2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core.h>
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
13 #include <openssl/core_object.h>
14 #include <openssl/asn1.h>
15 #include <openssl/err.h>
16 #include <openssl/objects.h>
17 #include <openssl/pkcs12.h>
18 #include <openssl/x509.h>
19 #include <openssl/proverr.h>
20 #include "internal/asn1.h"
21 #include "internal/sizes.h"
23 #include "prov/implementations.h"
24 #include "endecoder_local.h"
26 static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
27 static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
28 static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
31 * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
33 struct epki2pki_ctx_st {
37 static void *epki2pki_newctx(void *provctx)
39 struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
42 ctx->provctx = provctx;
46 static void epki2pki_freectx(void *vctx)
48 struct epki2pki_ctx_st *ctx = vctx;
54 * The selection parameter in epki2pki_decode() is not used by this function
55 * because it's not relevant just to decode EncryptedPrivateKeyInfo to
58 static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
59 OSSL_CALLBACK *data_cb, void *data_cbarg,
60 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
62 struct epki2pki_ctx_st *ctx = vctx;
64 unsigned char *der = NULL;
65 const unsigned char *pder = NULL;
68 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
69 const X509_ALGOR *alg = NULL;
70 BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
71 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
75 /* We return "empty handed". This is not an error. */
79 pder = der = (unsigned char *)mem->data;
80 der_len = (long)mem->length;
83 ok = 1; /* Assume good */
85 if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
89 ERR_clear_last_mark();
91 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
92 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
94 const ASN1_OCTET_STRING *oct;
95 unsigned char *new_der = NULL;
98 X509_SIG_get0(p8, &alg, &oct);
99 if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
100 oct->data, oct->length,
101 &new_der, &new_der_len, 0,
102 PROV_LIBCTX_OF(ctx->provctx), NULL)) {
107 der_len = new_der_len;
118 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
121 if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
123 * We have something and recognised it as PrivateKeyInfo, so let's
124 * pass all the applicable data to the callback.
126 char keytype[OSSL_MAX_NAME_SIZE];
127 OSSL_PARAM params[5], *p = params;
128 int objtype = OSSL_OBJECT_PKEY;
130 OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
132 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
134 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
135 "PrivateKeyInfo", 0);
136 *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
138 *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
139 *p = OSSL_PARAM_construct_end();
141 ok = data_cb(params, data_cbarg);
143 PKCS8_PRIV_KEY_INFO_free(p8inf);
148 const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
149 { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
150 { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
151 { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },