crypto/pkcs12/p12_decr.c

   1 /*
   2  * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include <openssl/pkcs12.h>
  13 #include <openssl/trace.h>
  14
  15 /*
  16  * Encrypt/Decrypt a buffer based on password and algor, result in a
  17  * OPENSSL_malloc'ed buffer
  18  */
  19 unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor,
  20                                    const char *pass, int passlen,
  21                                    const unsigned char *in, int inlen,
  22                                    unsigned char **data, int *datalen, int en_de,
  23                                    OSSL_LIB_CTX *libctx, const char *propq)
  24 {
  25     unsigned char *out = NULL;
  26     int outlen, i;
  27     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  28     int max_out_len, mac_len = 0;
  29     int block_size;
  30
  31     if (ctx == NULL) {
  32         ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB);
  33         goto err;
  34     }
  35
  36     /* Process data */
  37     if (!EVP_PBE_CipherInit_ex(algor->algorithm, pass, passlen,
  38                                algor->parameter, ctx, en_de, libctx, propq))
  39         goto err;
  40
  41     /*
  42      * GOST algorithm specifics:
  43      * OMAC algorithm calculate and encrypt MAC of the encrypted objects
  44      * It's appended to encrypted text on encrypting
  45      * MAC should be processed on decrypting separately from plain text
  46      */
  47     block_size = EVP_CIPHER_CTX_get_block_size(ctx);
  48
  49     if (block_size == 0) {
  50         ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
  51         goto err;
  52     }
  53
  54     max_out_len = inlen + block_size;
  55     if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
  56                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
  57         if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
  58             ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
  59             goto err;
  60         }
  61
  62         if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
  63             max_out_len += mac_len;
  64         } else {
  65             if (inlen < mac_len) {
  66                 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
  67                 goto err;
  68             }
  69             inlen -= mac_len;
  70             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  71                                     (int)mac_len, (unsigned char *)in+inlen) < 0) {
  72                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
  73                 goto err;
  74             }
  75         }
  76     }
  77
  78     if ((out = OPENSSL_malloc(max_out_len)) == NULL)
  79         goto err;
  80
  81     if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
  82         OPENSSL_free(out);
  83         out = NULL;
  84         ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB);
  85         goto err;
  86     }
  87
  88     outlen = i;
  89     if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
  90         OPENSSL_free(out);
  91         out = NULL;
  92         ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
  93                        passlen == 0 ? "empty password"
  94                        : "maybe wrong password");
  95         goto err;
  96     }
  97     outlen += i;
  98     if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
  99                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
 100         if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
 101             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
 102                 (int)mac_len, out+outlen) < 0) {
 103                 OPENSSL_free(out);
 104                 out = NULL;
 105                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
 106                 goto err;
 107             }
 108             outlen += mac_len;
 109         }
 110     }
 111     if (datalen)
 112         *datalen = outlen;
 113     if (data)
 114         *data = out;
 115  err:
 116     EVP_CIPHER_CTX_free(ctx);
 117     return out;
 118
 119 }
 120
 121 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
 122                                 const char *pass, int passlen,
 123                                 const unsigned char *in, int inlen,
 124                                 unsigned char **data, int *datalen, int en_de)
 125 {
 126     return PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, data, datalen,
 127                                en_de, NULL, NULL);
 128 }
 129
 130 /*
 131  * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
 132  * after use.
 133  */
 134
 135 void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it,
 136                                  const char *pass, int passlen,
 137                                  const ASN1_OCTET_STRING *oct, int zbuf,
 138                                  OSSL_LIB_CTX *libctx,
 139                                  const char *propq)
 140 {
 141     unsigned char *out = NULL;
 142     const unsigned char *p;
 143     void *ret;
 144     int outlen = 0;
 145
 146     if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
 147                              &out, &outlen, 0, libctx, propq))
 148         return NULL;
 149     p = out;
 150     OSSL_TRACE_BEGIN(PKCS12_DECRYPT) {
 151         BIO_printf(trc_out, "\n");
 152         BIO_dump(trc_out, out, outlen);
 153         BIO_printf(trc_out, "\n");
 154     } OSSL_TRACE_END(PKCS12_DECRYPT);
 155     ret = ASN1_item_d2i(NULL, &p, outlen, it);
 156     if (zbuf)
 157         OPENSSL_cleanse(out, outlen);
 158     if (!ret)
 159         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
 160     OPENSSL_free(out);
 161     return ret;
 162 }
 163
 164 void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
 165                               const char *pass, int passlen,
 166                               const ASN1_OCTET_STRING *oct, int zbuf)
 167 {
 168     return PKCS12_item_decrypt_d2i_ex(algor, it, pass, passlen, oct, zbuf,
 169                                       NULL, NULL);
 170 }
 171
 172 /*
 173  * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
 174  * encoding.
 175  */
 176
 177 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor,
 178                                               const ASN1_ITEM *it,
 179                                               const char *pass, int passlen,
 180                                               void *obj, int zbuf,
 181                                               OSSL_LIB_CTX *ctx,
 182                                               const char *propq)
 183 {
 184     ASN1_OCTET_STRING *oct = NULL;
 185     unsigned char *in = NULL;
 186     int inlen;
 187
 188     if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
 189         ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
 190         goto err;
 191     }
 192     inlen = ASN1_item_i2d(obj, &in, it);
 193     if (!in) {
 194         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
 195         goto err;
 196     }
 197     if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, &oct->data,
 198                              &oct->length, 1, ctx, propq)) {
 199         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR);
 200         OPENSSL_free(in);
 201         goto err;
 202     }
 203     if (zbuf)
 204         OPENSSL_cleanse(in, inlen);
 205     OPENSSL_free(in);
 206     return oct;
 207  err:
 208     ASN1_OCTET_STRING_free(oct);
 209     return NULL;
 210 }
 211
 212 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
 213                                            const ASN1_ITEM *it,
 214                                            const char *pass, int passlen,
 215                                            void *obj, int zbuf)
 216 {
 217     return PKCS12_item_i2d_encrypt_ex(algor, it, pass, passlen, obj, zbuf, NULL, NULL);
 218 }