removed DES-EDE3-CBC only comment
[strongswan.git] / src / libstrongswan / asn1 / pem.c
index 60e555e..f1c6a42 100755 (executable)
 #include <stddef.h>
 #include <sys/types.h>
 
-#include "asn1.h"
 #include "pem.h"
-#include "ttodata.h"
+
+#include <library.h>
+#include <asn1/asn1.h>
+#include <asn1/ttodata.h>
 
 #include <utils/lexparser.h>
-#include <utils/logger_manager.h>
 #include <crypto/hashers/hasher.h>
 #include <crypto/crypters/crypter.h>
 
-static logger_t *logger = NULL;
-
-/**
- * initializes the PEM logger
- */
-static void pem_init_logger(void)
-{
-       if (logger == NULL)
-               logger = logger_manager->get_logger(logger_manager, ASN1);
-}
+#define PKCS5_SALT_LEN 8       /* bytes */
 
 /**
  * check the presence of a pattern in a character string
@@ -77,8 +69,7 @@ static bool find_boundary(const char* tag, chunk_t *line)
        {
                if (present("-----", line))
                {
-                       logger->log(logger, CONTROL|LEVEL2,
-                               "  -----%s %.*s-----", tag, (int)name.len, name.ptr);
+                       DBG2("  -----%s %.*s-----", tag, (int)name.len, name.ptr);
                        return TRUE;
                }
                line->ptr++;  line->len--;  name.len++;
@@ -87,13 +78,14 @@ static bool find_boundary(const char* tag, chunk_t *line)
 }
 
 /*
- * decrypts a DES-EDE-CBC encrypted data block
+ * decrypts a passphrase protected encrypted data block
  */
 static err_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
                                                 chunk_t *iv, chunk_t *passphrase)
 {
        hasher_t *hasher;
        crypter_t *crypter;
+       chunk_t salt = { iv->ptr, PKCS5_SALT_LEN };
        chunk_t hash;
        chunk_t decrypted;
        chunk_t key = {alloca(key_size), key_size};
@@ -107,15 +99,14 @@ static err_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_s
        hash.len = hasher->get_hash_size(hasher);
        hash.ptr = alloca(hash.len);
        hasher->get_hash(hasher, *passphrase, NULL);
-       hasher->get_hash(hasher, *iv, hash.ptr);
+       hasher->get_hash(hasher, salt, hash.ptr);
        memcpy(key.ptr, hash.ptr, hash.len);
 
-       printf("hash.len: %d, key.len: %d, iv.len: %d\n", hash.len, key.len, iv->len);  
        if (key.len > hash.len)
        {
                hasher->get_hash(hasher, hash, NULL);
                hasher->get_hash(hasher, *passphrase, NULL);
-               hasher->get_hash(hasher, *iv, hash.ptr);        
+               hasher->get_hash(hasher, salt, hash.ptr);       
                memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
        }       
        hasher->destroy(hasher);
@@ -123,13 +114,11 @@ static err_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_s
        /* decrypt blob */
        crypter = crypter_create(alg, key_size);
        crypter->set_key(crypter, key);
-       logger->log_chunk(logger, CONTROL, "  cipher text:", *blob);
        if (crypter->decrypt(crypter, *blob, *iv, &decrypted) != SUCCESS)
        {
                return "data size is not multiple of block size";
        }
        memcpy(blob->ptr, decrypted.ptr, blob->len);
-       logger->log_chunk(logger, CONTROL, "  plain text:", *blob);
        chunk_free(&decrypted);
        
        /* determine amount of padding */
@@ -185,8 +174,6 @@ err_t pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
        iv.ptr = iv_buf;
        iv.len = 0;
 
-       pem_init_logger();
-
        while (fetchline(&src, &line))
        {
                if (state == PEM_PRE)
@@ -222,7 +209,7 @@ err_t pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
                                }
 
                                /* we are looking for a parameter: value pair */
-                               logger->log(logger, CONTROL|LEVEL2, "  %.*s", (int)line.len, line.ptr);
+                               DBG2("  %.*s", (int)line.len, line.ptr);
                                ugh = extract_parameter_value(&name, &value, &line);
                                if (ugh != NULL)
                                        continue;
@@ -237,7 +224,6 @@ err_t pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
                                        if (!extract_token(&dek, ',', &value))
                                                dek = value;
 
-                                       /* we support DES-EDE3-CBC encrypted files, only */
                                        if (match("DES-EDE3-CBC", &dek))
                                        {
                                                alg = ENCR_3DES;
@@ -248,6 +234,11 @@ err_t pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
                                                alg = ENCR_AES_CBC;
                                                key_size = 16;
                                        }
+                                       else if (match("AES-192-CBC", &dek))
+                                       {
+                                               alg = ENCR_AES_CBC;
+                                               key_size = 24;
+                                       }
                                        else if (match("AES-256-CBC", &dek))
                                        {
                                                alg = ENCR_AES_CBC;
@@ -284,8 +275,7 @@ err_t pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
                                        *pgp = TRUE;
                                        data.ptr++;
                                        data.len--;
-                                       logger->log(logger, CONTROL|LEVEL2, "  Armor checksum: %.*s",
-                                                               (int)data.len, data.ptr);
+                                       DBG2("  Armor checksum: %.*s", (int)data.len, data.ptr);
                                continue;
                                }
 
@@ -322,8 +312,6 @@ bool pem_asn1_load_file(const char *filename, chunk_t *passphrase,
 
        FILE *fd = fopen(filename, "r");
 
-       pem_init_logger();
-
        if (fd)
        {
                int bytes;
@@ -333,19 +321,19 @@ bool pem_asn1_load_file(const char *filename, chunk_t *passphrase,
                blob->ptr = malloc(blob->len);
                bytes = fread(blob->ptr, 1, blob->len, fd);
                fclose(fd);
-               logger->log(logger, CONTROL, "  loading %s file '%s' (%d bytes)", type, filename, bytes);
+               DBG1("  loading %s file '%s' (%d bytes)", type, filename, bytes);
 
                *pgp = FALSE;
 
                /* try DER format */
                if (is_asn1(*blob))
                {
-                       logger->log(logger, CONTROL|LEVEL1, "  file coded in DER format");
+                       DBG2("  file coded in DER format");
                        return TRUE;
                }
 
                if (passphrase != NULL)
-                       logger->log_bytes(logger, PRIVATE, "  passphrase:", passphrase->ptr, passphrase->len);
+                       DBG4("  passphrase:", passphrase->ptr, passphrase->len);
 
                /* try PEM format */
                ugh = pem_to_bin(blob, passphrase, pgp);
@@ -354,24 +342,24 @@ bool pem_asn1_load_file(const char *filename, chunk_t *passphrase,
                {
                        if (*pgp)
                        {
-                               logger->log(logger, CONTROL|LEVEL1, "  file coded in armored PGP format");
+                               DBG2("  file coded in armored PGP format");
                                return TRUE;
                        }
                        if (is_asn1(*blob))
                        {
-                               logger->log(logger, CONTROL|LEVEL1, "  file coded in PEM format");
+                               DBG2("  file coded in PEM format");
                                return TRUE;
                        }
                        ugh = "file coded in unknown format, discarded";
                }
 
                /* a conversion error has occured */
-               logger->log(logger, ERROR, "  %s", ugh);
+               DBG1("  %s", ugh);
                chunk_free(blob);
        }
        else
        {
-               logger->log(logger, ERROR, "  could not open %s file '%s'", type, filename);
+               DBG1("  could not open %s file '%s'", type, filename);
        }
        return FALSE;
 }