/src/openssl/providers/implementations/encode_decode/decode_epki2pki.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/core.h> |
11 | | #include <openssl/core_dispatch.h> |
12 | | #include <openssl/core_names.h> |
13 | | #include <openssl/core_object.h> |
14 | | #include <openssl/asn1.h> |
15 | | #include <openssl/err.h> |
16 | | #include <openssl/objects.h> |
17 | | #include <openssl/pkcs12.h> |
18 | | #include <openssl/x509.h> |
19 | | #include <openssl/proverr.h> |
20 | | #include "internal/asn1.h" |
21 | | #include "internal/sizes.h" |
22 | | #include "prov/bio.h" |
23 | | #include "prov/decoders.h" |
24 | | #include "prov/implementations.h" |
25 | | #include "endecoder_local.h" |
26 | | |
27 | | static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx; |
28 | | static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx; |
29 | | static OSSL_FUNC_decoder_decode_fn epki2pki_decode; |
30 | | static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params; |
31 | | static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params; |
32 | | |
33 | | /* |
34 | | * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding. |
35 | | */ |
36 | | struct epki2pki_ctx_st { |
37 | | PROV_CTX *provctx; |
38 | | char propq[OSSL_MAX_PROPQUERY_SIZE]; |
39 | | }; |
40 | | |
41 | | static void *epki2pki_newctx(void *provctx) |
42 | 0 | { |
43 | 0 | struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
44 | |
|
45 | 0 | if (ctx != NULL) |
46 | 0 | ctx->provctx = provctx; |
47 | 0 | return ctx; |
48 | 0 | } |
49 | | |
50 | | static void epki2pki_freectx(void *vctx) |
51 | 0 | { |
52 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
53 | |
|
54 | 0 | OPENSSL_free(ctx); |
55 | 0 | } |
56 | | |
57 | | static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx) |
58 | 0 | { |
59 | 0 | static const OSSL_PARAM settables[] = { |
60 | 0 | OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0), |
61 | 0 | OSSL_PARAM_END |
62 | 0 | }; |
63 | 0 | return settables; |
64 | 0 | } |
65 | | |
66 | | static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
67 | 0 | { |
68 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
69 | 0 | const OSSL_PARAM *p; |
70 | 0 | char *str = ctx->propq; |
71 | |
|
72 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES); |
73 | 0 | if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq))) |
74 | 0 | return 0; |
75 | | |
76 | 0 | return 1; |
77 | 0 | } |
78 | | |
79 | | /* |
80 | | * The selection parameter in epki2pki_decode() is not used by this function |
81 | | * because it's not relevant just to decode EncryptedPrivateKeyInfo to |
82 | | * PrivateKeyInfo. |
83 | | */ |
84 | | static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, |
85 | | OSSL_CALLBACK *data_cb, void *data_cbarg, |
86 | | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) |
87 | 0 | { |
88 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
89 | 0 | BUF_MEM *mem = NULL; |
90 | 0 | unsigned char *der = NULL; |
91 | 0 | long der_len = 0; |
92 | 0 | BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); |
93 | 0 | int ok = 0; |
94 | |
|
95 | 0 | if (in == NULL) |
96 | 0 | return 0; |
97 | | |
98 | 0 | ok = (asn1_d2i_read_bio(in, &mem) >= 0); |
99 | 0 | BIO_free(in); |
100 | | |
101 | | /* We return "empty handed". This is not an error. */ |
102 | 0 | if (!ok) |
103 | 0 | return 1; |
104 | | |
105 | 0 | der = (unsigned char *)mem->data; |
106 | 0 | der_len = (long)mem->length; |
107 | 0 | OPENSSL_free(mem); |
108 | |
|
109 | 0 | ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg, |
110 | 0 | pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx), |
111 | 0 | ctx->propq); |
112 | 0 | OPENSSL_free(der); |
113 | 0 | return ok; |
114 | 0 | } |
115 | | |
116 | | int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection, |
117 | | OSSL_CALLBACK *data_cb, void *data_cbarg, |
118 | | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg, |
119 | | OSSL_LIB_CTX *libctx, const char *propq) |
120 | 0 | { |
121 | 0 | const unsigned char *pder = der; |
122 | 0 | unsigned char *new_der = NULL; |
123 | 0 | X509_SIG *p8 = NULL; |
124 | 0 | PKCS8_PRIV_KEY_INFO *p8inf = NULL; |
125 | 0 | const X509_ALGOR *alg = NULL; |
126 | 0 | int ok = 1; /* Assume good */ |
127 | |
|
128 | 0 | ERR_set_mark(); |
129 | 0 | if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) { |
130 | 0 | char pbuf[1024]; |
131 | 0 | size_t plen = 0; |
132 | |
|
133 | 0 | ERR_clear_last_mark(); |
134 | |
|
135 | 0 | if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { |
136 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); |
137 | 0 | ok = 0; |
138 | 0 | } else { |
139 | 0 | const ASN1_OCTET_STRING *oct; |
140 | 0 | int new_der_len = 0; |
141 | |
|
142 | 0 | X509_SIG_get0(p8, &alg, &oct); |
143 | 0 | if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen, |
144 | 0 | oct->data, oct->length, |
145 | 0 | &new_der, &new_der_len, 0, |
146 | 0 | libctx, propq)) { |
147 | 0 | ok = 0; |
148 | 0 | } else { |
149 | 0 | der = new_der; |
150 | 0 | der_len = new_der_len; |
151 | 0 | } |
152 | 0 | alg = NULL; |
153 | 0 | } |
154 | 0 | X509_SIG_free(p8); |
155 | 0 | } else { |
156 | 0 | ERR_pop_to_mark(); |
157 | 0 | } |
158 | |
|
159 | 0 | ERR_set_mark(); |
160 | 0 | pder = der; |
161 | 0 | p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len); |
162 | 0 | ERR_pop_to_mark(); |
163 | |
|
164 | 0 | if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) { |
165 | | /* |
166 | | * We have something and recognised it as PrivateKeyInfo, so let's |
167 | | * pass all the applicable data to the callback. |
168 | | */ |
169 | 0 | char keytype[OSSL_MAX_NAME_SIZE]; |
170 | 0 | OSSL_PARAM params[6], *p = params; |
171 | 0 | int objtype = OSSL_OBJECT_PKEY; |
172 | |
|
173 | 0 | OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0); |
174 | |
|
175 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, |
176 | 0 | keytype, 0); |
177 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE, |
178 | 0 | "DER", 0); |
179 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, |
180 | 0 | "PrivateKeyInfo", 0); |
181 | 0 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, |
182 | 0 | der, der_len); |
183 | 0 | *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); |
184 | 0 | *p = OSSL_PARAM_construct_end(); |
185 | |
|
186 | 0 | ok = data_cb(params, data_cbarg); |
187 | 0 | } |
188 | 0 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
189 | 0 | OPENSSL_free(new_der); |
190 | 0 | return ok; |
191 | 0 | } |
192 | | |
193 | | const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = { |
194 | | { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx }, |
195 | | { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx }, |
196 | | { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode }, |
197 | | { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, |
198 | | (void (*)(void))epki2pki_settable_ctx_params }, |
199 | | { OSSL_FUNC_DECODER_SET_CTX_PARAMS, |
200 | | (void (*)(void))epki2pki_set_ctx_params }, |
201 | | OSSL_DISPATCH_END |
202 | | }; |