1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
2 /* NetworkManager Wireless Applet -- Display wireless access points and allow user control
4 * Dan Williams <dcbw@redhat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the
18 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19 * Boston, MA 02110-1301 USA.
21 * Copyright 2007 - 2015 Red Hat, Inc.
24 #include "nm-default.h"
26 #include <gnutls/gnutls.h>
27 #include <gnutls/crypto.h>
28 #include <gnutls/x509.h>
29 #include <gnutls/pkcs12.h>
32 #include "nm-errors.h"
36 static gboolean initialized = FALSE;
39 crypto_init (GError **error)
44 if (gnutls_global_init() != 0) {
45 gnutls_global_deinit();
46 g_set_error_literal (error, NM_CRYPTO_ERROR,
47 NM_CRYPTO_ERROR_FAILED,
48 _("Failed to initialize the crypto engine."));
57 crypto_decrypt (const char *cipher,
68 gnutls_cipher_hd_t ctx;
69 gnutls_datum_t key_dt, iv_dt;
73 gboolean success = FALSE;
74 gsize pad_len, real_iv_len;
76 if (!crypto_init (error))
79 if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
80 cipher_mech = GNUTLS_CIPHER_3DES_CBC;
81 real_iv_len = SALT_LEN;
82 } else if (!strcmp (cipher, CIPHER_DES_CBC)) {
83 cipher_mech = GNUTLS_CIPHER_DES_CBC;
84 real_iv_len = SALT_LEN;
85 } else if (!strcmp (cipher, CIPHER_AES_CBC)) {
86 cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
89 g_set_error (error, NM_CRYPTO_ERROR,
90 NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
91 _("Private key cipher '%s' was unknown."),
96 if (iv_len < real_iv_len) {
97 g_set_error (error, NM_CRYPTO_ERROR,
98 NM_CRYPTO_ERROR_INVALID_DATA,
99 _("Invalid IV length (must be at least %zd)."),
104 output = g_malloc0 (data_len);
106 key_dt.data = (unsigned char *) key;
107 key_dt.size = key_len;
108 iv_dt.data = (unsigned char *) iv;
111 err = gnutls_cipher_init (&ctx, cipher_mech, &key_dt, &iv_dt);
113 g_set_error (error, NM_CRYPTO_ERROR,
114 NM_CRYPTO_ERROR_DECRYPTION_FAILED,
115 _("Failed to initialize the decryption cipher context: %s (%s)"),
116 gnutls_strerror_name (err), gnutls_strerror (err));
120 err = gnutls_cipher_decrypt2 (ctx, data, data_len, output, data_len);
122 g_set_error (error, NM_CRYPTO_ERROR,
123 NM_CRYPTO_ERROR_DECRYPTION_FAILED,
124 _("Failed to decrypt the private key: %s (%s)"),
125 gnutls_strerror_name (err), gnutls_strerror (err));
128 pad_len = output[data_len - 1];
130 /* Check if the padding at the end of the decrypted data is valid */
131 if (pad_len == 0 || pad_len > real_iv_len) {
132 g_set_error (error, NM_CRYPTO_ERROR,
133 NM_CRYPTO_ERROR_DECRYPTION_FAILED,
134 _("Failed to decrypt the private key: unexpected padding length."));
138 /* Validate tail padding; last byte is the padding size, and all pad bytes
139 * should contain the padding size.
141 for (i = 1; i <= pad_len; ++i) {
142 if (output[data_len - i] != pad_len) {
143 g_set_error (error, NM_CRYPTO_ERROR,
144 NM_CRYPTO_ERROR_DECRYPTION_FAILED,
145 _("Failed to decrypt the private key."));
150 *out_len = data_len - pad_len;
156 /* Don't expose key material */
157 memset (output, 0, data_len);
162 gnutls_cipher_deinit (ctx);
167 crypto_encrypt (const char *cipher,
177 gnutls_cipher_hd_t ctx;
178 gnutls_datum_t key_dt, iv_dt;
182 gboolean success = FALSE;
183 gsize padded_buf_len, pad_len, output_len;
184 char *padded_buf = NULL;
187 if (!crypto_init (error))
190 if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
191 cipher_mech = GNUTLS_CIPHER_3DES_CBC;
192 else if (!strcmp (cipher, CIPHER_AES_CBC))
193 cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
195 g_set_error (error, NM_CRYPTO_ERROR,
196 NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
197 _("Private key cipher '%s' was unknown."),
202 /* If data_len % ivlen == 0, then we add another complete block
203 * onto the end so that the decrypter knows there's padding.
205 pad_len = iv_len - (data_len % iv_len);
206 output_len = padded_buf_len = data_len + pad_len;
207 padded_buf = g_malloc0 (padded_buf_len);
209 memcpy (padded_buf, data, data_len);
210 for (i = 0; i < pad_len; i++)
211 padded_buf[data_len + i] = (guint8) (pad_len & 0xFF);
213 output = g_malloc0 (output_len);
215 key_dt.data = (unsigned char *) key;
216 key_dt.size = key_len;
217 iv_dt.data = (unsigned char *) iv;
220 err = gnutls_cipher_init (&ctx, cipher_mech, &key_dt, &iv_dt);
222 g_set_error (error, NM_CRYPTO_ERROR,
223 NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
224 _("Failed to initialize the encryption cipher context: %s (%s)"),
225 gnutls_strerror_name (err), gnutls_strerror (err));
229 err = gnutls_cipher_encrypt2 (ctx, padded_buf, padded_buf_len, output, output_len);
231 g_set_error (error, NM_CRYPTO_ERROR,
232 NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
233 _("Failed to encrypt the data: %s (%s)"),
234 gnutls_strerror_name (err), gnutls_strerror (err));
238 *out_len = output_len;
243 memset (padded_buf, 0, padded_buf_len);
250 /* Don't expose key material */
251 memset (output, 0, output_len);
256 gnutls_cipher_deinit (ctx);
261 crypto_verify_cert (const unsigned char *data,
265 gnutls_x509_crt_t der;
269 if (!crypto_init (error))
270 return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
272 err = gnutls_x509_crt_init (&der);
274 g_set_error (error, NM_CRYPTO_ERROR,
275 NM_CRYPTO_ERROR_INVALID_DATA,
276 _("Error initializing certificate data: %s"),
277 gnutls_strerror (err));
278 return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
282 dt.data = (unsigned char *) data;
284 err = gnutls_x509_crt_import (der, &dt, GNUTLS_X509_FMT_DER);
285 if (err == GNUTLS_E_SUCCESS) {
286 gnutls_x509_crt_deinit (der);
287 return NM_CRYPTO_FILE_FORMAT_X509;
291 err = gnutls_x509_crt_import (der, &dt, GNUTLS_X509_FMT_PEM);
292 gnutls_x509_crt_deinit (der);
293 if (err == GNUTLS_E_SUCCESS)
294 return NM_CRYPTO_FILE_FORMAT_X509;
296 g_set_error (error, NM_CRYPTO_ERROR,
297 NM_CRYPTO_ERROR_INVALID_DATA,
298 _("Couldn't decode certificate: %s"),
299 gnutls_strerror (err));
300 return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
304 crypto_verify_pkcs12 (const guint8 *data,
306 const char *password,
311 gboolean success = FALSE;
314 g_return_val_if_fail (data != NULL, FALSE);
316 if (!crypto_init (error))
319 dt.data = (unsigned char *) data;
322 err = gnutls_pkcs12_init (&p12);
324 g_set_error (error, NM_CRYPTO_ERROR,
325 NM_CRYPTO_ERROR_FAILED,
326 _("Couldn't initialize PKCS#12 decoder: %s"),
327 gnutls_strerror (err));
332 err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_DER, 0);
335 err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_PEM, 0);
337 g_set_error (error, NM_CRYPTO_ERROR,
338 NM_CRYPTO_ERROR_INVALID_DATA,
339 _("Couldn't decode PKCS#12 file: %s"),
340 gnutls_strerror (err));
345 err = gnutls_pkcs12_verify_mac (p12, password);
346 if (err == GNUTLS_E_SUCCESS)
349 g_set_error (error, NM_CRYPTO_ERROR,
350 NM_CRYPTO_ERROR_DECRYPTION_FAILED,
351 _("Couldn't verify PKCS#12 file: %s"),
352 gnutls_strerror (err));
356 gnutls_pkcs12_deinit (p12);
361 crypto_verify_pkcs8 (const guint8 *data,
363 gboolean is_encrypted,
364 const char *password,
367 gnutls_x509_privkey_t p8;
371 g_return_val_if_fail (data != NULL, FALSE);
373 if (!crypto_init (error))
376 dt.data = (unsigned char *) data;
379 err = gnutls_x509_privkey_init (&p8);
381 g_set_error (error, NM_CRYPTO_ERROR,
382 NM_CRYPTO_ERROR_FAILED,
383 _("Couldn't initialize PKCS#8 decoder: %s"),
384 gnutls_strerror (err));
388 err = gnutls_x509_privkey_import_pkcs8 (p8,
391 is_encrypted ? password : NULL,
392 is_encrypted ? 0 : GNUTLS_PKCS_PLAIN);
393 gnutls_x509_privkey_deinit (p8);
396 if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
397 /* HACK: gnutls doesn't support all the cipher types that openssl
398 * can use with PKCS#8, so if we encounter one, we have to assume
399 * the given password works. gnutls needs to unsuckify, apparently.
400 * Specifically, by default openssl uses pbeWithMD5AndDES-CBC
401 * which gnutls does not support.
404 g_set_error (error, NM_CRYPTO_ERROR,
405 NM_CRYPTO_ERROR_INVALID_DATA,
406 _("Couldn't decode PKCS#8 file: %s"),
407 gnutls_strerror (err));
416 crypto_randomize (void *buffer, gsize buffer_len, GError **error)
418 if (!crypto_init (error))
421 gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len);