TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 8bfc3de4e3aa12fed64575b37b5d0d9108b56e20 / . / lib / libmbedtls / mbedtls / library / pem.c
blob: 2f10e5014a44dc308ac042856c490dceb840b88c [file] [log] [blame]
Edison Aic6672fd2018-02-28 15:01:47 +0800[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2/*
3 * Privacy Enhanced Mail (PEM) decoding
4 *
5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
29
30#include "mbedtls/pem.h"
31#include "mbedtls/base64.h"
32#include "mbedtls/des.h"
33#include "mbedtls/aes.h"
34#include "mbedtls/md5.h"
35#include "mbedtls/cipher.h"
36
37#include <string.h>
38
39#if defined(MBEDTLS_PLATFORM_C)
40#include "mbedtls/platform.h"
41#else
42#include <stdlib.h>
43#define mbedtls_calloc calloc
44#define mbedtls_free free
45#endif
46
47#if defined(MBEDTLS_PEM_PARSE_C)
48/* Implementation that should never be optimized out by the compiler */
49static void mbedtls_zeroize( void *v, size_t n ) {
50 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
51}
52
53void mbedtls_pem_init( mbedtls_pem_context *ctx )
54{
55 memset( ctx, 0, sizeof( mbedtls_pem_context ) );
56}
57
58#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
59 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
60/*
61 * Read a 16-byte hex string and convert it to binary
62 */
63static int pem_get_iv( const unsigned char *s, unsigned char *iv,
64 size_t iv_len )
65{
66 size_t i, j, k;
67
68 memset( iv, 0, iv_len );
69
70 for( i = 0; i < iv_len * 2; i++, s++ )
71 {
72 if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
73 if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
74 if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
75 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
76
77 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
78
79 iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
80 }
81
82 return( 0 );
83}
84
85static void pem_pbkdf1( unsigned char *key, size_t keylen,
86 unsigned char *iv,
87 const unsigned char *pwd, size_t pwdlen )
88{
89 mbedtls_md5_context md5_ctx;
90 unsigned char md5sum[16];
91 size_t use_len;
92
93 mbedtls_md5_init( &md5_ctx );
94
95 /*
96 * key[ 0..15] = MD5(pwd || IV)
97 */
98 mbedtls_md5_starts( &md5_ctx );
99 mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
100 mbedtls_md5_update( &md5_ctx, iv, 8 );
101 mbedtls_md5_finish( &md5_ctx, md5sum );
102
103 if( keylen <= 16 )
104 {
105 memcpy( key, md5sum, keylen );
106
107 mbedtls_md5_free( &md5_ctx );
108 mbedtls_zeroize( md5sum, 16 );
109 return;
110 }
111
112 memcpy( key, md5sum, 16 );
113
114 /*
115 * key[16..23] = MD5(key[ 0..15] || pwd || IV])
116 */
117 mbedtls_md5_starts( &md5_ctx );
118 mbedtls_md5_update( &md5_ctx, md5sum, 16 );
119 mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
120 mbedtls_md5_update( &md5_ctx, iv, 8 );
121 mbedtls_md5_finish( &md5_ctx, md5sum );
122
123 use_len = 16;
124 if( keylen < 32 )
125 use_len = keylen - 16;
126
127 memcpy( key + 16, md5sum, use_len );
128
129 mbedtls_md5_free( &md5_ctx );
130 mbedtls_zeroize( md5sum, 16 );
131}
132
133#if defined(MBEDTLS_DES_C)
134/*
135 * Decrypt with DES-CBC, using PBKDF1 for key derivation
136 */
137static void pem_des_decrypt( unsigned char des_iv[8],
138 unsigned char *buf, size_t buflen,
139 const unsigned char *pwd, size_t pwdlen )
140{
141 mbedtls_des_context des_ctx;
142 unsigned char des_key[8];
143
144 mbedtls_des_init( &des_ctx );
145
146 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
147
148 mbedtls_des_setkey_dec( &des_ctx, des_key );
149 mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
150 des_iv, buf, buf );
151
152 mbedtls_des_free( &des_ctx );
153 mbedtls_zeroize( des_key, 8 );
154}
155
156/*
157 * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
158 */
159static void pem_des3_decrypt( unsigned char des3_iv[8],
160 unsigned char *buf, size_t buflen,
161 const unsigned char *pwd, size_t pwdlen )
162{
163 mbedtls_des3_context des3_ctx;
164 unsigned char des3_key[24];
165
166 mbedtls_des3_init( &des3_ctx );
167
168 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
169
170 mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
171 mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
172 des3_iv, buf, buf );
173
174 mbedtls_des3_free( &des3_ctx );
175 mbedtls_zeroize( des3_key, 24 );
176}
177#endif /* MBEDTLS_DES_C */
178
179#if defined(MBEDTLS_AES_C)
180/*
181 * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
182 */
183static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
184 unsigned char *buf, size_t buflen,
185 const unsigned char *pwd, size_t pwdlen )
186{
187 mbedtls_aes_context aes_ctx;
188 unsigned char aes_key[32];
189
190 mbedtls_aes_init( &aes_ctx );
191
192 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
193
194 mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
195 mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
196 aes_iv, buf, buf );
197
198 mbedtls_aes_free( &aes_ctx );
199 mbedtls_zeroize( aes_key, keylen );
200}
201#endif /* MBEDTLS_AES_C */
202
203#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
204 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
205
206int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
207 const unsigned char *data, const unsigned char *pwd,
208 size_t pwdlen, size_t *use_len )
209{
210 int ret, enc;
211 size_t len;
212 unsigned char *buf;
213 const unsigned char *s1, *s2, *end;
214#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
215 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
216 unsigned char pem_iv[16];
217 mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
218#else
219 ((void) pwd);
220 ((void) pwdlen);
221#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
222 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
223
224 if( ctx == NULL )
225 return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
226
227 s1 = (unsigned char *) strstr( (const char *) data, header );
228
229 if( s1 == NULL )
230 return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
231
232 s2 = (unsigned char *) strstr( (const char *) data, footer );
233
234 if( s2 == NULL || s2 <= s1 )
235 return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
236
237 s1 += strlen( header );
238 if( *s1 == ' ' ) s1++;
239 if( *s1 == '\r' ) s1++;
240 if( *s1 == '\n' ) s1++;
241 else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
242
243 end = s2;
244 end += strlen( footer );
245 if( *end == ' ' ) end++;
246 if( *end == '\r' ) end++;
247 if( *end == '\n' ) end++;
248 *use_len = end - data;
249
250 enc = 0;
251
252 if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
253 {
254#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
255 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
256 enc++;
257
258 s1 += 22;
259 if( *s1 == '\r' ) s1++;
260 if( *s1 == '\n' ) s1++;
261 else return( MBEDTLS_ERR_PEM_INVALID_DATA );
262
263
264#if defined(MBEDTLS_DES_C)
265 if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
266 {
267 enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
268
269 s1 += 23;
270 if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
271 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
272
273 s1 += 16;
274 }
275 else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
276 {
277 enc_alg = MBEDTLS_CIPHER_DES_CBC;
278
279 s1 += 18;
280 if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
281 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
282
283 s1 += 16;
284 }
285#endif /* MBEDTLS_DES_C */
286
287#if defined(MBEDTLS_AES_C)
288 if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
289 {
290 if( s2 - s1 < 22 )
291 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
292 else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
293 enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
294 else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
295 enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
296 else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
297 enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
298 else
299 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
300
301 s1 += 22;
302 if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
303 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
304
305 s1 += 32;
306 }
307#endif /* MBEDTLS_AES_C */
308
309 if( enc_alg == MBEDTLS_CIPHER_NONE )
310 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
311
312 if( *s1 == '\r' ) s1++;
313 if( *s1 == '\n' ) s1++;
314 else return( MBEDTLS_ERR_PEM_INVALID_DATA );
315#else
316 return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
317#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
318 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
319 }
320
321 if( s1 >= s2 )
322 return( MBEDTLS_ERR_PEM_INVALID_DATA );
323
324 ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
325
326 if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
327 return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
328
329 if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
330 return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
331
332 if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
333 {
334 mbedtls_free( buf );
335 return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
336 }
337
338 if( enc != 0 )
339 {
340#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
341 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
342 if( pwd == NULL )
343 {
344 mbedtls_free( buf );
345 return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
346 }
347
348#if defined(MBEDTLS_DES_C)
349 if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
350 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
351 else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
352 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
353#endif /* MBEDTLS_DES_C */
354
355#if defined(MBEDTLS_AES_C)
356 if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
357 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
358 else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
359 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
360 else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
361 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
362#endif /* MBEDTLS_AES_C */
363
364 /*
365 * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
366 * length bytes (allow 4 to be sure) in all known use cases.
367 *
368 * Use that as heurisitic to try detecting password mismatchs.
369 */
370 if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
371 {
372 mbedtls_free( buf );
373 return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
374 }
375#else
376 mbedtls_free( buf );
377 return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
378#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
379 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
380 }
381
382 ctx->buf = buf;
383 ctx->buflen = len;
384
385 return( 0 );
386}
387
388void mbedtls_pem_free( mbedtls_pem_context *ctx )
389{
390 mbedtls_free( ctx->buf );
391 mbedtls_free( ctx->info );
392
393 mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
394}
395#endif /* MBEDTLS_PEM_PARSE_C */
396
397#if defined(MBEDTLS_PEM_WRITE_C)
398int mbedtls_pem_write_buffer( const char *header, const char *footer,
399 const unsigned char *der_data, size_t der_len,
400 unsigned char *buf, size_t buf_len, size_t *olen )
401{
402 int ret;
403 unsigned char *encode_buf, *c, *p = buf;
404 size_t len = 0, use_len, add_len = 0;
405
406 mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
407 add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
408
409 if( use_len + add_len > buf_len )
410 {
411 *olen = use_len + add_len;
412 return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
413 }
414
415 if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
416 return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
417
418 if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
419 der_len ) ) != 0 )
420 {
421 mbedtls_free( encode_buf );
422 return( ret );
423 }
424
425 memcpy( p, header, strlen( header ) );
426 p += strlen( header );
427 c = encode_buf;
428
429 while( use_len )
430 {
431 len = ( use_len > 64 ) ? 64 : use_len;
432 memcpy( p, c, len );
433 use_len -= len;
434 p += len;
435 c += len;
436 *p++ = '\n';
437 }
438
439 memcpy( p, footer, strlen( footer ) );
440 p += strlen( footer );
441
442 *p++ = '\0';
443 *olen = p - buf;
444
445 mbedtls_free( encode_buf );
446 return( 0 );
447}
448#endif /* MBEDTLS_PEM_WRITE_C */
449#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */