Do not check pointer, but length of a chunk
[strongswan.git] / src / libstrongswan / plugins / pem / pem_builder.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2001-2008 Andreas Steffen
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "pem_builder.h"
18
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <errno.h>
23 #include <string.h>
24 #include <stddef.h>
25 #include <fcntl.h>
26 #include <sys/types.h>
27 #include <sys/mman.h>
28 #include <sys/stat.h>
29
30 #include <debug.h>
31 #include <library.h>
32 #include <utils/lexparser.h>
33 #include <asn1/asn1.h>
34 #include <crypto/hashers/hasher.h>
35 #include <crypto/crypters/crypter.h>
36 #include <credentials/certificates/x509.h>
37
38 #define PKCS5_SALT_LEN 8 /* bytes */
39
40 /**
41 * check the presence of a pattern in a character string, skip if found
42 */
43 static bool present(char* pattern, chunk_t* ch)
44 {
45 u_int len = strlen(pattern);
46
47 if (ch->len >= len && strneq(ch->ptr, pattern, len))
48 {
49 *ch = chunk_skip(*ch, len);
50 return TRUE;
51 }
52 return FALSE;
53 }
54
55 /**
56 * find a boundary of the form -----tag name-----
57 */
58 static bool find_boundary(char* tag, chunk_t *line)
59 {
60 chunk_t name = chunk_empty;
61
62 if (!present("-----", line) ||
63 !present(tag, line) ||
64 *line->ptr != ' ')
65 {
66 return FALSE;
67 }
68 *line = chunk_skip(*line, 1);
69
70 /* extract name */
71 name.ptr = line->ptr;
72 while (line->len > 0)
73 {
74 if (present("-----", line))
75 {
76 DBG2(DBG_LIB, " -----%s %.*s-----", tag, (int)name.len, name.ptr);
77 return TRUE;
78 }
79 line->ptr++; line->len--; name.len++;
80 }
81 return FALSE;
82 }
83
84 /*
85 * decrypts a passphrase protected encrypted data block
86 */
87 static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
88 size_t key_size, chunk_t iv, chunk_t passphrase)
89 {
90 hasher_t *hasher;
91 crypter_t *crypter;
92 chunk_t salt = { iv.ptr, PKCS5_SALT_LEN };
93 chunk_t hash;
94 chunk_t decrypted;
95 chunk_t key = {alloca(key_size), key_size};
96 u_int8_t padding, *last_padding_pos, *first_padding_pos;
97
98 /* build key from passphrase and IV */
99 hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
100 if (hasher == NULL)
101 {
102 DBG1(DBG_LIB, " MD5 hash algorithm not available");
103 return NOT_SUPPORTED;
104 }
105 hash.len = hasher->get_hash_size(hasher);
106 hash.ptr = alloca(hash.len);
107 hasher->get_hash(hasher, passphrase, NULL);
108 hasher->get_hash(hasher, salt, hash.ptr);
109 memcpy(key.ptr, hash.ptr, hash.len);
110
111 if (key.len > hash.len)
112 {
113 hasher->get_hash(hasher, hash, NULL);
114 hasher->get_hash(hasher, passphrase, NULL);
115 hasher->get_hash(hasher, salt, hash.ptr);
116 memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
117 }
118 hasher->destroy(hasher);
119
120 /* decrypt blob */
121 crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
122 if (crypter == NULL)
123 {
124 DBG1(DBG_LIB, " %N encryption algorithm not available",
125 encryption_algorithm_names, alg);
126 return NOT_SUPPORTED;
127 }
128 crypter->set_key(crypter, key);
129
130 if (iv.len != crypter->get_block_size(crypter) ||
131 blob->len % iv.len)
132 {
133 crypter->destroy(crypter);
134 DBG1(DBG_LIB, " data size is not multiple of block size");
135 return PARSE_ERROR;
136 }
137 crypter->decrypt(crypter, *blob, iv, &decrypted);
138 crypter->destroy(crypter);
139 memcpy(blob->ptr, decrypted.ptr, blob->len);
140 chunk_free(&decrypted);
141
142 /* determine amount of padding */
143 last_padding_pos = blob->ptr + blob->len - 1;
144 padding = *last_padding_pos;
145 if (padding > blob->len)
146 {
147 first_padding_pos = blob->ptr;
148 }
149 else
150 {
151 first_padding_pos = last_padding_pos - padding;
152 }
153 /* check the padding pattern */
154 while (--last_padding_pos > first_padding_pos)
155 {
156 if (*last_padding_pos != padding)
157 {
158 DBG1(DBG_LIB, " invalid passphrase");
159 return INVALID_ARG;
160 }
161 }
162 /* remove padding */
163 blob->len -= padding;
164 return SUCCESS;
165 }
166
167 /**
168 * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934)
169 */
170 static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data,
171 bool *pgp)
172 {
173 typedef enum {
174 PEM_PRE = 0,
175 PEM_MSG = 1,
176 PEM_HEADER = 2,
177 PEM_BODY = 3,
178 PEM_POST = 4,
179 PEM_ABORT = 5
180 } state_t;
181
182 encryption_algorithm_t alg = ENCR_UNDEFINED;
183 size_t key_size = 0;
184 bool encrypted = FALSE;
185 state_t state = PEM_PRE;
186 chunk_t src = *blob;
187 chunk_t dst = *blob;
188 chunk_t line = chunk_empty;
189 chunk_t iv = chunk_empty;
190 chunk_t passphrase;
191 int try = 0;
192 u_char iv_buf[HASH_SIZE_MD5];
193
194 dst.len = 0;
195 iv.ptr = iv_buf;
196 iv.len = 0;
197
198 while (fetchline(&src, &line))
199 {
200 if (state == PEM_PRE)
201 {
202 if (find_boundary("BEGIN", &line))
203 {
204 state = PEM_MSG;
205 }
206 continue;
207 }
208 else
209 {
210 if (find_boundary("END", &line))
211 {
212 state = PEM_POST;
213 break;
214 }
215 if (state == PEM_MSG)
216 {
217 state = PEM_HEADER;
218 if (memchr(line.ptr, ':', line.len) == NULL)
219 {
220 state = PEM_BODY;
221 }
222 }
223 if (state == PEM_HEADER)
224 {
225 err_t ugh = NULL;
226 chunk_t name = chunk_empty;
227 chunk_t value = chunk_empty;
228
229 /* an empty line separates HEADER and BODY */
230 if (line.len == 0)
231 {
232 state = PEM_BODY;
233 continue;
234 }
235
236 /* we are looking for a parameter: value pair */
237 DBG2(DBG_LIB, " %.*s", (int)line.len, line.ptr);
238 ugh = extract_parameter_value(&name, &value, &line);
239 if (ugh != NULL)
240 {
241 continue;
242 }
243 if (match("Proc-Type", &name) && *value.ptr == '4')
244 {
245 encrypted = TRUE;
246 }
247 else if (match("DEK-Info", &name))
248 {
249 chunk_t dek;
250
251 if (!extract_token(&dek, ',', &value))
252 {
253 dek = value;
254 }
255 if (match("DES-EDE3-CBC", &dek))
256 {
257 alg = ENCR_3DES;
258 key_size = 24;
259 }
260 else if (match("AES-128-CBC", &dek))
261 {
262 alg = ENCR_AES_CBC;
263 key_size = 16;
264 }
265 else if (match("AES-192-CBC", &dek))
266 {
267 alg = ENCR_AES_CBC;
268 key_size = 24;
269 }
270 else if (match("AES-256-CBC", &dek))
271 {
272 alg = ENCR_AES_CBC;
273 key_size = 32;
274 }
275 else
276 {
277 DBG1(DBG_LIB, " encryption algorithm '%.*s'"
278 " not supported", dek.len, dek.ptr);
279 return NOT_SUPPORTED;
280 }
281 eat_whitespace(&value);
282 iv = chunk_from_hex(value, iv.ptr);
283 }
284 }
285 else /* state is PEM_BODY */
286 {
287 chunk_t data;
288
289 /* remove any trailing whitespace */
290 if (!extract_token(&data ,' ', &line))
291 {
292 data = line;
293 }
294
295 /* check for PGP armor checksum */
296 if (*data.ptr == '=')
297 {
298 *pgp = TRUE;
299 data.ptr++;
300 data.len--;
301 DBG2(DBG_LIB, " armor checksum: %.*s", (int)data.len,
302 data.ptr);
303 continue;
304 }
305
306 if (blob->len - dst.len < data.len / 4 * 3)
307 {
308 state = PEM_ABORT;
309 }
310 data = chunk_from_base64(data, dst.ptr);
311
312 dst.ptr += data.len;
313 dst.len += data.len;
314 }
315 }
316 }
317 /* set length to size of binary blob */
318 blob->len = dst.len;
319
320 if (state != PEM_POST)
321 {
322 DBG1(DBG_LIB, " file coded in unknown format, discarded");
323 return PARSE_ERROR;
324 }
325 if (!encrypted)
326 {
327 return SUCCESS;
328 }
329 if (!cb)
330 {
331 DBG1(DBG_LIB, " missing passphrase");
332 return INVALID_ARG;
333 }
334 while (TRUE)
335 {
336 passphrase = cb(cb_data, ++try);
337 if (!passphrase.len || !passphrase.ptr)
338 {
339 return INVALID_ARG;
340 }
341 switch (pem_decrypt(blob, alg, key_size, iv, passphrase))
342 {
343 case INVALID_ARG:
344 /* bad passphrase, retry */
345 continue;
346 case SUCCESS:
347 return SUCCESS;
348 default:
349 return FAILED;
350 }
351 }
352 }
353
354 /**
355 * load the credential from a blob
356 */
357 static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
358 chunk_t(*cb)(void*,int), void *cb_data,
359 x509_flag_t flags)
360 {
361 void *cred = NULL;
362 bool pgp = FALSE;
363
364 blob = chunk_clone(blob);
365 if (!is_asn1(blob))
366 {
367 if (pem_to_bin(&blob, cb, cb_data, &pgp) != SUCCESS)
368 {
369 chunk_clear(&blob);
370 return NULL;
371 }
372 if (pgp && type == CRED_PRIVATE_KEY)
373 {
374 /* PGP encoded keys are parsed with a KEY_ANY key type, as it
375 * can contain any type of key. However, ipsec.secrets uses
376 * RSA for PGP keys, which is actually wrong. */
377 subtype = KEY_ANY;
378 }
379 }
380 /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */
381 if (type == CRED_CERTIFICATE && subtype == CERT_ANY)
382 {
383 subtype = pgp ? CERT_GPG : CERT_X509;
384 }
385 cred = lib->creds->create(lib->creds, type, subtype,
386 pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
387 flags ? BUILD_X509_FLAG : BUILD_END,
388 flags, BUILD_END);
389 chunk_clear(&blob);
390 return cred;
391 }
392
393 /**
394 * load the credential from a file
395 */
396 static void *load_from_file(char *file, credential_type_t type, int subtype,
397 chunk_t(*cb)(void*,int), void *cb_data,
398 x509_flag_t flags)
399 {
400 void *cred = NULL;
401 struct stat sb;
402 void *addr;
403 int fd;
404
405 fd = open(file, O_RDONLY);
406 if (fd == -1)
407 {
408 DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
409 return NULL;
410 }
411
412 if (fstat(fd, &sb) == -1)
413 {
414 DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
415 strerror(errno));
416 close(fd);
417 return NULL;
418 }
419
420 addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
421 if (addr == MAP_FAILED)
422 {
423 DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
424 close(fd);
425 return NULL;
426 }
427
428 cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
429 cb, cb_data, flags);
430
431 munmap(addr, sb.st_size);
432 close(fd);
433 return cred;
434 }
435
436 /**
437 * load the credential from a file descriptor
438 */
439 static void *load_from_fd(int fd, credential_type_t type, int subtype,
440 chunk_t(*cb)(void*,int), void *cb_data,
441 x509_flag_t flags)
442 {
443 char buf[8096];
444 char *pos = buf;
445 ssize_t len, total = 0;
446
447 while (TRUE)
448 {
449 len = read(fd, pos, buf + sizeof(buf) - pos);
450 if (len < 0)
451 {
452 DBG1(DBG_LIB, "reading from file descriptor failed: %s",
453 strerror(errno));
454 return NULL;
455 }
456 if (len == 0)
457 {
458 break;
459 }
460 total += len;
461 if (total == sizeof(buf))
462 {
463 DBG1(DBG_LIB, "buffer too small to read from file descriptor");
464 return NULL;
465 }
466 }
467 return load_from_blob(chunk_create(buf, total), type, subtype,
468 cb, cb_data, flags);
469 }
470
471 /**
472 * passphrase callback to use if passphrase given
473 */
474 static chunk_t given_passphrase_cb(chunk_t *passphrase, int try)
475 {
476 if (try > 1)
477 { /* try only once for given passphrases */
478 return chunk_empty;
479 }
480 return *passphrase;
481 }
482
483 /**
484 * Load all kind of PEM encoded credentials.
485 */
486 static void *pem_load(credential_type_t type, int subtype, va_list args)
487 {
488 char *file = NULL;
489 int fd = -1;
490 chunk_t pem = chunk_empty, passphrase = chunk_empty;
491 chunk_t (*cb)(void *data, int try) = NULL;
492 void *cb_data = NULL;
493 int flags = 0;
494
495 while (TRUE)
496 {
497 switch (va_arg(args, builder_part_t))
498 {
499 case BUILD_FROM_FILE:
500 file = va_arg(args, char*);
501 continue;
502 case BUILD_FROM_FD:
503 fd = va_arg(args, int);
504 continue;
505 case BUILD_BLOB_PEM:
506 pem = va_arg(args, chunk_t);
507 continue;
508 case BUILD_PASSPHRASE:
509 passphrase = va_arg(args, chunk_t);
510 if (passphrase.len && passphrase.ptr)
511 {
512 cb = (void*)given_passphrase_cb;
513 cb_data = &passphrase;
514 }
515 continue;
516 case BUILD_PASSPHRASE_CALLBACK:
517 cb = va_arg(args, chunk_t(*)(void*,int));
518 cb_data = va_arg(args, void*);
519 continue;
520 case BUILD_X509_FLAG:
521 flags = va_arg(args, int);
522 continue;
523 case BUILD_END:
524 break;
525 default:
526 return NULL;
527 }
528 break;
529 }
530
531 if (pem.len)
532 {
533 return load_from_blob(pem, type, subtype, cb, cb_data, flags);
534 }
535 if (file)
536 {
537 return load_from_file(file, type, subtype, cb, cb_data, flags);
538 }
539 if (fd != -1)
540 {
541 return load_from_fd(fd, type, subtype, cb, cb_data, flags);
542 }
543 return NULL;
544 }
545
546 /**
547 * Private key PEM loader.
548 */
549 private_key_t *pem_private_key_load(key_type_t type, va_list args)
550 {
551 return pem_load(CRED_PRIVATE_KEY, type, args);
552 }
553
554 /**
555 * Public key PEM loader.
556 */
557 public_key_t *pem_public_key_load(key_type_t type, va_list args)
558 {
559 return pem_load(CRED_PUBLIC_KEY, type, args);
560 }
561
562 /**
563 * Certificate PEM loader.
564 */
565 certificate_t *pem_certificate_load(certificate_type_t type, va_list args)
566 {
567 return pem_load(CRED_CERTIFICATE, type, args);
568 }
569