xref: /freebsd/crypto/heimdal/lib/hx509/ks_file.c (revision a18b956b73cee784e5c422d20fd0e4dabebd7eee)
1 /*
2  * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "hx_locl.h"
35 
36 typedef enum { USE_PEM, USE_DER } outformat;
37 
38 struct ks_file {
39     hx509_certs certs;
40     char *fn;
41     outformat format;
42 };
43 
44 /*
45  *
46  */
47 
48 static int
49 parse_certificate(hx509_context context, const char *fn,
50 		  struct hx509_collector *c,
51 		  const hx509_pem_header *headers,
52 		  const void *data, size_t len,
53 		  const AlgorithmIdentifier *ai)
54 {
55     hx509_cert cert;
56     int ret;
57 
58     ret = hx509_cert_init_data(context, data, len, &cert);
59     if (ret)
60 	return ret;
61 
62     ret = _hx509_collector_certs_add(context, c, cert);
63     hx509_cert_free(cert);
64     return ret;
65 }
66 
67 static int
68 try_decrypt(hx509_context context,
69 	    struct hx509_collector *collector,
70 	    const AlgorithmIdentifier *alg,
71 	    const EVP_CIPHER *c,
72 	    const void *ivdata,
73 	    const void *password,
74 	    size_t passwordlen,
75 	    const void *cipher,
76 	    size_t len)
77 {
78     heim_octet_string clear;
79     size_t keylen;
80     void *key;
81     int ret;
82 
83     keylen = EVP_CIPHER_key_length(c);
84 
85     key = malloc(keylen);
86     if (key == NULL) {
87 	hx509_clear_error_string(context);
88 	return ENOMEM;
89     }
90 
91     ret = EVP_BytesToKey(c, EVP_md5(), ivdata,
92 			 password, passwordlen,
93 			 1, key, NULL);
94     if (ret <= 0) {
95 	hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR,
96 			       "Failed to do string2key for private key");
97 	return HX509_CRYPTO_INTERNAL_ERROR;
98     }
99 
100     clear.data = malloc(len);
101     if (clear.data == NULL) {
102 	hx509_set_error_string(context, 0, ENOMEM,
103 			       "Out of memory to decrypt for private key");
104 	ret = ENOMEM;
105 	goto out;
106     }
107     clear.length = len;
108 
109     {
110 	EVP_CIPHER_CTX *ctx;
111 
112 	ctx = EVP_CIPHER_CTX_new();
113 	if (ctx == NULL) {
114 		hx509_set_error_string(context, 0, ENOMEM,
115 				       "Out of memory to decrypt for private key");
116 		ret = ENOMEM;
117 		goto out;
118 	}
119 	EVP_CipherInit_ex(ctx, c, NULL, key, ivdata, 0);
120 	EVP_Cipher(ctx, clear.data, cipher, len);
121 	EVP_CIPHER_CTX_free(ctx);
122     }
123 
124     ret = _hx509_collector_private_key_add(context,
125 					   collector,
126 					   alg,
127 					   NULL,
128 					   &clear,
129 					   NULL);
130 
131     memset(clear.data, 0, clear.length);
132 out:
133     free(clear.data);
134     memset(key, 0, keylen);
135     free(key);
136     return ret;
137 }
138 
139 static int
140 parse_pkcs8_private_key(hx509_context context, const char *fn,
141 			struct hx509_collector *c,
142 			const hx509_pem_header *headers,
143 			const void *data, size_t length,
144 			const AlgorithmIdentifier *ai)
145 {
146     PKCS8PrivateKeyInfo ki;
147     heim_octet_string keydata;
148 
149     int ret;
150 
151     ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
152     if (ret)
153 	return ret;
154 
155     keydata.data = rk_UNCONST(data);
156     keydata.length = length;
157 
158     ret = _hx509_collector_private_key_add(context,
159 					   c,
160 					   &ki.privateKeyAlgorithm,
161 					   NULL,
162 					   &ki.privateKey,
163 					   &keydata);
164     free_PKCS8PrivateKeyInfo(&ki);
165     return ret;
166 }
167 
168 static int
169 parse_pem_private_key(hx509_context context, const char *fn,
170 		      struct hx509_collector *c,
171 		      const hx509_pem_header *headers,
172 		      const void *data, size_t len,
173 		      const AlgorithmIdentifier *ai)
174 {
175     int ret = 0;
176     const char *enc;
177 
178     enc = hx509_pem_find_header(headers, "Proc-Type");
179     if (enc) {
180 	const char *dek;
181 	char *type, *iv;
182 	ssize_t ssize, size;
183 	void *ivdata;
184 	const EVP_CIPHER *cipher;
185 	const struct _hx509_password *pw;
186 	hx509_lock lock;
187 	int decrypted = 0;
188 	size_t i;
189 
190 	lock = _hx509_collector_get_lock(c);
191 	if (lock == NULL) {
192 	    hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
193 				   "Failed to get password for "
194 				   "password protected file %s", fn);
195 	    return HX509_ALG_NOT_SUPP;
196 	}
197 
198 	if (strcmp(enc, "4,ENCRYPTED") != 0) {
199 	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
200 				   "Private key encrypted in unknown method %s "
201 				   "in file",
202 				   enc, fn);
203 	    hx509_clear_error_string(context);
204 	    return HX509_PARSING_KEY_FAILED;
205 	}
206 
207 	dek = hx509_pem_find_header(headers, "DEK-Info");
208 	if (dek == NULL) {
209 	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
210 				   "Encrypted private key missing DEK-Info");
211 	    return HX509_PARSING_KEY_FAILED;
212 	}
213 
214 	type = strdup(dek);
215 	if (type == NULL) {
216 	    hx509_clear_error_string(context);
217 	    return ENOMEM;
218 	}
219 
220 	iv = strchr(type, ',');
221 	if (iv == NULL) {
222 	    free(type);
223 	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
224 				   "IV missing");
225 	    return HX509_PARSING_KEY_FAILED;
226 	}
227 
228 	*iv++ = '\0';
229 
230 	size = strlen(iv);
231 	ivdata = malloc(size);
232 	if (ivdata == NULL) {
233 	    hx509_clear_error_string(context);
234 	    free(type);
235 	    return ENOMEM;
236 	}
237 
238 	cipher = EVP_get_cipherbyname(type);
239 	if (cipher == NULL) {
240 	    free(ivdata);
241 	    hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
242 				   "Private key encrypted with "
243 				   "unsupported cipher: %s",
244 				   type);
245 	    free(type);
246 	    return HX509_ALG_NOT_SUPP;
247 	}
248 
249 #define PKCS5_SALT_LEN 8
250 
251 	ssize = hex_decode(iv, ivdata, size);
252 	free(type);
253 	type = NULL;
254 	iv = NULL;
255 
256 	if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) {
257 	    free(ivdata);
258 	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
259 				   "Salt have wrong length in "
260 				   "private key file");
261 	    return HX509_PARSING_KEY_FAILED;
262 	}
263 
264 	pw = _hx509_lock_get_passwords(lock);
265 	if (pw != NULL) {
266 	    const void *password;
267 	    size_t passwordlen;
268 
269 	    for (i = 0; i < pw->len; i++) {
270 		password = pw->val[i];
271 		passwordlen = strlen(password);
272 
273 		ret = try_decrypt(context, c, ai, cipher, ivdata,
274 				  password, passwordlen, data, len);
275 		if (ret == 0) {
276 		    decrypted = 1;
277 		    break;
278 		}
279 	    }
280 	}
281 	if (!decrypted) {
282 	    hx509_prompt prompt;
283 	    char password[128];
284 
285 	    memset(&prompt, 0, sizeof(prompt));
286 
287 	    prompt.prompt = "Password for keyfile: ";
288 	    prompt.type = HX509_PROMPT_TYPE_PASSWORD;
289 	    prompt.reply.data = password;
290 	    prompt.reply.length = sizeof(password);
291 
292 	    ret = hx509_lock_prompt(lock, &prompt);
293 	    if (ret == 0)
294 		ret = try_decrypt(context, c, ai, cipher, ivdata, password,
295 				  strlen(password), data, len);
296 	    /* XXX add password to lock password collection ? */
297 	    memset(password, 0, sizeof(password));
298 	}
299 	free(ivdata);
300 
301     } else {
302 	heim_octet_string keydata;
303 
304 	keydata.data = rk_UNCONST(data);
305 	keydata.length = len;
306 
307 	ret = _hx509_collector_private_key_add(context, c, ai, NULL,
308 					       &keydata, NULL);
309     }
310 
311     return ret;
312 }
313 
314 
315 struct pem_formats {
316     const char *name;
317     int (*func)(hx509_context, const char *, struct hx509_collector *,
318 		const hx509_pem_header *, const void *, size_t,
319 		const AlgorithmIdentifier *);
320     const AlgorithmIdentifier *(*ai)(void);
321 } formats[] = {
322     { "CERTIFICATE", parse_certificate, NULL },
323     { "PRIVATE KEY", parse_pkcs8_private_key, NULL },
324     { "RSA PRIVATE KEY", parse_pem_private_key, hx509_signature_rsa },
325     { "EC PRIVATE KEY", parse_pem_private_key, hx509_signature_ecPublicKey }
326 };
327 
328 
329 struct pem_ctx {
330     int flags;
331     struct hx509_collector *c;
332 };
333 
334 static int
335 pem_func(hx509_context context, const char *type,
336 	 const hx509_pem_header *header,
337 	 const void *data, size_t len, void *ctx)
338 {
339     struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
340     int ret = 0;
341     size_t j;
342 
343     for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
344 	const char *q = formats[j].name;
345 	if (strcasecmp(type, q) == 0) {
346 	    const AlgorithmIdentifier *ai = NULL;
347 	    if (formats[j].ai != NULL)
348 		ai = (*formats[j].ai)();
349 
350 	    ret = (*formats[j].func)(context, NULL, pem_ctx->c,
351 				     header, data, len, ai);
352 	    if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL)) {
353 		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
354 				       "Failed parseing PEM format %s", type);
355 		return ret;
356 	    }
357 	    break;
358 	}
359     }
360     if (j == sizeof(formats)/sizeof(formats[0])) {
361 	ret = HX509_UNSUPPORTED_OPERATION;
362 	hx509_set_error_string(context, 0, ret,
363 			       "Found no matching PEM format for %s", type);
364 	return ret;
365     }
366     return 0;
367 }
368 
369 /*
370  *
371  */
372 
373 static int
374 file_init_common(hx509_context context,
375 		 hx509_certs certs, void **data, int flags,
376 		 const char *residue, hx509_lock lock, outformat format)
377 {
378     char *p, *pnext;
379     struct ks_file *ksf = NULL;
380     hx509_private_key *keys = NULL;
381     int ret;
382     struct pem_ctx pem_ctx;
383 
384     pem_ctx.flags = flags;
385     pem_ctx.c = NULL;
386 
387     *data = NULL;
388 
389     if (lock == NULL)
390 	lock = _hx509_empty_lock;
391 
392     ksf = calloc(1, sizeof(*ksf));
393     if (ksf == NULL) {
394 	hx509_clear_error_string(context);
395 	return ENOMEM;
396     }
397     ksf->format = format;
398 
399     ksf->fn = strdup(residue);
400     if (ksf->fn == NULL) {
401 	hx509_clear_error_string(context);
402 	ret = ENOMEM;
403 	goto out;
404     }
405 
406     /*
407      * XXX this is broken, the function should parse the file before
408      * overwriting it
409      */
410 
411     if (flags & HX509_CERTS_CREATE) {
412 	ret = hx509_certs_init(context, "MEMORY:ks-file-create",
413 			       0, lock, &ksf->certs);
414 	if (ret)
415 	    goto out;
416 	*data = ksf;
417 	return 0;
418     }
419 
420     ret = _hx509_collector_alloc(context, lock, &pem_ctx.c);
421     if (ret)
422 	goto out;
423 
424     for (p = ksf->fn; p != NULL; p = pnext) {
425 	FILE *f;
426 
427 	pnext = strchr(p, ',');
428 	if (pnext)
429 	    *pnext++ = '\0';
430 
431 
432 	if ((f = fopen(p, "r")) == NULL) {
433 	    ret = ENOENT;
434 	    hx509_set_error_string(context, 0, ret,
435 				   "Failed to open PEM file \"%s\": %s",
436 				   p, strerror(errno));
437 	    goto out;
438 	}
439 	rk_cloexec_file(f);
440 
441 	ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
442 	fclose(f);
443 	if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
444 	    goto out;
445 	else if (ret == HX509_PARSING_KEY_FAILED) {
446 	    size_t length;
447 	    void *ptr;
448 	    size_t i;
449 
450 	    ret = rk_undumpdata(p, &ptr, &length);
451 	    if (ret) {
452 		hx509_clear_error_string(context);
453 		goto out;
454 	    }
455 
456 	    for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) {
457 		const AlgorithmIdentifier *ai = NULL;
458 		if (formats[i].ai != NULL)
459 		    ai = (*formats[i].ai)();
460 
461 		ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length, ai);
462 		if (ret == 0)
463 		    break;
464 	    }
465 	    rk_xfree(ptr);
466 	    if (ret) {
467 		hx509_clear_error_string(context);
468 		goto out;
469 	    }
470 	}
471     }
472 
473     ret = _hx509_collector_collect_certs(context, pem_ctx.c, &ksf->certs);
474     if (ret)
475 	goto out;
476 
477     ret = _hx509_collector_collect_private_keys(context, pem_ctx.c, &keys);
478     if (ret == 0) {
479 	int i;
480 
481 	for (i = 0; keys[i]; i++)
482 	    _hx509_certs_keys_add(context, ksf->certs, keys[i]);
483 	_hx509_certs_keys_free(context, keys);
484     }
485 
486 out:
487     if (ret == 0)
488 	*data = ksf;
489     else {
490 	if (ksf->fn)
491 	    free(ksf->fn);
492 	free(ksf);
493     }
494     if (pem_ctx.c)
495 	_hx509_collector_free(pem_ctx.c);
496 
497     return ret;
498 }
499 
500 static int
501 file_init_pem(hx509_context context,
502 	      hx509_certs certs, void **data, int flags,
503 	      const char *residue, hx509_lock lock)
504 {
505     return file_init_common(context, certs, data, flags, residue, lock, USE_PEM);
506 }
507 
508 static int
509 file_init_der(hx509_context context,
510 	      hx509_certs certs, void **data, int flags,
511 	      const char *residue, hx509_lock lock)
512 {
513     return file_init_common(context, certs, data, flags, residue, lock, USE_DER);
514 }
515 
516 static int
517 file_free(hx509_certs certs, void *data)
518 {
519     struct ks_file *ksf = data;
520     hx509_certs_free(&ksf->certs);
521     free(ksf->fn);
522     free(ksf);
523     return 0;
524 }
525 
526 struct store_ctx {
527     FILE *f;
528     outformat format;
529 };
530 
531 static int
532 store_func(hx509_context context, void *ctx, hx509_cert c)
533 {
534     struct store_ctx *sc = ctx;
535     heim_octet_string data;
536     int ret = 0;
537 
538     ret = hx509_cert_binary(context, c, &data);
539     if (ret)
540 	return ret;
541 
542     switch (sc->format) {
543     case USE_DER:
544 	fwrite(data.data, data.length, 1, sc->f);
545 	free(data.data);
546 	break;
547     case USE_PEM:
548 	hx509_pem_write(context, "CERTIFICATE", NULL, sc->f,
549 			data.data, data.length);
550 	free(data.data);
551 	if (_hx509_cert_private_key_exportable(c)) {
552 	    hx509_private_key key = _hx509_cert_private_key(c);
553 	    ret = _hx509_private_key_export(context, key,
554 					    HX509_KEY_FORMAT_DER, &data);
555 	    if (ret)
556 		break;
557             ret = hx509_pem_write(context, _hx509_private_pem_name(key), NULL,
558                                   sc->f, data.data, data.length);
559 	    free(data.data);
560 	}
561 	break;
562     }
563 
564     return ret;
565 }
566 
567 static int
568 file_store(hx509_context context,
569 	   hx509_certs certs, void *data, int flags, hx509_lock lock)
570 {
571     struct ks_file *ksf = data;
572     struct store_ctx sc;
573     int ret;
574 
575     sc.f = fopen(ksf->fn, "w");
576     if (sc.f == NULL) {
577 	hx509_set_error_string(context, 0, ENOENT,
578 			       "Failed to open file %s for writing");
579 	return ENOENT;
580     }
581     rk_cloexec_file(sc.f);
582     sc.format = ksf->format;
583 
584     ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc);
585     fclose(sc.f);
586     return ret;
587 }
588 
589 static int
590 file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
591 {
592     struct ks_file *ksf = data;
593     return hx509_certs_add(context, ksf->certs, c);
594 }
595 
596 static int
597 file_iter_start(hx509_context context,
598 		hx509_certs certs, void *data, void **cursor)
599 {
600     struct ks_file *ksf = data;
601     return hx509_certs_start_seq(context, ksf->certs, cursor);
602 }
603 
604 static int
605 file_iter(hx509_context context,
606 	  hx509_certs certs, void *data, void *iter, hx509_cert *cert)
607 {
608     struct ks_file *ksf = data;
609     return hx509_certs_next_cert(context, ksf->certs, iter, cert);
610 }
611 
612 static int
613 file_iter_end(hx509_context context,
614 	      hx509_certs certs,
615 	      void *data,
616 	      void *cursor)
617 {
618     struct ks_file *ksf = data;
619     return hx509_certs_end_seq(context, ksf->certs, cursor);
620 }
621 
622 static int
623 file_getkeys(hx509_context context,
624 	     hx509_certs certs,
625 	     void *data,
626 	     hx509_private_key **keys)
627 {
628     struct ks_file *ksf = data;
629     return _hx509_certs_keys_get(context, ksf->certs, keys);
630 }
631 
632 static int
633 file_addkey(hx509_context context,
634 	     hx509_certs certs,
635 	     void *data,
636 	     hx509_private_key key)
637 {
638     struct ks_file *ksf = data;
639     return _hx509_certs_keys_add(context, ksf->certs, key);
640 }
641 
642 static struct hx509_keyset_ops keyset_file = {
643     "FILE",
644     0,
645     file_init_pem,
646     file_store,
647     file_free,
648     file_add,
649     NULL,
650     file_iter_start,
651     file_iter,
652     file_iter_end,
653     NULL,
654     file_getkeys,
655     file_addkey
656 };
657 
658 static struct hx509_keyset_ops keyset_pemfile = {
659     "PEM-FILE",
660     0,
661     file_init_pem,
662     file_store,
663     file_free,
664     file_add,
665     NULL,
666     file_iter_start,
667     file_iter,
668     file_iter_end,
669     NULL,
670     file_getkeys,
671     file_addkey
672 };
673 
674 static struct hx509_keyset_ops keyset_derfile = {
675     "DER-FILE",
676     0,
677     file_init_der,
678     file_store,
679     file_free,
680     file_add,
681     NULL,
682     file_iter_start,
683     file_iter,
684     file_iter_end,
685     NULL,
686     file_getkeys,
687     file_addkey
688 };
689 
690 
691 void
692 _hx509_ks_file_register(hx509_context context)
693 {
694     _hx509_ks_register(context, &keyset_file);
695     _hx509_ks_register(context, &keyset_pemfile);
696     _hx509_ks_register(context, &keyset_derfile);
697 }
698