pem.c source code [Godot/thirdparty/mbedtls/library/pem.c]

1	/*
2	* Privacy Enhanced Mail (PEM) decoding
3	*
4	* Copyright The Mbed TLS Contributors
5	* SPDX-License-Identifier: Apache-2.0
6	*
7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
8	* not use this file except in compliance with the License.
9	* You may obtain a copy of the License at
10	*
11	* http://www.apache.org/licenses/LICENSE-2.0
12	*
13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and
17	* limitations under the License.
18	*/
19
20	#include "common.h"
21
22	#if defined(MBEDTLS_PEM_PARSE_C) \|\| defined(MBEDTLS_PEM_WRITE_C)
23
24	#include "mbedtls/pem.h"
25	#include "mbedtls/base64.h"
26	#include "mbedtls/des.h"
27	#include "mbedtls/aes.h"
28	#include "mbedtls/md5.h"
29	#include "mbedtls/cipher.h"
30	#include "mbedtls/platform_util.h"
31	#include "mbedtls/error.h"
32
33	#include <string.h>
34
35	#include "mbedtls/platform.h"
36
37	#if defined(MBEDTLS_PEM_PARSE_C)
38	void mbedtls_pem_init(mbedtls_pem_context *ctx)
39	{
40	memset(ctx, `0`, sizeof(mbedtls_pem_context));
41	}
42
43	#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
44	(defined(MBEDTLS_DES_C) \|\| defined(MBEDTLS_AES_C))
45	/*
46	* Read a 16-byte hex string and convert it to binary
47	*/
48	static int pem_get_iv(const unsigned char s, unsigned* char *iv,
49	size_t iv_len)
50	{
51	size_t i, j, k;
52
53	memset(iv, `0`, iv_len);
54
55	for (i = `0`; i < iv_len * `2`; i++, s++) {
56	if (s >= `'0'` && s <= `'9'`) {
57	j = *s - `'0'`;
58	} else
59	if (s >= `'A'` && s <= `'F'`) {
60	j = *s - `'7'`;
61	} else
62	if (s >= `'a'` && s <= `'f'`) {
63	j = *s - `'W'`;
64	} else {
65	return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
66	}
67
68	k = ((i & `1`) != `0`) ? j : j << `4`;
69
70	iv[i >> `1`] = (unsigned char) (iv[i >> `1`] \| k);
71	}
72
73	return `0`;
74	}
75
76	static int pem_pbkdf1(unsigned char *key, size_t keylen,
77	unsigned char *iv,
78	const unsigned char *pwd, size_t pwdlen)
79	{
80	mbedtls_md5_context md5_ctx;
81	unsigned char md5sum[`16`];
82	size_t use_len;
83	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
84
85	mbedtls_md5_init(&md5_ctx);
86
87	/*
88	* key[ 0..15] = MD5(pwd \|\| IV)
89	*/
90	if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != `0`) {
91	goto exit;
92	}
93	if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != `0`) {
94	goto exit;
95	}
96	if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, `8`)) != `0`) {
97	goto exit;
98	}
99	if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != `0`) {
100	goto exit;
101	}
102
103	if (keylen <= `16`) {
104	memcpy(key, md5sum, keylen);
105	goto exit;
106	}
107
108	memcpy(key, md5sum, `16`);
109
110	/*
111	* key[16..23] = MD5(key[ 0..15] \|\| pwd \|\| IV])
112	*/
113	if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != `0`) {
114	goto exit;
115	}
116	if ((ret = mbedtls_md5_update_ret(&md5_ctx, md5sum, `16`)) != `0`) {
117	goto exit;
118	}
119	if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != `0`) {
120	goto exit;
121	}
122	if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, `8`)) != `0`) {
123	goto exit;
124	}
125	if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != `0`) {
126	goto exit;
127	}
128
129	use_len = `16`;
130	if (keylen < `32`) {
131	use_len = keylen - `16`;
132	}
133
134	memcpy(key + `16`, md5sum, use_len);
135
136	exit:
137	mbedtls_md5_free(&md5_ctx);
138	mbedtls_platform_zeroize(md5sum, `16`);
139
140	return ret;
141	}
142
143	#if defined(MBEDTLS_DES_C)
144	/*
145	* Decrypt with DES-CBC, using PBKDF1 for key derivation
146	*/
147	static int pem_des_decrypt(unsigned char des_iv[`8`],
148	unsigned char *buf, size_t buflen,
149	const unsigned char *pwd, size_t pwdlen)
150	{
151	mbedtls_des_context des_ctx;
152	unsigned char des_key[`8`];
153	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
154
155	mbedtls_des_init(&des_ctx);
156
157	if ((ret = pem_pbkdf1(des_key, `8`, des_iv, pwd, pwdlen)) != `0`) {
158	goto exit;
159	}
160
161	if ((ret = mbedtls_des_setkey_dec(&des_ctx, des_key)) != `0`) {
162	goto exit;
163	}
164	ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_DECRYPT, buflen,
165	des_iv, buf, buf);
166
167	exit:
168	mbedtls_des_free(&des_ctx);
169	mbedtls_platform_zeroize(des_key, `8`);
170
171	return ret;
172	}
173
174	/*
175	* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
176	*/
177	static int pem_des3_decrypt(unsigned char des3_iv[`8`],
178	unsigned char *buf, size_t buflen,
179	const unsigned char *pwd, size_t pwdlen)
180	{
181	mbedtls_des3_context des3_ctx;
182	unsigned char des3_key[`24`];
183	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
184
185	mbedtls_des3_init(&des3_ctx);
186
187	if ((ret = pem_pbkdf1(des3_key, `24`, des3_iv, pwd, pwdlen)) != `0`) {
188	goto exit;
189	}
190
191	if ((ret = mbedtls_des3_set3key_dec(&des3_ctx, des3_key)) != `0`) {
192	goto exit;
193	}
194	ret = mbedtls_des3_crypt_cbc(&des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
195	des3_iv, buf, buf);
196
197	exit:
198	mbedtls_des3_free(&des3_ctx);
199	mbedtls_platform_zeroize(des3_key, `24`);
200
201	return ret;
202	}
203	#endif /* MBEDTLS_DES_C */
204
205	#if defined(MBEDTLS_AES_C)
206	/*
207	* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
208	*/
209	static int pem_aes_decrypt(unsigned char aes_iv[`16`], unsigned int keylen,
210	unsigned char *buf, size_t buflen,
211	const unsigned char *pwd, size_t pwdlen)
212	{
213	mbedtls_aes_context aes_ctx;
214	unsigned char aes_key[`32`];
215	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
216
217	mbedtls_aes_init(&aes_ctx);
218
219	if ((ret = pem_pbkdf1(aes_key, keylen, aes_iv, pwd, pwdlen)) != `0`) {
220	goto exit;
221	}
222
223	if ((ret = mbedtls_aes_setkey_dec(&aes_ctx, aes_key, keylen * `8`)) != `0`) {
224	goto exit;
225	}
226	ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
227	aes_iv, buf, buf);
228
229	exit:
230	mbedtls_aes_free(&aes_ctx);
231	mbedtls_platform_zeroize(aes_key, keylen);
232
233	return ret;
234	}
235	#endif /* MBEDTLS_AES_C */
236
237	#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
238	( MBEDTLS_AES_C \|\| MBEDTLS_DES_C ) */
239
240	int mbedtls_pem_read_buffer(mbedtls_pem_context ctx, const* char header, const* char *footer,
241	const unsigned char data, const* unsigned char *pwd,
242	size_t pwdlen, size_t *use_len)
243	{
244	int ret, enc;
245	size_t len;
246	unsigned char *buf;
247	const unsigned char s1, s2, *end;
248	#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
249	(defined(MBEDTLS_DES_C) \|\| defined(MBEDTLS_AES_C))
250	unsigned char pem_iv[`16`];
251	mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
252	#else
253	((void) pwd);
254	((void) pwdlen);
255	#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
256	( MBEDTLS_AES_C \|\| MBEDTLS_DES_C ) */
257
258	if (ctx == NULL) {
259	return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
260	}
261
262	s1 = (unsigned char ) strstr((const* char *) data, header);
263
264	if (s1 == NULL) {
265	return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
266	}
267
268	s2 = (unsigned char ) strstr((const* char *) data, footer);
269
270	if (s2 == NULL \|\| s2 <= s1) {
271	return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
272	}
273
274	s1 += strlen(header);
275	if (*s1 == `' '`) {
276	s1++;
277	}
278	if (*s1 == `'\r'`) {
279	s1++;
280	}
281	if (*s1 == `'\n'`) {
282	s1++;
283	} else {
284	return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
285	}
286
287	end = s2;
288	end += strlen(footer);
289	if (*end == `' '`) {
290	end++;
291	}
292	if (*end == `'\r'`) {
293	end++;
294	}
295	if (*end == `'\n'`) {
296	end++;
297	}
298	*use_len = end - data;
299
300	enc = `0`;
301
302	if (s2 - s1 >= `22` && memcmp(s1, "Proc-Type: 4,ENCRYPTED", `22`) == `0`) {
303	#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
304	(defined(MBEDTLS_DES_C) \|\| defined(MBEDTLS_AES_C))
305	enc++;
306
307	s1 += `22`;
308	if (*s1 == `'\r'`) {
309	s1++;
310	}
311	if (*s1 == `'\n'`) {
312	s1++;
313	} else {
314	return MBEDTLS_ERR_PEM_INVALID_DATA;
315	}
316
317
318	#if defined(MBEDTLS_DES_C)
319	if (s2 - s1 >= `23` && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", `23`) == `0`) {
320	enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
321
322	s1 += `23`;
323	if (s2 - s1 < `16` \|\| pem_get_iv(s1, pem_iv, `8`) != `0`) {
324	return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
325	}
326
327	s1 += `16`;
328	} else if (s2 - s1 >= `18` && memcmp(s1, "DEK-Info: DES-CBC,", `18`) == `0`) {
329	enc_alg = MBEDTLS_CIPHER_DES_CBC;
330
331	s1 += `18`;
332	if (s2 - s1 < `16` \|\| pem_get_iv(s1, pem_iv, `8`) != `0`) {
333	return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
334	}
335
336	s1 += `16`;
337	}
338	#endif /* MBEDTLS_DES_C */
339
340	#if defined(MBEDTLS_AES_C)
341	if (s2 - s1 >= `14` && memcmp(s1, "DEK-Info: AES-", `14`) == `0`) {
342	if (s2 - s1 < `22`) {
343	return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
344	} else if (memcmp(s1, "DEK-Info: AES-128-CBC,", `22`) == `0`) {
345	enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
346	} else if (memcmp(s1, "DEK-Info: AES-192-CBC,", `22`) == `0`) {
347	enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
348	} else if (memcmp(s1, "DEK-Info: AES-256-CBC,", `22`) == `0`) {
349	enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
350	} else {
351	return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
352	}
353
354	s1 += `22`;
355	if (s2 - s1 < `32` \|\| pem_get_iv(s1, pem_iv, `16`) != `0`) {
356	return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
357	}
358
359	s1 += `32`;
360	}
361	#endif /* MBEDTLS_AES_C */
362
363	if (enc_alg == MBEDTLS_CIPHER_NONE) {
364	return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
365	}
366
367	if (*s1 == `'\r'`) {
368	s1++;
369	}
370	if (*s1 == `'\n'`) {
371	s1++;
372	} else {
373	return MBEDTLS_ERR_PEM_INVALID_DATA;
374	}
375	#else
376	return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
377	#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
378	( MBEDTLS_AES_C \|\| MBEDTLS_DES_C ) */
379	}
380
381	if (s1 >= s2) {
382	return MBEDTLS_ERR_PEM_INVALID_DATA;
383	}
384
385	ret = mbedtls_base64_decode(NULL, `0`, &len, s1, s2 - s1);
386
387	if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
388	return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
389	}
390
391	if ((buf = mbedtls_calloc(`1`, len)) == NULL) {
392	return MBEDTLS_ERR_PEM_ALLOC_FAILED;
393	}
394
395	if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != `0`) {
396	mbedtls_platform_zeroize(buf, len);
397	mbedtls_free(buf);
398	return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
399	}
400
401	if (enc != `0`) {
402	#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
403	(defined(MBEDTLS_DES_C) \|\| defined(MBEDTLS_AES_C))
404	if (pwd == NULL) {
405	mbedtls_platform_zeroize(buf, len);
406	mbedtls_free(buf);
407	return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED;
408	}
409
410	ret = `0`;
411
412	#if defined(MBEDTLS_DES_C)
413	if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) {
414	ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen);
415	} else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) {
416	ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen);
417	}
418	#endif /* MBEDTLS_DES_C */
419
420	#if defined(MBEDTLS_AES_C)
421	if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) {
422	ret = pem_aes_decrypt(pem_iv, `16`, buf, len, pwd, pwdlen);
423	} else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) {
424	ret = pem_aes_decrypt(pem_iv, `24`, buf, len, pwd, pwdlen);
425	} else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) {
426	ret = pem_aes_decrypt(pem_iv, `32`, buf, len, pwd, pwdlen);
427	}
428	#endif /* MBEDTLS_AES_C */
429
430	if (ret != `0`) {
431	mbedtls_free(buf);
432	return ret;
433	}
434
435	/*
436	* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
437	* length bytes (allow 4 to be sure) in all known use cases.
438	*
439	* Use that as a heuristic to try to detect password mismatches.
440	*/
441	if (len <= `2` \|\| buf[`0`] != `0x30` \|\| buf[`1`] > `0x83`) {
442	mbedtls_platform_zeroize(buf, len);
443	mbedtls_free(buf);
444	return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
445	}
446	#else
447	mbedtls_platform_zeroize(buf, len);
448	mbedtls_free(buf);
449	return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
450	#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
451	( MBEDTLS_AES_C \|\| MBEDTLS_DES_C ) */
452	}
453
454	ctx->buf = buf;
455	ctx->buflen = len;
456
457	return `0`;
458	}
459
460	void mbedtls_pem_free(mbedtls_pem_context *ctx)
461	{
462	if (ctx->buf != NULL) {
463	mbedtls_platform_zeroize(ctx->buf, ctx->buflen);
464	mbedtls_free(ctx->buf);
465	}
466	mbedtls_free(ctx->info);
467
468	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context));
469	}
470	#endif /* MBEDTLS_PEM_PARSE_C */
471
472	#if defined(MBEDTLS_PEM_WRITE_C)
473	int mbedtls_pem_write_buffer(const char header, const* char *footer,
474	const unsigned char *der_data, size_t der_len,
475	unsigned char buf, size_t buf_len, size_t olen)
476	{
477	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
478	unsigned char encode_buf = NULL, c, *p = buf;
479	size_t len = `0`, use_len, add_len = `0`;
480
481	mbedtls_base64_encode(NULL, `0`, &use_len, der_data, der_len);
482	add_len = strlen(header) + strlen(footer) + (use_len / `64`) + `1`;
483
484	if (use_len + add_len > buf_len) {
485	*olen = use_len + add_len;
486	return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
487	}
488
489	if (use_len != `0` &&
490	((encode_buf = mbedtls_calloc(`1`, use_len)) == NULL)) {
491	return MBEDTLS_ERR_PEM_ALLOC_FAILED;
492	}
493
494	if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data,
495	der_len)) != `0`) {
496	mbedtls_free(encode_buf);
497	return ret;
498	}
499
500	memcpy(p, header, strlen(header));
501	p += strlen(header);
502	c = encode_buf;
503
504	while (use_len) {
505	len = (use_len > `64`) ? `64` : use_len;
506	memcpy(p, c, len);
507	use_len -= len;
508	p += len;
509	c += len;
510	*p++ = `'\n'`;
511	}
512
513	memcpy(p, footer, strlen(footer));
514	p += strlen(footer);
515
516	*p++ = `'\0'`;
517	*olen = p - buf;
518
519	/ Clean any remaining data previously written to the buffer /
520	memset(buf + olen, `0`, buf_len - olen);
521
522	mbedtls_free(encode_buf);
523	return `0`;
524	}
525	#endif /* MBEDTLS_PEM_WRITE_C */
526	#endif /* MBEDTLS_PEM_PARSE_C \|\| MBEDTLS_PEM_WRITE_C */
527

Browse the source code of Godot/thirdparty/mbedtls/library/pem.c