2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
18 #include <openssl/core_dispatch.h>
19 #include <openssl/core_names.h>
20 #include <openssl/core_object.h>
21 #include <openssl/crypto.h>
22 #include <openssl/params.h>
23 #include <openssl/pem.h> /* For public PVK functions */
24 #include <openssl/x509.h>
25 #include <openssl/err.h>
26 #include "internal/passphrase.h"
27 #include "crypto/pem.h" /* For internal PVK and "blob" headers */
28 #include "crypto/rsa.h"
30 #include "prov/implementations.h"
31 #include "endecoder_local.h"
33 struct msblob2key_ctx_st
; /* Forward declaration */
34 typedef void *b2i_of_void_fn(const unsigned char **in
, unsigned int bitlen
,
36 typedef void adjust_key_fn(void *, struct msblob2key_ctx_st
*ctx
);
37 typedef void free_key_fn(void *);
38 struct keytype_desc_st
{
39 int type
; /* EVP key type */
40 const char *name
; /* Keytype */
41 const OSSL_DISPATCH
*fns
; /* Keymgmt (to pilfer functions from) */
43 b2i_of_void_fn
*read_private_key
;
44 b2i_of_void_fn
*read_public_key
;
45 adjust_key_fn
*adjust_key
;
46 free_key_fn
*free_key
;
49 static OSSL_FUNC_decoder_freectx_fn msblob2key_freectx
;
50 static OSSL_FUNC_decoder_decode_fn msblob2key_decode
;
51 static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object
;
54 * Context used for DER to key decoding.
56 struct msblob2key_ctx_st
{
58 const struct keytype_desc_st
*desc
;
59 /* The selection that is passed to msblob2key_decode() */
63 static struct msblob2key_ctx_st
*
64 msblob2key_newctx(void *provctx
, const struct keytype_desc_st
*desc
)
66 struct msblob2key_ctx_st
*ctx
= OPENSSL_zalloc(sizeof(*ctx
));
69 ctx
->provctx
= provctx
;
75 static void msblob2key_freectx(void *vctx
)
77 struct msblob2key_ctx_st
*ctx
= vctx
;
82 static int msblob2key_decode(void *vctx
, OSSL_CORE_BIO
*cin
, int selection
,
83 OSSL_CALLBACK
*data_cb
, void *data_cbarg
,
84 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
86 struct msblob2key_ctx_st
*ctx
= vctx
;
87 BIO
*in
= ossl_bio_new_from_core_bio(ctx
->provctx
, cin
);
88 const unsigned char *p
;
89 unsigned char hdr_buf
[16], *buf
= NULL
;
90 unsigned int bitlen
, magic
, length
;
99 if (BIO_read(in
, hdr_buf
, 16) != 16) {
100 ERR_raise(ERR_LIB_PEM
, PEM_R_KEYBLOB_TOO_SHORT
);
105 ok
= ossl_do_blob_header(&p
, 16, &magic
, &bitlen
, &isdss
, &ispub
) > 0;
110 ctx
->selection
= selection
;
111 ok
= 0; /* Assume that we fail */
113 if ((isdss
&& ctx
->desc
->type
!= EVP_PKEY_DSA
)
114 || (!isdss
&& ctx
->desc
->type
!= EVP_PKEY_RSA
))
117 length
= ossl_blob_length(bitlen
, isdss
, ispub
);
118 if (length
> BLOB_MAX_LENGTH
) {
119 ERR_raise(ERR_LIB_PEM
, PEM_R_HEADER_TOO_LONG
);
122 buf
= OPENSSL_malloc(length
);
126 if (BIO_read(in
, buf
, length
) != (int)length
) {
127 ERR_raise(ERR_LIB_PEM
, PEM_R_KEYBLOB_TOO_SHORT
);
132 || (selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0)
134 && ctx
->desc
->read_private_key
!= NULL
) {
135 struct ossl_passphrase_data_st pwdata
;
137 memset(&pwdata
, 0, sizeof(pwdata
));
138 if (!ossl_pw_set_ossl_passphrase_cb(&pwdata
, pw_cb
, pw_cbarg
))
141 key
= ctx
->desc
->read_private_key(&p
, bitlen
, ispub
);
142 if (selection
!= 0 && key
== NULL
)
145 if (key
== NULL
&& (selection
== 0
146 || (selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0)
148 && ctx
->desc
->read_public_key
!= NULL
) {
150 key
= ctx
->desc
->read_public_key(&p
, bitlen
, ispub
);
151 if (selection
!= 0 && key
== NULL
)
155 if (key
!= NULL
&& ctx
->desc
->adjust_key
!= NULL
)
156 ctx
->desc
->adjust_key(key
, ctx
);
160 * Indicated that we successfully decoded something, or not at all.
161 * Ending up "empty handed" is not an error.
166 * We free resources here so it's not held up during the callback, because
167 * we know the process is recursive and the allocated chunks of memory
176 OSSL_PARAM params
[4];
177 int object_type
= OSSL_OBJECT_PKEY
;
180 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE
, &object_type
);
182 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE
,
183 (char *)ctx
->desc
->name
, 0);
184 /* The address of the key becomes the octet string */
186 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE
,
188 params
[3] = OSSL_PARAM_construct_end();
190 ok
= data_cb(params
, data_cbarg
);
196 ctx
->desc
->free_key(key
);
202 msblob2key_export_object(void *vctx
,
203 const void *reference
, size_t reference_sz
,
204 OSSL_CALLBACK
*export_cb
, void *export_cbarg
)
206 struct msblob2key_ctx_st
*ctx
= vctx
;
207 OSSL_FUNC_keymgmt_export_fn
*export
=
208 ossl_prov_get_keymgmt_export(ctx
->desc
->fns
);
211 if (reference_sz
== sizeof(keydata
) && export
!= NULL
) {
212 /* The contents of the reference is the address to our object */
213 keydata
= *(void **)reference
;
215 return export(keydata
, ctx
->selection
, export_cb
, export_cbarg
);
220 /* ---------------------------------------------------------------------- */
222 #define dsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header
223 #define dsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header
224 #define dsa_adjust NULL
225 #define dsa_free (void (*)(void *))DSA_free
227 /* ---------------------------------------------------------------------- */
229 #define rsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header
230 #define rsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header
232 static void rsa_adjust(void *key
, struct msblob2key_ctx_st
*ctx
)
234 ossl_rsa_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
237 #define rsa_free (void (*)(void *))RSA_free
239 /* ---------------------------------------------------------------------- */
241 #define IMPLEMENT_MSBLOB(KEYTYPE, keytype) \
242 static const struct keytype_desc_st mstype##2##keytype##_desc = { \
243 EVP_PKEY_##KEYTYPE, #KEYTYPE, \
244 ossl_##keytype##_keymgmt_functions, \
245 keytype##_decode_private_key, \
246 keytype##_decode_public_key, \
250 static OSSL_FUNC_decoder_newctx_fn msblob2##keytype##_newctx; \
251 static void *msblob2##keytype##_newctx(void *provctx) \
253 return msblob2key_newctx(provctx, &mstype##2##keytype##_desc); \
255 const OSSL_DISPATCH \
256 ossl_msblob_to_##keytype##_decoder_functions[] = { \
257 { OSSL_FUNC_DECODER_NEWCTX, \
258 (void (*)(void))msblob2##keytype##_newctx }, \
259 { OSSL_FUNC_DECODER_FREECTX, \
260 (void (*)(void))msblob2key_freectx }, \
261 { OSSL_FUNC_DECODER_DECODE, \
262 (void (*)(void))msblob2key_decode }, \
263 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
264 (void (*)(void))msblob2key_export_object }, \
268 #ifndef OPENSSL_NO_DSA
269 IMPLEMENT_MSBLOB(DSA
, dsa
);
271 IMPLEMENT_MSBLOB(RSA
, rsa
);