1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
4 * Dan Williams <dcbw@redhat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the
18 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19 * Boston, MA 02110-1301 USA.
21 * Copyright 2007 - 2009 Red Hat, Inc.
24 #include "nm-default.h"
38 static gboolean initialized = FALSE;
41 crypto_init (GError **error)
48 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 1);
49 ret = NSS_NoDB_Init (NULL);
50 if (ret != SECSuccess) {
51 g_set_error (error, NM_CRYPTO_ERROR,
52 NM_CRYPTO_ERR_INIT_FAILED,
53 _("Failed to initialize the crypto engine: %d."),
59 SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
60 SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
61 SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
62 SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
63 SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
64 SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
65 SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
72 crypto_md5_hash (const char *salt,
82 unsigned int digest_len;
84 char digest[MD5_HASH_LEN];
88 g_return_val_if_fail (salt_len >= 8, FALSE);
90 g_return_val_if_fail (password != NULL, FALSE);
91 g_return_val_if_fail (password_len > 0, FALSE);
92 g_return_val_if_fail (buffer != NULL, FALSE);
93 g_return_val_if_fail (buflen > 0, FALSE);
95 ctx = PK11_CreateDigestContext (SEC_OID_MD5);
97 g_set_error (error, NM_CRYPTO_ERROR,
98 NM_CRYPTO_ERR_MD5_INIT_FAILED,
99 _("Failed to initialize the MD5 context: %d."),
107 PK11_DigestBegin (ctx);
109 PK11_DigestOp (ctx, (const unsigned char *) digest, digest_len);
110 PK11_DigestOp (ctx, (const unsigned char *) password, password_len);
112 PK11_DigestOp (ctx, (const unsigned char *) salt, 8); /* Only use 8 bytes of salt */
113 PK11_DigestFinal (ctx, (unsigned char *) digest, &digest_len, sizeof (digest));
115 while (nkey && (i < digest_len)) {
116 *(p++) = digest[i++];
121 memset (digest, 0, sizeof (digest));
122 PK11_DestroyContext (ctx, PR_TRUE);
127 crypto_decrypt (const char *cipher,
138 int decrypted_len = 0;
139 CK_MECHANISM_TYPE cipher_mech;
140 PK11SlotInfo *slot = NULL;
142 PK11SymKey *sym_key = NULL;
143 SECItem *sec_param = NULL;
144 PK11Context *ctx = NULL;
146 gboolean success = FALSE;
147 unsigned int pad_len = 0, extra = 0;
148 guint32 i, real_iv_len = 0;
150 if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
151 cipher_mech = CKM_DES3_CBC_PAD;
153 } else if (!strcmp (cipher, CIPHER_DES_CBC)) {
154 cipher_mech = CKM_DES_CBC_PAD;
156 } else if (!strcmp (cipher, CIPHER_AES_CBC)) {
157 cipher_mech = CKM_AES_CBC_PAD;
160 g_set_error (error, NM_CRYPTO_ERROR,
161 NM_CRYPTO_ERR_UNKNOWN_CIPHER,
162 _("Private key cipher '%s' was unknown."),
167 if (iv_len < real_iv_len) {
168 g_set_error (error, NM_CRYPTO_ERROR,
169 NM_CRYPTO_ERR_RAW_IV_INVALID,
170 _("Invalid IV length (must be at least %d)."),
175 output = g_malloc0 (data->len);
177 slot = PK11_GetBestSlot (cipher_mech, NULL);
179 g_set_error (error, NM_CRYPTO_ERROR,
180 NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
181 _("Failed to initialize the decryption cipher slot."));
185 key_item.data = (unsigned char *) key;
186 key_item.len = key_len;
187 sym_key = PK11_ImportSymKey (slot, cipher_mech, PK11_OriginUnwrap, CKA_DECRYPT, &key_item, NULL);
189 g_set_error (error, NM_CRYPTO_ERROR,
190 NM_CRYPTO_ERR_CIPHER_SET_KEY_FAILED,
191 _("Failed to set symmetric key for decryption."));
195 key_item.data = (unsigned char *) iv;
196 key_item.len = real_iv_len;
197 sec_param = PK11_ParamFromIV (cipher_mech, &key_item);
199 g_set_error (error, NM_CRYPTO_ERROR,
200 NM_CRYPTO_ERR_CIPHER_SET_IV_FAILED,
201 _("Failed to set IV for decryption."));
205 ctx = PK11_CreateContextBySymKey (cipher_mech, CKA_DECRYPT, sym_key, sec_param);
207 g_set_error (error, NM_CRYPTO_ERROR,
208 NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
209 _("Failed to initialize the decryption context."));
213 s = PK11_CipherOp (ctx,
214 (unsigned char *) output,
219 if (s != SECSuccess) {
220 g_set_error (error, NM_CRYPTO_ERROR,
221 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
222 _("Failed to decrypt the private key: %d."),
227 if (decrypted_len > data->len) {
228 g_set_error (error, NM_CRYPTO_ERROR,
229 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
230 _("Failed to decrypt the private key: decrypted data too large."));
234 s = PK11_DigestFinal (ctx,
235 (unsigned char *) (output + decrypted_len),
237 data->len - decrypted_len);
238 if (s != SECSuccess) {
239 g_set_error (error, NM_CRYPTO_ERROR,
240 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
241 _("Failed to finalize decryption of the private key: %d."),
245 decrypted_len += extra;
246 pad_len = data->len - decrypted_len;
248 /* Check if the padding at the end of the decrypted data is valid */
249 if (pad_len == 0 || pad_len > real_iv_len) {
250 g_set_error (error, NM_CRYPTO_ERROR,
251 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
252 _("Failed to decrypt the private key: unexpected padding length."));
256 /* Validate tail padding; last byte is the padding size, and all pad bytes
257 * should contain the padding size.
259 for (i = pad_len; i > 0; i--) {
260 if (output[data->len - i] != pad_len) {
261 g_set_error (error, NM_CRYPTO_ERROR,
262 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
263 _("Failed to decrypt the private key."));
268 *out_len = decrypted_len;
273 PK11_DestroyContext (ctx, PR_TRUE);
275 PK11_FreeSymKey (sym_key);
277 SECITEM_FreeItem (sec_param, PR_TRUE);
279 PK11_FreeSlot (slot);
283 /* Don't expose key material */
284 memset (output, 0, data->len);
293 crypto_encrypt (const char *cipher,
294 const GByteArray *data,
303 CK_MECHANISM_TYPE cipher_mech = CKM_DES3_CBC_PAD;
304 PK11SlotInfo *slot = NULL;
305 SECItem key_item = { .data = (unsigned char *) key, .len = key_len };
306 SECItem iv_item = { .data = (unsigned char *) iv, .len = iv_len };
307 PK11SymKey *sym_key = NULL;
308 SECItem *sec_param = NULL;
309 PK11Context *ctx = NULL;
310 unsigned char *output, *padded_buf;
312 int encrypted_len = 0, i;
313 gboolean success = FALSE;
314 gsize padded_buf_len, pad_len;
316 if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
317 cipher_mech = CKM_DES3_CBC_PAD;
318 else if (!strcmp (cipher, CIPHER_AES_CBC))
319 cipher_mech = CKM_AES_CBC_PAD;
321 g_set_error (error, NM_CRYPTO_ERROR,
322 NM_CRYPTO_ERR_UNKNOWN_CIPHER,
323 _("Private key cipher '%s' was unknown."),
328 /* If data->len % ivlen == 0, then we add another complete block
329 * onto the end so that the decrypter knows there's padding.
331 pad_len = iv_len - (data->len % iv_len);
332 output_len = padded_buf_len = data->len + pad_len;
333 padded_buf = g_malloc0 (padded_buf_len);
335 memcpy (padded_buf, data->data, data->len);
336 for (i = 0; i < pad_len; i++)
337 padded_buf[data->len + i] = (guint8) (pad_len & 0xFF);
339 output = g_malloc0 (output_len);
341 slot = PK11_GetBestSlot (cipher_mech, NULL);
343 g_set_error (error, NM_CRYPTO_ERROR,
344 NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
345 _("Failed to initialize the encryption cipher slot."));
349 sym_key = PK11_ImportSymKey (slot, cipher_mech, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, NULL);
351 g_set_error (error, NM_CRYPTO_ERROR,
352 NM_CRYPTO_ERR_CIPHER_SET_KEY_FAILED,
353 _("Failed to set symmetric key for encryption."));
357 sec_param = PK11_ParamFromIV (cipher_mech, &iv_item);
359 g_set_error (error, NM_CRYPTO_ERROR,
360 NM_CRYPTO_ERR_CIPHER_SET_IV_FAILED,
361 _("Failed to set IV for encryption."));
365 ctx = PK11_CreateContextBySymKey (cipher_mech, CKA_ENCRYPT, sym_key, sec_param);
367 g_set_error (error, NM_CRYPTO_ERROR,
368 NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
369 _("Failed to initialize the encryption context."));
373 ret = PK11_CipherOp (ctx, output, &encrypted_len, output_len, padded_buf, padded_buf_len);
374 if (ret != SECSuccess) {
375 g_set_error (error, NM_CRYPTO_ERROR,
376 NM_CRYPTO_ERR_CIPHER_ENCRYPT_FAILED,
377 _("Failed to encrypt: %d."),
382 if (encrypted_len != output_len) {
383 g_set_error (error, NM_CRYPTO_ERROR,
384 NM_CRYPTO_ERR_CIPHER_ENCRYPT_FAILED,
385 _("Unexpected amount of data after encrypting."));
389 *out_len = encrypted_len;
394 PK11_DestroyContext (ctx, PR_TRUE);
396 PK11_FreeSymKey (sym_key);
398 SECITEM_FreeItem (sec_param, PR_TRUE);
400 PK11_FreeSlot (slot);
402 memset (padded_buf, 0, padded_buf_len);
406 memset (output, 0, output_len);
410 return (char *) output;
414 crypto_verify_cert (const unsigned char *data,
418 CERTCertificate *cert;
420 /* Try DER/PEM first */
421 cert = CERT_DecodeCertFromPackage ((char *) data, len);
423 g_set_error (error, NM_CRYPTO_ERROR,
424 NM_CRYPTO_ERR_CERT_FORMAT_INVALID,
425 _("Couldn't decode certificate: %d"),
427 return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
430 CERT_DestroyCertificate (cert);
431 return NM_CRYPTO_FILE_FORMAT_X509;
435 crypto_verify_pkcs12 (const GByteArray *data,
436 const char *password,
439 SEC_PKCS12DecoderContext *p12ctx = NULL;
441 PK11SlotInfo *slot = NULL;
444 glong ucs2_chars = 0;
445 #ifndef WORDS_BIGENDIAN
447 #endif /* WORDS_BIGENDIAN */
450 g_return_val_if_fail (*error == NULL, FALSE);
452 /* PKCS#12 passwords are apparently UCS2 BIG ENDIAN, and NSS doesn't do
453 * any conversions for us.
455 if (password && strlen (password)) {
456 ucs2_password = (char *) g_utf8_to_utf16 (password, strlen (password), NULL, &ucs2_chars, NULL);
457 if (!ucs2_password || !ucs2_chars) {
458 g_set_error (error, NM_CRYPTO_ERROR,
459 NM_CRYPTO_ERR_INVALID_PASSWORD,
460 _("Couldn't convert password to UCS2: %d"),
465 ucs2_chars *= 2; /* convert # UCS2 characters -> bytes */
466 pw.data = PORT_ZAlloc(ucs2_chars + 2);
467 memcpy (pw.data, ucs2_password, ucs2_chars);
468 pw.len = ucs2_chars + 2; /* include terminating NULL */
470 memset (ucs2_password, 0, ucs2_chars);
471 g_free (ucs2_password);
473 #ifndef WORDS_BIGENDIAN
474 for (p = (guint16 *) pw.data; p < (guint16 *) (pw.data + pw.len); p++)
475 *p = GUINT16_SWAP_LE_BE (*p);
476 #endif /* WORDS_BIGENDIAN */
483 slot = PK11_GetInternalKeySlot();
484 p12ctx = SEC_PKCS12DecoderStart (&pw, slot, NULL, NULL, NULL, NULL, NULL, NULL);
486 g_set_error (error, NM_CRYPTO_ERROR,
487 NM_CRYPTO_ERR_DECODE_FAILED,
488 _("Couldn't initialize PKCS#12 decoder: %d"),
493 s = SEC_PKCS12DecoderUpdate (p12ctx, data->data, data->len);
494 if (s != SECSuccess) {
495 g_set_error (error, NM_CRYPTO_ERROR,
496 NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
497 _("Couldn't decode PKCS#12 file: %d"),
502 s = SEC_PKCS12DecoderVerify (p12ctx);
503 if (s != SECSuccess) {
504 g_set_error (error, NM_CRYPTO_ERROR,
505 NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
506 _("Couldn't verify PKCS#12 file: %d"),
511 SEC_PKCS12DecoderFinish (p12ctx);
512 SECITEM_ZfreeItem (&pw, PR_FALSE);
517 SEC_PKCS12DecoderFinish (p12ctx);
522 SECITEM_ZfreeItem (&pw, PR_FALSE);
527 crypto_verify_pkcs8 (const GByteArray *data,
528 gboolean is_encrypted,
529 const char *password,
532 g_return_val_if_fail (data != NULL, FALSE);
534 /* NSS apparently doesn't do PKCS#8 natively, but you have to put the
535 * PKCS#8 key into a PKCS#12 file and import that?? So until we figure
536 * all that out, we can only assume the password is valid.
542 crypto_randomize (void *buffer, gsize buffer_len, GError **error)
546 s = PK11_GenerateRandom (buffer, buffer_len);
547 if (s != SECSuccess) {
548 g_set_error_literal (error, NM_CRYPTO_ERROR,
549 NM_CRYPTO_ERR_RANDOMIZE_FAILED,
550 _("Could not generate random data."));