1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #if defined(HITLS_CRYPTO_CODECSKEY) && defined(HITLS_CRYPTO_PROVIDER)
18 #include <string.h>
19 #include <stdbool.h>
20 #include "crypt_eal_implprovider.h"
21 #include "crypt_eal_pkey.h"
22 #include "crypt_default_provderimpl.h"
23 #include "crypt_algid.h"
24 #ifdef HITLS_CRYPTO_RSA
25 #include "crypt_rsa.h"
26 #endif
27 #ifdef HITLS_CRYPTO_ECDSA
28 #include "crypt_ecdsa.h"
29 #endif
30 #ifdef HITLS_CRYPTO_SM2
31 #include "crypt_sm2.h"
32 #endif
33 #ifdef HITLS_CRYPTO_ED25519
34 #include "crypt_curve25519.h"
35 #endif
36 #include "eal_pkey.h"
37 #include "crypt_errno.h"
38 #include "bsl_sal.h"
39 #include "bsl_obj.h"
40 #include "bsl_err_internal.h"
41 #include "crypt_encode_decode_local.h"
42 #include "crypt_decode_key_impl.h"
43 #define PKEY_MAX_PARAM_NUM 20
44
45 #if defined(HITLS_CRYPTO_RSA) || defined(HITLS_CRYPTO_ECDSA) || defined(HITLS_CRYPTO_SM2) || \
46 defined(HITLS_CRYPTO_ED25519)
47 typedef struct {
48 CRYPT_EAL_ProvMgrCtx *provMgrCtx;
49 EAL_PkeyUnitaryMethod *method;
50 int32_t keyAlgId;
51 const char *outFormat;
52 const char *outType;
53 } DECODER_Der2KeyCtx;
54
DECODER_DER2KEY_NewCtx(void * provCtx)55 DECODER_Der2KeyCtx *DECODER_DER2KEY_NewCtx(void *provCtx)
56 {
57 (void)provCtx;
58 DECODER_Der2KeyCtx *ctx = (DECODER_Der2KeyCtx *)BSL_SAL_Calloc(1, sizeof(DECODER_Der2KeyCtx));
59 if (ctx == NULL) {
60 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
61 return NULL;
62 }
63 ctx->outFormat = "OBJECT";
64 ctx->outType = "LOW_KEY";
65 return ctx;
66 }
67
68 #define DECODER_DEFINE_DER2KEY_NEW_CTX(keyType, keyId, keyMethod, asyCipherMethod, exchMethod, signMethod, kemMethod) \
69 void *DECODER_##keyType##Der2KeyNewCtx(void *provCtx) \
70 { \
71 DECODER_Der2KeyCtx *ctx = DECODER_DER2KEY_NewCtx(provCtx); \
72 if (ctx == NULL) { \
73 return NULL; \
74 } \
75 int32_t ret = CRYPT_EAL_SetPkeyMethod(&ctx->method, keyMethod, asyCipherMethod, exchMethod, signMethod, \
76 kemMethod); \
77 if (ret != CRYPT_SUCCESS) { \
78 BSL_SAL_Free(ctx); \
79 return NULL; \
80 } \
81 ctx->keyAlgId = keyId; \
82 return ctx; \
83 }
84
DECODER_CommonGetParam(const DECODER_CommonCtx * commonCtx,BSL_Param * param)85 int32_t DECODER_CommonGetParam(const DECODER_CommonCtx *commonCtx, BSL_Param *param)
86 {
87 if (commonCtx == NULL || param == NULL) {
88 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
89 return CRYPT_NULL_INPUT;
90 }
91 BSL_Param *param1 = BSL_PARAM_FindParam(param, CRYPT_PARAM_DECODE_OUTPUT_TYPE);
92 if (param1 != NULL) {
93 if (param1->valueType != BSL_PARAM_TYPE_OCTETS_PTR) {
94 BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG);
95 return CRYPT_INVALID_ARG;
96 }
97 param1->value = (void *)(uintptr_t)commonCtx->outType;
98 }
99 BSL_Param *param2 = BSL_PARAM_FindParam(param, CRYPT_PARAM_DECODE_OUTPUT_FORMAT);
100 if (param2 != NULL) {
101 if (param2->valueType != BSL_PARAM_TYPE_OCTETS_PTR) {
102 BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG);
103 return CRYPT_INVALID_ARG;
104 }
105 param2->value = (void *)(uintptr_t)commonCtx->outFormat;
106 }
107 return CRYPT_SUCCESS;
108 }
109
DECODER_DER2KEY_GetParam(void * ctx,BSL_Param * param)110 int32_t DECODER_DER2KEY_GetParam(void *ctx, BSL_Param *param)
111 {
112 DECODER_Der2KeyCtx *decoderCtx = (DECODER_Der2KeyCtx *)ctx;
113 if (decoderCtx == NULL || param == NULL) {
114 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
115 return CRYPT_NULL_INPUT;
116 }
117 DECODER_CommonCtx commonCtx = {
118 .outFormat = decoderCtx->outFormat,
119 .outType = decoderCtx->outType
120 };
121 return DECODER_CommonGetParam(&commonCtx, param);
122 }
123
DECODER_DER2KEY_SetParam(void * ctx,const BSL_Param * param)124 int32_t DECODER_DER2KEY_SetParam(void *ctx, const BSL_Param *param)
125 {
126 DECODER_Der2KeyCtx *decoderCtx = (DECODER_Der2KeyCtx *)ctx;
127 if (decoderCtx == NULL || param == NULL) {
128 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
129 return CRYPT_NULL_INPUT;
130 }
131
132 const BSL_Param *input = BSL_PARAM_FindConstParam(param, CRYPT_PARAM_DECODE_PROVIDER_CTX);
133 if (input != NULL) {
134 if (input->valueType != BSL_PARAM_TYPE_CTX_PTR || input->value == NULL) {
135 BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG);
136 return CRYPT_INVALID_ARG;
137 }
138 decoderCtx->provMgrCtx = (CRYPT_EAL_ProvMgrCtx *)(uintptr_t)input->value;
139 }
140
141 return CRYPT_SUCCESS;
142 }
143
CheckParams(DECODER_Der2KeyCtx * decoderCtx,const BSL_Param * inParam,BSL_Param ** outParam,BSL_Buffer * asn1Encode)144 static int32_t CheckParams(DECODER_Der2KeyCtx *decoderCtx, const BSL_Param *inParam, BSL_Param **outParam,
145 BSL_Buffer *asn1Encode)
146 {
147 if (decoderCtx == NULL || inParam == NULL || outParam == NULL) {
148 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
149 return CRYPT_NULL_INPUT;
150 }
151 const BSL_Param *input = BSL_PARAM_FindConstParam(inParam, CRYPT_PARAM_DECODE_BUFFER_DATA);
152 if (input == NULL) {
153 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
154 return CRYPT_NULL_INPUT;
155 }
156 if (input->value == NULL || input->valueLen == 0 || input->valueType != BSL_PARAM_TYPE_OCTETS) {
157 BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG);
158 return CRYPT_INVALID_ARG;
159 }
160 asn1Encode->data = (uint8_t *)(uintptr_t)input->value;
161 asn1Encode->dataLen = input->valueLen;
162 return CRYPT_SUCCESS;
163 }
164
165 #define DECODER_CHECK_PARAMS(ctx, inParam, outParam) \
166 void *key = NULL; \
167 BSL_Buffer asn1Encode = {0}; \
168 DECODER_Der2KeyCtx *decoderCtx = (DECODER_Der2KeyCtx *)ctx; \
169 int32_t ret = CheckParams(decoderCtx, inParam, outParam, &asn1Encode); \
170 if (ret != CRYPT_SUCCESS) { \
171 BSL_ERR_PUSH_ERROR(ret); \
172 return ret; \
173 }
174
ConstructOutputParams(DECODER_Der2KeyCtx * decoderCtx,void * key,BSL_Param ** outParam)175 static int32_t ConstructOutputParams(DECODER_Der2KeyCtx *decoderCtx, void *key, BSL_Param **outParam)
176 {
177 BSL_Param *result = BSL_SAL_Calloc(7, sizeof(BSL_Param));
178 if (result == NULL) {
179 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
180 return CRYPT_MEM_ALLOC_FAIL;
181 }
182 int32_t ret = BSL_PARAM_InitValue(&result[0], CRYPT_PARAM_DECODE_OBJECT_DATA, BSL_PARAM_TYPE_CTX_PTR, key, 0);
183 if (ret != CRYPT_SUCCESS) {
184 BSL_ERR_PUSH_ERROR(ret);
185 goto EXIT;
186 }
187 ret = BSL_PARAM_InitValue(&result[1], CRYPT_PARAM_DECODE_OBJECT_TYPE, BSL_PARAM_TYPE_INT32, &decoderCtx->keyAlgId,
188 sizeof(int32_t));
189 if (ret != CRYPT_SUCCESS) {
190 BSL_ERR_PUSH_ERROR(ret);
191 goto EXIT;
192 }
193 ret = BSL_PARAM_InitValue(&result[2], CRYPT_PARAM_DECODE_PKEY_EXPORT_METHOD_FUNC, BSL_PARAM_TYPE_FUNC_PTR,
194 decoderCtx->method->export, 0);
195 if (ret != CRYPT_SUCCESS) {
196 BSL_ERR_PUSH_ERROR(ret);
197 goto EXIT;
198 }
199 ret = BSL_PARAM_InitValue(&result[3], CRYPT_PARAM_DECODE_PKEY_FREE_METHOD_FUNC, BSL_PARAM_TYPE_FUNC_PTR,
200 decoderCtx->method->freeCtx, 0);
201 if (ret != CRYPT_SUCCESS) {
202 BSL_ERR_PUSH_ERROR(ret);
203 goto EXIT;
204 }
205 ret = BSL_PARAM_InitValue(&result[4], CRYPT_PARAM_DECODE_PKEY_DUP_METHOD_FUNC, BSL_PARAM_TYPE_FUNC_PTR,
206 decoderCtx->method->dupCtx, 0);
207 if (ret != CRYPT_SUCCESS) {
208 BSL_ERR_PUSH_ERROR(ret);
209 goto EXIT;
210 }
211 ret = BSL_PARAM_InitValue(&result[5], CRYPT_PARAM_DECODE_PROVIDER_CTX, BSL_PARAM_TYPE_CTX_PTR,
212 decoderCtx->provMgrCtx, 0);
213 if (ret != CRYPT_SUCCESS) {
214 BSL_ERR_PUSH_ERROR(ret);
215 goto EXIT;
216 }
217 *outParam = result;
218 return CRYPT_SUCCESS;
219 EXIT:
220 if (decoderCtx->method != NULL && decoderCtx->method->freeCtx != NULL) {
221 decoderCtx->method->freeCtx(key);
222 }
223 BSL_SAL_Free(result);
224 return ret;
225 }
226
227 #define DECODER_DEFINE_PRVKEY_DER2KEY_DECODE(keyType, keyStructName, parseFunc) \
228 int32_t DECODER_##keyType##PrvKeyDer2KeyDecode(void *ctx, const BSL_Param *inParam, BSL_Param **outParam) \
229 { \
230 DECODER_CHECK_PARAMS(ctx, inParam, outParam); \
231 ret = parseFunc(asn1Encode.data, asn1Encode.dataLen, NULL, (keyStructName **)&key); \
232 if (ret != CRYPT_SUCCESS) { \
233 BSL_ERR_PUSH_ERROR(ret); \
234 return ret; \
235 } \
236 return ConstructOutputParams(decoderCtx, key, outParam); \
237 }
238
239 #define DECODER_DEFINE_PUBKEY_DER2KEY_DECODE(keyType, keyStructName, parseFunc) \
240 int32_t DECODER_##keyType##PubKeyDer2KeyDecode(void *ctx, const BSL_Param *inParam, BSL_Param **outParam) \
241 { \
242 DECODER_CHECK_PARAMS(ctx, inParam, outParam); \
243 ret = parseFunc(asn1Encode.data, asn1Encode.dataLen, NULL, (keyStructName **)&key, BSL_CID_UNKNOWN); \
244 if (ret != CRYPT_SUCCESS) { \
245 BSL_ERR_PUSH_ERROR(ret); \
246 return ret; \
247 } \
248 return ConstructOutputParams(decoderCtx, key, outParam); \
249 }
250
251 #define DECODER_DEFINE_SUBPUBKEY_DER2KEY_DECODE(keyType, keyStructName, parseFunc) \
252 int32_t DECODER_##keyType##SubPubKeyDer2KeyDecode(void *ctx, const BSL_Param *inParam, BSL_Param **outParam) \
253 { \
254 DECODER_CHECK_PARAMS(ctx, inParam, outParam) \
255 ret = parseFunc(asn1Encode.data, asn1Encode.dataLen, (keyStructName **)&key, true); \
256 if (ret != CRYPT_SUCCESS) { \
257 BSL_ERR_PUSH_ERROR(ret); \
258 return ret; \
259 } \
260 return ConstructOutputParams(decoderCtx, key, outParam); \
261 }
262
263 #define DECODER_DEFINE_SUBPUBKEY_WITHOUT_SEQ_DER2KEY_DECODE(keyType, keyStructName, parseFunc) \
264 int32_t DECODER_##keyType##SubPubKeyWithOutSeqDer2KeyDecode(void *ctx, const BSL_Param *inParam, \
265 BSL_Param **outParam) \
266 { \
267 DECODER_CHECK_PARAMS(ctx, inParam, outParam) \
268 ret = parseFunc(asn1Encode.data, asn1Encode.dataLen, (keyStructName **)&key, false); \
269 if (ret != CRYPT_SUCCESS) { \
270 BSL_ERR_PUSH_ERROR(ret); \
271 return ret; \
272 } \
273 return ConstructOutputParams(decoderCtx, key, outParam); \
274 }
275
276 #define DECODER_DEFINE_PKCS8_DECODE(keyType, keyStructName, parseFunc) \
277 int32_t DECODER_##keyType##Pkcs8Der2KeyDecode(void *ctx, const BSL_Param *inParam, BSL_Param **outParam) \
278 { \
279 DECODER_CHECK_PARAMS(ctx, inParam, outParam) \
280 ret = parseFunc(asn1Encode.data, asn1Encode.dataLen, (keyStructName **)&key); \
281 if (ret != CRYPT_SUCCESS) { \
282 BSL_ERR_PUSH_ERROR(ret); \
283 return ret; \
284 } \
285 return ConstructOutputParams(decoderCtx, key, outParam); \
286 }
287
DECODER_DER2KEY_FreeOutData(void * ctx,BSL_Param * outParam)288 void DECODER_DER2KEY_FreeOutData(void *ctx, BSL_Param *outParam)
289 {
290 DECODER_Der2KeyCtx *decoderCtx = ctx;
291 if (decoderCtx == NULL || outParam == NULL) {
292 return;
293 }
294 if (decoderCtx->method == NULL || decoderCtx->method->freeCtx == NULL) {
295 return;
296 }
297 BSL_Param *outKey = BSL_PARAM_FindParam(outParam, CRYPT_PARAM_DECODE_OBJECT_DATA);
298 if (outKey == NULL) {
299 return;
300 }
301 decoderCtx->method->freeCtx(outKey->value);
302 BSL_SAL_Free(outParam);
303 }
304
DECODER_DER2KEY_FreeCtx(void * ctx)305 void DECODER_DER2KEY_FreeCtx(void *ctx)
306 {
307 if (ctx == NULL) {
308 return;
309 }
310 DECODER_Der2KeyCtx *decoderCtx = (DECODER_Der2KeyCtx *)ctx;
311 if (decoderCtx->method != NULL) {
312 BSL_SAL_Free(decoderCtx->method);
313 }
314 BSL_SAL_Free(decoderCtx);
315 }
316 #endif
317
318 #ifdef HITLS_CRYPTO_RSA
319 DECODER_DEFINE_DER2KEY_NEW_CTX(Rsa, CRYPT_PKEY_RSA, g_defEalKeyMgmtRsa, g_defEalAsymCipherRsa, NULL, \
320 g_defEalSignRsa, NULL)
321 #endif
322 #ifdef HITLS_CRYPTO_ECDSA
323 DECODER_DEFINE_DER2KEY_NEW_CTX(Ecdsa, CRYPT_PKEY_ECDSA, g_defEalKeyMgmtEcdsa, NULL, NULL, \
324 g_defEalSignEcdsa, NULL)
325 #endif
326 #ifdef HITLS_CRYPTO_SM2
327 DECODER_DEFINE_DER2KEY_NEW_CTX(Sm2, CRYPT_PKEY_SM2, g_defEalKeyMgmtSm2, g_defEalAsymCipherSm2, g_defEalExchSm2, \
328 g_defEalSignSm2, NULL)
329 #endif
330 #ifdef HITLS_CRYPTO_ED25519
331 DECODER_DEFINE_DER2KEY_NEW_CTX(Ed25519, CRYPT_PKEY_ED25519, g_defEalKeyMgmtEd25519, NULL, NULL, \
332 g_defEalSignEd25519, NULL)
333 #endif
334
335 #ifdef HITLS_CRYPTO_RSA
336 DECODER_DEFINE_PRVKEY_DER2KEY_DECODE(Rsa, CRYPT_RSA_Ctx, CRYPT_RSA_ParsePrikeyAsn1Buff)
337 DECODER_DEFINE_PUBKEY_DER2KEY_DECODE(Rsa, CRYPT_RSA_Ctx, CRYPT_RSA_ParsePubkeyAsn1Buff)
338 DECODER_DEFINE_SUBPUBKEY_DER2KEY_DECODE(Rsa, CRYPT_RSA_Ctx, CRYPT_RSA_ParseSubPubkeyAsn1Buff)
339 DECODER_DEFINE_SUBPUBKEY_WITHOUT_SEQ_DER2KEY_DECODE(Rsa, CRYPT_RSA_Ctx, CRYPT_RSA_ParseSubPubkeyAsn1Buff)
340 DECODER_DEFINE_PKCS8_DECODE(Rsa, CRYPT_RSA_Ctx, CRYPT_RSA_ParsePkcs8Key)
341 #endif
342
343 #ifdef HITLS_CRYPTO_ECDSA
344 DECODER_DEFINE_PRVKEY_DER2KEY_DECODE(Ecdsa, void, CRYPT_ECC_ParsePrikeyAsn1Buff)
345 DECODER_DEFINE_SUBPUBKEY_DER2KEY_DECODE(Ecdsa, void, CRYPT_ECC_ParseSubPubkeyAsn1Buff)
346 DECODER_DEFINE_SUBPUBKEY_WITHOUT_SEQ_DER2KEY_DECODE(Ecdsa, void, CRYPT_ECC_ParseSubPubkeyAsn1Buff)
347 DECODER_DEFINE_PKCS8_DECODE(Ecdsa, void, CRYPT_ECC_ParsePkcs8Key)
348 #endif
349
350 #ifdef HITLS_CRYPTO_SM2
351 DECODER_DEFINE_PRVKEY_DER2KEY_DECODE(Sm2, CRYPT_SM2_Ctx, CRYPT_SM2_ParsePrikeyAsn1Buff)
352 DECODER_DEFINE_SUBPUBKEY_DER2KEY_DECODE(Sm2, CRYPT_SM2_Ctx, CRYPT_SM2_ParseSubPubkeyAsn1Buff)
353 DECODER_DEFINE_SUBPUBKEY_WITHOUT_SEQ_DER2KEY_DECODE(Sm2, CRYPT_SM2_Ctx,CRYPT_SM2_ParseSubPubkeyAsn1Buff)
354 DECODER_DEFINE_PKCS8_DECODE(Sm2, CRYPT_SM2_Ctx, CRYPT_SM2_ParsePkcs8Key)
355 #endif
356
357 #ifdef HITLS_CRYPTO_ED25519
358 DECODER_DEFINE_SUBPUBKEY_DER2KEY_DECODE(Ed25519, CRYPT_CURVE25519_Ctx, CRYPT_ED25519_ParseSubPubkeyAsn1Buff)
359 DECODER_DEFINE_SUBPUBKEY_WITHOUT_SEQ_DER2KEY_DECODE(Ed25519, CRYPT_CURVE25519_Ctx, CRYPT_ED25519_ParseSubPubkeyAsn1Buff)
360 DECODER_DEFINE_PKCS8_DECODE(Ed25519, CRYPT_CURVE25519_Ctx, CRYPT_ED25519_ParsePkcs8Key)
361 #endif
362
363 #endif /* HITLS_CRYPTO_CODECSKEY && defined(HITLS_CRYPTO_PROVIDER) */
364