Home | History | Annotate | Download | only in pem 
      1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      2  * All rights reserved.
      3  *
      4  * This package is an SSL implementation written
      5  * by Eric Young (eay (at) cryptsoft.com).
      6  * The implementation was written so as to conform with Netscapes SSL.
      7  *
      8  * This library is free for commercial and non-commercial use as long as
      9  * the following conditions are aheared to.  The following conditions
     10  * apply to all code found in this distribution, be it the RC4, RSA,
     11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     12  * included with this distribution is covered by the same copyright terms
     13  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     14  *
     15  * Copyright remains Eric Young's, and as such any Copyright notices in
     16  * the code are not to be removed.
     17  * If this package is used in a product, Eric Young should be given attribution
     18  * as the author of the parts of the library used.
     19  * This can be in the form of a textual message at program startup or
     20  * in documentation (online or textual) provided with the package.
     21  *
     22  * Redistribution and use in source and binary forms, with or without
     23  * modification, are permitted provided that the following conditions
     24  * are met:
     25  * 1. Redistributions of source code must retain the copyright
     26  *    notice, this list of conditions and the following disclaimer.
     27  * 2. Redistributions in binary form must reproduce the above copyright
     28  *    notice, this list of conditions and the following disclaimer in the
     29  *    documentation and/or other materials provided with the distribution.
     30  * 3. All advertising materials mentioning features or use of this software
     31  *    must display the following acknowledgement:
     32  *    "This product includes cryptographic software written by
     33  *     Eric Young (eay (at) cryptsoft.com)"
     34  *    The word 'cryptographic' can be left out if the rouines from the library
     35  *    being used are not cryptographic related :-).
     36  * 4. If you include any Windows specific code (or a derivative thereof) from
     37  *    the apps directory (application code) you must include an acknowledgement:
     38  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     39  *
     40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     50  * SUCH DAMAGE.
     51  *
     52  * The licence and distribution terms for any publically available version or
     53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     54  * copied and put under another distribution licence
     55  * [including the GNU Public Licence.] */
     56 
     57 #include <openssl/pem.h>
     58 
     59 #include <openssl/buf.h>
     60 #include <openssl/err.h>
     61 #include <openssl/evp.h>
     62 #include <openssl/mem.h>
     63 #include <openssl/obj.h>
     64 #include <openssl/pkcs8.h>
     65 #include <openssl/rand.h>
     66 #include <openssl/x509.h>
     67 
     68 
     69 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
     70 				int nid, const EVP_CIPHER *enc,
     71 				char *kstr, int klen,
     72 				pem_password_cb *cb, void *u);
     73 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
     74 				int nid, const EVP_CIPHER *enc,
     75 				char *kstr, int klen,
     76 				pem_password_cb *cb, void *u);
     77 
     78 /* These functions write a private key in PKCS#8 format: it is a "drop in"
     79  * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
     80  * is NULL then it uses the unencrypted private key form. The 'nid' versions
     81  * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
     82  */
     83 
     84 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
     85 				  char *kstr, int klen,
     86 				  pem_password_cb *cb, void *u)
     87 {
     88 	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
     89 }
     90 
     91 int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
     92 				  char *kstr, int klen,
     93 				  pem_password_cb *cb, void *u)
     94 {
     95 	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
     96 }
     97 
     98 int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
     99 				  char *kstr, int klen,
    100 				  pem_password_cb *cb, void *u)
    101 {
    102 	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
    103 }
    104 
    105 int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
    106 				  char *kstr, int klen,
    107 				  pem_password_cb *cb, void *u)
    108 {
    109 	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
    110 }
    111 
    112 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
    113 				  char *kstr, int klen,
    114 				  pem_password_cb *cb, void *u)
    115 {
    116 	X509_SIG *p8;
    117 	PKCS8_PRIV_KEY_INFO *p8inf;
    118 	char buf[PEM_BUFSIZE];
    119 	int ret;
    120 	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
    121 		OPENSSL_PUT_ERROR(PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
    122 		return 0;
    123 	}
    124 	if(enc || (nid != -1)) {
    125 		if(!kstr) {
    126 			klen = 0;
    127 			if (!cb) cb = PEM_def_callback;
    128 			klen = cb(buf, PEM_BUFSIZE, 1, u);
    129 			if(klen <= 0) {
    130 				OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
    131 				PKCS8_PRIV_KEY_INFO_free(p8inf);
    132 				return 0;
    133 			}
    134 
    135 			kstr = buf;
    136 		}
    137 		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
    138 		if(kstr == buf) OPENSSL_cleanse(buf, klen);
    139 		PKCS8_PRIV_KEY_INFO_free(p8inf);
    140 		if(isder) ret = i2d_PKCS8_bio(bp, p8);
    141 		else ret = PEM_write_bio_PKCS8(bp, p8);
    142 		X509_SIG_free(p8);
    143 		return ret;
    144 	} else {
    145 		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
    146 		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
    147 		PKCS8_PRIV_KEY_INFO_free(p8inf);
    148 		return ret;
    149 	}
    150 }
    151 
    152 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
    153 {
    154 	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
    155 	X509_SIG *p8 = NULL;
    156 	int klen;
    157 	EVP_PKEY *ret;
    158 	char psbuf[PEM_BUFSIZE];
    159 	p8 = d2i_PKCS8_bio(bp, NULL);
    160 	if(!p8) return NULL;
    161 
    162 	klen = 0;
    163 	if (!cb) cb = PEM_def_callback;
    164 	klen=cb(psbuf,PEM_BUFSIZE,0,u);
    165 	if (klen <= 0) {
    166 		OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
    167 		X509_SIG_free(p8);
    168 		return NULL;
    169 	}
    170 	p8inf = PKCS8_decrypt(p8, psbuf, klen);
    171 	X509_SIG_free(p8);
    172 	if(!p8inf) return NULL;
    173 	ret = EVP_PKCS82PKEY(p8inf);
    174 	PKCS8_PRIV_KEY_INFO_free(p8inf);
    175 	if(!ret) return NULL;
    176 	if(x) {
    177 		if(*x) EVP_PKEY_free(*x);
    178 		*x = ret;
    179 	}
    180 	return ret;
    181 }
    182 
    183 #ifndef OPENSSL_NO_FP_API
    184 
    185 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
    186 				  char *kstr, int klen,
    187 				  pem_password_cb *cb, void *u)
    188 {
    189 	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
    190 }
    191 
    192 int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
    193 				  char *kstr, int klen,
    194 				  pem_password_cb *cb, void *u)
    195 {
    196 	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
    197 }
    198 
    199 int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
    200 				  char *kstr, int klen,
    201 				  pem_password_cb *cb, void *u)
    202 {
    203 	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
    204 }
    205 
    206 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
    207 			      char *kstr, int klen, pem_password_cb *cb, void *u)
    208 {
    209 	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
    210 }
    211 
    212 static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
    213 				  char *kstr, int klen,
    214 				  pem_password_cb *cb, void *u)
    215 {
    216 	BIO *bp;
    217 	int ret;
    218 	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
    219 		OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);
    220                 return(0);
    221 	}
    222 	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
    223 	BIO_free(bp);
    224 	return ret;
    225 }
    226 
    227 EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
    228 {
    229 	BIO *bp;
    230 	EVP_PKEY *ret;
    231 	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
    232 		OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);
    233                 return NULL;
    234 	}
    235 	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
    236 	BIO_free(bp);
    237 	return ret;
    238 }
    239 
    240 #endif
    241 
    242 IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
    243 IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
    244 							 PKCS8_PRIV_KEY_INFO)
    245