1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
2 /* NetworkManager Wireless Applet -- Display wireless access points and allow user control
4 * Dan Williams <dcbw@redhat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the
18 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19 * Boston, MA 02110-1301 USA.
21 * Copyright 2007 - 2015 Red Hat, Inc.
24 #include "nm-default.h"
26 #include <gnutls/gnutls.h>
27 #include <gnutls/crypto.h>
28 #include <gnutls/x509.h>
29 #include <gnutls/pkcs12.h>
35 static gboolean initialized = FALSE;
38 crypto_init (GError **error)
43 if (gnutls_global_init() != 0) {
44 gnutls_global_deinit();
45 g_set_error (error, NM_CRYPTO_ERROR,
46 NM_CRYPTO_ERR_INIT_FAILED,
48 _("Failed to initialize the crypto engine."));
57 crypto_md5_hash (const char *salt,
68 const gsize digest_len = 16;
70 char digest[MD5_HASH_LEN];
74 g_return_val_if_fail (salt_len >= SALT_LEN, FALSE);
76 g_return_val_if_fail (password != NULL, FALSE);
77 g_return_val_if_fail (password_len > 0, FALSE);
78 g_return_val_if_fail (buffer != NULL, FALSE);
79 g_return_val_if_fail (buflen > 0, FALSE);
81 if (gnutls_hash_get_len (GNUTLS_DIG_MD5) > MD5_HASH_LEN) {
82 g_set_error (error, NM_CRYPTO_ERROR,
83 NM_CRYPTO_ERR_MD5_INIT_FAILED,
84 _("Hash length too long (%d > %d)."),
85 gnutls_hash_get_len (GNUTLS_DIG_MD5), MD5_HASH_LEN);
92 err = gnutls_hash_init (&ctx, GNUTLS_DIG_MD5);
97 gnutls_hash (ctx, digest, digest_len);
98 gnutls_hash (ctx, password, password_len);
100 gnutls_hash (ctx, salt, SALT_LEN); /* Only use 8 bytes of salt */
101 gnutls_hash_deinit (ctx, digest);
103 while (nkey && (i < digest_len)) {
104 *(p++) = digest[i++];
109 memset (digest, 0, sizeof (digest));
112 memset (digest, 0, sizeof (digest));
113 g_set_error (error, NM_CRYPTO_ERROR,
114 NM_CRYPTO_ERR_MD5_INIT_FAILED,
115 _("Failed to initialize the MD5 engine: %s (%s)"),
116 gnutls_strerror_name (err), gnutls_strerror (err));
121 crypto_decrypt (const char *cipher,
131 gnutls_cipher_hd_t ctx;
132 gnutls_datum_t key_dt, iv_dt;
136 gboolean success = FALSE;
137 gsize pad_len, real_iv_len;
139 if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
140 cipher_mech = GNUTLS_CIPHER_3DES_CBC;
141 real_iv_len = SALT_LEN;
142 } else if (!strcmp (cipher, CIPHER_DES_CBC)) {
143 cipher_mech = GNUTLS_CIPHER_DES_CBC;
144 real_iv_len = SALT_LEN;
145 } else if (!strcmp (cipher, CIPHER_AES_CBC)) {
146 cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
149 g_set_error (error, NM_CRYPTO_ERROR,
150 NM_CRYPTO_ERR_UNKNOWN_CIPHER,
151 _("Private key cipher '%s' was unknown."),
156 if (iv_len < real_iv_len) {
157 g_set_error (error, NM_CRYPTO_ERROR,
158 NM_CRYPTO_ERR_RAW_IV_INVALID,
159 _("Invalid IV length (must be at least %zd)."),
164 output = g_malloc0 (data->len);
166 key_dt.data = (unsigned char *) key;
167 key_dt.size = key_len;
168 iv_dt.data = (unsigned char *) iv;
171 err = gnutls_cipher_init (&ctx, cipher_mech, &key_dt, &iv_dt);
173 g_set_error (error, NM_CRYPTO_ERROR,
174 NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
175 _("Failed to initialize the decryption cipher context: %s (%s)"),
176 gnutls_strerror_name (err), gnutls_strerror (err));
180 err = gnutls_cipher_decrypt2 (ctx, data->data, data->len, output, data->len);
182 g_set_error (error, NM_CRYPTO_ERROR,
183 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
184 _("Failed to decrypt the private key: %s (%s)"),
185 gnutls_strerror_name (err), gnutls_strerror (err));
188 pad_len = output[data->len - 1];
190 /* Check if the padding at the end of the decrypted data is valid */
191 if (pad_len == 0 || pad_len > real_iv_len) {
192 g_set_error (error, NM_CRYPTO_ERROR,
193 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
194 _("Failed to decrypt the private key: unexpected padding length."));
198 /* Validate tail padding; last byte is the padding size, and all pad bytes
199 * should contain the padding size.
201 for (i = 1; i <= pad_len; ++i) {
202 if (output[data->len - i] != pad_len) {
203 g_set_error (error, NM_CRYPTO_ERROR,
204 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
205 _("Failed to decrypt the private key."));
210 *out_len = data->len - pad_len;
216 /* Don't expose key material */
217 memset (output, 0, data->len);
222 gnutls_cipher_deinit (ctx);
227 crypto_encrypt (const char *cipher,
228 const GByteArray *data,
236 gnutls_cipher_hd_t ctx;
237 gnutls_datum_t key_dt, iv_dt;
241 gboolean success = FALSE;
242 gsize padded_buf_len, pad_len, output_len;
243 char *padded_buf = NULL;
247 if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
248 cipher_mech = GNUTLS_CIPHER_3DES_CBC;
250 } else if (!strcmp (cipher, CIPHER_AES_CBC)) {
251 cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
254 g_set_error (error, NM_CRYPTO_ERROR,
255 NM_CRYPTO_ERR_UNKNOWN_CIPHER,
256 _("Private key cipher '%s' was unknown."),
261 /* If data->len % ivlen == 0, then we add another complete block
262 * onto the end so that the decrypter knows there's padding.
264 pad_len = iv_len - (data->len % iv_len);
265 output_len = padded_buf_len = data->len + pad_len;
266 padded_buf = g_malloc0 (padded_buf_len);
268 memcpy (padded_buf, data->data, data->len);
269 for (i = 0; i < pad_len; i++)
270 padded_buf[data->len + i] = (guint8) (pad_len & 0xFF);
272 output = g_malloc0 (output_len);
274 key_dt.data = (unsigned char *) key;
275 key_dt.size = key_len;
276 iv_dt.data = (unsigned char *) iv;
279 err = gnutls_cipher_init (&ctx, cipher_mech, &key_dt, &iv_dt);
281 g_set_error (error, NM_CRYPTO_ERROR,
282 NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
283 _("Failed to initialize the encryption cipher context: %s (%s)"),
284 gnutls_strerror_name (err), gnutls_strerror (err));
288 err = gnutls_cipher_encrypt2 (ctx, padded_buf, padded_buf_len, output, output_len);
290 g_set_error (error, NM_CRYPTO_ERROR,
291 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
292 _("Failed to encrypt the data: %s (%s)"),
293 gnutls_strerror_name (err), gnutls_strerror (err));
297 *out_len = output_len;
302 memset (padded_buf, 0, padded_buf_len);
309 /* Don't expose key material */
310 memset (output, 0, output_len);
315 gnutls_cipher_deinit (ctx);
320 crypto_verify_cert (const unsigned char *data,
324 gnutls_x509_crt_t der;
328 err = gnutls_x509_crt_init (&der);
330 g_set_error (error, NM_CRYPTO_ERROR,
331 NM_CRYPTO_ERR_CERT_FORMAT_INVALID,
332 _("Error initializing certificate data: %s"),
333 gnutls_strerror (err));
334 return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
338 dt.data = (unsigned char *) data;
340 err = gnutls_x509_crt_import (der, &dt, GNUTLS_X509_FMT_DER);
341 if (err == GNUTLS_E_SUCCESS) {
342 gnutls_x509_crt_deinit (der);
343 return NM_CRYPTO_FILE_FORMAT_X509;
347 err = gnutls_x509_crt_import (der, &dt, GNUTLS_X509_FMT_PEM);
348 gnutls_x509_crt_deinit (der);
349 if (err == GNUTLS_E_SUCCESS)
350 return NM_CRYPTO_FILE_FORMAT_X509;
352 g_set_error (error, NM_CRYPTO_ERROR,
353 NM_CRYPTO_ERR_CERT_FORMAT_INVALID,
354 _("Couldn't decode certificate: %s"),
355 gnutls_strerror (err));
356 return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
360 crypto_verify_pkcs12 (const GByteArray *data,
361 const char *password,
366 gboolean success = FALSE;
369 g_return_val_if_fail (data != NULL, FALSE);
371 dt.data = (unsigned char *) data->data;
374 err = gnutls_pkcs12_init (&p12);
376 g_set_error (error, NM_CRYPTO_ERROR,
377 NM_CRYPTO_ERR_DECODE_FAILED,
378 _("Couldn't initialize PKCS#12 decoder: %s"),
379 gnutls_strerror (err));
384 err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_DER, 0);
387 err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_PEM, 0);
389 g_set_error (error, NM_CRYPTO_ERROR,
390 NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
391 _("Couldn't decode PKCS#12 file: %s"),
392 gnutls_strerror (err));
397 err = gnutls_pkcs12_verify_mac (p12, password);
398 if (err == GNUTLS_E_SUCCESS)
401 g_set_error (error, NM_CRYPTO_ERROR,
402 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
403 _("Couldn't verify PKCS#12 file: %s"),
404 gnutls_strerror (err));
408 gnutls_pkcs12_deinit (p12);
413 crypto_verify_pkcs8 (const GByteArray *data,
414 gboolean is_encrypted,
415 const char *password,
418 gnutls_x509_privkey_t p8;
422 g_return_val_if_fail (data != NULL, FALSE);
424 dt.data = (unsigned char *) data->data;
427 err = gnutls_x509_privkey_init (&p8);
429 g_set_error (error, NM_CRYPTO_ERROR,
430 NM_CRYPTO_ERR_DECODE_FAILED,
431 _("Couldn't initialize PKCS#8 decoder: %s"),
432 gnutls_strerror (err));
436 err = gnutls_x509_privkey_import_pkcs8 (p8,
439 is_encrypted ? password : NULL,
440 is_encrypted ? 0 : GNUTLS_PKCS_PLAIN);
441 gnutls_x509_privkey_deinit (p8);
444 if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
445 /* HACK: gnutls doesn't support all the cipher types that openssl
446 * can use with PKCS#8, so if we encounter one, we have to assume
447 * the given password works. gnutls needs to unsuckify, apparently.
448 * Specifically, by default openssl uses pbeWithMD5AndDES-CBC
449 * which gnutls does not support.
452 g_set_error (error, NM_CRYPTO_ERROR,
453 NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
454 _("Couldn't decode PKCS#8 file: %s"),
455 gnutls_strerror (err));
464 crypto_randomize (void *buffer, gsize buffer_len, GError **error)
466 gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len);