4a567c96 |
1 | /** @file\r |
2 | PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.\r |
3 | \r |
16d2c32c |
4 | Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>\r |
4a567c96 |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r |
7 | which accompanies this distribution. The full text of the license may be found at\r |
8 | http://opensource.org/licenses/bsd-license.php\r |
9 | \r |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r |
12 | \r |
13 | **/\r |
14 | \r |
15 | #include "InternalCryptLib.h"\r |
16 | #include <openssl/pem.h>\r |
17 | \r |
18 | /**\r |
19 | Callback function for password phrase conversion used for retrieving the encrypted PEM.\r |
20 | \r |
21 | @param[out] Buf Pointer to the buffer to write the passphrase to.\r |
22 | @param[in] Size Maximum length of the passphrase (i.e. the size of Buf).\r |
23 | @param[in] Flag A flag which is set to 0 when reading and 1 when writing.\r |
24 | @param[in] Key Key data to be passed to the callback routine.\r |
25 | \r |
26 | @retval The number of characters in the passphrase or 0 if an error occurred.\r |
27 | \r |
28 | **/\r |
29 | INTN\r |
30 | PasswordCallback (\r |
31 | OUT CHAR8 *Buf, \r |
32 | IN INTN Size, \r |
33 | IN INTN Flag, \r |
34 | IN VOID *Key\r |
35 | )\r |
36 | {\r |
37 | INTN KeyLength;\r |
38 | \r |
39 | ZeroMem ((VOID *)Buf, (UINTN)Size);\r |
40 | if (Key != NULL) {\r |
41 | //\r |
42 | // Duplicate key phrase directly.\r |
43 | //\r |
96488aa2 |
44 | KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key);\r |
4a567c96 |
45 | KeyLength = (KeyLength > Size ) ? Size : KeyLength;\r |
96488aa2 |
46 | CopyMem (Buf, Key, (UINTN) KeyLength);\r |
4a567c96 |
47 | return KeyLength;\r |
48 | } else {\r |
49 | return 0;\r |
50 | }\r |
51 | }\r |
52 | \r |
53 | /**\r |
54 | Retrieve the RSA Private Key from the password-protected PEM key data.\r |
55 | \r |
56 | @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r |
57 | @param[in] PemSize Size of the PEM key data in bytes.\r |
58 | @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r |
59 | @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r |
60 | RSA private key component. Use RsaFree() function to free the\r |
61 | resource.\r |
62 | \r |
16d2c32c |
63 | If PemData is NULL, then return FALSE.\r |
64 | If RsaContext is NULL, then return FALSE.\r |
4a567c96 |
65 | \r |
66 | @retval TRUE RSA Private Key was retrieved successfully.\r |
67 | @retval FALSE Invalid PEM key data or incorrect password.\r |
68 | \r |
69 | **/\r |
70 | BOOLEAN\r |
71 | EFIAPI\r |
72 | RsaGetPrivateKeyFromPem (\r |
73 | IN CONST UINT8 *PemData,\r |
74 | IN UINTN PemSize,\r |
75 | IN CONST CHAR8 *Password,\r |
76 | OUT VOID **RsaContext\r |
77 | )\r |
78 | {\r |
79 | BOOLEAN Status;\r |
80 | BIO *PemBio;\r |
81 | \r |
82 | //\r |
16d2c32c |
83 | // Check input parameters.\r |
4a567c96 |
84 | //\r |
16d2c32c |
85 | if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) {\r |
86 | return FALSE;\r |
87 | }\r |
da9e7418 |
88 | \r |
4a567c96 |
89 | Status = FALSE;\r |
90 | PemBio = NULL;\r |
91 | \r |
92 | //\r |
93 | // Add possible block-cipher descriptor for PEM data decryption.\r |
94 | // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.\r |
95 | //\r |
96 | EVP_add_cipher (EVP_des_ede3_cbc());\r |
97 | EVP_add_cipher (EVP_aes_128_cbc());\r |
98 | EVP_add_cipher (EVP_aes_192_cbc());\r |
99 | EVP_add_cipher (EVP_aes_256_cbc());\r |
100 | \r |
101 | //\r |
102 | // Read encrypted PEM Data.\r |
103 | //\r |
104 | PemBio = BIO_new (BIO_s_mem ());\r |
105 | BIO_write (PemBio, PemData, (int)PemSize);\r |
106 | if (PemBio == NULL) {\r |
107 | goto _Exit;\r |
108 | }\r |
109 | \r |
110 | //\r |
111 | // Retrieve RSA Private Key from encrypted PEM data.\r |
112 | //\r |
113 | *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);\r |
114 | if (*RsaContext != NULL) {\r |
115 | Status = TRUE;\r |
116 | }\r |
117 | \r |
118 | _Exit:\r |
119 | //\r |
120 | // Release Resources.\r |
121 | //\r |
122 | BIO_free (PemBio);\r |
123 | \r |
124 | return Status;\r |
125 | }\r |