]>
Commit | Line | Data |
---|---|---|
f163b202 SB |
1 | /* |
2 | * key.c -- Common key handling code for swtpm and swtpm_cuse | |
3 | * | |
ad976d1a | 4 | * (c) Copyright IBM Corporation 2014, 2015. |
f163b202 SB |
5 | * |
6 | * Author: Stefan Berger <stefanb@us.ibm.com> | |
7 | * | |
8 | * All rights reserved. | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions are | |
12 | * met: | |
13 | * | |
14 | * Redistributions of source code must retain the above copyright notice, | |
15 | * this list of conditions and the following disclaimer. | |
16 | * | |
17 | * Redistributions in binary form must reproduce the above copyright | |
18 | * notice, this list of conditions and the following disclaimer in the | |
19 | * documentation and/or other materials provided with the distribution. | |
20 | * | |
21 | * Neither the names of the IBM Corporation nor the names of its | |
22 | * contributors may be used to endorse or promote products derived from | |
23 | * this software without specific prior written permission. | |
24 | * | |
25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
26 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
27 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
28 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
29 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
30 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
31 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
32 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
33 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
34 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
35 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
36 | */ | |
37 | ||
38 | #include "config.h" | |
39 | ||
7849b6c6 | 40 | #include <openssl/sha.h> |
a39f098f | 41 | #include <openssl/evp.h> |
f163b202 SB |
42 | |
43 | #include <ctype.h> | |
44 | #include <errno.h> | |
45 | #include <fcntl.h> | |
46 | #include <string.h> | |
47 | #include <stdio.h> | |
a39f098f | 48 | #include <stdlib.h> |
f163b202 SB |
49 | #include <unistd.h> |
50 | #include <sys/types.h> | |
51 | #include <sys/stat.h> | |
52 | ||
53 | #include "key.h" | |
cba81569 | 54 | #include "logging.h" |
f163b202 | 55 | |
58548ac6 SB |
56 | /* |
57 | * key_format_from_string: | |
58 | * Convert the string into a key format identifier | |
59 | * @format: either 'hex' or 'binary' | |
60 | * | |
61 | * Returns a key format identifier | |
62 | */ | |
f163b202 SB |
63 | enum key_format |
64 | key_format_from_string(const char *format) | |
65 | { | |
66 | if (!strcmp(format, "hex")) { | |
67 | return KEY_FORMAT_HEX; | |
68 | } else if (!strcmp(format, "binary")) { | |
69 | return KEY_FORMAT_BINARY; | |
70 | } | |
cba81569 | 71 | logprintf(STDERR_FILENO, "Unknown key format '%s'.\n", format); |
f163b202 SB |
72 | |
73 | return KEY_FORMAT_UNKNOWN; | |
74 | } | |
75 | ||
58548ac6 SB |
76 | /* |
77 | * encryption_mode_from_string: | |
78 | * Convert the string into a encryption mode identifier | |
79 | * @mode: string describing encryption mode | |
68a5b241 | 80 | * @keylen: the length of the key in bytes |
58548ac6 SB |
81 | * |
82 | * Returns an encryption mode identifier | |
83 | */ | |
f163b202 | 84 | enum encryption_mode |
68a5b241 | 85 | encryption_mode_from_string(const char *mode, size_t *keylen) |
f163b202 | 86 | { |
68a5b241 SB |
87 | if (!strcmp(mode, "aes-cbc") || !strcmp(mode, "aes-128-cbc")) { |
88 | *keylen = 128/8; | |
89 | return ENCRYPTION_MODE_AES_CBC; | |
90 | } else if (!strcmp(mode, "aes-256-cbc")) { | |
91 | *keylen = 256/8; | |
f163b202 SB |
92 | return ENCRYPTION_MODE_AES_CBC; |
93 | } | |
94 | ||
95 | return ENCRYPTION_MODE_UNKNOWN; | |
96 | } | |
97 | ||
a39f098f SB |
98 | /* |
99 | * kdf_identifier_from_string: | |
100 | * Convert the string in a kdf identifier | |
101 | * @mode: string describing the kdf | |
102 | * | |
103 | * Return a kdf identifier | |
104 | */ | |
105 | enum kdf_identifier | |
106 | kdf_identifier_from_string(const char *kdf) | |
107 | { | |
108 | if (!strcmp(kdf, "sha512")) { | |
109 | return KDF_IDENTIFIER_SHA512; | |
110 | } else if (!strcmp(kdf, "pbkdf2")) { | |
111 | return KDF_IDENTIFIER_PBKDF2; | |
112 | } | |
113 | ||
114 | return KDF_IDENTIFIER_UNKNOWN; | |
115 | } | |
116 | ||
58548ac6 SB |
117 | /* |
118 | * key_stream_to_bin | |
119 | * Convert a stream of ASCII hex digits into a key; convert a maximum of | |
120 | * bin_size bytes; | |
121 | * | |
122 | * @input: input data holding hex digits | |
123 | * @bin: output field of bin_size | |
124 | * @bin_size: max. number of bytes to convert | |
125 | * | |
126 | * Returns the number of digits that were converted. | |
127 | */ | |
f163b202 SB |
128 | static ssize_t |
129 | key_stream_to_bin(const char *input, unsigned char *bin, size_t bin_size) | |
130 | { | |
131 | ssize_t digits = 0; | |
132 | int n, num; | |
133 | ||
134 | while (input[digits] && | |
135 | !isspace(input[digits]) && | |
136 | bin_size > (size_t)digits / 2) { | |
137 | num = sscanf(&input[digits], "%2hhx%n", &bin[digits/2], &n); | |
138 | if (num != 1 || n != 2) | |
139 | return -1; | |
140 | digits += 2; | |
141 | } | |
142 | ||
143 | if (input[digits] && !isspace(input[digits])) | |
144 | return -1; | |
145 | ||
146 | return (digits != 0) ? digits : -1; | |
147 | } | |
148 | ||
58548ac6 SB |
149 | /* |
150 | * key_parse_as_hexkey: | |
151 | * Parse the raw key data as a key in ASCII hex format; they key may | |
152 | * have a leading '0x'. | |
153 | * @rawkey: ASCII data for a hex key with possible leading '0x' | |
154 | * @key: buffer for key | |
155 | * @keylen: actual key len returned by this function | |
156 | * @maxkeylen: the max. size of the key; this is equivalent to the size of | |
157 | * the key buffer | |
158 | * Returns 0 on success, -1 on failure | |
159 | */ | |
f163b202 SB |
160 | static int |
161 | key_parse_as_hexkey(const char *rawkey, | |
162 | unsigned char *key, size_t *keylen, size_t maxkeylen) | |
163 | { | |
164 | ssize_t digits; | |
165 | off_t offset = 0; | |
166 | ||
167 | if (!strncmp(rawkey, "0x", 2)) | |
168 | offset = 2; | |
169 | ||
170 | digits = key_stream_to_bin(&rawkey[offset], key, maxkeylen); | |
171 | if (digits < 0) { | |
cba81569 SB |
172 | logprintf(STDERR_FILENO, |
173 | "Could not parse key hex string into %zu byte buffer.\n", | |
174 | maxkeylen); | |
f163b202 SB |
175 | return -1; |
176 | } else if (digits == 128/4) { | |
177 | *keylen = 128/8; | |
748df6ee SB |
178 | } else if (digits == 256/4) { |
179 | *keylen = 256/8; | |
f163b202 | 180 | } else { |
cba81569 SB |
181 | logprintf(STDERR_FILENO, |
182 | "Unsupported key length with %zu digits.\n", | |
183 | digits); | |
f163b202 SB |
184 | return -1; |
185 | } | |
748df6ee SB |
186 | if (*keylen < maxkeylen) { |
187 | logprintf(STDERR_FILENO, | |
188 | "The provided key is too short. Got %zu bytes, need %zu.\n", | |
189 | *keylen, maxkeylen); | |
190 | return -1; | |
191 | } | |
f163b202 SB |
192 | |
193 | return 0; | |
194 | } | |
195 | ||
58548ac6 | 196 | /* |
f4be1e86 | 197 | * key_load_key_fd: |
58548ac6 | 198 | * Load the raw key data from a file and convert it to a key. |
f4be1e86 | 199 | * @fd: file descriptor to read raw key data from |
58548ac6 SB |
200 | * @keyformat: the format the raw key data are in; may either indicate |
201 | * binary data or hex string | |
202 | * @key: the buffer for holding the converted key | |
203 | * @keylen: the actual key len of the converted key returned by this | |
204 | * function | |
205 | * @maxkeylen: the max. size of the key; corresponds to the size of the | |
206 | * key buffer | |
207 | */ | |
f163b202 | 208 | int |
f4be1e86 SB |
209 | key_load_key_fd(int fd, enum key_format keyformat, |
210 | unsigned char *key, size_t *keylen, size_t maxkeylen) | |
f163b202 SB |
211 | { |
212 | int ret = -1; | |
748df6ee | 213 | char filebuffer[2 + 256/4 + 1 + 1]; |
da521f04 | 214 | ssize_t len; |
f163b202 | 215 | |
f163b202 | 216 | len = read(fd, filebuffer, sizeof(filebuffer) - 1); |
f163b202 | 217 | if (len < 0) { |
cba81569 SB |
218 | logprintf(STDERR_FILENO, "Unable to read key: %s\n", |
219 | strerror(errno)); | |
f163b202 SB |
220 | return -1; |
221 | } | |
222 | filebuffer[len] = 0; | |
223 | ||
224 | switch (keyformat) { | |
225 | case KEY_FORMAT_BINARY: | |
226 | *keylen = len; | |
da521f04 | 227 | if (maxkeylen < (size_t)len) { |
cba81569 SB |
228 | logprintf(STDERR_FILENO, |
229 | "Key is larger than buffer (%zu > %zu).\n", | |
230 | len, maxkeylen); | |
f163b202 SB |
231 | return -1; |
232 | } | |
233 | memcpy(key, filebuffer, len); | |
234 | ret = 0; | |
235 | break; | |
236 | case KEY_FORMAT_HEX: | |
237 | if (key_parse_as_hexkey(filebuffer, key, keylen, maxkeylen) < 0) | |
238 | return -1; | |
239 | ret = 0; | |
240 | break; | |
241 | case KEY_FORMAT_UNKNOWN: | |
242 | break; | |
243 | } | |
244 | ||
245 | return ret; | |
246 | } | |
f4be1e86 SB |
247 | /* |
248 | * key_load_key: | |
249 | * Load the raw key data from a file and convert it to a key. | |
250 | * @filename: file holding the raw key data | |
251 | * @keyformat: the format the raw key data are in; may either indicate | |
252 | * binary data or hex string | |
253 | * @key: the buffer for holding the converted key | |
254 | * @keylen: the actual key len of the converted key returned by this | |
255 | * function | |
256 | * @maxkeylen: the max. size of the key; corresponds to the size of the | |
257 | * key buffer | |
258 | */ | |
259 | int | |
260 | key_load_key(const char *filename, enum key_format keyformat, | |
261 | unsigned char *key, size_t *keylen, size_t maxkeylen) | |
262 | { | |
263 | int ret; | |
264 | int fd; | |
265 | ||
266 | fd = open(filename, O_RDONLY); | |
267 | if (fd < 0) { | |
268 | logprintf(STDERR_FILENO, "Unable to open file %s: %s\n", | |
269 | filename, strerror(errno)); | |
270 | return -1; | |
271 | } | |
272 | ret = key_load_key_fd(fd, keyformat, key, keylen, maxkeylen); | |
273 | ||
274 | close(fd); | |
275 | ||
276 | return ret; | |
277 | } | |
f163b202 | 278 | |
58548ac6 SB |
279 | /* |
280 | * key_from_pwdfile: | |
a947bebd SB |
281 | * Read the password from the given file descriptor, convert the password into |
282 | * a key by applying a KDF on the password and use the first bytes | |
58548ac6 | 283 | * of the hash as the key. |
a947bebd | 284 | * @fd: file descriptor to read password from |
58548ac6 | 285 | * @key: the buffer for holding the key |
58548ac6 SB |
286 | * @keylen: the actual key len of the converted key returned by this |
287 | * function | |
288 | * @maxkeylen: the max. size of the key; corresponds to the size of the | |
289 | * key buffer | |
a39f098f | 290 | * @kdfid: the kdf to invoke to create the key |
58548ac6 | 291 | */ |
f163b202 | 292 | int |
a947bebd SB |
293 | key_from_pwdfile_fd(int fd, unsigned char *key, size_t *keylen, |
294 | size_t maxkeylen, enum kdf_identifier kdfid) | |
f163b202 | 295 | { |
a39f098f SB |
296 | unsigned char *filebuffer = NULL; |
297 | size_t filelen; | |
0268ef45 | 298 | ssize_t len; |
3bbdd7bc | 299 | unsigned char hashbuf[SHA512_DIGEST_LENGTH]; |
a39f098f SB |
300 | struct stat statbuf; |
301 | int ret = -1; | |
302 | const unsigned char salt[] = {'s','w','t','p','m'}; | |
f163b202 SB |
303 | |
304 | if (maxkeylen > sizeof(hashbuf)) { | |
cba81569 SB |
305 | logprintf(STDERR_FILENO, |
306 | "Request keylength is too big (%zu > %zu)\n", | |
307 | maxkeylen, sizeof(hashbuf)); | |
f163b202 SB |
308 | return -1; |
309 | } | |
310 | ||
a39f098f SB |
311 | if (fstat(fd, &statbuf) < 0) { |
312 | logprintf(STDERR_FILENO, | |
a947bebd SB |
313 | "Unable to stat pwdfile : %s\n", |
314 | strerror(errno)); | |
315 | goto exit; | |
a39f098f SB |
316 | } |
317 | filelen = statbuf.st_size; | |
f163b202 | 318 | |
a39f098f SB |
319 | filebuffer = malloc(filelen); |
320 | if (!filebuffer) { | |
321 | logprintf(STDERR_FILENO, | |
322 | "Could not allocate %zu bytes for filebuffer\n", | |
323 | filebuffer); | |
a947bebd | 324 | goto exit; |
a39f098f SB |
325 | } |
326 | ||
327 | len = read(fd, filebuffer, filelen); | |
f163b202 | 328 | if (len < 0) { |
cba81569 SB |
329 | logprintf(STDERR_FILENO, |
330 | "Unable to read passphrase: %s\n", | |
331 | strerror(errno)); | |
a947bebd | 332 | goto exit; |
f163b202 SB |
333 | } |
334 | ||
f163b202 | 335 | *keylen = maxkeylen; |
f163b202 | 336 | |
a39f098f SB |
337 | switch (kdfid) { |
338 | case KDF_IDENTIFIER_SHA512: | |
748df6ee SB |
339 | if (sizeof(hashbuf) < *keylen) { |
340 | logprintf(STDERR_FILENO, | |
341 | "Requested %zu bytes for key, only got %zu.\n", | |
342 | *keylen, sizeof(hashbuf)); | |
a947bebd | 343 | goto exit; |
748df6ee | 344 | } |
63717f99 | 345 | SHA512(filebuffer, len, hashbuf); |
a39f098f SB |
346 | memcpy(key, hashbuf, *keylen); |
347 | break; | |
348 | case KDF_IDENTIFIER_PBKDF2: | |
349 | if (PKCS5_PBKDF2_HMAC((const char *)filebuffer, len, | |
350 | salt, sizeof(salt), 1000, | |
351 | EVP_sha512(), *keylen, key) != 1) { | |
352 | logprintf(STDERR_FILENO, | |
353 | "PKCS5_PBKDF2_HMAC with SHA512 failed\n"); | |
a947bebd | 354 | goto exit; |
a39f098f SB |
355 | } |
356 | break; | |
357 | case KDF_IDENTIFIER_UNKNOWN: | |
358 | logprintf(STDERR_FILENO, | |
359 | "Unknown KDF\n"); | |
a947bebd | 360 | goto exit; |
a39f098f SB |
361 | } |
362 | ||
a947bebd | 363 | ret = 0; |
a39f098f | 364 | |
a947bebd | 365 | exit: |
a39f098f SB |
366 | |
367 | free(filebuffer); | |
368 | ||
369 | return ret; | |
f163b202 | 370 | } |
a947bebd SB |
371 | |
372 | /* | |
373 | * key_from_pwdfile: | |
374 | * Read the password from the given file, convert the password into | |
375 | * a key by applying a KDF on the password and use the first bytes | |
376 | * of the hash as the key. | |
377 | * @filename: name of the file holding the password | |
378 | * @key: the buffer for holding the key | |
379 | * @keylen: the actual key len of the converted key returned by this | |
380 | * function | |
381 | * @maxkeylen: the max. size of the key; corresponds to the size of the | |
382 | * key buffer | |
383 | * @kdfid: the kdf to invoke to create the key | |
384 | */ | |
385 | int | |
386 | key_from_pwdfile(const char *filename, unsigned char *key, size_t *keylen, | |
387 | size_t maxkeylen, enum kdf_identifier kdfid) | |
388 | { | |
389 | int ret; | |
390 | int fd; | |
391 | ||
392 | fd = open(filename, O_RDONLY); | |
393 | if (fd < 0) { | |
394 | logprintf(STDERR_FILENO, | |
395 | "Unable to open file %s : %s\n", | |
396 | filename, strerror(errno)); | |
397 | return -1; | |
398 | } | |
399 | ||
400 | ret = key_from_pwdfile_fd(fd, key, keylen, maxkeylen, kdfid); | |
401 | ||
402 | close(fd); | |
403 | ||
404 | return ret; | |
405 | } |