1 /*
2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/pkcs12.h>
13 #include <openssl/trace.h>
14
15 /*
16 * Encrypt/Decrypt a buffer based on password and algor, result in a
17 * OPENSSL_malloc'ed buffer
18 */
PKCS12_pbe_crypt_ex(const X509_ALGOR * algor,const char * pass,int passlen,const unsigned char * in,int inlen,unsigned char ** data,int * datalen,int en_de,OSSL_LIB_CTX * libctx,const char * propq)19 unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor,
20 const char *pass, int passlen,
21 const unsigned char *in, int inlen,
22 unsigned char **data, int *datalen, int en_de,
23 OSSL_LIB_CTX *libctx, const char *propq)
24 {
25 unsigned char *out = NULL;
26 int outlen, i;
27 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
28 int max_out_len, mac_len = 0;
29 int block_size;
30
31 if (ctx == NULL) {
32 ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB);
33 goto err;
34 }
35
36 /* Process data */
37 if (!EVP_PBE_CipherInit_ex(algor->algorithm, pass, passlen,
38 algor->parameter, ctx, en_de, libctx, propq))
39 goto err;
40
41 /*
42 * GOST algorithm specifics:
43 * OMAC algorithm calculate and encrypt MAC of the encrypted objects
44 * It's appended to encrypted text on encrypting
45 * MAC should be processed on decrypting separately from plain text
46 */
47 block_size = EVP_CIPHER_CTX_get_block_size(ctx);
48
49 if (block_size == 0) {
50 ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
51 goto err;
52 }
53
54 max_out_len = inlen + block_size;
55 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
56 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
57 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
58 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
59 goto err;
60 }
61
62 if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
63 max_out_len += mac_len;
64 } else {
65 if (inlen < mac_len) {
66 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
67 goto err;
68 }
69 inlen -= mac_len;
70 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
71 (int)mac_len, (unsigned char *)in+inlen) < 0) {
72 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
73 goto err;
74 }
75 }
76 }
77
78 if ((out = OPENSSL_malloc(max_out_len)) == NULL)
79 goto err;
80
81 if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
82 OPENSSL_free(out);
83 out = NULL;
84 ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB);
85 goto err;
86 }
87
88 outlen = i;
89 if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
90 OPENSSL_free(out);
91 out = NULL;
92 ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
93 passlen == 0 ? "empty password"
94 : "maybe wrong password");
95 goto err;
96 }
97 outlen += i;
98 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
99 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
100 if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
101 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
102 (int)mac_len, out+outlen) < 0) {
103 OPENSSL_free(out);
104 out = NULL;
105 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
106 goto err;
107 }
108 outlen += mac_len;
109 }
110 }
111 if (datalen)
112 *datalen = outlen;
113 if (data)
114 *data = out;
115 err:
116 EVP_CIPHER_CTX_free(ctx);
117 return out;
118
119 }
120
PKCS12_pbe_crypt(const X509_ALGOR * algor,const char * pass,int passlen,const unsigned char * in,int inlen,unsigned char ** data,int * datalen,int en_de)121 unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
122 const char *pass, int passlen,
123 const unsigned char *in, int inlen,
124 unsigned char **data, int *datalen, int en_de)
125 {
126 return PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, data, datalen,
127 en_de, NULL, NULL);
128 }
129
130 /*
131 * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
132 * after use.
133 */
134
PKCS12_item_decrypt_d2i_ex(const X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,const ASN1_OCTET_STRING * oct,int zbuf,OSSL_LIB_CTX * libctx,const char * propq)135 void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it,
136 const char *pass, int passlen,
137 const ASN1_OCTET_STRING *oct, int zbuf,
138 OSSL_LIB_CTX *libctx,
139 const char *propq)
140 {
141 unsigned char *out = NULL;
142 const unsigned char *p;
143 void *ret;
144 int outlen = 0;
145
146 if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
147 &out, &outlen, 0, libctx, propq))
148 return NULL;
149 p = out;
150 OSSL_TRACE_BEGIN(PKCS12_DECRYPT) {
151 BIO_printf(trc_out, "\n");
152 BIO_dump(trc_out, out, outlen);
153 BIO_printf(trc_out, "\n");
154 } OSSL_TRACE_END(PKCS12_DECRYPT);
155 ret = ASN1_item_d2i(NULL, &p, outlen, it);
156 if (zbuf)
157 OPENSSL_cleanse(out, outlen);
158 if (!ret)
159 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
160 OPENSSL_free(out);
161 return ret;
162 }
163
PKCS12_item_decrypt_d2i(const X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,const ASN1_OCTET_STRING * oct,int zbuf)164 void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
165 const char *pass, int passlen,
166 const ASN1_OCTET_STRING *oct, int zbuf)
167 {
168 return PKCS12_item_decrypt_d2i_ex(algor, it, pass, passlen, oct, zbuf,
169 NULL, NULL);
170 }
171
172 /*
173 * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
174 * encoding.
175 */
176
PKCS12_item_i2d_encrypt_ex(X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,void * obj,int zbuf,OSSL_LIB_CTX * ctx,const char * propq)177 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor,
178 const ASN1_ITEM *it,
179 const char *pass, int passlen,
180 void *obj, int zbuf,
181 OSSL_LIB_CTX *ctx,
182 const char *propq)
183 {
184 ASN1_OCTET_STRING *oct = NULL;
185 unsigned char *in = NULL;
186 int inlen;
187
188 if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
189 ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
190 goto err;
191 }
192 inlen = ASN1_item_i2d(obj, &in, it);
193 if (!in) {
194 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
195 goto err;
196 }
197 if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, &oct->data,
198 &oct->length, 1, ctx, propq)) {
199 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR);
200 OPENSSL_free(in);
201 goto err;
202 }
203 if (zbuf)
204 OPENSSL_cleanse(in, inlen);
205 OPENSSL_free(in);
206 return oct;
207 err:
208 ASN1_OCTET_STRING_free(oct);
209 return NULL;
210 }
211
PKCS12_item_i2d_encrypt(X509_ALGOR * algor,const ASN1_ITEM * it,const char * pass,int passlen,void * obj,int zbuf)212 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
213 const ASN1_ITEM *it,
214 const char *pass, int passlen,
215 void *obj, int zbuf)
216 {
217 return PKCS12_item_i2d_encrypt_ex(algor, it, pass, passlen, obj, zbuf, NULL, NULL);
218 }
219
