]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/serializers/serializer_common.c
projects / thirdparty / openssl.git / blob
? search:


7c6b5afe18a2657b92399a8b8503007476befb2f
[thirdparty/openssl.git] / providers / implementations / serializers / serializer_common.c
1 /*
2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/opensslconf.h> /* SIXTY_FOUR_BIT_LONG, ... */
11 #include <openssl/err.h>
12 #include <openssl/pem.h> /* PEM_BUFSIZE */
13 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */
14 #include <openssl/types.h>
15 #include <openssl/x509.h> /* i2d_X509_PUBKEY_bio() */
16 #include "crypto/bn.h" /* bn_get_words() */
17 #include "crypto/ecx.h"
18 #include "prov/bio.h" /* ossl_prov_bio_printf() */
19 #include "prov/implementations.h"
20 #include "prov/providercommonerr.h" /* PROV_R_READ_KEY */
21 #include "serializer_local.h"
22
23 static PKCS8_PRIV_KEY_INFO *
24 ossl_prov_p8info_from_obj(const void *obj, int obj_nid,
25 void *params,
26 int params_type,
27 int (*k2d)(const void *obj,
28 unsigned char **pder))
29 {
30 /* der, derlen store the key DER output and its length */
31 unsigned char *der = NULL;
32 int derlen;
33 /* The final PKCS#8 info */
34 PKCS8_PRIV_KEY_INFO *p8info = NULL;
35
36
37 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
38 || (derlen = k2d(obj, &der)) <= 0
39 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(obj_nid), 0,
40 params_type, params, der, derlen)) {
41 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
42 PKCS8_PRIV_KEY_INFO_free(p8info);
43 OPENSSL_free(der);
44 p8info = NULL;
45 }
46
47 return p8info;
48 }
49
50 static X509_SIG *ossl_prov_encp8_from_p8info(PKCS8_PRIV_KEY_INFO *p8info,
51 struct pkcs8_encrypt_ctx_st *ctx)
52 {
53 X509_SIG *p8 = NULL;
54 char buf[PEM_BUFSIZE];
55 const void *kstr = ctx->cipher_pass;
56 size_t klen = ctx->cipher_pass_length;
57
58 if (ctx->cipher == NULL)
59 return NULL;
60
61 if (kstr == NULL) {
62 if (!ctx->cb(buf, sizeof(buf), &klen, NULL, ctx->cbarg)) {
63 ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
64 return NULL;
65 }
66 kstr = buf;
67 }
68 /* NID == -1 means "standard" */
69 p8 = PKCS8_encrypt(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info);
70 if (kstr == buf)
71 OPENSSL_cleanse(buf, klen);
72 return p8;
73 }
74
75 static X509_SIG *ossl_prov_encp8_from_obj(const void *obj, int obj_nid,
76 void *params,
77 int params_type,
78 int (*k2d)(const void *obj,
79 unsigned char **pder),
80 struct pkcs8_encrypt_ctx_st *ctx)
81 {
82 PKCS8_PRIV_KEY_INFO *p8info =
83 ossl_prov_p8info_from_obj(obj, obj_nid, params, params_type, k2d);
84 X509_SIG *p8 = ossl_prov_encp8_from_p8info(p8info, ctx);
85
86 PKCS8_PRIV_KEY_INFO_free(p8info);
87 return p8;
88 }
89
90 static X509_PUBKEY *ossl_prov_pubkey_from_obj(const void *obj, int obj_nid,
91 void *params,
92 int params_type,
93 int (*k2d)(const void *obj,
94 unsigned char **pder))
95 {
96 /* der, derlen store the key DER output and its length */
97 unsigned char *der = NULL;
98 int derlen;
99 /* The final X509_PUBKEY */
100 X509_PUBKEY *xpk = NULL;
101
102
103 if ((xpk = X509_PUBKEY_new()) == NULL
104 || (derlen = k2d(obj, &der)) <= 0
105 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(obj_nid),
106 params_type, params, der, derlen)) {
107 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
108 X509_PUBKEY_free(xpk);
109 OPENSSL_free(der);
110 xpk = NULL;
111 }
112
113 return xpk;
114 }
115
116 OSSL_OP_keymgmt_new_fn *ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns)
117 {
118 /* Pilfer the keymgmt dispatch table */
119 for (; fns->function_id != 0; fns++)
120 if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW)
121 return OSSL_get_OP_keymgmt_new(fns);
122
123 return NULL;
124 }
125
126 OSSL_OP_keymgmt_free_fn *ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns)
127 {
128 /* Pilfer the keymgmt dispatch table */
129 for (; fns->function_id != 0; fns++)
130 if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE)
131 return OSSL_get_OP_keymgmt_free(fns);
132
133 return NULL;
134 }
135
136 OSSL_OP_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns)
137 {
138 /* Pilfer the keymgmt dispatch table */
139 for (; fns->function_id != 0; fns++)
140 if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT)
141 return OSSL_get_OP_keymgmt_import(fns);
142
143 return NULL;
144 }
145
146 # ifdef SIXTY_FOUR_BIT_LONG
147 # define BN_FMTu "%lu"
148 # define BN_FMTx "%lx"
149 # endif
150
151 # ifdef SIXTY_FOUR_BIT
152 # define BN_FMTu "%llu"
153 # define BN_FMTx "%llx"
154 # endif
155
156 # ifdef THIRTY_TWO_BIT
157 # define BN_FMTu "%u"
158 # define BN_FMTx "%x"
159 # endif
160
161 int ossl_prov_print_labeled_bignum(BIO *out, const char *label,
162 const BIGNUM *bn)
163 {
164 const char *neg;
165 const char *post_label_spc = " ";
166 int bytes;
167 BN_ULONG *words;
168 int n, i;
169
170 if (bn == NULL)
171 return 0;
172 if (label == NULL) {
173 label = "";
174 post_label_spc = "";
175 }
176
177 bytes = BN_num_bytes(bn);
178 words = bn_get_words(bn);
179 neg = BN_is_negative(bn) ? "-" : "";
180
181 if (BN_is_zero(bn))
182 return ossl_prov_bio_printf(out, "%s%s0\n", label, post_label_spc);
183
184 if (BN_num_bytes(bn) <= BN_BYTES)
185 return ossl_prov_bio_printf(out,
186 "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n",
187 label, post_label_spc, neg, words[0],
188 neg, words[0]);
189
190 if (neg[0] == '-')
191 neg = " (Negative)";
192
193 if (ossl_prov_bio_printf(out, "%s%s\n", label, neg) <= 0)
194 return 0;
195
196 /* Keep track of how many bytes we have printed out so far */
197 n = 0;
198
199 /*
200 * OpenSSL BIGNUMs are little endian limbs, so we print them last to
201 * first limb.
202 * i is used as limb index, j is used as the "byte index" in the limb
203 */
204 for (i = bytes / BN_BYTES - 1; i >= 0; i--) {
205 BN_ULONG l = words[i];
206 int j;
207
208 for (j = BN_BYTES - 1; j >= 0; j--) {
209 int o = 8 * j;
210 int b = ((l & (0xffLU << o)) >> o) & 0xff;
211
212 /* Indent every new line with 4 spaces */
213 if ((n % 15) == 0) {
214 if (n > 0)
215 if (ossl_prov_bio_printf(out, "\n") <= 0)
216 return 0;
217 if (ossl_prov_bio_printf(out, " ") <= 0)
218 return 0;
219 }
220
221 /*
222 * Upper bit set, then we print an extra zero and pretend the
223 * BIGNUM was one byte longer
224 */
225 if (n == 0 && b > 127) {
226 if (ossl_prov_bio_printf(out, "%02x:", 0) <= 0)
227 return 0;
228 n++;
229 bytes++;
230 }
231
232 if (++n < bytes) {
233 if (ossl_prov_bio_printf(out, "%02x:", b) <= 0)
234 return 0;
235 } else {
236 if (ossl_prov_bio_printf(out, "%02x", b) <= 0)
237 return 0;
238 }
239 }
240 }
241 if (ossl_prov_bio_printf(out, "\n") <= 0)
242 return 0;
243
244 return 1;
245 }
246
247 /* Number of octets per line */
248 #define LABELED_BUF_PRINT_WIDTH 15
249
250 int ossl_prov_print_labeled_buf(BIO *out, const char *label,
251 const unsigned char *buf, size_t buflen)
252 {
253 size_t i;
254
255 if (ossl_prov_bio_printf(out, "%s\n", label) <= 0)
256 return 0;
257
258 for (i = 0; i < buflen; i++) {
259 if ((i % LABELED_BUF_PRINT_WIDTH) == 0) {
260 if (i > 0 && ossl_prov_bio_printf(out, "\n") <= 0)
261 return 0;
262 if (ossl_prov_bio_printf(out, " ") <= 0)
263 return 0;
264 }
265
266 if (ossl_prov_bio_printf(out, "%02x%s", buf[i],
267 (i == buflen - 1) ? "" : ":") <= 0)
268 return 0;
269 }
270 if (ossl_prov_bio_printf(out, "\n") <= 0)
271 return 0;
272
273 return 1;
274 }
275
276 /* p2s = param to asn1, k2d = key to der */
277 int ossl_prov_write_priv_der_from_obj(BIO *out, const void *obj, int obj_nid,
278 int (*p2s)(const void *obj, int nid,
279 void **str,
280 int *strtype),
281 int (*k2d)(const void *obj,
282 unsigned char **pder),
283 struct pkcs8_encrypt_ctx_st *ctx)
284 {
285 int ret = 0;
286 void *str = NULL;
287 int strtype = V_ASN1_UNDEF;
288
289 if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype))
290 return 0;
291
292 if (ctx->cipher_intent) {
293 X509_SIG *p8 =
294 ossl_prov_encp8_from_obj(obj, obj_nid, str, strtype, k2d, ctx);
295
296 if (p8 != NULL)
297 ret = i2d_PKCS8_bio(out, p8);
298
299 X509_SIG_free(p8);
300 } else {
301 PKCS8_PRIV_KEY_INFO *p8info =
302 ossl_prov_p8info_from_obj(obj, obj_nid, str, strtype, k2d);
303
304 if (p8info != NULL)
305 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
306
307 PKCS8_PRIV_KEY_INFO_free(p8info);
308 }
309
310 return ret;
311 }
312
313 int ossl_prov_write_priv_pem_from_obj(BIO *out, const void *obj, int obj_nid,
314 int (*p2s)(const void *obj, int nid,
315 void **str,
316 int *strtype),
317 int (*k2d)(const void *obj,
318 unsigned char **pder),
319 struct pkcs8_encrypt_ctx_st *ctx)
320 {
321 int ret = 0;
322 void *str = NULL;
323 int strtype = V_ASN1_UNDEF;
324
325 if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype))
326 return 0;
327
328 if (ctx->cipher_intent) {
329 X509_SIG *p8 = ossl_prov_encp8_from_obj(obj, obj_nid, str, strtype,
330 k2d, ctx);
331
332 if (p8 != NULL)
333 ret = PEM_write_bio_PKCS8(out, p8);
334
335 X509_SIG_free(p8);
336 } else {
337 PKCS8_PRIV_KEY_INFO *p8info =
338 ossl_prov_p8info_from_obj(obj, obj_nid, str, strtype, k2d);
339
340 if (p8info != NULL)
341 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
342
343 PKCS8_PRIV_KEY_INFO_free(p8info);
344 }
345
346 return ret;
347 }
348
349 int ossl_prov_write_pub_der_from_obj(BIO *out, const void *obj, int obj_nid,
350 int (*p2s)(const void *obj, int nid,
351 void **str,
352 int *strtype),
353 int (*k2d)(const void *obj,
354 unsigned char **pder))
355 {
356 int ret = 0;
357 void *str = NULL;
358 int strtype = V_ASN1_UNDEF;
359 X509_PUBKEY *xpk = NULL;
360
361 if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype))
362 return 0;
363
364 xpk = ossl_prov_pubkey_from_obj(obj, obj_nid, str, strtype, k2d);
365
366 if (xpk != NULL)
367 ret = i2d_X509_PUBKEY_bio(out, xpk);
368
369 /* Also frees |str| */
370 X509_PUBKEY_free(xpk);
371 return ret;
372 }
373
374 int ossl_prov_write_pub_pem_from_obj(BIO *out, const void *obj, int obj_nid,
375 int (*p2s)(const void *obj, int nid,
376 void **str,
377 int *strtype),
378 int (*k2d)(const void *obj,
379 unsigned char **pder))
380 {
381 int ret = 0;
382 void *str = NULL;
383 int strtype = V_ASN1_UNDEF;
384 X509_PUBKEY *xpk = NULL;
385
386 if (p2s != NULL && !p2s(obj, obj_nid, &str, &strtype))
387 return 0;
388
389 xpk = ossl_prov_pubkey_from_obj(obj, obj_nid, str, strtype, k2d);
390
391 if (xpk != NULL)
392 ret = PEM_write_bio_X509_PUBKEY(out, xpk);
393
394 /* Also frees |str| */
395 X509_PUBKEY_free(xpk);
396 return ret;
397 }
A mirror of the official openssl repository