From cf6e95d9a81c7b22271beb58a09b5c756148e62a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 12 Jun 2013 13:18:15 +0200 Subject: [PATCH] Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis PKCS#8 encrypted key file support has been added to x509parse_key() with support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4, pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC) --- ChangeLog | 4 + include/polarssl/config.h | 16 + include/polarssl/error.h | 1 + include/polarssl/pkcs12.h | 139 ++++++++ library/CMakeLists.txt | 1 + library/Makefile | 2 +- library/error.c | 13 + library/pkcs12.c | 363 ++++++++++++++++++++ library/x509parse.c | 165 ++++++++- scripts/generate_errors.pl | 3 +- tests/data_files/pkcs8_pbe_sha1_2des.key | 29 ++ tests/data_files/pkcs8_pbe_sha1_3des.der | Bin 0 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_3des.key | 29 ++ tests/data_files/pkcs8_pbe_sha1_rc4_128.key | 29 ++ tests/suites/test_suite_x509parse.data | 16 + 15 files changed, 793 insertions(+), 17 deletions(-) create mode 100644 include/polarssl/pkcs12.h create mode 100644 library/pkcs12.c create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.key diff --git a/ChangeLog b/ChangeLog index 0a4bfb127..37308c1bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ PolarSSL ChangeLog = Branch 1.2 +Features + * Parsing of PKCS#8 encrypted private key files + * PKCS#12 PBE and derivation functions + Change * HAVEGE random generator disabled by default * Internally split up x509parse_key() into a (PEM) handler function diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 145b99bc1..579b5d640 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -721,6 +721,22 @@ #define POLARSSL_PKCS11_C */ +/** + * \def POLARSSL_PKCS12_C + * + * Enable PKCS#12 PBE functions + * Adds algorithms for parsing PKCS#8 encrypted private keys + * + * Module: library/pkcs12.c + * Caller: library/x509parse.c + * + * Requires: POLARSSL_ASN1_PARSE_C + * Can use: POLARSSL_SHA1_C, POLARSSL_DES_C, POLARSSL_ARC4_C + * + * This module enables PKCS#12 functions. + */ +#define POLARSSL_PKCS12_C + /** * \def POLARSSL_RSA_C * diff --git a/include/polarssl/error.h b/include/polarssl/error.h index 73ebe8900..1f7469c61 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -74,6 +74,7 @@ * High-level module nr (3 bits - 0x1...-0x8...) * Name ID Nr of Errors * PEM 1 9 + * PKCS#12 1 3 (Started from top) * X509 2 21 * DHM 3 6 * RSA 4 9 diff --git a/include/polarssl/pkcs12.h b/include/polarssl/pkcs12.h new file mode 100644 index 000000000..2a28c7128 --- /dev/null +++ b/include/polarssl/pkcs12.h @@ -0,0 +1,139 @@ +/** + * \file pkcs12.h + * + * \brief PKCS#12 Personal Information Exchange Syntax + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_PKCS12_H +#define POLARSSL_PKCS12_H + +#include + +#include "md.h" +#include "asn1.h" + +#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ +#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ +#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ + +#define PKCS12_DERIVE_KEY 1 /*< encryption/decryption key */ +#define PKCS12_DERIVE_IV 2 /*< initialization vector */ +#define PKCS12_DERIVE_MAC_KEY 3 /*< integrity / MAC key */ + +#define PKCS12_PBE_ENCRYPT 1 +#define PKCS12_PBE_DECRYPT 2 + +/* + * PKCS#12 PBE types + */ +#define OID_PKCS12 "\x2a\x86\x48\x86\xf7\x0d\x01\x0c" +#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12 "\x01\x01" +#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12 "\x01\x03" +#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12 "\x01\x04" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief PKCS12 Password Based function (encryption / decryption) + * for pbeWithSHAAnd128BitRC4 + * + * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure + * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT + * \param pwd the password used (may be NULL if no password is used) + * \param pwdlen length of the password (may be 0) + * \param input the input data + * \param len data length + * \param output the output buffer + */ +int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output ); + +/** + * \brief PKCS12 Password Based function (encryption / decryption) + * for pbeWithSHAAnd3-KeyTripleDES-CBC + * + * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure + * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT + * \param pwd the password used (may be NULL if no password is used) + * \param pwdlen length of the password (may be 0) + * \param input the input data + * \param len data length + * \param output the output buffer + */ +int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output ); + +/** + * \brief PKCS12 Password Based function (encryption / decryption) + * for pbeWithSHAAnd2-KeyTripleDES-CBC + * + * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure + * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT + * \param pwd the password used (may be NULL if no password is used) + * \param pwdlen length of the password (may be 0) + * \param input the input data + * \param len data length + * \param output the output buffer + */ +int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output ); + +/** + * \brief The PKCS#12 derivation function uses a password and a salt + * to produce pseudo-random bits for a particular "purpose". + * + * Depending on the given id, this function can produce an + * encryption/decryption key, an nitialization vector or an + * integrity key. + * + * \param data buffer to store the derived data in + * \param datalen length to fill + * \param pwd password to use (may be NULL if no password is used) + * \param pwdlen length of the password (may be 0) + * \param salt salt buffer to use + * \param saltlen length of the salt + * \param md md type to use during the derivation + * \param id id that describes the purpose (can be PKCS12_DERIVE_KEY, + * PKCS12_DERIVE_IV or PKCS12_DERIVE_MAC_KEY) + * \param iterations number of iterations + * + * \return 0 if successful, or a MD, BIGNUM type error. + */ +int pkcs12_derivation( unsigned char *data, size_t datalen, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *salt, size_t saltlen, + md_type_t md, int id, int iterations ); + +#ifdef __cplusplus +} +#endif + +#endif /* pkcs12.h */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index a663e526d..801da882f 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -31,6 +31,7 @@ set(src pbkdf2.c pem.c pkcs11.c + pkcs12.c rsa.c sha1.c sha2.c diff --git a/library/Makefile b/library/Makefile index 603f5d16e..a66333fda 100644 --- a/library/Makefile +++ b/library/Makefile @@ -44,7 +44,7 @@ OBJS= aes.o arc4.o asn1parse.o \ md.o md_wrap.o md2.o \ md4.o md5.o net.o \ padlock.o pbkdf2.o pem.o \ - pkcs11.o \ + pkcs11.o pkcs12.o \ rsa.o sha1.o sha2.o \ sha4.o ssl_cache.o ssl_cli.o \ ssl_srv.o \ diff --git a/library/error.c b/library/error.c index 42f3cacb8..48f8e4979 100644 --- a/library/error.c +++ b/library/error.c @@ -105,6 +105,10 @@ #include "polarssl/pem.h" #endif +#if defined(POLARSSL_PKCS12_C) +#include "polarssl/pkcs12.h" +#endif + #if defined(POLARSSL_RSA_C) #include "polarssl/rsa.h" #endif @@ -216,6 +220,15 @@ void error_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "PEM - Bad input parameters to function" ); #endif /* POLARSSL_PEM_C */ +#if defined(POLARSSL_PKCS12_C) + if( use_ret == -(POLARSSL_ERR_PKCS12_BAD_INPUT_DATA) ) + snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" ); + if( use_ret == -(POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE) ) + snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); + if( use_ret == -(POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT) ) + snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" ); +#endif /* POLARSSL_PKCS12_C */ + #if defined(POLARSSL_RSA_C) if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) ) snprintf( buf, buflen, "RSA - Bad input parameters to function" ); diff --git a/library/pkcs12.c b/library/pkcs12.c new file mode 100644 index 000000000..39ab10fa9 --- /dev/null +++ b/library/pkcs12.c @@ -0,0 +1,363 @@ +/* + * PKCS#12 Personal Information Exchange Syntax + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 + * + * http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf + * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_PKCS12_C) + +#include "polarssl/pkcs12.h" +#include "polarssl/asn1.h" + +#if defined(POLARSSL_ARC4_C) +#include "polarssl/arc4.h" +#endif + +#if defined(POLARSSL_DES_C) +#include "polarssl/des.h" +#endif + +static int pkcs12_parse_pbe_params( unsigned char **p, + const unsigned char *end, + asn1_buf *salt, int *iterations ) +{ + int ret; + size_t len = 0; + + /* + * pkcs-12PbeParams ::= SEQUENCE { + * salt OCTET STRING, + * iterations INTEGER + * } + * + */ + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + } + + end = *p + len; + + if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 ) + return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + + salt->p = *p; + *p += salt->len; + + if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 ) + return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + + if( *p != end ) + return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + +static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, + const unsigned char *pwd, size_t pwdlen, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen ) +{ + int ret, iterations; + asn1_buf salt; + size_t i; + unsigned char *p, *end; + unsigned char unipwd[258]; + + memset(&salt, 0, sizeof(asn1_buf)); + memset(&unipwd, 0, sizeof(unipwd)); + + p = pbe_params->p; + end = p + pbe_params->len; + + if( ( ret = pkcs12_parse_pbe_params( &p, end, &salt, &iterations ) ) != 0 ) + return( ret ); + + for(i = 0; i < pwdlen; i++) + unipwd[i * 2 + 1] = pwd[i]; + + if( ( ret = pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2, + salt.p, salt.len, POLARSSL_MD_SHA1, + PKCS12_DERIVE_KEY, iterations ) ) != 0 ) + { + return( ret ); + } + + if( iv == NULL || ivlen == 0 ) + return( 0 ); + + if( ( ret = pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2, + salt.p, salt.len, POLARSSL_MD_SHA1, + PKCS12_DERIVE_IV, iterations ) ) != 0 ) + { + return( ret ); + } + return( 0 ); +} + +int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output ) +{ +#if !defined(POLARSSL_ARC4_C) + ((void) pbe_params); + ((void) mode); + ((void) pwd); + ((void) pwdlen); + ((void) data); + ((void) len); + ((void) output); + return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); +#else + int ret; + unsigned char key[16]; + arc4_context ctx; + ((void) mode); + + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen, + key, 16, NULL, 0 ) ) != 0 ) + { + return( ret ); + } + + arc4_setup( &ctx, key, 16 ); + if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 ) + return( ret ); + + return( 0 ); +} +#endif /* POLARSSL_ARC4_C */ + +int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output ) +{ +#if !defined(POLARSSL_DES_C) + ((void) pbe_params); + ((void) mode); + ((void) pwd); + ((void) pwdlen); + ((void) data); + ((void) len); + ((void) output); + return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); +#else + int ret; + unsigned char key[16]; + unsigned char iv[8]; + des3_context ctx; + + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen, + key, 16, iv, 8 ) ) != 0 ) + { + return( ret ); + } + + if( mode == PKCS12_PBE_ENCRYPT ) + { + des3_set2key_enc( &ctx, key ); + des3_crypt_cbc( &ctx, DES_ENCRYPT, len, iv, data, output ); + } + else + { + des3_set2key_dec( &ctx, key ); + des3_crypt_cbc( &ctx, DES_DECRYPT, len, iv, data, output ); + } + + return( 0 ); +} +#endif /* POLARSSL_DES_C */ + +int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output ) +{ +#if !defined(POLARSSL_DES_C) + ((void) pbe_params); + ((void) mode); + ((void) pwd); + ((void) pwdlen); + ((void) data); + ((void) len); + ((void) output); + return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); +#else + int ret; + unsigned char key[24]; + unsigned char iv[8]; + des3_context ctx; + + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen, + key, 24, iv, 8 ) ) != 0 ) + { + return( ret ); + } + + if( mode == PKCS12_PBE_ENCRYPT ) + { + des3_set3key_enc( &ctx, key ); + des3_crypt_cbc( &ctx, DES_ENCRYPT, len, iv, data, output ); + } + else + { + des3_set3key_dec( &ctx, key ); + des3_crypt_cbc( &ctx, DES_DECRYPT, len, iv, data, output ); + } + + return( 0 ); +} +#endif /* POLARSSL_DES_C */ + +static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, + const unsigned char *filler, size_t fill_len ) +{ + unsigned char *p = data; + size_t use_len; + + while( data_len > 0 ) + { + use_len = ( data_len > fill_len ) ? fill_len : data_len; + memcpy( p, filler, use_len ); + p += use_len; + data_len -= use_len; + } +} + +int pkcs12_derivation( unsigned char *data, size_t datalen, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *salt, size_t saltlen, + md_type_t md_type, int id, int iterations ) +{ + int ret, i; + unsigned int j; + + unsigned char diversifier[128]; + unsigned char salt_block[128], pwd_block[128], hash_block[128]; + unsigned char hash_output[POLARSSL_MD_MAX_SIZE]; + unsigned char *p; + unsigned char c; + + size_t hlen, use_len, v; + + const md_info_t *md_info; + md_context_t md_ctx; + + // This version only allows max of 64 bytes of password or salt + if( datalen > 128 || pwdlen > 64 || saltlen > 64 ) + return( POLARSSL_ERR_PKCS12_BAD_INPUT_DATA ); + + md_info = md_info_from_type( md_type ); + if( md_info == NULL ) + return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); + + if ( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + return( ret ); + hlen = md_get_size( md_info ); + + if( hlen <= 32 ) + v = 64; + else + v = 128; + + memset( diversifier, (unsigned char) id, v ); + + pkcs12_fill_buffer( salt_block, v, salt, saltlen ); + pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); + + p = data; + while( datalen > 0 ) + { + // Calculate hash( diversifier || salt_block || pwd_block ) + if( ( ret = md_starts( &md_ctx ) ) != 0 ) + return( ret ); + + if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 ) + return( ret ); + + if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 ) + return( ret ); + + if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 ) + return( ret ); + + if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 ) + return( ret ); + + // Perform remaining ( iterations - 1 ) recursive hash calculations + for( i = 1; i < iterations; i++ ) + { + if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 ) + return( ret ); + } + + use_len = ( datalen > hlen ) ? hlen : datalen; + memcpy( p, hash_output, use_len ); + datalen -= use_len; + p += use_len; + + if( datalen == 0 ) + break; + + // Concatenating copies of hash_output into hash_block (B) + pkcs12_fill_buffer( hash_block, v, hash_output, hlen ); + + // B += 1 + for( i = v; i > 0; i-- ) + if( ++hash_block[i - 1] != 0 ) + break; + + // salt_block += B + c = 0; + for( i = v; i > 0; i-- ) + { + j = salt_block[i - 1] + hash_block[i - 1] + c; + c = (unsigned char) (j >> 8); + salt_block[i - 1] = j & 0xFF; + } + + // pwd_block += B + c = 0; + for( i = v; i > 0; i-- ) + { + j = pwd_block[i - 1] + hash_block[i - 1] + c; + c = (unsigned char) (j >> 8); + pwd_block[i - 1] = j & 0xFF; + } + } + + return( 0 ); +} + +#endif /* POLARSSL_PKCS12_C */ diff --git a/library/x509parse.c b/library/x509parse.c index 1906df624..ce75d5943 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -61,6 +61,7 @@ #include "polarssl/sha4.h" #endif #include "polarssl/dhm.h" +#include "polarssl/pkcs12.h" #include #include @@ -78,6 +79,11 @@ #endif #endif +/* Compare a given OID string with an OID x509_buf * */ +#define OID_CMP(oid_str, oid_buf) \ + ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \ + memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0) + /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ @@ -2189,6 +2195,116 @@ static int x509parse_key_pkcs8_unencrypted_der( return( 0 ); } +/* + * Parse an unencrypted PKCS#8 encoded private RSA key + */ +static int x509parse_key_pkcs8_encrypted_der( + rsa_context *rsa, + const unsigned char *key, + size_t keylen, + const unsigned char *pwd, + size_t pwdlen ) +{ + int ret; + size_t len; + unsigned char *p, *end, *end2; + x509_buf pbe_alg_oid, pbe_params; + unsigned char buf[2048]; + + memset(buf, 0, 2048); + + p = (unsigned char *) key; + end = p + keylen; + + /* + * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) + * + * EncryptedPrivateKeyInfo ::= SEQUENCE { + * encryptionAlgorithm EncryptionAlgorithmIdentifier, + * encryptedData EncryptedData + * } + * + * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + * + * EncryptedData ::= OCTET STRING + * + * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); + } + + end = p + len; + + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); + } + + end2 = p + len; + + if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID ) ) != 0 ) + return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); + + pbe_alg_oid.p = p; + p += pbe_alg_oid.len; + + /* + * Store the algorithm parameters + */ + pbe_params.p = p; + pbe_params.len = end2 - p; + p += pbe_params.len; + + if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) + return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); + + // buf has been sized to 2048 bytes + if( len > 2048 ) + return( POLARSSL_ERR_X509_INVALID_INPUT ); + + /* + * Decrypt EncryptedData with appropriate PDE + */ + if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) ) + { + if( ( ret = pkcs12_pbe_sha1_des3_ede_cbc( &pbe_params, + PKCS12_PBE_DECRYPT, + pwd, pwdlen, + p, len, buf ) ) != 0 ) + { + return( ret ); + } + } + else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) ) + { + if( ( ret = pkcs12_pbe_sha1_des2_ede_cbc( &pbe_params, + PKCS12_PBE_DECRYPT, + pwd, pwdlen, + p, len, buf ) ) != 0 ) + { + return( ret ); + } + } + else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) ) + { + if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params, + PKCS12_PBE_DECRYPT, + pwd, pwdlen, + p, len, buf ) ) != 0 ) + { + return( ret ); + } + } + else + return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); + + return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len ); +} + /* * Parse a private RSA key */ @@ -2243,7 +2359,27 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen, return( ret ); } - pem_free( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN ENCRYPTED PRIVATE KEY-----", + "-----END ENCRYPTED PRIVATE KEY-----", + key, NULL, 0, &len ); + if( ret == 0 ) + { + if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, + pem.buf, pem.buflen, + pwd, pwdlen ) ) != 0 ) + { + rsa_free( rsa ); + } + + pem_free( &pem ); + return( ret ); + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + { + pem_free( &pem ); + return( ret ); + } #else ((void) pwd); ((void) pwdlen); @@ -2255,18 +2391,22 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen, // We try the different DER format parsers to see if one passes without // error // - if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) != 0 ) + if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen, + pwd, pwdlen ) ) == 0 ) { - rsa_free( rsa ); - - if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) != 0 ) - { - rsa_free( rsa ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); - } + return( 0 ); } - return( 0 ); + rsa_free( rsa ); + if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 ) + return( 0 ); + + rsa_free( rsa ); + if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 ) + return( 0 ); + + rsa_free( rsa ); + return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); } /* @@ -2726,11 +2866,6 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } -/* Compare a given OID string with an OID x509_buf * */ -#define OID_CMP(oid_str, oid_buf) \ - ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \ - memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0) - /* * Return an informational string describing the given OID */ diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index e89496490..fd42867df 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -12,7 +12,8 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM", "BASE64", "XTEA", "PBKDF2", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "MD2", "MD4", "MD5", "SHA1", "SHA2", "SHA4", "GCM" ); -my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "MD", "CIPHER", "SSL" ); +my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "MD", "CIPHER", "SSL", + "PKCS12" ); my $line_separator = $/; undef $/; diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.key b/tests/data_files/pkcs8_pbe_sha1_2des.key new file mode 100644 index 000000000..4ae7aec79 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECJUO+jJnTjpKAgIIAASCBMi9QFFLgKGYOSDR +0zyRMc87RkrvSlyRi8BibyKvTNEDq77jTr6ZEuOF1OeZ9fvdZwJeI4GkTeKkWqTw +XDjWATXHbgTX82I3T8R2iBnv6Za9uaFDtDH5gbUYSrSNzMaoyS90hc9PTJ2+TG/Y +xUe99kSvzbhAatVQE+0TWpgH+8oACRvGelnHWofw4/CKJXJctUO8l6LdhLht1kwd +YXNX0xjxpY/eLGlsUaiDBdb0D9WFjdi4fcZ46IHspqTfBUhYbpDj8IQT1vjH6yjm +cPNPstEeyfFnirvgFuHg9LXTH0cf0mJgLzgiclgRVEOel87Lei5icEFI4hDAzWna +s3YiTijc926mD5AqQ55QXPN9v6b/uAV1QyKenoYzIWC3Y4phTTeApCyV44f9oMMD +wzcYWMZoHzEIiZj/iiCF1uOSamIjunCmpiBXTI7OGXbxXvSSJ3aU9nJHqVT88/ke +nj//EzWVYAjMdNYl0bOsWoIONl3eEEnLaUrOYOTVMxGac6yy/oIKR7GP0R26N4V2 +c434y0aQpn6opT+JYa83N1RwES2/NxwrHs4pcx2WShbTjg1Cw1XMHk8nQYNnM4oJ +kXWyns/k1Bay/SXgpl2NRsoWzxCR7BavB2mRcyMz3djbOYscuT4QwpB/Wf6kr6pN +gszegRtwLmVBehwvGJwL2SEx2CDHvJNhvoD7vbNiWeTFo1wW1wF4aE7p/Ee7gSRX +z14OC8NSbuYV660ntNQ9LB+Z7NDT2d6JTjSnhQHxxLBwy3OnM2/vu0eCd/5+MGjN +C4svgFsAH9qnT1VQTzmpwGBJAbD29CVvUUeBF3+up+Mr+IQU9OWWEtUZ2Fm29gs4 +j4azYJUI4+RLw75yNLVgxS5r4Cc4cKGB/P7qVqdH2CmjrEk0jxyTFT/PE3Df1cz9 +F8eEprdml2ktrlQ3gCD9fw0kXBsp5vwecpQDS3r2v980vnMxb5Cm7kMTMFb4/hMY +z1yaDkarkSHQk3qFYtO5DkEUXhF6fwATyqOgJYwcy/9ynzItqgbsCIYMjpXF7Yww +FNa/GQlqIbYRCd4KT64Ahus7I00vVS3b3glcC+KlDkwCJJ0M+glzHrJs3L+PiJMi +gm+YT/5FuSqJZ/JI5QP7VMovqSLEw6y6QQHSBCOxh/CGhAL/BZ9A9afvPTRiI9OF +fyxAaf8KH1YPI3uKIuDcms0d0gJqQoDmLafdfggd6dwuLF3iQpDORgx80oPbjfl1 +FEbU8M5DqiH+eOxgEvIL0AhMnPa4mv1brVdlxS3CyojnqxPfecXyEXrhEYJWJdsF +aYKR5bU1bY990aN6T3EDRblmHs25Fc328xS2ZJkHNxcJDruwi4EFpQVT+fukOz00 +hOW2BEMFJLRflE+372LNIgSRVNI536YhF8r4r7O1jrw9McX3hzbJGAtcsXqyIO/k +hxC3x5ViqgZbDYgHz/CJJfP2RC8spp2RbZ/uDJu2YI8z8s9OXvcYv0EQmBAJxdt/ +lyfkzEr/n8oRtDIkrq7lR3rjMUz7AbCfNJpqrEBFol9+qH8+jnmowL8LWBlh0v/A +pc3qWIulXOR1pbwXyAELo8wGhnJWL4WmY252S3i0Jn8Gf2kXewMRJsixStairjWD +1m0wWUVGSm5CO8Rfon8= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.der b/tests/data_files/pkcs8_pbe_sha1_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..f2ce0290e61200ed7b6056ca6dc74d0cd2223cae GIT binary patch literal 1262 zcmVr$Ol*ibawGg zen~7`U;#En6>sf>)343^;$$m$07tsW~JP}Ye*E!A(aC9Vr`-5S%wc^9IS&OEk=JVowdU(u!NU{gp@rwVRDG++ij zJO0@Ty4L`JS$N%C{BCDw7$B~TFbmHahy3jkXjSLQ2)j|5Da`OzAwjBxQ0UY5T^ylv z(okG3irfr^_4Zg$)>e1++U9Dz%nAGg@TFt=KQBm4sO6PXJCvd=f}d7{`le_EVjq;n z@d1?r*Ix?3m}%;N&U;b&?cR%@Z1*b>=xZ(l0Ug}BM#!x<>Z@LFqK0Obgkk|T@}G`3 z3U`|AgX4E|GZZ``qF=KxIn5$erisgm$HEq$`fD8Y&o@k*F^|LmIgLR;w9w4%GC)jd zQ|U=X4JnYv%5^a3Fw=)_zuqSce5g`r=S36NpKZrz3Sh5Vd+{7lWlbl&mT&oI!TLWta6zm=p&ExgJU?d-sc*UJVJ} zj+-|XBb`WB$R4siNF1Rc0vRn@GPl+Bmv1<( zt9(4cZ^I<;aI`g7LRt%WedT3YuGrr6aLQQv!F75J@6Yit&ZG)9p-t$OZot$8s2GOl zK&=%{h{>>DLu2%%WCb8``3a_g6WvM zQx(9raRuWuOzh{V%u0D_L?Od1e_Do{1g>pKBL48Z2+-F{Q`Lb|2=Ux6d?y@ZFF)KF z_=4xIiSiUzb`wm=o-+B4(^!IM&3<|gH?s_JyAoZehDk~pR`DW-qBeNnNfrB%pm@T> z(Q=F@mQJx0%GsFX)Lox*+~NVv81IQPqgU+xTSzvI$*hooidoMD(Yy$9xA;BuW#_?S4YXAyBusdqer^ARm2REh!@P zg=vMf$}J1HPT3f7tdFwJnZ(dyJ=}eC&(3}^bAQBZ!-H}+NUj3~VB1t4)yY7}L7!B# zvQ2%>wopn}AAuA~c)41|uR`~bxHE2JT~iDxkoN2*+Pk?)plnlJ6qZSK0+v``QM0p~D>{ z6=gF|U^9yjn4`a?3eY_Oz8I-4q2JD}c*9`QVR-Lc;L9x=*}Avjk((@F@r+!Fji8YybcN literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.key b/tests/data_files/pkcs8_pbe_sha1_3des.key new file mode 100644 index 000000000..f9c11ade0 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_3des.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEDMA4ECGhNuQogiktrAgIIAASCBMhfcb+Jt0YOgGni +IWnwmmtYT6Nvina/j3FCGzcHCDyUQDqh1rPUtZnmUdM3fyEGlUJdX9wmHh3gUkWx +JE00QMzYDQsUbGrt8H3rCQ+aXegCicXAyBgDh0YUhO7bWmgJNSvZOduIeCJ81mnb +xtl3CGgaYVOWspr458crtvn1Hlhq0EGs54EUHWBE89PHNxokGHqkFQcdp7QHO9Zm +ZvjTn+kR0K5KQbeQwMf3LcboueDV71ueUZsHlTSZ5Qs7WZORRzMBoo2SWV+Mh7U/ +yAQv4i6CMauVifVqTMbLtfdTyZCts3N57sGstyqIruE1Jwg8m3i+cV/QIh9Fcgo8 +R+snSlbOZMzCpUIvcuVkEMBP8+89/BtIabXL8SoTsD6v/f/YJfcw9qpOH+AoA3JG +UZT+0VxfIk0JUkX8QvM2qMQYY9efX+Dq+N0ODS1vsdP43pKxowOQlQUPKOsqoDch +IXW9qDD3uV+clg5L6BqDbX1O98oegcg6L24ZK1yKVzotiTj/eaZVpzTtrNYzWB0+ +qO9FTwLqOmIRcduKKu5zctC7QlpFY3U2ikbkYpPsam/9GSXVe0LuMRLleiMPQUdU +ZJlkZr221OGq5TVhyJ6zEwud26wExB16tLU26ZvEFwExoUPboH/UQwX8L9vd8BKp +a32u35n5MOn+54Rfa4qfpU+uLB056CCKL8PwVLN9Xzeg+gJLfWqwEalPmSsylakO +7+suOGaUKy1a/uszD97dKk3Abwfoyb0qvbdF131GR04NYIzkQl72CBlxuWqVUt9o +pmwsUDAzwoJWi0sKy0dTm3KZHLJ+3OMIydod3beS9uS6Yro6NJBN5EPw3PoByBF5 +DUkOfW6tV0dlHyXOuwU+JzBd4iwJgO53GVPAap8a/eOGgNCiw72gYM4lcHnwShL0 +/v969VqntPXb7YF1hMs6ef3zTmLEB4xaXcARynnNkZnpQppxSPeHeXU+KxZCjkLE +brzHFnUMr8UJOyra3C/iXfi/OKJcBIURc3oY29Q45GBcV0s/W3n8TVF4qEqtbv3c +NbEmgcdzLGA28XiuyUH+pLxK3qP54jlqhd22q5qoN/gz4MKG+hJMMcO00Hj7+4Fb +fnxxGE5far3zjHLaxfnRKIfseU9DrQVh6gTg8ibe0kdoUXrptIb51eRcukE7s/yc +01Play8GYik4x+kcNAmQT29EslB/3RcrWH3tZExJjjDaC+Ty2atCMmlLGxt7VHOa +C3k0QHYSE/TULBldB64S1vVFrZgzLFTlXKGm38mOGCG3t/lQQDTo3IAp0YE+atM3 +VG6ON3SSU0QRP1aEkZY8t9rf3+/J8Nl8oF4kF9ISzLNhlR/KJlNkmDvG/ic0skJK +KYezuuYH8/eEr9ZFfBsb9mRsFCM9iBZl/XqebCCC5/kfXzL/Hpp4f0L7DH4C0f6L +LbMCFhvsCNGh+1pdIjN9hbAkv/r2NN8+MaY2xFk0ukLfKgpLp0EfpkkcM0EZcvFn +j1JpB7rshCLj4PzM77fLh99H4cffL2qyzXqFF2Y7iW28bW/RQFxYwpyEnowrcRH/ +11Qi525SdKWRkb9QlTJqFI6wsWe5kmYO/kDqGUpGPGK8+XTRTFjTci7NPLqN+s0w +Z4/b5SMVucBKq9sUm6g= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key new file mode 100644 index 000000000..d475ef481 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4zAcBgoqhkiG9w0BDAEBMA4ECCLhzdwnOXIZAgIIAASCBMG8Wgfn++CFRl37 +FdQZ90pI+u37yj8v0kFd3rDaDMurEftf10gWwTbm8R8J0eK1edIAHQabkgsF83gD +yrxKFp1zhHI1t65gPKHcirhx0t9XuClxAOzEme//iMaw/yf/IKYo9NRqyvA6BKHW +2h3J4+JSGLSaCsRUyzhoL6xOzF+VX8zE8PI11TcqfJe7TGs/9G0Pv2XxFpfrG7pz +nz5mkAYdckYHcu7+CQGJ09ZUkblV3MYKEEbq5xXEo4Kku/n1YNrh6BEWMLo5XgOU +YIAkzhSfnbTt6QrxM+90b4qwk5amrC4w1jUu73ZzaBQs7fhx01pR2y3zTPBD2Dpk +G3iLprgEFqsoGCCOqqqEiEF/xDREZEPW0es2RruQ9Tn14LbgTj5XVFI/wBcvp9uZ +pjS5chC0/CRbGcRi47A9vx9bjgwiGCDpxx0/Kn68uFCaCeGOAQ687XxAn1UHmBD3 +esjjb7S16ld9rSKV0oXWugUZKFdoq87AHY8Njhin++biuAEfySu3iH5ajzZV9dEj +6JHVwotuL2diVu7NU8mIsfr1kCJoUxIAbWFvoglWNmTtaIBkc5ch+kUTsz9rDtSp +lL9fT+wzjN7Q7lyRfIhNOheg2xF9huwF6mqnSlDfvwvEJ8NsQI9+CeooI2c1Zc0a +Bh/vDvCzov8TE+1Ma8CnrbaM/aSZ0FIq6PcpWSBLXSDXbLwabEEOLoXQXogOZsc5 +0sz71l5c8jJPlzXxFYYW8CNuxTsUP+hN2oWvbmL5YLq8P+1tw68jcdbqhTqoqrW1 +pGEXd2iMRUfCTDuCM6Bn4iIN80qUqqBAuoTC+zCVHnI7+ygmovhf/ykfVzNaDSIW +BkDsmZoH6bq3F9HpvOWggh0yK/l1b1E4PDQ6hq7qWNyJMyjYBJEbEdd9O3GW2qev +3ARhb0yGulxYH/h3yp2mIfxL+UTfRMcUZD2SobL+phLR/9TMUi6IaHnBAF85snAb +rbtAKCp9myFLwG1BujaQ18fKQFgcMjbJY3gLIz+3AC72irLSdgGti2drjP2hDGKp +RITAEydZXIwf67JMKkvyuknVWMf9ri9tMOZEvohnU3bW4g9vkv89CUtCLWF8iejM +fKIP5hjHOcKRLvvACFbgjYCPt8iPCcQckYe+FZI5T7zYsyQQ47fygS1f7MWZblPJ +UKAm8jxWUyySvEzIMHkoZaHtC72OS/L3iCjJ7mkKSZKeCDAzSEJeeQcOl0klVCQ8 +0P+mXq5wtGakW9MKLhmsOjUIsyN2f3gCO0nESYhWD+3EKFLSW7ZsHbDmwqSDh6bn +blFvlQd7cpfYFtlmbxZFcv/l2ijQWPHi93G/0VIhFHxI6LegKt00bIL5iwyF3NpW +dNzuE69hweTSKvOPqRsRnWyGv9dVLIaQPwUS+eEfsGGNzM9rbty0j5Bw6KY/uDgt +blTfN3yZBcyEsdPwyiVLdi65zMzN8g4VVQBHFhXWPa2N4gJQVq+6q9hQkgFFU7y3 +f8MX4BrKq8ifwWxsjL2FawcAoDcHUdCZjt/HZ+9/rL3iQvKeHbDbqu4kxlrE1FJn +0LHIB21qZIo+6r3fdNMUFkuDRBT9eEh3Wxlg8G35FYCIiOuIwB2ED/Hdnqtnemxj +kjRXU176HQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0c30e04aa..a02dd8ee9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -114,6 +114,22 @@ X509 Parse Key #9 (PKCS#8 wrapped) depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_keyfile:"data_files/format_gen.key":"":0 +X509 Parse Key #10 (PKCS#8 encrypted SHA1-3DES) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0 + +X509 Parse Key #11 (PKCS#8 encrypted SHA1-3DES DER) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0 + +X509 Parse Key #12 (PKCS#8 encrypted SHA1-2DES) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0 + +X509 Parse Key #13 (PKCS#8 encrypted SHA1-RC4-128) +depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO +x509parse_keyfile:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 + X509 Parse Public Key #1 (PKCS#8 wrapped) depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_public_keyfile:"data_files/format_gen.pub":0