TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/archive/polarssl-1.2 / . / library / pem.c
blob: 81098eea5f33a22688b3842bc7bff5aa9e68d8ee [file] [log] [blame]
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]1/*
2 * Privacy Enhanced Mail (PEM) decoding
3 *
Paul Bakker530927b2015-02-13 14:24:10 +0100[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnarde12abf92015-01-28 17:13:45 +0000[diff] [blame]6 * This file is part of mbed TLS (https://polarssl.org)
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23#include "polarssl/config.h"
24
25#if defined(POLARSSL_PEM_C)
26
27#include "polarssl/pem.h"
28#include "polarssl/base64.h"
29#include "polarssl/des.h"
30#include "polarssl/aes.h"
31#include "polarssl/md5.h"
32#include "polarssl/cipher.h"
33
34#include <stdlib.h>
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]35
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]36/* Implementation that should never be optimized out by the compiler */
37static void polarssl_zeroize( void *v, size_t n ) {
38 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
39}
40
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]41void pem_init( pem_context *ctx )
42{
43 memset( ctx, 0, sizeof( pem_context ) );
44}
45
46#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
47/*
48 * Read a 16-byte hex string and convert it to binary
49 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]50static int pem_get_iv( const unsigned char *s, unsigned char *iv, size_t iv_len )
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]51{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]52 size_t i, j, k;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]53
54 memset( iv, 0, iv_len );
55
56 for( i = 0; i < iv_len * 2; i++, s++ )
57 {
58 if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
59 if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
60 if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
61 return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
62
63 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
64
65 iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
66 }
67
68 return( 0 );
69}
70
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]71static void pem_pbkdf1( unsigned char *key, size_t keylen,
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]72 unsigned char *iv,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]73 const unsigned char *pwd, size_t pwdlen )
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]74{
75 md5_context md5_ctx;
76 unsigned char md5sum[16];
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]77 size_t use_len;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]78
79 /*
80 * key[ 0..15] = MD5(pwd || IV)
81 */
82 md5_starts( &md5_ctx );
83 md5_update( &md5_ctx, pwd, pwdlen );
84 md5_update( &md5_ctx, iv, 8 );
85 md5_finish( &md5_ctx, md5sum );
86
87 if( keylen <= 16 )
88 {
89 memcpy( key, md5sum, keylen );
90
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]91 polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
92 polarssl_zeroize( md5sum, 16 );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]93 return;
94 }
95
96 memcpy( key, md5sum, 16 );
97
98 /*
99 * key[16..23] = MD5(key[ 0..15] || pwd || IV])
100 */
101 md5_starts( &md5_ctx );
102 md5_update( &md5_ctx, md5sum, 16 );
103 md5_update( &md5_ctx, pwd, pwdlen );
104 md5_update( &md5_ctx, iv, 8 );
105 md5_finish( &md5_ctx, md5sum );
106
107 use_len = 16;
108 if( keylen < 32 )
109 use_len = keylen - 16;
110
111 memcpy( key + 16, md5sum, use_len );
112
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]113 polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
114 polarssl_zeroize( md5sum, 16 );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]115}
116
117#if defined(POLARSSL_DES_C)
118/*
119 * Decrypt with DES-CBC, using PBKDF1 for key derivation
120 */
121static void pem_des_decrypt( unsigned char des_iv[8],
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]122 unsigned char *buf, size_t buflen,
123 const unsigned char *pwd, size_t pwdlen )
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]124{
125 des_context des_ctx;
126 unsigned char des_key[8];
127
128 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
129
130 des_setkey_dec( &des_ctx, des_key );
131 des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
132 des_iv, buf, buf );
133
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]134 polarssl_zeroize( &des_ctx, sizeof( des_ctx ) );
135 polarssl_zeroize( des_key, 8 );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]136}
137
138/*
139 * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
140 */
141static void pem_des3_decrypt( unsigned char des3_iv[8],
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]142 unsigned char *buf, size_t buflen,
143 const unsigned char *pwd, size_t pwdlen )
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]144{
145 des3_context des3_ctx;
146 unsigned char des3_key[24];
147
148 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
149
150 des3_set3key_dec( &des3_ctx, des3_key );
151 des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
152 des3_iv, buf, buf );
153
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]154 polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) );
155 polarssl_zeroize( des3_key, 24 );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]156}
157#endif /* POLARSSL_DES_C */
158
159#if defined(POLARSSL_AES_C)
160/*
161 * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
162 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]163static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
164 unsigned char *buf, size_t buflen,
165 const unsigned char *pwd, size_t pwdlen )
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]166{
167 aes_context aes_ctx;
168 unsigned char aes_key[32];
169
170 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
171
172 aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
173 aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
174 aes_iv, buf, buf );
175
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]176 polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) );
177 polarssl_zeroize( aes_key, keylen );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]178}
179#endif /* POLARSSL_AES_C */
180
181#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
182
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]183int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len )
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]184{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]185 int ret, enc;
186 size_t len;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]187 unsigned char *buf;
Paul Bakker9255e832013-06-06 14:58:28 +0200[diff] [blame]188 const unsigned char *s1, *s2, *end;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]189#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
190 unsigned char pem_iv[16];
191 cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
192#else
193 ((void) pwd);
194 ((void) pwdlen);
195#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
196
197 if( ctx == NULL )
Paul Bakker9255e832013-06-06 14:58:28 +0200[diff] [blame]198 return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]199
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]200 s1 = (unsigned char *) strstr( (const char *) data, header );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]201
202 if( s1 == NULL )
Paul Bakker9255e832013-06-06 14:58:28 +0200[diff] [blame]203 return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]204
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]205 s2 = (unsigned char *) strstr( (const char *) data, footer );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]206
207 if( s2 == NULL || s2 <= s1 )
Paul Bakker9255e832013-06-06 14:58:28 +0200[diff] [blame]208 return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]209
210 s1 += strlen( header );
Manuel Pégourié-Gonnardfaf44ab2015-07-31 11:09:59 +0200[diff] [blame]211 if( *s1 == ' ' ) s1++;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]212 if( *s1 == '\r' ) s1++;
213 if( *s1 == '\n' ) s1++;
Paul Bakker9255e832013-06-06 14:58:28 +0200[diff] [blame]214 else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
215
216 end = s2;
217 end += strlen( footer );
Manuel Pégourié-Gonnardfaf44ab2015-07-31 11:09:59 +0200[diff] [blame]218 if( *end == ' ' ) end++;
Paul Bakker9255e832013-06-06 14:58:28 +0200[diff] [blame]219 if( *end == '\r' ) end++;
220 if( *end == '\n' ) end++;
221 *use_len = end - data;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]222
223 enc = 0;
224
225 if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
226 {
227#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
228 enc++;
229
230 s1 += 22;
231 if( *s1 == '\r' ) s1++;
232 if( *s1 == '\n' ) s1++;
233 else return( POLARSSL_ERR_PEM_INVALID_DATA );
234
235
236#if defined(POLARSSL_DES_C)
237 if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
238 {
239 enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC;
240
241 s1 += 23;
242 if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
243 return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
244
245 s1 += 16;
246 }
247 else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
248 {
249 enc_alg = POLARSSL_CIPHER_DES_CBC;
250
251 s1 += 18;
252 if( pem_get_iv( s1, pem_iv, 8) != 0 )
253 return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
254
255 s1 += 16;
256 }
257#endif /* POLARSSL_DES_C */
258
259#if defined(POLARSSL_AES_C)
260 if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
261 {
262 if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
263 enc_alg = POLARSSL_CIPHER_AES_128_CBC;
264 else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
265 enc_alg = POLARSSL_CIPHER_AES_192_CBC;
266 else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
267 enc_alg = POLARSSL_CIPHER_AES_256_CBC;
268 else
269 return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
270
271 s1 += 22;
272 if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
273 return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
274
275 s1 += 32;
276 }
277#endif /* POLARSSL_AES_C */
278
279 if( enc_alg == POLARSSL_CIPHER_NONE )
280 return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
281
282 if( *s1 == '\r' ) s1++;
283 if( *s1 == '\n' ) s1++;
284 else return( POLARSSL_ERR_PEM_INVALID_DATA );
285#else
286 return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
287#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
288 }
289
Manuel Pégourié-Gonnardb73ce452015-09-28 18:27:15 +0200[diff] [blame]290 if( s1 == s2 )
291 return( POLARSSL_ERR_PEM_INVALID_DATA );
292
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]293 len = 0;
294 ret = base64_decode( NULL, &len, s1, s2 - s1 );
295
296 if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
Paul Bakker9d781402011-05-09 16:17:09 +0000[diff] [blame]297 return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]298
299 if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
300 return( POLARSSL_ERR_PEM_MALLOC_FAILED );
301
302 if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
303 {
304 free( buf );
Paul Bakker9d781402011-05-09 16:17:09 +0000[diff] [blame]305 return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]306 }
307
308 if( enc != 0 )
309 {
310#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
311 if( pwd == NULL )
312 {
313 free( buf );
314 return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
315 }
316
317#if defined(POLARSSL_DES_C)
318 if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
319 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
320 else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
321 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
322#endif /* POLARSSL_DES_C */
323
324#if defined(POLARSSL_AES_C)
325 if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
326 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
327 else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
328 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
329 else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
330 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
331#endif /* POLARSSL_AES_C */
332
333 if( buf[0] != 0x30 || buf[1] != 0x82 ||
334 buf[4] != 0x02 || buf[5] != 0x01 )
335 {
336 free( buf );
337 return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
338 }
339#else
Paul Bakkerff3a4b02013-06-17 15:56:12 +0200[diff] [blame]340 free( buf );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]341 return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
342#endif
343 }
344
345 ctx->buf = buf;
346 ctx->buflen = len;
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]347
348 return( 0 );
349}
350
351void pem_free( pem_context *ctx )
352{
353 if( ctx->buf )
354 free( ctx->buf );
355
356 if( ctx->info )
357 free( ctx->info );
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]358
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]359 polarssl_zeroize( ctx, sizeof( pem_context ) );
Paul Bakker96743fc2011-02-12 14:30:57 +0000[diff] [blame]360}
361
362#endif