decode_pem2der.c 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
  1. /*
  2. * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * RSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <string.h>
  15. #include <openssl/core_dispatch.h>
  16. #include <openssl/core_names.h>
  17. #include <openssl/core_object.h>
  18. #include <openssl/crypto.h>
  19. #include <openssl/err.h>
  20. #include <openssl/params.h>
  21. #include <openssl/pem.h>
  22. #include <openssl/proverr.h>
  23. #include "internal/nelem.h"
  24. #include "prov/bio.h"
  25. #include "prov/implementations.h"
  26. #include "endecoder_local.h"
  27. static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
  28. char **pem_name, char **pem_header,
  29. unsigned char **data, long *len)
  30. {
  31. BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
  32. int ok;
  33. if (in == NULL)
  34. return 0;
  35. ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0);
  36. BIO_free(in);
  37. return ok;
  38. }
  39. static OSSL_FUNC_decoder_newctx_fn pem2der_newctx;
  40. static OSSL_FUNC_decoder_freectx_fn pem2der_freectx;
  41. static OSSL_FUNC_decoder_decode_fn pem2der_decode;
  42. /*
  43. * Context used for PEM to DER decoding.
  44. */
  45. struct pem2der_ctx_st {
  46. PROV_CTX *provctx;
  47. };
  48. static void *pem2der_newctx(void *provctx)
  49. {
  50. struct pem2der_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
  51. if (ctx != NULL)
  52. ctx->provctx = provctx;
  53. return ctx;
  54. }
  55. static void pem2der_freectx(void *vctx)
  56. {
  57. struct pem2der_ctx_st *ctx = vctx;
  58. OPENSSL_free(ctx);
  59. }
  60. /* pem_password_cb compatible function */
  61. struct pem2der_pass_data_st {
  62. OSSL_PASSPHRASE_CALLBACK *cb;
  63. void *cbarg;
  64. };
  65. static int pem2der_pass_helper(char *buf, int num, int w, void *data)
  66. {
  67. struct pem2der_pass_data_st *pass_data = data;
  68. size_t plen;
  69. if (pass_data == NULL
  70. || pass_data->cb == NULL
  71. || !pass_data->cb(buf, num, &plen, NULL, pass_data->cbarg))
  72. return -1;
  73. return (int)plen;
  74. }
  75. /*
  76. * The selection parameter in pem2der_decode() is not used by this function
  77. * because it's not relevant just to decode PEM to DER.
  78. */
  79. static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
  80. OSSL_CALLBACK *data_cb, void *data_cbarg,
  81. OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
  82. {
  83. /*
  84. * PEM names we recognise. Other PEM names should be recognised by
  85. * other decoder implementations.
  86. */
  87. static struct pem_name_map_st {
  88. const char *pem_name;
  89. int object_type;
  90. const char *data_type;
  91. const char *data_structure;
  92. } pem_name_map[] = {
  93. /* PKCS#8 and SubjectPublicKeyInfo */
  94. { PEM_STRING_PKCS8, OSSL_OBJECT_PKEY, NULL, "EncryptedPrivateKeyInfo" },
  95. { PEM_STRING_PKCS8INF, OSSL_OBJECT_PKEY, NULL, "PrivateKeyInfo" },
  96. { PEM_STRING_PUBLIC, OSSL_OBJECT_PKEY, NULL, "SubjectPublicKeyInfo" },
  97. /* Our set of type specific PEM types */
  98. { PEM_STRING_DHPARAMS, OSSL_OBJECT_PKEY, "DH", "type-specific" },
  99. { PEM_STRING_DHXPARAMS, OSSL_OBJECT_PKEY, "X9.42 DH", "type-specific" },
  100. { PEM_STRING_DSA, OSSL_OBJECT_PKEY, "DSA", "type-specific" },
  101. { PEM_STRING_DSA_PUBLIC, OSSL_OBJECT_PKEY, "DSA", "type-specific" },
  102. { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" },
  103. { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" },
  104. { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" },
  105. { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" },
  106. { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" },
  107. { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" },
  108. /*
  109. * A few others that there is at least have an object type for, even
  110. * though there is no provider interface to handle such objects, yet.
  111. * However, this is beneficial for the OSSL_STORE result handler.
  112. */
  113. { PEM_STRING_X509, OSSL_OBJECT_CERT, NULL, "Certificate" },
  114. { PEM_STRING_X509_TRUSTED, OSSL_OBJECT_CERT, NULL, "Certificate" },
  115. { PEM_STRING_X509_OLD, OSSL_OBJECT_CERT, NULL, "Certificate" },
  116. { PEM_STRING_X509_CRL, OSSL_OBJECT_CRL, NULL, "CertificateList" }
  117. };
  118. struct pem2der_ctx_st *ctx = vctx;
  119. char *pem_name = NULL, *pem_header = NULL;
  120. size_t i;
  121. unsigned char *der = NULL;
  122. long der_len = 0;
  123. int ok = 0;
  124. int objtype = OSSL_OBJECT_UNKNOWN;
  125. ok = read_pem(ctx->provctx, cin, &pem_name, &pem_header,
  126. &der, &der_len) > 0;
  127. /* We return "empty handed". This is not an error. */
  128. if (!ok)
  129. return 1;
  130. /*
  131. * 10 is the number of characters in "Proc-Type:", which
  132. * PEM_get_EVP_CIPHER_INFO() requires to be present.
  133. * If the PEM header has less characters than that, it's
  134. * not worth spending cycles on it.
  135. */
  136. if (strlen(pem_header) > 10) {
  137. EVP_CIPHER_INFO cipher;
  138. struct pem2der_pass_data_st pass_data;
  139. ok = 0; /* Assume that we fail */
  140. pass_data.cb = pw_cb;
  141. pass_data.cbarg = pw_cbarg;
  142. if (!PEM_get_EVP_CIPHER_INFO(pem_header, &cipher)
  143. || !PEM_do_header(&cipher, der, &der_len,
  144. pem2der_pass_helper, &pass_data))
  145. goto end;
  146. }
  147. /*
  148. * Indicated that we successfully decoded something, or not at all.
  149. * Ending up "empty handed" is not an error.
  150. */
  151. ok = 1;
  152. /* Have a look to see if we recognise anything */
  153. for (i = 0; i < OSSL_NELEM(pem_name_map); i++)
  154. if (strcmp(pem_name, pem_name_map[i].pem_name) == 0)
  155. break;
  156. if (i < OSSL_NELEM(pem_name_map)) {
  157. OSSL_PARAM params[5], *p = params;
  158. /* We expect these to be read only so casting away the const is ok */
  159. char *data_type = (char *)pem_name_map[i].data_type;
  160. char *data_structure = (char *)pem_name_map[i].data_structure;
  161. objtype = pem_name_map[i].object_type;
  162. if (data_type != NULL)
  163. *p++ =
  164. OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
  165. data_type, 0);
  166. /* We expect this to be read only so casting away the const is ok */
  167. if (data_structure != NULL)
  168. *p++ =
  169. OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
  170. data_structure, 0);
  171. *p++ =
  172. OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
  173. der, der_len);
  174. *p++ =
  175. OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
  176. *p = OSSL_PARAM_construct_end();
  177. ok = data_cb(params, data_cbarg);
  178. }
  179. end:
  180. OPENSSL_free(pem_name);
  181. OPENSSL_free(pem_header);
  182. OPENSSL_free(der);
  183. return ok;
  184. }
  185. const OSSL_DISPATCH ossl_pem_to_der_decoder_functions[] = {
  186. { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))pem2der_newctx },
  187. { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))pem2der_freectx },
  188. { OSSL_FUNC_DECODER_DECODE, (void (*)(void))pem2der_decode },
  189. OSSL_DISPATCH_END
  190. };