1 /* 2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/core.h> 11 #include <openssl/core_dispatch.h> 12 #include <openssl/core_names.h> 13 #include <openssl/core_object.h> 14 #include <openssl/asn1.h> 15 #include <openssl/err.h> 16 #include <openssl/objects.h> 17 #include <openssl/pkcs12.h> 18 #include <openssl/x509.h> 19 #include <openssl/proverr.h> 20 #include "internal/asn1.h" 21 #include "internal/sizes.h" 22 #include "prov/bio.h" 23 #include "prov/decoders.h" 24 #include "prov/implementations.h" 25 #include "endecoder_local.h" 26 27 static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx; 28 static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx; 29 static OSSL_FUNC_decoder_decode_fn epki2pki_decode; 30 static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params; 31 static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params; 32 33 /* 34 * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding. 35 */ 36 struct epki2pki_ctx_st { 37 PROV_CTX *provctx; 38 char propq[OSSL_MAX_PROPQUERY_SIZE]; 39 }; 40 41 static void *epki2pki_newctx(void *provctx) 42 { 43 struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 44 45 if (ctx != NULL) 46 ctx->provctx = provctx; 47 return ctx; 48 } 49 50 static void epki2pki_freectx(void *vctx) 51 { 52 struct epki2pki_ctx_st *ctx = vctx; 53 54 OPENSSL_free(ctx); 55 } 56 57 static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx) 58 { 59 static const OSSL_PARAM settables[] = { 60 OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0), 61 OSSL_PARAM_END 62 }; 63 return settables; 64 } 65 66 static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 67 { 68 struct epki2pki_ctx_st *ctx = vctx; 69 const OSSL_PARAM *p; 70 char *str = ctx->propq; 71 72 p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES); 73 if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq))) 74 return 0; 75 76 return 1; 77 } 78 79 /* 80 * The selection parameter in epki2pki_decode() is not used by this function 81 * because it's not relevant just to decode EncryptedPrivateKeyInfo to 82 * PrivateKeyInfo. 83 */ 84 static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, 85 OSSL_CALLBACK *data_cb, void *data_cbarg, 86 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) 87 { 88 struct epki2pki_ctx_st *ctx = vctx; 89 BUF_MEM *mem = NULL; 90 unsigned char *der = NULL; 91 long der_len = 0; 92 BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); 93 int ok = 0; 94 95 if (in == NULL) 96 return 0; 97 98 ok = (asn1_d2i_read_bio(in, &mem) >= 0); 99 BIO_free(in); 100 101 /* We return "empty handed". This is not an error. */ 102 if (!ok) 103 return 1; 104 105 der = (unsigned char *)mem->data; 106 der_len = (long)mem->length; 107 OPENSSL_free(mem); 108 109 ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg, 110 pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx), 111 ctx->propq); 112 OPENSSL_free(der); 113 return ok; 114 } 115 116 int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection, 117 OSSL_CALLBACK *data_cb, void *data_cbarg, 118 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg, 119 OSSL_LIB_CTX *libctx, const char *propq) 120 { 121 const unsigned char *pder = der; 122 unsigned char *new_der = NULL; 123 X509_SIG *p8 = NULL; 124 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 125 const X509_ALGOR *alg = NULL; 126 int ok = 1; /* Assume good */ 127 128 ERR_set_mark(); 129 if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) { 130 char pbuf[1024]; 131 size_t plen = 0; 132 133 ERR_clear_last_mark(); 134 135 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { 136 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); 137 ok = 0; 138 } else { 139 const ASN1_OCTET_STRING *oct; 140 int new_der_len = 0; 141 142 X509_SIG_get0(p8, &alg, &oct); 143 if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen, 144 oct->data, oct->length, 145 &new_der, &new_der_len, 0, 146 libctx, propq)) { 147 ok = 0; 148 } else { 149 der = new_der; 150 der_len = new_der_len; 151 } 152 alg = NULL; 153 } 154 X509_SIG_free(p8); 155 } else { 156 ERR_pop_to_mark(); 157 } 158 159 ERR_set_mark(); 160 pder = der; 161 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len); 162 ERR_pop_to_mark(); 163 164 if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) { 165 /* 166 * We have something and recognised it as PrivateKeyInfo, so let's 167 * pass all the applicable data to the callback. 168 */ 169 char keytype[OSSL_MAX_NAME_SIZE]; 170 OSSL_PARAM params[6], *p = params; 171 int objtype = OSSL_OBJECT_PKEY; 172 173 OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0); 174 175 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, 176 keytype, 0); 177 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE, 178 "DER", 0); 179 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, 180 "PrivateKeyInfo", 0); 181 *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, 182 der, der_len); 183 *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); 184 *p = OSSL_PARAM_construct_end(); 185 186 ok = data_cb(params, data_cbarg); 187 } 188 PKCS8_PRIV_KEY_INFO_free(p8inf); 189 OPENSSL_free(new_der); 190 return ok; 191 } 192 193 const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = { 194 { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx }, 195 { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx }, 196 { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode }, 197 { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, 198 (void (*)(void))epki2pki_settable_ctx_params }, 199 { OSSL_FUNC_DECODER_SET_CTX_PARAMS, 200 (void (*)(void))epki2pki_set_ctx_params }, 201 OSSL_DISPATCH_END 202 }; 203