removed obsolete PEM code in pluto/libstrongswan
authorMartin Willi <martin@strongswan.org>
Thu, 13 Aug 2009 11:47:31 +0000 (13:47 +0200)
committerMartin Willi <martin@strongswan.org>
Wed, 26 Aug 2009 09:23:49 +0000 (11:23 +0200)
src/libstrongswan/Makefile.am
src/libstrongswan/asn1/pem.c [deleted file]
src/libstrongswan/asn1/pem.h [deleted file]
src/pluto/Makefile.am
src/pluto/certs.c
src/pluto/certs.h
src/pluto/fetch.c
src/pluto/pem.c [deleted file]
src/pluto/pem.h [deleted file]
src/scepclient/Makefile.am

index 1777daa..9dabcfa 100644 (file)
@@ -10,7 +10,6 @@ printf_hook.c printf_hook.h \
 asn1/asn1.c asn1/asn1.h \
 asn1/asn1_parser.c asn1/asn1_parser.h \
 asn1/oid.c asn1/oid.h \
-asn1/pem.c asn1/pem.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/pkcs9.c crypto/pkcs9.h \
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
deleted file mode 100755 (executable)
index 0597955..0000000
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- * Copyright (C) 2001-2008 Andreas Steffen
- *
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string.h>
-#include <stddef.h>
-#include <sys/types.h>
-
-#include "pem.h"
-
-#include <library.h>
-#include <debug.h>
-#include <asn1/asn1.h>
-
-#include <utils/lexparser.h>
-#include <crypto/hashers/hasher.h>
-#include <crypto/crypters/crypter.h>
-
-#define PKCS5_SALT_LEN 8       /* bytes */
-
-/**
- * check the presence of a pattern in a character string
- */
-static bool present(const char* pattern, chunk_t* ch)
-{
-       u_int pattern_len = strlen(pattern);
-
-       if (ch->len >= pattern_len && strneq(ch->ptr, pattern, pattern_len))
-       {
-               ch->ptr += pattern_len;
-               ch->len -= pattern_len;
-               return TRUE;
-       }
-       return FALSE;
-}
-
-/**
- * find a boundary of the form -----tag name-----
- */
-static bool find_boundary(const char* tag, chunk_t *line)
-{
-       chunk_t name = chunk_empty;
-
-       if (!present("-----", line))
-               return FALSE;
-       if (!present(tag, line))
-               return FALSE;
-       if (*line->ptr != ' ')
-               return FALSE;
-       line->ptr++;  line->len--;
-       
-       /* extract name */
-       name.ptr = line->ptr;
-       while (line->len > 0)
-       {
-               if (present("-----", line))
-               {
-                       DBG2("  -----%s %.*s-----", tag, (int)name.len, name.ptr);
-                       return TRUE;
-               }
-               line->ptr++;  line->len--;  name.len++;
-       }
-       return FALSE;
-}
-
-/*
- * decrypts a passphrase protected encrypted data block
- */
-static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
-                                                       chunk_t *iv, chunk_t passphrase)
-{
-       hasher_t *hasher;
-       crypter_t *crypter;
-       chunk_t salt = { iv->ptr, PKCS5_SALT_LEN };
-       chunk_t hash;
-       chunk_t decrypted;
-       chunk_t key = {alloca(key_size), key_size};
-       u_int8_t padding, *last_padding_pos, *first_padding_pos;
-       
-       if (passphrase.len == 0)
-       {
-               DBG1("  missing passphrase");
-               return INVALID_ARG;
-       }
-
-       /* build key from passphrase and IV */
-       hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
-       if (hasher == NULL)
-       {
-               DBG1("  MD5 hash algorithm not available");
-               return NOT_SUPPORTED;
-       }
-       hash.len = hasher->get_hash_size(hasher);
-       hash.ptr = alloca(hash.len);
-       hasher->get_hash(hasher, passphrase, NULL);
-       hasher->get_hash(hasher, salt, hash.ptr);
-       memcpy(key.ptr, hash.ptr, hash.len);
-
-       if (key.len > hash.len)
-       {
-               hasher->get_hash(hasher, hash, NULL);
-               hasher->get_hash(hasher, passphrase, NULL);
-               hasher->get_hash(hasher, salt, hash.ptr);       
-               memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
-       }       
-       hasher->destroy(hasher);
-       
-       /* decrypt blob */
-       crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
-       if (crypter == NULL)
-       {
-               DBG1("  %N encryption algorithm not available",
-                        encryption_algorithm_names, alg);
-               return NOT_SUPPORTED;
-       }
-       crypter->set_key(crypter, key);
-       
-       if (iv->len != crypter->get_block_size(crypter) ||
-               blob->len % iv->len)
-       {
-               crypter->destroy(crypter);
-               DBG1("  data size is not multiple of block size");
-               return PARSE_ERROR;
-       }
-       crypter->decrypt(crypter, *blob, *iv, &decrypted);
-       crypter->destroy(crypter);
-       memcpy(blob->ptr, decrypted.ptr, blob->len);
-       chunk_free(&decrypted);
-       
-       /* determine amount of padding */
-       last_padding_pos = blob->ptr + blob->len - 1;
-       padding = *last_padding_pos;
-       first_padding_pos = (padding > blob->len) ? blob->ptr : last_padding_pos - padding;
-
-       /* check the padding pattern */
-       while (--last_padding_pos > first_padding_pos)
-       {
-               if (*last_padding_pos != padding)
-               {
-                       DBG1("  invalid passphrase");
-                       return INVALID_ARG;
-               }
-       }
-       /* remove padding */
-       blob->len -= padding;
-       return SUCCESS;
-}
-
-/*  Converts a PEM encoded file into its binary form
- *
- *  RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
- *  RFC 934 Message Encapsulation, January 1985
- */
-status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp)
-{
-       typedef enum {
-               PEM_PRE    = 0,
-               PEM_MSG    = 1,
-               PEM_HEADER = 2,
-               PEM_BODY   = 3,
-               PEM_POST   = 4,
-               PEM_ABORT  = 5
-       } state_t;
-
-       encryption_algorithm_t alg = ENCR_UNDEFINED;
-       size_t key_size = 0;
-
-       bool encrypted = FALSE;
-
-       state_t state  = PEM_PRE;
-
-       chunk_t src    = *blob;
-       chunk_t dst    = *blob;
-       chunk_t line   = chunk_empty;
-       chunk_t iv     = chunk_empty;
-
-       u_char iv_buf[16]; /* MD5 digest size */
-
-       /* zero size of converted blob */
-       dst.len = 0;
-
-       /* zero size of IV */
-       iv.ptr = iv_buf;
-       iv.len = 0;
-
-       while (fetchline(&src, &line))
-       {
-               if (state == PEM_PRE)
-               {
-                       if (find_boundary("BEGIN", &line))
-                       {
-                               state = PEM_MSG;
-                       }
-                       continue;
-               }
-               else
-               {
-                       if (find_boundary("END", &line))
-                       {
-                               state = PEM_POST;
-                               break;
-                       }
-                       if (state == PEM_MSG)
-                       {
-                               state = (memchr(line.ptr, ':', line.len) == NULL) ? PEM_BODY : PEM_HEADER;
-                       }
-                       if (state == PEM_HEADER)
-                       {
-                               err_t ugh = NULL;
-                               chunk_t name  = chunk_empty;
-                               chunk_t value = chunk_empty;
-
-                               /* an empty line separates HEADER and BODY */
-                               if (line.len == 0)
-                               {
-                                       state = PEM_BODY;
-                                       continue;
-                               }
-
-                               /* we are looking for a parameter: value pair */
-                               DBG2("  %.*s", (int)line.len, line.ptr);
-                               ugh = extract_parameter_value(&name, &value, &line);
-                               if (ugh != NULL)
-                               {
-                                       continue;
-                               }
-                               if (match("Proc-Type", &name) && *value.ptr == '4')
-                               {
-                                       encrypted = TRUE;
-                               }
-                               else if (match("DEK-Info", &name))
-                               {
-                                       chunk_t dek;
-
-                                       if (!extract_token(&dek, ',', &value))
-                                       {
-                                               dek = value;
-                                       }
-                                       if (match("DES-EDE3-CBC", &dek))
-                                       {
-                                               alg = ENCR_3DES;
-                                               key_size = 24;
-                                       }
-                                       else if (match("AES-128-CBC", &dek))
-                                       {
-                                               alg = ENCR_AES_CBC;
-                                               key_size = 16;
-                                       }
-                                       else if (match("AES-192-CBC", &dek))
-                                       {
-                                               alg = ENCR_AES_CBC;
-                                               key_size = 24;
-                                       }
-                                       else if (match("AES-256-CBC", &dek))
-                                       {
-                                               alg = ENCR_AES_CBC;
-                                               key_size = 32;
-                                       }
-                                       else
-                                       {
-                                               DBG1("  encryption algorithm '%.s' not supported",
-                                                        dek.len, dek.ptr);
-                                               return NOT_SUPPORTED;
-                                       }
-                                       eat_whitespace(&value);
-                                       iv = chunk_from_hex(value, iv.ptr);
-                               }
-                       }
-                       else /* state is PEM_BODY */
-                       {
-                               chunk_t data;
-                               
-                               /* remove any trailing whitespace */
-                               if (!extract_token(&data ,' ', &line))
-                               {
-                                       data = line;
-                               }
-                               
-                               /* check for PGP armor checksum */
-                               if (*data.ptr == '=')
-                               {
-                                       *pgp = TRUE;
-                                       data.ptr++;
-                                       data.len--;
-                                       DBG2("  armor checksum: %.*s", (int)data.len, data.ptr);
-                               continue;
-                               }
-                               
-                               if (blob->len - dst.len < data.len / 4 * 3)
-                               {
-                                       state = PEM_ABORT;
-                               }
-                               data = chunk_from_base64(data, dst.ptr);
-
-                               dst.ptr += data.len;
-                               dst.len += data.len;
-                       }
-               }
-       }
-       /* set length to size of binary blob */
-       blob->len = dst.len;
-
-       if (state != PEM_POST)
-       {
-               DBG1("  file coded in unknown format, discarded");
-               return PARSE_ERROR;
-       }
-       if (!encrypted)
-       {
-               return SUCCESS;
-       }
-       return pem_decrypt(blob, alg, key_size, &iv, passphrase);
-       
-}
-
-/* load a coded key or certificate file with autodetection
- * of binary DER or base64 PEM ASN.1 formats and armored PGP format
- */
-bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
-                                               chunk_t *blob, bool *pgp)
-{
-       FILE *fd = fopen(filename, "r");
-
-       if (fd)
-       {
-               chunk_t pass = chunk_empty;
-               int bytes;
-
-               fseek(fd, 0, SEEK_END );
-               blob->len = ftell(fd);
-               rewind(fd);
-               blob->ptr = malloc(blob->len);
-               bytes = fread(blob->ptr, 1, blob->len, fd);
-               fclose(fd);
-               DBG2("  loading '%s' (%d bytes)", filename, bytes);
-
-               *pgp = FALSE;
-
-               /* try DER format */
-               if (is_asn1(*blob))
-               {
-                       DBG2("  file coded in DER format");
-                       return TRUE;
-               }
-
-               if (passphrase != NULL)
-               {
-                       pass = *passphrase;
-                       DBG4("  passphrase: %#B", passphrase);
-               }
-
-               /* try PEM format */
-               if (pem_to_bin(blob, pass, pgp) == SUCCESS)
-               {
-                       if (*pgp)
-                       {
-                               DBG2("  file coded in armored PGP format");
-                               return TRUE;
-                       }
-                       if (is_asn1(*blob))
-                       {
-                               DBG2("  file coded in PEM format");
-                               return TRUE;
-                       }
-                       DBG1("  file coded in unknown format, discarded");
-               }
-
-               /* a conversion error has occured */
-               chunk_free(blob);
-       }
-       else
-       {
-               DBG1("  reading file '%s' failed", filename);
-       }
-       return FALSE;
-}
-
diff --git a/src/libstrongswan/asn1/pem.h b/src/libstrongswan/asn1/pem.h
deleted file mode 100755 (executable)
index 7385330..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (C) 2001-2008 Andreas Steffen
- *
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef PEM_H_
-#define PEM_H_
-
-#include <stdio.h>
-
-#include <library.h>
-
-status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp);
-
-bool pem_asn1_load_file(char *filename, chunk_t *passphrase, chunk_t *blob,
-                                               bool *pgp);
-
-#endif /*PEM_H_ @} */
index e5d897e..81677b3 100644 (file)
@@ -36,7 +36,6 @@ modecfg.c modecfg.h \
 nat_traversal.c nat_traversal.h \
 ocsp.c ocsp.h \
 packet.c packet.h \
-pem.c pem.h \
 pgpcert.c pgpcert.h \
 pkcs7.c pkcs7.h \
 plutomain.c \
index f7ad8ad..902a1f5 100644 (file)
@@ -28,7 +28,6 @@
 #include "defs.h"
 #include "log.h"
 #include "id.h"
-#include "pem.h"
 #include "certs.h"
 #include "whack.h"
 #include "builder.h"
@@ -69,72 +68,6 @@ public_key_t* cert_get_public_key(const cert_t cert)
        }
 }
 
-/* load a coded key or certificate file with autodetection
- * of binary DER or base64 PEM ASN.1 formats and armored PGP format
- */
-bool load_coded_file(char *filename, prompt_pass_t *pass, const char *type,
-                                        chunk_t *blob, bool *pgp)
-{
-       err_t ugh = NULL;
-
-       FILE *fd = fopen(filename, "r");
-
-       if (fd)
-       {
-               int bytes;
-               fseek(fd, 0, SEEK_END );
-               blob->len = ftell(fd);
-               rewind(fd);
-               blob->ptr = malloc(blob->len);
-               bytes = fread(blob->ptr, 1, blob->len, fd);
-               fclose(fd);
-               plog("  loaded %s file '%s' (%d bytes)", type, filename, bytes);
-
-               *pgp = FALSE;
-
-               /* try DER format */
-               if (is_asn1(*blob))
-               {
-                       DBG(DBG_PARSING,
-                               DBG_log("  file coded in DER format");
-                       )
-                       return TRUE;
-               }
-
-               /* try PEM format */
-               ugh = pemtobin(blob, pass, filename, pgp);
-
-               if (ugh == NULL)
-               {
-                       if (*pgp)
-                       {
-                               DBG(DBG_PARSING,
-                                       DBG_log("  file coded in armored PGP format");
-                               )
-                               return TRUE;
-                       }
-                       if (is_asn1(*blob))
-                       {
-                               DBG(DBG_PARSING,
-                                       DBG_log("  file coded in PEM format");
-                               )
-                               return TRUE;
-                       }
-                       ugh = "file coded in unknown format, discarded";
-               }
-
-               /* a conversion error has occured */
-               plog("  %s", ugh);
-               free(blob->ptr);
-               *blob = chunk_empty;
-       }
-       else
-       {
-               plog("  could not open %s file '%s'", type, filename);
-       }
-       return FALSE;
-}
-
 /**
  * Passphrase callback to read from whack fd
  */
index 0810c52..1bd03ed 100644 (file)
@@ -66,8 +66,6 @@ extern public_key_t* cert_get_public_key(const cert_t cert);
 extern chunk_t cert_get_encoding(cert_t cert);
 extern private_key_t* load_private_key(char* filename, prompt_pass_t *pass,
                                                                           key_type_t type);
-extern bool load_coded_file(char *filename, prompt_pass_t *pass,
-                                                       const char *type, chunk_t *blob, bool *pgp);
 extern bool load_cert(char *filename, const char *label, cert_t *cert);
 extern bool load_host_cert(char *filename, cert_t *cert);
 extern bool load_ca_cert(char *filename, cert_t *cert);
index c636266..827c83d 100644 (file)
 #include <library.h>
 #include <debug.h>
 #include <asn1/asn1.h>
-#include <asn1/pem.h>
 
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
 #include "id.h"
-#include "pem.h"
 #include "x509.h"
 #include "ca.h"
 #include "whack.h"
diff --git a/src/pluto/pem.c b/src/pluto/pem.c
deleted file mode 100644 (file)
index 1a4a99a..0000000
+++ /dev/null
@@ -1,127 +0,0 @@
-/* Loading of PEM encoded files with optional encryption
- * Copyright (C) 2001-2009 Andreas Steffen
- *
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/* decrypt a PEM encoded data block using DES-EDE3-CBC
- * see RFC 1423 PEM: Algorithms, Modes and Identifiers
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string.h>
-#include <stddef.h>
-#include <sys/types.h>
-
-#include <freeswan.h>
-
-#include <library.h>
-#include <asn1/pem.h>
-
-#include "constants.h"
-#include "defs.h"
-#include "log.h"
-#include "whack.h"
-#include "pem.h"
-
-/**
- *  Converts a PEM encoded file into its binary form
- *  RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
- *  RFC 934 Message Encapsulation, January 1985
- */
-err_t pemtobin(chunk_t *blob, prompt_pass_t *pass, const char* label, bool *pgp)
-{
-       chunk_t password = chunk_empty;
-
-       /* do we prompt for the passphrase? */
-       if (pass && pass->prompt && pass->fd != NULL_FD)
-       {
-               int i;
-               chunk_t blob_copy;
-               err_t ugh = "invalid passphrase, too many trials";
-               status_t status;
-
-               whack_log(RC_ENTERSECRET, "need passphrase for '%s'", label);
-
-               for (i = 0; i < MAX_PROMPT_PASS_TRIALS; i++)
-               {
-                       int n;
-
-                       if (i > 0)
-                       {
-                               whack_log(RC_ENTERSECRET, "invalid passphrase, please try again");
-                       }
-                       n = read(pass->fd, pass->secret, PROMPT_PASS_LEN);
-
-                       if (n == -1)
-                       {
-                               err_t ugh = "read(whackfd) failed";
-
-                               whack_log(RC_LOG_SERIOUS,ugh);
-                               return ugh;
-                       }
-
-                       pass->secret[n-1] = '\0';
-                       
-                       if (strlen(pass->secret) == 0)
-                       {
-                               err_t ugh = "no passphrase entered, aborted";
-
-                               whack_log(RC_LOG_SERIOUS, ugh);
-                               return ugh;
-                       }
-
-                       blob_copy = chunk_clone(*blob);
-                       password = chunk_create(pass->secret, strlen(pass->secret));
-
-                       status = pem_to_bin(blob, password, pgp);
-                       if (status != INVALID_ARG)
-                       {
-                               if (status == SUCCESS)
-                               {
-                                       whack_log(RC_SUCCESS, "valid passphrase");
-                               }
-                               else
-                               {
-                                       whack_log(RC_LOG_SERIOUS, "%N, aborted", status_names, status);
-                               }
-                               free(blob_copy.ptr);
-                               return NULL;
-                       }
-                       
-                       /* blob is useless after wrong decryption, restore the original */
-                       free(blob->ptr);
-                       *blob = blob_copy;
-               }
-               whack_log(RC_LOG_SERIOUS, ugh);
-               return ugh;
-       }
-       else
-       {
-               if (pass)
-               {
-                       password = chunk_create(pass->secret, strlen(pass->secret));
-               }
-               if (pem_to_bin(blob, password, pgp) == SUCCESS)
-               {
-                       return NULL;
-               }
-               else
-               {
-                       return "pem to bin conversion failed";
-               }
-       }       
-}
diff --git a/src/pluto/pem.h b/src/pluto/pem.h
deleted file mode 100644 (file)
index 5e97b99..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-/* Loading of PEM encoded files with optional encryption
- * Copyright (C) 2001-2009 Andreas Steffen
- *
- * Hochschule fuer Technik Rapperswil 
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-extern err_t pemtobin(chunk_t *blob, prompt_pass_t *pass, const char* label,
-                                         bool *pgp);
index 20bf760..68dddb2 100644 (file)
@@ -27,7 +27,7 @@ LIBFREESWANBUILDDIR=$(top_builddir)/src/libfreeswan
 
 scepclient_LDADD = \
 ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o lex.o \
-ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \
+ocsp.o pgpcert.o pkcs7.o smartcard.o x509.o \
 $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \
 $(LIBFREESWANBUILDDIR)/libfreeswan.a
 
@@ -69,9 +69,6 @@ lex.o :               $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h
 ocsp.o :       $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<
 
-pem.o :                $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h
-               $(COMPILE) $(INCLUDES) -c -o $@ $<
-
 pgpcert.o :            $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<