2
0

loader.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /**
  31. * Load certificates/keys into memory. These can be in many different formats.
  32. * PEM support and other formats can be processed here.
  33. *
  34. * The PEM private keys may be optionally encrypted with AES128 or AES256.
  35. * The encrypted PEM keys were generated with something like:
  36. *
  37. * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
  38. */
  39. #include <stdlib.h>
  40. #include <string.h>
  41. #include <stdio.h>
  42. #include "ssl.h"
  43. static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
  44. SSLObjLoader *ssl_obj, const char *password);
  45. #ifdef CONFIG_SSL_HAS_PEM
  46. static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
  47. SSLObjLoader *ssl_obj, const char *password);
  48. #endif
  49. /*
  50. * Load a file into memory that is in binary DER (or ascii PEM) format.
  51. */
  52. EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
  53. const char *filename, const char *password)
  54. {
  55. #ifndef CONFIG_SSL_SKELETON_MODE
  56. static const char * const begin = "-----BEGIN";
  57. int ret = SSL_OK;
  58. SSLObjLoader *ssl_obj = NULL;
  59. if (filename == NULL)
  60. {
  61. ret = SSL_ERROR_INVALID_KEY;
  62. goto error;
  63. }
  64. ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
  65. ssl_obj->len = get_file(filename, &ssl_obj->buf);
  66. if (ssl_obj->len <= 0)
  67. {
  68. ret = SSL_ERROR_INVALID_KEY;
  69. goto error;
  70. }
  71. /* is the file a PEM file? */
  72. if (strncmp((char *)ssl_obj->buf, begin, strlen(begin)) == 0)
  73. {
  74. #ifdef CONFIG_SSL_HAS_PEM
  75. ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
  76. #else
  77. printf(unsupported_str);
  78. ret = SSL_ERROR_NOT_SUPPORTED;
  79. #endif
  80. }
  81. else
  82. ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
  83. error:
  84. ssl_obj_free(ssl_obj);
  85. return ret;
  86. #else
  87. printf(unsupported_str);
  88. return SSL_ERROR_NOT_SUPPORTED;
  89. #endif /* CONFIG_SSL_SKELETON_MODE */
  90. }
  91. /*
  92. * Transfer binary data into the object loader.
  93. */
  94. EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type,
  95. const uint8_t *data, int len, const char *password)
  96. {
  97. int ret;
  98. SSLObjLoader *ssl_obj;
  99. ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
  100. ssl_obj->buf = (uint8_t *)malloc(len);
  101. memcpy(ssl_obj->buf, data, len);
  102. ssl_obj->len = len;
  103. ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
  104. ssl_obj_free(ssl_obj);
  105. return ret;
  106. }
  107. /*
  108. * Actually work out what we are doing
  109. */
  110. static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
  111. SSLObjLoader *ssl_obj, const char *password)
  112. {
  113. int ret = SSL_OK;
  114. switch (obj_type)
  115. {
  116. case SSL_OBJ_RSA_KEY:
  117. ret = add_private_key(ssl_ctx, ssl_obj);
  118. break;
  119. case SSL_OBJ_X509_CERT:
  120. ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
  121. break;
  122. #ifdef CONFIG_SSL_CERT_VERIFICATION
  123. case SSL_OBJ_X509_CACERT:
  124. ret = add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
  125. break;
  126. #endif
  127. #ifdef CONFIG_SSL_USE_PKCS12
  128. case SSL_OBJ_PKCS8:
  129. ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
  130. break;
  131. case SSL_OBJ_PKCS12:
  132. ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
  133. break;
  134. #endif
  135. default:
  136. printf(unsupported_str);
  137. ret = SSL_ERROR_NOT_SUPPORTED;
  138. break;
  139. }
  140. return ret;
  141. }
  142. /*
  143. * Clean up our mess.
  144. */
  145. void ssl_obj_free(SSLObjLoader *ssl_obj)
  146. {
  147. if (ssl_obj)
  148. {
  149. free(ssl_obj->buf);
  150. free(ssl_obj);
  151. }
  152. }
  153. /*
  154. * Support for PEM encoded keys/certificates.
  155. */
  156. #ifdef CONFIG_SSL_HAS_PEM
  157. #define NUM_PEM_TYPES 3
  158. #define IV_SIZE 16
  159. #define IS_RSA_PRIVATE_KEY 0
  160. #define IS_ENCRYPTED_PRIVATE_KEY 1
  161. #define IS_CERTIFICATE 2
  162. static const char * const begins[NUM_PEM_TYPES] =
  163. {
  164. "-----BEGIN RSA PRIVATE KEY-----",
  165. "-----BEGIN ENCRYPTED PRIVATE KEY-----",
  166. "-----BEGIN CERTIFICATE-----",
  167. };
  168. static const char * const ends[NUM_PEM_TYPES] =
  169. {
  170. "-----END RSA PRIVATE KEY-----",
  171. "-----END ENCRYPTED PRIVATE KEY-----",
  172. "-----END CERTIFICATE-----",
  173. };
  174. static const char * const aes_str[2] =
  175. {
  176. "DEK-Info: AES-128-CBC,",
  177. "DEK-Info: AES-256-CBC,"
  178. };
  179. /**
  180. * Take a base64 blob of data and decrypt it (using AES) into its
  181. * proper ASN.1 form.
  182. */
  183. static int pem_decrypt(const char *where, const char *end,
  184. const char *password, SSLObjLoader *ssl_obj)
  185. {
  186. int ret = -1;
  187. int is_aes_256 = 0;
  188. char *start = NULL;
  189. uint8_t iv[IV_SIZE];
  190. int i, pem_size;
  191. MD5_CTX md5_ctx;
  192. AES_CTX aes_ctx;
  193. uint8_t key[32]; /* AES256 size */
  194. if (password == NULL || strlen(password) == 0)
  195. {
  196. #ifdef CONFIG_SSL_FULL_MODE
  197. printf("Error: Need a password for this PEM file\n"); TTY_FLUSH();
  198. #endif
  199. goto error;
  200. }
  201. if ((start = strstr((const char *)where, aes_str[0]))) /* AES128? */
  202. {
  203. start += strlen(aes_str[0]);
  204. }
  205. else if ((start = strstr((const char *)where, aes_str[1]))) /* AES256? */
  206. {
  207. is_aes_256 = 1;
  208. start += strlen(aes_str[1]);
  209. }
  210. else
  211. {
  212. #ifdef CONFIG_SSL_FULL_MODE
  213. printf("Error: Unsupported password cipher\n"); TTY_FLUSH();
  214. #endif
  215. goto error;
  216. }
  217. /* convert from hex to binary - assumes uppercase hex */
  218. for (i = 0; i < IV_SIZE; i++)
  219. {
  220. char c = *start++ - '0';
  221. iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
  222. c = *start++ - '0';
  223. iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
  224. }
  225. while (*start == '\r' || *start == '\n')
  226. start++;
  227. /* turn base64 into binary */
  228. pem_size = (int)(end-start);
  229. if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
  230. goto error;
  231. /* work out the key */
  232. MD5_Init(&md5_ctx);
  233. MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
  234. MD5_Update(&md5_ctx, iv, SALT_SIZE);
  235. MD5_Final(key, &md5_ctx);
  236. if (is_aes_256)
  237. {
  238. MD5_Init(&md5_ctx);
  239. MD5_Update(&md5_ctx, key, MD5_SIZE);
  240. MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
  241. MD5_Update(&md5_ctx, iv, SALT_SIZE);
  242. MD5_Final(&key[MD5_SIZE], &md5_ctx);
  243. }
  244. /* decrypt using the key/iv */
  245. AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
  246. AES_convert_key(&aes_ctx);
  247. AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
  248. ret = 0;
  249. error:
  250. return ret;
  251. }
  252. /**
  253. * Take a base64 blob of data and turn it into its proper ASN.1 form.
  254. */
  255. static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
  256. int remain, const char *password)
  257. {
  258. int ret = SSL_OK;
  259. SSLObjLoader *ssl_obj = NULL;
  260. int i, pem_size, obj_type;
  261. char *start = NULL, *end = NULL;
  262. for (i = 0; i < NUM_PEM_TYPES; i++)
  263. {
  264. if ((start = strstr(where, begins[i])) &&
  265. (end = strstr(where, ends[i])))
  266. {
  267. remain -= (int)(end-start);
  268. start += strlen(begins[i]);
  269. pem_size = (int)(end-start);
  270. ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
  271. /* 4/3 bigger than what we need but so what */
  272. ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
  273. if (i == IS_RSA_PRIVATE_KEY &&
  274. strstr(start, "Proc-Type:") &&
  275. strstr(start, "4,ENCRYPTED"))
  276. {
  277. /* check for encrypted PEM file */
  278. if (pem_decrypt(start, end, password, ssl_obj) < 0)
  279. goto error;
  280. }
  281. else if (base64_decode(start, pem_size,
  282. ssl_obj->buf, &ssl_obj->len) != 0)
  283. goto error;
  284. switch (i)
  285. {
  286. case IS_RSA_PRIVATE_KEY:
  287. obj_type = SSL_OBJ_RSA_KEY;
  288. break;
  289. case IS_ENCRYPTED_PRIVATE_KEY:
  290. obj_type = SSL_OBJ_PKCS8;
  291. break;
  292. case IS_CERTIFICATE:
  293. obj_type = is_cacert ?
  294. SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
  295. break;
  296. default:
  297. goto error;
  298. }
  299. /* In a format we can now understand - so process it */
  300. if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
  301. goto error;
  302. end += strlen(ends[i]);
  303. remain -= strlen(ends[i]);
  304. while (remain > 0 && (*end == '\r' || *end == '\n'))
  305. {
  306. end++;
  307. remain--;
  308. }
  309. break;
  310. }
  311. }
  312. if (i == NUM_PEM_TYPES)
  313. goto error;
  314. /* more PEM stuff to process? */
  315. if (remain)
  316. ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
  317. error:
  318. ssl_obj_free(ssl_obj);
  319. return ret;
  320. }
  321. /*
  322. * Load a file into memory that is in ASCII PEM format.
  323. */
  324. static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
  325. SSLObjLoader *ssl_obj, const char *password)
  326. {
  327. char *start;
  328. /* add a null terminator */
  329. ssl_obj->len++;
  330. ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
  331. ssl_obj->buf[ssl_obj->len-1] = 0;
  332. start = (char *)ssl_obj->buf;
  333. return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
  334. start, ssl_obj->len, password);
  335. }
  336. #endif /* CONFIG_SSL_HAS_PEM */
  337. /**
  338. * Load the key/certificates in memory depending on compile-time and user
  339. * options.
  340. */
  341. int load_key_certs(SSL_CTX *ssl_ctx)
  342. {
  343. int ret = SSL_OK;
  344. uint32_t options = ssl_ctx->options;
  345. #ifdef CONFIG_SSL_GENERATE_X509_CERT
  346. uint8_t *cert_data = NULL;
  347. int cert_size;
  348. static const char *dn[] =
  349. {
  350. CONFIG_SSL_X509_COMMON_NAME,
  351. CONFIG_SSL_X509_ORGANIZATION_NAME,
  352. CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
  353. };
  354. #endif
  355. /* do the private key first */
  356. if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
  357. {
  358. if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY,
  359. CONFIG_SSL_PRIVATE_KEY_LOCATION,
  360. CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
  361. goto error;
  362. }
  363. else if (!(options & SSL_NO_DEFAULT_KEY))
  364. {
  365. #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
  366. static const /* saves a few more bytes */
  367. #include "private_key.h"
  368. ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
  369. default_private_key_len, NULL);
  370. #endif
  371. }
  372. /* now load the certificate */
  373. #ifdef CONFIG_SSL_GENERATE_X509_CERT
  374. if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0)
  375. {
  376. ret = cert_size;
  377. goto error;
  378. }
  379. ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
  380. free(cert_data);
  381. #else
  382. if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
  383. {
  384. if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT,
  385. CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
  386. goto error;
  387. }
  388. else if (!(options & SSL_NO_DEFAULT_KEY))
  389. {
  390. #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
  391. static const /* saves a few bytes and RAM */
  392. #include "cert.h"
  393. ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
  394. default_certificate, default_certificate_len, NULL);
  395. #endif
  396. }
  397. #endif
  398. error:
  399. #ifdef CONFIG_SSL_FULL_MODE
  400. if (ret)
  401. {
  402. printf("Error: Certificate or key not loaded\n"); TTY_FLUSH();
  403. }
  404. #endif
  405. return ret;
  406. }