crypto/evp/evp_pkey.c

   1 /* evp_pkey.c */
   2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
   3  * project 1999.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  *
  53  * This product includes cryptographic software written by Eric Young
  54  * (eay@cryptsoft.com).  This product includes software written by Tim
  55  * Hudson (tjh@cryptsoft.com).
  56  *
  57  */
  58
  59 #include <stdio.h>
  60 #include <stdlib.h>
  61 #include "cryptlib.h"
  62 #include <openssl/x509.h>
  63 #include <openssl/rand.h>
  64
  65 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
  66
  67 /* Extract a private key from a PKCS8 structure */
  68
  69 EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
  70 {
  71         EVP_PKEY *pkey = NULL;
  72 #ifndef NO_RSA
  73         RSA *rsa = NULL;
  74 #endif
  75 #ifndef NO_DSA
  76         DSA *dsa = NULL;
  77         ASN1_INTEGER *privkey;
  78         ASN1_TYPE *t1, *t2, *param = NULL;
  79         STACK *ndsa = NULL;
  80         BN_CTX *ctx = NULL;
  81         int plen;
  82 #endif
  83         X509_ALGOR *a;
  84         unsigned char *p;
  85         int pkeylen;
  86         char obj_tmp[80];
  87
  88         if(p8->pkey->type == V_ASN1_OCTET_STRING) {
  89                 p8->broken = PKCS8_OK;
  90                 p = p8->pkey->value.octet_string->data;
  91                 pkeylen = p8->pkey->value.octet_string->length;
  92         } else {
  93                 p8->broken = PKCS8_NO_OCTET;
  94                 p = p8->pkey->value.sequence->data;
  95                 pkeylen = p8->pkey->value.sequence->length;
  96         }
  97         if (!(pkey = EVP_PKEY_new())) {
  98                 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
  99                 return NULL;
 100         }
 101         a = p8->pkeyalg;
 102         switch (OBJ_obj2nid(a->algorithm))
 103         {
 104 #ifndef NO_RSA
 105                 case NID_rsaEncryption:
 106                 if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
 107                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 108                         return NULL;
 109                 }
 110                 EVP_PKEY_assign_RSA (pkey, rsa);
 111                 break;
 112 #endif
 113 #ifndef NO_DSA
 114                 case NID_dsa:
 115                 /* PKCS#8 DSA is weird: you just get a private key integer
 116                  * and parameters in the AlgorithmIdentifier the pubkey must
 117                  * be recalculated.
 118                  */
 119
 120                 /* Check for broken DSA PKCS#8, UGH! */
 121                 if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
 122                     if(!(ndsa = ASN1_seq_unpack(p, pkeylen,
 123                                         (char *(*)())d2i_ASN1_TYPE,
 124                                                          ASN1_TYPE_free))) {
 125                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 126                         goto dsaerr;
 127                     }
 128                     if(sk_num(ndsa) != 2 ) {
 129                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 130                         goto dsaerr;
 131                     }
 132                     /* Handle Two broken types:
 133                      * SEQUENCE {parameters, priv_key}
 134                      * SEQUENCE {pub_key, priv_key}
 135                      */
 136
 137                     t1 = (ASN1_TYPE *)sk_value(ndsa, 0);
 138                     t2 = (ASN1_TYPE *)sk_value(ndsa, 1);
 139                     if(t1->type == V_ASN1_SEQUENCE) {
 140                         p8->broken = PKCS8_EMBEDDED_PARAM;
 141                         param = t1;
 142                     } else if(a->parameter->type == V_ASN1_SEQUENCE) {
 143                         p8->broken = PKCS8_NS_DB;
 144                         param = a->parameter;
 145                     } else {
 146                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 147                         goto dsaerr;
 148                     }
 149
 150                     if(t2->type != V_ASN1_INTEGER) {
 151                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 152                         goto dsaerr;
 153                     }
 154                     privkey = t2->value.integer;
 155                 } else if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
 156                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 157                         goto dsaerr;
 158                 }
 159                 p = param->value.sequence->data;
 160                 plen = param->value.sequence->length;
 161                 if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
 162                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
 163                         goto dsaerr;
 164                 }
 165                 /* We have parameters now set private key */
 166                 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
 167                         EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
 168                         goto dsaerr;
 169                 }
 170                 /* Calculate public key (ouch!) */
 171                 if (!(dsa->pub_key = BN_new())) {
 172                         EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
 173                         goto dsaerr;
 174                 }
 175                 if (!(ctx = BN_CTX_new())) {
 176                         EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
 177                         goto dsaerr;
 178                 }
 179
 180                 if (!BN_mod_exp(dsa->pub_key, dsa->g,
 181                                                  dsa->priv_key, dsa->p, ctx)) {
 182
 183                         EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
 184                         goto dsaerr;
 185                 }
 186
 187                 EVP_PKEY_assign_DSA(pkey, dsa);
 188                 BN_CTX_free (ctx);
 189                 sk_pop_free(ndsa, ASN1_TYPE_free);
 190                 break;
 191                 dsaerr:
 192                 BN_CTX_free (ctx);
 193                 sk_pop_free(ndsa, ASN1_TYPE_free);
 194                 DSA_free(dsa);
 195                 EVP_PKEY_free(pkey);
 196                 return NULL;
 197                 break;
 198 #endif
 199                 default:
 200                 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
 201                 if (!a->algorithm) strcpy (obj_tmp, "NULL");
 202                 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
 203                 ERR_add_error_data(2, "TYPE=", obj_tmp);
 204                 EVP_PKEY_free (pkey);
 205                 return NULL;
 206         }
 207         return pkey;
 208 }
 209
 210 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
 211 {
 212         return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
 213 }
 214
 215 /* Turn a private key into a PKCS8 structure */
 216
 217 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 218 {
 219         PKCS8_PRIV_KEY_INFO *p8;
 220
 221         if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
 222                 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 223                 return NULL;
 224         }
 225         p8->broken = broken;
 226         ASN1_INTEGER_set (p8->version, 0);
 227         if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
 228                 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 229                 PKCS8_PRIV_KEY_INFO_free (p8);
 230                 return NULL;
 231         }
 232         p8->pkey->type = V_ASN1_OCTET_STRING;
 233         switch (EVP_PKEY_type(pkey->type)) {
 234 #ifndef NO_RSA
 235                 case EVP_PKEY_RSA:
 236
 237                 if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
 238
 239                 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
 240                 p8->pkeyalg->parameter->type = V_ASN1_NULL;
 241                 if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
 242                                          &p8->pkey->value.octet_string)) {
 243                         EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 244                         PKCS8_PRIV_KEY_INFO_free (p8);
 245                         return NULL;
 246                 }
 247                 break;
 248 #endif
 249 #ifndef NO_DSA
 250                 case EVP_PKEY_DSA:
 251                 if(!dsa_pkey2pkcs8(p8, pkey)) {
 252                         PKCS8_PRIV_KEY_INFO_free (p8);
 253                         return NULL;
 254                 }
 255
 256                 break;
 257 #endif
 258                 default:
 259                 EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
 260                 PKCS8_PRIV_KEY_INFO_free (p8);
 261                 return NULL;
 262         }
 263         RAND_add(p8->pkey->value.octet_string->data,
 264                  p8->pkey->value.octet_string->length, 0);
 265         return p8;
 266 }
 267
 268 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
 269 {
 270         switch (broken) {
 271
 272                 case PKCS8_OK:
 273                 p8->broken = PKCS8_OK;
 274                 return p8;
 275                 break;
 276
 277                 case PKCS8_NO_OCTET:
 278                 p8->broken = PKCS8_NO_OCTET;
 279                 p8->pkey->type = V_ASN1_SEQUENCE;
 280                 return p8;
 281                 break;
 282
 283                 default:
 284                 EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
 285                 return NULL;
 286                 break;
 287
 288         }
 289 }
 290
 291 #ifndef NO_DSA
 292 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 293 {
 294         ASN1_STRING *params;
 295         ASN1_INTEGER *prkey;
 296         ASN1_TYPE *ttmp;
 297         STACK *ndsa;
 298         unsigned char *p, *q;
 299         int len;
 300         p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
 301         len = i2d_DSAparams (pkey->pkey.dsa, NULL);
 302         if (!(p = Malloc(len))) {
 303                 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 304                 PKCS8_PRIV_KEY_INFO_free (p8);
 305                 return 0;
 306         }
 307         q = p;
 308         i2d_DSAparams (pkey->pkey.dsa, &q);
 309         params = ASN1_STRING_new();
 310         ASN1_STRING_set(params, p, len);
 311         Free(p);
 312         /* Get private key into integer */
 313         if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
 314                 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
 315                 return 0;
 316         }
 317
 318         switch(p8->broken) {
 319
 320                 case PKCS8_OK:
 321                 case PKCS8_NO_OCTET:
 322
 323                 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
 324                                          &p8->pkey->value.octet_string)) {
 325                         EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 326                         M_ASN1_INTEGER_free (prkey);
 327                         return 0;
 328                 }
 329
 330                 M_ASN1_INTEGER_free (prkey);
 331                 p8->pkeyalg->parameter->value.sequence = params;
 332                 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
 333
 334                 break;
 335
 336                 case PKCS8_NS_DB:
 337
 338                 p8->pkeyalg->parameter->value.sequence = params;
 339                 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
 340                 ndsa = sk_new_null();
 341                 ttmp = ASN1_TYPE_new();
 342                 if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
 343                         EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
 344                         PKCS8_PRIV_KEY_INFO_free(p8);
 345                         return 0;
 346                 }
 347                 ttmp->type = V_ASN1_INTEGER;
 348                 sk_push(ndsa, (char *)ttmp);
 349
 350                 ttmp = ASN1_TYPE_new();
 351                 ttmp->value.integer = prkey;
 352                 ttmp->type = V_ASN1_INTEGER;
 353                 sk_push(ndsa, (char *)ttmp);
 354
 355                 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
 356
 357                 if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
 358                                          &p8->pkey->value.octet_string->data,
 359                                          &p8->pkey->value.octet_string->length)) {
 360
 361                         EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 362                         sk_pop_free(ndsa, ASN1_TYPE_free);
 363                         M_ASN1_INTEGER_free(prkey);
 364                         return 0;
 365                 }
 366                 sk_pop_free(ndsa, ASN1_TYPE_free);
 367                 break;
 368
 369                 case PKCS8_EMBEDDED_PARAM:
 370
 371                 p8->pkeyalg->parameter->type = V_ASN1_NULL;
 372                 ndsa = sk_new_null();
 373                 ttmp = ASN1_TYPE_new();
 374                 ttmp->value.sequence = params;
 375                 ttmp->type = V_ASN1_SEQUENCE;
 376                 sk_push(ndsa, (char *)ttmp);
 377
 378                 ttmp = ASN1_TYPE_new();
 379                 ttmp->value.integer = prkey;
 380                 ttmp->type = V_ASN1_INTEGER;
 381                 sk_push(ndsa, (char *)ttmp);
 382
 383                 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
 384
 385                 if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
 386                                          &p8->pkey->value.octet_string->data,
 387                                          &p8->pkey->value.octet_string->length)) {
 388
 389                         EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
 390                         sk_pop_free(ndsa, ASN1_TYPE_free);
 391                         M_ASN1_INTEGER_free (prkey);
 392                         return 0;
 393                 }
 394                 sk_pop_free(ndsa, ASN1_TYPE_free);
 395                 break;
 396         }
 397         return 1;
 398 }
 399 #endif