28 #if defined(POLARSSL_PEM_C)
40 static void polarssl_zeroize(
void *v,
size_t n ) {
41 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
49 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
53 static int pem_get_iv(
const unsigned char *s,
unsigned char *iv,
size_t iv_len )
57 memset( iv, 0, iv_len );
59 for( i = 0; i < iv_len * 2; i++, s++ )
61 if( *s >=
'0' && *s <=
'9' ) j = *s -
'0';
else
62 if( *s >=
'A' && *s <=
'F' ) j = *s -
'7';
else
63 if( *s >=
'a' && *s <=
'f' ) j = *s -
'W';
else
66 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
68 iv[i >> 1] = (
unsigned char)( iv[i >> 1] | k );
74 static void pem_pbkdf1(
unsigned char *key,
size_t keylen,
76 const unsigned char *pwd,
size_t pwdlen )
79 unsigned char md5sum[16];
92 memcpy( key, md5sum, keylen );
94 polarssl_zeroize( &md5_ctx,
sizeof( md5_ctx ) );
95 polarssl_zeroize( md5sum, 16 );
99 memcpy( key, md5sum, 16 );
112 use_len = keylen - 16;
114 memcpy( key + 16, md5sum, use_len );
116 polarssl_zeroize( &md5_ctx,
sizeof( md5_ctx ) );
117 polarssl_zeroize( md5sum, 16 );
120 #if defined(POLARSSL_DES_C)
124 static void pem_des_decrypt(
unsigned char des_iv[8],
125 unsigned char *buf,
size_t buflen,
126 const unsigned char *pwd,
size_t pwdlen )
129 unsigned char des_key[8];
131 pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
137 polarssl_zeroize( &des_ctx,
sizeof( des_ctx ) );
138 polarssl_zeroize( des_key, 8 );
144 static void pem_des3_decrypt(
unsigned char des3_iv[8],
145 unsigned char *buf,
size_t buflen,
146 const unsigned char *pwd,
size_t pwdlen )
149 unsigned char des3_key[24];
151 pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
157 polarssl_zeroize( &des3_ctx,
sizeof( des3_ctx ) );
158 polarssl_zeroize( des3_key, 24 );
162 #if defined(POLARSSL_AES_C)
166 static void pem_aes_decrypt(
unsigned char aes_iv[16],
unsigned int keylen,
167 unsigned char *buf,
size_t buflen,
168 const unsigned char *pwd,
size_t pwdlen )
171 unsigned char aes_key[32];
173 pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
179 polarssl_zeroize( &aes_ctx,
sizeof( aes_ctx ) );
180 polarssl_zeroize( aes_key, keylen );
186 int pem_read_buffer(
pem_context *ctx,
char *header,
char *footer,
const unsigned char *data,
const unsigned char *pwd,
size_t pwdlen,
size_t *use_len )
191 const unsigned char *s1, *s2, *end;
192 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
193 unsigned char pem_iv[16];
203 s1 = (
unsigned char *) strstr( (
const char *) data, header );
208 s2 = (
unsigned char *) strstr( (
const char *) data, footer );
210 if( s2 == NULL || s2 <= s1 )
213 s1 += strlen( header );
214 if( *s1 ==
'\r' ) s1++;
215 if( *s1 ==
'\n' ) s1++;
219 end += strlen( footer );
220 if( *end ==
'\r' ) end++;
221 if( *end ==
'\n' ) end++;
222 *use_len = end - data;
226 if( memcmp( s1,
"Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
228 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
232 if( *s1 ==
'\r' ) s1++;
233 if( *s1 ==
'\n' ) s1++;
237 #if defined(POLARSSL_DES_C)
238 if( memcmp( s1,
"DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
243 if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
248 else if( memcmp( s1,
"DEK-Info: DES-CBC,", 18 ) == 0 )
253 if( pem_get_iv( s1, pem_iv, 8) != 0 )
260 #if defined(POLARSSL_AES_C)
261 if( memcmp( s1,
"DEK-Info: AES-", 14 ) == 0 )
263 if( memcmp( s1,
"DEK-Info: AES-128-CBC,", 22 ) == 0 )
265 else if( memcmp( s1,
"DEK-Info: AES-192-CBC,", 22 ) == 0 )
267 else if( memcmp( s1,
"DEK-Info: AES-256-CBC,", 22 ) == 0 )
273 if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
283 if( *s1 ==
'\r' ) s1++;
284 if( *s1 ==
'\n' ) s1++;
297 if( ( buf = (
unsigned char *) malloc( len ) ) == NULL )
308 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
315 #if defined(POLARSSL_DES_C)
317 pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
319 pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
322 #if defined(POLARSSL_AES_C)
324 pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
326 pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
328 pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
331 if( buf[0] != 0x30 || buf[1] != 0x82 ||
332 buf[4] != 0x02 || buf[5] != 0x01 )