/src/openssl/providers/implementations/encode_decode/decode_epki2pki.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/core.h> |
11 | | #include <openssl/core_dispatch.h> |
12 | | #include <openssl/core_names.h> |
13 | | #include <openssl/core_object.h> |
14 | | #include <openssl/asn1.h> |
15 | | #include <openssl/err.h> |
16 | | #include <openssl/objects.h> |
17 | | #include <openssl/pkcs12.h> |
18 | | #include <openssl/x509.h> |
19 | | #include <openssl/proverr.h> |
20 | | #include "internal/cryptlib.h" |
21 | | #include "internal/asn1.h" |
22 | | #include "internal/sizes.h" |
23 | | #include "prov/bio.h" |
24 | | #include "prov/decoders.h" |
25 | | #include "prov/implementations.h" |
26 | | #include "prov/endecoder_local.h" |
27 | | #include "providers/implementations/encode_decode/decode_epki2pki.inc" |
28 | | |
29 | | #include <crypto/asn1.h> |
30 | | |
31 | | static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx; |
32 | | static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx; |
33 | | static OSSL_FUNC_decoder_decode_fn epki2pki_decode; |
34 | | static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params; |
35 | | static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params; |
36 | | |
37 | | /* |
38 | | * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding. |
39 | | */ |
40 | | struct epki2pki_ctx_st { |
41 | | PROV_CTX *provctx; |
42 | | char propq[OSSL_MAX_PROPQUERY_SIZE]; |
43 | | }; |
44 | | |
45 | | static void *epki2pki_newctx(void *provctx) |
46 | 0 | { |
47 | 0 | struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
48 | |
|
49 | 0 | if (ctx != NULL) |
50 | 0 | ctx->provctx = provctx; |
51 | 0 | return ctx; |
52 | 0 | } |
53 | | |
54 | | static void epki2pki_freectx(void *vctx) |
55 | 0 | { |
56 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
57 | |
|
58 | 0 | OPENSSL_free(ctx); |
59 | 0 | } |
60 | | |
61 | | static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx) |
62 | 0 | { |
63 | 0 | return epki2pki_set_ctx_params_list; |
64 | 0 | } |
65 | | |
66 | | static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
67 | 0 | { |
68 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
69 | 0 | struct epki2pki_set_ctx_params_st p; |
70 | 0 | char *str; |
71 | |
|
72 | 0 | if (ctx == NULL || !epki2pki_set_ctx_params_decoder(params, &p)) |
73 | 0 | return 0; |
74 | | |
75 | 0 | str = ctx->propq; |
76 | 0 | if (p.propq != NULL |
77 | 0 | && !OSSL_PARAM_get_utf8_string(p.propq, &str, sizeof(ctx->propq))) |
78 | 0 | return 0; |
79 | | |
80 | 0 | return 1; |
81 | 0 | } |
82 | | |
83 | | /* |
84 | | * The selection parameter in epki2pki_decode() is not used by this function |
85 | | * because it's not relevant just to decode EncryptedPrivateKeyInfo to |
86 | | * PrivateKeyInfo. |
87 | | */ |
88 | | static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, |
89 | | OSSL_CALLBACK *data_cb, void *data_cbarg, |
90 | | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) |
91 | 0 | { |
92 | 0 | struct epki2pki_ctx_st *ctx = vctx; |
93 | 0 | BUF_MEM *mem = NULL; |
94 | 0 | unsigned char *der = NULL; |
95 | 0 | long der_len = 0; |
96 | 0 | BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); |
97 | 0 | int ok = 0; |
98 | |
|
99 | 0 | if (in == NULL) |
100 | 0 | return 0; |
101 | | |
102 | 0 | ok = (asn1_d2i_read_bio(in, &mem) >= 0); |
103 | 0 | BIO_free(in); |
104 | | |
105 | | /* We return "empty handed". This is not an error. */ |
106 | 0 | if (!ok) |
107 | 0 | return 1; |
108 | | |
109 | 0 | der = (unsigned char *)mem->data; |
110 | 0 | der_len = (long)mem->length; |
111 | 0 | OPENSSL_free(mem); |
112 | |
|
113 | 0 | ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg, |
114 | 0 | pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx), |
115 | 0 | ctx->propq); |
116 | 0 | OPENSSL_free(der); |
117 | 0 | return ok; |
118 | 0 | } |
119 | | |
120 | | int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection, |
121 | | OSSL_CALLBACK *data_cb, void *data_cbarg, |
122 | | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg, |
123 | | OSSL_LIB_CTX *libctx, const char *propq) |
124 | 0 | { |
125 | 0 | const unsigned char *pder = der; |
126 | 0 | unsigned char *new_der = NULL; |
127 | 0 | X509_SIG *p8 = NULL; |
128 | 0 | PKCS8_PRIV_KEY_INFO *p8inf = NULL; |
129 | 0 | const X509_ALGOR *alg = NULL; |
130 | 0 | int ok = 1; /* Assume good */ |
131 | |
|
132 | 0 | ERR_set_mark(); |
133 | 0 | if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) { |
134 | 0 | char pbuf[1024]; |
135 | 0 | size_t plen = 0; |
136 | |
|
137 | 0 | ERR_clear_last_mark(); |
138 | |
|
139 | 0 | if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { |
140 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); |
141 | 0 | ok = 0; |
142 | 0 | } else { |
143 | 0 | const ASN1_OCTET_STRING *oct; |
144 | 0 | int new_der_len = 0; |
145 | |
|
146 | 0 | X509_SIG_get0(p8, &alg, &oct); |
147 | 0 | if (!PKCS12_pbe_crypt_ex(alg, pbuf, (int)plen, |
148 | 0 | oct->data, oct->length, |
149 | 0 | &new_der, &new_der_len, 0, |
150 | 0 | libctx, propq)) { |
151 | 0 | ok = 0; |
152 | 0 | } else { |
153 | 0 | der = new_der; |
154 | 0 | der_len = new_der_len; |
155 | 0 | } |
156 | 0 | alg = NULL; |
157 | 0 | } |
158 | 0 | X509_SIG_free(p8); |
159 | 0 | } else { |
160 | 0 | ERR_pop_to_mark(); |
161 | 0 | } |
162 | |
|
163 | 0 | ERR_set_mark(); |
164 | 0 | pder = der; |
165 | 0 | p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len); |
166 | 0 | ERR_pop_to_mark(); |
167 | |
|
168 | 0 | if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) { |
169 | | /* |
170 | | * We have something and recognised it as PrivateKeyInfo, so let's |
171 | | * pass all the applicable data to the callback. |
172 | | */ |
173 | 0 | char keytype[OSSL_MAX_NAME_SIZE]; |
174 | 0 | OSSL_PARAM params[6], *p = params; |
175 | 0 | int objtype = OSSL_OBJECT_PKEY; |
176 | |
|
177 | 0 | OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0); |
178 | |
|
179 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, |
180 | 0 | keytype, 0); |
181 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE, |
182 | 0 | "DER", 0); |
183 | 0 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, |
184 | 0 | "PrivateKeyInfo", 0); |
185 | 0 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, |
186 | 0 | der, der_len); |
187 | 0 | *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); |
188 | 0 | *p = OSSL_PARAM_construct_end(); |
189 | |
|
190 | 0 | ok = data_cb(params, data_cbarg); |
191 | 0 | } |
192 | 0 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
193 | 0 | OPENSSL_free(new_der); |
194 | 0 | return ok; |
195 | 0 | } |
196 | | |
197 | | const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = { |
198 | | { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx }, |
199 | | { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx }, |
200 | | { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode }, |
201 | | { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, |
202 | | (void (*)(void))epki2pki_settable_ctx_params }, |
203 | | { OSSL_FUNC_DECODER_SET_CTX_PARAMS, |
204 | | (void (*)(void))epki2pki_set_ctx_params }, |
205 | | OSSL_DISPATCH_END |
206 | | }; |