1/* 2 * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include <stdio.h> 11#include "internal/cryptlib.h" 12#include <openssl/pkcs12.h> 13#include <openssl/trace.h> 14 15/* 16 * Encrypt/Decrypt a buffer based on password and algor, result in a 17 * OPENSSL_malloc'ed buffer 18 */ 19unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, 20 const char *pass, int passlen, 21 const unsigned char *in, int inlen, 22 unsigned char **data, int *datalen, int en_de, 23 OSSL_LIB_CTX *libctx, const char *propq) 24{ 25 unsigned char *out = NULL; 26 int outlen, i; 27 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); 28 int max_out_len, mac_len = 0; 29 30 if (ctx == NULL) { 31 ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); 32 goto err; 33 } 34 35 /* Process data */ 36 if (!EVP_PBE_CipherInit_ex(algor->algorithm, pass, passlen, 37 algor->parameter, ctx, en_de, libctx, propq)) 38 goto err; 39 40 /* 41 * GOST algorithm specifics: 42 * OMAC algorithm calculate and encrypt MAC of the encrypted objects 43 * It's appended to encrypted text on encrypting 44 * MAC should be processed on decrypting separately from plain text 45 */ 46 max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx); 47 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) 48 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { 49 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) { 50 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); 51 goto err; 52 } 53 54 if (EVP_CIPHER_CTX_is_encrypting(ctx)) { 55 max_out_len += mac_len; 56 } else { 57 if (inlen < mac_len) { 58 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE); 59 goto err; 60 } 61 inlen -= mac_len; 62 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 63 (int)mac_len, (unsigned char *)in+inlen) < 0) { 64 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); 65 goto err; 66 } 67 } 68 } 69 70 if ((out = OPENSSL_malloc(max_out_len)) == NULL) { 71 ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); 72 goto err; 73 } 74 75 if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) { 76 OPENSSL_free(out); 77 out = NULL; 78 ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB); 79 goto err; 80 } 81 82 outlen = i; 83 if (!EVP_CipherFinal_ex(ctx, out + i, &i)) { 84 OPENSSL_free(out); 85 out = NULL; 86 ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR, 87 passlen == 0 ? "empty password" 88 : "maybe wrong password"); 89 goto err; 90 } 91 outlen += i; 92 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) 93 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { 94 if (EVP_CIPHER_CTX_is_encrypting(ctx)) { 95 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 96 (int)mac_len, out+outlen) < 0) { 97 OPENSSL_free(out); 98 out = NULL; 99 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); 100 goto err; 101 } 102 outlen += mac_len; 103 } 104 } 105 if (datalen) 106 *datalen = outlen; 107 if (data) 108 *data = out; 109 err: 110 EVP_CIPHER_CTX_free(ctx); 111 return out; 112 113} 114 115unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, 116 const char *pass, int passlen, 117 const unsigned char *in, int inlen, 118 unsigned char **data, int *datalen, int en_de) 119{ 120 return PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, data, datalen, 121 en_de, NULL, NULL); 122} 123 124/* 125 * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer 126 * after use. 127 */ 128 129void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, 130 const char *pass, int passlen, 131 const ASN1_OCTET_STRING *oct, int zbuf, 132 OSSL_LIB_CTX *libctx, 133 const char *propq) 134{ 135 unsigned char *out = NULL; 136 const unsigned char *p; 137 void *ret; 138 int outlen = 0; 139 140 if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length, 141 &out, &outlen, 0, libctx, propq)) 142 return NULL; 143 p = out; 144 OSSL_TRACE_BEGIN(PKCS12_DECRYPT) { 145 BIO_printf(trc_out, "\n"); 146 BIO_dump(trc_out, out, outlen); 147 BIO_printf(trc_out, "\n"); 148 } OSSL_TRACE_END(PKCS12_DECRYPT); 149 ret = ASN1_item_d2i(NULL, &p, outlen, it); 150 if (zbuf) 151 OPENSSL_cleanse(out, outlen); 152 if (!ret) 153 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); 154 OPENSSL_free(out); 155 return ret; 156} 157 158void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, 159 const char *pass, int passlen, 160 const ASN1_OCTET_STRING *oct, int zbuf) 161{ 162 return PKCS12_item_decrypt_d2i_ex(algor, it, pass, passlen, oct, zbuf, 163 NULL, NULL); 164} 165 166/* 167 * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero 168 * encoding. 169 */ 170 171ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, 172 const ASN1_ITEM *it, 173 const char *pass, int passlen, 174 void *obj, int zbuf, 175 OSSL_LIB_CTX *ctx, 176 const char *propq) 177{ 178 ASN1_OCTET_STRING *oct = NULL; 179 unsigned char *in = NULL; 180 int inlen; 181 182 if ((oct = ASN1_OCTET_STRING_new()) == NULL) { 183 ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); 184 goto err; 185 } 186 inlen = ASN1_item_i2d(obj, &in, it); 187 if (!in) { 188 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR); 189 goto err; 190 } 191 if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, &oct->data, 192 &oct->length, 1, ctx, propq)) { 193 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); 194 OPENSSL_free(in); 195 goto err; 196 } 197 if (zbuf) 198 OPENSSL_cleanse(in, inlen); 199 OPENSSL_free(in); 200 return oct; 201 err: 202 ASN1_OCTET_STRING_free(oct); 203 return NULL; 204} 205 206ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 207 const ASN1_ITEM *it, 208 const char *pass, int passlen, 209 void *obj, int zbuf) 210{ 211 return PKCS12_item_i2d_encrypt_ex(algor, it, pass, passlen, obj, zbuf, NULL, NULL); 212} 213