OpenSSL  1.0.1c
 All Classes Files Functions Variables Typedefs Enumerations Enumerator Macros
pvkfmt.c
Go to the documentation of this file.
1 /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL
2  * project 2005.
3  */
4 /* ====================================================================
5  * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  *
14  * 2. Redistributions in binary form must reproduce the above copyright
15  * notice, this list of conditions and the following disclaimer in
16  * the documentation and/or other materials provided with the
17  * distribution.
18  *
19  * 3. All advertising materials mentioning features or use of this
20  * software must display the following acknowledgment:
21  * "This product includes software developed by the OpenSSL Project
22  * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23  *
24  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25  * endorse or promote products derived from this software without
26  * prior written permission. For written permission, please contact
27  * [email protected].
28  *
29  * 5. Products derived from this software may not be called "OpenSSL"
30  * nor may "OpenSSL" appear in their names without prior written
31  * permission of the OpenSSL Project.
32  *
33  * 6. Redistributions of any form whatsoever must retain the following
34  * acknowledgment:
35  * "This product includes software developed by the OpenSSL Project
36  * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37  *
38  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49  * OF THE POSSIBILITY OF SUCH DAMAGE.
50  * ====================================================================
51  *
52  * This product includes cryptographic software written by Eric Young
53  * ([email protected]). This product includes software written by Tim
54  * Hudson ([email protected]).
55  *
56  */
57 
58 /* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
59  * and PRIVATEKEYBLOB).
60  */
61 
62 #include "cryptlib.h"
63 #include <openssl/pem.h>
64 #include <openssl/rand.h>
65 #include <openssl/bn.h>
66 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
67 #include <openssl/dsa.h>
68 #include <openssl/rsa.h>
69 
70 /* Utility function: read a DWORD (4 byte unsigned integer) in little endian
71  * format
72  */
73 
74 static unsigned int read_ledword(const unsigned char **in)
75  {
76  const unsigned char *p = *in;
77  unsigned int ret;
78  ret = *p++;
79  ret |= (*p++ << 8);
80  ret |= (*p++ << 16);
81  ret |= (*p++ << 24);
82  *in = p;
83  return ret;
84  }
85 
86 /* Read a BIGNUM in little endian format. The docs say that this should take up
87  * bitlen/8 bytes.
88  */
89 
90 static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
91  {
92  const unsigned char *p;
93  unsigned char *tmpbuf, *q;
94  unsigned int i;
95  p = *in + nbyte - 1;
96  tmpbuf = OPENSSL_malloc(nbyte);
97  if (!tmpbuf)
98  return 0;
99  q = tmpbuf;
100  for (i = 0; i < nbyte; i++)
101  *q++ = *p--;
102  *r = BN_bin2bn(tmpbuf, nbyte, NULL);
103  OPENSSL_free(tmpbuf);
104  if (*r)
105  {
106  *in += nbyte;
107  return 1;
108  }
109  else
110  return 0;
111  }
112 
113 
114 /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
115 
116 #define MS_PUBLICKEYBLOB 0x6
117 #define MS_PRIVATEKEYBLOB 0x7
118 #define MS_RSA1MAGIC 0x31415352L
119 #define MS_RSA2MAGIC 0x32415352L
120 #define MS_DSS1MAGIC 0x31535344L
121 #define MS_DSS2MAGIC 0x32535344L
122 
123 #define MS_KEYALG_RSA_KEYX 0xa400
124 #define MS_KEYALG_DSS_SIGN 0x2200
125 
126 #define MS_KEYTYPE_KEYX 0x1
127 #define MS_KEYTYPE_SIGN 0x2
128 
129 /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
130 #define MS_PVKMAGIC 0xb0b5f11eL
131 /* Salt length for PVK files */
132 #define PVK_SALTLEN 0x10
133 
134 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
135  unsigned int bitlen, int ispub);
136 static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
137  unsigned int bitlen, int ispub);
138 
139 static int do_blob_header(const unsigned char **in, unsigned int length,
140  unsigned int *pmagic, unsigned int *pbitlen,
141  int *pisdss, int *pispub)
142  {
143  const unsigned char *p = *in;
144  if (length < 16)
145  return 0;
146  /* bType */
147  if (*p == MS_PUBLICKEYBLOB)
148  {
149  if (*pispub == 0)
150  {
151  PEMerr(PEM_F_DO_BLOB_HEADER,
152  PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
153  return 0;
154  }
155  *pispub = 1;
156  }
157  else if (*p == MS_PRIVATEKEYBLOB)
158  {
159  if (*pispub == 1)
160  {
161  PEMerr(PEM_F_DO_BLOB_HEADER,
162  PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
163  return 0;
164  }
165  *pispub = 0;
166  }
167  else
168  return 0;
169  p++;
170  /* Version */
171  if (*p++ != 0x2)
172  {
173  PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
174  return 0;
175  }
176  /* Ignore reserved, aiKeyAlg */
177  p+= 6;
178  *pmagic = read_ledword(&p);
179  *pbitlen = read_ledword(&p);
180  *pisdss = 0;
181  switch (*pmagic)
182  {
183 
184  case MS_DSS1MAGIC:
185  *pisdss = 1;
186  case MS_RSA1MAGIC:
187  if (*pispub == 0)
188  {
189  PEMerr(PEM_F_DO_BLOB_HEADER,
190  PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
191  return 0;
192  }
193  break;
194 
195  case MS_DSS2MAGIC:
196  *pisdss = 1;
197  case MS_RSA2MAGIC:
198  if (*pispub == 1)
199  {
200  PEMerr(PEM_F_DO_BLOB_HEADER,
201  PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
202  return 0;
203  }
204  break;
205 
206  default:
207  PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
208  return -1;
209  }
210  *in = p;
211  return 1;
212  }
213 
214 static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
215  {
216  unsigned int nbyte, hnbyte;
217  nbyte = (bitlen + 7) >> 3;
218  hnbyte = (bitlen + 15) >> 4;
219  if (isdss)
220  {
221 
222  /* Expected length: 20 for q + 3 components bitlen each + 24
223  * for seed structure.
224  */
225  if (ispub)
226  return 44 + 3 * nbyte;
227  /* Expected length: 20 for q, priv, 2 bitlen components + 24
228  * for seed structure.
229  */
230  else
231  return 64 + 2 * nbyte;
232  }
233  else
234  {
235  /* Expected length: 4 for 'e' + 'n' */
236  if (ispub)
237  return 4 + nbyte;
238  else
239  /* Expected length: 4 for 'e' and 7 other components.
240  * 2 components are bitlen size, 5 are bitlen/2
241  */
242  return 4 + 2*nbyte + 5*hnbyte;
243  }
244 
245  }
246 
247 static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
248  int ispub)
249  {
250  const unsigned char *p = *in;
251  unsigned int bitlen, magic;
252  int isdss;
253  if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
254  {
255  PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
256  return NULL;
257  }
258  length -= 16;
259  if (length < blob_length(bitlen, isdss, ispub))
260  {
261  PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
262  return NULL;
263  }
264  if (isdss)
265  return b2i_dss(&p, length, bitlen, ispub);
266  else
267  return b2i_rsa(&p, length, bitlen, ispub);
268  }
269 
270 static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
271  {
272  const unsigned char *p;
273  unsigned char hdr_buf[16], *buf = NULL;
274  unsigned int bitlen, magic, length;
275  int isdss;
276  EVP_PKEY *ret = NULL;
277  if (BIO_read(in, hdr_buf, 16) != 16)
278  {
279  PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
280  return NULL;
281  }
282  p = hdr_buf;
283  if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
284  return NULL;
285 
286  length = blob_length(bitlen, isdss, ispub);
287  buf = OPENSSL_malloc(length);
288  if (!buf)
289  {
290  PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
291  goto err;
292  }
293  p = buf;
294  if (BIO_read(in, buf, length) != (int)length)
295  {
296  PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
297  goto err;
298  }
299 
300  if (isdss)
301  ret = b2i_dss(&p, length, bitlen, ispub);
302  else
303  ret = b2i_rsa(&p, length, bitlen, ispub);
304 
305  err:
306  if (buf)
307  OPENSSL_free(buf);
308  return ret;
309  }
310 
311 static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
312  unsigned int bitlen, int ispub)
313  {
314  const unsigned char *p = *in;
315  EVP_PKEY *ret = NULL;
316  DSA *dsa = NULL;
317  BN_CTX *ctx = NULL;
318  unsigned int nbyte;
319  nbyte = (bitlen + 7) >> 3;
320 
321  dsa = DSA_new();
322  ret = EVP_PKEY_new();
323  if (!dsa || !ret)
324  goto memerr;
325  if (!read_lebn(&p, nbyte, &dsa->p))
326  goto memerr;
327  if (!read_lebn(&p, 20, &dsa->q))
328  goto memerr;
329  if (!read_lebn(&p, nbyte, &dsa->g))
330  goto memerr;
331  if (ispub)
332  {
333  if (!read_lebn(&p, nbyte, &dsa->pub_key))
334  goto memerr;
335  }
336  else
337  {
338  if (!read_lebn(&p, 20, &dsa->priv_key))
339  goto memerr;
340  /* Calculate public key */
341  if (!(dsa->pub_key = BN_new()))
342  goto memerr;
343  if (!(ctx = BN_CTX_new()))
344  goto memerr;
345 
346  if (!BN_mod_exp(dsa->pub_key, dsa->g,
347  dsa->priv_key, dsa->p, ctx))
348 
349  goto memerr;
350  BN_CTX_free(ctx);
351  }
352 
353  EVP_PKEY_set1_DSA(ret, dsa);
354  DSA_free(dsa);
355  *in = p;
356  return ret;
357 
358  memerr:
359  PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
360  if (dsa)
361  DSA_free(dsa);
362  if (ret)
363  EVP_PKEY_free(ret);
364  if (ctx)
365  BN_CTX_free(ctx);
366  return NULL;
367  }
368 
369 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
370  unsigned int bitlen, int ispub)
371 
372  {
373  const unsigned char *p = *in;
374  EVP_PKEY *ret = NULL;
375  RSA *rsa = NULL;
376  unsigned int nbyte, hnbyte;
377  nbyte = (bitlen + 7) >> 3;
378  hnbyte = (bitlen + 15) >> 4;
379  rsa = RSA_new();
380  ret = EVP_PKEY_new();
381  if (!rsa || !ret)
382  goto memerr;
383  rsa->e = BN_new();
384  if (!rsa->e)
385  goto memerr;
386  if (!BN_set_word(rsa->e, read_ledword(&p)))
387  goto memerr;
388  if (!read_lebn(&p, nbyte, &rsa->n))
389  goto memerr;
390  if (!ispub)
391  {
392  if (!read_lebn(&p, hnbyte, &rsa->p))
393  goto memerr;
394  if (!read_lebn(&p, hnbyte, &rsa->q))
395  goto memerr;
396  if (!read_lebn(&p, hnbyte, &rsa->dmp1))
397  goto memerr;
398  if (!read_lebn(&p, hnbyte, &rsa->dmq1))
399  goto memerr;
400  if (!read_lebn(&p, hnbyte, &rsa->iqmp))
401  goto memerr;
402  if (!read_lebn(&p, nbyte, &rsa->d))
403  goto memerr;
404  }
405 
406  EVP_PKEY_set1_RSA(ret, rsa);
407  RSA_free(rsa);
408  *in = p;
409  return ret;
410  memerr:
411  PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
412  if (rsa)
413  RSA_free(rsa);
414  if (ret)
415  EVP_PKEY_free(ret);
416  return NULL;
417  }
418 
419 EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
420  {
421  return do_b2i(in, length, 0);
422  }
423 
424 EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
425  {
426  return do_b2i(in, length, 1);
427  }
428 
429 
430 EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
431  {
432  return do_b2i_bio(in, 0);
433  }
434 
435 EVP_PKEY *b2i_PublicKey_bio(BIO *in)
436  {
437  return do_b2i_bio(in, 1);
438  }
439 
440 static void write_ledword(unsigned char **out, unsigned int dw)
441  {
442  unsigned char *p = *out;
443  *p++ = dw & 0xff;
444  *p++ = (dw>>8) & 0xff;
445  *p++ = (dw>>16) & 0xff;
446  *p++ = (dw>>24) & 0xff;
447  *out = p;
448  }
449 
450 static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
451  {
452  int nb, i;
453  unsigned char *p = *out, *q, c;
454  nb = BN_num_bytes(bn);
455  BN_bn2bin(bn, p);
456  q = p + nb - 1;
457  /* In place byte order reversal */
458  for (i = 0; i < nb/2; i++)
459  {
460  c = *p;
461  *p++ = *q;
462  *q-- = c;
463  }
464  *out += nb;
465  /* Pad with zeroes if we have to */
466  if (len > 0)
467  {
468  len -= nb;
469  if (len > 0)
470  {
471  memset(*out, 0, len);
472  *out += len;
473  }
474  }
475  }
476 
477 
478 static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
479 static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
480 
481 static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
482 static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
483 
484 static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
485  {
486  unsigned char *p;
487  unsigned int bitlen, magic = 0, keyalg;
488  int outlen, noinc = 0;
489  if (pk->type == EVP_PKEY_DSA)
490  {
491  bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
492  keyalg = MS_KEYALG_DSS_SIGN;
493  }
494  else if (pk->type == EVP_PKEY_RSA)
495  {
496  bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
497  keyalg = MS_KEYALG_RSA_KEYX;
498  }
499  else
500  return -1;
501  if (bitlen == 0)
502  return -1;
503  outlen = 16 + blob_length(bitlen,
504  keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
505  if (out == NULL)
506  return outlen;
507  if (*out)
508  p = *out;
509  else
510  {
511  p = OPENSSL_malloc(outlen);
512  if (!p)
513  return -1;
514  *out = p;
515  noinc = 1;
516  }
517  if (ispub)
518  *p++ = MS_PUBLICKEYBLOB;
519  else
520  *p++ = MS_PRIVATEKEYBLOB;
521  *p++ = 0x2;
522  *p++ = 0;
523  *p++ = 0;
524  write_ledword(&p, keyalg);
525  write_ledword(&p, magic);
526  write_ledword(&p, bitlen);
527  if (keyalg == MS_KEYALG_DSS_SIGN)
528  write_dsa(&p, pk->pkey.dsa, ispub);
529  else
530  write_rsa(&p, pk->pkey.rsa, ispub);
531  if (!noinc)
532  *out += outlen;
533  return outlen;
534  }
535 
536 static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
537  {
538  unsigned char *tmp = NULL;
539  int outlen, wrlen;
540  outlen = do_i2b(&tmp, pk, ispub);
541  if (outlen < 0)
542  return -1;
543  wrlen = BIO_write(out, tmp, outlen);
544  OPENSSL_free(tmp);
545  if (wrlen == outlen)
546  return outlen;
547  return -1;
548  }
549 
550 static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
551  {
552  int bitlen;
553  bitlen = BN_num_bits(dsa->p);
554  if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
555  || (BN_num_bits(dsa->g) > bitlen))
556  goto badkey;
557  if (ispub)
558  {
559  if (BN_num_bits(dsa->pub_key) > bitlen)
560  goto badkey;
561  *pmagic = MS_DSS1MAGIC;
562  }
563  else
564  {
565  if (BN_num_bits(dsa->priv_key) > 160)
566  goto badkey;
567  *pmagic = MS_DSS2MAGIC;
568  }
569 
570  return bitlen;
571  badkey:
572  PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
573  return 0;
574  }
575 
576 static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
577  {
578  int nbyte, hnbyte, bitlen;
579  if (BN_num_bits(rsa->e) > 32)
580  goto badkey;
581  bitlen = BN_num_bits(rsa->n);
582  nbyte = BN_num_bytes(rsa->n);
583  hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
584  if (ispub)
585  {
586  *pmagic = MS_RSA1MAGIC;
587  return bitlen;
588  }
589  else
590  {
591  *pmagic = MS_RSA2MAGIC;
592  /* For private key each component must fit within nbyte or
593  * hnbyte.
594  */
595  if (BN_num_bytes(rsa->d) > nbyte)
596  goto badkey;
597  if ((BN_num_bytes(rsa->iqmp) > hnbyte)
598  || (BN_num_bytes(rsa->p) > hnbyte)
599  || (BN_num_bytes(rsa->q) > hnbyte)
600  || (BN_num_bytes(rsa->dmp1) > hnbyte)
601  || (BN_num_bytes(rsa->dmq1) > hnbyte))
602  goto badkey;
603  }
604  return bitlen;
605  badkey:
606  PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
607  return 0;
608  }
609 
610 
611 static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
612  {
613  int nbyte, hnbyte;
614  nbyte = BN_num_bytes(rsa->n);
615  hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
616  write_lebn(out, rsa->e, 4);
617  write_lebn(out, rsa->n, -1);
618  if (ispub)
619  return;
620  write_lebn(out, rsa->p, hnbyte);
621  write_lebn(out, rsa->q, hnbyte);
622  write_lebn(out, rsa->dmp1, hnbyte);
623  write_lebn(out, rsa->dmq1, hnbyte);
624  write_lebn(out, rsa->iqmp, hnbyte);
625  write_lebn(out, rsa->d, nbyte);
626  }
627 
628 
629 static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
630  {
631  int nbyte;
632  nbyte = BN_num_bytes(dsa->p);
633  write_lebn(out, dsa->p, nbyte);
634  write_lebn(out, dsa->q, 20);
635  write_lebn(out, dsa->g, nbyte);
636  if (ispub)
637  write_lebn(out, dsa->pub_key, nbyte);
638  else
639  write_lebn(out, dsa->priv_key, 20);
640  /* Set "invalid" for seed structure values */
641  memset(*out, 0xff, 24);
642  *out += 24;
643  return;
644  }
645 
646 
647 int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
648  {
649  return do_i2b_bio(out, pk, 0);
650  }
651 
652 int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
653  {
654  return do_i2b_bio(out, pk, 1);
655  }
656 
657 #ifndef OPENSSL_NO_RC4
658 
659 static int do_PVK_header(const unsigned char **in, unsigned int length,
660  int skip_magic,
661  unsigned int *psaltlen, unsigned int *pkeylen)
662 
663  {
664  const unsigned char *p = *in;
665  unsigned int pvk_magic, is_encrypted;
666  if (skip_magic)
667  {
668  if (length < 20)
669  {
670  PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
671  return 0;
672  }
673  length -= 20;
674  }
675  else
676  {
677  if (length < 24)
678  {
679  PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
680  return 0;
681  }
682  length -= 24;
683  pvk_magic = read_ledword(&p);
684  if (pvk_magic != MS_PVKMAGIC)
685  {
686  PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
687  return 0;
688  }
689  }
690  /* Skip reserved */
691  p += 4;
692  /*keytype = */read_ledword(&p);
693  is_encrypted = read_ledword(&p);
694  *psaltlen = read_ledword(&p);
695  *pkeylen = read_ledword(&p);
696 
697  if (is_encrypted && !*psaltlen)
698  {
699  PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
700  return 0;
701  }
702 
703  *in = p;
704  return 1;
705  }
706 
707 static int derive_pvk_key(unsigned char *key,
708  const unsigned char *salt, unsigned int saltlen,
709  const unsigned char *pass, int passlen)
710  {
711  EVP_MD_CTX mctx;
712  int rv = 1;
713  EVP_MD_CTX_init(&mctx);
714  if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
715  || !EVP_DigestUpdate(&mctx, salt, saltlen)
716  || !EVP_DigestUpdate(&mctx, pass, passlen)
717  || !EVP_DigestFinal_ex(&mctx, key, NULL))
718  rv = 0;
719 
720  EVP_MD_CTX_cleanup(&mctx);
721  return rv;
722  }
723 
724 
725 static EVP_PKEY *do_PVK_body(const unsigned char **in,
726  unsigned int saltlen, unsigned int keylen,
727  pem_password_cb *cb, void *u)
728  {
729  EVP_PKEY *ret = NULL;
730  const unsigned char *p = *in;
731  unsigned int magic;
732  unsigned char *enctmp = NULL, *q;
733  EVP_CIPHER_CTX cctx;
734  EVP_CIPHER_CTX_init(&cctx);
735  if (saltlen)
736  {
737  char psbuf[PEM_BUFSIZE];
738  unsigned char keybuf[20];
739  int enctmplen, inlen;
740  if (cb)
741  inlen=cb(psbuf,PEM_BUFSIZE,0,u);
742  else
743  inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
744  if (inlen <= 0)
745  {
746  PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
747  return NULL;
748  }
749  enctmp = OPENSSL_malloc(keylen + 8);
750  if (!enctmp)
751  {
752  PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
753  return NULL;
754  }
755  if (!derive_pvk_key(keybuf, p, saltlen,
756  (unsigned char *)psbuf, inlen))
757  return NULL;
758  p += saltlen;
759  /* Copy BLOBHEADER across, decrypt rest */
760  memcpy(enctmp, p, 8);
761  p += 8;
762  inlen = keylen - 8;
763  q = enctmp + 8;
764  if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
765  goto err;
766  if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
767  goto err;
768  if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
769  goto err;
770  magic = read_ledword((const unsigned char **)&q);
771  if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
772  {
773  q = enctmp + 8;
774  memset(keybuf + 5, 0, 11);
775  if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
776  NULL))
777  goto err;
778  OPENSSL_cleanse(keybuf, 20);
779  if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
780  goto err;
781  if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
782  &enctmplen))
783  goto err;
784  magic = read_ledword((const unsigned char **)&q);
785  if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
786  {
787  PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
788  goto err;
789  }
790  }
791  else
792  OPENSSL_cleanse(keybuf, 20);
793  p = enctmp;
794  }
795 
796  ret = b2i_PrivateKey(&p, keylen);
797  err:
798  EVP_CIPHER_CTX_cleanup(&cctx);
799  if (enctmp && saltlen)
800  OPENSSL_free(enctmp);
801  return ret;
802  }
803 
804 
805 EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
806  {
807  unsigned char pvk_hdr[24], *buf = NULL;
808  const unsigned char *p;
809  int buflen;
810  EVP_PKEY *ret = NULL;
811  unsigned int saltlen, keylen;
812  if (BIO_read(in, pvk_hdr, 24) != 24)
813  {
814  PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
815  return NULL;
816  }
817  p = pvk_hdr;
818 
819  if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
820  return 0;
821  buflen = (int) keylen + saltlen;
822  buf = OPENSSL_malloc(buflen);
823  if (!buf)
824  {
825  PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
826  return 0;
827  }
828  p = buf;
829  if (BIO_read(in, buf, buflen) != buflen)
830  {
831  PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
832  goto err;
833  }
834  ret = do_PVK_body(&p, saltlen, keylen, cb, u);
835 
836  err:
837  if (buf)
838  {
839  OPENSSL_cleanse(buf, buflen);
840  OPENSSL_free(buf);
841  }
842  return ret;
843  }
844 
845 
846 
847 static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
848  pem_password_cb *cb, void *u)
849  {
850  int outlen = 24, pklen;
851  unsigned char *p, *salt = NULL;
852  EVP_CIPHER_CTX cctx;
853  EVP_CIPHER_CTX_init(&cctx);
854  if (enclevel)
855  outlen += PVK_SALTLEN;
856  pklen = do_i2b(NULL, pk, 0);
857  if (pklen < 0)
858  return -1;
859  outlen += pklen;
860  if (!out)
861  return outlen;
862  if (*out)
863  p = *out;
864  else
865  {
866  p = OPENSSL_malloc(outlen);
867  if (!p)
868  {
869  PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
870  return -1;
871  }
872  *out = p;
873  }
874 
875  write_ledword(&p, MS_PVKMAGIC);
876  write_ledword(&p, 0);
877  if (pk->type == EVP_PKEY_DSA)
878  write_ledword(&p, MS_KEYTYPE_SIGN);
879  else
880  write_ledword(&p, MS_KEYTYPE_KEYX);
881  write_ledword(&p, enclevel ? 1 : 0);
882  write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
883  write_ledword(&p, pklen);
884  if (enclevel)
885  {
886  if (RAND_bytes(p, PVK_SALTLEN) <= 0)
887  goto error;
888  salt = p;
889  p += PVK_SALTLEN;
890  }
891  do_i2b(&p, pk, 0);
892  if (enclevel == 0)
893  return outlen;
894  else
895  {
896  char psbuf[PEM_BUFSIZE];
897  unsigned char keybuf[20];
898  int enctmplen, inlen;
899  if (cb)
900  inlen=cb(psbuf,PEM_BUFSIZE,1,u);
901  else
902  inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
903  if (inlen <= 0)
904  {
905  PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
906  goto error;
907  }
908  if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
909  (unsigned char *)psbuf, inlen))
910  goto error;
911  if (enclevel == 1)
912  memset(keybuf + 5, 0, 11);
913  p = salt + PVK_SALTLEN + 8;
914  if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
915  goto error;
916  OPENSSL_cleanse(keybuf, 20);
917  if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
918  goto error;
919  if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
920  goto error;
921  }
922  EVP_CIPHER_CTX_cleanup(&cctx);
923  return outlen;
924 
925  error:
926  EVP_CIPHER_CTX_cleanup(&cctx);
927  return -1;
928  }
929 
930 int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
931  pem_password_cb *cb, void *u)
932  {
933  unsigned char *tmp = NULL;
934  int outlen, wrlen;
935  outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
936  if (outlen < 0)
937  return -1;
938  wrlen = BIO_write(out, tmp, outlen);
939  OPENSSL_free(tmp);
940  if (wrlen == outlen)
941  {
942  PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
943  return outlen;
944  }
945  return -1;
946  }
947 
948 #endif
949 
950 #endif
Generated on Thu Jan 10 2013 09:53:38 for OpenSSL by   doxygen 1.8.2