pem.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446
  1. /*
  2. * Privacy Enhanced Mail (PEM) decoding
  3. *
  4. * Copyright (C) 2006-2014, Brainspark B.V.
  5. *
  6. * This file is part of PolarSSL (http://www.polarssl.org)
  7. * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
  8. *
  9. * All rights reserved.
  10. *
  11. * This program is free software; you can redistribute it and/or modify
  12. * it under the terms of the GNU General Public License as published by
  13. * the Free Software Foundation; either version 2 of the License, or
  14. * (at your option) any later version.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU General Public License along
  22. * with this program; if not, write to the Free Software Foundation, Inc.,
  23. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  24. */
  25. #if !defined(POLARSSL_CONFIG_FILE)
  26. #include "polarssl/config.h"
  27. #else
  28. #include POLARSSL_CONFIG_FILE
  29. #endif
  30. #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
  31. #include "polarssl/pem.h"
  32. #include "polarssl/base64.h"
  33. #include "polarssl/des.h"
  34. #include "polarssl/aes.h"
  35. #include "polarssl/md5.h"
  36. #include "polarssl/cipher.h"
  37. #if defined(POLARSSL_PLATFORM_C)
  38. #include "polarssl/platform.h"
  39. #else
  40. #define polarssl_malloc malloc
  41. #define polarssl_free free
  42. #endif
  43. #include <stdlib.h>
  44. /* Implementation that should never be optimized out by the compiler */
  45. static void polarssl_zeroize( void *v, size_t n ) {
  46. volatile unsigned char *p = v; while( n-- ) *p++ = 0;
  47. }
  48. #if defined(POLARSSL_PEM_PARSE_C)
  49. void pem_init( pem_context *ctx )
  50. {
  51. memset( ctx, 0, sizeof( pem_context ) );
  52. }
  53. #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
  54. ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
  55. /*
  56. * Read a 16-byte hex string and convert it to binary
  57. */
  58. static int pem_get_iv( const unsigned char *s, unsigned char *iv,
  59. size_t iv_len )
  60. {
  61. size_t i, j, k;
  62. memset( iv, 0, iv_len );
  63. for( i = 0; i < iv_len * 2; i++, s++ )
  64. {
  65. if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
  66. if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
  67. if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
  68. return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
  69. k = ( ( i & 1 ) != 0 ) ? j : j << 4;
  70. iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
  71. }
  72. return( 0 );
  73. }
  74. static void pem_pbkdf1( unsigned char *key, size_t keylen,
  75. unsigned char *iv,
  76. const unsigned char *pwd, size_t pwdlen )
  77. {
  78. md5_context md5_ctx;
  79. unsigned char md5sum[16];
  80. size_t use_len;
  81. md5_init( &md5_ctx );
  82. /*
  83. * key[ 0..15] = MD5(pwd || IV)
  84. */
  85. md5_starts( &md5_ctx );
  86. md5_update( &md5_ctx, pwd, pwdlen );
  87. md5_update( &md5_ctx, iv, 8 );
  88. md5_finish( &md5_ctx, md5sum );
  89. if( keylen <= 16 )
  90. {
  91. memcpy( key, md5sum, keylen );
  92. md5_free( &md5_ctx );
  93. polarssl_zeroize( md5sum, 16 );
  94. return;
  95. }
  96. memcpy( key, md5sum, 16 );
  97. /*
  98. * key[16..23] = MD5(key[ 0..15] || pwd || IV])
  99. */
  100. md5_starts( &md5_ctx );
  101. md5_update( &md5_ctx, md5sum, 16 );
  102. md5_update( &md5_ctx, pwd, pwdlen );
  103. md5_update( &md5_ctx, iv, 8 );
  104. md5_finish( &md5_ctx, md5sum );
  105. use_len = 16;
  106. if( keylen < 32 )
  107. use_len = keylen - 16;
  108. memcpy( key + 16, md5sum, use_len );
  109. md5_free( &md5_ctx );
  110. polarssl_zeroize( md5sum, 16 );
  111. }
  112. #if defined(POLARSSL_DES_C)
  113. /*
  114. * Decrypt with DES-CBC, using PBKDF1 for key derivation
  115. */
  116. static void pem_des_decrypt( unsigned char des_iv[8],
  117. unsigned char *buf, size_t buflen,
  118. const unsigned char *pwd, size_t pwdlen )
  119. {
  120. des_context des_ctx;
  121. unsigned char des_key[8];
  122. des_init( &des_ctx );
  123. pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
  124. des_setkey_dec( &des_ctx, des_key );
  125. des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
  126. des_iv, buf, buf );
  127. des_free( &des_ctx );
  128. polarssl_zeroize( des_key, 8 );
  129. }
  130. /*
  131. * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
  132. */
  133. static void pem_des3_decrypt( unsigned char des3_iv[8],
  134. unsigned char *buf, size_t buflen,
  135. const unsigned char *pwd, size_t pwdlen )
  136. {
  137. des3_context des3_ctx;
  138. unsigned char des3_key[24];
  139. des3_init( &des3_ctx );
  140. pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
  141. des3_set3key_dec( &des3_ctx, des3_key );
  142. des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
  143. des3_iv, buf, buf );
  144. des3_free( &des3_ctx );
  145. polarssl_zeroize( des3_key, 24 );
  146. }
  147. #endif /* POLARSSL_DES_C */
  148. #if defined(POLARSSL_AES_C)
  149. /*
  150. * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
  151. */
  152. static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
  153. unsigned char *buf, size_t buflen,
  154. const unsigned char *pwd, size_t pwdlen )
  155. {
  156. aes_context aes_ctx;
  157. unsigned char aes_key[32];
  158. aes_init( &aes_ctx );
  159. pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
  160. aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
  161. aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
  162. aes_iv, buf, buf );
  163. aes_free( &aes_ctx );
  164. polarssl_zeroize( aes_key, keylen );
  165. }
  166. #endif /* POLARSSL_AES_C */
  167. #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
  168. ( POLARSSL_AES_C || POLARSSL_DES_C ) */
  169. int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
  170. const unsigned char *data, const unsigned char *pwd,
  171. size_t pwdlen, size_t *use_len )
  172. {
  173. int ret, enc;
  174. size_t len;
  175. unsigned char *buf;
  176. const unsigned char *s1, *s2, *end;
  177. #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
  178. ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
  179. unsigned char pem_iv[16];
  180. cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
  181. #else
  182. ((void) pwd);
  183. ((void) pwdlen);
  184. #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
  185. ( POLARSSL_AES_C || POLARSSL_DES_C ) */
  186. if( ctx == NULL )
  187. return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
  188. s1 = (unsigned char *) strstr( (const char *) data, header );
  189. if( s1 == NULL )
  190. return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
  191. s2 = (unsigned char *) strstr( (const char *) data, footer );
  192. if( s2 == NULL || s2 <= s1 )
  193. return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
  194. s1 += strlen( header );
  195. if( *s1 == '\r' ) s1++;
  196. if( *s1 == '\n' ) s1++;
  197. else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
  198. end = s2;
  199. end += strlen( footer );
  200. if( *end == '\r' ) end++;
  201. if( *end == '\n' ) end++;
  202. *use_len = end - data;
  203. enc = 0;
  204. if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
  205. {
  206. #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
  207. ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
  208. enc++;
  209. s1 += 22;
  210. if( *s1 == '\r' ) s1++;
  211. if( *s1 == '\n' ) s1++;
  212. else return( POLARSSL_ERR_PEM_INVALID_DATA );
  213. #if defined(POLARSSL_DES_C)
  214. if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
  215. {
  216. enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC;
  217. s1 += 23;
  218. if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
  219. return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
  220. s1 += 16;
  221. }
  222. else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
  223. {
  224. enc_alg = POLARSSL_CIPHER_DES_CBC;
  225. s1 += 18;
  226. if( pem_get_iv( s1, pem_iv, 8) != 0 )
  227. return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
  228. s1 += 16;
  229. }
  230. #endif /* POLARSSL_DES_C */
  231. #if defined(POLARSSL_AES_C)
  232. if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
  233. {
  234. if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
  235. enc_alg = POLARSSL_CIPHER_AES_128_CBC;
  236. else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
  237. enc_alg = POLARSSL_CIPHER_AES_192_CBC;
  238. else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
  239. enc_alg = POLARSSL_CIPHER_AES_256_CBC;
  240. else
  241. return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
  242. s1 += 22;
  243. if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
  244. return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
  245. s1 += 32;
  246. }
  247. #endif /* POLARSSL_AES_C */
  248. if( enc_alg == POLARSSL_CIPHER_NONE )
  249. return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
  250. if( *s1 == '\r' ) s1++;
  251. if( *s1 == '\n' ) s1++;
  252. else return( POLARSSL_ERR_PEM_INVALID_DATA );
  253. #else
  254. return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
  255. #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
  256. ( POLARSSL_AES_C || POLARSSL_DES_C ) */
  257. }
  258. len = 0;
  259. ret = base64_decode( NULL, &len, s1, s2 - s1 );
  260. if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
  261. return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
  262. if( ( buf = (unsigned char *) polarssl_malloc( len ) ) == NULL )
  263. return( POLARSSL_ERR_PEM_MALLOC_FAILED );
  264. if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
  265. {
  266. polarssl_free( buf );
  267. return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
  268. }
  269. if( enc != 0 )
  270. {
  271. #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
  272. ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
  273. if( pwd == NULL )
  274. {
  275. polarssl_free( buf );
  276. return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
  277. }
  278. #if defined(POLARSSL_DES_C)
  279. if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
  280. pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
  281. else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
  282. pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
  283. #endif /* POLARSSL_DES_C */
  284. #if defined(POLARSSL_AES_C)
  285. if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
  286. pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
  287. else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
  288. pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
  289. else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
  290. pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
  291. #endif /* POLARSSL_AES_C */
  292. /*
  293. * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
  294. * length bytes (allow 4 to be sure) in all known use cases.
  295. *
  296. * Use that as heurisitic to try detecting password mismatchs.
  297. */
  298. if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
  299. {
  300. polarssl_free( buf );
  301. return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
  302. }
  303. #else
  304. polarssl_free( buf );
  305. return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
  306. #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
  307. ( POLARSSL_AES_C || POLARSSL_DES_C ) */
  308. }
  309. ctx->buf = buf;
  310. ctx->buflen = len;
  311. return( 0 );
  312. }
  313. void pem_free( pem_context *ctx )
  314. {
  315. polarssl_free( ctx->buf );
  316. polarssl_free( ctx->info );
  317. polarssl_zeroize( ctx, sizeof( pem_context ) );
  318. }
  319. #endif /* POLARSSL_PEM_PARSE_C */
  320. #if defined(POLARSSL_PEM_WRITE_C)
  321. int pem_write_buffer( const char *header, const char *footer,
  322. const unsigned char *der_data, size_t der_len,
  323. unsigned char *buf, size_t buf_len, size_t *olen )
  324. {
  325. int ret;
  326. unsigned char *encode_buf, *c, *p = buf;
  327. size_t len = 0, use_len = 0, add_len = 0;
  328. base64_encode( NULL, &use_len, der_data, der_len );
  329. add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
  330. if( use_len + add_len > buf_len )
  331. {
  332. *olen = use_len + add_len;
  333. return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
  334. }
  335. if( ( encode_buf = polarssl_malloc( use_len ) ) == NULL )
  336. return( POLARSSL_ERR_PEM_MALLOC_FAILED );
  337. if( ( ret = base64_encode( encode_buf, &use_len, der_data,
  338. der_len ) ) != 0 )
  339. {
  340. polarssl_free( encode_buf );
  341. return( ret );
  342. }
  343. memcpy( p, header, strlen( header ) );
  344. p += strlen( header );
  345. c = encode_buf;
  346. while( use_len )
  347. {
  348. len = ( use_len > 64 ) ? 64 : use_len;
  349. memcpy( p, c, len );
  350. use_len -= len;
  351. p += len;
  352. c += len;
  353. *p++ = '\n';
  354. }
  355. memcpy( p, footer, strlen( footer ) );
  356. p += strlen( footer );
  357. *p++ = '\0';
  358. *olen = p - buf;
  359. polarssl_free( encode_buf );
  360. return( 0 );
  361. }
  362. #endif /* POLARSSL_PEM_WRITE_C */
  363. #endif /* POLARSSL_PEM_PARSE_C || POLARSSL_PEM_WRITE_C */