Blame - src/tls/pkcs5.c - android_external_wpa_supplicant_8

blob: fd9e346757f12cb8884f77fe03e3a758f823498a [file] [log] [blame]

Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	1	/*
				2	* PKCS #5 (Password-based Encryption)
				3	* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
				4	*
				5	* This program is free software; you can redistribute it and/or modify
				6	* it under the terms of the GNU General Public License version 2 as
				7	* published by the Free Software Foundation.
				8	*
				9	* Alternatively, this software may be distributed under the terms of BSD
				10	* license.
				11	*
				12	* See README and COPYING for more details.
				13	*/
				14
				15	#include "includes.h"
				16
				17	#include "common.h"
				18	#include "crypto/crypto.h"
				19	#include "crypto/md5.h"
				20	#include "asn1.h"
				21	#include "pkcs5.h"
				22
				23
				24	struct pkcs5_params {
				25	enum pkcs5_alg {
				26	PKCS5_ALG_UNKNOWN,
				27	PKCS5_ALG_MD5_DES_CBC
				28	} alg;
				29	u8 salt[8];
				30	size_t salt_len;
				31	unsigned int iter_count;
				32	};
				33
				34
Dmitry Shmidt	1f69aa5	2012-01-24 16:10:04 -0800	[diff] [blame]	35	static enum pkcs5_alg pkcs5_get_alg(struct asn1_oid *oid)
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	36	{
				37	if (oid->len == 7 &&
				38	oid->oid[0] == 1 /* iso */ &&
				39	oid->oid[1] == 2 /* member-body */ &&
				40	oid->oid[2] == 840 /* us */ &&
				41	oid->oid[3] == 113549 /* rsadsi */ &&
				42	oid->oid[4] == 1 /* pkcs */ &&
				43	oid->oid[5] == 5 /* pkcs-5 */ &&
				44	oid->oid[6] == 3 /* pbeWithMD5AndDES-CBC */)
				45	return PKCS5_ALG_MD5_DES_CBC;
				46
				47	return PKCS5_ALG_UNKNOWN;
				48	}
				49
				50
				51	static int pkcs5_get_params(const u8 *enc_alg, size_t enc_alg_len,
				52	struct pkcs5_params *params)
				53	{
				54	struct asn1_hdr hdr;
				55	const u8 enc_alg_end, pos, *end;
				56	struct asn1_oid oid;
				57	char obuf[80];
				58
				59	/* AlgorithmIdentifier */
				60
				61	enc_alg_end = enc_alg + enc_alg_len;
				62
				63	os_memset(params, 0, sizeof(*params));
				64
				65	if (asn1_get_oid(enc_alg, enc_alg_end - enc_alg, &oid, &pos)) {
				66	wpa_printf(MSG_DEBUG, "PKCS #5: Failed to parse OID "
				67	"(algorithm)");
				68	return -1;
				69	}
				70
				71	asn1_oid_to_str(&oid, obuf, sizeof(obuf));
				72	wpa_printf(MSG_DEBUG, "PKCS #5: encryption algorithm %s", obuf);
				73	params->alg = pkcs5_get_alg(&oid);
				74	if (params->alg == PKCS5_ALG_UNKNOWN) {
				75	wpa_printf(MSG_INFO, "PKCS #5: unsupported encryption "
				76	"algorithm %s", obuf);
				77	return -1;
				78	}
				79
				80	/*
				81	* PKCS#5, Section 8
				82	* PBEParameter ::= SEQUENCE {
				83	* salt OCTET STRING SIZE(8),
				84	* iterationCount INTEGER }
				85	*/
				86
				87	if (asn1_get_next(pos, enc_alg_end - pos, &hdr) < 0 \|\|
				88	hdr.class != ASN1_CLASS_UNIVERSAL \|\|
				89	hdr.tag != ASN1_TAG_SEQUENCE) {
				90	wpa_printf(MSG_DEBUG, "PKCS #5: Expected SEQUENCE "
				91	"(PBEParameter) - found class %d tag 0x%x",
				92	hdr.class, hdr.tag);
				93	return -1;
				94	}
				95	pos = hdr.payload;
				96	end = hdr.payload + hdr.length;
				97
				98	/* salt OCTET STRING SIZE(8) */
				99	if (asn1_get_next(pos, end - pos, &hdr) < 0 \|\|
				100	hdr.class != ASN1_CLASS_UNIVERSAL \|\|
				101	hdr.tag != ASN1_TAG_OCTETSTRING \|\|
				102	hdr.length != 8) {
				103	wpa_printf(MSG_DEBUG, "PKCS #5: Expected OCTETSTRING SIZE(8) "
				104	"(salt) - found class %d tag 0x%x size %d",
				105	hdr.class, hdr.tag, hdr.length);
				106	return -1;
				107	}
				108	pos = hdr.payload + hdr.length;
				109	os_memcpy(params->salt, hdr.payload, hdr.length);
				110	params->salt_len = hdr.length;
				111	wpa_hexdump(MSG_DEBUG, "PKCS #5: salt",
				112	params->salt, params->salt_len);
				113
				114	/* iterationCount INTEGER */
				115	if (asn1_get_next(pos, end - pos, &hdr) < 0 \|\|
				116	hdr.class != ASN1_CLASS_UNIVERSAL \|\| hdr.tag != ASN1_TAG_INTEGER) {
				117	wpa_printf(MSG_DEBUG, "PKCS #5: Expected INTEGER - found "
				118	"class %d tag 0x%x", hdr.class, hdr.tag);
				119	return -1;
				120	}
				121	if (hdr.length == 1)
				122	params->iter_count = *hdr.payload;
				123	else if (hdr.length == 2)
				124	params->iter_count = WPA_GET_BE16(hdr.payload);
				125	else if (hdr.length == 4)
				126	params->iter_count = WPA_GET_BE32(hdr.payload);
				127	else {
				128	wpa_hexdump(MSG_DEBUG, "PKCS #5: Unsupported INTEGER value "
				129	" (iterationCount)",
				130	hdr.payload, hdr.length);
				131	return -1;
				132	}
				133	wpa_printf(MSG_DEBUG, "PKCS #5: iterationCount=0x%x",
				134	params->iter_count);
				135	if (params->iter_count == 0 \|\| params->iter_count > 0xffff) {
				136	wpa_printf(MSG_INFO, "PKCS #5: Unsupported "
				137	"iterationCount=0x%x", params->iter_count);
				138	return -1;
				139	}
				140
				141	return 0;
				142	}
				143
				144
				145	static struct crypto_cipher * pkcs5_crypto_init(struct pkcs5_params *params,
				146	const char *passwd)
				147	{
				148	unsigned int i;
				149	u8 hash[MD5_MAC_LEN];
				150	const u8 *addr[2];
				151	size_t len[2];
				152
				153	if (params->alg != PKCS5_ALG_MD5_DES_CBC)
				154	return NULL;
				155
				156	addr[0] = (const u8 *) passwd;
				157	len[0] = os_strlen(passwd);
				158	addr[1] = params->salt;
				159	len[1] = params->salt_len;
				160	if (md5_vector(2, addr, len, hash) < 0)
				161	return NULL;
				162	addr[0] = hash;
				163	len[0] = MD5_MAC_LEN;
				164	for (i = 1; i < params->iter_count; i++) {
				165	if (md5_vector(1, addr, len, hash) < 0)
				166	return NULL;
				167	}
				168	/* TODO: DES key parity bits(?) */
				169	wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8);
				170	wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8);
				171
				172	return crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
				173	}
				174
				175
				176	u8 * pkcs5_decrypt(const u8 *enc_alg, size_t enc_alg_len,
				177	const u8 *enc_data, size_t enc_data_len,
				178	const char passwd, size_t data_len)
				179	{
				180	struct crypto_cipher *ctx;
				181	u8 *eb, pad;
				182	struct pkcs5_params params;
				183	unsigned int i;
				184
				185	if (pkcs5_get_params(enc_alg, enc_alg_len, &params) < 0) {
				186	wpa_printf(MSG_DEBUG, "PKCS #5: Unsupported parameters");
				187	return NULL;
				188	}
				189
				190	ctx = pkcs5_crypto_init(&params, passwd);
				191	if (ctx == NULL) {
				192	wpa_printf(MSG_DEBUG, "PKCS #5: Failed to initialize crypto");
				193	return NULL;
				194	}
				195
				196	/* PKCS #5, Section 7 - Decryption process */
				197	if (enc_data_len < 16 \|\| enc_data_len % 8) {
				198	wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext "
				199	"%d", (int) enc_data_len);
				200	crypto_cipher_deinit(ctx);
				201	return NULL;
				202	}
				203
				204	eb = os_malloc(enc_data_len);
				205	if (eb == NULL) {
				206	crypto_cipher_deinit(ctx);
				207	return NULL;
				208	}
				209
				210	if (crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
				211	wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB");
				212	crypto_cipher_deinit(ctx);
				213	os_free(eb);
				214	return NULL;
				215	}
				216	crypto_cipher_deinit(ctx);
				217
				218	pad = eb[enc_data_len - 1];
				219	if (pad > 8) {
				220	wpa_printf(MSG_INFO, "PKCS #5: Invalid PS octet 0x%x", pad);
				221	os_free(eb);
				222	return NULL;
				223	}
				224	for (i = enc_data_len - pad; i < enc_data_len; i++) {
				225	if (eb[i] != pad) {
				226	wpa_hexdump(MSG_INFO, "PKCS #5: Invalid PS",
				227	eb + enc_data_len - pad, pad);
				228	os_free(eb);
				229	return NULL;
				230	}
				231	}
				232
				233	wpa_hexdump_key(MSG_MSGDUMP, "PKCS #5: message M (encrypted key)",
				234	eb, enc_data_len - pad);
				235
				236	*data_len = enc_data_len - pad;
				237	return eb;
				238	}