00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015 #include "includes.h"
00016
00017 #include "common.h"
00018 #include "crypto/crypto.h"
00019 #include "crypto/md5.h"
00020 #include "asn1.h"
00021 #include "pkcs5.h"
00022
00023
00024 struct pkcs5_params {
00025 enum pkcs5_alg {
00026 PKCS5_ALG_UNKNOWN,
00027 PKCS5_ALG_MD5_DES_CBC
00028 } alg;
00029 u8 salt[8];
00030 size_t salt_len;
00031 unsigned int iter_count;
00032 };
00033
00034
00035 enum pkcs5_alg pkcs5_get_alg(struct asn1_oid *oid)
00036 {
00037 if (oid->len == 7 &&
00038 oid->oid[0] == 1 &&
00039 oid->oid[1] == 2 &&
00040 oid->oid[2] == 840 &&
00041 oid->oid[3] == 113549 &&
00042 oid->oid[4] == 1 &&
00043 oid->oid[5] == 5 &&
00044 oid->oid[6] == 3 )
00045 return PKCS5_ALG_MD5_DES_CBC;
00046
00047 return PKCS5_ALG_UNKNOWN;
00048 }
00049
00050
00051 static int pkcs5_get_params(const u8 *enc_alg, size_t enc_alg_len,
00052 struct pkcs5_params *params)
00053 {
00054 struct asn1_hdr hdr;
00055 const u8 *enc_alg_end, *pos, *end;
00056 struct asn1_oid oid;
00057 char obuf[80];
00058
00059
00060
00061 enc_alg_end = enc_alg + enc_alg_len;
00062
00063 os_memset(params, 0, sizeof(*params));
00064
00065 if (asn1_get_oid(enc_alg, enc_alg_end - enc_alg, &oid, &pos)) {
00066 wpa_printf(MSG_DEBUG, "PKCS #5: Failed to parse OID "
00067 "(algorithm)");
00068 return -1;
00069 }
00070
00071 asn1_oid_to_str(&oid, obuf, sizeof(obuf));
00072 wpa_printf(MSG_DEBUG, "PKCS #5: encryption algorithm %s", obuf);
00073 params->alg = pkcs5_get_alg(&oid);
00074 if (params->alg == PKCS5_ALG_UNKNOWN) {
00075 wpa_printf(MSG_INFO, "PKCS #5: unsupported encryption "
00076 "algorithm %s", obuf);
00077 return -1;
00078 }
00079
00080
00081
00082
00083
00084
00085
00086
00087 if (asn1_get_next(pos, enc_alg_end - pos, &hdr) < 0 ||
00088 hdr.class != ASN1_CLASS_UNIVERSAL ||
00089 hdr.tag != ASN1_TAG_SEQUENCE) {
00090 wpa_printf(MSG_DEBUG, "PKCS #5: Expected SEQUENCE "
00091 "(PBEParameter) - found class %d tag 0x%x",
00092 hdr.class, hdr.tag);
00093 return -1;
00094 }
00095 pos = hdr.payload;
00096 end = hdr.payload + hdr.length;
00097
00098
00099 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
00100 hdr.class != ASN1_CLASS_UNIVERSAL ||
00101 hdr.tag != ASN1_TAG_OCTETSTRING ||
00102 hdr.length != 8) {
00103 wpa_printf(MSG_DEBUG, "PKCS #5: Expected OCTETSTRING SIZE(8) "
00104 "(salt) - found class %d tag 0x%x size %d",
00105 hdr.class, hdr.tag, hdr.length);
00106 return -1;
00107 }
00108 pos = hdr.payload + hdr.length;
00109 os_memcpy(params->salt, hdr.payload, hdr.length);
00110 params->salt_len = hdr.length;
00111 wpa_hexdump(MSG_DEBUG, "PKCS #5: salt",
00112 params->salt, params->salt_len);
00113
00114
00115 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
00116 hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_INTEGER) {
00117 wpa_printf(MSG_DEBUG, "PKCS #5: Expected INTEGER - found "
00118 "class %d tag 0x%x", hdr.class, hdr.tag);
00119 return -1;
00120 }
00121 if (hdr.length == 1)
00122 params->iter_count = *hdr.payload;
00123 else if (hdr.length == 2)
00124 params->iter_count = WPA_GET_BE16(hdr.payload);
00125 else if (hdr.length == 4)
00126 params->iter_count = WPA_GET_BE32(hdr.payload);
00127 else {
00128 wpa_hexdump(MSG_DEBUG, "PKCS #5: Unsupported INTEGER value "
00129 " (iterationCount)",
00130 hdr.payload, hdr.length);
00131 return -1;
00132 }
00133 wpa_printf(MSG_DEBUG, "PKCS #5: iterationCount=0x%x",
00134 params->iter_count);
00135 if (params->iter_count == 0 || params->iter_count > 0xffff) {
00136 wpa_printf(MSG_INFO, "PKCS #5: Unsupported "
00137 "iterationCount=0x%x", params->iter_count);
00138 return -1;
00139 }
00140
00141 return 0;
00142 }
00143
00144
00145 static struct crypto_cipher * pkcs5_crypto_init(struct pkcs5_params *params,
00146 const char *passwd)
00147 {
00148 unsigned int i;
00149 u8 hash[MD5_MAC_LEN];
00150 const u8 *addr[2];
00151 size_t len[2];
00152
00153 if (params->alg != PKCS5_ALG_MD5_DES_CBC)
00154 return NULL;
00155
00156 addr[0] = (const u8 *) passwd;
00157 len[0] = os_strlen(passwd);
00158 addr[1] = params->salt;
00159 len[1] = params->salt_len;
00160 if (md5_vector(2, addr, len, hash) < 0)
00161 return NULL;
00162 addr[0] = hash;
00163 len[0] = MD5_MAC_LEN;
00164 for (i = 1; i < params->iter_count; i++) {
00165 if (md5_vector(1, addr, len, hash) < 0)
00166 return NULL;
00167 }
00168
00169 wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8);
00170 wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8);
00171
00172 return crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
00173 }
00174
00175
00176 u8 * pkcs5_decrypt(const u8 *enc_alg, size_t enc_alg_len,
00177 const u8 *enc_data, size_t enc_data_len,
00178 const char *passwd, size_t *data_len)
00179 {
00180 struct crypto_cipher *ctx;
00181 u8 *eb, pad;
00182 struct pkcs5_params params;
00183 unsigned int i;
00184
00185 if (pkcs5_get_params(enc_alg, enc_alg_len, ¶ms) < 0) {
00186 wpa_printf(MSG_DEBUG, "PKCS #5: Unsupported parameters");
00187 return NULL;
00188 }
00189
00190 ctx = pkcs5_crypto_init(¶ms, passwd);
00191 if (ctx == NULL) {
00192 wpa_printf(MSG_DEBUG, "PKCS #5: Failed to initialize crypto");
00193 return NULL;
00194 }
00195
00196
00197 if (enc_data_len < 16 || enc_data_len % 8) {
00198 wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext "
00199 "%d", (int) enc_data_len);
00200 crypto_cipher_deinit(ctx);
00201 return NULL;
00202 }
00203
00204 eb = os_malloc(enc_data_len);
00205 if (eb == NULL) {
00206 crypto_cipher_deinit(ctx);
00207 return NULL;
00208 }
00209
00210 if (crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
00211 wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB");
00212 crypto_cipher_deinit(ctx);
00213 os_free(eb);
00214 return NULL;
00215 }
00216 crypto_cipher_deinit(ctx);
00217
00218 pad = eb[enc_data_len - 1];
00219 if (pad > 8) {
00220 wpa_printf(MSG_INFO, "PKCS #5: Invalid PS octet 0x%x", pad);
00221 os_free(eb);
00222 return NULL;
00223 }
00224 for (i = enc_data_len - pad; i < enc_data_len; i++) {
00225 if (eb[i] != pad) {
00226 wpa_hexdump(MSG_INFO, "PKCS #5: Invalid PS",
00227 eb + enc_data_len - pad, pad);
00228 os_free(eb);
00229 return NULL;
00230 }
00231 }
00232
00233 wpa_hexdump_key(MSG_MSGDUMP, "PKCS #5: message M (encrypted key)",
00234 eb, enc_data_len - pad);
00235
00236 *data_len = enc_data_len - pad;
00237 return eb;
00238 }