26 #if !defined(POLARSSL_CONFIG_FILE) 29 #include POLARSSL_CONFIG_FILE 32 #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C) 40 #if defined(POLARSSL_PLATFORM_C) 43 #define polarssl_malloc malloc 44 #define polarssl_free free 50 static void polarssl_zeroize(
void *v,
size_t n ) {
51 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
54 #if defined(POLARSSL_PEM_PARSE_C) 55 void pem_init( pem_context *ctx )
57 memset( ctx, 0,
sizeof( pem_context ) );
60 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ 61 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) 65 static int pem_get_iv(
const unsigned char *s,
unsigned char *iv,
70 memset( iv, 0, iv_len );
72 for( i = 0; i < iv_len * 2; i++, s++ )
74 if( *s >=
'0' && *s <=
'9' ) j = *s -
'0';
else 75 if( *s >=
'A' && *s <=
'F' ) j = *s -
'7';
else 76 if( *s >=
'a' && *s <=
'f' ) j = *s -
'W';
else 79 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
81 iv[i >> 1] = (
unsigned char)( iv[i >> 1] | k );
87 static void pem_pbkdf1(
unsigned char *key,
size_t keylen,
89 const unsigned char *pwd,
size_t pwdlen )
92 unsigned char md5sum[16];
107 memcpy( key, md5sum, keylen );
110 polarssl_zeroize( md5sum, 16 );
114 memcpy( key, md5sum, 16 );
127 use_len = keylen - 16;
129 memcpy( key + 16, md5sum, use_len );
132 polarssl_zeroize( md5sum, 16 );
135 #if defined(POLARSSL_DES_C) 139 static void pem_des_decrypt(
unsigned char des_iv[8],
140 unsigned char *buf,
size_t buflen,
141 const unsigned char *pwd,
size_t pwdlen )
144 unsigned char des_key[8];
148 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
155 polarssl_zeroize( des_key, 8 );
161 static void pem_des3_decrypt(
unsigned char des3_iv[8],
162 unsigned char *buf,
size_t buflen,
163 const unsigned char *pwd,
size_t pwdlen )
166 unsigned char des3_key[24];
170 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
177 polarssl_zeroize( des3_key, 24 );
181 #if defined(POLARSSL_AES_C) 185 static void pem_aes_decrypt(
unsigned char aes_iv[16],
unsigned int keylen,
186 unsigned char *buf,
size_t buflen,
187 const unsigned char *pwd,
size_t pwdlen )
190 unsigned char aes_key[32];
194 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
201 polarssl_zeroize( aes_key, keylen );
208 int pem_read_buffer( pem_context *ctx,
const char *header,
const char *footer,
209 const unsigned char *data,
const unsigned char *pwd,
210 size_t pwdlen,
size_t *use_len )
215 const unsigned char *s1, *s2, *end;
216 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ 217 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) 218 unsigned char pem_iv[16];
229 s1 = (
unsigned char *) strstr( (
const char *) data, header );
234 s2 = (
unsigned char *) strstr( (
const char *) data, footer );
236 if( s2 == NULL || s2 <= s1 )
239 s1 += strlen( header );
240 if( *s1 ==
'\r' ) s1++;
241 if( *s1 ==
'\n' ) s1++;
245 end += strlen( footer );
246 if( *end ==
'\r' ) end++;
247 if( *end ==
'\n' ) end++;
248 *use_len = end - data;
252 if( memcmp( s1,
"Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
254 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ 255 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) 259 if( *s1 ==
'\r' ) s1++;
260 if( *s1 ==
'\n' ) s1++;
264 #if defined(POLARSSL_DES_C) 265 if( memcmp( s1,
"DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
270 if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
275 else if( memcmp( s1,
"DEK-Info: DES-CBC,", 18 ) == 0 )
280 if( pem_get_iv( s1, pem_iv, 8) != 0 )
287 #if defined(POLARSSL_AES_C) 288 if( memcmp( s1,
"DEK-Info: AES-", 14 ) == 0 )
290 if( memcmp( s1,
"DEK-Info: AES-128-CBC,", 22 ) == 0 )
292 else if( memcmp( s1,
"DEK-Info: AES-192-CBC,", 22 ) == 0 )
294 else if( memcmp( s1,
"DEK-Info: AES-256-CBC,", 22 ) == 0 )
300 if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
310 if( *s1 ==
'\r' ) s1++;
311 if( *s1 ==
'\n' ) s1++;
336 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ 337 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) 344 #if defined(POLARSSL_DES_C) 346 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
348 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
351 #if defined(POLARSSL_AES_C) 353 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
355 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
357 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
366 if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
384 void pem_free( pem_context *ctx )
389 polarssl_zeroize( ctx,
sizeof( pem_context ) );
393 #if defined(POLARSSL_PEM_WRITE_C) 394 int pem_write_buffer(
const char *header,
const char *footer,
395 const unsigned char *der_data,
size_t der_len,
396 unsigned char *buf,
size_t buf_len,
size_t *olen )
399 unsigned char *encode_buf, *c, *p = buf;
400 size_t len = 0, use_len = 0, add_len = 0;
403 add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
405 if( use_len + add_len > buf_len )
407 *olen = use_len + add_len;
421 memcpy( p, header, strlen( header ) );
422 p += strlen( header );
427 len = ( use_len > 64 ) ? 64 : use_len;
435 memcpy( p, footer, strlen( footer ) );
436 p += strlen( footer );
int base64_decode(unsigned char *dst, size_t *dlen, const unsigned char *src, size_t slen)
Decode a base64-formatted buffer.
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
void des3_init(des3_context *ctx)
Initialize Triple-DES context.
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
Unsupported key encryption algorithm.
#define POLARSSL_ERR_PEM_MALLOC_FAILED
Failed to allocate memory.
Configuration options (set of defines)
int aes_setkey_dec(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (decryption)
void md5_finish(md5_context *ctx, unsigned char output[16])
MD5 final digest.
void md5_free(md5_context *ctx)
Clear MD5 context.
void des3_free(des3_context *ctx)
Clear Triple-DES context.
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
Privacy Enhanced Mail (PEM) decoding.
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL
Output buffer too small.
Triple-DES context structure.
void des_init(des_context *ctx)
Initialize DES context.
int aes_crypt_cbc(aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
AES-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
void md5_starts(md5_context *ctx)
MD5 context setup.
#define POLARSSL_ERR_PEM_INVALID_ENC_IV
RSA IV is not in hex-format.
#define POLARSSL_ERR_PEM_INVALID_DATA
PEM string is not as expected.
void des_free(des_context *ctx)
Clear DES context.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
void md5_init(md5_context *ctx)
Initialize MD5 context.
RFC 1521 base64 encoding/decoding.
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
void aes_free(aes_context *ctx)
Clear AES context.
void md5_update(md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 process buffer.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
MD5 message digest algorithm (hash function)
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER
Invalid character in input.
void aes_init(aes_context *ctx)
Initialize AES context.
int base64_encode(unsigned char *dst, size_t *dlen, const unsigned char *src, size_t slen)
Encode a buffer into base64 format.
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption