26 #if !defined(POLARSSL_CONFIG_FILE)
29 #include POLARSSL_CONFIG_FILE
32 #if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
40 #if defined(POLARSSL_PLATFORM_C)
43 #define polarssl_malloc malloc
44 #define polarssl_free free
50 static void polarssl_zeroize(
void *v,
size_t n ) {
51 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
54 #if defined(POLARSSL_PEM_PARSE_C)
55 void pem_init( pem_context *ctx )
57 memset( ctx, 0,
sizeof( pem_context ) );
60 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
61 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
65 static int pem_get_iv(
const unsigned char *s,
unsigned char *iv,
70 memset( iv, 0, iv_len );
72 for( i = 0; i < iv_len * 2; i++, s++ )
74 if( *s >=
'0' && *s <=
'9' ) j = *s -
'0';
else
75 if( *s >=
'A' && *s <=
'F' ) j = *s -
'7';
else
76 if( *s >=
'a' && *s <=
'f' ) j = *s -
'W';
else
79 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
81 iv[i >> 1] = (
unsigned char)( iv[i >> 1] | k );
87 static void pem_pbkdf1(
unsigned char *key,
size_t keylen,
89 const unsigned char *pwd,
size_t pwdlen )
92 unsigned char md5sum[16];
107 memcpy( key, md5sum, keylen );
110 polarssl_zeroize( md5sum, 16 );
114 memcpy( key, md5sum, 16 );
127 use_len = keylen - 16;
129 memcpy( key + 16, md5sum, use_len );
132 polarssl_zeroize( md5sum, 16 );
135 #if defined(POLARSSL_DES_C)
139 static void pem_des_decrypt(
unsigned char des_iv[8],
140 unsigned char *buf,
size_t buflen,
141 const unsigned char *pwd,
size_t pwdlen )
144 unsigned char des_key[8];
148 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
155 polarssl_zeroize( des_key, 8 );
161 static void pem_des3_decrypt(
unsigned char des3_iv[8],
162 unsigned char *buf,
size_t buflen,
163 const unsigned char *pwd,
size_t pwdlen )
166 unsigned char des3_key[24];
170 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
177 polarssl_zeroize( des3_key, 24 );
181 #if defined(POLARSSL_AES_C)
185 static void pem_aes_decrypt(
unsigned char aes_iv[16],
unsigned int keylen,
186 unsigned char *buf,
size_t buflen,
187 const unsigned char *pwd,
size_t pwdlen )
190 unsigned char aes_key[32];
194 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
201 polarssl_zeroize( aes_key, keylen );
208 int pem_read_buffer( pem_context *ctx,
const char *header,
const char *footer,
209 const unsigned char *data,
const unsigned char *pwd,
210 size_t pwdlen,
size_t *use_len )
215 const unsigned char *s1, *s2, *end;
216 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
217 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
218 unsigned char pem_iv[16];
229 s1 = (
unsigned char *) strstr( (
const char *) data, header );
234 s2 = (
unsigned char *) strstr( (
const char *) data, footer );
236 if( s2 == NULL || s2 <= s1 )
239 s1 += strlen( header );
240 if( *s1 ==
'\r' ) s1++;
241 if( *s1 ==
'\n' ) s1++;
245 end += strlen( footer );
246 if( *end ==
'\r' ) end++;
247 if( *end ==
'\n' ) end++;
248 *use_len = end - data;
252 if( memcmp( s1,
"Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
254 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
255 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
259 if( *s1 ==
'\r' ) s1++;
260 if( *s1 ==
'\n' ) s1++;
264 #if defined(POLARSSL_DES_C)
265 if( memcmp( s1,
"DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
270 if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
275 else if( memcmp( s1,
"DEK-Info: DES-CBC,", 18 ) == 0 )
280 if( pem_get_iv( s1, pem_iv, 8) != 0 )
287 #if defined(POLARSSL_AES_C)
288 if( memcmp( s1,
"DEK-Info: AES-", 14 ) == 0 )
290 if( memcmp( s1,
"DEK-Info: AES-128-CBC,", 22 ) == 0 )
292 else if( memcmp( s1,
"DEK-Info: AES-192-CBC,", 22 ) == 0 )
294 else if( memcmp( s1,
"DEK-Info: AES-256-CBC,", 22 ) == 0 )
300 if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
310 if( *s1 ==
'\r' ) s1++;
311 if( *s1 ==
'\n' ) s1++;
336 #if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \
337 ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
344 #if defined(POLARSSL_DES_C)
346 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
348 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
351 #if defined(POLARSSL_AES_C)
353 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
355 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
357 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
366 if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
384 void pem_free( pem_context *ctx )
389 polarssl_zeroize( ctx,
sizeof( pem_context ) );
393 #if defined(POLARSSL_PEM_WRITE_C)
394 int pem_write_buffer(
const char *header,
const char *footer,
395 const unsigned char *der_data,
size_t der_len,
396 unsigned char *buf,
size_t buf_len,
size_t *olen )
399 unsigned char *encode_buf, *c, *p = buf;
400 size_t len = 0, use_len = 0, add_len = 0;
403 add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
405 if( use_len + add_len > buf_len )
407 *olen = use_len + add_len;
421 memcpy( p, header, strlen( header ) );
422 p += strlen( header );
427 len = ( use_len > 64 ) ? 64 : use_len;
435 memcpy( p, footer, strlen( footer ) );
436 p += strlen( footer );