From 939b7c0a9e7c0c0f844e0056af96432c83127b1a Mon Sep 17 00:00:00 2001
From: Yiyuan Zhong <yiyuanzhong@gmail.com>
Date: Wed, 2 Oct 2024 22:52:10 +0800
Subject: [PATCH] Mbed-TLS: implement PBKDF2

PBKDF2 has been implemented since 2.0.0 and a new API was introduced in 3.3.0
deprecating the old one. This implementation will use the new API if detected.
---
 configure.ac                        |  3 +-
 lib/crypto_backend/crypto_mbedtls.c | 79 +++++++++++++++++------------
 meson.build                         |  9 +++-
 3 files changed, 55 insertions(+), 36 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0ccf940b..a5535731 100644
--- a/configure.ac
+++ b/configure.ac
@@ -406,11 +406,12 @@ AC_DEFUN([CONFIGURE_MBEDTLS], [
 	saved_LIBS=$LIBS
 	AC_CHECK_LIB(mbedcrypto, mbedtls_md_init,,
 		[AC_MSG_ERROR([You need mbedTLS cryptographic library.])])
+	AC_CHECK_FUNCS(mbedtls_pkcs5_pbkdf2_hmac_ext)
 	CRYPTO_LIBS=$LIBS
 	LIBS=$saved_LIBS
 
 	CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
-	use_internal_pbkdf2=1
+	use_internal_pbkdf2=0
 	use_internal_argon2=1
 	NO_FIPS([])
 ])
diff --git a/lib/crypto_backend/crypto_mbedtls.c b/lib/crypto_backend/crypto_mbedtls.c
index ab4bc952..e4f6ac92 100644
--- a/lib/crypto_backend/crypto_mbedtls.c
+++ b/lib/crypto_backend/crypto_mbedtls.c
@@ -16,24 +16,11 @@
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/md.h>
+#include <mbedtls/pkcs5.h>
 #include <mbedtls/version.h>
 
 #include "crypto_backend_internal.h"
 
-static const struct hash_alg {
-	const char *name;
-	mbedtls_md_type_t type;
-	unsigned int block_length;
-} kHash[] = {
-	{"sha1",      MBEDTLS_MD_SHA1,       64},
-	{"sha224",    MBEDTLS_MD_SHA224,     64},
-	{"sha256",    MBEDTLS_MD_SHA256,     64},
-	{"sha384",    MBEDTLS_MD_SHA384,    128},
-	{"sha512",    MBEDTLS_MD_SHA512,    128},
-	{"ripemd160", MBEDTLS_MD_RIPEMD160,  64},
-	{NULL,        0,                      0}
-};
-
 struct crypt_hash {
 	const mbedtls_md_info_t *info;
 	mbedtls_md_context_t md;
@@ -58,6 +45,19 @@ static mbedtls_ctr_drbg_context g_ctr_drbg;
 
 static const mbedtls_md_info_t *crypt_get_hash(const char *name)
 {
+	static const struct hash_alg {
+		const char *name;
+		mbedtls_md_type_t type;
+	} kHash[] = {
+		{"sha1",      MBEDTLS_MD_SHA1     },
+		{"sha224",    MBEDTLS_MD_SHA224   },
+		{"sha256",    MBEDTLS_MD_SHA256   },
+		{"sha384",    MBEDTLS_MD_SHA384   },
+		{"sha512",    MBEDTLS_MD_SHA512   },
+		{"ripemd160", MBEDTLS_MD_RIPEMD160},
+		{NULL,        0,                  }
+	};
+
 	size_t i = 0;
 
 	while (name && kHash[i].name) {
@@ -69,19 +69,6 @@ static const mbedtls_md_info_t *crypt_get_hash(const char *name)
 	return NULL;
 }
 
-static unsigned int crypt_get_hash_block_length(const char *name)
-{
-	size_t i = 0;
-
-	while (name && kHash[i].name) {
-		if (strcmp(kHash[i].name, name) == 0)
-			return kHash[i].block_length;
-		i++;
-	}
-
-	return 0;
-}
-
 int crypt_backend_init(bool fips)
 {
 	int ret;
@@ -467,18 +454,44 @@ int crypt_pbkdf(const char *kdf, const char *hash,
                 char *key, size_t key_length,
                 uint32_t iterations, uint32_t memory, uint32_t parallel)
 {
-	unsigned int block_length;
+	const mbedtls_md_info_t *info;
+#if !HAVE_MBEDTLS_PKCS5_PBKDF2_HMAC_EXT
+	mbedtls_md_context_t md;
+#endif
 
 	if (!kdf)
 		return -EINVAL;
 
-        if (strcmp(kdf, "pbkdf2") == 0) {
-		block_length = crypt_get_hash_block_length(hash);
-		if (!block_length)
+	if (strcmp(kdf, "pbkdf2") == 0) {
+		info = crypt_get_hash(hash);
+		if (!info)
 			return -EINVAL;
 
-		return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
-				    iterations, key_length, key, block_length);
+#if HAVE_MBEDTLS_PKCS5_PBKDF2_HMAC_EXT
+		if (mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_get_type(info),
+						  (const unsigned char *)password, password_length,
+						  (const unsigned char *)salt, salt_length,
+						  iterations, key_length, (unsigned char *)key)) {
+
+			return -EINVAL;
+		}
+#else
+		mbedtls_md_init(&md);
+		if (mbedtls_md_setup(&md, info, 1))
+			return -EINVAL;
+
+		if (mbedtls_pkcs5_pbkdf2_hmac(&md,
+					      (const unsigned char *)password, password_length,
+					      (const unsigned char *)salt, salt_length,
+					      iterations, key_length, (unsigned char *)key)) {
+
+			mbedtls_md_free(&md);
+			return -EINVAL;
+		}
+
+		mbedtls_md_free(&md);
+#endif
+		return 0;
 
 	} else if (strncmp(kdf, "argon2", 6) == 0) {
 		return argon2(kdf, password, password_length, salt, salt_length,
diff --git a/meson.build b/meson.build
index 451c23f9..e3613818 100644
--- a/meson.build
+++ b/meson.build
@@ -559,9 +559,9 @@ elif get_option('crypto-backend') == 'mbedtls'
     if get_option('fips')
         error('mbedtls crypto backend is not supported with FIPS enabled')
     endif
+
     assert(cc.has_header('mbedtls/version.h'),
         'You need mbedTLS cryptographic library.')
-    conf.set10('HAVE_MBEDTLS_VERSION_H', cc.has_header('mbedtls/version.h'))
 
     mbedcrypto = cc.find_library('mbedcrypto',
         static: enable_static)
@@ -569,8 +569,13 @@ elif get_option('crypto-backend') == 'mbedtls'
             prefix: '#include <mbedtls/md.h>', dependencies: mbedcrypto),
         'You need mbedcrypto library.')
 
+    conf.set10('HAVE_MBEDTLS_PKCS5_PBKDF2_HMAC_EXT',
+        cc.has_function('mbedtls_pkcs5_pbkdf2_hmac_ext',
+            prefix: '#include <mbedtls/pkcs5.h>', dependencies: mbedcrypto),
+        description: 'Define to 1 if you have the `mbedtls_pkcs5_pbkdf2_hmac_ext\' function.')
+
     crypto_backend_library = mbedcrypto
-    use_internal_pbkdf2 = true
+    use_internal_pbkdf2 = false
     use_internal_argon2 = true
 endif
 conf.set10('USE_INTERNAL_PBKDF2', use_internal_pbkdf2)