Changeset 73749 in vbox for trunk/src

Timestamp:

Aug 18, 2018 12:25:57 AM (6 years ago)

Author:

vboxsync

Message:

IPRT/crypto: Implemented reading of PEM encrypted RSA keys. bugref:9152

Location:

trunk/src/VBox/Runtime

Files:

• common/crypto/key-file.cpp (modified) (14 diffs)
• common/crypto/pemfile.cpp (modified) (13 diffs)
• testcase/tstRTCrPkix-1.cpp (modified) (7 diffs)

trunk/src/VBox/Runtime/common/crypto/key-file.cpp

@@ -32 +32 @@
 #include <iprt/crypto/key.h>
 
+#include <iprt/alloca.h>
 #include <iprt/asm.h>
 #include <iprt/assert.h>
+#include <iprt/ctype.h>
 #include <iprt/err.h>
 #include <iprt/mem.h>
@@ -45 +47 @@
 #include "internal/magics.h"
 #include "key-internal.h"
+
+#ifdef IPRT_WITH_OPENSSL
+# include "internal/iprt-openssl.h"
+# include "openssl/evp.h"
+# ifndef OPENSSL_VERSION_NUMBER
+#  error "Missing OPENSSL_VERSION_NUMBER!"
+# endif
+#endif
 
 
@@ -69 +79 @@
 /** RSA private key marker words. */
 static RTCRPEMMARKERWORD const g_aWords_RsaPrivateKey[] =
-{ { RT_STR_TUPLE("RSA") }, { RT_STR_TUPLE("PRIVATE") }, { RT_STR_TUPLE("KEY") } };
+{ { RT_STR_TUPLE("RSA") },       { RT_STR_TUPLE("PRIVATE") }, { RT_STR_TUPLE("KEY") } };
+/** Generic encrypted private key marker words. */
+static RTCRPEMMARKERWORD const g_aWords_EncryptedPrivateKey[] =
+{ { RT_STR_TUPLE("ENCRYPTED") }, { RT_STR_TUPLE("PRIVATE") }, { RT_STR_TUPLE("KEY") } };
 /** Generic private key marker words. */
 static RTCRPEMMARKERWORD const g_aWords_PrivateKey[] =
-{                          { RT_STR_TUPLE("PRIVATE") }, { RT_STR_TUPLE("KEY") } };
+{                                { RT_STR_TUPLE("PRIVATE") }, { RT_STR_TUPLE("KEY") } };
 
 /** Private key markers. */
 RT_DECL_DATA_CONST(RTCRPEMMARKER const) g_aRTCrKeyPrivateMarkers[] =
 {
-    { g_aWords_RsaPrivateKey, RT_ELEMENTS(g_aWords_RsaPrivateKey) },
-    { g_aWords_PrivateKey,    RT_ELEMENTS(g_aWords_PrivateKey) },
+    { g_aWords_RsaPrivateKey,       RT_ELEMENTS(g_aWords_RsaPrivateKey) },
+    { g_aWords_EncryptedPrivateKey, RT_ELEMENTS(g_aWords_EncryptedPrivateKey) },
+    { g_aWords_PrivateKey,          RT_ELEMENTS(g_aWords_PrivateKey) },
 };
 /** Number of entries in g_aRTCrKeyPrivateMarkers. */
@@ -96 +110 @@
 
 
-
-RTDECL(int) RTCrKeyCreateFromPemSection(PRTCRKEY phKey, PCRTCRPEMSECTION pSection, uint32_t fFlags,
+/**
+ * Decrypts a PEM message.
+ *
+ * @returns IPRT status code
+ * @param   pszDekInfo          The decryption info.  See RFC-1421 section 4.6.1.3
+ *                              as well as RFC-1423).
+ * @param   pszPassword         The password to use to decrypt the key text.
+ * @param   pbEncrypted         The encrypted key text.
+ * @param   cbEncrypted         The size of the encrypted text.
+ * @param   ppbDecrypted        Where to return the decrypted message. Free using RTMemSaferFree.
+ * @param   pcbDecrypted        Where to return the length of the decrypted message.
+ * @param   pcbDecryptedAlloced Where to return the allocation size.
+ * @param   pErrInfo            Where to return additional error information.
+ */
+static int rtCrKeyDecryptPemMessage(const char *pszDekInfo, const char *pszPassword, uint8_t *pbEncrypted, size_t cbEncrypted,
+                                    uint8_t **ppbDecrypted, size_t *pcbDecrypted, size_t *pcbDecryptedAlloced, PRTERRINFO pErrInfo)
+{
+    /*
+     * Initialize return values.
+     */
+    *ppbDecrypted        = NULL;
+    *pcbDecrypted        = 0;
+    *pcbDecryptedAlloced = 0;
+
+    /*
+     * Parse the DEK-Info.
+     */
+    if (!pszDekInfo)
+        return VERR_CR_KEY_NO_DEK_INFO;
+
+    /* Find the end of the algorithm */
+    const char *pszParams = strchr(pszDekInfo, ',');
+    if (!pszParams)
+        pszParams = strchr(pszDekInfo, '\0');
+    size_t cchAlgo = pszParams - pszDekInfo;
+    while (cchAlgo > 0 && RT_C_IS_SPACE(pszDekInfo[cchAlgo - 1]))
+        cchAlgo--;
+
+    /* Copy it out and zero terminating it. */
+    char szAlgo[256];
+    if (cchAlgo >= sizeof(szAlgo))
+        return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_DEK_INFO_TOO_LONG, "Algorithms list is too long (%s)", pszDekInfo);
+    memcpy(szAlgo, pszDekInfo, cchAlgo);
+    szAlgo[cchAlgo] = '\0';
+
+    /* Parameters. */
+    pszParams = RTStrStripL(*pszParams == ',' ? pszParams + 1 : pszParams);
+    size_t const cchParams = strlen(pszParams);
+
+    /*
+     * Do we support the cihper?
+     */
+#ifdef IPRT_WITH_OPENSSL /** @todo abstract encryption & decryption. */
+    const EVP_CIPHER *pCipher = EVP_get_cipherbyname(szAlgo);
+    if (!pCipher)
+        return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_UNSUPPORTED_CIPHER, "Unknown key cipher: %s (params: %s)", szAlgo, pszParams);
+
+    /* Decode the initialization vector if one is required. */
+    uint8_t *pbInitVector = NULL;
+    int const cbInitVector = EVP_CIPHER_iv_length(pCipher);
+    if (cbInitVector > 0)
+    {
+        if (*pszParams == '\0')
+            return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_MISSING_CIPHER_PARAMS,
+                                 "Cipher '%s' expected %u bytes initialization vector, none found", cbInitVector, szAlgo);
+        if ((size_t)cbInitVector > cchParams / 2)
+            return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_TOO_SHORT_CIPHER_IV,
+                                 "Too short initialization vector for '%s', expected %u chars found only %u: %s",
+                                 szAlgo, cbInitVector * 2, cchParams, pszParams);
+        pbInitVector = (uint8_t *)alloca(cbInitVector);
+        int rc = RTStrConvertHexBytes(pszParams, pbInitVector, cbInitVector, 0 /*fFlags*/);
+        if (   RT_FAILURE(rc)
+            && rc != VERR_BUFFER_OVERFLOW /* openssl ignores this condition */)
+            return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_MALFORMED_CIPHER_IV,
+                                 "Malformed initialization vector for '%s': %s (rc=%Rrc)", szAlgo, pszParams, rc);
+    }
+    else if (*pszParams != '\0')
+        return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_UNEXPECTED_CIPHER_PARAMS,
+                             "Cipher '%s' expected no parameters, found: %s", szAlgo, pszParams);
+
+    /*
+     * Do we have a password?  If so try decrypt the key.
+     */
+    if (!pszPassword)
+        return VERR_CR_KEY_ENCRYPTED;
+
+    unsigned char abKey[EVP_MAX_KEY_LENGTH * 2];
+    int cbKey = EVP_BytesToKey(pCipher, EVP_md5(), pbInitVector, (unsigned char const *)pszPassword, (int)strlen(pszPassword),
+                               1, abKey, NULL);
+    if (!cbKey)
+        return RTErrInfoSetF(pErrInfo, VERR_CR_KEY_PASSWORD_ENCODING, "EVP_BytesToKey failed to encode password");
+
+    EVP_CIPHER_CTX *pCipherCtx = EVP_CIPHER_CTX_new();
+    if (!pCipherCtx)
+        return VERR_NO_MEMORY;
+
+    int rc;
+    if (EVP_DecryptInit_ex(pCipherCtx, pCipher, NULL /*pEngine*/, abKey, pbInitVector))
+    {
+        size_t   cbDecryptedAlloced = cbEncrypted;
+        int      cbDecrypted = (int)cbDecryptedAlloced;
+        uint8_t *pbDecrypted = (uint8_t *)RTMemSaferAllocZ(cbDecryptedAlloced);
+        if (pbDecrypted)
+        {
+            if (EVP_DecryptUpdate(pCipherCtx, pbDecrypted, &cbDecrypted, pbEncrypted, (int)cbEncrypted))
+            {
+                int cbFinal = (int)cbDecryptedAlloced - cbDecrypted;
+                if (EVP_DecryptFinal_ex(pCipherCtx, &pbDecrypted[cbDecrypted], &cbFinal))
+                {
+                    cbDecrypted += cbFinal;
+                    Assert((size_t)cbDecrypted <= cbDecryptedAlloced);
+
+                    /*
+                     * Done! Just set the return values.
+                     */
+                    *pcbDecrypted        = cbDecrypted;
+                    *pcbDecryptedAlloced = cbDecryptedAlloced;
+                    *ppbDecrypted        = pbDecrypted;
+                    pbDecrypted = NULL;
+                    rc = VINF_CR_KEY_WAS_DECRYPTED;
+                }
+                else
+                    rc = RTErrInfoSetF(pErrInfo, VERR_CR_KEY_DECRYPTION_FAILED,
+                                       "Incorrect password? EVP_DecryptFinal_ex failed for %s", pszDekInfo);
+            }
+            else
+                rc = RTErrInfoSetF(pErrInfo, VERR_CR_KEY_DECRYPTION_FAILED,
+                                   "Incorrect password? EVP_DecryptUpdate failed for %s", pszDekInfo);
+            if (pbDecrypted)
+                RTMemSaferFree(pbDecrypted, cbDecryptedAlloced);
+        }
+        else
+            rc = VERR_NO_MEMORY;
+    }
+    else
+        rc = RTErrInfoSetF(pErrInfo, VERR_CR_KEY_OSSL_DECRYPT_INIT_ERROR, "EVP_DecryptInit_ex failed for %s", pszDekInfo);
+    EVP_CIPHER_CTX_free(pCipherCtx);
+    return rc;
+#else
+    RT_NOREF(pbEncrypted, cbEncrypted, pszPassword, pErrInfo, cchParams);
+    return VERR_CR_KEY_DECRYPTION_NOT_SUPPORTED;
+#endif
+}
+
+
+RTDECL(int) RTCrKeyCreateFromPemSection(PRTCRKEY phKey, PCRTCRPEMSECTION pSection, uint32_t fFlags, const char *pszPassword,
                                         PRTERRINFO pErrInfo, const char *pszErrorTag)
 {
@@ -105 +263 @@
     *phKey = NIL_RTCRKEY;
     AssertPtrReturn(pSection, VERR_INVALID_POINTER);
+    NOREF(pszPassword);
 
     /*
@@ -113 +272 @@
         kKeyFormat_Unknown = 0,
         kKeyFormat_RsaPrivateKey,
+        kKeyFormat_RsaEncryptedPrivateKey,
         kKeyFormat_RsaPublicKey,
+        kKeyFormat_SubjectPublicKeyInfo,
         kKeyFormat_PrivateKeyInfo,
-        kKeyFormat_SubjectPublicKeyInfo
+        kKeyFormat_EncryptedPrivateKeyInfo
     }               enmFormat     = kKeyFormat_Unknown;
+    const char     *pszDekInfo    = NULL;
     PCRTCRPEMMARKER pMarker       = pSection->pMarker;
     if (pMarker)
@@ -127 +289 @@
                 enmFormat  = kKeyFormat_RsaPublicKey;
             else if (strcmp(pMarker->paWords[1].pszWord, "PRIVATE") == 0)
-                enmFormat  = kKeyFormat_RsaPrivateKey;
+            {
+                enmFormat = kKeyFormat_RsaPrivateKey;
+
+                /* RSA PRIVATE KEY encryption is advertised thru PEM header fields.
+                   We need the DEK field to decrypt the message (see RFC-1421 4.6.1.3). */
+                for (PCRTCRPEMFIELD pField = pSection->pFieldHead; pField; pField = pField->pNext)
+                {
+                    if (   pField->cchName == sizeof("Proc-Type") - 1
+                        && pField->cchValue >= sizeof("4,ENCRYPTED") - 1
+                        && memcmp(pField->szName, RT_STR_TUPLE("Proc-Type")) == 0)
+                    {
+                        const char *pszValue = pField->pszValue;
+                        if (*pszValue == '4')
+                        {
+                            do
+                                pszValue++;
+                            while (RT_C_IS_SPACE(*pszValue) || RT_C_IS_PUNCT(*pszValue));
+                            if (strcmp(pszValue, "ENCRYPTED") == 0)
+                                enmFormat  = kKeyFormat_RsaEncryptedPrivateKey;
+                        }
+                    }
+                    else if (   pField->cchName == sizeof("DEK-Info") - 1
+                             && pField->cchValue > 0
+                             && !pszDekInfo)
+                        pszDekInfo = pField->pszValue;
+                }
+            }
             else
                 AssertFailed();
@@ -141 +329 @@
                 AssertFailed();
         }
+        else if (   pMarker->cWords == 3
+                 && strcmp(pMarker->paWords[0].pszWord, "ENCRYPTED") == 0
+                 && strcmp(pMarker->paWords[1].pszWord, "PRIVATE") == 0
+                 && strcmp(pMarker->paWords[2].pszWord, "KEY") == 0)
+            enmFormat = kKeyFormat_EncryptedPrivateKeyInfo;
         else
             AssertFailed();
@@ -224 +417 @@
     switch (enmFormat)
     {
+        case kKeyFormat_RsaPublicKey:
+            rc = rtCrKeyCreateRsaPublic(phKey, pSection->pbData, (uint32_t)pSection->cbData, pErrInfo, pszErrorTag);
+            break;
+
         case kKeyFormat_RsaPrivateKey:
             rc = rtCrKeyCreateRsaPrivate(phKey, pSection->pbData, (uint32_t)pSection->cbData, pErrInfo, pszErrorTag);
             break;
 
-        case kKeyFormat_RsaPublicKey:
-            rc = rtCrKeyCreateRsaPrivate(phKey, pSection->pbData, (uint32_t)pSection->cbData, pErrInfo, pszErrorTag);
+        case kKeyFormat_RsaEncryptedPrivateKey:
+        {
+            uint8_t *pbDecrypted = NULL;
+            size_t   cbDecrypted = 0;
+            size_t   cbDecryptedAlloced = 0;
+            rc = rtCrKeyDecryptPemMessage(pszDekInfo, pszPassword, pSection->pbData, pSection->cbData,
+                                          &pbDecrypted, &cbDecrypted, &cbDecryptedAlloced, pErrInfo);
+            if (RT_SUCCESS(rc))
+            {
+                int rc2 = rtCrKeyCreateRsaPrivate(phKey, pbDecrypted, (uint32_t)cbDecrypted, pErrInfo, pszErrorTag);
+                if (rc2 != VINF_SUCCESS)
+                    rc = rc2;
+                RTMemSaferFree(pbDecrypted, cbDecryptedAlloced);
+            }
             break;
+        }
 
         case kKeyFormat_SubjectPublicKeyInfo:
@@ -252 +462 @@
             break;
 
+        case kKeyFormat_EncryptedPrivateKeyInfo:
+            rc = RTErrInfoSet(pErrInfo, VERR_CR_KEY_FORMAT_NOT_SUPPORTED,
+                              "Support for encrypted PKCS#8 PrivateKeyInfo is not yet implemented");
+            break;
+
         default:
             AssertFailedStmt(rc = VERR_INTERNAL_ERROR_4);
@@ -259 +474 @@
 
 
-RTDECL(int) RTCrKeyCreateFromBuffer(PRTCRKEY phKey, uint32_t fFlags, void const *pvSrc, size_t cbSrc,
+RTDECL(int) RTCrKeyCreateFromBuffer(PRTCRKEY phKey, uint32_t fFlags, void const *pvSrc, size_t cbSrc, const char *pszPassword,
                                     PRTERRINFO pErrInfo, const char *pszErrorTag)
 {
@@ -269 +484 @@
         if (pSectionHead)
         {
-            rc = RTCrKeyCreateFromPemSection(phKey, pSectionHead, fFlags  & ~RTCRKEYFROM_F_ONLY_PEM, pErrInfo, pszErrorTag);
+            rc = RTCrKeyCreateFromPemSection(phKey, pSectionHead, fFlags  & ~RTCRKEYFROM_F_ONLY_PEM, pszPassword,
+                                             pErrInfo, pszErrorTag);
             RTCrPemFreeSections(pSectionHead);
         }
@@ -279 +495 @@
 
 
-RTDECL(int) RTCrKeyCreateFromFile(PRTCRKEY phKey, uint32_t fFlags, const char *pszFilename, PRTERRINFO pErrInfo)
+RTDECL(int) RTCrKeyCreateFromFile(PRTCRKEY phKey, uint32_t fFlags, const char *pszFilename,
+                                  const char *pszPassword, PRTERRINFO pErrInfo)
 {
     AssertReturn(!(fFlags & ~RTCRKEYFROM_F_VALID_MASK), VERR_INVALID_FLAGS);
@@ -288 +505 @@
         if (pSectionHead)
         {
-            rc = RTCrKeyCreateFromPemSection(phKey, pSectionHead, fFlags & ~RTCRKEYFROM_F_ONLY_PEM,
+            rc = RTCrKeyCreateFromPemSection(phKey, pSectionHead, fFlags & ~RTCRKEYFROM_F_ONLY_PEM, pszPassword,
                                              pErrInfo, RTPathFilename(pszFilename));
             RTCrPemFreeSections(pSectionHead);

trunk/src/VBox/Runtime/common/crypto/pemfile.cpp

@@ -2 +2 @@
 /** @file
  * IPRT - Crypto - PEM file reader / writer.
+ *
+ * See RFC-1341 for the original ideas for the format, but keep in mind
+ * that the format was hijacked and put to different uses.  We're aiming at
+ * dealing with the different uses rather than anything email related here.
  */
 
@@ -32 +36 @@
 #include <iprt/crypto/pem.h>
 
+#include <iprt/asm.h>
 #include <iprt/base64.h>
 #include <iprt/ctype.h>
 #include <iprt/err.h>
 #include <iprt/mem.h>
+#include <iprt/memsafer.h>
 #include <iprt/file.h>
 #include <iprt/string.h>
@@ -44 +50 @@
  * Looks for a PEM-like marker.
  *
- * @returns true if found, fasle if not.
+ * @returns true if found, false if not.
  * @param   pbContent           Start of the content to search thru.
  * @param   cbContent           The size of the content to search.
@@ -220 +226 @@
 
 
+/**
+ * Parses any fields the message may contain.
+ *
+ * @retval  VINF_SUCCESS
+ * @retval  VERR_NO_MEMORY
+ * @retval  VERR_CR_MALFORMED_PEM_HEADER
+ *
+ * @param   pSection        The current section, where we will attach a list of
+ *                          fields to the pFieldHead member.
+ * @param   pbContent       The content of the PEM message being parsed.
+ * @param   cbContent       The length of the PEM message.
+ * @param   pcbFields       Where to return the length of the header fields we found.
+ */
+static int rtCrPemProcessFields(PRTCRPEMSECTION pSection, uint8_t const *pbContent, size_t cbContent, size_t *pcbFields)
+{
+    uint8_t const * const pbContentStart = pbContent;
+
+    /*
+     * Work the encapulated header protion field by field.
+     *
+     * This is optional, so currently we don't throw errors here but leave that
+     * to when we work the text portion with the base64 decoder.  Also, as a reader
+     * we don't go all pedanic on confirming to specification (RFC-1421), especially
+     * given that it's used for crypto certificates, keys and the like not email. :-)
+     */
+    PCRTCRPEMFIELD *ppNext = &pSection->pFieldHead;
+    while (cbContent > 0)
+    {
+        /* Just look for a colon first. */
+        const uint8_t *pbColon = (const uint8_t *)memchr(pbContent, ':', cbContent);
+        if (!pbColon)
+            break;
+        size_t offColon = pbColon - pbContent;
+
+        /* Check that the colon is within the first line. */
+        if (!memchr(pbContent, '\n', cbContent - offColon))
+            return VERR_CR_MALFORMED_PEM_HEADER;
+
+        /* Skip leading spaces (there shouldn't be any, but just in case). */
+        while (RT_C_IS_BLANK(*pbContent) && /*paranoia:*/ offColon > 0)
+        {
+            offColon--;
+            cbContent--;
+            pbContent++;
+        }
+
+        /* There shouldn't be any spaces before the colon, but just in case */
+        size_t cchName = offColon;
+        while (cchName > 0 && RT_C_IS_BLANK(pbContent[cchName - 1]))
+            cchName--;
+
+        /* Skip leading value spaces (there typically is at least one). */
+        size_t offValue = offColon + 1;
+        while (offValue < cbContent && RT_C_IS_BLANK(pbContent[offValue]))
+            offValue++;
+
+        /* Find the newline the field value ends with and where the next iteration should start later on. */
+        size_t         cbLeft;
+        uint8_t const *pbNext = (uint8_t const *)memchr(&pbContent[offValue], '\n', cbContent - offValue);
+        while (   pbNext
+               && (cbLeft = pbNext - pbContent) < cbContent
+               && RT_C_IS_BLANK(pbNext[1]) /* next line must start with a space or tab */)
+            pbNext = (uint8_t const *)memchr(&pbNext[1], '\n', cbLeft - 1);
+
+        size_t cchValue;
+        if (pbNext)
+        {
+            cchValue = pbNext - &pbContent[offValue];
+            if (cchValue > 0 && pbNext[-1] == '\r')
+                cchValue--;
+            pbNext++;
+        }
+        else
+        {
+            cchValue = cbContent - offValue;
+            pbNext = &pbContent[cbContent];
+        }
+
+        /* Strip trailing spaces. */
+        while (cchValue > 0 && RT_C_IS_BLANK(pbContent[offValue + cchValue - 1]))
+            cchValue--;
+
+        /*
+         * Allocate a field instance.
+         *
+         * Note! We don't consider field data sensitive at the moment.  This
+         *       mainly because the fields are chiefly used to indicate the
+         *       encryption parameters to the body.
+         */
+        PRTCRPEMFIELD pNewField = (PRTCRPEMFIELD)RTMemAllocZVar(sizeof(*pNewField) + cchName + 1 + cchValue + 1);
+        if (!pNewField)
+            return VERR_NO_MEMORY;
+        pNewField->cchName         = cchName;
+        pNewField->cchValue        = cchValue;
+        memcpy(pNewField->szName, pbContent, cchName);
+        pNewField->szName[cchName] = '\0';
+        char *pszDst = (char *)memcpy(&pNewField->szName[cchName + 1], &pbContent[offValue], cchValue);
+        pNewField->pszValue        = pszDst;
+        pszDst[cchValue]           = '\0';
+        pNewField->pNext           = NULL;
+
+        *ppNext = pNewField;
+        ppNext = &pNewField->pNext;
+
+        /*
+         * Advance past the field.
+         */
+        cbContent -= pbNext - pbContent;
+        pbContent  = pbNext;
+    }
+
+    /*
+     * Skip blank line(s) before the body.
+     */
+    while (cbContent >= 1)
+    {
+        size_t cbSkip;
+        if (pbContent[0] == '\n')
+            cbSkip = 1;
+        else if (   pbContent[0] == '\r'
+                 && cbContent >= 2
+                 && pbContent[1] == '\n')
+            cbSkip = 2;
+        else
+            break;
+        pbContent += cbSkip;
+        cbContent -= cbSkip;
+    }
+
+    *pcbFields = pbContent - pbContentStart;
+    return VINF_SUCCESS;
+}
+
 
 /**
@@ -227 +366 @@
  * @param   pbContent           The start of the PEM-like content (text).
  * @param   cbContent           The max size of the PEM-like content.
+ * @param   fSensitive          Set if the safer allocator should be used.
  * @param   ppvDecoded          Where to return a heap block containing the
  *                              decoded content.
  * @param   pcbDecoded          Where to return the size of the decoded content.
  */
-static int rtCrPemDecodeBase64(uint8_t const *pbContent, size_t cbContent, void **ppvDecoded, size_t *pcbDecoded)
+static int rtCrPemDecodeBase64(uint8_t const *pbContent, size_t cbContent, bool fSensitive,
+                               void **ppvDecoded, size_t *pcbDecoded)
 {
     ssize_t cbDecoded = RTBase64DecodedSizeEx((const char *)pbContent, cbContent, NULL);
@@ -238 +379 @@
 
     *pcbDecoded = cbDecoded;
-    void *pvDecoded = RTMemAlloc(cbDecoded);
+    void *pvDecoded = !fSensitive ? RTMemAlloc(cbDecoded) : RTMemSaferAllocZ(cbDecoded);
     if (!pvDecoded)
         return VERR_NO_MEMORY;
@@ -251 +392 @@
             return VINF_SUCCESS;
         }
+
         rc = VERR_INTERNAL_ERROR_3;
     }
-    RTMemFree(pvDecoded);
+    if (!fSensitive)
+        RTMemFree(pvDecoded);
+    else
+        RTMemSaferFree(pvDecoded, cbDecoded);
     return rc;
 }
@@ -310 +455 @@
         PRTCRPEMSECTION pFree = (PRTCRPEMSECTION)pSectionHead;
         pSectionHead = pSectionHead->pNext;
-
-        Assert(pFree->pMarker || !pFree->pszPreamble);
+        ASMCompilerBarrier(); /* paranoia */
 
         if (pFree->pbData)
         {
-            RTMemFree(pFree->pbData);
+            if (!pFree->fSensitive)
+                RTMemFree(pFree->pbData);
+            else
+                RTMemSaferFree(pFree->pbData, pFree->cbData);
             pFree->pbData = NULL;
             pFree->cbData = 0;
         }
 
-        if (pFree->pszPreamble)
-        {
-            RTMemFree(pFree->pszPreamble);
-            pFree->pszPreamble = NULL;
-            pFree->cchPreamble = 0;
-        }
+        PRTCRPEMFIELD pField = (PRTCRPEMFIELD)pFree->pFieldHead;
+        if (pField)
+        {
+            pFree->pFieldHead = NULL;
+            do
+            {
+                PRTCRPEMFIELD pFreeField = pField;
+                pField = (PRTCRPEMFIELD)pField->pNext;
+                ASMCompilerBarrier(); /* paranoia */
+
+                pFreeField->pszValue = NULL;
+                RTMemFree(pFreeField);
+            } while (pField);
+        }
+
         RTMemFree(pFree);
     }
@@ -355 +511 @@
     if (pSection)
     {
+        bool const fSensitive = RT_BOOL(fFlags & RTCRPEMREADFILE_F_SENSITIVE);
+
         /*
          * Try locate the first section.
@@ -372 +530 @@
                 //pSection->pbData      = NULL;
                 //pSection->cbData      = 0;
-                //pSection->pszPreamble = NULL;
-                //pSection->cchPreamble = 0;
+                //pSection->pFieldHead  = NULL;
+                pSection->fSensitive    = fSensitive;
 
                 *ppNext = pSection;
                 ppNext = &pSection->pNext;
 
-                /* Decode the section. */
-                /** @todo copy the preamble as well. */
-                int rc2 = rtCrPemDecodeBase64(pbContent + offBegin, offEnd - offBegin,
+                /*
+                 * Decode the section.
+                 */
+                size_t cbFields = 0;
+                int rc2 = rtCrPemProcessFields(pSection, pbContent + offBegin, offEnd - offBegin, &cbFields);
+                offBegin += cbFields;
+                if (RT_SUCCESS(rc2))
+                    rc2 = rtCrPemDecodeBase64(pbContent + offBegin, offEnd - offBegin, fSensitive,
                                               (void **)&pSection->pbData, &pSection->cbData);
                 if (RT_FAILURE(rc2))
@@ -396 +559 @@
                 }
 
-                /* More sections? */
+                /*
+                 * More sections?
+                 */
                 if (   offResume + 12 >= cbContent
                     || offResume      >= cbContent
@@ -425 +590 @@
                 //pSection->pNext       = NULL;
                 //pSection->pMarker     = NULL;
-                pSection->pbData        = (uint8_t *)RTMemDup(pbContent, cbContent);
+                //pSection->pFieldHead  = NULL;
                 pSection->cbData        = cbContent;
-                //pSection->pszPreamble = NULL;
-                //pSection->cchPreamble = 0;
+                pSection->fSensitive    = fSensitive;
+                if (!fSensitive)
+                    pSection->pbData    = (uint8_t *)RTMemDup(pbContent, cbContent);
+                else
+                {
+                    pSection->pbData    = (uint8_t *)RTMemSaferAllocZ(cbContent);
+                    if (pSection->pbData)
+                        memcpy(pSection->pbData, pbContent, cbContent);
+                }
                 if (pSection->pbData)
                 {
@@ -461 +633 @@
     {
         rc = RTCrPemParseContent(pvContent, cbContent, fFlags, paMarkers, cMarkers, ppSectionHead, pErrInfo);
+        if (fFlags & RTCRPEMREADFILE_F_SENSITIVE)
+            RTMemWipeThoroughly(pvContent, cbContent, 3);
         RTFileReadAllFree(pvContent, cbContent);
     }

trunk/src/VBox/Runtime/testcase/tstRTCrPkix-1.cpp

@@ -45 +45 @@
  * Key pairs to use when testing.
  */
-static const struct { unsigned cBits; const char *pszPrivateKey, *pszPublicKey; } g_aKeyPairs[] =
+static const struct { unsigned cBits; const char *pszPrivateKey, *pszPublicKey, *pszPassword; } g_aKeyPairs[] =
 {
     {
@@ -113 +113 @@
         "l93DTgQaXwX/ZjXmwjXvQ0W4OxxexqyW6YvDBYeNKxstuM5qfgzYf7FD/8lZYkyM\n"
         "AXELgpCqC92xlTbWpRVNpXcCAwEAAQ==\n"
-        "-----END PUBLIC KEY-----\n"
+        "-----END PUBLIC KEY-----\n",
+        NULL
     },
     {
@@ -152 +153 @@
         "RNsEv/qoK+g/h+b2C0sVO7eUyM6nx9VT8w+ODunnYWs1HiAGAhzj7NhsnJp0gm88\n"
         "KwIDAQAB\n"
-        "-----END PUBLIC KEY-----\n"
+        "-----END PUBLIC KEY-----\n",
+        NULL
     },
     {
@@ -176 +178 @@
         "jljAj3vfF9HpyyKOBgLwY1Plfwj3bNPUomGZ+sgigNYWJ4+lXlSxJ7UlTQuQd7Pi\n"
         "RsgCEIRny+5thH/rSwIDAQAB\n"
-        "-----END PUBLIC KEY-----\n"
+        "-----END PUBLIC KEY-----\n",
+        NULL
     },
     {
@@ -192 +195 @@
         "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMgbhgcN8LxMNpEZgOC3hgI61pAwSxn4\n"
         "X8rSBHyTt7pfqbU0g2TkPsNT7J6YS2xN+MwKiYNDeCTjRRbt67o1ZscCAwEAAQ==\n"
-        "-----END PUBLIC KEY-----\n"
+        "-----END PUBLIC KEY-----\n",
+        NULL
+    },
+
+    /*
+     * Keys with passwords.
+     */
+    {
+        2048,
+        "-----BEGIN RSA PRIVATE KEY-----\n"
+        "Proc-Type: 4,ENCRYPTED\n"
+        "DEK-Info: AES-128-CBC,86B32E02F476832DE26291AEF884BFB2\n"
+        "\n"
+        "3vqVAOubNaajTSUj/t0ueXRG11kVOCbQkj6AoB4bO+xYUabtcisM4I34It6GN1ZJ\n"
+        "yXv2DcCE3At31LvvqS8bYGvRhY+oPpCUkC4DX+RX9Tkw5ivl1F9pv/rL3nv2F3LX\n"
+        "KxMUcygwJOG2ItPu+vLI0HDYGn9reR+6boriwQfU6S8An4C6LrIZK0hUN0Bpr6W+\n"
+        "JyTX9B3Tgy/BldW6yziRzYUZHnnKEKKacvHP5l0n/6nn6iFSJSFmnzvsedwOvUI0\n"
+        "eHQ1LvbfQnd5yIalQ5S8UkgpKb5S4s2U0AthAC67m+Nc0E8NcbCMY1JT4FlsWVLD\n"
+        "GqWmjKhwEBgoPRROEiq39KgPnoxnCEIOiQ6l8kZ0uvqlCHhWM4b1UVqb6hyrmY32\n"
+        "SEBiwRqFewVYzPFI1+vT3CH/BJcXCBISNj2c4OZDqhmgncGWpLwqU1GIlLp82o3l\n"
+        "t58WfNuqUM7bc/T6cIKAI2JoR2R96Zo0cgL+419msVUdZXhM/10K3W+wbHUVuSqh\n"
+        "iDOCJhXWIhu47kjbCOh7OvpOtOPayWBLQiGh1Q4+WQU6t6Vdr/i71dKP0/P/QHwk\n"
+        "ELNaWv/RLbE6PqKuXcjtoIqzynTvS/6C7PLEKEX3PB6kZNV+m7C0Dxu4BFj04vtx\n"
+        "5CL71sGaB1ETYUdMRSvCa+f/1zwUXngmozUL+D4PkCz/vT5FYKElWt7RBMt8N+rC\n"
+        "Iga+YqqvnuSPrxGXLCGZBuI2V+0BwG1pUHwk/C3uo/ggacj9+E/Oiei725cEI7H5\n"
+        "FnJdFrubYsoGtyII4H1MJzp768s+bD5Bs9m/6a1m+HtzwjxNt329MyAW4DixNGEp\n"
+        "T1e1e6DMnYU8XlxHkRu3IkgWjY3GPw+mfnxT5ThM16w3XC5bvRPMbIukJxFE3yDL\n"
+        "jsUeVhA9NHBZbrFIjLwBWoxqlmgZjJrMFE8pcdFbNl2nKvOK0DHw6Tc93Qz0pg4q\n"
+        "tvt51k9FR4WNmUY8uElmkhepAAAyzcGAHqxvrzkBmXOh76i5+j32swmmaTdx35I2\n"
+        "GdRPAl75JEKZVKgHZOW6f/eCWdY7z0GAOnn+fkEzxAufU+DQAOuNkgVKySTyov5J\n"
+        "v3aaMBuyrxyhgqt+k7PahlRE00S84+QvEgeiTmP/Beyd2GHwKiQ0G/9mwkVjSB1Y\n"
+        "rFw0pzzud1JcYy3uFKZB+YHrV4YbfUHmJR0CKCqHUD2R95rNBIcS5ZpMm1Ak0d5E\n"
+        "jAQsYlGIbWGx6aNmmf7NWacRpwVPnViU30cumeQxbCLQ2Mfb9N2zuwgplOSNp/2m\n"
+        "KRU7jRs3ZLD21iplVBbmmvpC8HyJ7605bDWBw+eVaS92sEmA5lnD3uRil+7/tM8C\n"
+        "rXrnU8h7vFBSWxcVM1kEiocE8eetSMczI7uA36KWbAWcMlG6hCyQSLuGkxGSZpaM\n"
+        "Ro+IJx/vHNvnVj2ObqHCmSIE0+VkeyV3SlF2MqrdHNss/iOUBYFsE9zVN/oQcibt\n"
+        "dXMXRN81KyHg8keNiwdd18ZWVW2+lix1mbPPgwd5iptnT4Qyder5HJroV52LdRZc\n"
+        "nf3XjVzVp7tTGjGi9T/FvkpQR4tkU+Sl17qDrw9H/Y7k1j90zWFn8kykpwSRt0bV\n"
+        "-----END RSA PRIVATE KEY-----\n",
+        "-----BEGIN PUBLIC KEY-----\n"
+        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvqfSDO1HN3Els04TSGE\n"
+        "sJ0Himl934+ryfNXYIRWkq91i5+rENyZ475XBMjg8fblhvHy7vy4GfUo0PKVXxWS\n"
+        "nPqOPSLEP3r2vsCX5l+KRBnGi4TeGWDTB8R6oA6HKY5ybtzUr1MHKwa7K7YJu7M9\n"
+        "DW7n2JPLRajUMioO9wbYK70qlbxjeOu0V62D68fWoa3alSWMlMBv9KZW9g2oJHQy\n"
+        "mUO2OdJFdyaah3z6vTKtzxmZ+NB4iwIjD6Go1CMj+FOjjjJb3EgUOIZAsRz/+9MF\n"
+        "S3cRfh/8u9cZQ20Woh5vmw1anXxbwk6Z8uIFYrdgcY5G7ak0/3VukbP7VzvG+voY\n"
+        "AwIDAQAB\n"
+        "-----END PUBLIC KEY-----\n",
+        "password"
     }
 };
@@ -217 +268 @@
          */
         rc = RTCrKeyCreateFromBuffer(&hPublicKey, 0, g_aKeyPairs[i].pszPublicKey, strlen(g_aKeyPairs[i].pszPublicKey),
-                                     NULL /*pErrInfo*/, NULL /*pszErrorTag*/);
+                                     NULL /*pszPassword*/, NULL /*pErrInfo*/, NULL /*pszErrorTag*/);
         if (RT_FAILURE(rc))
             RTTestIFailed("Error %Rrc decoding public key #%u (%u bits)", rc, i, g_aKeyPairs[i].cBits);
 
         rc = RTCrKeyCreateFromBuffer(&hPrivateKey, 0, g_aKeyPairs[i].pszPrivateKey, strlen(g_aKeyPairs[i].pszPrivateKey),
-                                     NULL /*pErrInfo*/, NULL /*pszErrorTag*/);
+                                     g_aKeyPairs[i].pszPassword, NULL /*pErrInfo*/, NULL /*pszErrorTag*/);
         if (RT_FAILURE(rc))
             RTTestIFailed("Error %Rrc decoding private key #%u (%u bits)", rc, i, g_aKeyPairs[i].cBits);
@@ -228 +279 @@
         if (hPrivateKey == NIL_RTCRKEY || hPublicKey == NIL_RTCRKEY)
             continue;
+
+        /*
+         * If we've got a password encrypted key, try some incorrect password.
+         */
+        if (g_aKeyPairs[i].pszPassword)
+        {
+            static const char * const s_apszBadPassword[] =
+            {
+                "bad-password", "", "<>", "really really long long long bad bad bad bad bad password password password password",
+                "a", "ab", "abc", "abcd", "abcde", "fdcba"
+            };
+            for (unsigned iPasswd = 0; iPasswd < RT_ELEMENTS(s_apszBadPassword); iPasswd++)
+            {
+                RTCRKEY hKey = NIL_RTCRKEY;
+                rc = RTCrKeyCreateFromBuffer(&hKey, 0, g_aKeyPairs[i].pszPrivateKey, strlen(g_aKeyPairs[i].pszPrivateKey),
+                                             s_apszBadPassword[iPasswd], NULL /*pErrInfo*/, NULL /*pszErrorTag*/);
+                if (rc != VERR_CR_KEY_DECRYPTION_FAILED)
+                    RTTestIFailed("Unexpected bad password response %Rrc decoding private key #%u (%u bits) using '%s' as password",
+                                  rc, i, g_aKeyPairs[i].cBits, s_apszBadPassword[iPasswd]);
+            }
+        }
 
         /*