46a5e724006eda8d907d07df56492030615c37fb
[strongswan.git] / src / libstrongswan / plugins / pem / pem_builder.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2001-2008 Andreas Steffen
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "pem_builder.h"
18
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <errno.h>
23 #include <string.h>
24 #include <stddef.h>
25 #include <fcntl.h>
26 #include <sys/types.h>
27 #include <sys/mman.h>
28 #include <sys/stat.h>
29
30 #include <debug.h>
31 #include <library.h>
32 #include <utils/lexparser.h>
33 #include <asn1/asn1.h>
34 #include <crypto/hashers/hasher.h>
35 #include <crypto/crypters/crypter.h>
36 #include <credentials/certificates/x509.h>
37
38 #define PKCS5_SALT_LEN 8 /* bytes */
39
40 /**
41 * check the presence of a pattern in a character string, skip if found
42 */
43 static bool present(char* pattern, chunk_t* ch)
44 {
45 u_int len = strlen(pattern);
46
47 if (ch->len >= len && strneq(ch->ptr, pattern, len))
48 {
49 *ch = chunk_skip(*ch, len);
50 return TRUE;
51 }
52 return FALSE;
53 }
54
55 /**
56 * find a boundary of the form -----tag name-----
57 */
58 static bool find_boundary(char* tag, chunk_t *line)
59 {
60 chunk_t name = chunk_empty;
61
62 if (!present("-----", line) ||
63 !present(tag, line) ||
64 *line->ptr != ' ')
65 {
66 return FALSE;
67 }
68 *line = chunk_skip(*line, 1);
69
70 /* extract name */
71 name.ptr = line->ptr;
72 while (line->len > 0)
73 {
74 if (present("-----", line))
75 {
76 DBG2(DBG_ASN, " -----%s %.*s-----", tag, (int)name.len, name.ptr);
77 return TRUE;
78 }
79 line->ptr++; line->len--; name.len++;
80 }
81 return FALSE;
82 }
83
84 /*
85 * decrypts a passphrase protected encrypted data block
86 */
87 static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
88 size_t key_size, chunk_t iv, chunk_t passphrase)
89 {
90 hasher_t *hasher;
91 crypter_t *crypter;
92 chunk_t salt = { iv.ptr, PKCS5_SALT_LEN };
93 chunk_t hash;
94 chunk_t decrypted;
95 chunk_t key = {alloca(key_size), key_size};
96 u_int8_t padding, *last_padding_pos, *first_padding_pos;
97
98 /* build key from passphrase and IV */
99 hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
100 if (hasher == NULL)
101 {
102 DBG1(DBG_ASN, " MD5 hash algorithm not available");
103 return NOT_SUPPORTED;
104 }
105 hash.len = hasher->get_hash_size(hasher);
106 hash.ptr = alloca(hash.len);
107 hasher->get_hash(hasher, passphrase, NULL);
108 hasher->get_hash(hasher, salt, hash.ptr);
109 memcpy(key.ptr, hash.ptr, hash.len);
110
111 if (key.len > hash.len)
112 {
113 hasher->get_hash(hasher, hash, NULL);
114 hasher->get_hash(hasher, passphrase, NULL);
115 hasher->get_hash(hasher, salt, hash.ptr);
116 memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
117 }
118 hasher->destroy(hasher);
119
120 /* decrypt blob */
121 crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
122 if (crypter == NULL)
123 {
124 DBG1(DBG_ASN, " %N encryption algorithm not available",
125 encryption_algorithm_names, alg);
126 return NOT_SUPPORTED;
127 }
128 crypter->set_key(crypter, key);
129
130 if (iv.len != crypter->get_iv_size(crypter) ||
131 blob->len % crypter->get_block_size(crypter))
132 {
133 crypter->destroy(crypter);
134 DBG1(DBG_ASN, " data size is not multiple of block size");
135 return PARSE_ERROR;
136 }
137 crypter->decrypt(crypter, *blob, iv, &decrypted);
138 crypter->destroy(crypter);
139 memcpy(blob->ptr, decrypted.ptr, blob->len);
140 chunk_free(&decrypted);
141
142 /* determine amount of padding */
143 last_padding_pos = blob->ptr + blob->len - 1;
144 padding = *last_padding_pos;
145 if (padding > blob->len)
146 {
147 first_padding_pos = blob->ptr;
148 }
149 else
150 {
151 first_padding_pos = last_padding_pos - padding;
152 }
153 /* check the padding pattern */
154 while (--last_padding_pos > first_padding_pos)
155 {
156 if (*last_padding_pos != padding)
157 {
158 DBG1(DBG_ASN, " invalid passphrase");
159 return INVALID_ARG;
160 }
161 }
162 /* remove padding */
163 blob->len -= padding;
164 return SUCCESS;
165 }
166
167 /**
168 * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934)
169 */
170 static status_t pem_to_bin(chunk_t *blob, bool *pgp)
171 {
172 typedef enum {
173 PEM_PRE = 0,
174 PEM_MSG = 1,
175 PEM_HEADER = 2,
176 PEM_BODY = 3,
177 PEM_POST = 4,
178 PEM_ABORT = 5
179 } state_t;
180
181 encryption_algorithm_t alg = ENCR_UNDEFINED;
182 size_t key_size = 0;
183 bool encrypted = FALSE;
184 state_t state = PEM_PRE;
185 chunk_t src = *blob;
186 chunk_t dst = *blob;
187 chunk_t line = chunk_empty;
188 chunk_t iv = chunk_empty;
189 u_char iv_buf[HASH_SIZE_MD5];
190 status_t status = NOT_FOUND;
191 enumerator_t *enumerator;
192 shared_key_t *shared;
193
194 dst.len = 0;
195 iv.ptr = iv_buf;
196 iv.len = 0;
197
198 while (fetchline(&src, &line))
199 {
200 if (state == PEM_PRE)
201 {
202 if (find_boundary("BEGIN", &line))
203 {
204 state = PEM_MSG;
205 }
206 continue;
207 }
208 else
209 {
210 if (find_boundary("END", &line))
211 {
212 state = PEM_POST;
213 break;
214 }
215 if (state == PEM_MSG)
216 {
217 state = PEM_HEADER;
218 if (memchr(line.ptr, ':', line.len) == NULL)
219 {
220 state = PEM_BODY;
221 }
222 }
223 if (state == PEM_HEADER)
224 {
225 err_t ugh = NULL;
226 chunk_t name = chunk_empty;
227 chunk_t value = chunk_empty;
228
229 /* an empty line separates HEADER and BODY */
230 if (line.len == 0)
231 {
232 state = PEM_BODY;
233 continue;
234 }
235
236 /* we are looking for a parameter: value pair */
237 DBG2(DBG_ASN, " %.*s", (int)line.len, line.ptr);
238 ugh = extract_parameter_value(&name, &value, &line);
239 if (ugh != NULL)
240 {
241 continue;
242 }
243 if (match("Proc-Type", &name) && *value.ptr == '4')
244 {
245 encrypted = TRUE;
246 }
247 else if (match("DEK-Info", &name))
248 {
249 chunk_t dek;
250
251 if (!extract_token(&dek, ',', &value))
252 {
253 dek = value;
254 }
255 if (match("DES-EDE3-CBC", &dek))
256 {
257 alg = ENCR_3DES;
258 key_size = 24;
259 }
260 else if (match("AES-128-CBC", &dek))
261 {
262 alg = ENCR_AES_CBC;
263 key_size = 16;
264 }
265 else if (match("AES-192-CBC", &dek))
266 {
267 alg = ENCR_AES_CBC;
268 key_size = 24;
269 }
270 else if (match("AES-256-CBC", &dek))
271 {
272 alg = ENCR_AES_CBC;
273 key_size = 32;
274 }
275 else
276 {
277 DBG1(DBG_ASN, " encryption algorithm '%.*s'"
278 " not supported", dek.len, dek.ptr);
279 return NOT_SUPPORTED;
280 }
281 eat_whitespace(&value);
282 iv = chunk_from_hex(value, iv.ptr);
283 }
284 }
285 else /* state is PEM_BODY */
286 {
287 chunk_t data;
288
289 /* remove any trailing whitespace */
290 if (!extract_token(&data ,' ', &line))
291 {
292 data = line;
293 }
294
295 /* check for PGP armor checksum */
296 if (*data.ptr == '=')
297 {
298 *pgp = TRUE;
299 data.ptr++;
300 data.len--;
301 DBG2(DBG_ASN, " armor checksum: %.*s", (int)data.len,
302 data.ptr);
303 continue;
304 }
305
306 if (blob->len - dst.len < data.len / 4 * 3)
307 {
308 state = PEM_ABORT;
309 }
310 data = chunk_from_base64(data, dst.ptr);
311
312 dst.ptr += data.len;
313 dst.len += data.len;
314 }
315 }
316 }
317 /* set length to size of binary blob */
318 blob->len = dst.len;
319
320 if (state != PEM_POST)
321 {
322 DBG1(DBG_LIB, " file coded in unknown format, discarded");
323 return PARSE_ERROR;
324 }
325 if (!encrypted)
326 {
327 return SUCCESS;
328 }
329
330 enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
331 SHARED_PRIVATE_KEY_PASS, NULL, NULL);
332 while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
333 {
334 chunk_t passphrase, chunk;
335
336 passphrase = shared->get_key(shared);
337 chunk = chunk_clone(*blob);
338 status = pem_decrypt(&chunk, alg, key_size, iv, passphrase);
339 if (status == SUCCESS)
340 {
341 memcpy(blob->ptr, chunk.ptr, chunk.len);
342 blob->len = chunk.len;
343 }
344 free(chunk.ptr);
345 if (status != INVALID_ARG)
346 { /* try again only if passphrase invalid */
347 break;
348 }
349 }
350 enumerator->destroy(enumerator);
351 return status;
352 }
353
354 /**
355 * load the credential from a blob
356 */
357 static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
358 identification_t *subject, x509_flag_t flags)
359 {
360 void *cred = NULL;
361 bool pgp = FALSE;
362
363 blob = chunk_clone(blob);
364 if (!is_asn1(blob))
365 {
366 if (pem_to_bin(&blob, &pgp) != SUCCESS)
367 {
368 chunk_clear(&blob);
369 return NULL;
370 }
371 if (pgp && type == CRED_PRIVATE_KEY)
372 {
373 /* PGP encoded keys are parsed with a KEY_ANY key type, as it
374 * can contain any type of key. However, ipsec.secrets uses
375 * RSA for PGP keys, which is actually wrong. */
376 subtype = KEY_ANY;
377 }
378 }
379 /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */
380 if (type == CRED_CERTIFICATE && subtype == CERT_ANY)
381 {
382 subtype = pgp ? CERT_GPG : CERT_X509;
383 }
384 if (type == CRED_CERTIFICATE && subtype == CERT_TRUSTED_PUBKEY && subject)
385 {
386 cred = lib->creds->create(lib->creds, type, subtype,
387 BUILD_BLOB_ASN1_DER, blob, BUILD_SUBJECT, subject,
388 BUILD_END);
389 }
390 else
391 {
392 cred = lib->creds->create(lib->creds, type, subtype,
393 pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
394 flags ? BUILD_X509_FLAG : BUILD_END,
395 flags, BUILD_END);
396 }
397 chunk_clear(&blob);
398 return cred;
399 }
400
401 /**
402 * load the credential from a file
403 */
404 static void *load_from_file(char *file, credential_type_t type, int subtype,
405 identification_t *subject, x509_flag_t flags)
406 {
407 void *cred = NULL;
408 struct stat sb;
409 void *addr;
410 int fd;
411
412 fd = open(file, O_RDONLY);
413 if (fd == -1)
414 {
415 DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
416 return NULL;
417 }
418
419 if (fstat(fd, &sb) == -1)
420 {
421 DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
422 strerror(errno));
423 close(fd);
424 return NULL;
425 }
426
427 addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
428 if (addr == MAP_FAILED)
429 {
430 DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
431 close(fd);
432 return NULL;
433 }
434
435 cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
436 subject,flags);
437
438 munmap(addr, sb.st_size);
439 close(fd);
440 return cred;
441 }
442
443 /**
444 * load the credential from a file descriptor
445 */
446 static void *load_from_fd(int fd, credential_type_t type, int subtype,
447 identification_t *subject, x509_flag_t flags)
448 {
449 char buf[8096];
450 char *pos = buf;
451 ssize_t len, total = 0;
452
453 while (TRUE)
454 {
455 len = read(fd, pos, buf + sizeof(buf) - pos);
456 if (len < 0)
457 {
458 DBG1(DBG_LIB, "reading from file descriptor failed: %s",
459 strerror(errno));
460 return NULL;
461 }
462 if (len == 0)
463 {
464 break;
465 }
466 total += len;
467 if (total == sizeof(buf))
468 {
469 DBG1(DBG_LIB, "buffer too small to read from file descriptor");
470 return NULL;
471 }
472 }
473 return load_from_blob(chunk_create(buf, total), type, subtype,
474 subject, flags);
475 }
476
477 /**
478 * Load all kind of PEM encoded credentials.
479 */
480 static void *pem_load(credential_type_t type, int subtype, va_list args)
481 {
482 char *file = NULL;
483 int fd = -1;
484 chunk_t pem = chunk_empty;
485 identification_t *subject;
486 int flags = 0;
487
488 while (TRUE)
489 {
490 switch (va_arg(args, builder_part_t))
491 {
492 case BUILD_FROM_FILE:
493 file = va_arg(args, char*);
494 continue;
495 case BUILD_FROM_FD:
496 fd = va_arg(args, int);
497 continue;
498 case BUILD_BLOB_PEM:
499 pem = va_arg(args, chunk_t);
500 continue;
501 case BUILD_SUBJECT:
502 subject = va_arg(args, identification_t*);
503 continue;
504 case BUILD_X509_FLAG:
505 flags = va_arg(args, int);
506 continue;
507 case BUILD_END:
508 break;
509 default:
510 return NULL;
511 }
512 break;
513 }
514
515 if (pem.len)
516 {
517 return load_from_blob(pem, type, subtype, subject, flags);
518 }
519 if (file)
520 {
521 return load_from_file(file, type, subtype, subject, flags);
522 }
523 if (fd != -1)
524 {
525 return load_from_fd(fd, type, subtype, subject, flags);
526 }
527 return NULL;
528 }
529
530 /**
531 * Private key PEM loader.
532 */
533 private_key_t *pem_private_key_load(key_type_t type, va_list args)
534 {
535 return pem_load(CRED_PRIVATE_KEY, type, args);
536 }
537
538 /**
539 * Public key PEM loader.
540 */
541 public_key_t *pem_public_key_load(key_type_t type, va_list args)
542 {
543 return pem_load(CRED_PUBLIC_KEY, type, args);
544 }
545
546 /**
547 * Certificate PEM loader.
548 */
549 certificate_t *pem_certificate_load(certificate_type_t type, va_list args)
550 {
551 return pem_load(CRED_CERTIFICATE, type, args);
552 }
553