Coverage Report

Created: 2024-06-20 06:28

/src/gnutls/lib/x509/privkey_pkcs8_pbes1.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2016 Red Hat
3
 *
4
 * Author: Nikos Mavrogiannopoulos
5
 *
6
 * This file is part of GnuTLS.
7
 *
8
 * The GnuTLS is free software; you can redistribute it and/or
9
 * modify it under the terms of the GNU Lesser General Public License
10
 * as published by the Free Software Foundation; either version 2.1 of
11
 * the License, or (at your option) any later version.
12
 *
13
 * This library is distributed in the hope that it will be useful, but
14
 * WITHOUT ANY WARRANTY; without even the implied warranty of
15
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16
 * Lesser General Public License for more details.
17
 *
18
 * You should have received a copy of the GNU Lesser General Public License
19
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
20
 *
21
 */
22
23
#include "gnutls_int.h"
24
25
#include "datum.h"
26
#include "global.h"
27
#include "errors.h"
28
#include "common.h"
29
#include "x509.h"
30
#include "x509_b64.h"
31
#include "x509_int.h"
32
#include "pkcs7_int.h"
33
#include "algorithms.h"
34
#include <nettle/md5.h>
35
36
/* This file includes support for PKCS#8 PBES1 with DES and MD5.
37
 * We only support decryption for compatibility with other software.
38
 */
39
40
int _gnutls_read_pbkdf1_params(const uint8_t *data, int data_size,
41
             struct pbkdf2_params *kdf_params,
42
             struct pbe_enc_params *enc_params)
43
0
{
44
0
  asn1_node pasn = NULL;
45
0
  int len;
46
0
  int ret, result;
47
48
0
  memset(kdf_params, 0, sizeof(*kdf_params));
49
0
  memset(enc_params, 0, sizeof(*enc_params));
50
51
0
  if ((result = asn1_create_element(_gnutls_get_pkix(),
52
0
            "PKIX1.pkcs-5-PBE-params", &pasn)) !=
53
0
      ASN1_SUCCESS) {
54
0
    gnutls_assert();
55
0
    return _gnutls_asn2err(result);
56
0
  }
57
58
  /* Decode the parameters.
59
   */
60
0
  result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
61
0
  if (result != ASN1_SUCCESS) {
62
0
    gnutls_assert();
63
0
    ret = _gnutls_asn2err(result);
64
0
    goto error;
65
0
  }
66
67
0
  ret = _gnutls_x509_read_uint(pasn, "iterationCount",
68
0
             &kdf_params->iter_count);
69
0
  if (ret < 0) {
70
0
    gnutls_assert();
71
0
    goto error;
72
0
  }
73
74
0
  if (kdf_params->iter_count >= MAX_ITER_COUNT ||
75
0
      kdf_params->iter_count == 0) {
76
0
    ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
77
0
    goto error;
78
0
  }
79
80
0
  len = sizeof(kdf_params->salt);
81
0
  result = asn1_read_value(pasn, "salt", kdf_params->salt, &len);
82
0
  if (result != ASN1_SUCCESS) {
83
0
    gnutls_assert();
84
0
    ret = _gnutls_asn2err(result);
85
0
    goto error;
86
0
  }
87
88
0
  if (len != 8) {
89
0
    gnutls_assert();
90
0
    ret = GNUTLS_E_ILLEGAL_PARAMETER;
91
0
    goto error;
92
0
  }
93
94
0
  enc_params->cipher = GNUTLS_CIPHER_DES_CBC;
95
96
0
  ret = 0;
97
0
error:
98
0
  asn1_delete_structure2(&pasn, ASN1_DELETE_FLAG_ZEROIZE);
99
0
  return ret;
100
0
}
101
102
static void pbkdf1_md5(const char *password, unsigned password_len,
103
           const uint8_t salt[8], unsigned iter_count,
104
           unsigned key_size, uint8_t *key)
105
0
{
106
0
  struct md5_ctx ctx;
107
0
  uint8_t tmp[16];
108
0
  unsigned i;
109
110
0
  if (key_size > sizeof(tmp))
111
0
    abort();
112
113
0
  for (i = 0; i < iter_count; i++) {
114
0
    md5_init(&ctx);
115
0
    if (i == 0) {
116
0
      md5_update(&ctx, password_len, (uint8_t *)password);
117
0
      md5_update(&ctx, 8, salt);
118
0
      md5_digest(&ctx, 16, tmp);
119
0
    } else {
120
0
      md5_update(&ctx, 16, tmp);
121
0
      md5_digest(&ctx, 16, tmp);
122
0
    }
123
0
  }
124
125
0
  memcpy(key, tmp, key_size);
126
0
  return;
127
0
}
128
129
int _gnutls_decrypt_pbes1_des_md5_data(const char *password,
130
               unsigned password_len,
131
               const struct pbkdf2_params *kdf_params,
132
               const struct pbe_enc_params *enc_params,
133
               const gnutls_datum_t *encrypted_data,
134
               gnutls_datum_t *decrypted_data)
135
0
{
136
0
  int result;
137
0
  gnutls_datum_t dkey, d_iv;
138
0
  gnutls_cipher_hd_t ch;
139
0
  uint8_t key[16];
140
0
  const unsigned block_size = 8;
141
142
0
  if (enc_params->cipher != GNUTLS_CIPHER_DES_CBC)
143
0
    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
144
145
0
  if (encrypted_data->size % block_size != 0)
146
0
    return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
147
148
  /* generate the key
149
   */
150
0
  pbkdf1_md5(password, password_len, kdf_params->salt,
151
0
       kdf_params->iter_count, sizeof(key), key);
152
153
0
  dkey.data = key;
154
0
  dkey.size = 8;
155
0
  d_iv.data = &key[8];
156
0
  d_iv.size = 8;
157
0
  result = gnutls_cipher_init(&ch, GNUTLS_CIPHER_DES_CBC, &dkey, &d_iv);
158
0
  if (result < 0) {
159
0
    _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
160
0
    return gnutls_assert_val(result);
161
0
  }
162
0
  _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
163
164
0
  result = gnutls_cipher_decrypt(ch, encrypted_data->data,
165
0
               encrypted_data->size);
166
0
  if (result < 0) {
167
0
    gnutls_assert();
168
0
    goto error;
169
0
  }
170
171
0
  if ((int)encrypted_data->size -
172
0
        encrypted_data->data[encrypted_data->size - 1] <
173
0
      0) {
174
0
    gnutls_assert();
175
0
    result = GNUTLS_E_ILLEGAL_PARAMETER;
176
0
    goto error;
177
0
  }
178
179
0
  decrypted_data->data = encrypted_data->data;
180
0
  decrypted_data->size = encrypted_data->size -
181
0
             encrypted_data->data[encrypted_data->size - 1];
182
183
0
  result = 0;
184
0
error:
185
0
  gnutls_cipher_deinit(ch);
186
187
0
  return result;
188
0
}