add RC2-40-CBC support to PKCS#12 parsing

2020-10-16 09:59:17 -06:00
parent 0854efe168
commit 2c0f4b619e
4 changed files with 45 additions and 7 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -73,6 +73,7 @@ ASN Options:
 #include <wolfssl/wolfcrypt/pwdbased.h>
 #include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/rc2.h>
 #include <wolfssl/wolfcrypt/wc_encrypt.h>
 #include <wolfssl/wolfcrypt/logging.h>

@ -3143,6 +3144,13 @@ static int CheckAlgo(int first, int second, int* id, int* version, int* blockSz)
            if (blockSz) *blockSz = DES_BLOCK_SIZE;
            return 0;
    #endif
+    #ifdef WC_RC2
+        case PBE_SHA1_40RC2_CBC:
+            *id = PBE_SHA1_40RC2_CBC;
+            *version = PKCS12v1;
+            if (blockSz) *blockSz = RC2_BLOCK_SIZE;
+            return 0;
+    #endif
 #endif /* !NO_SHA */
        default:
            return ALGO_ID_E;
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@ -630,7 +630,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
    int size    = 0;
    int version = 0;

-    WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio");
+    WOLFSSL_ENTER("wolfSSL_d2i_PKCS12");

    if (der == NULL || pkcs12 == NULL) {
        return BAD_FUNC_ARG;
--- a/wolfcrypt/src/wc_encrypt.c
+++ b/wolfcrypt/src/wc_encrypt.c
@ -28,6 +28,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/rc2.h>
 #include <wolfssl/wolfcrypt/arc4.h>
 #include <wolfssl/wolfcrypt/wc_encrypt.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@ -455,6 +456,12 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
            }
            break;
    #endif /* WOLFSSL_AES_128 && !NO_SHA */
+    #ifdef WC_RC2
+        case PBE_SHA1_40RC2_CBC:
+            typeH = WC_SHA;
+            derivedLen = 5;
+            break;
+    #endif
        default:
            WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id");
            (void)shaOid;
@ -640,6 +647,28 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
        }
    #endif /* WOLFSSL_AES_256 */
 #endif /* !NO_AES && HAVE_AES_CBC */
+#ifdef WC_RC2
+        case PBE_SHA1_40RC2_CBC:
+        {
+            RC2 rc2;
+            /* effective key size for RC2-40-CBC is 40 bits */
+            ret = wc_Rc2SetKey(&rc2, key, derivedLen, cbcIv, 40);
+            if (ret == 0) {
+                if (enc)
+                    ret = wc_Rc2CbcEncrypt(&rc2, input, input, length);
+                else
+                    ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
+            }
+            if (ret != 0) {
+#ifdef WOLFSSL_SMALL_STACK
+                XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+                return ret;
+            }
+            ForceZero(&rc2, sizeof(RC2));
+            break;
+        }
+#endif

        default:
 #ifdef WOLFSSL_SMALL_STACK
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@ -1416,12 +1416,13 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
 #endif

 enum PBESTypes {
-    PBE_MD5_DES      = 0,
-    PBE_SHA1_RC4_128 = 1,
-    PBE_SHA1_DES     = 2,
-    PBE_SHA1_DES3    = 3,
-    PBE_AES256_CBC   = 4,
-    PBE_AES128_CBC   = 5,
+    PBE_MD5_DES        = 0,
+    PBE_SHA1_RC4_128   = 1,
+    PBE_SHA1_DES       = 2,
+    PBE_SHA1_DES3      = 3,
+    PBE_AES256_CBC     = 4,
+    PBE_AES128_CBC     = 5,
+    PBE_SHA1_40RC2_CBC = 6,

    PBE_SHA1_RC4_128_SUM = 657,
    PBE_SHA1_DES3_SUM    = 659,