kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
5667 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Struktur: 9978f0a865
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „9978f0a865“
${ noResults }
boringssl/crypto/evp/evp_asn1.c

388 Zeilen
11 KiB
Originalformat Blame Verlauf 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/evp.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/bytestring.h>

  62. #include <openssl/dsa.h>

  63. #include <openssl/ec_key.h>

  64. #include <openssl/err.h>

  65. #include <openssl/rsa.h>

  66. 

  67. #include "internal.h"

  68. #include "../internal.h"

  69. 

  70. 

  71. static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = {

  72.     &rsa_asn1_meth,

  73.     &ec_asn1_meth,

  74.     &dsa_asn1_meth,

  75.     &ed25519_asn1_meth,

  76. };

  77. 

  78. static int parse_key_type(CBS *cbs, int *out_type) {

  79.   CBS oid;

  80.   if (!CBS_get_asn1(cbs, &oid, CBS_ASN1_OBJECT)) {

  81.     return 0;

  82.   }

  83. 

  84.   for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Methods); i++) {

  85.     const EVP_PKEY_ASN1_METHOD *method = kASN1Methods[i];

  86.     if (CBS_len(&oid) == method->oid_len &&

  87.         OPENSSL_memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) {

  88.       *out_type = method->pkey_id;

  89.       return 1;

  90.     }

  91.   }

  92. 

  93.   return 0;

  94. }

  95. 

  96. EVP_PKEY *EVP_parse_public_key(CBS *cbs) {

  97.   // Parse the SubjectPublicKeyInfo.

  98.   CBS spki, algorithm, key;

  99.   int type;

  100.   uint8_t padding;

  101.   if (!CBS_get_asn1(cbs, &spki, CBS_ASN1_SEQUENCE) ||

  102.       !CBS_get_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||

  103.       !CBS_get_asn1(&spki, &key, CBS_ASN1_BITSTRING) ||

  104.       CBS_len(&spki) != 0) {

  105.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  106.     return NULL;

  107.   }

  108.   if (!parse_key_type(&algorithm, &type)) {

  109.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  110.     return NULL;

  111.   }

  112.   if (// Every key type defined encodes the key as a byte string with the same

  113.       // conversion to BIT STRING.

  114.       !CBS_get_u8(&key, &padding) ||

  115.       padding != 0) {

  116.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  117.     return NULL;

  118.   }

  119. 

  120.   // Set up an |EVP_PKEY| of the appropriate type.

  121.   EVP_PKEY *ret = EVP_PKEY_new();

  122.   if (ret == NULL ||

  123.       !EVP_PKEY_set_type(ret, type)) {

  124.     goto err;

  125.   }

  126. 

  127.   // Call into the type-specific SPKI decoding function.

  128.   if (ret->ameth->pub_decode == NULL) {

  129.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  130.     goto err;

  131.   }

  132.   if (!ret->ameth->pub_decode(ret, &algorithm, &key)) {

  133.     goto err;

  134.   }

  135. 

  136.   return ret;

  137. 

  138. err:

  139.   EVP_PKEY_free(ret);

  140.   return NULL;

  141. }

  142. 

  143. int EVP_marshal_public_key(CBB *cbb, const EVP_PKEY *key) {

  144.   if (key->ameth == NULL || key->ameth->pub_encode == NULL) {

  145.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  146.     return 0;

  147.   }

  148. 

  149.   return key->ameth->pub_encode(cbb, key);

  150. }

  151. 

  152. EVP_PKEY *EVP_parse_private_key(CBS *cbs) {

  153.   // Parse the PrivateKeyInfo.

  154.   CBS pkcs8, algorithm, key;

  155.   uint64_t version;

  156.   int type;

  157.   if (!CBS_get_asn1(cbs, &pkcs8, CBS_ASN1_SEQUENCE) ||

  158.       !CBS_get_asn1_uint64(&pkcs8, &version) ||

  159.       version != 0 ||

  160.       !CBS_get_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||

  161.       !CBS_get_asn1(&pkcs8, &key, CBS_ASN1_OCTETSTRING)) {

  162.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  163.     return NULL;

  164.   }

  165.   if (!parse_key_type(&algorithm, &type)) {

  166.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  167.     return NULL;

  168.   }

  169. 

  170.   // A PrivateKeyInfo ends with a SET of Attributes which we ignore.

  171. 

  172.   // Set up an |EVP_PKEY| of the appropriate type.

  173.   EVP_PKEY *ret = EVP_PKEY_new();

  174.   if (ret == NULL ||

  175.       !EVP_PKEY_set_type(ret, type)) {

  176.     goto err;

  177.   }

  178. 

  179.   // Call into the type-specific PrivateKeyInfo decoding function.

  180.   if (ret->ameth->priv_decode == NULL) {

  181.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  182.     goto err;

  183.   }

  184.   if (!ret->ameth->priv_decode(ret, &algorithm, &key)) {

  185.     goto err;

  186.   }

  187. 

  188.   return ret;

  189. 

  190. err:

  191.   EVP_PKEY_free(ret);

  192.   return NULL;

  193. }

  194. 

  195. int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key) {

  196.   if (key->ameth == NULL || key->ameth->priv_encode == NULL) {

  197.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  198.     return 0;

  199.   }

  200. 

  201.   return key->ameth->priv_encode(cbb, key);

  202. }

  203. 

  204. static EVP_PKEY *old_priv_decode(CBS *cbs, int type) {

  205.   EVP_PKEY *ret = EVP_PKEY_new();

  206.   if (ret == NULL) {

  207.     return NULL;

  208.   }

  209. 

  210.   switch (type) {

  211.     case EVP_PKEY_EC: {

  212.       EC_KEY *ec_key = EC_KEY_parse_private_key(cbs, NULL);

  213.       if (ec_key == NULL || !EVP_PKEY_assign_EC_KEY(ret, ec_key)) {

  214.         EC_KEY_free(ec_key);

  215.         goto err;

  216.       }

  217.       return ret;

  218.     }

  219.     case EVP_PKEY_DSA: {

  220.       DSA *dsa = DSA_parse_private_key(cbs);

  221.       if (dsa == NULL || !EVP_PKEY_assign_DSA(ret, dsa)) {

  222.         DSA_free(dsa);

  223.         goto err;

  224.       }

  225.       return ret;

  226.     }

  227.     case EVP_PKEY_RSA: {

  228.       RSA *rsa = RSA_parse_private_key(cbs);

  229.       if (rsa == NULL || !EVP_PKEY_assign_RSA(ret, rsa)) {

  230.         RSA_free(rsa);

  231.         goto err;

  232.       }

  233.       return ret;

  234.     }

  235.     default:

  236.       OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE);

  237.       goto err;

  238.   }

  239. 

  240. err:

  241.   EVP_PKEY_free(ret);

  242.   return NULL;

  243. }

  244. 

  245. EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp,

  246.                          long len) {

  247.   if (len < 0) {

  248.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  249.     return NULL;

  250.   }

  251. 

  252.   // Parse with the legacy format.

  253.   CBS cbs;

  254.   CBS_init(&cbs, *inp, (size_t)len);

  255.   EVP_PKEY *ret = old_priv_decode(&cbs, type);

  256.   if (ret == NULL) {

  257.     // Try again with PKCS#8.

  258.     ERR_clear_error();

  259.     CBS_init(&cbs, *inp, (size_t)len);

  260.     ret = EVP_parse_private_key(&cbs);

  261.     if (ret == NULL) {

  262.       return NULL;

  263.     }

  264.     if (ret->type != type) {

  265.       OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);

  266.       EVP_PKEY_free(ret);

  267.       return NULL;

  268.     }

  269.   }

  270. 

  271.   if (out != NULL) {

  272.     EVP_PKEY_free(*out);

  273.     *out = ret;

  274.   }

  275.   *inp = CBS_data(&cbs);

  276.   return ret;

  277. }

  278. 

  279. // num_elements parses one SEQUENCE from |in| and returns the number of elements

  280. // in it. On parse error, it returns zero.

  281. static size_t num_elements(const uint8_t *in, size_t in_len) {

  282.   CBS cbs, sequence;

  283.   CBS_init(&cbs, in, (size_t)in_len);

  284. 

  285.   if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE)) {

  286.     return 0;

  287.   }

  288. 

  289.   size_t count = 0;

  290.   while (CBS_len(&sequence) > 0) {

  291.     if (!CBS_get_any_asn1_element(&sequence, NULL, NULL, NULL)) {

  292.       return 0;

  293.     }

  294. 

  295.     count++;

  296.   }

  297. 

  298.   return count;

  299. }

  300. 

  301. EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) {

  302.   if (len < 0) {

  303.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  304.     return NULL;

  305.   }

  306. 

  307.   // Parse the input as a PKCS#8 PrivateKeyInfo.

  308.   CBS cbs;

  309.   CBS_init(&cbs, *inp, (size_t)len);

  310.   EVP_PKEY *ret = EVP_parse_private_key(&cbs);

  311.   if (ret != NULL) {

  312.     if (out != NULL) {

  313.       EVP_PKEY_free(*out);

  314.       *out = ret;

  315.     }

  316.     *inp = CBS_data(&cbs);

  317.     return ret;

  318.   }

  319.   ERR_clear_error();

  320. 

  321.   // Count the elements to determine the legacy key format.

  322.   switch (num_elements(*inp, (size_t)len)) {

  323.     case 4:

  324.       return d2i_PrivateKey(EVP_PKEY_EC, out, inp, len);

  325. 

  326.     case 6:

  327.       return d2i_PrivateKey(EVP_PKEY_DSA, out, inp, len);

  328. 

  329.     default:

  330.       return d2i_PrivateKey(EVP_PKEY_RSA, out, inp, len);

  331.   }

  332. }

  333. 

  334. int i2d_PublicKey(const EVP_PKEY *key, uint8_t **outp) {

  335.   switch (key->type) {

  336.     case EVP_PKEY_RSA:

  337.       return i2d_RSAPublicKey(key->pkey.rsa, outp);

  338.     case EVP_PKEY_DSA:

  339.       return i2d_DSAPublicKey(key->pkey.dsa, outp);

  340.     case EVP_PKEY_EC:

  341.       return i2o_ECPublicKey(key->pkey.ec, outp);

  342.     default:

  343.       OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

  344.       return -1;

  345.   }

  346. }

  347. 

  348. EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **out, const uint8_t **inp,

  349.                         long len) {

  350.   EVP_PKEY *ret = EVP_PKEY_new();

  351.   if (ret == NULL) {

  352.     return NULL;

  353.   }

  354. 

  355.   CBS cbs;

  356.   CBS_init(&cbs, *inp, len < 0 ? 0 : (size_t)len);

  357.   switch (type) {

  358.     case EVP_PKEY_RSA: {

  359.       RSA *rsa = RSA_parse_public_key(&cbs);

  360.       if (rsa == NULL || !EVP_PKEY_assign_RSA(ret, rsa)) {

  361.         RSA_free(rsa);

  362.         goto err;

  363.       }

  364.       break;

  365.     }

  366. 

  367.     // Unlike OpenSSL, we do not support EC keys with this API. The raw EC

  368.     // public key serialization requires knowing the group. In OpenSSL, calling

  369.     // this function with |EVP_PKEY_EC| and setting |out| to NULL does not work.

  370.     // It requires |*out| to include a partially-initiazed |EVP_PKEY| to extract

  371.     // the group.

  372.     default:

  373.       OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

  374.       goto err;

  375.   }

  376. 

  377.   *inp = CBS_data(&cbs);

  378.   if (out != NULL) {

  379.     EVP_PKEY_free(*out);

  380.     *out = ret;

  381.   }

  382.   return ret;

  383. 

  384. err:

  385.   EVP_PKEY_free(ret);

  386.   return NULL;

  387. }