]>
Commit | Line | Data |
---|---|---|
f4e46b81 | 1 | /* |
fecb3aae | 2 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. |
f4e46b81 RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
16 | #include <string.h> | |
17 | ||
18 | #include <openssl/core_dispatch.h> | |
19 | #include <openssl/core_names.h> | |
20 | #include <openssl/core_object.h> | |
21 | #include <openssl/crypto.h> | |
22 | #include <openssl/params.h> | |
23 | #include <openssl/pem.h> /* For public PVK functions */ | |
24 | #include <openssl/x509.h> | |
25 | #include <openssl/err.h> | |
26 | #include "internal/passphrase.h" | |
27 | #include "crypto/pem.h" /* For internal PVK and "blob" headers */ | |
28 | #include "crypto/rsa.h" | |
29 | #include "prov/bio.h" | |
30 | #include "prov/implementations.h" | |
31 | #include "endecoder_local.h" | |
32 | ||
33 | struct msblob2key_ctx_st; /* Forward declaration */ | |
34 | typedef void *b2i_of_void_fn(const unsigned char **in, unsigned int bitlen, | |
35 | int ispub); | |
36 | typedef void adjust_key_fn(void *, struct msblob2key_ctx_st *ctx); | |
37 | typedef void free_key_fn(void *); | |
38 | struct keytype_desc_st { | |
39 | int type; /* EVP key type */ | |
40 | const char *name; /* Keytype */ | |
41 | const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ | |
42 | ||
43 | b2i_of_void_fn *read_private_key; | |
44 | b2i_of_void_fn *read_public_key; | |
45 | adjust_key_fn *adjust_key; | |
46 | free_key_fn *free_key; | |
47 | }; | |
48 | ||
49 | static OSSL_FUNC_decoder_freectx_fn msblob2key_freectx; | |
f4e46b81 RL |
50 | static OSSL_FUNC_decoder_decode_fn msblob2key_decode; |
51 | static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object; | |
52 | ||
53 | /* | |
54 | * Context used for DER to key decoding. | |
55 | */ | |
56 | struct msblob2key_ctx_st { | |
57 | PROV_CTX *provctx; | |
58 | const struct keytype_desc_st *desc; | |
398f8fe1 RL |
59 | /* The selection that is passed to msblob2key_decode() */ |
60 | int selection; | |
f4e46b81 RL |
61 | }; |
62 | ||
63 | static struct msblob2key_ctx_st * | |
64 | msblob2key_newctx(void *provctx, const struct keytype_desc_st *desc) | |
65 | { | |
66 | struct msblob2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
67 | ||
68 | if (ctx != NULL) { | |
69 | ctx->provctx = provctx; | |
70 | ctx->desc = desc; | |
71 | } | |
72 | return ctx; | |
73 | } | |
74 | ||
75 | static void msblob2key_freectx(void *vctx) | |
76 | { | |
77 | struct msblob2key_ctx_st *ctx = vctx; | |
78 | ||
79 | OPENSSL_free(ctx); | |
80 | } | |
81 | ||
f4e46b81 RL |
82 | static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, |
83 | OSSL_CALLBACK *data_cb, void *data_cbarg, | |
84 | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) | |
85 | { | |
86 | struct msblob2key_ctx_st *ctx = vctx; | |
87 | BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); | |
88 | const unsigned char *p; | |
89 | unsigned char hdr_buf[16], *buf = NULL; | |
90 | unsigned int bitlen, magic, length; | |
91 | int isdss = -1; | |
92 | int ispub = -1; | |
93 | void *key = NULL; | |
94 | int ok = 0; | |
95 | ||
352a0bca | 96 | if (in == NULL) |
97 | return 0; | |
98 | ||
f4e46b81 RL |
99 | if (BIO_read(in, hdr_buf, 16) != 16) { |
100 | ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT); | |
9cc97ddf | 101 | goto next; |
f4e46b81 | 102 | } |
9cc97ddf | 103 | ERR_set_mark(); |
f4e46b81 | 104 | p = hdr_buf; |
9cc97ddf RL |
105 | ok = ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) > 0; |
106 | ERR_pop_to_mark(); | |
107 | if (!ok) | |
108 | goto next; | |
109 | ||
398f8fe1 | 110 | ctx->selection = selection; |
9cc97ddf | 111 | ok = 0; /* Assume that we fail */ |
f4e46b81 RL |
112 | |
113 | if ((isdss && ctx->desc->type != EVP_PKEY_DSA) | |
114 | || (!isdss && ctx->desc->type != EVP_PKEY_RSA)) | |
9cc97ddf | 115 | goto next; |
f4e46b81 RL |
116 | |
117 | length = ossl_blob_length(bitlen, isdss, ispub); | |
118 | if (length > BLOB_MAX_LENGTH) { | |
119 | ERR_raise(ERR_LIB_PEM, PEM_R_HEADER_TOO_LONG); | |
9cc97ddf | 120 | goto next; |
f4e46b81 RL |
121 | } |
122 | buf = OPENSSL_malloc(length); | |
123 | if (buf == NULL) { | |
124 | ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); | |
9cc97ddf | 125 | goto end; |
f4e46b81 RL |
126 | } |
127 | p = buf; | |
128 | if (BIO_read(in, buf, length) != (int)length) { | |
129 | ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT); | |
9cc97ddf | 130 | goto next; |
f4e46b81 RL |
131 | } |
132 | ||
133 | if ((selection == 0 | |
134 | || (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
135 | && !ispub | |
136 | && ctx->desc->read_private_key != NULL) { | |
137 | struct ossl_passphrase_data_st pwdata; | |
138 | ||
139 | memset(&pwdata, 0, sizeof(pwdata)); | |
140 | if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg)) | |
9cc97ddf | 141 | goto end; |
f4e46b81 RL |
142 | p = buf; |
143 | key = ctx->desc->read_private_key(&p, bitlen, ispub); | |
144 | if (selection != 0 && key == NULL) | |
145 | goto next; | |
146 | } | |
147 | if (key == NULL && (selection == 0 | |
148 | || (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) | |
149 | && ispub | |
150 | && ctx->desc->read_public_key != NULL) { | |
151 | p = buf; | |
152 | key = ctx->desc->read_public_key(&p, bitlen, ispub); | |
153 | if (selection != 0 && key == NULL) | |
154 | goto next; | |
155 | } | |
156 | ||
157 | if (key != NULL && ctx->desc->adjust_key != NULL) | |
158 | ctx->desc->adjust_key(key, ctx); | |
159 | ||
160 | next: | |
9cc97ddf RL |
161 | /* |
162 | * Indicated that we successfully decoded something, or not at all. | |
163 | * Ending up "empty handed" is not an error. | |
164 | */ | |
165 | ok = 1; | |
166 | ||
f4e46b81 RL |
167 | /* |
168 | * We free resources here so it's not held up during the callback, because | |
169 | * we know the process is recursive and the allocated chunks of memory | |
170 | * add up. | |
171 | */ | |
172 | OPENSSL_free(buf); | |
173 | BIO_free(in); | |
174 | buf = NULL; | |
175 | in = NULL; | |
176 | ||
177 | if (key != NULL) { | |
178 | OSSL_PARAM params[4]; | |
179 | int object_type = OSSL_OBJECT_PKEY; | |
180 | ||
181 | params[0] = | |
182 | OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); | |
183 | params[1] = | |
184 | OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, | |
185 | (char *)ctx->desc->name, 0); | |
186 | /* The address of the key becomes the octet string */ | |
187 | params[2] = | |
188 | OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, | |
189 | &key, sizeof(key)); | |
190 | params[3] = OSSL_PARAM_construct_end(); | |
191 | ||
192 | ok = data_cb(params, data_cbarg); | |
193 | } | |
194 | ||
9cc97ddf | 195 | end: |
f4e46b81 RL |
196 | BIO_free(in); |
197 | OPENSSL_free(buf); | |
198 | ctx->desc->free_key(key); | |
199 | ||
200 | return ok; | |
201 | } | |
202 | ||
203 | static int | |
204 | msblob2key_export_object(void *vctx, | |
205 | const void *reference, size_t reference_sz, | |
206 | OSSL_CALLBACK *export_cb, void *export_cbarg) | |
207 | { | |
208 | struct msblob2key_ctx_st *ctx = vctx; | |
209 | OSSL_FUNC_keymgmt_export_fn *export = | |
210 | ossl_prov_get_keymgmt_export(ctx->desc->fns); | |
211 | void *keydata; | |
212 | ||
213 | if (reference_sz == sizeof(keydata) && export != NULL) { | |
214 | /* The contents of the reference is the address to our object */ | |
215 | keydata = *(void **)reference; | |
216 | ||
398f8fe1 | 217 | return export(keydata, ctx->selection, export_cb, export_cbarg); |
f4e46b81 RL |
218 | } |
219 | return 0; | |
220 | } | |
221 | ||
222 | /* ---------------------------------------------------------------------- */ | |
223 | ||
224 | #define dsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header | |
225 | #define dsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header | |
226 | #define dsa_adjust NULL | |
227 | #define dsa_free (void (*)(void *))DSA_free | |
228 | ||
229 | /* ---------------------------------------------------------------------- */ | |
230 | ||
231 | #define rsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header | |
232 | #define rsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header | |
233 | ||
234 | static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx) | |
235 | { | |
236 | ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
237 | } | |
238 | ||
239 | #define rsa_free (void (*)(void *))RSA_free | |
240 | ||
241 | /* ---------------------------------------------------------------------- */ | |
242 | ||
243 | #define IMPLEMENT_MSBLOB(KEYTYPE, keytype) \ | |
244 | static const struct keytype_desc_st mstype##2##keytype##_desc = { \ | |
245 | EVP_PKEY_##KEYTYPE, #KEYTYPE, \ | |
246 | ossl_##keytype##_keymgmt_functions, \ | |
247 | keytype##_decode_private_key, \ | |
248 | keytype##_decode_public_key, \ | |
249 | keytype##_adjust, \ | |
250 | keytype##_free \ | |
251 | }; \ | |
252 | static OSSL_FUNC_decoder_newctx_fn msblob2##keytype##_newctx; \ | |
253 | static void *msblob2##keytype##_newctx(void *provctx) \ | |
254 | { \ | |
255 | return msblob2key_newctx(provctx, &mstype##2##keytype##_desc); \ | |
256 | } \ | |
257 | const OSSL_DISPATCH \ | |
258 | ossl_msblob_to_##keytype##_decoder_functions[] = { \ | |
259 | { OSSL_FUNC_DECODER_NEWCTX, \ | |
260 | (void (*)(void))msblob2##keytype##_newctx }, \ | |
261 | { OSSL_FUNC_DECODER_FREECTX, \ | |
262 | (void (*)(void))msblob2key_freectx }, \ | |
f4e46b81 RL |
263 | { OSSL_FUNC_DECODER_DECODE, \ |
264 | (void (*)(void))msblob2key_decode }, \ | |
265 | { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ | |
266 | (void (*)(void))msblob2key_export_object }, \ | |
267 | { 0, NULL } \ | |
268 | } | |
269 | ||
270 | #ifndef OPENSSL_NO_DSA | |
271 | IMPLEMENT_MSBLOB(DSA, dsa); | |
272 | #endif | |
273 | IMPLEMENT_MSBLOB(RSA, rsa); |