2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
18 #include <openssl/core_dispatch.h>
19 #include <openssl/core_names.h>
20 #include <openssl/core_object.h>
21 #include <openssl/crypto.h>
22 #include <openssl/params.h>
23 #include <openssl/err.h>
24 #include <openssl/pem.h> /* For public PVK functions */
25 #include <openssl/x509.h>
26 #include "internal/passphrase.h"
27 #include "crypto/pem.h" /* For internal PVK and "blob" headers */
28 #include "crypto/rsa.h"
30 #include "prov/implementations.h"
31 #include "endecoder_local.h"
33 struct pvk2key_ctx_st
; /* Forward declaration */
34 typedef int check_key_fn(void *, struct pvk2key_ctx_st
*ctx
);
35 typedef void adjust_key_fn(void *, struct pvk2key_ctx_st
*ctx
);
36 typedef void *b2i_PVK_of_bio_pw_fn(BIO
*in
, pem_password_cb
*cb
, void *u
,
37 OSSL_LIB_CTX
*libctx
, const char *propq
);
38 typedef void free_key_fn(void *);
39 struct keytype_desc_st
{
40 int type
; /* EVP key type */
41 const char *name
; /* Keytype */
42 const OSSL_DISPATCH
*fns
; /* Keymgmt (to pilfer functions from) */
44 b2i_PVK_of_bio_pw_fn
*read_private_key
;
45 adjust_key_fn
*adjust_key
;
46 free_key_fn
*free_key
;
49 static OSSL_FUNC_decoder_freectx_fn pvk2key_freectx
;
50 static OSSL_FUNC_decoder_decode_fn pvk2key_decode
;
51 static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object
;
54 * Context used for DER to key decoding.
56 struct pvk2key_ctx_st
{
58 const struct keytype_desc_st
*desc
;
61 static struct pvk2key_ctx_st
*
62 pvk2key_newctx(void *provctx
, const struct keytype_desc_st
*desc
)
64 struct pvk2key_ctx_st
*ctx
= OPENSSL_zalloc(sizeof(*ctx
));
67 ctx
->provctx
= provctx
;
73 static void pvk2key_freectx(void *vctx
)
75 struct pvk2key_ctx_st
*ctx
= vctx
;
80 static int pvk2key_decode(void *vctx
, OSSL_CORE_BIO
*cin
, int selection
,
81 OSSL_CALLBACK
*data_cb
, void *data_cbarg
,
82 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
84 struct pvk2key_ctx_st
*ctx
= vctx
;
85 BIO
*in
= ossl_bio_new_from_core_bio(ctx
->provctx
, cin
);
90 || (selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0)
91 && ctx
->desc
->read_private_key
!= NULL
) {
92 struct ossl_passphrase_data_st pwdata
;
95 memset(&pwdata
, 0, sizeof(pwdata
));
96 if (!ossl_pw_set_ossl_passphrase_cb(&pwdata
, pw_cb
, pw_cbarg
))
99 key
= ctx
->desc
->read_private_key(in
, ossl_pw_pem_password
, &pwdata
,
100 PROV_LIBCTX_OF(ctx
->provctx
), NULL
);
103 * Because the PVK API doesn't have a separate decrypt call, we need
104 * to check the error queue for certain well known errors that are
105 * considered fatal and which we pass through, while the rest gets
108 err
= ERR_peek_last_error();
109 lib
= ERR_GET_LIB(err
);
110 reason
= ERR_GET_REASON(err
);
111 if (lib
== ERR_LIB_PEM
112 && (reason
== PEM_R_BAD_PASSWORD_READ
113 || reason
== PEM_R_BAD_DECRYPT
)) {
114 ERR_clear_last_mark();
118 if (selection
!= 0 && key
== NULL
)
122 if (key
!= NULL
&& ctx
->desc
->adjust_key
!= NULL
)
123 ctx
->desc
->adjust_key(key
, ctx
);
127 * Indicated that we successfully decoded something, or not at all.
128 * Ending up "empty handed" is not an error.
133 * We free resources here so it's not held up during the callback, because
134 * we know the process is recursive and the allocated chunks of memory
141 OSSL_PARAM params
[4];
142 int object_type
= OSSL_OBJECT_PKEY
;
145 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE
, &object_type
);
147 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE
,
148 (char *)ctx
->desc
->name
, 0);
149 /* The address of the key becomes the octet string */
151 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE
,
153 params
[3] = OSSL_PARAM_construct_end();
155 ok
= data_cb(params
, data_cbarg
);
160 ctx
->desc
->free_key(key
);
165 static int pvk2key_export_object(void *vctx
,
166 const void *reference
, size_t reference_sz
,
167 OSSL_CALLBACK
*export_cb
, void *export_cbarg
)
169 struct pvk2key_ctx_st
*ctx
= vctx
;
170 OSSL_FUNC_keymgmt_export_fn
*export
=
171 ossl_prov_get_keymgmt_export(ctx
->desc
->fns
);
174 if (reference_sz
== sizeof(keydata
) && export
!= NULL
) {
175 /* The contents of the reference is the address to our object */
176 keydata
= *(void **)reference
;
178 return export(keydata
, OSSL_KEYMGMT_SELECT_ALL
,
179 export_cb
, export_cbarg
);
184 /* ---------------------------------------------------------------------- */
186 #define dsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio_ex
187 #define dsa_adjust NULL
188 #define dsa_free (void (*)(void *))DSA_free
190 /* ---------------------------------------------------------------------- */
192 #define rsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio_ex
194 static void rsa_adjust(void *key
, struct pvk2key_ctx_st
*ctx
)
196 ossl_rsa_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
199 #define rsa_free (void (*)(void *))RSA_free
201 /* ---------------------------------------------------------------------- */
203 #define IMPLEMENT_MS(KEYTYPE, keytype) \
204 static const struct keytype_desc_st \
205 pvk2##keytype##_desc = { \
206 EVP_PKEY_##KEYTYPE, #KEYTYPE, \
207 ossl_##keytype##_keymgmt_functions, \
208 keytype##_private_key_bio, \
212 static OSSL_FUNC_decoder_newctx_fn pvk2##keytype##_newctx; \
213 static void *pvk2##keytype##_newctx(void *provctx) \
215 return pvk2key_newctx(provctx, &pvk2##keytype##_desc); \
217 const OSSL_DISPATCH \
218 ossl_##pvk_to_##keytype##_decoder_functions[] = { \
219 { OSSL_FUNC_DECODER_NEWCTX, \
220 (void (*)(void))pvk2##keytype##_newctx }, \
221 { OSSL_FUNC_DECODER_FREECTX, \
222 (void (*)(void))pvk2key_freectx }, \
223 { OSSL_FUNC_DECODER_DECODE, \
224 (void (*)(void))pvk2key_decode }, \
225 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
226 (void (*)(void))pvk2key_export_object }, \
230 #ifndef OPENSSL_NO_DSA
231 IMPLEMENT_MS(DSA
, dsa
);
233 IMPLEMENT_MS(RSA
, rsa
);