crypto/pkcs12/p12_decr.c

   1 /*
   2  * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include <openssl/pkcs12.h>
  13 #include <openssl/trace.h>
  14
  15 /*
  16  * Encrypt/Decrypt a buffer based on password and algor, result in a
  17  * OPENSSL_malloc'ed buffer
  18  */
  19 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
  20                                 const char *pass, int passlen,
  21                                 const unsigned char *in, int inlen,
  22                                 unsigned char **data, int *datalen, int en_de)
  23 {
  24     unsigned char *out = NULL;
  25     int outlen, i;
  26     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  27     int max_out_len, mac_len = 0;
  28
  29     if (ctx == NULL) {
  30         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
  31         goto err;
  32     }
  33
  34     /* Process data */
  35     if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
  36                             algor->parameter, ctx, en_de))
  37         goto err;
  38
  39     /*
  40      * GOST algorithm specifics:
  41      * OMAC algorithm calculate and encrypt MAC of the encrypted objects
  42      * It's appended to encrypted text on encrypting
  43      * MAC should be processed on decrypting separately from plain text
  44      */
  45     max_out_len = inlen + EVP_CIPHER_CTX_block_size(ctx);
  46     if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
  47                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
  48         if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
  49             ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
  50             goto err;
  51         }
  52
  53         if (EVP_CIPHER_CTX_encrypting(ctx)) {
  54             max_out_len += mac_len;
  55         } else {
  56             if (inlen < mac_len) {
  57                 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
  58                 goto err;
  59             }
  60             inlen -= mac_len;
  61             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  62                                     (int)mac_len, (unsigned char *)in+inlen) < 0) {
  63                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
  64                 goto err;
  65             }
  66         }
  67     }
  68
  69     if ((out = OPENSSL_malloc(max_out_len)) == NULL) {
  70         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
  71         goto err;
  72     }
  73
  74     if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
  75         OPENSSL_free(out);
  76         out = NULL;
  77         ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB);
  78         goto err;
  79     }
  80
  81     outlen = i;
  82     if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
  83         OPENSSL_free(out);
  84         out = NULL;
  85         ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
  86                        passlen == 0 ? "empty password"
  87                        : "maybe wrong password");
  88         goto err;
  89     }
  90     outlen += i;
  91     if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
  92                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
  93         if (EVP_CIPHER_CTX_encrypting(ctx)) {
  94             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  95                 (int)mac_len, out+outlen) < 0) {
  96                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
  97                 goto err;
  98             }
  99             outlen += mac_len;
 100         }
 101     }
 102     if (datalen)
 103         *datalen = outlen;
 104     if (data)
 105         *data = out;
 106  err:
 107     EVP_CIPHER_CTX_free(ctx);
 108     return out;
 109
 110 }
 111
 112 /*
 113  * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
 114  * after use.
 115  */
 116
 117 void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
 118                               const char *pass, int passlen,
 119                               const ASN1_OCTET_STRING *oct, int zbuf)
 120 {
 121     unsigned char *out = NULL;
 122     const unsigned char *p;
 123     void *ret;
 124     int outlen = 0;
 125
 126     if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
 127                           &out, &outlen, 0))
 128         return NULL;
 129     p = out;
 130     OSSL_TRACE_BEGIN(PKCS12_DECRYPT) {
 131         BIO_printf(trc_out, "\n");
 132         BIO_dump(trc_out, out, outlen);
 133         BIO_printf(trc_out, "\n");
 134     } OSSL_TRACE_END(PKCS12_DECRYPT);
 135     ret = ASN1_item_d2i(NULL, &p, outlen, it);
 136     if (zbuf)
 137         OPENSSL_cleanse(out, outlen);
 138     if (!ret)
 139         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
 140     OPENSSL_free(out);
 141     return ret;
 142 }
 143
 144 /*
 145  * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
 146  * encoding.
 147  */
 148
 149 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
 150                                            const ASN1_ITEM *it,
 151                                            const char *pass, int passlen,
 152                                            void *obj, int zbuf)
 153 {
 154     ASN1_OCTET_STRING *oct = NULL;
 155     unsigned char *in = NULL;
 156     int inlen;
 157
 158     if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
 159         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
 160         goto err;
 161     }
 162     inlen = ASN1_item_i2d(obj, &in, it);
 163     if (!in) {
 164         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
 165         goto err;
 166     }
 167     if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
 168                           &oct->length, 1)) {
 169         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR);
 170         OPENSSL_free(in);
 171         goto err;
 172     }
 173     if (zbuf)
 174         OPENSSL_cleanse(in, inlen);
 175     OPENSSL_free(in);
 176     return oct;
 177  err:
 178     ASN1_OCTET_STRING_free(oct);
 179     return NULL;
 180 }