decode_epki2pki.c 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
  1. /*
  2. * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/core.h>
  10. #include <openssl/core_dispatch.h>
  11. #include <openssl/core_names.h>
  12. #include <openssl/core_object.h>
  13. #include <openssl/asn1.h>
  14. #include <openssl/err.h>
  15. #include <openssl/objects.h>
  16. #include <openssl/pkcs12.h>
  17. #include <openssl/x509.h>
  18. #include <openssl/proverr.h>
  19. #include "internal/asn1.h"
  20. #include "internal/sizes.h"
  21. #include "prov/bio.h"
  22. #include "prov/implementations.h"
  23. #include "endecoder_local.h"
  24. static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
  25. static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
  26. static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
  27. /*
  28. * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
  29. */
  30. struct epki2pki_ctx_st {
  31. PROV_CTX *provctx;
  32. };
  33. static void *epki2pki_newctx(void *provctx)
  34. {
  35. struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
  36. if (ctx != NULL)
  37. ctx->provctx = provctx;
  38. return ctx;
  39. }
  40. static void epki2pki_freectx(void *vctx)
  41. {
  42. struct epki2pki_ctx_st *ctx = vctx;
  43. OPENSSL_free(ctx);
  44. }
  45. /*
  46. * The selection parameter in epki2pki_decode() is not used by this function
  47. * because it's not relevant just to decode EncryptedPrivateKeyInfo to
  48. * PrivateKeyInfo.
  49. */
  50. static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
  51. OSSL_CALLBACK *data_cb, void *data_cbarg,
  52. OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
  53. {
  54. struct epki2pki_ctx_st *ctx = vctx;
  55. BUF_MEM *mem = NULL;
  56. unsigned char *der = NULL;
  57. const unsigned char *pder = NULL;
  58. long der_len = 0;
  59. X509_SIG *p8 = NULL;
  60. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  61. const X509_ALGOR *alg = NULL;
  62. BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
  63. int ok = 0;
  64. if (in == NULL)
  65. return 0;
  66. ok = (asn1_d2i_read_bio(in, &mem) >= 0);
  67. BIO_free(in);
  68. /* We return "empty handed". This is not an error. */
  69. if (!ok)
  70. return 1;
  71. pder = der = (unsigned char *)mem->data;
  72. der_len = (long)mem->length;
  73. OPENSSL_free(mem);
  74. ok = 1; /* Assume good */
  75. ERR_set_mark();
  76. if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
  77. char pbuf[1024];
  78. size_t plen = 0;
  79. ERR_clear_last_mark();
  80. if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
  81. ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
  82. ok = 0;
  83. } else {
  84. const ASN1_OCTET_STRING *oct;
  85. unsigned char *new_der = NULL;
  86. int new_der_len = 0;
  87. X509_SIG_get0(p8, &alg, &oct);
  88. if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
  89. oct->data, oct->length,
  90. &new_der, &new_der_len, 0,
  91. PROV_LIBCTX_OF(ctx->provctx), NULL)) {
  92. ok = 0;
  93. } else {
  94. OPENSSL_free(der);
  95. der = new_der;
  96. der_len = new_der_len;
  97. }
  98. alg = NULL;
  99. }
  100. X509_SIG_free(p8);
  101. } else {
  102. ERR_pop_to_mark();
  103. }
  104. ERR_set_mark();
  105. pder = der;
  106. p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
  107. ERR_pop_to_mark();
  108. if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
  109. /*
  110. * We have something and recognised it as PrivateKeyInfo, so let's
  111. * pass all the applicable data to the callback.
  112. */
  113. char keytype[OSSL_MAX_NAME_SIZE];
  114. OSSL_PARAM params[5], *p = params;
  115. int objtype = OSSL_OBJECT_PKEY;
  116. OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
  117. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
  118. keytype, 0);
  119. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
  120. "PrivateKeyInfo", 0);
  121. *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
  122. der, der_len);
  123. *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
  124. *p = OSSL_PARAM_construct_end();
  125. ok = data_cb(params, data_cbarg);
  126. }
  127. PKCS8_PRIV_KEY_INFO_free(p8inf);
  128. OPENSSL_free(der);
  129. return ok;
  130. }
  131. const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
  132. { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
  133. { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
  134. { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
  135. { 0, NULL }
  136. };