mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

PROV: Add MSBLOB and PVK to DSA and RSA deserializers

Browse Source 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12574)
This commit is contained in:
Richard Levitte 2020-08-03 21:08:40 +02:00
parent fb89000897
commit 37d398c180
6 changed files with 326 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
providers/deserializers.inc
View File

@ -16,6 +16,10 @@
#endif
#ifndef OPENSSL_NO_DSA
DESER("DSA", "yes", "der", der_to_dsa_deserializer_functions),
DESER("DSA", "yes", "mblob", msblob_to_dsa_deserializer_functions),
# ifndef OPENSSL_NO_RC4
DESER("DSA", "yes", "pvk", pvk_to_dsa_deserializer_functions),
# endif
#endif
#ifndef OPENSSL_NO_EC
DESER("EC", "yes", "der", der_to_ec_deserializer_functions),
@ -26,5 +30,12 @@
#endif
DESER("RSA", "yes", "der", der_to_rsa_deserializer_functions),
DESER("RSA-PSS", "yes", "der", der_to_rsapss_deserializer_functions),
#ifndef OPENSSL_NO_DSA
DESER("RSA", "yes", "mblob", msblob_to_rsa_deserializer_functions),
# ifndef OPENSSL_NO_RC4
DESER("RSA", "yes", "pvk", pvk_to_rsa_deserializer_functions),
# endif
#endif
DESER("DER", "yes", "pem", pem_to_der_deserializer_functions),

4
providers/implementations/include/prov/implementations.h
View File

@ -361,6 +361,8 @@ extern const OSSL_DISPATCH ec_param_pem_serializer_functions[];
extern const OSSL_DISPATCH der_to_dh_deserializer_functions[];
extern const OSSL_DISPATCH der_to_dsa_deserializer_functions[];
extern const OSSL_DISPATCH msblob_to_dsa_deserializer_functions[];
extern const OSSL_DISPATCH pvk_to_dsa_deserializer_functions[];
extern const OSSL_DISPATCH der_to_ec_deserializer_functions[];
extern const OSSL_DISPATCH der_to_x25519_deserializer_functions[];
extern const OSSL_DISPATCH der_to_x448_deserializer_functions[];
@ -368,4 +370,6 @@ extern const OSSL_DISPATCH der_to_ed25519_deserializer_functions[];
extern const OSSL_DISPATCH der_to_ed448_deserializer_functions[];
extern const OSSL_DISPATCH der_to_rsa_deserializer_functions[];
extern const OSSL_DISPATCH der_to_rsapss_deserializer_functions[];
extern const OSSL_DISPATCH msblob_to_rsa_deserializer_functions[];
extern const OSSL_DISPATCH pvk_to_rsa_deserializer_functions[];
extern const OSSL_DISPATCH pem_to_der_deserializer_functions[];

6
providers/implementations/serializers/build.info
View File

@ -12,7 +12,11 @@ $EC_GOAL=../../libimplementations.a
SOURCE[$SERIALIZER_GOAL]=serializer_common.c deserialize_common.c
SOURCE[$RSA_GOAL]=deserialize_der2key.c deserialize_pem2der.c
SOURCE[$DESERIALIZER_GOAL]=deserialize_der2key.c deserialize_pem2der.c
IF[{- !$disabled{dsa} -}]
SOURCE[$DESERIALIZER_GOAL]=deserialize_ms2key.c
ENDIF
SOURCE[$RSA_GOAL]=serializer_rsa.c serializer_rsa_priv.c serializer_rsa_pub.c
DEPEND[serializer_rsa.o]=../../common/include/prov/der_rsa.h

58
providers/implementations/serializers/deserialize_common.c
View File

@ -7,11 +7,13 @@
* https://www.openssl.org/source/license.html
*/
#include <openssl/core_names.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/buffer.h>
#include <openssl/pem.h>
#include <openssl/pem.h> /* For public PEM and PVK functions */
#include <openssl/pkcs12.h>
#include "internal/pem.h" /* For internal PVK and "blob" functions */
#include "internal/cryptlib.h"
#include "crypto/asn1.h"
#include "prov/bio.h" /* ossl_prov_bio_printf() */
@ -45,6 +47,60 @@ int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
return ok;
}
#ifndef OPENSSL_NO_DSA
EVP_PKEY *ossl_prov_read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
int *ispub)
{
BIO *in = bio_new_from_core_bio(provctx, cin);
EVP_PKEY *pkey = ossl_b2i_bio(in, ispub);
BIO_free(in);
return pkey;
}
struct pwdata_st {
OSSL_PASSPHRASE_CALLBACK *pw_cb;
void *pw_cbarg;
};
pem_password_cb pw_pem_password_to_ossl_passhrase;
int pw_pem_password_to_ossl_passhrase(char *buf, int size, int rwflag,
void *userdata)
{
struct pwdata_st *data = userdata;
size_t pw_len = 0;
static char prompt_info[] = "pass phrase";
OSSL_PARAM params[] = {
OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO, prompt_info,
sizeof(prompt_info) - 1),
OSSL_PARAM_END
};
int ok = data->pw_cb(buf, (size_t)size, &pw_len, params, data->pw_cbarg);
if (ok)
return (int)pw_len;
else
return -1;
}
# ifndef OPENSSL_NO_RC4
EVP_PKEY *ossl_prov_read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
BIO *in = bio_new_from_core_bio(provctx, cin);
EVP_PKEY *pkey = NULL;
struct pwdata_st pwdata;
pwdata.pw_cb = pw_cb;
pwdata.pw_cbarg = pw_cbarg;
pkey = b2i_PVK_bio(in, pw_pem_password_to_ossl_passhrase, &pwdata);
BIO_free(in);
return pkey;
}
# endif
#endif
int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len,
unsigned char *input_der, long input_der_len,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)

241
providers/implementations/serializers/deserialize_ms2key.c Normal file
View File

@ -0,0 +1,241 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/crypto.h>
#include <openssl/params.h>
#include <openssl/x509.h>
#include "internal/pem.h" /* For PVK and "blob" PEM headers */
#include "prov/bio.h"
#include "prov/implementations.h"
#include "serializer_local.h"
static OSSL_FUNC_deserializer_freectx_fn ms2key_freectx;
static OSSL_FUNC_deserializer_gettable_params_fn ms2key_gettable_params;
static OSSL_FUNC_deserializer_get_params_fn msblob2key_get_params;
#ifndef OPENSSL_NO_RC4
static OSSL_FUNC_deserializer_get_params_fn pvk2key_get_params;
#endif
static OSSL_FUNC_deserializer_deserialize_fn msblob2key_deserialize;
#ifndef OPENSSL_NO_RC4
static OSSL_FUNC_deserializer_deserialize_fn pvk2key_deserialize;
#endif
static OSSL_FUNC_deserializer_export_object_fn ms2key_export_object;
typedef void *(extract_key_fn)(EVP_PKEY *);
typedef void (free_key_fn)(void *);
struct keytype_desc_st {
int type; /* EVP key type */
const char *name; /* Keytype */
const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
/*
* These must be the correct EVP_PKEY_get1_{TYPE}() and {TYPE}_free()
* function for the key.
*/
extract_key_fn *extract_key;
free_key_fn *free_key;
};
/*
* Context used for DER to key deserialization.
*/
struct ms2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
};
static struct ms2key_ctx_st *
ms2key_newctx(void *provctx, const struct keytype_desc_st *desc)
{
struct ms2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx != NULL) {
ctx->provctx = provctx;
ctx->desc = desc;
}
return ctx;
}
static void ms2key_freectx(void *vctx)
{
struct ms2key_ctx_st *ctx = vctx;
OPENSSL_free(ctx);
}
static const OSSL_PARAM *ms2key_gettable_params(void)
{
static const OSSL_PARAM gettables[] = {
{ OSSL_DESERIALIZER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
OSSL_PARAM_END,
};
return gettables;
}
static int msblob2key_get_params(OSSL_PARAM params[])
{
OSSL_PARAM *p;
p = OSSL_PARAM_locate(params, OSSL_DESERIALIZER_PARAM_INPUT_TYPE);
if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "MSBLOB"))
return 0;
return 1;
}
#ifndef OPENSSL_NO_RC4
static int pvk2key_get_params(OSSL_PARAM params[])
{
OSSL_PARAM *p;
p = OSSL_PARAM_locate(params, OSSL_DESERIALIZER_PARAM_INPUT_TYPE);
if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "PVK"))
return 0;
return 1;
}
#endif
static int ms2key_post(struct ms2key_ctx_st *ctx, EVP_PKEY *pkey,
OSSL_CALLBACK *data_cb, void *data_cbarg)
{
void *key = NULL;
int ok = 0;
if (pkey != NULL) {
/*
* Tear out the low-level key pointer from the pkey,
* but only if it matches the expected key type.
*
* TODO(3.0): The check should be done with EVP_PKEY_is_a(), but
* as long as we still have #legacy internal keys, it's safer to
* use the type numbers in side the provider.
*/
if (EVP_PKEY_id(pkey) == ctx->desc->type)
key = ctx->desc->extract_key(pkey);
}
if (key != NULL) {
OSSL_PARAM params[3];
params[0] =
OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_DATA_TYPE,
(char *)ctx->desc->name, 0);
/* The address of the key becomes the octet string */
params[1] =
OSSL_PARAM_construct_octet_string(OSSL_DESERIALIZER_PARAM_REFERENCE,
&key, sizeof(key));
params[2] = OSSL_PARAM_construct_end();
ok = data_cb(params, data_cbarg);
}
ctx->desc->free_key(key);
return ok;
}
static int msblob2key_deserialize(void *vctx, OSSL_CORE_BIO *cin,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb,
void *pw_cbarg)
{
struct ms2key_ctx_st *ctx = vctx;
int ispub = -1;
EVP_PKEY *pkey = ossl_prov_read_msblob(ctx->provctx, cin, &ispub);
int ok = ms2key_post(ctx, pkey, data_cb, data_cbarg);
EVP_PKEY_free(pkey);
return ok;
}
#ifndef OPENSSL_NO_RC4
static int pvk2key_deserialize(void *vctx, OSSL_CORE_BIO *cin,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb,
void *pw_cbarg)
{
struct ms2key_ctx_st *ctx = vctx;
EVP_PKEY *pkey = ossl_prov_read_pvk(ctx->provctx, cin, pw_cb, pw_cbarg);
int ok = ms2key_post(ctx, pkey, data_cb, data_cbarg);
EVP_PKEY_free(pkey);
return ok;
}
#endif
static int ms2key_export_object(void *vctx,
const void *reference, size_t reference_sz,
OSSL_CALLBACK *export_cb, void *export_cbarg)
{
struct ms2key_ctx_st *ctx = vctx;
OSSL_FUNC_keymgmt_export_fn *export =
ossl_prov_get_keymgmt_export(ctx->desc->fns);
void *keydata;
if (reference_sz == sizeof(keydata) && export != NULL) {
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
export_cb, export_cbarg);
}
return 0;
}
#define IMPLEMENT_TYPE(KEYTYPEstr, KEYTYPE, keytype, extract, free) \
static const struct keytype_desc_st keytype##_desc; \
static OSSL_FUNC_deserializer_newctx_fn ms2##keytype##_newctx; \
static void *ms2##keytype##_newctx(void *provctx) \
{ \
return ms2key_newctx(provctx, &keytype##_desc); \
} \
static const struct keytype_desc_st keytype##_desc = \
{ EVP_PKEY_##KEYTYPE, KEYTYPEstr, keytype##_keymgmt_functions, \
(extract_key_fn *)extract, \
(free_key_fn *)free }
#define IMPLEMENT_MS(mstype, keytype) \
const OSSL_DISPATCH \
mstype##_to_##keytype##_deserializer_functions[] = { \
{ OSSL_FUNC_DESERIALIZER_NEWCTX, \
(void (*)(void))ms2##keytype##_newctx }, \
{ OSSL_FUNC_DESERIALIZER_FREECTX, \
(void (*)(void))ms2key_freectx }, \
{ OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS, \
(void (*)(void))ms2key_gettable_params }, \
{ OSSL_FUNC_DESERIALIZER_GET_PARAMS, \
(void (*)(void))mstype##2key_get_params }, \
{ OSSL_FUNC_DESERIALIZER_DESERIALIZE, \
(void (*)(void))mstype##2key_deserialize }, \
{ OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT, \
(void (*)(void))ms2key_export_object }, \
{ 0, NULL } \
}
#ifndef OPENSSL_NO_DSA
IMPLEMENT_TYPE("DSA", DSA, dsa, EVP_PKEY_get1_DSA, DSA_free);
IMPLEMENT_MS(msblob, dsa);
# ifndef OPENSSL_NO_RC4
IMPLEMENT_MS(pvk, dsa);
# endif
#endif
IMPLEMENT_TYPE("RSA", RSA, rsa, EVP_PKEY_get1_RSA, RSA_free);
IMPLEMENT_MS(msblob, rsa);
#ifndef OPENSSL_NO_RC4
IMPLEMENT_MS(pvk, rsa);
#endif

8
providers/implementations/serializers/serializer_local.h
View File

@ -167,6 +167,14 @@ int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
char **pem_name, char **pem_header,
unsigned char **data, long *len);
#ifndef OPENSSL_NO_DSA
EVP_PKEY *ossl_prov_read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
int *ispub);
# ifndef OPENSSL_NO_RC4
EVP_PKEY *ossl_prov_read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg);
# endif
#endif
int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len,
unsigned char *input_der, long input_der_len,