26 #if !defined(POLARSSL_CONFIG_FILE)
29 #include POLARSSL_CONFIG_FILE
32 #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
40 #if defined(POLARSSL_PLATFORM_C)
43 #define polarssl_malloc malloc
44 #define polarssl_free free
49 #if defined(POLARSSL_PEM_PARSE_C)
50 void pem_init( pem_context *ctx )
52 memset( ctx, 0,
sizeof( pem_context ) );
55 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
56 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
60 static int pem_get_iv(
const unsigned char *s,
unsigned char *iv,
65 memset( iv, 0, iv_len );
67 for( i = 0; i < iv_len * 2; i++, s++ )
69 if( *s >=
'0' && *s <=
'9' ) j = *s -
'0';
else
70 if( *s >=
'A' && *s <=
'F' ) j = *s -
'7';
else
71 if( *s >=
'a' && *s <=
'f' ) j = *s -
'W';
else
74 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
76 iv[i >> 1] = (
unsigned char)( iv[i >> 1] | k );
82 static void pem_pbkdf1(
unsigned char *key,
size_t keylen,
84 const unsigned char *pwd,
size_t pwdlen )
87 unsigned char md5sum[16];
100 memcpy( key, md5sum, keylen );
102 memset( &md5_ctx, 0,
sizeof( md5_ctx ) );
103 memset( md5sum, 0, 16 );
107 memcpy( key, md5sum, 16 );
120 use_len = keylen - 16;
122 memcpy( key + 16, md5sum, use_len );
124 memset( &md5_ctx, 0,
sizeof( md5_ctx ) );
125 memset( md5sum, 0, 16 );
128 #if defined(POLARSSL_DES_C)
132 static void pem_des_decrypt(
unsigned char des_iv[8],
133 unsigned char *buf,
size_t buflen,
134 const unsigned char *pwd,
size_t pwdlen )
137 unsigned char des_key[8];
139 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
145 memset( &des_ctx, 0,
sizeof( des_ctx ) );
146 memset( des_key, 0, 8 );
152 static void pem_des3_decrypt(
unsigned char des3_iv[8],
153 unsigned char *buf,
size_t buflen,
154 const unsigned char *pwd,
size_t pwdlen )
157 unsigned char des3_key[24];
159 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
165 memset( &des3_ctx, 0,
sizeof( des3_ctx ) );
166 memset( des3_key, 0, 24 );
170 #if defined(POLARSSL_AES_C)
174 static void pem_aes_decrypt(
unsigned char aes_iv[16],
unsigned int keylen,
175 unsigned char *buf,
size_t buflen,
176 const unsigned char *pwd,
size_t pwdlen )
179 unsigned char aes_key[32];
181 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
187 memset( &aes_ctx, 0,
sizeof( aes_ctx ) );
188 memset( aes_key, 0, keylen );
195 int pem_read_buffer( pem_context *ctx,
const char *header,
const char *footer,
196 const unsigned char *data,
const unsigned char *pwd,
197 size_t pwdlen,
size_t *use_len )
202 const unsigned char *s1, *s2, *end;
203 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
204 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
205 unsigned char pem_iv[16];
216 s1 = (
unsigned char *) strstr( (
const char *) data, header );
221 s2 = (
unsigned char *) strstr( (
const char *) data, footer );
223 if( s2 == NULL || s2 <= s1 )
226 s1 += strlen( header );
227 if( *s1 ==
'\r' ) s1++;
228 if( *s1 ==
'\n' ) s1++;
232 end += strlen( footer );
233 if( *end ==
'\r' ) end++;
234 if( *end ==
'\n' ) end++;
235 *use_len = end - data;
239 if( memcmp( s1,
"Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
241 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
242 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
246 if( *s1 ==
'\r' ) s1++;
247 if( *s1 ==
'\n' ) s1++;
251 #if defined(POLARSSL_DES_C)
252 if( memcmp( s1,
"DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
257 if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
262 else if( memcmp( s1,
"DEK-Info: DES-CBC,", 18 ) == 0 )
267 if( pem_get_iv( s1, pem_iv, 8) != 0 )
274 #if defined(POLARSSL_AES_C)
275 if( memcmp( s1,
"DEK-Info: AES-", 14 ) == 0 )
277 if( memcmp( s1,
"DEK-Info: AES-128-CBC,", 22 ) == 0 )
279 else if( memcmp( s1,
"DEK-Info: AES-192-CBC,", 22 ) == 0 )
281 else if( memcmp( s1,
"DEK-Info: AES-256-CBC,", 22 ) == 0 )
287 if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
297 if( *s1 ==
'\r' ) s1++;
298 if( *s1 ==
'\n' ) s1++;
323 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
324 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
331 #if defined(POLARSSL_DES_C)
333 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
335 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
338 #if defined(POLARSSL_AES_C)
340 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
342 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
344 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
353 if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
371 void pem_free( pem_context *ctx )
379 memset( ctx, 0,
sizeof( pem_context ) );
383 #if defined(POLARSSL_PEM_WRITE_C)
384 int pem_write_buffer(
const char *header,
const char *footer,
385 const unsigned char *der_data,
size_t der_len,
386 unsigned char *buf,
size_t buf_len,
size_t *olen )
389 unsigned char *encode_buf, *c, *p = buf;
390 size_t len = 0, use_len = 0, add_len = 0;
393 add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
395 if( use_len + add_len > buf_len )
397 *olen = use_len + add_len;
411 memcpy( p, header, strlen( header ) );
412 p += strlen( header );
417 len = ( use_len > 64 ) ? 64 : use_len;
425 memcpy( p, footer, strlen( footer ) );
426 p += strlen( footer );
int base64_decode(unsigned char *dst, size_t *dlen, const unsigned char *src, size_t slen)
Decode a base64-formatted buffer.
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
Unsupported key encryption algorithm.
#define POLARSSL_ERR_PEM_MALLOC_FAILED
Failed to allocate memory.
Configuration options (set of defines)
int aes_setkey_dec(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (decryption)
void md5_finish(md5_context *ctx, unsigned char output[16])
MD5 final digest.
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
Privacy Enhanced Mail (PEM) decoding.
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL
Output buffer too small.
Triple-DES context structure.
int aes_crypt_cbc(aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
AES-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
void md5_starts(md5_context *ctx)
MD5 context setup.
#define POLARSSL_ERR_PEM_INVALID_ENC_IV
RSA IV is not in hex-format.
#define POLARSSL_ERR_PEM_INVALID_DATA
PEM string is not as expected.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
RFC 1521 base64 encoding/decoding.
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
void md5_update(md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 process buffer.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
MD5 message digest algorithm (hash function)
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER
Invalid character in input.
int base64_encode(unsigned char *dst, size_t *dlen, const unsigned char *src, size_t slen)
Encode a buffer into base64 format.
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption