2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
18 #include <openssl/core_dispatch.h>
19 #include <openssl/core_names.h>
20 #include <openssl/core_object.h>
21 #include <openssl/crypto.h>
22 #include <openssl/params.h>
23 #include <openssl/err.h>
24 #include <openssl/pem.h> /* For public PVK functions */
25 #include <openssl/x509.h>
26 #include "internal/passphrase.h"
27 #include "crypto/pem.h" /* For internal PVK and "blob" headers */
28 #include "crypto/rsa.h"
30 #include "prov/implementations.h"
31 #include "endecoder_local.h"
33 struct pvk2key_ctx_st
; /* Forward declaration */
34 typedef int check_key_fn(void *, struct pvk2key_ctx_st
*ctx
);
35 typedef void adjust_key_fn(void *, struct pvk2key_ctx_st
*ctx
);
36 typedef void *b2i_PVK_of_bio_pw_fn(BIO
*in
, pem_password_cb
*cb
, void *u
,
37 OSSL_LIB_CTX
*libctx
, const char *propq
);
38 typedef void free_key_fn(void *);
39 struct keytype_desc_st
{
40 int type
; /* EVP key type */
41 const char *name
; /* Keytype */
42 const OSSL_DISPATCH
*fns
; /* Keymgmt (to pilfer functions from) */
44 b2i_PVK_of_bio_pw_fn
*read_private_key
;
45 adjust_key_fn
*adjust_key
;
46 free_key_fn
*free_key
;
49 static OSSL_FUNC_decoder_freectx_fn pvk2key_freectx
;
50 static OSSL_FUNC_decoder_gettable_params_fn pvk2key_gettable_params
;
51 static OSSL_FUNC_decoder_get_params_fn pvk2key_get_params
;
52 static OSSL_FUNC_decoder_decode_fn pvk2key_decode
;
53 static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object
;
56 * Context used for DER to key decoding.
58 struct pvk2key_ctx_st
{
60 const struct keytype_desc_st
*desc
;
63 static struct pvk2key_ctx_st
*
64 pvk2key_newctx(void *provctx
, const struct keytype_desc_st
*desc
)
66 struct pvk2key_ctx_st
*ctx
= OPENSSL_zalloc(sizeof(*ctx
));
69 ctx
->provctx
= provctx
;
75 static void pvk2key_freectx(void *vctx
)
77 struct pvk2key_ctx_st
*ctx
= vctx
;
82 static const OSSL_PARAM
*pvk2key_gettable_params(ossl_unused
void *provctx
)
84 static const OSSL_PARAM gettables
[] = {
85 { OSSL_DECODER_PARAM_INPUT_TYPE
, OSSL_PARAM_UTF8_PTR
, NULL
, 0, 0 },
92 static int pvk2key_get_params(OSSL_PARAM params
[])
96 p
= OSSL_PARAM_locate(params
, OSSL_DECODER_PARAM_INPUT_TYPE
);
97 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, "PVK"))
103 static int pvk2key_decode(void *vctx
, OSSL_CORE_BIO
*cin
, int selection
,
104 OSSL_CALLBACK
*data_cb
, void *data_cbarg
,
105 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
107 struct pvk2key_ctx_st
*ctx
= vctx
;
108 BIO
*in
= ossl_bio_new_from_core_bio(ctx
->provctx
, cin
);
113 || (selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0)
114 && ctx
->desc
->read_private_key
!= NULL
) {
115 struct ossl_passphrase_data_st pwdata
;
116 int err
, lib
, reason
;
118 memset(&pwdata
, 0, sizeof(pwdata
));
119 if (!ossl_pw_set_ossl_passphrase_cb(&pwdata
, pw_cb
, pw_cbarg
))
122 key
= ctx
->desc
->read_private_key(in
, ossl_pw_pem_password
, &pwdata
,
123 PROV_LIBCTX_OF(ctx
->provctx
), NULL
);
126 * Because the PVK API doesn't have a separate decrypt call, we need
127 * to check the error queue for certain well known errors that are
128 * considered fatal and which we pass through, while the rest gets
131 err
= ERR_peek_last_error();
132 lib
= ERR_GET_LIB(err
);
133 reason
= ERR_GET_REASON(err
);
134 if (lib
== ERR_LIB_PEM
135 && (reason
== PEM_R_BAD_PASSWORD_READ
136 || reason
== PEM_R_BAD_DECRYPT
)) {
137 ERR_clear_last_mark();
141 if (selection
!= 0 && key
== NULL
)
145 if (key
!= NULL
&& ctx
->desc
->adjust_key
!= NULL
)
146 ctx
->desc
->adjust_key(key
, ctx
);
150 * Indicated that we successfully decoded something, or not at all.
151 * Ending up "empty handed" is not an error.
156 * We free resources here so it's not held up during the callback, because
157 * we know the process is recursive and the allocated chunks of memory
164 OSSL_PARAM params
[4];
165 int object_type
= OSSL_OBJECT_PKEY
;
168 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE
, &object_type
);
170 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE
,
171 (char *)ctx
->desc
->name
, 0);
172 /* The address of the key becomes the octet string */
174 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE
,
176 params
[3] = OSSL_PARAM_construct_end();
178 ok
= data_cb(params
, data_cbarg
);
183 ctx
->desc
->free_key(key
);
188 static int pvk2key_export_object(void *vctx
,
189 const void *reference
, size_t reference_sz
,
190 OSSL_CALLBACK
*export_cb
, void *export_cbarg
)
192 struct pvk2key_ctx_st
*ctx
= vctx
;
193 OSSL_FUNC_keymgmt_export_fn
*export
=
194 ossl_prov_get_keymgmt_export(ctx
->desc
->fns
);
197 if (reference_sz
== sizeof(keydata
) && export
!= NULL
) {
198 /* The contents of the reference is the address to our object */
199 keydata
= *(void **)reference
;
201 return export(keydata
, OSSL_KEYMGMT_SELECT_ALL
,
202 export_cb
, export_cbarg
);
207 /* ---------------------------------------------------------------------- */
209 #define dsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio_ex
210 #define dsa_adjust NULL
211 #define dsa_free (void (*)(void *))DSA_free
213 /* ---------------------------------------------------------------------- */
215 #define rsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio_ex
217 static void rsa_adjust(void *key
, struct pvk2key_ctx_st
*ctx
)
219 ossl_rsa_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
222 #define rsa_free (void (*)(void *))RSA_free
224 /* ---------------------------------------------------------------------- */
226 #define IMPLEMENT_MS(KEYTYPE, keytype) \
227 static const struct keytype_desc_st \
228 pvk2##keytype##_desc = { \
229 EVP_PKEY_##KEYTYPE, #KEYTYPE, \
230 ossl_##keytype##_keymgmt_functions, \
231 keytype##_private_key_bio, \
235 static OSSL_FUNC_decoder_newctx_fn pvk2##keytype##_newctx; \
236 static void *pvk2##keytype##_newctx(void *provctx) \
238 return pvk2key_newctx(provctx, &pvk2##keytype##_desc); \
240 const OSSL_DISPATCH \
241 ossl_##pvk_to_##keytype##_decoder_functions[] = { \
242 { OSSL_FUNC_DECODER_NEWCTX, \
243 (void (*)(void))pvk2##keytype##_newctx }, \
244 { OSSL_FUNC_DECODER_FREECTX, \
245 (void (*)(void))pvk2key_freectx }, \
246 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
247 (void (*)(void))pvk2key_gettable_params }, \
248 { OSSL_FUNC_DECODER_GET_PARAMS, \
249 (void (*)(void))pvk2key_get_params }, \
250 { OSSL_FUNC_DECODER_DECODE, \
251 (void (*)(void))pvk2key_decode }, \
252 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
253 (void (*)(void))pvk2key_export_object }, \
257 #ifndef OPENSSL_NO_DSA
258 IMPLEMENT_MS(DSA
, dsa
);
260 IMPLEMENT_MS(RSA
, rsa
);