xref: /freebsd/crypto/openssl/providers/implementations/encode_decode/decode_epki2pki.c (revision e7be843b4a162e68651d3911f0357ed464915629) 
1 /*
2  * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <openssl/core.h>
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
13 #include <openssl/core_object.h>
14 #include <openssl/asn1.h>
15 #include <openssl/err.h>
16 #include <openssl/objects.h>
17 #include <openssl/pkcs12.h>
18 #include <openssl/x509.h>
19 #include <openssl/proverr.h>
20 #include "internal/asn1.h"
21 #include "internal/sizes.h"
22 #include "prov/bio.h"
23 #include "prov/decoders.h"
24 #include "prov/implementations.h"
25 #include "endecoder_local.h"
26 
27 static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
28 static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
29 static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
30 static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;
31 static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;
32 
33 /*
34  * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
35  */
36 struct epki2pki_ctx_st {
37     PROV_CTX *provctx;
38     char propq[OSSL_MAX_PROPQUERY_SIZE];
39 };
40 
epki2pki_newctx(void * provctx)41 static void *epki2pki_newctx(void *provctx)
42 {
43     struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
44 
45     if (ctx != NULL)
46         ctx->provctx = provctx;
47     return ctx;
48 }
49 
epki2pki_freectx(void * vctx)50 static void epki2pki_freectx(void *vctx)
51 {
52     struct epki2pki_ctx_st *ctx = vctx;
53 
54     OPENSSL_free(ctx);
55 }
56 
epki2pki_settable_ctx_params(ossl_unused void * provctx)57 static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx)
58 {
59     static const OSSL_PARAM settables[] = {
60         OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
61         OSSL_PARAM_END
62     };
63     return settables;
64 }
65 
epki2pki_set_ctx_params(void * vctx,const OSSL_PARAM params[])66 static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
67 {
68     struct epki2pki_ctx_st *ctx = vctx;
69     const OSSL_PARAM *p;
70     char *str = ctx->propq;
71 
72     p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
73     if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
74         return 0;
75 
76     return 1;
77 }
78 
79 /*
80  * The selection parameter in epki2pki_decode() is not used by this function
81  * because it's not relevant just to decode EncryptedPrivateKeyInfo to
82  * PrivateKeyInfo.
83  */
epki2pki_decode(void * vctx,OSSL_CORE_BIO * cin,int selection,OSSL_CALLBACK * data_cb,void * data_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)84 static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
85                            OSSL_CALLBACK *data_cb, void *data_cbarg,
86                            OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
87 {
88     struct epki2pki_ctx_st *ctx = vctx;
89     BUF_MEM *mem = NULL;
90     unsigned char *der = NULL;
91     long der_len = 0;
92     BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
93     int ok = 0;
94 
95     if (in == NULL)
96         return 0;
97 
98     ok = (asn1_d2i_read_bio(in, &mem) >= 0);
99     BIO_free(in);
100 
101     /* We return "empty handed".  This is not an error. */
102     if (!ok)
103         return 1;
104 
105     der = (unsigned char *)mem->data;
106     der_len = (long)mem->length;
107     OPENSSL_free(mem);
108 
109     ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg,
110                                   pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx),
111                                   ctx->propq);
112     OPENSSL_free(der);
113     return ok;
114 }
115 
ossl_epki2pki_der_decode(unsigned char * der,long der_len,int selection,OSSL_CALLBACK * data_cb,void * data_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg,OSSL_LIB_CTX * libctx,const char * propq)116 int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection,
117                              OSSL_CALLBACK *data_cb, void *data_cbarg,
118                              OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
119                              OSSL_LIB_CTX *libctx, const char *propq)
120 {
121     const unsigned char *pder = der;
122     unsigned char *new_der = NULL;
123     X509_SIG *p8 = NULL;
124     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
125     const X509_ALGOR *alg = NULL;
126     int ok = 1;     /* Assume good */
127 
128     ERR_set_mark();
129     if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
130         char pbuf[1024];
131         size_t plen = 0;
132 
133         ERR_clear_last_mark();
134 
135         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
136             ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
137             ok = 0;
138         } else {
139             const ASN1_OCTET_STRING *oct;
140             int new_der_len = 0;
141 
142             X509_SIG_get0(p8, &alg, &oct);
143             if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
144                                      oct->data, oct->length,
145                                      &new_der, &new_der_len, 0,
146                                      libctx, propq)) {
147                 ok = 0;
148             } else {
149                 der = new_der;
150                 der_len = new_der_len;
151             }
152             alg = NULL;
153         }
154         X509_SIG_free(p8);
155     } else {
156         ERR_pop_to_mark();
157     }
158 
159     ERR_set_mark();
160     pder = der;
161     p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
162     ERR_pop_to_mark();
163 
164     if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
165         /*
166          * We have something and recognised it as PrivateKeyInfo, so let's
167          * pass all the applicable data to the callback.
168          */
169         char keytype[OSSL_MAX_NAME_SIZE];
170         OSSL_PARAM params[6], *p = params;
171         int objtype = OSSL_OBJECT_PKEY;
172 
173         OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
174 
175         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
176                                                 keytype, 0);
177         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE,
178                                                 "DER", 0);
179         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
180                                                 "PrivateKeyInfo", 0);
181         *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
182                                                  der, der_len);
183         *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
184         *p = OSSL_PARAM_construct_end();
185 
186         ok = data_cb(params, data_cbarg);
187     }
188     PKCS8_PRIV_KEY_INFO_free(p8inf);
189     OPENSSL_free(new_der);
190     return ok;
191 }
192 
193 const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
194     { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
195     { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
196     { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
197     { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
198       (void (*)(void))epki2pki_settable_ctx_params },
199     { OSSL_FUNC_DECODER_SET_CTX_PARAMS,
200       (void (*)(void))epki2pki_set_ctx_params },
201     OSSL_DISPATCH_END
202 };
203