]>
Commit | Line | Data |
---|---|---|
160f4c22 MW |
1 | /* |
2 | * Copyright (C) 2009 Martin Willi | |
3 | * Copyright (C) 2001-2008 Andreas Steffen | |
4 | * Hochschule fuer Technik Rapperswil | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | #include "pem_builder.h" | |
18 | ||
19 | #include <stdio.h> | |
20 | #include <stdlib.h> | |
21 | #include <unistd.h> | |
22 | #include <errno.h> | |
23 | #include <string.h> | |
24 | #include <stddef.h> | |
c9db16b7 | 25 | #include <fcntl.h> |
160f4c22 | 26 | #include <sys/types.h> |
c9db16b7 MW |
27 | #include <sys/mman.h> |
28 | #include <sys/stat.h> | |
160f4c22 MW |
29 | |
30 | #include <debug.h> | |
31 | #include <library.h> | |
32 | #include <utils/lexparser.h> | |
c9db16b7 | 33 | #include <asn1/asn1.h> |
160f4c22 MW |
34 | #include <crypto/hashers/hasher.h> |
35 | #include <crypto/crypters/crypter.h> | |
de408caf | 36 | #include <credentials/certificates/x509.h> |
160f4c22 MW |
37 | |
38 | #define PKCS5_SALT_LEN 8 /* bytes */ | |
39 | ||
160f4c22 MW |
40 | /** |
41 | * check the presence of a pattern in a character string, skip if found | |
42 | */ | |
43 | static bool present(char* pattern, chunk_t* ch) | |
44 | { | |
45 | u_int len = strlen(pattern); | |
7daf5226 | 46 | |
160f4c22 MW |
47 | if (ch->len >= len && strneq(ch->ptr, pattern, len)) |
48 | { | |
49 | *ch = chunk_skip(*ch, len); | |
50 | return TRUE; | |
51 | } | |
52 | return FALSE; | |
53 | } | |
54 | ||
55 | /** | |
56 | * find a boundary of the form -----tag name----- | |
57 | */ | |
58 | static bool find_boundary(char* tag, chunk_t *line) | |
59 | { | |
60 | chunk_t name = chunk_empty; | |
7daf5226 | 61 | |
160f4c22 MW |
62 | if (!present("-----", line) || |
63 | !present(tag, line) || | |
64 | *line->ptr != ' ') | |
65 | { | |
66 | return FALSE; | |
67 | } | |
68 | *line = chunk_skip(*line, 1); | |
7daf5226 | 69 | |
160f4c22 MW |
70 | /* extract name */ |
71 | name.ptr = line->ptr; | |
72 | while (line->len > 0) | |
73 | { | |
74 | if (present("-----", line)) | |
75 | { | |
b6e07843 | 76 | DBG2(DBG_ASN, " -----%s %.*s-----", tag, (int)name.len, name.ptr); |
160f4c22 MW |
77 | return TRUE; |
78 | } | |
79 | line->ptr++; line->len--; name.len++; | |
80 | } | |
81 | return FALSE; | |
82 | } | |
83 | ||
84 | /* | |
85 | * decrypts a passphrase protected encrypted data block | |
86 | */ | |
87 | static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, | |
88 | size_t key_size, chunk_t iv, chunk_t passphrase) | |
89 | { | |
90 | hasher_t *hasher; | |
91 | crypter_t *crypter; | |
92 | chunk_t salt = { iv.ptr, PKCS5_SALT_LEN }; | |
93 | chunk_t hash; | |
94 | chunk_t decrypted; | |
95 | chunk_t key = {alloca(key_size), key_size}; | |
96 | u_int8_t padding, *last_padding_pos, *first_padding_pos; | |
7daf5226 | 97 | |
160f4c22 MW |
98 | /* build key from passphrase and IV */ |
99 | hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); | |
100 | if (hasher == NULL) | |
101 | { | |
b6e07843 | 102 | DBG1(DBG_ASN, " MD5 hash algorithm not available"); |
160f4c22 MW |
103 | return NOT_SUPPORTED; |
104 | } | |
105 | hash.len = hasher->get_hash_size(hasher); | |
106 | hash.ptr = alloca(hash.len); | |
107 | hasher->get_hash(hasher, passphrase, NULL); | |
108 | hasher->get_hash(hasher, salt, hash.ptr); | |
109 | memcpy(key.ptr, hash.ptr, hash.len); | |
7daf5226 | 110 | |
160f4c22 MW |
111 | if (key.len > hash.len) |
112 | { | |
113 | hasher->get_hash(hasher, hash, NULL); | |
114 | hasher->get_hash(hasher, passphrase, NULL); | |
115 | hasher->get_hash(hasher, salt, hash.ptr); | |
116 | memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len); | |
117 | } | |
118 | hasher->destroy(hasher); | |
7daf5226 | 119 | |
160f4c22 MW |
120 | /* decrypt blob */ |
121 | crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); | |
122 | if (crypter == NULL) | |
123 | { | |
b6e07843 | 124 | DBG1(DBG_ASN, " %N encryption algorithm not available", |
160f4c22 MW |
125 | encryption_algorithm_names, alg); |
126 | return NOT_SUPPORTED; | |
127 | } | |
128 | crypter->set_key(crypter, key); | |
7daf5226 | 129 | |
3102d866 MW |
130 | if (iv.len != crypter->get_iv_size(crypter) || |
131 | blob->len % crypter->get_block_size(crypter)) | |
160f4c22 MW |
132 | { |
133 | crypter->destroy(crypter); | |
b6e07843 | 134 | DBG1(DBG_ASN, " data size is not multiple of block size"); |
160f4c22 MW |
135 | return PARSE_ERROR; |
136 | } | |
137 | crypter->decrypt(crypter, *blob, iv, &decrypted); | |
138 | crypter->destroy(crypter); | |
139 | memcpy(blob->ptr, decrypted.ptr, blob->len); | |
140 | chunk_free(&decrypted); | |
7daf5226 | 141 | |
160f4c22 MW |
142 | /* determine amount of padding */ |
143 | last_padding_pos = blob->ptr + blob->len - 1; | |
144 | padding = *last_padding_pos; | |
145 | if (padding > blob->len) | |
146 | { | |
147 | first_padding_pos = blob->ptr; | |
148 | } | |
149 | else | |
150 | { | |
151 | first_padding_pos = last_padding_pos - padding; | |
152 | } | |
153 | /* check the padding pattern */ | |
154 | while (--last_padding_pos > first_padding_pos) | |
155 | { | |
156 | if (*last_padding_pos != padding) | |
157 | { | |
b6e07843 | 158 | DBG1(DBG_ASN, " invalid passphrase"); |
160f4c22 MW |
159 | return INVALID_ARG; |
160 | } | |
161 | } | |
162 | /* remove padding */ | |
163 | blob->len -= padding; | |
164 | return SUCCESS; | |
165 | } | |
166 | ||
167 | /** | |
168 | * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934) | |
169 | */ | |
15177f57 | 170 | static status_t pem_to_bin(chunk_t *blob, bool *pgp) |
160f4c22 MW |
171 | { |
172 | typedef enum { | |
173 | PEM_PRE = 0, | |
174 | PEM_MSG = 1, | |
175 | PEM_HEADER = 2, | |
176 | PEM_BODY = 3, | |
177 | PEM_POST = 4, | |
178 | PEM_ABORT = 5 | |
179 | } state_t; | |
7daf5226 | 180 | |
160f4c22 MW |
181 | encryption_algorithm_t alg = ENCR_UNDEFINED; |
182 | size_t key_size = 0; | |
183 | bool encrypted = FALSE; | |
184 | state_t state = PEM_PRE; | |
185 | chunk_t src = *blob; | |
186 | chunk_t dst = *blob; | |
187 | chunk_t line = chunk_empty; | |
188 | chunk_t iv = chunk_empty; | |
160f4c22 | 189 | u_char iv_buf[HASH_SIZE_MD5]; |
15177f57 MW |
190 | status_t status = NOT_FOUND; |
191 | enumerator_t *enumerator; | |
192 | shared_key_t *shared; | |
7daf5226 | 193 | |
160f4c22 MW |
194 | dst.len = 0; |
195 | iv.ptr = iv_buf; | |
196 | iv.len = 0; | |
7daf5226 | 197 | |
160f4c22 MW |
198 | while (fetchline(&src, &line)) |
199 | { | |
200 | if (state == PEM_PRE) | |
201 | { | |
202 | if (find_boundary("BEGIN", &line)) | |
203 | { | |
204 | state = PEM_MSG; | |
205 | } | |
206 | continue; | |
207 | } | |
208 | else | |
209 | { | |
210 | if (find_boundary("END", &line)) | |
211 | { | |
212 | state = PEM_POST; | |
213 | break; | |
214 | } | |
215 | if (state == PEM_MSG) | |
216 | { | |
217 | state = PEM_HEADER; | |
218 | if (memchr(line.ptr, ':', line.len) == NULL) | |
219 | { | |
220 | state = PEM_BODY; | |
221 | } | |
222 | } | |
223 | if (state == PEM_HEADER) | |
224 | { | |
225 | err_t ugh = NULL; | |
226 | chunk_t name = chunk_empty; | |
227 | chunk_t value = chunk_empty; | |
7daf5226 | 228 | |
160f4c22 MW |
229 | /* an empty line separates HEADER and BODY */ |
230 | if (line.len == 0) | |
231 | { | |
232 | state = PEM_BODY; | |
233 | continue; | |
234 | } | |
7daf5226 | 235 | |
160f4c22 | 236 | /* we are looking for a parameter: value pair */ |
b6e07843 | 237 | DBG2(DBG_ASN, " %.*s", (int)line.len, line.ptr); |
160f4c22 MW |
238 | ugh = extract_parameter_value(&name, &value, &line); |
239 | if (ugh != NULL) | |
240 | { | |
241 | continue; | |
242 | } | |
243 | if (match("Proc-Type", &name) && *value.ptr == '4') | |
244 | { | |
245 | encrypted = TRUE; | |
246 | } | |
247 | else if (match("DEK-Info", &name)) | |
248 | { | |
249 | chunk_t dek; | |
7daf5226 | 250 | |
160f4c22 MW |
251 | if (!extract_token(&dek, ',', &value)) |
252 | { | |
253 | dek = value; | |
254 | } | |
255 | if (match("DES-EDE3-CBC", &dek)) | |
256 | { | |
257 | alg = ENCR_3DES; | |
258 | key_size = 24; | |
259 | } | |
260 | else if (match("AES-128-CBC", &dek)) | |
261 | { | |
262 | alg = ENCR_AES_CBC; | |
263 | key_size = 16; | |
264 | } | |
265 | else if (match("AES-192-CBC", &dek)) | |
266 | { | |
267 | alg = ENCR_AES_CBC; | |
268 | key_size = 24; | |
269 | } | |
270 | else if (match("AES-256-CBC", &dek)) | |
271 | { | |
272 | alg = ENCR_AES_CBC; | |
273 | key_size = 32; | |
274 | } | |
275 | else | |
276 | { | |
b6e07843 | 277 | DBG1(DBG_ASN, " encryption algorithm '%.*s'" |
8b0e0910 | 278 | " not supported", dek.len, dek.ptr); |
160f4c22 MW |
279 | return NOT_SUPPORTED; |
280 | } | |
281 | eat_whitespace(&value); | |
282 | iv = chunk_from_hex(value, iv.ptr); | |
283 | } | |
284 | } | |
285 | else /* state is PEM_BODY */ | |
286 | { | |
287 | chunk_t data; | |
7daf5226 | 288 | |
160f4c22 MW |
289 | /* remove any trailing whitespace */ |
290 | if (!extract_token(&data ,' ', &line)) | |
291 | { | |
292 | data = line; | |
293 | } | |
7daf5226 | 294 | |
160f4c22 MW |
295 | /* check for PGP armor checksum */ |
296 | if (*data.ptr == '=') | |
297 | { | |
298 | *pgp = TRUE; | |
299 | data.ptr++; | |
300 | data.len--; | |
b6e07843 | 301 | DBG2(DBG_ASN, " armor checksum: %.*s", (int)data.len, |
8b0e0910 | 302 | data.ptr); |
160f4c22 MW |
303 | continue; |
304 | } | |
7daf5226 | 305 | |
160f4c22 MW |
306 | if (blob->len - dst.len < data.len / 4 * 3) |
307 | { | |
308 | state = PEM_ABORT; | |
309 | } | |
310 | data = chunk_from_base64(data, dst.ptr); | |
311 | ||
312 | dst.ptr += data.len; | |
313 | dst.len += data.len; | |
314 | } | |
315 | } | |
316 | } | |
317 | /* set length to size of binary blob */ | |
318 | blob->len = dst.len; | |
319 | ||
320 | if (state != PEM_POST) | |
321 | { | |
8b0e0910 | 322 | DBG1(DBG_LIB, " file coded in unknown format, discarded"); |
160f4c22 MW |
323 | return PARSE_ERROR; |
324 | } | |
325 | if (!encrypted) | |
326 | { | |
327 | return SUCCESS; | |
328 | } | |
15177f57 MW |
329 | |
330 | enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, | |
331 | SHARED_PRIVATE_KEY_PASS, NULL, NULL); | |
332 | while (enumerator->enumerate(enumerator, &shared, NULL, NULL)) | |
160f4c22 | 333 | { |
15177f57 MW |
334 | chunk_t passphrase, chunk; |
335 | ||
336 | passphrase = shared->get_key(shared); | |
337 | chunk = chunk_clone(*blob); | |
338 | status = pem_decrypt(&chunk, alg, key_size, iv, passphrase); | |
339 | if (status == SUCCESS) | |
160f4c22 | 340 | { |
15177f57 MW |
341 | memcpy(blob->ptr, chunk.ptr, chunk.len); |
342 | blob->len = chunk.len; | |
160f4c22 | 343 | } |
15177f57 MW |
344 | free(chunk.ptr); |
345 | if (status != INVALID_ARG) | |
346 | { /* try again only if passphrase invalid */ | |
347 | break; | |
160f4c22 MW |
348 | } |
349 | } | |
15177f57 MW |
350 | enumerator->destroy(enumerator); |
351 | return status; | |
160f4c22 MW |
352 | } |
353 | ||
354 | /** | |
de408caf | 355 | * load the credential from a blob |
160f4c22 | 356 | */ |
de408caf | 357 | static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, |
5f1931ad | 358 | identification_t *subject, x509_flag_t flags) |
160f4c22 | 359 | { |
c9db16b7 | 360 | void *cred = NULL; |
160f4c22 | 361 | bool pgp = FALSE; |
7daf5226 | 362 | |
c9db16b7 MW |
363 | blob = chunk_clone(blob); |
364 | if (!is_asn1(blob)) | |
365 | { | |
15177f57 | 366 | if (pem_to_bin(&blob, &pgp) != SUCCESS) |
c9db16b7 MW |
367 | { |
368 | chunk_clear(&blob); | |
369 | return NULL; | |
370 | } | |
de408caf | 371 | if (pgp && type == CRED_PRIVATE_KEY) |
bf3b8c90 MW |
372 | { |
373 | /* PGP encoded keys are parsed with a KEY_ANY key type, as it | |
374 | * can contain any type of key. However, ipsec.secrets uses | |
375 | * RSA for PGP keys, which is actually wrong. */ | |
de408caf | 376 | subtype = KEY_ANY; |
bf3b8c90 | 377 | } |
4e1cade5 MW |
378 | } |
379 | /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */ | |
380 | if (type == CRED_CERTIFICATE && subtype == CERT_ANY) | |
381 | { | |
382 | subtype = pgp ? CERT_GPG : CERT_X509; | |
c9db16b7 | 383 | } |
5f1931ad AS |
384 | if (type == CRED_CERTIFICATE && subtype == CERT_TRUSTED_PUBKEY && subject) |
385 | { | |
386 | cred = lib->creds->create(lib->creds, type, subtype, | |
387 | BUILD_BLOB_ASN1_DER, blob, BUILD_SUBJECT, subject, | |
388 | BUILD_END); | |
389 | } | |
390 | else | |
391 | { | |
392 | cred = lib->creds->create(lib->creds, type, subtype, | |
c9db16b7 | 393 | pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob, |
de408caf MW |
394 | flags ? BUILD_X509_FLAG : BUILD_END, |
395 | flags, BUILD_END); | |
5f1931ad | 396 | } |
c9db16b7 MW |
397 | chunk_clear(&blob); |
398 | return cred; | |
399 | } | |
400 | ||
401 | /** | |
de408caf | 402 | * load the credential from a file |
c9db16b7 | 403 | */ |
de408caf | 404 | static void *load_from_file(char *file, credential_type_t type, int subtype, |
5f1931ad | 405 | identification_t *subject, x509_flag_t flags) |
c9db16b7 | 406 | { |
160f4c22 | 407 | void *cred = NULL; |
c9db16b7 MW |
408 | struct stat sb; |
409 | void *addr; | |
410 | int fd; | |
7daf5226 | 411 | |
c9db16b7 MW |
412 | fd = open(file, O_RDONLY); |
413 | if (fd == -1) | |
160f4c22 | 414 | { |
8b0e0910 | 415 | DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); |
160f4c22 MW |
416 | return NULL; |
417 | } | |
7daf5226 | 418 | |
c9db16b7 | 419 | if (fstat(fd, &sb) == -1) |
160f4c22 | 420 | { |
8b0e0910 TB |
421 | DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file, |
422 | strerror(errno)); | |
c9db16b7 MW |
423 | close(fd); |
424 | return NULL; | |
425 | } | |
7daf5226 | 426 | |
c9db16b7 MW |
427 | addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); |
428 | if (addr == MAP_FAILED) | |
429 | { | |
8b0e0910 | 430 | DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno)); |
c9db16b7 MW |
431 | close(fd); |
432 | return NULL; | |
433 | } | |
7daf5226 | 434 | |
5f1931ad AS |
435 | cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, |
436 | subject,flags); | |
7daf5226 | 437 | |
c9db16b7 MW |
438 | munmap(addr, sb.st_size); |
439 | close(fd); | |
440 | return cred; | |
441 | } | |
442 | ||
df5c60bc | 443 | /** |
de408caf | 444 | * load the credential from a file descriptor |
df5c60bc | 445 | */ |
de408caf | 446 | static void *load_from_fd(int fd, credential_type_t type, int subtype, |
5f1931ad | 447 | identification_t *subject, x509_flag_t flags) |
df5c60bc MW |
448 | { |
449 | char buf[8096]; | |
450 | char *pos = buf; | |
451 | ssize_t len, total = 0; | |
7daf5226 | 452 | |
df5c60bc MW |
453 | while (TRUE) |
454 | { | |
455 | len = read(fd, pos, buf + sizeof(buf) - pos); | |
456 | if (len < 0) | |
457 | { | |
8b0e0910 TB |
458 | DBG1(DBG_LIB, "reading from file descriptor failed: %s", |
459 | strerror(errno)); | |
df5c60bc MW |
460 | return NULL; |
461 | } | |
462 | if (len == 0) | |
463 | { | |
464 | break; | |
465 | } | |
466 | total += len; | |
467 | if (total == sizeof(buf)) | |
468 | { | |
8b0e0910 | 469 | DBG1(DBG_LIB, "buffer too small to read from file descriptor"); |
df5c60bc MW |
470 | return NULL; |
471 | } | |
472 | } | |
5f1931ad AS |
473 | return load_from_blob(chunk_create(buf, total), type, subtype, |
474 | subject, flags); | |
160f4c22 MW |
475 | } |
476 | ||
477 | /** | |
de408caf | 478 | * Load all kind of PEM encoded credentials. |
160f4c22 | 479 | */ |
de408caf | 480 | static void *pem_load(credential_type_t type, int subtype, va_list args) |
160f4c22 | 481 | { |
de408caf MW |
482 | char *file = NULL; |
483 | int fd = -1; | |
15177f57 | 484 | chunk_t pem = chunk_empty; |
5f1931ad | 485 | identification_t *subject; |
de408caf | 486 | int flags = 0; |
7daf5226 | 487 | |
de408caf | 488 | while (TRUE) |
160f4c22 | 489 | { |
de408caf MW |
490 | switch (va_arg(args, builder_part_t)) |
491 | { | |
492 | case BUILD_FROM_FILE: | |
493 | file = va_arg(args, char*); | |
494 | continue; | |
495 | case BUILD_FROM_FD: | |
496 | fd = va_arg(args, int); | |
497 | continue; | |
498 | case BUILD_BLOB_PEM: | |
499 | pem = va_arg(args, chunk_t); | |
500 | continue; | |
5f1931ad AS |
501 | case BUILD_SUBJECT: |
502 | subject = va_arg(args, identification_t*); | |
503 | continue; | |
de408caf MW |
504 | case BUILD_X509_FLAG: |
505 | flags = va_arg(args, int); | |
506 | continue; | |
507 | case BUILD_END: | |
508 | break; | |
509 | default: | |
510 | return NULL; | |
511 | } | |
512 | break; | |
160f4c22 | 513 | } |
160f4c22 | 514 | |
75d4322d | 515 | if (pem.len) |
de408caf | 516 | { |
5f1931ad | 517 | return load_from_blob(pem, type, subtype, subject, flags); |
de408caf MW |
518 | } |
519 | if (file) | |
520 | { | |
5f1931ad | 521 | return load_from_file(file, type, subtype, subject, flags); |
de408caf MW |
522 | } |
523 | if (fd != -1) | |
524 | { | |
5f1931ad | 525 | return load_from_fd(fd, type, subtype, subject, flags); |
de408caf MW |
526 | } |
527 | return NULL; | |
160f4c22 MW |
528 | } |
529 | ||
530 | /** | |
de408caf | 531 | * Private key PEM loader. |
160f4c22 | 532 | */ |
de408caf | 533 | private_key_t *pem_private_key_load(key_type_t type, va_list args) |
160f4c22 | 534 | { |
de408caf | 535 | return pem_load(CRED_PRIVATE_KEY, type, args); |
160f4c22 MW |
536 | } |
537 | ||
538 | /** | |
de408caf | 539 | * Public key PEM loader. |
160f4c22 | 540 | */ |
de408caf | 541 | public_key_t *pem_public_key_load(key_type_t type, va_list args) |
160f4c22 | 542 | { |
de408caf | 543 | return pem_load(CRED_PUBLIC_KEY, type, args); |
160f4c22 MW |
544 | } |
545 | ||
546 | /** | |
de408caf | 547 | * Certificate PEM loader. |
160f4c22 | 548 | */ |
de408caf | 549 | certificate_t *pem_certificate_load(certificate_type_t type, va_list args) |
160f4c22 | 550 | { |
de408caf | 551 | return pem_load(CRED_CERTIFICATE, type, args); |
160f4c22 MW |
552 | } |
553 |