// SPDX-License-Identifier: LGPL-2.1+ /* * Dan Williams * Copyright (C) 2007 - 2018 Red Hat, Inc. */ #include "nm-default.h" #include "nm-crypto.h" #include #include #include #include "nm-glib-aux/nm-secret-utils.h" #include "nm-glib-aux/nm-io-utils.h" #include "nm-crypto-impl.h" #include "nm-utils.h" #include "nm-errors.h" #define PEM_RSA_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----" #define PEM_RSA_KEY_END "-----END RSA PRIVATE KEY-----" #define PEM_DSA_KEY_BEGIN "-----BEGIN DSA PRIVATE KEY-----" #define PEM_DSA_KEY_END "-----END DSA PRIVATE KEY-----" #define PEM_CERT_BEGIN "-----BEGIN CERTIFICATE-----" #define PEM_CERT_END "-----END CERTIFICATE-----" #define PEM_PKCS8_ENC_KEY_BEGIN "-----BEGIN ENCRYPTED PRIVATE KEY-----" #define PEM_PKCS8_ENC_KEY_END "-----END ENCRYPTED PRIVATE KEY-----" #define PEM_PKCS8_DEC_KEY_BEGIN "-----BEGIN PRIVATE KEY-----" #define PEM_PKCS8_DEC_KEY_END "-----END PRIVATE KEY-----" #define PEM_TPM2_WRAPPED_KEY_BEGIN "-----BEGIN TSS2 PRIVATE KEY-----" #define PEM_TPM2_WRAPPED_KEY_END "-----END TSS2 PRIVATE KEY-----" #define PEM_TPM2_OLD_WRAPPED_KEY_BEGIN "-----BEGIN TSS2 KEY BLOB-----" #define PEM_TPM2_OLD_WRAPPED_KEY_END "-----END TSS2 KEY BLOB-----" /*****************************************************************************/ static const NMCryptoCipherInfo cipher_infos[] = { #define _CI(_cipher, _name, _digest_len, _real_iv_len) \ [(_cipher) - 1] = { .cipher = _cipher, .name = ""_name"", .digest_len = _digest_len, .real_iv_len = _real_iv_len } _CI (NM_CRYPTO_CIPHER_DES_EDE3_CBC, "DES-EDE3-CBC", 24, 8), _CI (NM_CRYPTO_CIPHER_DES_CBC, "DES-CBC", 8, 8), _CI (NM_CRYPTO_CIPHER_AES_128_CBC, "AES-128-CBC", 16, 16), _CI (NM_CRYPTO_CIPHER_AES_192_CBC, "AES-192-CBC", 24, 16), _CI (NM_CRYPTO_CIPHER_AES_256_CBC, "AES-256-CBC", 32, 16), }; const NMCryptoCipherInfo * nm_crypto_cipher_get_info (NMCryptoCipherType cipher) { g_return_val_if_fail (cipher > NM_CRYPTO_CIPHER_UNKNOWN && (gsize) cipher < G_N_ELEMENTS (cipher_infos) + 1, NULL); #if NM_MORE_ASSERTS > 10 { int i, j; for (i = 0; i < (int) G_N_ELEMENTS (cipher_infos); i++) { const NMCryptoCipherInfo *info = &cipher_infos[i]; nm_assert (info->cipher == (NMCryptoCipherType) (i + 1)); nm_assert (info->name && info->name[0]); for (j = 0; j < i; j++) nm_assert (g_ascii_strcasecmp (info->name, cipher_infos[j].name) != 0); } } #endif return &cipher_infos[cipher - 1]; } const NMCryptoCipherInfo * nm_crypto_cipher_get_info_by_name (const char *cipher_name, gssize p_len) { int i; nm_assert (nm_crypto_cipher_get_info (NM_CRYPTO_CIPHER_DES_CBC)->cipher == NM_CRYPTO_CIPHER_DES_CBC); if (p_len < 0) { if (!cipher_name) return FALSE; p_len = strlen (cipher_name); } for (i = 0; i < (int) G_N_ELEMENTS (cipher_infos); i++) { const NMCryptoCipherInfo *info = &cipher_infos[i]; if ( (gsize) p_len == strlen (info->name) && g_ascii_strncasecmp (info->name, cipher_name, p_len) == 0) return info; } return NULL; } /*****************************************************************************/ static gboolean find_tag (const char *tag, const guint8 *data, gsize data_len, gsize start_at, gsize *out_pos) { const guint8 *p; gsize taglen; nm_assert (out_pos); nm_assert (start_at <= data_len); taglen = strlen (tag); p = memmem (&data[start_at], data_len - start_at, tag, taglen); if (!p) return FALSE; *out_pos = p - data; nm_assert (memcmp (&data[*out_pos], tag, taglen) == 0); return TRUE; } #define DEK_INFO_TAG "DEK-Info: " #define PROC_TYPE_TAG "Proc-Type: " static char * _extract_line (const guint8 **p, const guint8 *p_end) { const guint8 *x, *x0; nm_assert (p); nm_assert (p_end); nm_assert (*p); nm_assert (*p < p_end); x = x0 = *p; while (TRUE) { if (x == p_end) { *p = p_end; break; } if (*x == '\0') { /* the data contains embedded NUL. This is the end. */ *p = p_end; break; } if (*x == '\n') { *p = x + 1; break; } x++; } if (x == x0) return NULL; return g_strndup ((char *) x0, x - x0); } static gboolean parse_old_openssl_key_file (const guint8 *data, gsize data_len, NMSecretPtr *out_parsed, NMCryptoKeyType *out_key_type, NMCryptoCipherType *out_cipher, char **out_iv, GError **error) { gsize start = 0, end = 0; nm_auto_free_secret char *str = NULL; char *str_p; gsize str_len; int enc_tags = 0; NMCryptoKeyType key_type; nm_auto_clear_secret_ptr NMSecretPtr parsed = { 0 }; nm_auto_free_secret char *iv = NULL; NMCryptoCipherType cipher = NM_CRYPTO_CIPHER_UNKNOWN; const char *start_tag; const char *end_tag; const guint8 *data_start, *data_end; nm_assert (!out_parsed || (out_parsed->len == 0 && !out_parsed->bin)); nm_assert (!out_iv || !*out_iv); NM_SET_OUT (out_key_type, NM_CRYPTO_KEY_TYPE_UNKNOWN); NM_SET_OUT (out_cipher, NM_CRYPTO_CIPHER_UNKNOWN); if (find_tag (PEM_RSA_KEY_BEGIN, data, data_len, 0, &start)) { key_type = NM_CRYPTO_KEY_TYPE_RSA; start_tag = PEM_RSA_KEY_BEGIN; end_tag = PEM_RSA_KEY_END; } else if (find_tag (PEM_DSA_KEY_BEGIN, data, data_len, 0, &start)) { key_type = NM_CRYPTO_KEY_TYPE_DSA; start_tag = PEM_DSA_KEY_BEGIN; end_tag = PEM_DSA_KEY_END; } else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("PEM key file had no start tag")); return FALSE; } start += strlen (start_tag); if (!find_tag (end_tag, data, data_len, start, &end)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("PEM key file had no end tag '%s'."), end_tag); return FALSE; } str_len = end - start + 1; str = g_new (char, str_len); str[0] = '\0'; str_p = str; data_start = &data[start]; data_end = &data[end]; while (data_start < data_end) { nm_auto_free_secret char *line = NULL; char *p; line = _extract_line (&data_start, data_end); if (!line) continue; p = nm_secret_strchomp (nm_str_skip_leading_spaces (line)); if (!strncmp (p, PROC_TYPE_TAG, strlen (PROC_TYPE_TAG))) { if (enc_tags++ != 0 || str_p != str) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Malformed PEM file: Proc-Type was not first tag.")); return FALSE; } p += strlen (PROC_TYPE_TAG); if (strcmp (p, "4,ENCRYPTED")) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Malformed PEM file: unknown Proc-Type tag '%s'."), p); return FALSE; } } else if (!strncmp (p, DEK_INFO_TAG, strlen (DEK_INFO_TAG))) { const NMCryptoCipherInfo *cipher_info; char *comma; gsize p_len; if (enc_tags++ != 1 || str_p != str) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Malformed PEM file: DEK-Info was not the second tag.")); return FALSE; } p += strlen (DEK_INFO_TAG); /* Grab the IV first */ comma = strchr (p, ','); if (!comma || (*(comma + 1) == '\0')) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Malformed PEM file: no IV found in DEK-Info tag.")); return FALSE; } p_len = comma - p; comma++; if (!g_ascii_isxdigit (*comma)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Malformed PEM file: invalid format of IV in DEK-Info tag.")); return FALSE; } nm_free_secret (iv); iv = g_strdup (comma); /* Get the private key cipher */ cipher_info = nm_crypto_cipher_get_info_by_name (p, p_len); if (!cipher_info) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Malformed PEM file: unknown private key cipher '%s'."), p); return FALSE; } cipher = cipher_info->cipher; } else { if (enc_tags == 1) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, "Malformed PEM file: both Proc-Type and DEK-Info tags are required."); return FALSE; } nm_utils_strbuf_append_str (&str_p, &str_len, p); nm_assert (str_len > 0); } } parsed.bin = (guint8 *) g_base64_decode (str, &parsed.len); if (!parsed.bin || parsed.len == 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Could not decode private key.")); nm_secret_ptr_clear (&parsed); return FALSE; } NM_SET_OUT (out_key_type, key_type); NM_SET_OUT (out_iv, g_steal_pointer (&iv)); NM_SET_OUT (out_cipher, cipher); nm_secret_ptr_move (out_parsed, &parsed); return TRUE; } static gboolean parse_pkcs8_key_file (const guint8 *data, gsize data_len, NMSecretPtr *parsed, gboolean *out_encrypted, GError **error) { gsize start = 0, end = 0; const char *start_tag = NULL, *end_tag = NULL; gboolean encrypted = FALSE; nm_auto_free_secret char *der_base64 = NULL; nm_assert (parsed); nm_assert (!parsed->bin); nm_assert (parsed->len == 0); nm_assert (out_encrypted); /* Try encrypted first, decrypted next */ if (find_tag (PEM_PKCS8_ENC_KEY_BEGIN, data, data_len, 0, &start)) { start_tag = PEM_PKCS8_ENC_KEY_BEGIN; end_tag = PEM_PKCS8_ENC_KEY_END; encrypted = TRUE; } else if (find_tag (PEM_PKCS8_DEC_KEY_BEGIN, data, data_len, 0, &start)) { start_tag = PEM_PKCS8_DEC_KEY_BEGIN; end_tag = PEM_PKCS8_DEC_KEY_END; encrypted = FALSE; } else { g_set_error_literal (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to find expected PKCS#8 start tag.")); return FALSE; } start += strlen (start_tag); if (!find_tag (end_tag, data, data_len, start, &end)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to find expected PKCS#8 end tag '%s'."), end_tag); return FALSE; } /* g_base64_decode() wants a NULL-terminated string */ der_base64 = g_strndup ((char *) &data[start], end - start); parsed->bin = (guint8 *) g_base64_decode (der_base64, &parsed->len); if (!parsed->bin || parsed->len == 0) { g_set_error_literal (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to decode PKCS#8 private key.")); nm_secret_ptr_clear (parsed); return FALSE; } *out_encrypted = encrypted; return TRUE; } static gboolean parse_tpm2_wrapped_key_file (const guint8 *data, gsize data_len, gboolean *out_encrypted, GError **error) { gsize start = 0, end = 0; const char *start_tag = NULL, *end_tag = NULL; nm_assert (out_encrypted); if (find_tag (PEM_TPM2_WRAPPED_KEY_BEGIN, data, data_len, 0, &start)) { start_tag = PEM_TPM2_WRAPPED_KEY_BEGIN; end_tag = PEM_TPM2_WRAPPED_KEY_END; } else if (find_tag (PEM_TPM2_OLD_WRAPPED_KEY_BEGIN, data, data_len, 0, &start)) { start_tag = PEM_TPM2_OLD_WRAPPED_KEY_BEGIN; end_tag = PEM_TPM2_OLD_WRAPPED_KEY_END; } else { g_set_error_literal (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to find expected TSS start tag.")); return FALSE; } start += strlen (start_tag); if (!find_tag (end_tag, data, data_len, start, &end)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to find expected TSS end tag '%s'."), end_tag); return FALSE; } *out_encrypted = FALSE; return TRUE; } static gboolean file_read_contents (const char *filename, NMSecretPtr *out_contents, GError **error) { nm_assert (out_contents); nm_assert (out_contents->len == 0); nm_assert (!out_contents->str); return nm_utils_file_get_contents (-1, filename, 100*1024*1024, NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET, &out_contents->str, &out_contents->len, NULL, error); } GBytes * nm_crypto_read_file (const char *filename, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; g_return_val_if_fail (filename, NULL); if (!file_read_contents (filename, &contents, error)) return NULL; return nm_secret_copy_to_gbytes (contents.bin, contents.len); } /* * Convert a hex string into bytes. */ static guint8 * _nmtst_convert_iv (const char *src, gsize *out_len, GError **error) { gsize i, num; gs_free guint8 *c = NULL; int c0, c1; nm_assert (src); num = strlen (src); if ( num == 0 || (num % 2) != 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("IV must be an even number of bytes in length.")); return NULL; } num /= 2; c = g_malloc (num + 1); /* defensively add trailing NUL. This function returns binary data, * do not assume it's NUL terminated. */ c[num] = '\0'; for (i = 0; i < num; i++) { if ( ((c0 = nm_utils_hexchar_to_int (*(src++))) < 0) || ((c1 = nm_utils_hexchar_to_int (*(src++))) < 0)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("IV contains non-hexadecimal digits.")); nm_explicit_bzero (c, i); return FALSE; } c[i] = (c0 << 4) + c1; } *out_len = num; return g_steal_pointer (&c); } guint8 * nmtst_crypto_make_des_aes_key (NMCryptoCipherType cipher, const guint8 *salt, gsize salt_len, const char *password, gsize *out_len, GError **error) { guint8 *key; const NMCryptoCipherInfo *cipher_info; g_return_val_if_fail (salt != NULL, NULL); g_return_val_if_fail (salt_len >= 8, NULL); g_return_val_if_fail (password != NULL, NULL); g_return_val_if_fail (out_len != NULL, NULL); *out_len = 0; cipher_info = nm_crypto_cipher_get_info (cipher); g_return_val_if_fail (cipher_info, NULL); if (password[0] == '\0') return NULL; key = g_malloc (cipher_info->digest_len); nm_crypto_md5_hash (salt, 8, (guint8 *) password, strlen (password), key, cipher_info->digest_len); *out_len = cipher_info->digest_len; return key; } static gboolean _nmtst_decrypt_key (NMCryptoCipherType cipher, const guint8 *data, gsize data_len, const char *iv, const char *password, NMSecretPtr *parsed, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr bin_iv = { 0 }; nm_auto_clear_secret_ptr NMSecretPtr key = { 0 }; nm_assert (password); nm_assert (cipher != NM_CRYPTO_CIPHER_UNKNOWN); nm_assert (iv); nm_assert (parsed); nm_assert (!parsed->bin); nm_assert (parsed->len == 0); bin_iv.bin = _nmtst_convert_iv (iv, &bin_iv.len, error); if (!bin_iv.bin) return FALSE; if (bin_iv.len < 8) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("IV must contain at least 8 characters")); return FALSE; } /* Convert the password and IV into a DES or AES key */ key.bin = nmtst_crypto_make_des_aes_key (cipher, bin_iv.bin, bin_iv.len, password, &key.len, error); if (!key.bin || !key.len) return FALSE; parsed->bin = _nmtst_crypto_decrypt (cipher, data, data_len, bin_iv.bin, bin_iv.len, key.bin, key.len, &parsed->len, error); if (!parsed->bin || parsed->len == 0) { nm_secret_ptr_clear (parsed); return FALSE; } return TRUE; } GBytes * nmtst_crypto_decrypt_openssl_private_key_data (const guint8 *data, gsize data_len, const char *password, NMCryptoKeyType *out_key_type, GError **error) { NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN; nm_auto_clear_secret_ptr NMSecretPtr parsed = { 0 }; nm_auto_free_secret char *iv = NULL; NMCryptoCipherType cipher = NM_CRYPTO_CIPHER_UNKNOWN; g_return_val_if_fail (data != NULL, NULL); NM_SET_OUT (out_key_type, NM_CRYPTO_KEY_TYPE_UNKNOWN); if (!_nm_crypto_init (error)) return NULL; if (!parse_old_openssl_key_file (data, data_len, &parsed, &key_type, &cipher, &iv, NULL)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Unable to determine private key type.")); return NULL; } NM_SET_OUT (out_key_type, key_type); if (password) { nm_auto_clear_secret_ptr NMSecretPtr parsed2 = { 0 }; if (cipher == NM_CRYPTO_CIPHER_UNKNOWN || !iv) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_PASSWORD, _("Password provided, but key was not encrypted.")); return NULL; } if (!_nmtst_decrypt_key (cipher, parsed.bin, parsed.len, iv, password, &parsed2, error)) return NULL; return nm_secret_copy_to_gbytes (parsed2.bin, parsed2.len); } if (cipher != NM_CRYPTO_CIPHER_UNKNOWN || iv) return NULL; return nm_secret_copy_to_gbytes (parsed.bin, parsed.len); } GBytes * nmtst_crypto_decrypt_openssl_private_key (const char *file, const char *password, NMCryptoKeyType *out_key_type, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; if (!_nm_crypto_init (error)) return NULL; if (!file_read_contents (file, &contents, error)) return NULL; return nmtst_crypto_decrypt_openssl_private_key_data (contents.bin, contents.len, password, out_key_type, error); } static gboolean extract_pem_cert_data (const guint8 *contents, gsize contents_len, NMSecretPtr *out_cert, GError **error) { gsize start = 0; gsize end = 0; nm_auto_free_secret char *der_base64 = NULL; nm_assert (contents); nm_assert (out_cert); nm_assert (out_cert->len == 0); nm_assert (!out_cert->ptr); if (!find_tag (PEM_CERT_BEGIN, contents, contents_len, 0, &start)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("PEM certificate had no start tag '%s'."), PEM_CERT_BEGIN); return FALSE; } start += strlen (PEM_CERT_BEGIN); if (!find_tag (PEM_CERT_END, contents, contents_len, start, &end)) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("PEM certificate had no end tag '%s'."), PEM_CERT_END); return FALSE; } /* g_base64_decode() wants a NULL-terminated string */ der_base64 = g_strndup ((const char *) &contents[start], end - start); out_cert->bin = (guint8 *) g_base64_decode (der_base64, &out_cert->len); if (!out_cert->bin || !out_cert->len) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to decode certificate.")); nm_secret_ptr_clear (out_cert); return FALSE; } return TRUE; } gboolean nm_crypto_load_and_verify_certificate (const char *file, NMCryptoFileFormat *out_file_format, GBytes **out_certificate, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; g_return_val_if_fail (file, FALSE); nm_assert (!error || !*error); if (!_nm_crypto_init (error)) goto out; if (!file_read_contents (file, &contents, error)) goto out; if (contents.len == 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Certificate file is empty")); goto out; } /* Check for PKCS#12 */ if (nm_crypto_is_pkcs12_data (contents.bin, contents.len, NULL)) { NM_SET_OUT (out_file_format, NM_CRYPTO_FILE_FORMAT_PKCS12); NM_SET_OUT (out_certificate, nm_secret_copy_to_gbytes (contents.bin, contents.len)); return TRUE; } /* Check for plain DER format */ if (contents.len > 2 && contents.bin[0] == 0x30 && contents.bin[1] == 0x82) { if (_nm_crypto_verify_x509 (contents.bin, contents.len, NULL)) { NM_SET_OUT (out_file_format, NM_CRYPTO_FILE_FORMAT_X509); NM_SET_OUT (out_certificate, nm_secret_copy_to_gbytes (contents.bin, contents.len)); return TRUE; } } else { nm_auto_clear_secret_ptr NMSecretPtr pem_cert = { 0 }; if (extract_pem_cert_data (contents.bin, contents.len, &pem_cert, NULL)) { if (_nm_crypto_verify_x509 (pem_cert.bin, pem_cert.len, NULL)) { NM_SET_OUT (out_file_format, NM_CRYPTO_FILE_FORMAT_X509); NM_SET_OUT (out_certificate, nm_secret_copy_to_gbytes (contents.bin, contents.len)); return TRUE; } } } g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Failed to recognize certificate")); out: NM_SET_OUT (out_file_format, NM_CRYPTO_FILE_FORMAT_UNKNOWN); NM_SET_OUT (out_certificate, NULL); return FALSE; } gboolean nm_crypto_is_pkcs12_data (const guint8 *data, gsize data_len, GError **error) { GError *local = NULL; gboolean success; if (!data_len) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Certificate file is empty")); return FALSE; } g_return_val_if_fail (data != NULL, FALSE); if (!_nm_crypto_init (error)) return FALSE; success = _nm_crypto_verify_pkcs12 (data, data_len, NULL, &local); if (success == FALSE) { /* If the error was just a decryption error, then it's pkcs#12 */ if (local) { if (g_error_matches (local, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_DECRYPTION_FAILED)) { success = TRUE; g_error_free (local); } else g_propagate_error (error, local); } } return success; } gboolean nm_crypto_is_pkcs12_file (const char *file, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; g_return_val_if_fail (file != NULL, FALSE); if (!_nm_crypto_init (error)) return FALSE; if (!file_read_contents (file, &contents, error)) return FALSE; return nm_crypto_is_pkcs12_data (contents.bin, contents.len, error); } /* Verifies that a private key can be read, and if a password is given, that * the private key can be decrypted with that password. */ NMCryptoFileFormat nm_crypto_verify_private_key_data (const guint8 *data, gsize data_len, const char *password, gboolean *out_is_encrypted, GError **error) { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; gboolean is_encrypted = FALSE; g_return_val_if_fail (data != NULL, NM_CRYPTO_FILE_FORMAT_UNKNOWN); g_return_val_if_fail (out_is_encrypted == NULL || *out_is_encrypted == FALSE, NM_CRYPTO_FILE_FORMAT_UNKNOWN); if (!_nm_crypto_init (error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; /* Check for PKCS#12 first */ if (nm_crypto_is_pkcs12_data (data, data_len, NULL)) { is_encrypted = TRUE; if ( !password || _nm_crypto_verify_pkcs12 (data, data_len, password, error)) format = NM_CRYPTO_FILE_FORMAT_PKCS12; } else { nm_auto_clear_secret_ptr NMSecretPtr parsed = { 0 }; /* Maybe it's PKCS#8 */ if (parse_pkcs8_key_file (data, data_len, &parsed, &is_encrypted, NULL)) { if ( !password || _nm_crypto_verify_pkcs8 (parsed.bin, parsed.len, is_encrypted, password, error)) format = NM_CRYPTO_FILE_FORMAT_RAW_KEY; } else if (parse_tpm2_wrapped_key_file (data, data_len, &is_encrypted, NULL)) { format = NM_CRYPTO_FILE_FORMAT_RAW_KEY; } else { NMCryptoCipherType cipher; nm_auto_free_secret char *iv = NULL; /* Or it's old-style OpenSSL */ if (parse_old_openssl_key_file (data, data_len, NULL, NULL, &cipher, &iv, NULL)) { format = NM_CRYPTO_FILE_FORMAT_RAW_KEY; is_encrypted = (cipher != NM_CRYPTO_CIPHER_UNKNOWN && iv); } } } if ( format == NM_CRYPTO_FILE_FORMAT_UNKNOWN && error && !*error) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("not a valid private key")); } if (out_is_encrypted) *out_is_encrypted = is_encrypted; return format; } NMCryptoFileFormat nm_crypto_verify_private_key (const char *filename, const char *password, gboolean *out_is_encrypted, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; g_return_val_if_fail (filename != NULL, NM_CRYPTO_FILE_FORMAT_UNKNOWN); if (!_nm_crypto_init (error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; if (!file_read_contents (filename, &contents, error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; return nm_crypto_verify_private_key_data (contents.bin, contents.len, password, out_is_encrypted, error); } void nm_crypto_md5_hash (const guint8 *salt, gsize salt_len, const guint8 *password, gsize password_len, guint8 *buffer, gsize buflen) { nm_auto_free_checksum GChecksum *ctx = NULL; nm_auto_clear_static_secret_ptr const NMSecretPtr digest = NM_SECRET_PTR_STATIC (NM_UTILS_CHECKSUM_LENGTH_MD5); gsize bufidx = 0; int i; g_return_if_fail (password_len == 0 || password); g_return_if_fail (buffer); g_return_if_fail (buflen > 0); g_return_if_fail (salt_len == 0 || salt); ctx = g_checksum_new (G_CHECKSUM_MD5); for (;;) { if (password_len > 0) g_checksum_update (ctx, (const guchar *) password, password_len); if (salt_len > 0) g_checksum_update (ctx, (const guchar *) salt, salt_len); nm_utils_checksum_get_digest_len (ctx, digest.bin, NM_UTILS_CHECKSUM_LENGTH_MD5); for (i = 0; i < NM_UTILS_CHECKSUM_LENGTH_MD5; i++) { if (bufidx >= buflen) return; buffer[bufidx++] = digest.bin[i]; } g_checksum_reset (ctx); g_checksum_update (ctx, digest.ptr, NM_UTILS_CHECKSUM_LENGTH_MD5); } } gboolean nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error) { return _nm_crypto_randomize (buffer, buffer_len, error); } /** * nmtst_crypto_rsa_key_encrypt: * @data: (array length=len): RSA private key data to be encrypted * @len: length of @data * @in_password: (allow-none): existing password to use, if any * @out_password: (out) (allow-none): if @in_password was %NULL, a random * password will be generated and returned in this argument * @error: detailed error information on return, if an error occurred * * Encrypts the given RSA private key data with the given password (or generates * a password if no password was given) and converts the data to PEM format * suitable for writing to a file. It uses Triple DES cipher for the encryption. * * Returns: (transfer full): on success, PEM-formatted data suitable for writing * to a PEM-formatted certificate/private key file. **/ GBytes * nmtst_crypto_rsa_key_encrypt (const guint8 *data, gsize len, const char *in_password, char **out_password, GError **error) { guint8 salt[8]; nm_auto_clear_secret_ptr NMSecretPtr key = { 0 }; nm_auto_clear_secret_ptr NMSecretPtr enc = { 0 }; gs_unref_ptrarray GPtrArray *pem = NULL; nm_auto_free_secret char *tmp_password = NULL; nm_auto_free_secret char *enc_base64 = NULL; gsize enc_base64_len; const char *p; gsize ret_len, ret_idx; guint i; NMSecretBuf *ret; g_return_val_if_fail (data, NULL); g_return_val_if_fail (len > 0, NULL); g_return_val_if_fail (!out_password || !*out_password, NULL); /* Make the password if needed */ if (!in_password) { nm_auto_clear_static_secret_ptr NMSecretPtr pw_buf = NM_SECRET_PTR_STATIC (32); if (!nm_crypto_randomize (pw_buf.bin, pw_buf.len, error)) return NULL; tmp_password = nm_utils_bin2hexstr (pw_buf.bin, pw_buf.len, -1); in_password = tmp_password; } if (!nm_crypto_randomize (salt, sizeof (salt), error)) return NULL; key.bin = nmtst_crypto_make_des_aes_key (NM_CRYPTO_CIPHER_DES_EDE3_CBC, salt, sizeof (salt), in_password, &key.len, NULL); if (!key.bin) g_return_val_if_reached (NULL); enc.bin = _nmtst_crypto_encrypt (NM_CRYPTO_CIPHER_DES_EDE3_CBC, data, len, salt, sizeof (salt), key.bin, key.len, &enc.len, error); if (!enc.bin) return NULL; /* What follows is not the most efficient way to construct the pem * file line-by-line. At least, it makes sure, that the data will be cleared * again and not left around in memory. * * If this would not be test code, we should improve the implementation * to avoid some of the copying. */ pem = g_ptr_array_new_with_free_func ((GDestroyNotify) nm_free_secret); g_ptr_array_add (pem, g_strdup ("-----BEGIN RSA PRIVATE KEY-----\n")); g_ptr_array_add (pem, g_strdup ("Proc-Type: 4,ENCRYPTED\n")); /* Convert the salt to a hex string */ g_ptr_array_add (pem, g_strdup_printf ("DEK-Info: %s,", nm_crypto_cipher_get_info (NM_CRYPTO_CIPHER_DES_EDE3_CBC)->name)); g_ptr_array_add (pem, nm_utils_bin2hexstr (salt, sizeof (salt), sizeof (salt) * 2)); g_ptr_array_add (pem, g_strdup ("\n\n")); /* Convert the encrypted key to a base64 string */ enc_base64 = g_base64_encode ((const guchar *) enc.bin, enc.len); enc_base64_len = strlen (enc_base64); for (p = enc_base64; (p - enc_base64) < (ptrdiff_t) enc_base64_len; p += 64) { g_ptr_array_add (pem, g_strndup (p, 64)); g_ptr_array_add (pem, g_strdup ("\n")); } g_ptr_array_add (pem, g_strdup ("-----END RSA PRIVATE KEY-----\n")); ret_len = 0; for (i = 0; i < pem->len; i++) ret_len += strlen (pem->pdata[i]); ret = nm_secret_buf_new (ret_len + 1); ret_idx = 0; for (i = 0; i < pem->len; i++) { const char *line = pem->pdata[i]; gsize line_l = strlen (line); memcpy (&ret->bin[ret_idx], line, line_l); ret_idx += line_l; nm_assert (ret_idx <= ret_len); } nm_assert (ret_idx == ret_len); ret->bin[ret_len] = '\0'; NM_SET_OUT (out_password, g_strdup (tmp_password)); return nm_secret_buf_to_gbytes_take (ret, ret_len); }