61
61
#include "cryptlib.h"
62
62
#include <openssl/x509.h>
63
63
#include <openssl/rand.h>
64
#ifndef OPENSSL_NO_RSA
65
#include <openssl/rsa.h>
67
#ifndef OPENSSL_NO_DSA
68
#include <openssl/dsa.h>
70
#include <openssl/bn.h>
72
#ifndef OPENSSL_NO_DSA
73
static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
76
static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
64
#include "asn1_locl.h"
79
66
/* Extract a private key from a PKCS8 structure */
81
68
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
83
70
EVP_PKEY *pkey = NULL;
84
#ifndef OPENSSL_NO_RSA
87
#ifndef OPENSSL_NO_DSA
90
ASN1_INTEGER *privkey;
91
STACK_OF(ASN1_TYPE) *ndsa = NULL;
95
const unsigned char *p_tmp;
97
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98
ASN1_TYPE *param = NULL;
103
const unsigned char *p;
104
const unsigned char *cp;
109
if(p8->pkey->type == V_ASN1_OCTET_STRING) {
110
p8->broken = PKCS8_OK;
111
p = p8->pkey->value.octet_string->data;
112
pkeylen = p8->pkey->value.octet_string->length;
114
p8->broken = PKCS8_NO_OCTET;
115
p = p8->pkey->value.sequence->data;
116
pkeylen = p8->pkey->value.sequence->length;
74
if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
118
77
if (!(pkey = EVP_PKEY_new())) {
119
78
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
123
nid = OBJ_obj2nid(a->algorithm);
126
#ifndef OPENSSL_NO_RSA
127
case NID_rsaEncryption:
129
if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
130
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
133
EVP_PKEY_assign_RSA (pkey, rsa);
136
#ifndef OPENSSL_NO_DSA
138
/* PKCS#8 DSA is weird: you just get a private key integer
139
* and parameters in the AlgorithmIdentifier the pubkey must
143
/* Check for broken DSA PKCS#8, UGH! */
144
if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
145
if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
148
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
151
if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
152
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
155
/* Handle Two broken types:
156
* SEQUENCE {parameters, priv_key}
157
* SEQUENCE {pub_key, priv_key}
160
t1 = sk_ASN1_TYPE_value(ndsa, 0);
161
t2 = sk_ASN1_TYPE_value(ndsa, 1);
162
if(t1->type == V_ASN1_SEQUENCE) {
163
p8->broken = PKCS8_EMBEDDED_PARAM;
165
} else if(a->parameter->type == V_ASN1_SEQUENCE) {
166
p8->broken = PKCS8_NS_DB;
167
param = a->parameter;
169
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
173
if(t2->type != V_ASN1_INTEGER) {
174
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
177
privkey = t2->value.integer;
179
if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
180
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
183
param = p8->pkeyalg->parameter;
185
if (!param || (param->type != V_ASN1_SEQUENCE)) {
186
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
189
cp = p = param->value.sequence->data;
190
plen = param->value.sequence->length;
191
if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
192
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
195
/* We have parameters now set private key */
196
if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
197
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
200
/* Calculate public key (ouch!) */
201
if (!(dsa->pub_key = BN_new())) {
202
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
205
if (!(ctx = BN_CTX_new())) {
206
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
210
if (!BN_mod_exp(dsa->pub_key, dsa->g,
211
dsa->priv_key, dsa->p, ctx)) {
213
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
217
EVP_PKEY_assign_DSA(pkey, dsa);
219
if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
220
else ASN1_INTEGER_free(privkey);
224
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
230
#ifndef OPENSSL_NO_EC
231
case NID_X9_62_id_ecPublicKey:
233
/* extract the ec parameters */
234
param = p8->pkeyalg->parameter;
236
if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237
(param->type != V_ASN1_OBJECT)))
239
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
243
if (param->type == V_ASN1_SEQUENCE)
245
cp = p = param->value.sequence->data;
246
plen = param->value.sequence->length;
248
if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
250
EVPerr(EVP_F_EVP_PKCS82PKEY,
258
cp = p = param->value.object->data;
259
plen = param->value.object->length;
261
/* type == V_ASN1_OBJECT => the parameters are given
264
if ((eckey = EC_KEY_new()) == NULL)
266
EVPerr(EVP_F_EVP_PKCS82PKEY,
267
ERR_R_MALLOC_FAILURE);
270
group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
273
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274
if (EC_KEY_set_group(eckey, group) == 0)
276
EC_GROUP_free(group);
279
/* We have parameters now set private key */
280
if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
282
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
286
/* calculate public key (if necessary) */
287
if (EC_KEY_get0_public_key(eckey) == NULL)
289
const BIGNUM *priv_key;
290
const EC_GROUP *group;
292
/* the public key was not included in the SEC1 private
293
* key => calculate the public key */
294
group = EC_KEY_get0_group(eckey);
295
pub_key = EC_POINT_new(group);
298
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
301
if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
303
EC_POINT_free(pub_key);
304
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
307
priv_key = EC_KEY_get0_private_key(eckey);
308
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
310
EC_POINT_free(pub_key);
311
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
314
if (EC_KEY_set_public_key(eckey, pub_key) == 0)
316
EC_POINT_free(pub_key);
317
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
320
EC_POINT_free(pub_key);
323
EVP_PKEY_assign_EC_KEY(pkey, eckey);
82
if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
337
84
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
338
if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
339
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
85
i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
340
86
ERR_add_error_data(2, "TYPE=", obj_tmp);
341
EVP_PKEY_free (pkey);
90
if (pkey->ameth->priv_decode)
92
if (!pkey->ameth->priv_decode(pkey, p8))
94
EVPerr(EVP_F_EVP_PKCS82PKEY,
95
EVP_R_PRIVATE_KEY_DECODE_ERROR);
101
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
108
EVP_PKEY_free (pkey);
347
112
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
362
127
p8->broken = broken;
363
if (!ASN1_INTEGER_set(p8->version, 0)) {
364
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
365
PKCS8_PRIV_KEY_INFO_free (p8);
368
if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
369
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
370
PKCS8_PRIV_KEY_INFO_free (p8);
373
p8->pkey->type = V_ASN1_OCTET_STRING;
374
switch (EVP_PKEY_type(pkey->type)) {
375
#ifndef OPENSSL_NO_RSA
378
if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
380
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
381
p8->pkeyalg->parameter->type = V_ASN1_NULL;
382
if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
383
&p8->pkey->value.octet_string)) {
384
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
385
PKCS8_PRIV_KEY_INFO_free (p8);
390
#ifndef OPENSSL_NO_DSA
392
if(!dsa_pkey2pkcs8(p8, pkey)) {
393
PKCS8_PRIV_KEY_INFO_free (p8);
399
#ifndef OPENSSL_NO_EC
401
if (!eckey_pkey2pkcs8(p8, pkey))
403
PKCS8_PRIV_KEY_INFO_free(p8);
409
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
410
PKCS8_PRIV_KEY_INFO_free (p8);
131
if (pkey->ameth->priv_encode)
133
if (!pkey->ameth->priv_encode(p8, pkey))
135
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
136
EVP_R_PRIVATE_KEY_ENCODE_ERROR);
142
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
143
EVP_R_METHOD_NOT_SUPPORTED);
149
EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
150
EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
413
153
RAND_add(p8->pkey->value.octet_string->data,
414
154
p8->pkey->value.octet_string->length, 0.0);
157
PKCS8_PRIV_KEY_INFO_free(p8);
418
161
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
439
#ifndef OPENSSL_NO_DSA
440
static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
442
ASN1_STRING *params = NULL;
443
ASN1_INTEGER *prkey = NULL;
444
ASN1_TYPE *ttmp = NULL;
445
STACK_OF(ASN1_TYPE) *ndsa = NULL;
446
unsigned char *p = NULL, *q;
449
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
450
len = i2d_DSAparams (pkey->pkey.dsa, NULL);
451
if (!(p = OPENSSL_malloc(len))) {
452
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
456
i2d_DSAparams (pkey->pkey.dsa, &q);
457
if (!(params = ASN1_STRING_new())) {
458
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
461
if (!ASN1_STRING_set(params, p, len)) {
462
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
467
/* Get private key into integer */
468
if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
469
EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
478
if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
479
&p8->pkey->value.octet_string)) {
480
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
484
M_ASN1_INTEGER_free (prkey);
486
p8->pkeyalg->parameter->value.sequence = params;
488
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
494
p8->pkeyalg->parameter->value.sequence = params;
496
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
497
if (!(ndsa = sk_ASN1_TYPE_new_null())) {
498
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
501
if (!(ttmp = ASN1_TYPE_new())) {
502
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
505
if (!(ttmp->value.integer =
506
BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
507
EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
510
ttmp->type = V_ASN1_INTEGER;
511
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
512
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
516
if (!(ttmp = ASN1_TYPE_new())) {
517
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
520
ttmp->value.integer = prkey;
522
ttmp->type = V_ASN1_INTEGER;
523
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
524
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
529
if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
530
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
534
if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
535
&p8->pkey->value.octet_string->data,
536
&p8->pkey->value.octet_string->length)) {
538
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
541
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
544
case PKCS8_EMBEDDED_PARAM:
546
p8->pkeyalg->parameter->type = V_ASN1_NULL;
547
if (!(ndsa = sk_ASN1_TYPE_new_null())) {
548
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
551
if (!(ttmp = ASN1_TYPE_new())) {
552
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
555
ttmp->value.sequence = params;
557
ttmp->type = V_ASN1_SEQUENCE;
558
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
559
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
563
if (!(ttmp = ASN1_TYPE_new())) {
564
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
567
ttmp->value.integer = prkey;
569
ttmp->type = V_ASN1_INTEGER;
570
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
571
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
576
if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
577
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
581
if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
582
&p8->pkey->value.octet_string->data,
583
&p8->pkey->value.octet_string->length)) {
585
EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
588
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
593
if (p != NULL) OPENSSL_free(p);
594
if (params != NULL) ASN1_STRING_free(params);
595
if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
596
if (ttmp != NULL) ASN1_TYPE_free(ttmp);
597
if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
602
#ifndef OPENSSL_NO_EC
603
static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
606
const EC_GROUP *group;
607
unsigned char *p, *pp;
609
unsigned int tmp_flags, old_flags;
611
ec_key = pkey->pkey.ec;
612
if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
614
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
618
/* set the ec parameters OID */
619
if (p8->pkeyalg->algorithm)
620
ASN1_OBJECT_free(p8->pkeyalg->algorithm);
622
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
624
/* set the ec parameters */
626
if (p8->pkeyalg->parameter)
628
ASN1_TYPE_free(p8->pkeyalg->parameter);
629
p8->pkeyalg->parameter = NULL;
632
if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
634
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
638
if (EC_GROUP_get_asn1_flag(group)
639
&& (nid = EC_GROUP_get_curve_name(group)))
641
/* we have a 'named curve' => just set the OID */
642
p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643
p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
645
else /* explicit parameters */
647
if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
649
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
652
if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
654
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
658
if (!i2d_ECParameters(ec_key, &pp))
660
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
664
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665
if ((p8->pkeyalg->parameter->value.sequence
666
= ASN1_STRING_new()) == NULL)
668
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
672
ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
676
/* set the private key */
678
/* do not include the parameters in the SEC1 private key
679
* see PKCS#11 12.11 */
680
old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681
tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682
EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683
i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
686
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
690
p = (unsigned char *) OPENSSL_malloc(i);
693
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
698
if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
700
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
705
/* restore old encoding flags */
706
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
711
p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712
if (!p8->pkey->value.octet_string ||
713
!M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
717
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
722
case PKCS8_NO_OCTET: /* RSA specific */
723
case PKCS8_NS_DB: /* DSA specific */
724
case PKCS8_EMBEDDED_PARAM: /* DSA specific */
726
EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
728
OPENSSL_cleanse(p, (size_t)i);
734
182
/* EVP_PKEY attribute functions */
736
184
int EVP_PKEY_get_attr_count(const EVP_PKEY *key)