[thirdparty/strongswan.git] / src / libstrongswan / plugins / pem / pem_builder.c

/*
 * Copyright (C) 2009 Martin Willi
 * Copyright (C) 2001-2008 Andreas Steffen
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "pem_builder.h"

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <stddef.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>

#include <debug.h>
#include <library.h>
#include <utils/lexparser.h>
#include <asn1/asn1.h>
#include <crypto/hashers/hasher.h>
#include <crypto/crypters/crypter.h>

#define PKCS5_SALT_LEN	8	/* bytes */

typedef struct private_builder_t private_builder_t;

/**
 * Builder implementation for PEM decoding
 */
struct private_builder_t {
	/** implements the builder interface */
	builder_t public;
	/** credential type we are building */
	credential_type_t type;
	/** subtype (keytype, certtype) of the credential we build */
	int subtype;
	/** path to file, if we are reading from a file */
	char *file;
	/** file description, if we are reading from a fd */
	int fd;
	/** PEM encoding of the credential */
	chunk_t pem;
	/** PEM decryption passphrase, if given */
	chunk_t passphrase;
	/** supplied callback to read passphrase */
	chunk_t (*cb)(void *data, int try);
	/** user data to callback */
	void *data;
	/** X509 flags to pass along */
	int flags;
};

/**
 * check the presence of a pattern in a character string, skip if found
 */
static bool present(char* pattern, chunk_t* ch)
{
	u_int len = strlen(pattern);
	
	if (ch->len >= len && strneq(ch->ptr, pattern, len))
	{
		*ch = chunk_skip(*ch, len);
		return TRUE;
	}
	return FALSE;
}

/**
 * find a boundary of the form -----tag name-----
 */
static bool find_boundary(char* tag, chunk_t *line)
{
	chunk_t name = chunk_empty;
	
	if (!present("-----", line) ||
		!present(tag, line) ||
		*line->ptr != ' ')
	{
		return FALSE;
	}
	*line = chunk_skip(*line, 1);
	
	/* extract name */
	name.ptr = line->ptr;
	while (line->len > 0)
	{
		if (present("-----", line))
		{
			DBG2("  -----%s %.*s-----", tag, (int)name.len, name.ptr);
			return TRUE;
		}
		line->ptr++;  line->len--;  name.len++;
	}
	return FALSE;
}

/*
 * decrypts a passphrase protected encrypted data block
 */
static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
							size_t key_size, chunk_t iv, chunk_t passphrase)
{
	hasher_t *hasher;
	crypter_t *crypter;
	chunk_t salt = { iv.ptr, PKCS5_SALT_LEN };
	chunk_t hash;
	chunk_t decrypted;
	chunk_t key = {alloca(key_size), key_size};
	u_int8_t padding, *last_padding_pos, *first_padding_pos;
	
	/* build key from passphrase and IV */
	hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
	if (hasher == NULL)
	{
		DBG1("  MD5 hash algorithm not available");
		return NOT_SUPPORTED;
	}
	hash.len = hasher->get_hash_size(hasher);
	hash.ptr = alloca(hash.len);
	hasher->get_hash(hasher, passphrase, NULL);
	hasher->get_hash(hasher, salt, hash.ptr);
	memcpy(key.ptr, hash.ptr, hash.len);
	
	if (key.len > hash.len)
	{
		hasher->get_hash(hasher, hash, NULL);
		hasher->get_hash(hasher, passphrase, NULL);
		hasher->get_hash(hasher, salt, hash.ptr);
		memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
	}
	hasher->destroy(hasher);
	
	/* decrypt blob */
	crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
	if (crypter == NULL)
	{
		DBG1("  %N encryption algorithm not available",
			 encryption_algorithm_names, alg);
		return NOT_SUPPORTED;
	}
	crypter->set_key(crypter, key);
	
	if (iv.len != crypter->get_block_size(crypter) ||
		blob->len % iv.len)
	{
		crypter->destroy(crypter);
		DBG1("  data size is not multiple of block size");
		return PARSE_ERROR;
	}
	crypter->decrypt(crypter, *blob, iv, &decrypted);
	crypter->destroy(crypter);
	memcpy(blob->ptr, decrypted.ptr, blob->len);
	chunk_free(&decrypted);
	
	/* determine amount of padding */
	last_padding_pos = blob->ptr + blob->len - 1;
	padding = *last_padding_pos;
	if (padding > blob->len)
	{
		first_padding_pos = blob->ptr;
	}
	else
	{
		first_padding_pos = last_padding_pos - padding;
	}
	/* check the padding pattern */
	while (--last_padding_pos > first_padding_pos)
	{
		if (*last_padding_pos != padding)
		{
			DBG1("  invalid passphrase");
			return INVALID_ARG;
		}
	}
	/* remove padding */
	blob->len -= padding;
	return SUCCESS;
}

/**
 * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934)
 */
status_t pem_to_bin(chunk_t *blob, private_builder_t *this, bool *pgp)
{
	typedef enum {
		PEM_PRE    = 0,
		PEM_MSG    = 1,
		PEM_HEADER = 2,
		PEM_BODY   = 3,
		PEM_POST   = 4,
		PEM_ABORT  = 5
	} state_t;
	
	encryption_algorithm_t alg = ENCR_UNDEFINED;
	size_t key_size = 0;
	bool encrypted = FALSE;
	state_t state  = PEM_PRE;
	chunk_t src    = *blob;
	chunk_t dst    = *blob;
	chunk_t line   = chunk_empty;
	chunk_t iv     = chunk_empty;
	chunk_t passphrase;
	int try = 0;
	u_char iv_buf[HASH_SIZE_MD5];
	
	dst.len = 0;
	iv.ptr = iv_buf;
	iv.len = 0;
	
	while (fetchline(&src, &line))
	{
		if (state == PEM_PRE)
		{
			if (find_boundary("BEGIN", &line))
			{
				state = PEM_MSG;
			}
			continue;
		}
		else
		{
			if (find_boundary("END", &line))
			{
				state = PEM_POST;
				break;
			}
			if (state == PEM_MSG)
			{
				state = PEM_HEADER;
				if (memchr(line.ptr, ':', line.len) == NULL)
				{
					state = PEM_BODY;
				}
			}
			if (state == PEM_HEADER)
			{
				err_t ugh = NULL;
				chunk_t name  = chunk_empty;
				chunk_t value = chunk_empty;
				
				/* an empty line separates HEADER and BODY */
				if (line.len == 0)
				{
					state = PEM_BODY;
					continue;
				}
				
				/* we are looking for a parameter: value pair */
				DBG2("  %.*s", (int)line.len, line.ptr);
				ugh = extract_parameter_value(&name, &value, &line);
				if (ugh != NULL)
				{
					continue;
				}
				if (match("Proc-Type", &name) && *value.ptr == '4')
				{
					encrypted = TRUE;
				}
				else if (match("DEK-Info", &name))
				{
					chunk_t dek;
					
					if (!extract_token(&dek, ',', &value))
					{
						dek = value;
					}
					if (match("DES-EDE3-CBC", &dek))
					{
						alg = ENCR_3DES;
						key_size = 24;
					}
					else if (match("AES-128-CBC", &dek))
					{
						alg = ENCR_AES_CBC;
						key_size = 16;
					}
					else if (match("AES-192-CBC", &dek))
					{
						alg = ENCR_AES_CBC;
						key_size = 24;
					}
					else if (match("AES-256-CBC", &dek))
					{
						alg = ENCR_AES_CBC;
						key_size = 32;
					}
					else
					{
						DBG1("  encryption algorithm '%.*s' not supported",
							 dek.len, dek.ptr);
						return NOT_SUPPORTED;
					}
					eat_whitespace(&value);
					iv = chunk_from_hex(value, iv.ptr);
				}
			}
			else /* state is PEM_BODY */
			{
				chunk_t data;
				
				/* remove any trailing whitespace */
				if (!extract_token(&data ,' ', &line))
				{
					data = line;
				}
				
				/* check for PGP armor checksum */
				if (*data.ptr == '=')
				{
					*pgp = TRUE;
					data.ptr++;
					data.len--;
					DBG2("  armor checksum: %.*s", (int)data.len, data.ptr);
					continue;
				}
				
				if (blob->len - dst.len < data.len / 4 * 3)
				{
					state = PEM_ABORT;
				}
				data = chunk_from_base64(data, dst.ptr);

				dst.ptr += data.len;
				dst.len += data.len;
			}
		}
	}
	/* set length to size of binary blob */
	blob->len = dst.len;

	if (state != PEM_POST)
	{
		DBG1("  file coded in unknown format, discarded");
		return PARSE_ERROR;
	}
	if (!encrypted)
	{
		return SUCCESS;
	}
	if (!this->cb)
	{
		DBG1("  missing passphrase");
		return INVALID_ARG;
	}
	while (TRUE)
	{
		passphrase = this->cb(this->data, ++try);
		if (!passphrase.len || !passphrase.ptr)
		{
			return INVALID_ARG;
		}
		switch (pem_decrypt(blob, alg, key_size, iv, passphrase))
		{
			case INVALID_ARG:
				/* bad passphrase, retry */
				continue;
			case SUCCESS:
				return SUCCESS;
			default:
				return FAILED;
		}
	}
}

/**
 * build the credential from a blob
 */
static void *build_from_blob(private_builder_t *this, chunk_t blob)
{
	void *cred = NULL;
	bool pgp = FALSE;
	
	blob = chunk_clone(blob);
	if (!is_asn1(blob))
	{
		if (pem_to_bin(&blob, this, &pgp) != SUCCESS)
		{
			chunk_clear(&blob);
			return NULL;
		}
	}
	cred = lib->creds->create(lib->creds, this->type, this->subtype,
							  pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
							  this->flags ? BUILD_X509_FLAG : BUILD_END,
							  this->flags, BUILD_END);
	chunk_clear(&blob);
	return cred;
}

/**
 * build the credential from a file
 */
static void *build_from_file(private_builder_t *this, char *file)
{
	void *cred = NULL;
	struct stat sb;
	void *addr;
	int fd;
	
	fd = open(file, O_RDONLY);
	if (fd == -1)
	{
		DBG1("  opening '%s' failed: %s", file, strerror(errno));
		return NULL;
	}
	
	if (fstat(fd, &sb) == -1)
	{
		DBG1("  getting file size of '%s' failed: %s", file, strerror(errno));
		close(fd);
		return NULL;
	}
	
	addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
	if (addr == MAP_FAILED)
	{
		DBG1("  mapping '%s' failed: %s", file, strerror(errno));
		close(fd);
		return NULL;
	}
	
	cred = build_from_blob(this, chunk_create(addr, sb.st_size));
	
	munmap(addr, sb.st_size);
	close(fd);
	return cred;
}

/**
 * build the credential from a file
 */
static void *build_from_fd(private_builder_t *this, int fd)
{
	char buf[8096];
	char *pos = buf;
	ssize_t len, total = 0;
	
	while (TRUE)
	{
		len = read(fd, pos, buf + sizeof(buf) - pos);
		if (len < 0)
		{
			DBG1("reading from file descriptor failed: %s", strerror(errno));
			return NULL;
		}
		if (len == 0)
		{
			break;
		}
		total += len;
		if (total == sizeof(buf))
		{
			DBG1("buffer too small to read from file descriptor");
			return NULL;
		}
	}
	return build_from_blob(this, chunk_create(buf, total));
}

/**
 * Implementation of builder_t.build
 */
static void *build(private_builder_t *this)
{
	void *cred = NULL;
	
	if (this->pem.ptr)
	{
		cred = build_from_blob(this, this->pem);
	}
	else if (this->file)
	{
		cred = build_from_file(this, this->file);
	}
	else if (this->fd != -1)
	{
		cred = build_from_fd(this, this->fd);
	}
	free(this);
	return cred;
}

/**
 * passphrase callback to use if passphrase given
 */
static chunk_t given_passphrase_cb(chunk_t *passphrase, int try)
{
	if (try > 1)
	{	/* try only once for given passphrases */
		return chunk_empty;
	}
	return *passphrase;
}

/**
 * Implementation of builder_t.add
 */
static void add(private_builder_t *this, builder_part_t part, ...)
{
	va_list args;
	
	switch (part)
	{
		case BUILD_FROM_FILE:
			va_start(args, part);
			this->file = va_arg(args, char*);
			va_end(args);
			break;
		case BUILD_FROM_FD:
			va_start(args, part);
			this->fd = va_arg(args, int);
			va_end(args);
			break;
		case BUILD_BLOB_PEM:
			va_start(args, part);
			this->pem = va_arg(args, chunk_t);
			va_end(args);
			break;
		case BUILD_PASSPHRASE:
			va_start(args, part);
			this->passphrase = va_arg(args, chunk_t);
			va_end(args);
			if (this->passphrase.len && this->passphrase.ptr)
			{
				this->cb = (void*)given_passphrase_cb;
				this->data = &this->passphrase;
			}
			break;
		case BUILD_PASSPHRASE_CALLBACK:
			va_start(args, part);
			this->cb = va_arg(args, chunk_t(*)(void*,int));
			this->data = va_arg(args, void*);
			va_end(args);
			break;
		case BUILD_X509_FLAG:
			va_start(args, part);
			this->flags = va_arg(args, int);
			va_end(args);
			break;
		default:
			builder_cancel(&this->public);
			break;
	}
}

/**
 * Generic PEM builder.
 */
static builder_t *pem_builder(credential_type_t type, int subtype)
{
	private_builder_t *this = malloc_thing(private_builder_t);
	
	this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
	this->public.build = (void*(*)(builder_t *this))build;
	
	this->type = type;
	this->subtype = subtype;
	this->file = NULL;
	this->fd = -1;
	this->pem = chunk_empty;
	this->passphrase = chunk_empty;
	this->cb = NULL;
	this->data = NULL;
	this->flags = 0;
	
	return &this->public;
}

/**
 * Private key PEM builder.
 */
builder_t *private_key_pem_builder(key_type_t type)
{
	return pem_builder(CRED_PRIVATE_KEY, type);
}

/**
 * Public key PEM builder.
 */
builder_t *public_key_pem_builder(key_type_t type)
{
	return pem_builder(CRED_PUBLIC_KEY, type);
}

/**
 * Certificate PEM builder.
 */
builder_t *certificate_pem_builder(certificate_type_t type)
{
	return pem_builder(CRED_CERTIFICATE, type);
}
Commit	Line	Data
160f4c22 MW	1	/*
	2	* Copyright (C) 2009 Martin Willi
	3	* Copyright (C) 2001-2008 Andreas Steffen
	4	* Hochschule fuer Technik Rapperswil
	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2 of the License, or (at your
	9	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	13	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	14	* for more details.
	15	*/
	16
	17	#include "pem_builder.h"
	18
	19	#include <stdio.h>
	20	#include <stdlib.h>
	21	#include <unistd.h>
	22	#include <errno.h>
	23	#include <string.h>
	24	#include <stddef.h>
c9db16b7	25	#include <fcntl.h>
160f4c22	26	#include <sys/types.h>
c9db16b7 MW	27	#include <sys/mman.h>
c9db16b7 MW	28	#include <sys/stat.h>
160f4c22 MW	29
	30	#include <debug.h>
	31	#include <library.h>
	32	#include <utils/lexparser.h>
c9db16b7	33	#include <asn1/asn1.h>
160f4c22 MW	34	#include <crypto/hashers/hasher.h>
	35	#include <crypto/crypters/crypter.h>
	36
	37	#define PKCS5_SALT_LEN 8 /* bytes */
	38
	39	typedef struct private_builder_t private_builder_t;
	40
	41	/**
	42	* Builder implementation for PEM decoding
	43	*/
	44	struct private_builder_t {
	45	/** implements the builder interface */
	46	builder_t public;
	47	/** credential type we are building */
	48	credential_type_t type;
	49	/** subtype (keytype, certtype) of the credential we build */
	50	int subtype;
c9db16b7 MW	51	/** path to file, if we are reading from a file */
c9db16b7 MW	52	char *file;
df5c60bc MW	53	/** file description, if we are reading from a fd */
df5c60bc MW	54	int fd;
160f4c22 MW	55	/** PEM encoding of the credential */
	56	chunk_t pem;
	57	/** PEM decryption passphrase, if given */
	58	chunk_t passphrase;
	59	/** supplied callback to read passphrase */
	60	chunk_t (cb)(void data, int try);
	61	/** user data to callback */
	62	void *data;
4d151291 MW	63	/** X509 flags to pass along */
4d151291 MW	64	int flags;
160f4c22 MW	65	};
	66
	67	/**
	68	* check the presence of a pattern in a character string, skip if found
	69	*/
	70	static bool present(char* pattern, chunk_t* ch)
	71	{
	72	u_int len = strlen(pattern);
	73
	74	if (ch->len >= len && strneq(ch->ptr, pattern, len))
	75	{
	76	ch = chunk_skip(ch, len);
	77	return TRUE;
	78	}
	79	return FALSE;
	80	}
	81
	82	/**
	83	* find a boundary of the form -----tag name-----
	84	*/
	85	static bool find_boundary(char* tag, chunk_t *line)
	86	{
	87	chunk_t name = chunk_empty;
	88
	89	if (!present("-----", line) \|\|
	90	!present(tag, line) \|\|
	91	*line->ptr != ' ')
	92	{
	93	return FALSE;
	94	}
	95	line = chunk_skip(line, 1);
	96
	97	/* extract name */
	98	name.ptr = line->ptr;
	99	while (line->len > 0)
	100	{
	101	if (present("-----", line))
	102	{
	103	DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr);
	104	return TRUE;
	105	}
	106	line->ptr++; line->len--; name.len++;
	107	}
	108	return FALSE;
	109	}
	110
	111	/*
	112	* decrypts a passphrase protected encrypted data block
	113	*/
	114	static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
	115	size_t key_size, chunk_t iv, chunk_t passphrase)
	116	{
	117	hasher_t *hasher;
	118	crypter_t *crypter;
	119	chunk_t salt = { iv.ptr, PKCS5_SALT_LEN };
	120	chunk_t hash;
	121	chunk_t decrypted;
	122	chunk_t key = {alloca(key_size), key_size};
	123	u_int8_t padding, last_padding_pos, first_padding_pos;
	124
	125	/* build key from passphrase and IV */
	126	hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
	127	if (hasher == NULL)
	128	{
129	DBG1(" MD5 hash algorithm not available");
130	return NOT_SUPPORTED;
131	}
132	hash.len = hasher->get_hash_size(hasher);
133	hash.ptr = alloca(hash.len);
134	hasher->get_hash(hasher, passphrase, NULL);
135	hasher->get_hash(hasher, salt, hash.ptr);
136	memcpy(key.ptr, hash.ptr, hash.len);
137
138	if (key.len > hash.len)
139	{
140	hasher->get_hash(hasher, hash, NULL);
141	hasher->get_hash(hasher, passphrase, NULL);
142	hasher->get_hash(hasher, salt, hash.ptr);
143	memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
144	}
145	hasher->destroy(hasher);
146
147	/* decrypt blob */
148	crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
149	if (crypter == NULL)
150	{
151	DBG1(" %N encryption algorithm not available",
152	encryption_algorithm_names, alg);
153	return NOT_SUPPORTED;
154	}
155	crypter->set_key(crypter, key);
156
157	if (iv.len != crypter->get_block_size(crypter) \|\|
158	blob->len % iv.len)
159	{
160	crypter->destroy(crypter);
161	DBG1(" data size is not multiple of block size");
162	return PARSE_ERROR;
163	}
164	crypter->decrypt(crypter, *blob, iv, &decrypted);
165	crypter->destroy(crypter);
166	memcpy(blob->ptr, decrypted.ptr, blob->len);
167	chunk_free(&decrypted);
168
169	/* determine amount of padding */
170	last_padding_pos = blob->ptr + blob->len - 1;
171	padding = *last_padding_pos;
172	if (padding > blob->len)
173	{
174	first_padding_pos = blob->ptr;
175	}
176	else
177	{
178	first_padding_pos = last_padding_pos - padding;
179	}
180	/* check the padding pattern */
181	while (--last_padding_pos > first_padding_pos)
182	{
183	if (*last_padding_pos != padding)
184	{
185	DBG1(" invalid passphrase");
186	return INVALID_ARG;
187	}
188	}
189	/* remove padding */
190	blob->len -= padding;
191	return SUCCESS;
192	}
193
194	/**
195	* Converts a PEM encoded file into its binary form (RFC 1421, RFC 934)
196	*/
197	status_t pem_to_bin(chunk_t blob, private_builder_t this, bool *pgp)
198	{
199	typedef enum {
200	PEM_PRE = 0,
201	PEM_MSG = 1,
202	PEM_HEADER = 2,
203	PEM_BODY = 3,
204	PEM_POST = 4,
205	PEM_ABORT = 5
206	} state_t;
207
208	encryption_algorithm_t alg = ENCR_UNDEFINED;
209	size_t key_size = 0;
210	bool encrypted = FALSE;
211	state_t state = PEM_PRE;
212	chunk_t src = *blob;
213	chunk_t dst = *blob;
214	chunk_t line = chunk_empty;
215	chunk_t iv = chunk_empty;
216	chunk_t passphrase;
217	int try = 0;
218	u_char iv_buf[HASH_SIZE_MD5];
219
220	dst.len = 0;
221	iv.ptr = iv_buf;
222	iv.len = 0;
223
224	while (fetchline(&src, &line))
225	{
226	if (state == PEM_PRE)
227	{
228	if (find_boundary("BEGIN", &line))
229	{
230	state = PEM_MSG;
231	}
232	continue;
233	}
234	else
235	{
236	if (find_boundary("END", &line))
237	{
238	state = PEM_POST;
239	break;
240	}
241	if (state == PEM_MSG)
242	{
243	state = PEM_HEADER;
244	if (memchr(line.ptr, ':', line.len) == NULL)
245	{
246	state = PEM_BODY;
247	}
248	}
249	if (state == PEM_HEADER)
250	{
251	err_t ugh = NULL;
252	chunk_t name = chunk_empty;
253	chunk_t value = chunk_empty;
254
255	/* an empty line separates HEADER and BODY */
256	if (line.len == 0)
257	{
258	state = PEM_BODY;
259	continue;
260	}
261
262	/* we are looking for a parameter: value pair */
263	DBG2(" %.*s", (int)line.len, line.ptr);
264	ugh = extract_parameter_value(&name, &value, &line);
265	if (ugh != NULL)
266	{
267	continue;
268	}
269	if (match("Proc-Type", &name) && *value.ptr == '4')
270	{
271	encrypted = TRUE;
272	}
273	else if (match("DEK-Info", &name))
274	{
275	chunk_t dek;
276
277	if (!extract_token(&dek, ',', &value))
278	{
279	dek = value;
280	}
281	if (match("DES-EDE3-CBC", &dek))
282	{
283	alg = ENCR_3DES;
284	key_size = 24;
285	}
286	else if (match("AES-128-CBC", &dek))
287	{
288	alg = ENCR_AES_CBC;
289	key_size = 16;
290	}
291	else if (match("AES-192-CBC", &dek))
292	{
293	alg = ENCR_AES_CBC;
294	key_size = 24;
295	}
296	else if (match("AES-256-CBC", &dek))
297	{
298	alg = ENCR_AES_CBC;
299	key_size = 32;
300	}
301	else
302	{
4d151291	303	DBG1(" encryption algorithm '%.*s' not supported",
160f4c22 MW	304	dek.len, dek.ptr);
	305	return NOT_SUPPORTED;
	306	}
	307	eat_whitespace(&value);
	308	iv = chunk_from_hex(value, iv.ptr);
	309	}
	310	}
	311	else /* state is PEM_BODY */
	312	{
	313	chunk_t data;
	314
	315	/* remove any trailing whitespace */
	316	if (!extract_token(&data ,' ', &line))
	317	{
	318	data = line;
	319	}
	320
	321	/* check for PGP armor checksum */
	322	if (*data.ptr == '=')
	323	{
	324	*pgp = TRUE;
	325	data.ptr++;
	326	data.len--;
	327	DBG2(" armor checksum: %.*s", (int)data.len, data.ptr);
	328	continue;
	329	}
	330
	331	if (blob->len - dst.len < data.len / 4 * 3)
	332	{
	333	state = PEM_ABORT;
	334	}
	335	data = chunk_from_base64(data, dst.ptr);
	336
	337	dst.ptr += data.len;
	338	dst.len += data.len;
	339	}
	340	}
	341	}
	342	/* set length to size of binary blob */
	343	blob->len = dst.len;
	344
	345	if (state != PEM_POST)
	346	{
	347	DBG1(" file coded in unknown format, discarded");
	348	return PARSE_ERROR;
	349	}
	350	if (!encrypted)
	351	{
	352	return SUCCESS;
	353	}
	354	if (!this->cb)
	355	{
	356	DBG1(" missing passphrase");
	357	return INVALID_ARG;
	358	}
	359	while (TRUE)
	360	{
	361	passphrase = this->cb(this->data, ++try);
	362	if (!passphrase.len \|\| !passphrase.ptr)
	363	{
	364	return INVALID_ARG;
	365	}
	366	switch (pem_decrypt(blob, alg, key_size, iv, passphrase))
	367	{
368	case INVALID_ARG:
369	/* bad passphrase, retry */
370	continue;
371	case SUCCESS:
372	return SUCCESS;
373	default:
374	return FAILED;
375	}
376	}
377	}
378
379	/**
c9db16b7	380	* build the credential from a blob
160f4c22	381	*/
c9db16b7	382	static void build_from_blob(private_builder_t this, chunk_t blob)
160f4c22	383	{
c9db16b7	384	void *cred = NULL;
160f4c22	385	bool pgp = FALSE;
c9db16b7 MW	386
	387	blob = chunk_clone(blob);
	388	if (!is_asn1(blob))
	389	{
	390	if (pem_to_bin(&blob, this, &pgp) != SUCCESS)
	391	{
	392	chunk_clear(&blob);
	393	return NULL;
	394	}
	395	}
	396	cred = lib->creds->create(lib->creds, this->type, this->subtype,
	397	pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
4d151291 MW	398	this->flags ? BUILD_X509_FLAG : BUILD_END,
4d151291 MW	399	this->flags, BUILD_END);
c9db16b7 MW	400	chunk_clear(&blob);
	401	return cred;
	402	}
	403
	404	/**
	405	* build the credential from a file
	406	*/
	407	static void build_from_file(private_builder_t this, char *file)
	408	{
160f4c22	409	void *cred = NULL;
c9db16b7 MW	410	struct stat sb;
	411	void *addr;
	412	int fd;
160f4c22	413
c9db16b7 MW	414	fd = open(file, O_RDONLY);
c9db16b7 MW	415	if (fd == -1)
160f4c22	416	{
c9db16b7	417	DBG1(" opening '%s' failed: %s", file, strerror(errno));
160f4c22 MW	418	return NULL;
160f4c22 MW	419	}
c9db16b7 MW	420
c9db16b7 MW	421	if (fstat(fd, &sb) == -1)
160f4c22	422	{
c9db16b7 MW	423	DBG1(" getting file size of '%s' failed: %s", file, strerror(errno));
	424	close(fd);
	425	return NULL;
	426	}
	427
	428	addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
	429	if (addr == MAP_FAILED)
	430	{
	431	DBG1(" mapping '%s' failed: %s", file, strerror(errno));
	432	close(fd);
	433	return NULL;
	434	}
	435
	436	cred = build_from_blob(this, chunk_create(addr, sb.st_size));
	437
	438	munmap(addr, sb.st_size);
	439	close(fd);
	440	return cred;
	441	}
	442
df5c60bc MW	443	/**
	444	* build the credential from a file
	445	*/
	446	static void build_from_fd(private_builder_t this, int fd)
	447	{
	448	char buf[8096];
	449	char *pos = buf;
	450	ssize_t len, total = 0;
	451
	452	while (TRUE)
	453	{
	454	len = read(fd, pos, buf + sizeof(buf) - pos);
	455	if (len < 0)
	456	{
	457	DBG1("reading from file descriptor failed: %s", strerror(errno));
	458	return NULL;
	459	}
	460	if (len == 0)
	461	{
	462	break;
	463	}
	464	total += len;
	465	if (total == sizeof(buf))
	466	{
	467	DBG1("buffer too small to read from file descriptor");
	468	return NULL;
	469	}
	470	}
	471	return build_from_blob(this, chunk_create(buf, total));
	472	}
	473
c9db16b7 MW	474	/**
	475	* Implementation of builder_t.build
	476	*/
	477	static void build(private_builder_t this)
	478	{
	479	void *cred = NULL;
	480
	481	if (this->pem.ptr)
	482	{
	483	cred = build_from_blob(this, this->pem);
	484	}
	485	else if (this->file)
	486	{
	487	cred = build_from_file(this, this->file);
160f4c22	488	}
df5c60bc MW	489	else if (this->fd != -1)
	490	{
	491	cred = build_from_fd(this, this->fd);
	492	}
160f4c22 MW	493	free(this);
	494	return cred;
	495	}
	496
	497	/**
	498	* passphrase callback to use if passphrase given
	499	*/
	500	static chunk_t given_passphrase_cb(chunk_t *passphrase, int try)
	501	{
	502	if (try > 1)
	503	{ /* try only once for given passphrases */
	504	return chunk_empty;
	505	}
	506	return *passphrase;
	507	}
	508
	509	/**
	510	* Implementation of builder_t.add
	511	*/
	512	static void add(private_builder_t *this, builder_part_t part, ...)
	513	{
	514	va_list args;
	515
	516	switch (part)
	517	{
c9db16b7 MW	518	case BUILD_FROM_FILE:
	519	va_start(args, part);
	520	this->file = va_arg(args, char*);
	521	va_end(args);
	522	break;
df5c60bc MW	523	case BUILD_FROM_FD:
	524	va_start(args, part);
	525	this->fd = va_arg(args, int);
	526	va_end(args);
	527	break;
160f4c22 MW	528	case BUILD_BLOB_PEM:
	529	va_start(args, part);
	530	this->pem = va_arg(args, chunk_t);
	531	va_end(args);
	532	break;
	533	case BUILD_PASSPHRASE:
	534	va_start(args, part);
	535	this->passphrase = va_arg(args, chunk_t);
	536	va_end(args);
	537	if (this->passphrase.len && this->passphrase.ptr)
	538	{
	539	this->cb = (void*)given_passphrase_cb;
	540	this->data = &this->passphrase;
	541	}
	542	break;
	543	case BUILD_PASSPHRASE_CALLBACK:
	544	va_start(args, part);
	545	this->cb = va_arg(args, chunk_t()(void,int));
	546	this->data = va_arg(args, void*);
	547	va_end(args);
	548	break;
4d151291 MW	549	case BUILD_X509_FLAG:
	550	va_start(args, part);
	551	this->flags = va_arg(args, int);
	552	va_end(args);
	553	break;
160f4c22 MW	554	default:
	555	builder_cancel(&this->public);
	556	break;
	557	}
	558	}
	559
	560	/**
	561	* Generic PEM builder.
	562	*/
	563	static builder_t *pem_builder(credential_type_t type, int subtype)
	564	{
	565	private_builder_t *this = malloc_thing(private_builder_t);
	566
	567	this->public.add = (void()(builder_t this, builder_part_t part, ...))add;
	568	this->public.build = (void()(builder_t *this))build;
	569
	570	this->type = type;
	571	this->subtype = subtype;
c9db16b7	572	this->file = NULL;
df5c60bc	573	this->fd = -1;
160f4c22 MW	574	this->pem = chunk_empty;
	575	this->passphrase = chunk_empty;
	576	this->cb = NULL;
	577	this->data = NULL;
4d151291	578	this->flags = 0;
160f4c22 MW	579
	580	return &this->public;
	581	}
	582
	583	/**
	584	* Private key PEM builder.
	585	*/
	586	builder_t *private_key_pem_builder(key_type_t type)
	587	{
	588	return pem_builder(CRED_PRIVATE_KEY, type);
	589	}
	590
	591	/**
	592	* Public key PEM builder.
	593	*/
	594	builder_t *public_key_pem_builder(key_type_t type)
	595	{
	596	return pem_builder(CRED_PUBLIC_KEY, type);
	597	}
	598
	599	/**
	600	* Certificate PEM builder.
	601	*/
	602	builder_t *certificate_pem_builder(certificate_type_t type)
	603	{
	604	return pem_builder(CRED_CERTIFICATE, type);
	605	}
	606