
{ {
@ -406,7 +524,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
mbedtls_platform_zeroize( buf, len ); mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf ); mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA && MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
} }