• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/pkcs12.h>
13 #include <openssl/trace.h>
14 
15 /*
16  * Encrypt/Decrypt a buffer based on password and algor, result in a
17  * OPENSSL_malloc'ed buffer
18  */
PKCS12_pbe_crypt_ex(const X509_ALGOR * algor,const char * pass,int passlen,const unsigned char * in,int inlen,unsigned char ** data,int * datalen,int en_de,OSSL_LIB_CTX * libctx,const char * propq)19 unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor,
20                                    const char *pass, int passlen,
21                                    const unsigned char *in, int inlen,
22                                    unsigned char **data, int *datalen, int en_de,
23                                    OSSL_LIB_CTX *libctx, const char *propq)
24 {
25     unsigned char *out = NULL;
26     int outlen, i;
27     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
28     int max_out_len, mac_len = 0;
29 
30     if (ctx == NULL) {
31         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
32         goto err;
33     }
34 
35     /* Process data */
36     if (!EVP_PBE_CipherInit_ex(algor->algorithm, pass, passlen,
37                                algor->parameter, ctx, en_de, libctx, propq))
38         goto err;
39 
40     /*
41      * GOST algorithm specifics:
42      * OMAC algorithm calculate and encrypt MAC of the encrypted objects
43      * It's appended to encrypted text on encrypting
44      * MAC should be processed on decrypting separately from plain text
45      */
46     max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx);
47     if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
48                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
49         if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
50             ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
51             goto err;
52         }
53 
54         if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
55             max_out_len += mac_len;
56         } else {
57             if (inlen < mac_len) {
58                 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
59                 goto err;
60             }
61             inlen -= mac_len;
62             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
63                                     (int)mac_len, (unsigned char *)in+inlen) < 0) {
64                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
65                 goto err;
66             }
67         }
68     }
69 
70     if ((out = OPENSSL_malloc(max_out_len)) == NULL) {
71         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
72         goto err;
73     }
74 
75     if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
76         OPENSSL_free(out);
77         out = NULL;
78         ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB);
79         goto err;
80     }
81 
82     outlen = i;
83     if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
84         OPENSSL_free(out);
85         out = NULL;
86         ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
87                        passlen == 0 ? "empty password"
88                        : "maybe wrong password");
89         goto err;
90     }
91     outlen += i;
92     if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
93                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
94         if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
95             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
96                 (int)mac_len, out+outlen) < 0) {
97                 OPENSSL_free(out);
98                 out = NULL;
99                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
100                 goto err;
101             }
102             outlen += mac_len;
103         }
104     }
105     if (datalen)
106         *datalen = outlen;
107     if (data)
108         *data = out;
109  err:
110     EVP_CIPHER_CTX_free(ctx);
111     return out;
112 
113 }
114 
PKCS12_pbe_crypt(const X509_ALGOR * algor,const char * pass,int passlen,const unsigned char * in,int inlen,unsigned char ** data,int * datalen,int en_de)115 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
116                                 const char *pass, int passlen,
117                                 const unsigned char *in, int inlen,
118                                 unsigned char **data, int *datalen, int en_de)
119 {
120     return PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, data, datalen,
121                                en_de, NULL, NULL);
122 }
123 
124 /*
125  * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
126  * after use.
127  */
128 
PKCS12_item_decrypt_d2i_ex(const X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,const ASN1_OCTET_STRING * oct,int zbuf,OSSL_LIB_CTX * libctx,const char * propq)129 void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it,
130                                  const char *pass, int passlen,
131                                  const ASN1_OCTET_STRING *oct, int zbuf,
132                                  OSSL_LIB_CTX *libctx,
133                                  const char *propq)
134 {
135     unsigned char *out = NULL;
136     const unsigned char *p;
137     void *ret;
138     int outlen = 0;
139 
140     if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
141                              &out, &outlen, 0, libctx, propq))
142         return NULL;
143     p = out;
144     OSSL_TRACE_BEGIN(PKCS12_DECRYPT) {
145         BIO_printf(trc_out, "\n");
146         BIO_dump(trc_out, out, outlen);
147         BIO_printf(trc_out, "\n");
148     } OSSL_TRACE_END(PKCS12_DECRYPT);
149     ret = ASN1_item_d2i(NULL, &p, outlen, it);
150     if (zbuf)
151         OPENSSL_cleanse(out, outlen);
152     if (!ret)
153         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
154     OPENSSL_free(out);
155     return ret;
156 }
157 
PKCS12_item_decrypt_d2i(const X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,const ASN1_OCTET_STRING * oct,int zbuf)158 void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
159                               const char *pass, int passlen,
160                               const ASN1_OCTET_STRING *oct, int zbuf)
161 {
162     return PKCS12_item_decrypt_d2i_ex(algor, it, pass, passlen, oct, zbuf,
163                                       NULL, NULL);
164 }
165 
166 /*
167  * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
168  * encoding.
169  */
170 
PKCS12_item_i2d_encrypt_ex(X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,void * obj,int zbuf,OSSL_LIB_CTX * ctx,const char * propq)171 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor,
172                                               const ASN1_ITEM *it,
173                                               const char *pass, int passlen,
174                                               void *obj, int zbuf,
175                                               OSSL_LIB_CTX *ctx,
176                                               const char *propq)
177 {
178     ASN1_OCTET_STRING *oct = NULL;
179     unsigned char *in = NULL;
180     int inlen;
181 
182     if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
183         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
184         goto err;
185     }
186     inlen = ASN1_item_i2d(obj, &in, it);
187     if (!in) {
188         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
189         goto err;
190     }
191     if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, &oct->data,
192                              &oct->length, 1, ctx, propq)) {
193         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR);
194         OPENSSL_free(in);
195         goto err;
196     }
197     if (zbuf)
198         OPENSSL_cleanse(in, inlen);
199     OPENSSL_free(in);
200     return oct;
201  err:
202     ASN1_OCTET_STRING_free(oct);
203     return NULL;
204 }
205 
PKCS12_item_i2d_encrypt(X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,void * obj,int zbuf)206 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
207                                            const ASN1_ITEM *it,
208                                            const char *pass, int passlen,
209                                            void *obj, int zbuf)
210 {
211     return PKCS12_item_i2d_encrypt_ex(algor, it, pass, passlen, obj, zbuf, NULL, NULL);
212 }
213