Nitin Shukla / LED_Demo

nkjnm

Dependencies:   MAX44000 nexpaq_mdk

Fork of LED_Demo by Maxim nexpaq

mbd_os/features/mbedtls/src/pem.c@1:55a6170b404f, 2016-09-17 (annotated)

Committer:
nexpaq
Date:
Sat Sep 17 16:32:05 2016 +0000
Revision:
1:55a6170b404f
checking in for sharing

Who changed what in which revision?

UserRevisionLine numberNew contents of line
nexpaq 1:55a6170b404f 1 /*
nexpaq 1:55a6170b404f 2 * Privacy Enhanced Mail (PEM) decoding
nexpaq 1:55a6170b404f 3 *
nexpaq 1:55a6170b404f 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
nexpaq 1:55a6170b404f 5 * SPDX-License-Identifier: Apache-2.0
nexpaq 1:55a6170b404f 6 *
nexpaq 1:55a6170b404f 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
nexpaq 1:55a6170b404f 8 * not use this file except in compliance with the License.
nexpaq 1:55a6170b404f 9 * You may obtain a copy of the License at
nexpaq 1:55a6170b404f 10 *
nexpaq 1:55a6170b404f 11 * http://www.apache.org/licenses/LICENSE-2.0
nexpaq 1:55a6170b404f 12 *
nexpaq 1:55a6170b404f 13 * Unless required by applicable law or agreed to in writing, software
nexpaq 1:55a6170b404f 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
nexpaq 1:55a6170b404f 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
nexpaq 1:55a6170b404f 16 * See the License for the specific language governing permissions and
nexpaq 1:55a6170b404f 17 * limitations under the License.
nexpaq 1:55a6170b404f 18 *
nexpaq 1:55a6170b404f 19 * This file is part of mbed TLS (https://tls.mbed.org)
nexpaq 1:55a6170b404f 20 */
nexpaq 1:55a6170b404f 21
nexpaq 1:55a6170b404f 22 #if !defined(MBEDTLS_CONFIG_FILE)
nexpaq 1:55a6170b404f 23 #include "mbedtls/config.h"
nexpaq 1:55a6170b404f 24 #else
nexpaq 1:55a6170b404f 25 #include MBEDTLS_CONFIG_FILE
nexpaq 1:55a6170b404f 26 #endif
nexpaq 1:55a6170b404f 27
nexpaq 1:55a6170b404f 28 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
nexpaq 1:55a6170b404f 29
nexpaq 1:55a6170b404f 30 #include "mbedtls/pem.h"
nexpaq 1:55a6170b404f 31 #include "mbedtls/base64.h"
nexpaq 1:55a6170b404f 32 #include "mbedtls/des.h"
nexpaq 1:55a6170b404f 33 #include "mbedtls/aes.h"
nexpaq 1:55a6170b404f 34 #include "mbedtls/md5.h"
nexpaq 1:55a6170b404f 35 #include "mbedtls/cipher.h"
nexpaq 1:55a6170b404f 36
nexpaq 1:55a6170b404f 37 #include <string.h>
nexpaq 1:55a6170b404f 38
nexpaq 1:55a6170b404f 39 #if defined(MBEDTLS_PLATFORM_C)
nexpaq 1:55a6170b404f 40 #include "mbedtls/platform.h"
nexpaq 1:55a6170b404f 41 #else
nexpaq 1:55a6170b404f 42 #include <stdlib.h>
nexpaq 1:55a6170b404f 43 #define mbedtls_calloc calloc
nexpaq 1:55a6170b404f 44 #define mbedtls_free free
nexpaq 1:55a6170b404f 45 #endif
nexpaq 1:55a6170b404f 46
nexpaq 1:55a6170b404f 47 /* Implementation that should never be optimized out by the compiler */
nexpaq 1:55a6170b404f 48 static void mbedtls_zeroize( void *v, size_t n ) {
nexpaq 1:55a6170b404f 49 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
nexpaq 1:55a6170b404f 50 }
nexpaq 1:55a6170b404f 51
nexpaq 1:55a6170b404f 52 #if defined(MBEDTLS_PEM_PARSE_C)
nexpaq 1:55a6170b404f 53 void mbedtls_pem_init( mbedtls_pem_context *ctx )
nexpaq 1:55a6170b404f 54 {
nexpaq 1:55a6170b404f 55 memset( ctx, 0, sizeof( mbedtls_pem_context ) );
nexpaq 1:55a6170b404f 56 }
nexpaq 1:55a6170b404f 57
nexpaq 1:55a6170b404f 58 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
nexpaq 1:55a6170b404f 59 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
nexpaq 1:55a6170b404f 60 /*
nexpaq 1:55a6170b404f 61 * Read a 16-byte hex string and convert it to binary
nexpaq 1:55a6170b404f 62 */
nexpaq 1:55a6170b404f 63 static int pem_get_iv( const unsigned char *s, unsigned char *iv,
nexpaq 1:55a6170b404f 64 size_t iv_len )
nexpaq 1:55a6170b404f 65 {
nexpaq 1:55a6170b404f 66 size_t i, j, k;
nexpaq 1:55a6170b404f 67
nexpaq 1:55a6170b404f 68 memset( iv, 0, iv_len );
nexpaq 1:55a6170b404f 69
nexpaq 1:55a6170b404f 70 for( i = 0; i < iv_len * 2; i++, s++ )
nexpaq 1:55a6170b404f 71 {
nexpaq 1:55a6170b404f 72 if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
nexpaq 1:55a6170b404f 73 if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
nexpaq 1:55a6170b404f 74 if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
nexpaq 1:55a6170b404f 75 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
nexpaq 1:55a6170b404f 76
nexpaq 1:55a6170b404f 77 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
nexpaq 1:55a6170b404f 78
nexpaq 1:55a6170b404f 79 iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
nexpaq 1:55a6170b404f 80 }
nexpaq 1:55a6170b404f 81
nexpaq 1:55a6170b404f 82 return( 0 );
nexpaq 1:55a6170b404f 83 }
nexpaq 1:55a6170b404f 84
nexpaq 1:55a6170b404f 85 static void pem_pbkdf1( unsigned char *key, size_t keylen,
nexpaq 1:55a6170b404f 86 unsigned char *iv,
nexpaq 1:55a6170b404f 87 const unsigned char *pwd, size_t pwdlen )
nexpaq 1:55a6170b404f 88 {
nexpaq 1:55a6170b404f 89 mbedtls_md5_context md5_ctx;
nexpaq 1:55a6170b404f 90 unsigned char md5sum[16];
nexpaq 1:55a6170b404f 91 size_t use_len;
nexpaq 1:55a6170b404f 92
nexpaq 1:55a6170b404f 93 mbedtls_md5_init( &md5_ctx );
nexpaq 1:55a6170b404f 94
nexpaq 1:55a6170b404f 95 /*
nexpaq 1:55a6170b404f 96 * key[ 0..15] = MD5(pwd || IV)
nexpaq 1:55a6170b404f 97 */
nexpaq 1:55a6170b404f 98 mbedtls_md5_starts( &md5_ctx );
nexpaq 1:55a6170b404f 99 mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
nexpaq 1:55a6170b404f 100 mbedtls_md5_update( &md5_ctx, iv, 8 );
nexpaq 1:55a6170b404f 101 mbedtls_md5_finish( &md5_ctx, md5sum );
nexpaq 1:55a6170b404f 102
nexpaq 1:55a6170b404f 103 if( keylen <= 16 )
nexpaq 1:55a6170b404f 104 {
nexpaq 1:55a6170b404f 105 memcpy( key, md5sum, keylen );
nexpaq 1:55a6170b404f 106
nexpaq 1:55a6170b404f 107 mbedtls_md5_free( &md5_ctx );
nexpaq 1:55a6170b404f 108 mbedtls_zeroize( md5sum, 16 );
nexpaq 1:55a6170b404f 109 return;
nexpaq 1:55a6170b404f 110 }
nexpaq 1:55a6170b404f 111
nexpaq 1:55a6170b404f 112 memcpy( key, md5sum, 16 );
nexpaq 1:55a6170b404f 113
nexpaq 1:55a6170b404f 114 /*
nexpaq 1:55a6170b404f 115 * key[16..23] = MD5(key[ 0..15] || pwd || IV])
nexpaq 1:55a6170b404f 116 */
nexpaq 1:55a6170b404f 117 mbedtls_md5_starts( &md5_ctx );
nexpaq 1:55a6170b404f 118 mbedtls_md5_update( &md5_ctx, md5sum, 16 );
nexpaq 1:55a6170b404f 119 mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
nexpaq 1:55a6170b404f 120 mbedtls_md5_update( &md5_ctx, iv, 8 );
nexpaq 1:55a6170b404f 121 mbedtls_md5_finish( &md5_ctx, md5sum );
nexpaq 1:55a6170b404f 122
nexpaq 1:55a6170b404f 123 use_len = 16;
nexpaq 1:55a6170b404f 124 if( keylen < 32 )
nexpaq 1:55a6170b404f 125 use_len = keylen - 16;
nexpaq 1:55a6170b404f 126
nexpaq 1:55a6170b404f 127 memcpy( key + 16, md5sum, use_len );
nexpaq 1:55a6170b404f 128
nexpaq 1:55a6170b404f 129 mbedtls_md5_free( &md5_ctx );
nexpaq 1:55a6170b404f 130 mbedtls_zeroize( md5sum, 16 );
nexpaq 1:55a6170b404f 131 }
nexpaq 1:55a6170b404f 132
nexpaq 1:55a6170b404f 133 #if defined(MBEDTLS_DES_C)
nexpaq 1:55a6170b404f 134 /*
nexpaq 1:55a6170b404f 135 * Decrypt with DES-CBC, using PBKDF1 for key derivation
nexpaq 1:55a6170b404f 136 */
nexpaq 1:55a6170b404f 137 static void pem_des_decrypt( unsigned char des_iv[8],
nexpaq 1:55a6170b404f 138 unsigned char *buf, size_t buflen,
nexpaq 1:55a6170b404f 139 const unsigned char *pwd, size_t pwdlen )
nexpaq 1:55a6170b404f 140 {
nexpaq 1:55a6170b404f 141 mbedtls_des_context des_ctx;
nexpaq 1:55a6170b404f 142 unsigned char des_key[8];
nexpaq 1:55a6170b404f 143
nexpaq 1:55a6170b404f 144 mbedtls_des_init( &des_ctx );
nexpaq 1:55a6170b404f 145
nexpaq 1:55a6170b404f 146 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
nexpaq 1:55a6170b404f 147
nexpaq 1:55a6170b404f 148 mbedtls_des_setkey_dec( &des_ctx, des_key );
nexpaq 1:55a6170b404f 149 mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
nexpaq 1:55a6170b404f 150 des_iv, buf, buf );
nexpaq 1:55a6170b404f 151
nexpaq 1:55a6170b404f 152 mbedtls_des_free( &des_ctx );
nexpaq 1:55a6170b404f 153 mbedtls_zeroize( des_key, 8 );
nexpaq 1:55a6170b404f 154 }
nexpaq 1:55a6170b404f 155
nexpaq 1:55a6170b404f 156 /*
nexpaq 1:55a6170b404f 157 * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
nexpaq 1:55a6170b404f 158 */
nexpaq 1:55a6170b404f 159 static void pem_des3_decrypt( unsigned char des3_iv[8],
nexpaq 1:55a6170b404f 160 unsigned char *buf, size_t buflen,
nexpaq 1:55a6170b404f 161 const unsigned char *pwd, size_t pwdlen )
nexpaq 1:55a6170b404f 162 {
nexpaq 1:55a6170b404f 163 mbedtls_des3_context des3_ctx;
nexpaq 1:55a6170b404f 164 unsigned char des3_key[24];
nexpaq 1:55a6170b404f 165
nexpaq 1:55a6170b404f 166 mbedtls_des3_init( &des3_ctx );
nexpaq 1:55a6170b404f 167
nexpaq 1:55a6170b404f 168 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
nexpaq 1:55a6170b404f 169
nexpaq 1:55a6170b404f 170 mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
nexpaq 1:55a6170b404f 171 mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
nexpaq 1:55a6170b404f 172 des3_iv, buf, buf );
nexpaq 1:55a6170b404f 173
nexpaq 1:55a6170b404f 174 mbedtls_des3_free( &des3_ctx );
nexpaq 1:55a6170b404f 175 mbedtls_zeroize( des3_key, 24 );
nexpaq 1:55a6170b404f 176 }
nexpaq 1:55a6170b404f 177 #endif /* MBEDTLS_DES_C */
nexpaq 1:55a6170b404f 178
nexpaq 1:55a6170b404f 179 #if defined(MBEDTLS_AES_C)
nexpaq 1:55a6170b404f 180 /*
nexpaq 1:55a6170b404f 181 * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
nexpaq 1:55a6170b404f 182 */
nexpaq 1:55a6170b404f 183 static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
nexpaq 1:55a6170b404f 184 unsigned char *buf, size_t buflen,
nexpaq 1:55a6170b404f 185 const unsigned char *pwd, size_t pwdlen )
nexpaq 1:55a6170b404f 186 {
nexpaq 1:55a6170b404f 187 mbedtls_aes_context aes_ctx;
nexpaq 1:55a6170b404f 188 unsigned char aes_key[32];
nexpaq 1:55a6170b404f 189
nexpaq 1:55a6170b404f 190 mbedtls_aes_init( &aes_ctx );
nexpaq 1:55a6170b404f 191
nexpaq 1:55a6170b404f 192 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
nexpaq 1:55a6170b404f 193
nexpaq 1:55a6170b404f 194 mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
nexpaq 1:55a6170b404f 195 mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
nexpaq 1:55a6170b404f 196 aes_iv, buf, buf );
nexpaq 1:55a6170b404f 197
nexpaq 1:55a6170b404f 198 mbedtls_aes_free( &aes_ctx );
nexpaq 1:55a6170b404f 199 mbedtls_zeroize( aes_key, keylen );
nexpaq 1:55a6170b404f 200 }
nexpaq 1:55a6170b404f 201 #endif /* MBEDTLS_AES_C */
nexpaq 1:55a6170b404f 202
nexpaq 1:55a6170b404f 203 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
nexpaq 1:55a6170b404f 204 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
nexpaq 1:55a6170b404f 205
nexpaq 1:55a6170b404f 206 int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
nexpaq 1:55a6170b404f 207 const unsigned char *data, const unsigned char *pwd,
nexpaq 1:55a6170b404f 208 size_t pwdlen, size_t *use_len )
nexpaq 1:55a6170b404f 209 {
nexpaq 1:55a6170b404f 210 int ret, enc;
nexpaq 1:55a6170b404f 211 size_t len;
nexpaq 1:55a6170b404f 212 unsigned char *buf;
nexpaq 1:55a6170b404f 213 const unsigned char *s1, *s2, *end;
nexpaq 1:55a6170b404f 214 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
nexpaq 1:55a6170b404f 215 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
nexpaq 1:55a6170b404f 216 unsigned char pem_iv[16];
nexpaq 1:55a6170b404f 217 mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
nexpaq 1:55a6170b404f 218 #else
nexpaq 1:55a6170b404f 219 ((void) pwd);
nexpaq 1:55a6170b404f 220 ((void) pwdlen);
nexpaq 1:55a6170b404f 221 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
nexpaq 1:55a6170b404f 222 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
nexpaq 1:55a6170b404f 223
nexpaq 1:55a6170b404f 224 if( ctx == NULL )
nexpaq 1:55a6170b404f 225 return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
nexpaq 1:55a6170b404f 226
nexpaq 1:55a6170b404f 227 s1 = (unsigned char *) strstr( (const char *) data, header );
nexpaq 1:55a6170b404f 228
nexpaq 1:55a6170b404f 229 if( s1 == NULL )
nexpaq 1:55a6170b404f 230 return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
nexpaq 1:55a6170b404f 231
nexpaq 1:55a6170b404f 232 s2 = (unsigned char *) strstr( (const char *) data, footer );
nexpaq 1:55a6170b404f 233
nexpaq 1:55a6170b404f 234 if( s2 == NULL || s2 <= s1 )
nexpaq 1:55a6170b404f 235 return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
nexpaq 1:55a6170b404f 236
nexpaq 1:55a6170b404f 237 s1 += strlen( header );
nexpaq 1:55a6170b404f 238 if( *s1 == ' ' ) s1++;
nexpaq 1:55a6170b404f 239 if( *s1 == '\r' ) s1++;
nexpaq 1:55a6170b404f 240 if( *s1 == '\n' ) s1++;
nexpaq 1:55a6170b404f 241 else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
nexpaq 1:55a6170b404f 242
nexpaq 1:55a6170b404f 243 end = s2;
nexpaq 1:55a6170b404f 244 end += strlen( footer );
nexpaq 1:55a6170b404f 245 if( *end == ' ' ) end++;
nexpaq 1:55a6170b404f 246 if( *end == '\r' ) end++;
nexpaq 1:55a6170b404f 247 if( *end == '\n' ) end++;
nexpaq 1:55a6170b404f 248 *use_len = end - data;
nexpaq 1:55a6170b404f 249
nexpaq 1:55a6170b404f 250 enc = 0;
nexpaq 1:55a6170b404f 251
nexpaq 1:55a6170b404f 252 if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
nexpaq 1:55a6170b404f 253 {
nexpaq 1:55a6170b404f 254 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
nexpaq 1:55a6170b404f 255 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
nexpaq 1:55a6170b404f 256 enc++;
nexpaq 1:55a6170b404f 257
nexpaq 1:55a6170b404f 258 s1 += 22;
nexpaq 1:55a6170b404f 259 if( *s1 == '\r' ) s1++;
nexpaq 1:55a6170b404f 260 if( *s1 == '\n' ) s1++;
nexpaq 1:55a6170b404f 261 else return( MBEDTLS_ERR_PEM_INVALID_DATA );
nexpaq 1:55a6170b404f 262
nexpaq 1:55a6170b404f 263
nexpaq 1:55a6170b404f 264 #if defined(MBEDTLS_DES_C)
nexpaq 1:55a6170b404f 265 if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
nexpaq 1:55a6170b404f 266 {
nexpaq 1:55a6170b404f 267 enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
nexpaq 1:55a6170b404f 268
nexpaq 1:55a6170b404f 269 s1 += 23;
nexpaq 1:55a6170b404f 270 if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
nexpaq 1:55a6170b404f 271 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
nexpaq 1:55a6170b404f 272
nexpaq 1:55a6170b404f 273 s1 += 16;
nexpaq 1:55a6170b404f 274 }
nexpaq 1:55a6170b404f 275 else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
nexpaq 1:55a6170b404f 276 {
nexpaq 1:55a6170b404f 277 enc_alg = MBEDTLS_CIPHER_DES_CBC;
nexpaq 1:55a6170b404f 278
nexpaq 1:55a6170b404f 279 s1 += 18;
nexpaq 1:55a6170b404f 280 if( pem_get_iv( s1, pem_iv, 8) != 0 )
nexpaq 1:55a6170b404f 281 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
nexpaq 1:55a6170b404f 282
nexpaq 1:55a6170b404f 283 s1 += 16;
nexpaq 1:55a6170b404f 284 }
nexpaq 1:55a6170b404f 285 #endif /* MBEDTLS_DES_C */
nexpaq 1:55a6170b404f 286
nexpaq 1:55a6170b404f 287 #if defined(MBEDTLS_AES_C)
nexpaq 1:55a6170b404f 288 if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
nexpaq 1:55a6170b404f 289 {
nexpaq 1:55a6170b404f 290 if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
nexpaq 1:55a6170b404f 291 enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
nexpaq 1:55a6170b404f 292 else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
nexpaq 1:55a6170b404f 293 enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
nexpaq 1:55a6170b404f 294 else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
nexpaq 1:55a6170b404f 295 enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
nexpaq 1:55a6170b404f 296 else
nexpaq 1:55a6170b404f 297 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
nexpaq 1:55a6170b404f 298
nexpaq 1:55a6170b404f 299 s1 += 22;
nexpaq 1:55a6170b404f 300 if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
nexpaq 1:55a6170b404f 301 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
nexpaq 1:55a6170b404f 302
nexpaq 1:55a6170b404f 303 s1 += 32;
nexpaq 1:55a6170b404f 304 }
nexpaq 1:55a6170b404f 305 #endif /* MBEDTLS_AES_C */
nexpaq 1:55a6170b404f 306
nexpaq 1:55a6170b404f 307 if( enc_alg == MBEDTLS_CIPHER_NONE )
nexpaq 1:55a6170b404f 308 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
nexpaq 1:55a6170b404f 309
nexpaq 1:55a6170b404f 310 if( *s1 == '\r' ) s1++;
nexpaq 1:55a6170b404f 311 if( *s1 == '\n' ) s1++;
nexpaq 1:55a6170b404f 312 else return( MBEDTLS_ERR_PEM_INVALID_DATA );
nexpaq 1:55a6170b404f 313 #else
nexpaq 1:55a6170b404f 314 return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
nexpaq 1:55a6170b404f 315 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
nexpaq 1:55a6170b404f 316 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
nexpaq 1:55a6170b404f 317 }
nexpaq 1:55a6170b404f 318
nexpaq 1:55a6170b404f 319 if( s1 == s2 )
nexpaq 1:55a6170b404f 320 return( MBEDTLS_ERR_PEM_INVALID_DATA );
nexpaq 1:55a6170b404f 321
nexpaq 1:55a6170b404f 322 ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
nexpaq 1:55a6170b404f 323
nexpaq 1:55a6170b404f 324 if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
nexpaq 1:55a6170b404f 325 return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
nexpaq 1:55a6170b404f 326
nexpaq 1:55a6170b404f 327 if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
nexpaq 1:55a6170b404f 328 return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
nexpaq 1:55a6170b404f 329
nexpaq 1:55a6170b404f 330 if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
nexpaq 1:55a6170b404f 331 {
nexpaq 1:55a6170b404f 332 mbedtls_free( buf );
nexpaq 1:55a6170b404f 333 return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
nexpaq 1:55a6170b404f 334 }
nexpaq 1:55a6170b404f 335
nexpaq 1:55a6170b404f 336 if( enc != 0 )
nexpaq 1:55a6170b404f 337 {
nexpaq 1:55a6170b404f 338 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
nexpaq 1:55a6170b404f 339 ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
nexpaq 1:55a6170b404f 340 if( pwd == NULL )
nexpaq 1:55a6170b404f 341 {
nexpaq 1:55a6170b404f 342 mbedtls_free( buf );
nexpaq 1:55a6170b404f 343 return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
nexpaq 1:55a6170b404f 344 }
nexpaq 1:55a6170b404f 345
nexpaq 1:55a6170b404f 346 #if defined(MBEDTLS_DES_C)
nexpaq 1:55a6170b404f 347 if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
nexpaq 1:55a6170b404f 348 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
nexpaq 1:55a6170b404f 349 else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
nexpaq 1:55a6170b404f 350 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
nexpaq 1:55a6170b404f 351 #endif /* MBEDTLS_DES_C */
nexpaq 1:55a6170b404f 352
nexpaq 1:55a6170b404f 353 #if defined(MBEDTLS_AES_C)
nexpaq 1:55a6170b404f 354 if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
nexpaq 1:55a6170b404f 355 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
nexpaq 1:55a6170b404f 356 else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
nexpaq 1:55a6170b404f 357 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
nexpaq 1:55a6170b404f 358 else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
nexpaq 1:55a6170b404f 359 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
nexpaq 1:55a6170b404f 360 #endif /* MBEDTLS_AES_C */
nexpaq 1:55a6170b404f 361
nexpaq 1:55a6170b404f 362 /*
nexpaq 1:55a6170b404f 363 * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
nexpaq 1:55a6170b404f 364 * length bytes (allow 4 to be sure) in all known use cases.
nexpaq 1:55a6170b404f 365 *
nexpaq 1:55a6170b404f 366 * Use that as heurisitic to try detecting password mismatchs.
nexpaq 1:55a6170b404f 367 */
nexpaq 1:55a6170b404f 368 if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
nexpaq 1:55a6170b404f 369 {
nexpaq 1:55a6170b404f 370 mbedtls_free( buf );
nexpaq 1:55a6170b404f 371 return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
nexpaq 1:55a6170b404f 372 }
nexpaq 1:55a6170b404f 373 #else
nexpaq 1:55a6170b404f 374 mbedtls_free( buf );
nexpaq 1:55a6170b404f 375 return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
nexpaq 1:55a6170b404f 376 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
nexpaq 1:55a6170b404f 377 ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
nexpaq 1:55a6170b404f 378 }
nexpaq 1:55a6170b404f 379
nexpaq 1:55a6170b404f 380 ctx->buf = buf;
nexpaq 1:55a6170b404f 381 ctx->buflen = len;
nexpaq 1:55a6170b404f 382
nexpaq 1:55a6170b404f 383 return( 0 );
nexpaq 1:55a6170b404f 384 }
nexpaq 1:55a6170b404f 385
nexpaq 1:55a6170b404f 386 void mbedtls_pem_free( mbedtls_pem_context *ctx )
nexpaq 1:55a6170b404f 387 {
nexpaq 1:55a6170b404f 388 mbedtls_free( ctx->buf );
nexpaq 1:55a6170b404f 389 mbedtls_free( ctx->info );
nexpaq 1:55a6170b404f 390
nexpaq 1:55a6170b404f 391 mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
nexpaq 1:55a6170b404f 392 }
nexpaq 1:55a6170b404f 393 #endif /* MBEDTLS_PEM_PARSE_C */
nexpaq 1:55a6170b404f 394
nexpaq 1:55a6170b404f 395 #if defined(MBEDTLS_PEM_WRITE_C)
nexpaq 1:55a6170b404f 396 int mbedtls_pem_write_buffer( const char *header, const char *footer,
nexpaq 1:55a6170b404f 397 const unsigned char *der_data, size_t der_len,
nexpaq 1:55a6170b404f 398 unsigned char *buf, size_t buf_len, size_t *olen )
nexpaq 1:55a6170b404f 399 {
nexpaq 1:55a6170b404f 400 int ret;
nexpaq 1:55a6170b404f 401 unsigned char *encode_buf, *c, *p = buf;
nexpaq 1:55a6170b404f 402 size_t len = 0, use_len, add_len = 0;
nexpaq 1:55a6170b404f 403
nexpaq 1:55a6170b404f 404 mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
nexpaq 1:55a6170b404f 405 add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
nexpaq 1:55a6170b404f 406
nexpaq 1:55a6170b404f 407 if( use_len + add_len > buf_len )
nexpaq 1:55a6170b404f 408 {
nexpaq 1:55a6170b404f 409 *olen = use_len + add_len;
nexpaq 1:55a6170b404f 410 return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
nexpaq 1:55a6170b404f 411 }
nexpaq 1:55a6170b404f 412
nexpaq 1:55a6170b404f 413 if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
nexpaq 1:55a6170b404f 414 return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
nexpaq 1:55a6170b404f 415
nexpaq 1:55a6170b404f 416 if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
nexpaq 1:55a6170b404f 417 der_len ) ) != 0 )
nexpaq 1:55a6170b404f 418 {
nexpaq 1:55a6170b404f 419 mbedtls_free( encode_buf );
nexpaq 1:55a6170b404f 420 return( ret );
nexpaq 1:55a6170b404f 421 }
nexpaq 1:55a6170b404f 422
nexpaq 1:55a6170b404f 423 memcpy( p, header, strlen( header ) );
nexpaq 1:55a6170b404f 424 p += strlen( header );
nexpaq 1:55a6170b404f 425 c = encode_buf;
nexpaq 1:55a6170b404f 426
nexpaq 1:55a6170b404f 427 while( use_len )
nexpaq 1:55a6170b404f 428 {
nexpaq 1:55a6170b404f 429 len = ( use_len > 64 ) ? 64 : use_len;
nexpaq 1:55a6170b404f 430 memcpy( p, c, len );
nexpaq 1:55a6170b404f 431 use_len -= len;
nexpaq 1:55a6170b404f 432 p += len;
nexpaq 1:55a6170b404f 433 c += len;
nexpaq 1:55a6170b404f 434 *p++ = '\n';
nexpaq 1:55a6170b404f 435 }
nexpaq 1:55a6170b404f 436
nexpaq 1:55a6170b404f 437 memcpy( p, footer, strlen( footer ) );
nexpaq 1:55a6170b404f 438 p += strlen( footer );
nexpaq 1:55a6170b404f 439
nexpaq 1:55a6170b404f 440 *p++ = '\0';
nexpaq 1:55a6170b404f 441 *olen = p - buf;
nexpaq 1:55a6170b404f 442
nexpaq 1:55a6170b404f 443 mbedtls_free( encode_buf );
nexpaq 1:55a6170b404f 444 return( 0 );
nexpaq 1:55a6170b404f 445 }
nexpaq 1:55a6170b404f 446 #endif /* MBEDTLS_PEM_WRITE_C */
nexpaq 1:55a6170b404f 447 #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */