Home | History | Annotate | Line # | Download | only in encode_decode 
      1 /*
      2  * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
      3  *
      4  * Licensed under the Apache License 2.0 (the "License").  You may not use
      5  * this file except in compliance with the License.  You can obtain a copy
      6  * in the file LICENSE in the source distribution or at
      7  * https://www.openssl.org/source/license.html
      8  */
      9 
     10 #include <openssl/core.h>
     11 #include <openssl/core_dispatch.h>
     12 #include <openssl/core_names.h>
     13 #include <openssl/core_object.h>
     14 #include <openssl/asn1.h>
     15 #include <openssl/err.h>
     16 #include <openssl/objects.h>
     17 #include <openssl/pkcs12.h>
     18 #include <openssl/x509.h>
     19 #include <openssl/proverr.h>
     20 #include "internal/asn1.h"
     21 #include "internal/sizes.h"
     22 #include "prov/bio.h"
     23 #include "prov/decoders.h"
     24 #include "prov/implementations.h"
     25 #include "endecoder_local.h"
     26 
     27 static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
     28 static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
     29 static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
     30 static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;
     31 static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;
     32 
     33 /*
     34  * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
     35  */
     36 struct epki2pki_ctx_st {
     37     PROV_CTX *provctx;
     38     char propq[OSSL_MAX_PROPQUERY_SIZE];
     39 };
     40 
     41 static void *epki2pki_newctx(void *provctx)
     42 {
     43     struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
     44 
     45     if (ctx != NULL)
     46         ctx->provctx = provctx;
     47     return ctx;
     48 }
     49 
     50 static void epki2pki_freectx(void *vctx)
     51 {
     52     struct epki2pki_ctx_st *ctx = vctx;
     53 
     54     OPENSSL_free(ctx);
     55 }
     56 
     57 static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx)
     58 {
     59     static const OSSL_PARAM settables[] = {
     60         OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
     61         OSSL_PARAM_END
     62     };
     63     return settables;
     64 }
     65 
     66 static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     67 {
     68     struct epki2pki_ctx_st *ctx = vctx;
     69     const OSSL_PARAM *p;
     70     char *str = ctx->propq;
     71 
     72     p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
     73     if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
     74         return 0;
     75 
     76     return 1;
     77 }
     78 
     79 /*
     80  * The selection parameter in epki2pki_decode() is not used by this function
     81  * because it's not relevant just to decode EncryptedPrivateKeyInfo to
     82  * PrivateKeyInfo.
     83  */
     84 static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     85     OSSL_CALLBACK *data_cb, void *data_cbarg,
     86     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
     87 {
     88     struct epki2pki_ctx_st *ctx = vctx;
     89     BUF_MEM *mem = NULL;
     90     unsigned char *der = NULL;
     91     long der_len = 0;
     92     BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
     93     int ok = 0;
     94 
     95     if (in == NULL)
     96         return 0;
     97 
     98     ok = (asn1_d2i_read_bio(in, &mem) >= 0);
     99     BIO_free(in);
    100 
    101     /* We return "empty handed".  This is not an error. */
    102     if (!ok)
    103         return 1;
    104 
    105     der = (unsigned char *)mem->data;
    106     der_len = (long)mem->length;
    107     OPENSSL_free(mem);
    108 
    109     ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg,
    110         pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx),
    111         ctx->propq);
    112     OPENSSL_free(der);
    113     return ok;
    114 }
    115 
    116 int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection,
    117     OSSL_CALLBACK *data_cb, void *data_cbarg,
    118     OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
    119     OSSL_LIB_CTX *libctx, const char *propq)
    120 {
    121     const unsigned char *pder = der;
    122     unsigned char *new_der = NULL;
    123     X509_SIG *p8 = NULL;
    124     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
    125     const X509_ALGOR *alg = NULL;
    126     int ok = 1; /* Assume good */
    127 
    128     ERR_set_mark();
    129     if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
    130         char pbuf[1024];
    131         size_t plen = 0;
    132 
    133         ERR_clear_last_mark();
    134 
    135         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
    136             ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
    137             ok = 0;
    138         } else {
    139             const ASN1_OCTET_STRING *oct;
    140             int new_der_len = 0;
    141 
    142             X509_SIG_get0(p8, &alg, &oct);
    143             if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
    144                     oct->data, oct->length,
    145                     &new_der, &new_der_len, 0,
    146                     libctx, propq)) {
    147                 ok = 0;
    148             } else {
    149                 der = new_der;
    150                 der_len = new_der_len;
    151             }
    152             alg = NULL;
    153         }
    154         X509_SIG_free(p8);
    155     } else {
    156         ERR_pop_to_mark();
    157     }
    158 
    159     ERR_set_mark();
    160     pder = der;
    161     p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
    162     ERR_pop_to_mark();
    163 
    164     if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
    165         /*
    166          * We have something and recognised it as PrivateKeyInfo, so let's
    167          * pass all the applicable data to the callback.
    168          */
    169         char keytype[OSSL_MAX_NAME_SIZE];
    170         OSSL_PARAM params[6], *p = params;
    171         int objtype = OSSL_OBJECT_PKEY;
    172 
    173         OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
    174 
    175         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
    176             keytype, 0);
    177         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE,
    178             "DER", 0);
    179         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
    180             "PrivateKeyInfo", 0);
    181         *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
    182             der, der_len);
    183         *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
    184         *p = OSSL_PARAM_construct_end();
    185 
    186         ok = data_cb(params, data_cbarg);
    187     }
    188     PKCS8_PRIV_KEY_INFO_free(p8inf);
    189     OPENSSL_free(new_der);
    190     return ok;
    191 }
    192 
    193 const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
    194     { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
    195     { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
    196     { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
    197     { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
    198         (void (*)(void))epki2pki_settable_ctx_params },
    199     { OSSL_FUNC_DECODER_SET_CTX_PARAMS,
    200         (void (*)(void))epki2pki_set_ctx_params },
    201     OSSL_DISPATCH_END
    202 };
    203