providers/implementations/encode_decode/decode_epki2pki.c

   1 /*
   2  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/core.h>
  11 #include <openssl/core_dispatch.h>
  12 #include <openssl/core_names.h>
  13 #include <openssl/core_object.h>
  14 #include <openssl/asn1.h>
  15 #include <openssl/err.h>
  16 #include <openssl/objects.h>
  17 #include <openssl/pkcs12.h>
  18 #include <openssl/x509.h>
  19 #include <openssl/proverr.h>
  20 #include "internal/asn1.h"
  21 #include "internal/sizes.h"
  22 #include "prov/bio.h"
  23 #include "prov/implementations.h"
  24 #include "endecoder_local.h"
  25
  26 static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
  27 static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
  28 static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
  29
  30 /*
  31  * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
  32  */
  33 struct epki2pki_ctx_st {
  34     PROV_CTX *provctx;
  35 };
  36
  37 static void *epki2pki_newctx(void *provctx)
  38 {
  39     struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
  40
  41     if (ctx != NULL)
  42         ctx->provctx = provctx;
  43     return ctx;
  44 }
  45
  46 static void epki2pki_freectx(void *vctx)
  47 {
  48     struct epki2pki_ctx_st *ctx = vctx;
  49
  50     OPENSSL_free(ctx);
  51 }
  52
  53 /*
  54  * The selection parameter in epki2pki_decode() is not used by this function
  55  * because it's not relevant just to decode EncryptedPrivateKeyInfo to
  56  * PrivateKeyInfo.
  57  */
  58 static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
  59                            OSSL_CALLBACK *data_cb, void *data_cbarg,
  60                            OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
  61 {
  62     struct epki2pki_ctx_st *ctx = vctx;
  63     BUF_MEM *mem = NULL;
  64     unsigned char *der = NULL;
  65     const unsigned char *pder = NULL;
  66     long der_len = 0;
  67     X509_SIG *p8 = NULL;
  68     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  69     const X509_ALGOR *alg = NULL;
  70     BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
  71     int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
  72
  73     BIO_free(in);
  74
  75     /* We return "empty handed".  This is not an error. */
  76     if (!ok)
  77         return 1;
  78
  79     pder = der = (unsigned char *)mem->data;
  80     der_len = (long)mem->length;
  81     OPENSSL_free(mem);
  82
  83     ok = 1;                      /* Assume good */
  84     ERR_set_mark();
  85     if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
  86         char pbuf[1024];
  87         size_t plen = 0;
  88
  89         ERR_clear_last_mark();
  90
  91         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
  92             ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
  93         } else {
  94             const ASN1_OCTET_STRING *oct;
  95             unsigned char *new_der = NULL;
  96             int new_der_len = 0;
  97
  98             X509_SIG_get0(p8, &alg, &oct);
  99             if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
 100                                      oct->data, oct->length,
 101                                      &new_der, &new_der_len, 0,
 102                                      PROV_LIBCTX_OF(ctx->provctx), NULL)) {
 103                 ok = 0;
 104             } else {
 105                 OPENSSL_free(der);
 106                 der = new_der;
 107                 der_len = new_der_len;
 108             }
 109             alg = NULL;
 110         }
 111         X509_SIG_free(p8);
 112     } else {
 113         ERR_pop_to_mark();
 114     }
 115
 116     ERR_set_mark();
 117     pder = der;
 118     p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
 119     ERR_pop_to_mark();
 120
 121     if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
 122         /*
 123          * We have something and recognised it as PrivateKeyInfo, so let's
 124          * pass all the applicable data to the callback.
 125          */
 126         char keytype[OSSL_MAX_NAME_SIZE];
 127         OSSL_PARAM params[5], *p = params;
 128         int objtype = OSSL_OBJECT_PKEY;
 129
 130         OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
 131
 132         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
 133                                                 keytype, 0);
 134         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
 135                                                 "PrivateKeyInfo", 0);
 136         *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
 137                                                  der, der_len);
 138         *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
 139         *p = OSSL_PARAM_construct_end();
 140
 141         ok = data_cb(params, data_cbarg);
 142     }
 143     PKCS8_PRIV_KEY_INFO_free(p8inf);
 144     OPENSSL_free(der);
 145     return ok;
 146 }
 147
 148 const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
 149     { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
 150     { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
 151     { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
 152     { 0, NULL }
 153 };