diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h index d3a6552a51..b6b55c85f3 100644 --- a/include/polarssl/oid.h +++ b/include/polarssl/oid.h @@ -29,6 +29,7 @@ #include #include "asn1.h" +#include "cipher.h" #include "md.h" #include "pk.h" #include "x509.h" @@ -55,7 +56,10 @@ * ISO Identified organization OID parts */ #define OID_ORG_DOD "\x06" /* {dod(6)} */ -#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" +#define OID_ORG_OIW "\x0e" +#define OID_OIW_SECSIG OID_ORG_OIW "\x03" +#define OID_OIW_SECSIG_ALG OID_OIW_SECSIG "\x02" +#define OID_OIW_SECSIG_SHA1 OID_OIW_SECSIG_ALG "\x1a" /* * ISO ITU OID parts @@ -143,10 +147,18 @@ #define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ #define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ +/* + * PKCS definition OIDs + */ + #define OID_PKCS OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ #define OID_PKCS1 OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ +#define OID_PKCS5 OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ #define OID_PKCS9 OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ +/* + * PKCS#1 OIDs + */ #define OID_PKCS1_RSA OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ #define OID_PKCS1_MD2 OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */ #define OID_PKCS1_MD4 OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */ @@ -161,6 +173,9 @@ #define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ +/* + * Digest algorithms + */ #define OID_DIGEST_ALG_MD2 OID_RSA_COMPANY "\x02\x02" /**< id-md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */ #define OID_DIGEST_ALG_MD4 OID_RSA_COMPANY "\x02\x04" /**< id-md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */ #define OID_DIGEST_ALG_MD5 OID_RSA_COMPANY "\x02\x05" /**< id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ @@ -172,6 +187,31 @@ #define OID_DIGEST_ALG_SHA512 OID_GOV "\x03\x04\x02\x03" /**< id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ +#define OID_HMAC_SHA1 OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ + +/* + * Encryption algorithms + */ +#define OID_DES_CBC OID_ISO_IDENTIFIED_ORG OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ +#define OID_DES_EDE3_CBC OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ + +/* + * PKCS#5 OIDs + */ +#define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */ +#define OID_PKCS5_PBES2 OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */ +#define OID_PKCS5_PBMAC1 OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */ + +/* + * PKCS#5 PBES1 algorithms + */ +#define OID_PKCS5_PBE_MD2_DES_CBC OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ +#define OID_PKCS5_PBE_MD2_RC2_CBC OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */ +#define OID_PKCS5_PBE_MD5_DES_CBC OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ +#define OID_PKCS5_PBE_MD5_RC2_CBC OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ +#define OID_PKCS5_PBE_SHA1_DES_CBC OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ +#define OID_PKCS5_PBE_SHA1_RC2_CBC OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ + #ifdef __cplusplus extern "C" { #endif @@ -294,6 +334,16 @@ int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc ); */ int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str ); +/** + * \brief Translate encryption algorithm OID into cipher_type + * + * \param oid OID to use + * \param cipher_alg place to store cipher algorithm + * + * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND + */ +int oid_get_cipher_alg( const asn1_buf *oid, cipher_type_t *cipher_alg ); + #ifdef __cplusplus } #endif diff --git a/include/polarssl/pkcs5.h b/include/polarssl/pkcs5.h index b8c742e97c..6c5b21a68f 100644 --- a/include/polarssl/pkcs5.h +++ b/include/polarssl/pkcs5.h @@ -49,24 +49,6 @@ typedef UINT32 uint32_t; #define PKCS5_DECRYPT 0 #define PKCS5_ENCRYPT 1 -/* - * PKCS#5 OIDs - */ -#define OID_PKCS5 "\x2a\x86\x48\x86\xf7\x0d\x01\x05" -#define OID_PKCS5_PBES2 OID_PKCS5 "\x0d" -#define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c" - -/* - * Encryption Algorithm OIDs - */ -#define OID_DES_CBC "\x2b\x0e\x03\x02\x07" -#define OID_DES_EDE3_CBC "\x2a\x86\x48\x86\xf7\x0d\x03\x07" - -/* - * Digest Algorithm OIDs - */ -#define OID_HMAC_SHA1 "\x2a\x86\x48\x86\xf7\x0d\x02\x07" - #ifdef __cplusplus extern "C" { #endif diff --git a/library/oid.c b/library/oid.c index a280070a84..371d1ba16f 100644 --- a/library/oid.c +++ b/library/oid.c @@ -30,7 +30,6 @@ #if defined(POLARSSL_OID_C) #include "polarssl/oid.h" -#include "polarssl/md.h" #include "polarssl/rsa.h" #include @@ -201,6 +200,30 @@ static const oid_pk_alg_t oid_pk_alg[] = }, }; +/* + * For PKCS#5 PBES2 encryption algorithm + */ +typedef struct { + oid_descriptor_t descriptor; + cipher_type_t cipher_alg; +} oid_cipher_alg_t; + +static const oid_cipher_alg_t oid_cipher_alg[] = +{ + { + { OID_DES_CBC, "desCBC", "DES-CBC" }, + POLARSSL_CIPHER_DES_CBC, + }, + { + { OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC" }, + POLARSSL_CIPHER_DES_EDE3_CBC, + }, + { + { NULL, NULL, NULL }, + 0, + }, +}; + /* * For digestAlgorithm */ @@ -452,6 +475,14 @@ static const oid_md_alg_t *oid_md_alg_from_asn1( const asn1_buf *oid ) oid ); } +static const oid_cipher_alg_t *oid_cipher_alg_from_asn1( const asn1_buf *oid ) +{ + return (const oid_cipher_alg_t *) oid_descriptor_from_asn1( + oid_cipher_alg, + sizeof(oid_cipher_alg_t), + oid ); +} + int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name ) { const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid ); @@ -554,4 +585,17 @@ int oid_get_oid_by_md( md_type_t md_alg, return( POLARSSL_ERR_OID_NOT_FOUND ); } +int oid_get_cipher_alg( const asn1_buf *oid, + cipher_type_t *cipher_alg ) +{ + const oid_cipher_alg_t *data = oid_cipher_alg_from_asn1( oid ); + + if( data == NULL ) + return( POLARSSL_ERR_OID_NOT_FOUND ); + + *cipher_alg = data->cipher_alg; + + return( 0 ); +} + #endif /* POLARSSL_OID_C */ diff --git a/library/pkcs5.c b/library/pkcs5.c index fa9111541e..c41927b637 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -40,6 +40,7 @@ #include "polarssl/pkcs5.h" #include "polarssl/asn1.h" #include "polarssl/cipher.h" +#include "polarssl/oid.h" static int pkcs5_parse_pbkdf2_params( unsigned char **p, const unsigned char *end, @@ -117,6 +118,7 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, const md_info_t *md_info; const cipher_info_t *cipher_info; md_context_t md_ctx; + cipher_type_t cipher_alg; cipher_context_t cipher_ctx; p = pbe_params->p; @@ -178,21 +180,10 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, enc_scheme_oid.p = p; p += enc_scheme_oid.len; -#if defined(POLARSSL_DES_C) - // Only DES-CBC and DES-EDE3-CBC supported at the moment - // - if( OID_CMP( OID_DES_EDE3_CBC, &enc_scheme_oid ) ) - { - cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC ); - } - else if( OID_CMP( OID_DES_CBC, &enc_scheme_oid ) ) - { - cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_CBC ); - } - else -#endif /* POLARSSL_DES_C */ + if ( oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); + cipher_info = cipher_info_from_type( cipher_alg ); if( cipher_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );