1/*
2 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3 * Use is subject to license terms.
4 */
5
6#pragma ident	"%Z%%M%	%I%	%E% SMI"
7
8/*
9 * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
10 * All rights reserved.
11 *
12 * This package is an SSL implementation written
13 * by Eric Young (eay@cryptsoft.com).
14 * The implementation was written so as to conform with Netscapes SSL.
15 *
16 * This library is free for commercial and non-commercial use as long as
17 * the following conditions are aheared to.  The following conditions
18 * apply to all code found in this distribution, be it the RC4, RSA,
19 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
20 * included with this distribution is covered by the same copyright terms
21 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
22 *
23 * Copyright remains Eric Young's, and as such any Copyright notices in
24 * the code are not to be removed.
25 * If this package is used in a product, Eric Young should be given attribution
26 * as the author of the parts of the library used.
27 * This can be in the form of a textual message at program startup or
28 * in documentation (online or textual) provided with the package.
29 *
30 * Redistribution and use in source and binary forms, with or without
31 * modification, are permitted provided that the following conditions
32 * are met:
33 * 1. Redistributions of source code must retain the copyright
34 *    notice, this list of conditions and the following disclaimer.
35 * 2. Redistributions in binary form must reproduce the above copyright
36 *    notice, this list of conditions and the following disclaimer in the
37 *    documentation and/or other materials provided with the distribution.
38 * 3. All advertising materials mentioning features or use of this software
39 *    must display the following acknowledgement:
40 *    "This product includes cryptographic software written by
41 *     Eric Young (eay@cryptsoft.com)"
42 *    The word 'cryptographic' can be left out if the rouines from the library
43 *    being used are not cryptographic related :-).
44 * 4. If you include any Windows specific code (or a derivative thereof) from
45 *    the apps directory (application code) you must include an acknowledgement:
46 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
47 *
48 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * The licence and distribution terms for any publically available version or
61 * derivative of this code cannot be changed.  i.e. this code cannot simply be
62 * copied and put under another distribution licence
63 * [including the GNU Public Licence.]
64 */
65
66/* pem_encode.c - PEM encoding routines */
67
68#include <stdlib.h>
69#include <strings.h>
70#include <sys/types.h>
71#include <kmfapi.h>
72#include <pem_encode.h>
73
74static unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
75abcdefghijklmnopqrstuvwxyz0123456789+/";
76
77static unsigned char data_ascii2bin[128] = {
78	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
79	0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
80	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
81	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
82	0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
83	0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
84	0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
85	0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
86	0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
87	0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
88	0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
89	0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
90	0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
91	0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
92	0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
93	0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
94};
95
96#define	conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
97#define	conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
98
99
100void
101PEM_EncodeInit(PEM_ENCODE_CTX *ctx)
102{
103	ctx->length = 48;
104	ctx->num = 0;
105	ctx->line_num = 0;
106}
107
108int
109PEM_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
110{
111	int i, ret = 0;
112	unsigned long l;
113
114	for (i = dlen; i > 0; i -= 3) {
115		if (i >= 3) {
116			l = (((unsigned long)f[0])<<16L)|
117			    (((unsigned long)f[1])<< 8L)|f[2];
118			*(t++) = conv_bin2ascii(l>>18L);
119			*(t++) = conv_bin2ascii(l>>12L);
120			*(t++) = conv_bin2ascii(l>> 6L);
121			*(t++) = conv_bin2ascii(l);
122		} else {
123			l = ((unsigned long)f[0])<<16L;
124			if (i == 2)
125				l |= ((unsigned long)f[1]<<8L);
126
127			*(t++) = conv_bin2ascii(l>>18L);
128			*(t++) = conv_bin2ascii(l>>12L);
129			*(t++) = (i == 1)?'=':conv_bin2ascii(l>> 6L);
130			*(t++) = '=';
131		}
132		ret += 4;
133		f += 3;
134	}
135
136	*t = '\0';
137	return (ret);
138}
139
140void
141PEM_EncodeUpdate(PEM_ENCODE_CTX *ctx, unsigned char *out, int *outl,
142	unsigned char *in, int inl)
143{
144	int i, j;
145	unsigned int total = 0;
146
147	*outl = 0;
148	if (inl == 0)
149		return;
150	if ((ctx->num+inl) < ctx->length) {
151		(void) memcpy(&(ctx->enc_data[ctx->num]), in, inl);
152		ctx->num += inl;
153		return;
154	}
155	if (ctx->num != 0) {
156		i = ctx->length-ctx->num;
157		(void) memcpy(&(ctx->enc_data[ctx->num]), in, i);
158		in += i;
159		inl -= i;
160		j = PEM_EncodeBlock(out, ctx->enc_data, ctx->length);
161		ctx->num = 0;
162		out += j;
163		*(out++) = '\n';
164		*out = '\0';
165		total = j+1;
166	}
167
168	while (inl >= ctx->length) {
169		j = PEM_EncodeBlock(out, in, ctx->length);
170		in += ctx->length;
171		inl -= ctx->length;
172		out += j;
173		*(out++) = '\n';
174		*out = '\0';
175		total += j+1;
176	}
177
178	if (inl != 0)
179		(void) memcpy(&(ctx->enc_data[0]), in, inl);
180	ctx->num = inl;
181	*outl = total;
182}
183
184void
185PEM_EncodeFinal(PEM_ENCODE_CTX *ctx, unsigned char *out, int *outl)
186{
187	unsigned int ret = 0;
188
189	if (ctx->num != 0) {
190		ret = PEM_EncodeBlock(out, ctx->enc_data, ctx->num);
191		out[ret++] = '\n';
192		out[ret] = '\0';
193		ctx->num = 0;
194	}
195	*outl = ret;
196}
197
198KMF_RETURN
199Der2Pem(KMF_OBJECT_TYPE type, unsigned char *data,
200	int len, unsigned char **out, int *outlen)
201{
202
203
204	int nlen, n, i, j, outl;
205	unsigned char *buf = NULL, *p = NULL;
206	PEM_ENCODE_CTX ctx;
207	char *name = NULL;
208
209	if (data == NULL || len == 0 || out == NULL || outlen == NULL)
210		return (KMF_ERR_BAD_PARAMETER);
211
212	if (type == KMF_CERT)
213		name = PEM_STRING_X509;
214	else if (type == KMF_CSR)
215		name = PEM_STRING_X509_REQ;
216	else if (type == KMF_CRL)
217		name = PEM_STRING_X509_CRL;
218	else
219		return (KMF_ERR_BAD_OBJECT_TYPE);
220
221
222	PEM_EncodeInit(&ctx);
223	nlen = strlen(name);
224
225	buf = malloc(PEM_BUFSIZE*8);
226	if (buf == NULL) {
227		return (KMF_ERR_MEMORY);
228	}
229
230	p = buf;
231	(void) memcpy(p, "-----BEGIN ", 11);
232	p += 11;
233	(void) memcpy(p, name, nlen);
234	p += nlen;
235	(void) memcpy(p, "-----\n", 6);
236	p += 6;
237
238	i = j = 0;
239	while (len > 0) {
240		n = (int)((len > (PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
241		PEM_EncodeUpdate(&ctx, p, &outl, &(data[j]), n);
242		i += outl;
243		len -= n;
244		j += n;
245		p += outl;
246	}
247
248	PEM_EncodeFinal(&ctx, p, &outl);
249
250	if (outl > 0)
251		p += outl;
252
253	(void) memcpy(p, "-----END ", 9);
254	p += 9;
255	(void) memcpy(p, name, nlen);
256	p += nlen;
257	(void) memcpy(p, "-----\n", 6);
258	p += 6;
259
260	*out = buf;
261	*outlen = i+outl+nlen*2+11+6+9+6;
262
263	return (KMF_OK);
264
265}
266
267int
268PEM_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
269{
270	int i, ret = 0, a, b, c, d;
271	unsigned long l;
272
273	/* trim white space from the start of the line. */
274	while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
275		f++;
276		n--;
277	}
278
279	/*
280	 * strip off stuff at the end of the line
281	 * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF
282	 */
283	while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
284		n--;
285
286	if (n%4 != 0) {
287		return (-1);
288	}
289
290	for (i = 0; i < n; i += 4) {
291		a = conv_ascii2bin(*(f++));
292		b = conv_ascii2bin(*(f++));
293		c = conv_ascii2bin(*(f++));
294		d = conv_ascii2bin(*(f++));
295		if ((a & 0x80) || (b & 0x80) ||	(c & 0x80) || (d & 0x80))
296			return (-1);
297		l = ((((unsigned long)a)<<18L) | (((unsigned long)b)<<12L) |
298		    (((unsigned long)c)<< 6L) | (((unsigned long)d)));
299		*(t++) = (unsigned char)(l>>16L)&0xff;
300		*(t++) = (unsigned char)(l>> 8L)&0xff;
301		*(t++) = (unsigned char)(l)&0xff;
302		ret += 3;
303	}
304	return (ret);
305}
306
307void
308PEM_DecodeInit(PEM_ENCODE_CTX *ctx)
309{
310	ctx->length = 30;
311	ctx->num = 0;
312	ctx->line_num = 0;
313	ctx->expect_nl = 0;
314}
315
316/*
317 * -1 for error
318 *  0 for last line
319 *  1 for full line
320 */
321int
322PEM_DecodeUpdate(PEM_ENCODE_CTX *ctx, unsigned char *out, int *outl,
323    unsigned char *in, int inl)
324{
325	int seof = -1, eof = 0, rv = -1, ret = 0;
326	int i, v, tmp, n, ln, exp_nl;
327	unsigned char *d;
328
329	n = ctx->num;
330	d = ctx->enc_data;
331	ln = ctx->line_num;
332	exp_nl = ctx->expect_nl;
333
334	/* last line of input. */
335	if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) {
336		rv = 0;
337		goto end;
338	}
339
340	/* We parse the input data */
341	for (i = 0; i < inl; i++) {
342		/* If the current line is > 80 characters, scream alot */
343		if (ln >= 80) {
344			rv = -1;
345			goto end;
346		}
347
348		/* Get char and put it into the buffer */
349		tmp = *(in++);
350		v = conv_ascii2bin(tmp);
351		/* only save the good data :-) */
352		if (!B64_NOT_BASE64(v)) {
353			d[n++] = tmp;
354			ln++;
355		} else if (v == B64_ERROR) {
356			rv = -1;
357			goto end;
358		}
359
360		/*
361		 * have we seen a '=' which is 'definitly' the last
362		 * input line.  seof will point to the character that
363		 * holds it. and eof will hold how many characters to
364		 * chop off.
365		 */
366		if (tmp == '=') {
367			if (seof == -1) seof = n;
368			eof++;
369		}
370
371		if (v == B64_CR) {
372			ln = 0;
373			if (exp_nl)
374				continue;
375		}
376
377		/* eoln */
378		if (v == B64_EOLN) {
379			ln = 0;
380			if (exp_nl) {
381				exp_nl = 0;
382				continue;
383			}
384		}
385		exp_nl = 0;
386
387		/*
388		 * If we are at the end of input and it looks like a
389		 * line, process it.
390		 */
391		if (((i+1) == inl) && (((n&3) == 0) || eof)) {
392			v = B64_EOF;
393			/*
394			 * In case things were given us in really small
395			 * records (so two '=' were given in separate
396			 * updates), eof may contain the incorrect number
397			 * of ending bytes to skip, so let's redo the count
398			 */
399			eof = 0;
400			if (d[n-1] == '=') eof++;
401			if (d[n-2] == '=') eof++;
402			/* There will never be more than two '=' */
403		}
404
405		if ((v == B64_EOF) || (n >= 64)) {
406			/*
407			 * This is needed to work correctly on 64 byte input
408			 * lines.  We process the line and then need to
409			 * accept the '\n'
410			 */
411			if ((v != B64_EOF) && (n >= 64))
412				exp_nl = 1;
413			if (n > 0) {
414				v = PEM_DecodeBlock(out, d, n);
415				if (v < 0) {
416					rv = 0;
417					goto end;
418				}
419				n = 0;
420				ret += (v-eof);
421			} else {
422				eof = 1;
423				v = 0;
424			}
425
426			/*
427			 * This is the case where we have had a short
428			 * but valid input line
429			 */
430			if ((v < ctx->length) && eof) {
431				rv = 0;
432				goto end;
433			} else
434				ctx->length = v;
435
436			if (seof >= 0) {
437				rv = 0;
438				goto end;
439			}
440			out += v;
441		}
442	}
443	rv = 1;
444end:
445	*outl = ret;
446	ctx->num = n;
447	ctx->line_num = ln;
448	ctx->expect_nl = exp_nl;
449	return (rv);
450}
451
452int
453PEM_DecodeFinal(PEM_ENCODE_CTX *ctx, unsigned char *out, int *outl)
454{
455	int i;
456
457	*outl = 0;
458	if (ctx->num != 0) {
459		i = PEM_DecodeBlock(out, ctx->enc_data, ctx->num);
460		if (i < 0)
461			return (-1);
462		ctx->num = 0;
463		*outl = i;
464		return (1);
465	} else
466		return (1);
467}
468
469static int
470get_line(unsigned char *in, int inlen, char *buf, int buflen)
471{
472	int i = 0;
473
474	while ((i < inlen) && (i < buflen) && (in[i] != '\n')) {
475		buf[i] = in[i];
476		i++;
477	}
478
479	return (i);
480}
481
482KMF_RETURN
483Pem2Der(unsigned char *in, int inlen,
484    unsigned char **out, int *outlen)
485{
486	int kmf_rv = 0;
487	PEM_ENCODE_CTX ctx;
488	int i, j, k, bl = 0;
489	char buf[2048];
490	char *nameB = NULL;
491	unsigned char *dataB = NULL;
492	int total = 0;
493
494	if (in == NULL || inlen == 0 || out == NULL)
495		return (KMF_ERR_BAD_PARAMETER);
496
497	(void) memset(buf, 0, sizeof (buf));
498
499	while (total < inlen) {
500		/*
501		 * get a line (ended at '\n'), which returns
502		 * number of bytes in the line
503		 */
504		i = get_line(in + total, inlen - total, buf, sizeof (buf));
505		if (i == 0) {
506			kmf_rv = KMF_ERR_ENCODING;
507			goto err;
508		}
509
510		j = i;
511		while ((j >= 0) && (buf[j] <= ' ')) j--;
512		buf[++j] = '\n';
513		buf[++j] = '\0';
514
515		total += i + 1;
516
517		if (strncmp(buf, "-----BEGIN ", 11) == 0) {
518			i = strlen(&(buf[11]));
519			if (strncmp(&(buf[11+i-6]), "-----\n", 6) != 0) {
520				continue;
521			}
522
523			if ((nameB = malloc(i+9)) == NULL) {
524				kmf_rv = KMF_ERR_MEMORY;
525				goto err;
526			}
527
528			(void) memcpy(nameB, &(buf[11]), i-6);
529			nameB[i-6] = '\0';
530			break;
531		}
532	}
533
534	bl = 0;
535	if ((dataB = malloc(2048)) == NULL) {
536		kmf_rv = KMF_ERR_MEMORY;
537		goto err;
538	}
539
540	dataB[0] = '\0';
541
542	while (total < inlen) {
543		(void) memset(buf, 0, 1024);
544		i = get_line(in+total, inlen - total, buf, sizeof (buf));
545
546		if (i == 0) break;
547
548		j = i;
549		while ((j >= 0) && (buf[j] <= ' '))
550			j--;
551
552		buf[++j] = '\n';
553		buf[++j] = '\0';
554		total += i + 1;
555
556		if (buf[0] == '\n') break;
557		if ((dataB = realloc(dataB, bl+j+9)) == NULL) {
558			kmf_rv = KMF_ERR_MEMORY;
559			goto err;
560		}
561
562		if (strncmp(buf, "-----END ", 9) == 0) {
563			break;
564		}
565
566		(void) memcpy(&(dataB[bl]), buf, j);
567		dataB[bl+j] = '\0';
568		bl += j;
569	}
570
571	if (nameB == NULL)
572		goto err;
573
574	i = strlen(nameB);
575	if ((strncmp(buf, "-----END ", 9) != 0) ||
576	    (strncmp(nameB, &(buf[9]), i) != 0) ||
577	    (strncmp(&(buf[9+i]), "-----", 5) != 0)) {
578		kmf_rv = KMF_ERR_ENCODING;
579		goto err;
580	}
581
582	PEM_DecodeInit(&ctx);
583	i = PEM_DecodeUpdate(&ctx,
584	    (unsigned char *)dataB, &bl, (unsigned char *)dataB, bl);
585
586	if (i < 0) {
587		kmf_rv = KMF_ERR_ENCODING;
588		goto err;
589	}
590
591	i = PEM_DecodeFinal(&ctx, (unsigned char *)&(dataB[bl]), &k);
592	if (i < 0) {
593		kmf_rv = KMF_ERR_ENCODING;
594		goto err;
595	}
596	bl += k;
597
598	if (bl == 0) goto err;
599	*out = (unsigned char *)dataB;
600	*outlen = bl;
601
602err:
603	if (nameB != NULL)
604		free(nameB);
605	if (kmf_rv != KMF_OK && dataB != NULL)
606		free(dataB);
607
608	return (kmf_rv);
609}
610