xref: /reactos/dll/3rdparty/mbedtls/pem.c (revision cbda039f)
1 /*
2  *  Privacy Enhanced Mail (PEM) decoding
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  *
7  *  This file is provided under the Apache License 2.0, or the
8  *  GNU General Public License v2.0 or later.
9  *
10  *  **********
11  *  Apache License 2.0:
12  *
13  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
14  *  not use this file except in compliance with the License.
15  *  You may obtain a copy of the License at
16  *
17  *  http://www.apache.org/licenses/LICENSE-2.0
18  *
19  *  Unless required by applicable law or agreed to in writing, software
20  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22  *  See the License for the specific language governing permissions and
23  *  limitations under the License.
24  *
25  *  **********
26  *
27  *  **********
28  *  GNU General Public License v2.0 or later:
29  *
30  *  This program is free software; you can redistribute it and/or modify
31  *  it under the terms of the GNU General Public License as published by
32  *  the Free Software Foundation; either version 2 of the License, or
33  *  (at your option) any later version.
34  *
35  *  This program is distributed in the hope that it will be useful,
36  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
37  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
38  *  GNU General Public License for more details.
39  *
40  *  You should have received a copy of the GNU General Public License along
41  *  with this program; if not, write to the Free Software Foundation, Inc.,
42  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43  *
44  *  **********
45  */
46 
47 #if !defined(MBEDTLS_CONFIG_FILE)
48 #include "mbedtls/config.h"
49 #else
50 #include MBEDTLS_CONFIG_FILE
51 #endif
52 
53 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
54 
55 #include "mbedtls/pem.h"
56 #include "mbedtls/base64.h"
57 #include "mbedtls/des.h"
58 #include "mbedtls/aes.h"
59 #include "mbedtls/md5.h"
60 #include "mbedtls/cipher.h"
61 #include "mbedtls/platform_util.h"
62 
63 #include <string.h>
64 
65 #if defined(MBEDTLS_PLATFORM_C)
66 #include "mbedtls/platform.h"
67 #else
68 #include <stdlib.h>
69 #define mbedtls_calloc    calloc
70 #define mbedtls_free       free
71 #endif
72 
73 #if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init(mbedtls_pem_context * ctx)74 void mbedtls_pem_init( mbedtls_pem_context *ctx )
75 {
76     memset( ctx, 0, sizeof( mbedtls_pem_context ) );
77 }
78 
79 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
80     ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
81 /*
82  * Read a 16-byte hex string and convert it to binary
83  */
pem_get_iv(const unsigned char * s,unsigned char * iv,size_t iv_len)84 static int pem_get_iv( const unsigned char *s, unsigned char *iv,
85                        size_t iv_len )
86 {
87     size_t i, j, k;
88 
89     memset( iv, 0, iv_len );
90 
91     for( i = 0; i < iv_len * 2; i++, s++ )
92     {
93         if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
94         if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
95         if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
96             return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
97 
98         k = ( ( i & 1 ) != 0 ) ? j : j << 4;
99 
100         iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
101     }
102 
103     return( 0 );
104 }
105 
pem_pbkdf1(unsigned char * key,size_t keylen,unsigned char * iv,const unsigned char * pwd,size_t pwdlen)106 static int pem_pbkdf1( unsigned char *key, size_t keylen,
107                        unsigned char *iv,
108                        const unsigned char *pwd, size_t pwdlen )
109 {
110     mbedtls_md5_context md5_ctx;
111     unsigned char md5sum[16];
112     size_t use_len;
113     int ret;
114 
115     mbedtls_md5_init( &md5_ctx );
116 
117     /*
118      * key[ 0..15] = MD5(pwd || IV)
119      */
120     if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
121         goto exit;
122     if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
123         goto exit;
124     if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv,  8 ) ) != 0 )
125         goto exit;
126     if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
127         goto exit;
128 
129     if( keylen <= 16 )
130     {
131         memcpy( key, md5sum, keylen );
132         goto exit;
133     }
134 
135     memcpy( key, md5sum, 16 );
136 
137     /*
138      * key[16..23] = MD5(key[ 0..15] || pwd || IV])
139      */
140     if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
141         goto exit;
142     if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
143         goto exit;
144     if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
145         goto exit;
146     if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
147         goto exit;
148     if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
149         goto exit;
150 
151     use_len = 16;
152     if( keylen < 32 )
153         use_len = keylen - 16;
154 
155     memcpy( key + 16, md5sum, use_len );
156 
157 exit:
158     mbedtls_md5_free( &md5_ctx );
159     mbedtls_platform_zeroize( md5sum, 16 );
160 
161     return( ret );
162 }
163 
164 #if defined(MBEDTLS_DES_C)
165 /*
166  * Decrypt with DES-CBC, using PBKDF1 for key derivation
167  */
pem_des_decrypt(unsigned char des_iv[8],unsigned char * buf,size_t buflen,const unsigned char * pwd,size_t pwdlen)168 static int pem_des_decrypt( unsigned char des_iv[8],
169                             unsigned char *buf, size_t buflen,
170                             const unsigned char *pwd, size_t pwdlen )
171 {
172     mbedtls_des_context des_ctx;
173     unsigned char des_key[8];
174     int ret;
175 
176     mbedtls_des_init( &des_ctx );
177 
178     if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
179         goto exit;
180 
181     if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
182         goto exit;
183     ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
184                      des_iv, buf, buf );
185 
186 exit:
187     mbedtls_des_free( &des_ctx );
188     mbedtls_platform_zeroize( des_key, 8 );
189 
190     return( ret );
191 }
192 
193 /*
194  * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
195  */
pem_des3_decrypt(unsigned char des3_iv[8],unsigned char * buf,size_t buflen,const unsigned char * pwd,size_t pwdlen)196 static int pem_des3_decrypt( unsigned char des3_iv[8],
197                              unsigned char *buf, size_t buflen,
198                              const unsigned char *pwd, size_t pwdlen )
199 {
200     mbedtls_des3_context des3_ctx;
201     unsigned char des3_key[24];
202     int ret;
203 
204     mbedtls_des3_init( &des3_ctx );
205 
206     if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
207         goto exit;
208 
209     if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
210         goto exit;
211     ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
212                      des3_iv, buf, buf );
213 
214 exit:
215     mbedtls_des3_free( &des3_ctx );
216     mbedtls_platform_zeroize( des3_key, 24 );
217 
218     return( ret );
219 }
220 #endif /* MBEDTLS_DES_C */
221 
222 #if defined(MBEDTLS_AES_C)
223 /*
224  * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
225  */
pem_aes_decrypt(unsigned char aes_iv[16],unsigned int keylen,unsigned char * buf,size_t buflen,const unsigned char * pwd,size_t pwdlen)226 static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
227                             unsigned char *buf, size_t buflen,
228                             const unsigned char *pwd, size_t pwdlen )
229 {
230     mbedtls_aes_context aes_ctx;
231     unsigned char aes_key[32];
232     int ret;
233 
234     mbedtls_aes_init( &aes_ctx );
235 
236     if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
237         goto exit;
238 
239     if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
240         goto exit;
241     ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
242                      aes_iv, buf, buf );
243 
244 exit:
245     mbedtls_aes_free( &aes_ctx );
246     mbedtls_platform_zeroize( aes_key, keylen );
247 
248     return( ret );
249 }
250 #endif /* MBEDTLS_AES_C */
251 
252 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
253           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
254 
mbedtls_pem_read_buffer(mbedtls_pem_context * ctx,const char * header,const char * footer,const unsigned char * data,const unsigned char * pwd,size_t pwdlen,size_t * use_len)255 int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
256                      const unsigned char *data, const unsigned char *pwd,
257                      size_t pwdlen, size_t *use_len )
258 {
259     int ret, enc;
260     size_t len;
261     unsigned char *buf;
262     const unsigned char *s1, *s2, *end;
263 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
264     ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
265     unsigned char pem_iv[16];
266     mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
267 #else
268     ((void) pwd);
269     ((void) pwdlen);
270 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
271           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
272 
273     if( ctx == NULL )
274         return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
275 
276     s1 = (unsigned char *) strstr( (const char *) data, header );
277 
278     if( s1 == NULL )
279         return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
280 
281     s2 = (unsigned char *) strstr( (const char *) data, footer );
282 
283     if( s2 == NULL || s2 <= s1 )
284         return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
285 
286     s1 += strlen( header );
287     if( *s1 == ' '  ) s1++;
288     if( *s1 == '\r' ) s1++;
289     if( *s1 == '\n' ) s1++;
290     else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
291 
292     end = s2;
293     end += strlen( footer );
294     if( *end == ' '  ) end++;
295     if( *end == '\r' ) end++;
296     if( *end == '\n' ) end++;
297     *use_len = end - data;
298 
299     enc = 0;
300 
301     if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
302     {
303 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
304     ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
305         enc++;
306 
307         s1 += 22;
308         if( *s1 == '\r' ) s1++;
309         if( *s1 == '\n' ) s1++;
310         else return( MBEDTLS_ERR_PEM_INVALID_DATA );
311 
312 
313 #if defined(MBEDTLS_DES_C)
314         if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
315         {
316             enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
317 
318             s1 += 23;
319             if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
320                 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
321 
322             s1 += 16;
323         }
324         else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
325         {
326             enc_alg = MBEDTLS_CIPHER_DES_CBC;
327 
328             s1 += 18;
329             if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
330                 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
331 
332             s1 += 16;
333         }
334 #endif /* MBEDTLS_DES_C */
335 
336 #if defined(MBEDTLS_AES_C)
337         if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
338         {
339             if( s2 - s1 < 22 )
340                 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
341             else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
342                 enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
343             else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
344                 enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
345             else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
346                 enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
347             else
348                 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
349 
350             s1 += 22;
351             if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
352                 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
353 
354             s1 += 32;
355         }
356 #endif /* MBEDTLS_AES_C */
357 
358         if( enc_alg == MBEDTLS_CIPHER_NONE )
359             return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
360 
361         if( *s1 == '\r' ) s1++;
362         if( *s1 == '\n' ) s1++;
363         else return( MBEDTLS_ERR_PEM_INVALID_DATA );
364 #else
365         return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
366 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
367           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
368     }
369 
370     if( s1 >= s2 )
371         return( MBEDTLS_ERR_PEM_INVALID_DATA );
372 
373     ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
374 
375     if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
376         return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
377 
378     if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
379         return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
380 
381     if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
382     {
383         mbedtls_platform_zeroize( buf, len );
384         mbedtls_free( buf );
385         return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
386     }
387 
388     if( enc != 0 )
389     {
390 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
391     ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
392         if( pwd == NULL )
393         {
394             mbedtls_platform_zeroize( buf, len );
395             mbedtls_free( buf );
396             return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
397         }
398 
399         ret = 0;
400 
401 #if defined(MBEDTLS_DES_C)
402         if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
403             ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
404         else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
405             ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
406 #endif /* MBEDTLS_DES_C */
407 
408 #if defined(MBEDTLS_AES_C)
409         if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
410             ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
411         else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
412             ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
413         else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
414             ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
415 #endif /* MBEDTLS_AES_C */
416 
417         if( ret != 0 )
418         {
419             mbedtls_free( buf );
420             return( ret );
421         }
422 
423         /*
424          * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
425          * length bytes (allow 4 to be sure) in all known use cases.
426          *
427          * Use that as a heuristic to try to detect password mismatches.
428          */
429         if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
430         {
431             mbedtls_platform_zeroize( buf, len );
432             mbedtls_free( buf );
433             return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
434         }
435 #else
436         mbedtls_platform_zeroize( buf, len );
437         mbedtls_free( buf );
438         return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
439 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
440           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
441     }
442 
443     ctx->buf = buf;
444     ctx->buflen = len;
445 
446     return( 0 );
447 }
448 
mbedtls_pem_free(mbedtls_pem_context * ctx)449 void mbedtls_pem_free( mbedtls_pem_context *ctx )
450 {
451     if ( ctx->buf != NULL )
452     {
453         mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
454         mbedtls_free( ctx->buf );
455     }
456     mbedtls_free( ctx->info );
457 
458     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
459 }
460 #endif /* MBEDTLS_PEM_PARSE_C */
461 
462 #if defined(MBEDTLS_PEM_WRITE_C)
mbedtls_pem_write_buffer(const char * header,const char * footer,const unsigned char * der_data,size_t der_len,unsigned char * buf,size_t buf_len,size_t * olen)463 int mbedtls_pem_write_buffer( const char *header, const char *footer,
464                       const unsigned char *der_data, size_t der_len,
465                       unsigned char *buf, size_t buf_len, size_t *olen )
466 {
467     int ret;
468     unsigned char *encode_buf = NULL, *c, *p = buf;
469     size_t len = 0, use_len, add_len = 0;
470 
471     mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
472     add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
473 
474     if( use_len + add_len > buf_len )
475     {
476         *olen = use_len + add_len;
477         return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
478     }
479 
480     if( use_len != 0 &&
481         ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
482         return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
483 
484     if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
485                                der_len ) ) != 0 )
486     {
487         mbedtls_free( encode_buf );
488         return( ret );
489     }
490 
491     memcpy( p, header, strlen( header ) );
492     p += strlen( header );
493     c = encode_buf;
494 
495     while( use_len )
496     {
497         len = ( use_len > 64 ) ? 64 : use_len;
498         memcpy( p, c, len );
499         use_len -= len;
500         p += len;
501         c += len;
502         *p++ = '\n';
503     }
504 
505     memcpy( p, footer, strlen( footer ) );
506     p += strlen( footer );
507 
508     *p++ = '\0';
509     *olen = p - buf;
510 
511      /* Clean any remaining data previously written to the buffer */
512     memset( buf + *olen, 0, buf_len - *olen );
513 
514     mbedtls_free( encode_buf );
515     return( 0 );
516 }
517 #endif /* MBEDTLS_PEM_WRITE_C */
518 #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
519 
520