/src/openssl/providers/implementations/encode_decode/decode_epki2pki.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/core.h> |
11 | | #include <openssl/core_dispatch.h> |
12 | | #include <openssl/core_names.h> |
13 | | #include <openssl/core_object.h> |
14 | | #include <openssl/asn1.h> |
15 | | #include <openssl/err.h> |
16 | | #include <openssl/objects.h> |
17 | | #include <openssl/pkcs12.h> |
18 | | #include <openssl/x509.h> |
19 | | #include <openssl/proverr.h> |
20 | | #include "internal/cryptlib.h" |
21 | | #include "internal/asn1.h" |
22 | | #include "internal/sizes.h" |
23 | | #include "prov/bio.h" |
24 | | #include "prov/decoders.h" |
25 | | #include "prov/implementations.h" |
26 | | #include "prov/endecoder_local.h" |
27 | | #include "providers/implementations/encode_decode/decode_epki2pki.inc" |
28 | | |
29 | | static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx; |
30 | | static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx; |
31 | | static OSSL_FUNC_decoder_decode_fn epki2pki_decode; |
32 | | static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params; |
33 | | static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params; |
34 | | |
35 | | /* |
36 | | * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding. |
37 | | */ |
38 | | struct epki2pki_ctx_st { |
39 | | PROV_CTX *provctx; |
40 | | char propq[OSSL_MAX_PROPQUERY_SIZE]; |
41 | | }; |
42 | | |
43 | | static void *epki2pki_newctx(void *provctx) |
44 | 0 | { |
45 | 0 | struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
46 | |
|
47 | 0 | if (ctx != NULL) |
48 | 0 | ctx->provctx = provctx; |
49 | 0 | return ctx; |
50 | 0 | } |
51 | | |
52 | | static void epki2pki_freectx(void *vctx) |
53 | 0 | { |
54 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
55 | |
|
56 | 0 | OPENSSL_free(ctx); |
57 | 0 | } |
58 | | |
59 | | static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx) |
60 | 0 | { |
61 | 0 | return epki2pki_set_ctx_params_list; |
62 | 0 | } |
63 | | |
64 | | static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
65 | 0 | { |
66 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
67 | 0 | struct epki2pki_set_ctx_params_st p; |
68 | 0 | char *str; |
69 | |
|
70 | 0 | if (ctx == NULL || !epki2pki_set_ctx_params_decoder(params, &p)) |
71 | 0 | return 0; |
72 | | |
73 | 0 | str = ctx->propq; |
74 | 0 | if (p.propq != NULL |
75 | 0 | && !OSSL_PARAM_get_utf8_string(p.propq, &str, sizeof(ctx->propq))) |
76 | 0 | return 0; |
77 | | |
78 | 0 | return 1; |
79 | 0 | } |
80 | | |
81 | | /* |
82 | | * The selection parameter in epki2pki_decode() is not used by this function |
83 | | * because it's not relevant just to decode EncryptedPrivateKeyInfo to |
84 | | * PrivateKeyInfo. |
85 | | */ |
86 | | static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, |
87 | | OSSL_CALLBACK *data_cb, void *data_cbarg, |
88 | | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) |
89 | 0 | { |
90 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
91 | 0 | BUF_MEM *mem = NULL; |
92 | 0 | unsigned char *der = NULL; |
93 | 0 | long der_len = 0; |
94 | 0 | BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); |
95 | 0 | int ok = 0; |
96 | |
|
97 | 0 | if (in == NULL) |
98 | 0 | return 0; |
99 | | |
100 | 0 | ok = (asn1_d2i_read_bio(in, &mem) >= 0); |
101 | 0 | BIO_free(in); |
102 | | |
103 | | /* We return "empty handed". This is not an error. */ |
104 | 0 | if (!ok) |
105 | 0 | return 1; |
106 | | |
107 | 0 | der = (unsigned char *)mem->data; |
108 | 0 | der_len = (long)mem->length; |
109 | 0 | OPENSSL_free(mem); |
110 | |
|
111 | 0 | ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg, |
112 | 0 | pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx), |
113 | 0 | ctx->propq); |
114 | 0 | OPENSSL_free(der); |
115 | 0 | return ok; |
116 | 0 | } |
117 | | |
118 | | int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection, |
119 | | OSSL_CALLBACK *data_cb, void *data_cbarg, |
120 | | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg, |
121 | | OSSL_LIB_CTX *libctx, const char *propq) |
122 | 0 | { |
123 | 0 | const unsigned char *pder = der; |
124 | 0 | unsigned char *new_der = NULL; |
125 | 0 | X509_SIG *p8 = NULL; |
126 | 0 | PKCS8_PRIV_KEY_INFO *p8inf = NULL; |
127 | 0 | const X509_ALGOR *alg = NULL; |
128 | 0 | int ok = 1; /* Assume good */ |
129 | |
|
130 | 0 | ERR_set_mark(); |
131 | 0 | if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) { |
132 | 0 | char pbuf[1024]; |
133 | 0 | size_t plen = 0; |
134 | |
|
135 | 0 | ERR_clear_last_mark(); |
136 | |
|
137 | 0 | if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { |
138 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); |
139 | 0 | ok = 0; |
140 | 0 | } else { |
141 | 0 | const ASN1_OCTET_STRING *oct; |
142 | 0 | int new_der_len = 0; |
143 | |
|
144 | 0 | X509_SIG_get0(p8, &alg, &oct); |
145 | 0 | if (!PKCS12_pbe_crypt_ex(alg, pbuf, (int)plen, |
146 | 0 | oct->data, oct->length, |
147 | 0 | &new_der, &new_der_len, 0, |
148 | 0 | libctx, propq)) { |
149 | 0 | ok = 0; |
150 | 0 | } else { |
151 | 0 | der = new_der; |
152 | 0 | der_len = new_der_len; |
153 | 0 | } |
154 | 0 | alg = NULL; |
155 | 0 | } |
156 | 0 | X509_SIG_free(p8); |
157 | 0 | } else { |
158 | 0 | ERR_pop_to_mark(); |
159 | 0 | } |
160 | |
|
161 | 0 | ERR_set_mark(); |
162 | 0 | pder = der; |
163 | 0 | p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len); |
164 | 0 | ERR_pop_to_mark(); |
165 | |
|
166 | 0 | if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) { |
167 | | /* |
168 | | * We have something and recognised it as PrivateKeyInfo, so let's |
169 | | * pass all the applicable data to the callback. |
170 | | */ |
171 | 0 | char keytype[OSSL_MAX_NAME_SIZE]; |
172 | 0 | OSSL_PARAM params[6], *p = params; |
173 | 0 | int objtype = OSSL_OBJECT_PKEY; |
174 | |
|
175 | 0 | OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0); |
176 | |
|
177 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, |
178 | 0 | keytype, 0); |
179 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE, |
180 | 0 | "DER", 0); |
181 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, |
182 | 0 | "PrivateKeyInfo", 0); |
183 | 0 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, |
184 | 0 | der, der_len); |
185 | 0 | *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); |
186 | 0 | *p = OSSL_PARAM_construct_end(); |
187 | |
|
188 | 0 | ok = data_cb(params, data_cbarg); |
189 | 0 | } |
190 | 0 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
191 | 0 | OPENSSL_free(new_der); |
192 | 0 | return ok; |
193 | 0 | } |
194 | | |
195 | | const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = { |
196 | | { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx }, |
197 | | { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx }, |
198 | | { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode }, |
199 | | { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, |
200 | | (void (*)(void))epki2pki_settable_ctx_params }, |
201 | | { OSSL_FUNC_DECODER_SET_CTX_PARAMS, |
202 | | (void (*)(void))epki2pki_set_ctx_params }, |
203 | | OSSL_DISPATCH_END |
204 | | }; |