Google Git
Sign in
kernel / pub / scm / libs / ell / ell / 7a137bcac31e63161affc0fb2f621ec64880fc85 / . / ell / cert-crypto.c
blob: cc312e2caf423f5fffe32c56f4a5cc93affea4cf [file] [log] [blame]
/*
*
* Embedded Linux library
*
* Copyright (C) 2020 Intel Corporation. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#define _GNU_SOURCE
#include <unistd.h>
#include <stdarg.h>
#include <string.h>
#include <strings.h>
#include "checksum.h"
#include "cipher.h"
#include "useful.h"
#include "utf8.h"
#include "asn1-private.h"
#include "private.h"
#include "missing.h"
#include "cert.h"
#include "cert-private.h"
/* RFC8018 section 5.1 */
LIB_EXPORT bool l_cert_pkcs5_pbkdf1(enum l_checksum_type type,
const char *password,
const uint8_t *salt, size_t salt_len,
unsigned int iter_count,
uint8_t *out_dk, size_t dk_len)
{
size_t hash_len, t_len;
uint8_t t[20 + salt_len + strlen(password)];
struct l_checksum *checksum;
switch (type) {
case L_CHECKSUM_MD5:
hash_len = 16;
break;
case L_CHECKSUM_SHA1:
hash_len = 20;
break;
case L_CHECKSUM_NONE:
case L_CHECKSUM_MD4:
case L_CHECKSUM_SHA224:
case L_CHECKSUM_SHA256:
case L_CHECKSUM_SHA384:
case L_CHECKSUM_SHA512:
return false;
default:
return false;
}
if (dk_len > hash_len)
return false;
checksum = l_checksum_new(type);
if (!checksum)
return false;
memcpy(t, password, strlen(password));
memcpy(t + strlen(password), salt, salt_len);
t_len = strlen(password) + salt_len;
while (iter_count) {
l_checksum_reset(checksum);
if (!l_checksum_update(checksum, t, t_len))
break;
if (l_checksum_get_digest(checksum, t, hash_len) !=
(ssize_t) hash_len)
break;
t_len = hash_len;
iter_count--;
}
l_checksum_free(checksum);
if (!iter_count)
memcpy(out_dk, t, dk_len);
explicit_bzero(t, sizeof(t));
return !iter_count;
}
/* RFC8018 section 5.2 */
LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type,
const char *password,
const uint8_t *salt, size_t salt_len,
unsigned int iter_count,
uint8_t *out_dk, size_t dk_len)
{
size_t h_len;
struct l_checksum *checksum;
unsigned int i;
switch (type) {
case L_CHECKSUM_SHA1:
h_len = 20;
break;
case L_CHECKSUM_SHA224:
h_len = 28;
break;
case L_CHECKSUM_SHA256:
h_len = 32;
break;
case L_CHECKSUM_SHA384:
h_len = 48;
break;
case L_CHECKSUM_SHA512:
h_len = 64;
break;
case L_CHECKSUM_NONE:
case L_CHECKSUM_MD4:
case L_CHECKSUM_MD5:
return false;
default:
return false;
}
checksum = l_checksum_new_hmac(type, password, strlen(password));
if (!checksum)
return false;
for (i = 1; dk_len; i++) {
unsigned int j, k;
uint8_t u[salt_len + 64];
size_t u_len;
size_t block_len = h_len;
if (block_len > dk_len)
block_len = dk_len;
memset(out_dk, 0, block_len);
memcpy(u, salt, salt_len);
l_put_be32(i, u + salt_len);
u_len = salt_len + 4;
for (j = 0; j < iter_count; j++) {
l_checksum_reset(checksum);
if (!l_checksum_update(checksum, u, u_len))
break;
if (l_checksum_get_digest(checksum, u, h_len) !=
(ssize_t) h_len)
break;
u_len = h_len;
for (k = 0; k < block_len; k++)
out_dk[k] ^= u[k];
}
if (j < iter_count)
break;
out_dk += block_len;
dk_len -= block_len;
}
l_checksum_free(checksum);
return !dk_len;
}
/* RFC7292 Appendix B */
uint8_t *cert_pkcs12_pbkdf(const char *password,
const struct cert_pkcs12_hash *hash,
const uint8_t *salt, size_t salt_len,
unsigned int iterations, uint8_t id,
size_t key_len)
{
/* All lengths in bytes instead of bits */
size_t passwd_len = password ? 2 * strlen(password) + 2 : 0;
uint8_t *bmpstring;
/* Documented as v(ceiling(s/v)), usually will just equal v */
unsigned int s_len = (salt_len + hash->v - 1) & ~(hash->v - 1);
/* Documented as p(ceiling(s/p)), usually will just equal v */
unsigned int p_len = password ?
(passwd_len + hash->v - 1) & ~(hash->v - 1) : 0;
uint8_t di[hash->v + s_len + p_len];
uint8_t *ptr;
unsigned int j;
uint8_t *key;
unsigned int bytes;
struct l_checksum *h = l_checksum_new(hash->alg);
if (!h)
return NULL;
/*
* The BMPString encoding, in practice same as UCS-2, can end up
* at 2 * strlen(password) + 2 bytes or shorter depending on the
* characters used. Recalculate p_len after we know it.
* Important: The password must be valid UTF-8 here.
*/
if (p_len) {
if (!(bmpstring = l_utf8_to_ucs2be(password, &passwd_len))) {
l_checksum_free(h);
return NULL;
}
p_len = (passwd_len + hash->v - 1) & ~(hash->v - 1);
}
memset(di, id, hash->v);
ptr = di + hash->v;
for (j = salt_len; j < s_len; j += salt_len, ptr += salt_len)
memcpy(ptr, salt, salt_len);
if (s_len) {
memcpy(ptr, salt, s_len + salt_len - j);
ptr += s_len + salt_len - j;
}
if (p_len) {
for (j = passwd_len; j < p_len;
j += passwd_len, ptr += passwd_len)
memcpy(ptr, bmpstring, passwd_len);
memcpy(ptr, bmpstring, p_len + passwd_len - j);
explicit_bzero(bmpstring, passwd_len);
l_free(bmpstring);
}
key = l_malloc(key_len + hash->len);
for (bytes = 0; bytes < key_len; bytes += hash->u) {
uint8_t b[hash->v];
uint8_t *input = di;
unsigned int input_len = hash->v + s_len + p_len;
for (j = 0; j < iterations; j++) {
if (!l_checksum_update(h, input, input_len) ||
l_checksum_get_digest(h,
key + bytes,
hash->len) <= 0) {
l_checksum_free(h);
l_free(key);
return NULL;
}
input = key + bytes;
input_len = hash->u;
l_checksum_reset(h);
}
if (bytes + hash->u >= key_len)
break;
for (j = 0; j < hash->v - hash->u; j += hash->u)
memcpy(b + j, input, hash->u);
memcpy(b + j, input, hash->v - j);
ptr = di + hash->v;
for (j = 0; j < s_len + p_len; j += hash->v, ptr += hash->v) {
unsigned int k;
uint16_t carry = 1;
/*
* Not specified in the RFC7292 but implementations
* sum these octet strings as big-endian integers.
* We could use 64-bit additions here but the benefit
* may not compensate the cost of the byteswapping.
*/
for (k = hash->v - 1; k > 0; k--) {
carry = ptr[k] + b[k] + carry;
ptr[k] = carry;
carry >>= 8;
}
ptr[k] += b[k] + carry;
explicit_bzero(&carry, sizeof(carry));
}
explicit_bzero(b, sizeof(b));
}
explicit_bzero(di, sizeof(di));
l_checksum_free(h);
return key;
}
/* RFC7292 Appendix A */
static const struct cert_pkcs12_hash pkcs12_sha1_hash = {
.alg = L_CHECKSUM_SHA1,
.len = 20,
.u = 20,
.v = 64,
.oid = { 5, { 0x2b, 0x0e, 0x03, 0x02, 0x1a } },
};
/* RFC8018 Section A.2 */
static struct asn1_oid pkcs5_pbkdf2_oid = {
9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c }
};
/* RFC8018 Section A.4 */
static struct asn1_oid pkcs5_pbes2_oid = {
9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0d }
};
/* RFC8018 Section A.3 */
static const struct pkcs5_pbes1_encryption_oid {
enum l_checksum_type checksum_type;
enum l_cipher_type cipher_type;
struct asn1_oid oid;
} pkcs5_pbes1_encryption_oids[] = {
{ /* pbeWithMD5AndDES-CBC */
L_CHECKSUM_MD5, L_CIPHER_DES_CBC,
{ 9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x03 } },
},
{ /* pbeWithSHA1AndDES-CBC */
L_CHECKSUM_SHA1, L_CIPHER_DES_CBC,
{ 9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0a } },
},
/* MD2- and RC2-based schemes 1, 4, 6 and 11 not supported */
};
/* RFC7292 Appendix C */
static const struct pkcs12_encryption_oid {
enum l_cipher_type cipher_type;
unsigned int key_length;
unsigned int iv_length;
bool copy_k1; /* Expand the 2-Key 3DES key for 3-Key 3DES */
bool is_block;
struct asn1_oid oid;
} pkcs12_encryption_oids[] = {
{ /* pbeWithSHAAnd128BitRC4 */
.cipher_type = L_CIPHER_ARC4,
.key_length = 16,
.oid = { 10, {
0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x0c, 0x01, 0x01,
} }
},
{ /* pbeWithSHAAnd40BitRC4 */
.cipher_type = L_CIPHER_ARC4,
.key_length = 5,
.oid = { 10, {
0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x0c, 0x01, 0x02,
} }
},
{ /* pbeWithSHAAnd3-KeyTripleDES-CBC */
.cipher_type = L_CIPHER_DES3_EDE_CBC,
.key_length = 24,
.iv_length = 8,
.is_block = true,
.oid = { 10, {
0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x0c, 0x01, 0x03,
} }
},
{ /* pbeWithSHAAnd2-KeyTripleDES-CBC */
.cipher_type = L_CIPHER_DES3_EDE_CBC,
.key_length = 16,
.iv_length = 8,
.copy_k1 = true,
.is_block = true,
.oid = { 10, {
0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x0c, 0x01, 0x04,
} }
},
{ /* pbeWithSHAAnd128BitRC2-CBC */
.cipher_type = L_CIPHER_RC2_CBC,
.key_length = 16,
.iv_length = 8,
.is_block = true,
.oid = { 10, {
0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x0c, 0x01, 0x05,
} }
},
{ /* pbeWithSHAAnd40BitRC2-CBC */
.cipher_type = L_CIPHER_RC2_CBC,
.key_length = 5,
.iv_length = 8,
.is_block = true,
.oid = { 10, {
0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x0c, 0x01, 0x06,
} }
},
};
static const struct pkcs5_digest_alg_oid {
enum l_checksum_type type;
struct asn1_oid oid;
} pkcs5_digest_alg_oids[] = {
{ /* hmacWithSHA1 */
L_CHECKSUM_SHA1,
{ 8, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x07 } },
},
{ /* hmacWithSHA224 */
L_CHECKSUM_SHA224,
{ 8, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x08 } },
},
{ /* hmacWithSHA256 */
L_CHECKSUM_SHA256,
{ 8, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x09 } },
},
{ /* hmacWithSHA384 */
L_CHECKSUM_SHA384,
{ 8, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0a } },
},
{ /* hmacWithSHA512 */
L_CHECKSUM_SHA512,
{ 8, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0b } },
},
/* hmacWithSHA512-224 and hmacWithSHA512-256 not supported */
};
static const struct pkcs5_enc_alg_oid {
enum l_cipher_type cipher_type;
uint8_t key_size, iv_size;
struct asn1_oid oid;
} pkcs5_enc_alg_oids[] = {
{ /* desCBC */
L_CIPHER_DES_CBC, 8, 8,
{ 5, { 0x2b, 0x0e, 0x03, 0x02, 0x07 } },
},
{ /* des-EDE3-CBC */
L_CIPHER_DES3_EDE_CBC, 24, 8,
{ 8, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07 } },
},
/* RC2/RC5-based schemes 2 and 9 not supported */
{ /* aes128-CBC-PAD */
L_CIPHER_AES_CBC, 16, 16,
{ 9, { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x02 } },
},
{ /* aes192-CBC-PAD */
L_CIPHER_AES_CBC, 24, 16,
{ 9, { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x16 } },
},
{ /* aes256-CBC-PAD */
L_CIPHER_AES_CBC, 32, 16,
{ 9, { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2a } },
},
};
static struct l_cipher *cipher_from_pkcs5_pbes2_params(
const uint8_t *pbes2_params,
size_t pbes2_params_len,
const char *password)
{
uint8_t tag;
const uint8_t *kdf_sequence, *enc_sequence, *oid, *params,
*salt, *iter_count_buf, *key_len_buf, *prf_sequence;
size_t kdf_len, enc_len, params_len, salt_len, key_len, tmp_len;
unsigned int i, iter_count, pos;
enum l_checksum_type prf_alg = L_CHECKSUM_NONE;
const struct pkcs5_enc_alg_oid *enc_scheme = NULL;
uint8_t derived_key[64];
struct l_cipher *cipher;
/* RFC8018 section A.4 */
kdf_sequence = asn1_der_find_elem(pbes2_params, pbes2_params_len, 0,
&tag, &kdf_len);
if (!kdf_sequence || tag != ASN1_ID_SEQUENCE)
return NULL;
enc_sequence = asn1_der_find_elem(pbes2_params, pbes2_params_len, 1,
&tag, &enc_len);
if (!enc_sequence || tag != ASN1_ID_SEQUENCE)
return NULL;
if (asn1_der_find_elem(pbes2_params, pbes2_params_len, 2,
&tag, &tmp_len))
return NULL;
/* RFC8018 section A.2 */
oid = asn1_der_find_elem(kdf_sequence, kdf_len, 0, &tag, &tmp_len);
if (!oid || tag != ASN1_ID_OID)
return NULL;
if (!asn1_oid_eq(&pkcs5_pbkdf2_oid, tmp_len, oid))
return NULL;
params = asn1_der_find_elem(kdf_sequence, kdf_len, 1,
&tag, &params_len);
if (!params || tag != ASN1_ID_SEQUENCE)
return NULL;
if (asn1_der_find_elem(kdf_sequence, kdf_len, 2, &tag, &tmp_len))
return NULL;
salt = asn1_der_find_elem(params, params_len, 0, &tag, &salt_len);
if (!salt || tag != ASN1_ID_OCTET_STRING ||
salt_len < 1 || salt_len > 512)
return NULL;
iter_count_buf = asn1_der_find_elem(params, params_len, 1,
&tag, &tmp_len);
if (!iter_count_buf || tag != ASN1_ID_INTEGER ||
tmp_len < 1 || tmp_len > 4)
return NULL;
iter_count = 0;
while (tmp_len--)
iter_count = (iter_count << 8) | *iter_count_buf++;
pos = 2;
key_len_buf = asn1_der_find_elem(params, params_len, pos,
&tag, &tmp_len);
if (key_len_buf && tag == ASN1_ID_INTEGER) {
if (tmp_len != 1)
return NULL;
pos++;
key_len = 0;
while (tmp_len--)
key_len = (key_len << 8) | *key_len_buf++;
} else
key_len = 0;
prf_sequence = asn1_der_find_elem(params, params_len, pos,
&tag, &tmp_len);
if (prf_sequence && tag == ASN1_ID_SEQUENCE) {
pos++;
oid = asn1_der_find_elem(prf_sequence, tmp_len, 0,
&tag, &tmp_len);
if (!oid || tag != ASN1_ID_OID)
return NULL;
for (i = 0; i < L_ARRAY_SIZE(pkcs5_digest_alg_oids); i++)
if (asn1_oid_eq(&pkcs5_digest_alg_oids[i].oid,
tmp_len, oid))
prf_alg = pkcs5_digest_alg_oids[i].type;
if (prf_alg == L_CHECKSUM_NONE)
return NULL;
} else
prf_alg = L_CHECKSUM_SHA1;
oid = asn1_der_find_elem(enc_sequence, enc_len, 0, &tag, &tmp_len);
if (!oid || tag != ASN1_ID_OID)
return NULL;
for (i = 0; i < L_ARRAY_SIZE(pkcs5_enc_alg_oids); i++) {
if (asn1_oid_eq(&pkcs5_enc_alg_oids[i].oid, tmp_len, oid)) {
enc_scheme = &pkcs5_enc_alg_oids[i];
break;
}
}
if (!enc_scheme)
return NULL;
params = asn1_der_find_elem(enc_sequence, enc_len, 1,
&tag, &params_len);
if (!params)
return NULL;
/* RFC8018 section B.2 */
/*
* Since we don't support the RC2/RC5 PBES2 ciphers, our parameters
* only have an obligatory OCTET STRING IV parameter and a fixed key
* length.
*/
if (tag != ASN1_ID_OCTET_STRING || params_len != enc_scheme->iv_size)
return NULL;
if (key_len && enc_scheme->key_size != key_len)
return NULL;
key_len = enc_scheme->key_size;
if (asn1_der_find_elem(enc_sequence, enc_len, 2, &tag, &tmp_len))
return NULL;
/* RFC8018 section 6.2 */
if (!l_cert_pkcs5_pbkdf2(prf_alg, password, salt, salt_len, iter_count,
derived_key, key_len))
return NULL;
cipher = l_cipher_new(enc_scheme->cipher_type, derived_key, key_len);
if (cipher && !l_cipher_set_iv(cipher, params, enc_scheme->iv_size)) {
l_cipher_free(cipher);
cipher = NULL;
}
explicit_bzero(derived_key, 16);
return cipher;
}
static struct l_cipher *cipher_from_pkcs12_alg_id(
const struct pkcs12_encryption_oid *scheme,
const uint8_t *params, size_t params_len,
const char *password, bool *out_is_block)
{
uint8_t tag;
const uint8_t *salt;
const uint8_t *iterations_data;
size_t salt_len;
size_t iterations_len;
unsigned int iterations;
uint8_t *key;
size_t key_len;
struct l_cipher *cipher;
/* Same parameters as in PKCS#5 */
salt = asn1_der_find_elem(params, params_len, 0, &tag, &salt_len);
if (!salt || tag != ASN1_ID_OCTET_STRING)
return NULL;
iterations_data = asn1_der_find_elem(params, params_len, 1,
&tag, &iterations_len);
if (!iterations_data || tag != ASN1_ID_INTEGER ||
iterations_len < 1 || iterations_len > 4)
return NULL;
for (iterations = 0; iterations_len; iterations_len--)
iterations = (iterations << 8) | *iterations_data++;
if (iterations < 1 || iterations > 8192)
return NULL;
if (iterations_data != params + params_len)
return NULL;
key_len = scheme->key_length;
key = cert_pkcs12_pbkdf(password, &pkcs12_sha1_hash, salt, salt_len,
iterations, 1, key_len);
if (!key)
return NULL;
if (scheme->copy_k1) {
/*
* 2-Key 3DES is like L_CIPHER_DES3_EDE_CBC except the last
* of the 3 8-byte keys is not generated using a KDF and
* instead is a copy of the first key. In other words
* the first half of the 16-byte key material is appended
* at the end to produce the 24 bytes for DES3_EDE_CBC.
*/
uint8_t *key2 = l_malloc(24);
memcpy(key2, key, 16);
memcpy(key2 + 16, key, 8);
explicit_bzero(key, key_len);
l_free(key);
key = key2;
key_len = 24;
}
cipher = l_cipher_new(scheme->cipher_type, key, key_len);
explicit_bzero(key, key_len);
l_free(key);
if (!cipher)
return NULL;
if (scheme->iv_length) {
uint8_t *iv = cert_pkcs12_pbkdf(password, &pkcs12_sha1_hash,
salt, salt_len, iterations, 2,
scheme->iv_length);
if (!iv || !l_cipher_set_iv(cipher, iv, scheme->iv_length)) {
l_cipher_free(cipher);
cipher = NULL;
}
if (iv)
explicit_bzero(iv, scheme->iv_length);
l_free(iv);
}
if (out_is_block)
*out_is_block = scheme->is_block;
return cipher;
}
struct l_cipher *cert_cipher_from_pkcs_alg_id(const uint8_t *id_asn1,
size_t id_asn1_len,
const char *password,
bool *out_is_block)
{
uint8_t tag;
const uint8_t *oid, *params, *salt, *iter_count_buf;
size_t oid_len, params_len, tmp_len;
unsigned int i, iter_count;
const struct pkcs5_pbes1_encryption_oid *pbes1_scheme = NULL;
uint8_t derived_key[16];
struct l_cipher *cipher;
oid = asn1_der_find_elem(id_asn1, id_asn1_len, 0, &tag, &oid_len);
if (!oid || tag != ASN1_ID_OID)
return NULL;
params = asn1_der_find_elem(id_asn1, id_asn1_len, 1, &tag, &params_len);
if (!params || tag != ASN1_ID_SEQUENCE)
return NULL;
if (asn1_der_find_elem(id_asn1, id_asn1_len, 2, &tag, &tmp_len))
return NULL;
if (asn1_oid_eq(&pkcs5_pbes2_oid, oid_len, oid)) {
if (out_is_block)
*out_is_block = true;
return cipher_from_pkcs5_pbes2_params(params, params_len,
password);
}
/* RFC8018 section A.3 */
for (i = 0; i < L_ARRAY_SIZE(pkcs5_pbes1_encryption_oids); i++) {
if (asn1_oid_eq(&pkcs5_pbes1_encryption_oids[i].oid,
oid_len, oid)) {
pbes1_scheme = &pkcs5_pbes1_encryption_oids[i];
break;
}
}
/* Check if this is a PKCS#12 OID */
if (!pbes1_scheme) {
for (i = 0; i < L_ARRAY_SIZE(pkcs12_encryption_oids); i++)
if (asn1_oid_eq(&pkcs12_encryption_oids[i].oid,
oid_len, oid))
return cipher_from_pkcs12_alg_id(
&pkcs12_encryption_oids[i],
params, params_len, password,
out_is_block);
return NULL;
}
salt = asn1_der_find_elem(params, params_len, 0, &tag, &tmp_len);
if (!salt || tag != ASN1_ID_OCTET_STRING || tmp_len != 8)
return NULL;
iter_count_buf = asn1_der_find_elem(params, params_len, 1,
&tag, &tmp_len);
if (!iter_count_buf || tag != ASN1_ID_INTEGER ||
tmp_len < 1 || tmp_len > 4)
return NULL;
iter_count = 0;
while (tmp_len--)
iter_count = (iter_count << 8) | *iter_count_buf++;
if (asn1_der_find_elem(params, params_len, 2, &tag, &tmp_len))
return NULL;
/* RFC8018 section 6.1 */
if (!l_cert_pkcs5_pbkdf1(pbes1_scheme->checksum_type, password,
salt, 8, iter_count, derived_key, 16))
return NULL;
cipher = l_cipher_new(pbes1_scheme->cipher_type, derived_key + 0, 8);
if (cipher && !l_cipher_set_iv(cipher, derived_key + 8, 8)) {
l_cipher_free(cipher);
cipher = NULL;
}
explicit_bzero(derived_key, 16);
if (out_is_block)
*out_is_block = true;
return cipher;
}