From 0cb2e8ec2e69fa02d65f64bd9b83b7854f463dd3 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 14 Nov 2022 13:07:49 +0100
Subject: [PATCH] Added PBES2 key derivation with encryption and decryption
 support.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/cmd_cipher_sym.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c
index 2873ae8..d8a498c 100644
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@@ -241,6 +241,7 @@ int cmd_cipher_sym() {
             mbedtls_platform_zeroize(kdata, sizeof(kdata));
             if (r != 0)
                 return SW_EXEC_ERROR();
+            res_APDU_size = apdu.ne > 0 ? apdu.ne : apdu.nc;
         }
         else if (memcmp(oid, OID_PKCS5_PBKDF2, oid_len) == 0) {
             int iterations = 0, keylen = 0;
@@ -265,6 +266,16 @@ int cmd_cipher_sym() {
             mbedtls_md_free(&md_ctx);
             if (r != 0)
                 return SW_EXEC_ERROR();
+            res_APDU_size = keylen ? keylen : (apdu.ne ? apdu.ne : apdu.nc);
+        }
+        else if (memcmp(oid, OID_PKCS5_PBES2, oid_len) == 0) {
+            mbedtls_asn1_buf params = { .p = aad, .len = aad_len };
+            int r = mbedtls_pkcs5_pbes2(&params, algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT, kdata, key_size, enc, enc_len, res_APDU);
+            mbedtls_platform_zeroize(kdata, sizeof(kdata));
+            if (r != 0) {
+                return SW_WRONG_DATA();
+            }
+            res_APDU_size = enc_len;
         }
     }
     else {