[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pem / CryptPem.c

/** @file\r
  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.\r
\r
Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/pem.h>\r
\r
/**\r
  Callback function for password phrase conversion used for retrieving the encrypted PEM.\r
\r
  @param[out]  Buf      Pointer to the buffer to write the passphrase to.\r
  @param[in]   Size     Maximum length of the passphrase (i.e. the size of Buf).\r
  @param[in]   Flag     A flag which is set to 0 when reading and 1 when writing.\r
  @param[in]   Key      Key data to be passed to the callback routine.\r
\r
  @retval  The number of characters in the passphrase or 0 if an error occurred.\r
\r
**/\r
INTN\r
PasswordCallback (\r
  OUT  CHAR8  *Buf,\r
  IN   INTN   Size,\r
  IN   INTN   Flag,\r
  IN   VOID   *Key\r
  )\r
{\r
  INTN  KeyLength;\r
\r
  ZeroMem ((VOID *)Buf, (UINTN)Size);\r
  if (Key != NULL) {\r
    //\r
    // Duplicate key phrase directly.\r
    //\r
    KeyLength = (INTN)AsciiStrLen ((CHAR8 *)Key);\r
    KeyLength = (KeyLength > Size) ? Size : KeyLength;\r
    CopyMem (Buf, Key, (UINTN)KeyLength);\r
    return KeyLength;\r
  } else {\r
    return 0;\r
  }\r
}\r
\r
/**\r
  Retrieve the RSA Private Key from the password-protected PEM key data.\r
\r
  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.\r
  @param[in]  PemSize      Size of the PEM key data in bytes.\r
  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.\r
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved\r
                           RSA private key component. Use RsaFree() function to free the\r
                           resource.\r
\r
  If PemData is NULL, then return FALSE.\r
  If RsaContext is NULL, then return FALSE.\r
\r
  @retval  TRUE   RSA Private Key was retrieved successfully.\r
  @retval  FALSE  Invalid PEM key data or incorrect password.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaGetPrivateKeyFromPem (\r
  IN   CONST UINT8  *PemData,\r
  IN   UINTN        PemSize,\r
  IN   CONST CHAR8  *Password,\r
  OUT  VOID         **RsaContext\r
  )\r
{\r
  BOOLEAN  Status;\r
  BIO      *PemBio;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Add possible block-cipher descriptor for PEM data decryption.\r
  // NOTE: Only support most popular ciphers AES for the encrypted PEM.\r
  //\r
  if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {\r
    return FALSE;\r
  }\r
\r
  if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {\r
    return FALSE;\r
  }\r
\r
  if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {\r
    return FALSE;\r
  }\r
\r
  Status = FALSE;\r
\r
  //\r
  // Read encrypted PEM Data.\r
  //\r
  PemBio = BIO_new (BIO_s_mem ());\r
  if (PemBio == NULL) {\r
    goto _Exit;\r
  }\r
\r
  if (BIO_write (PemBio, PemData, (int)PemSize) <= 0) {\r
    goto _Exit;\r
  }\r
\r
  //\r
  // Retrieve RSA Private Key from encrypted PEM data.\r
  //\r
  *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);\r
  if (*RsaContext != NULL) {\r
    Status = TRUE;\r
  }\r
\r
_Exit:\r
  //\r
  // Release Resources.\r
  //\r
  BIO_free (PemBio);\r
\r
  return Status;\r
}\r
Commit	Line	Data
4a567c96	1	/** @file\r
	2	PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.\r
	3	\r
b8af2c9e	4	Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>\r
2009f6b4	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
4a567c96	6	\r
	7	**/\r
	8	\r
	9	#include "InternalCryptLib.h"\r
	10	#include <openssl/pem.h>\r
	11	\r
	12	/**\r
	13	Callback function for password phrase conversion used for retrieving the encrypted PEM.\r
	14	\r
	15	@param[out] Buf Pointer to the buffer to write the passphrase to.\r
	16	@param[in] Size Maximum length of the passphrase (i.e. the size of Buf).\r
	17	@param[in] Flag A flag which is set to 0 when reading and 1 when writing.\r
	18	@param[in] Key Key data to be passed to the callback routine.\r
	19	\r
	20	@retval The number of characters in the passphrase or 0 if an error occurred.\r
	21	\r
	22	**/\r
	23	INTN\r
	24	PasswordCallback (\r
630f67dd LG	25	OUT CHAR8 *Buf,\r
	26	IN INTN Size,\r
	27	IN INTN Flag,\r
4a567c96	28	IN VOID *Key\r
	29	)\r
	30	{\r
	31	INTN KeyLength;\r
	32	\r
7c342378	33	ZeroMem ((VOID *)Buf, (UINTN)Size);\r
4a567c96	34	if (Key != NULL) {\r
	35	//\r
	36	// Duplicate key phrase directly.\r
	37	//\r
7c342378 MK	38	KeyLength = (INTN)AsciiStrLen ((CHAR8 *)Key);\r
	39	KeyLength = (KeyLength > Size) ? Size : KeyLength;\r
	40	CopyMem (Buf, Key, (UINTN)KeyLength);\r
4a567c96	41	return KeyLength;\r
	42	} else {\r
	43	return 0;\r
	44	}\r
	45	}\r
	46	\r
	47	/**\r
	48	Retrieve the RSA Private Key from the password-protected PEM key data.\r
	49	\r
	50	@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
	51	@param[in] PemSize Size of the PEM key data in bytes.\r
	52	@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
	53	@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
	54	RSA private key component. Use RsaFree() function to free the\r
	55	resource.\r
	56	\r
16d2c32c	57	If PemData is NULL, then return FALSE.\r
16d2c32c	58	If RsaContext is NULL, then return FALSE.\r
4a567c96	59	\r
	60	@retval TRUE RSA Private Key was retrieved successfully.\r
	61	@retval FALSE Invalid PEM key data or incorrect password.\r
	62	\r
	63	**/\r
	64	BOOLEAN\r
	65	EFIAPI\r
	66	RsaGetPrivateKeyFromPem (\r
	67	IN CONST UINT8 *PemData,\r
	68	IN UINTN PemSize,\r
	69	IN CONST CHAR8 *Password,\r
	70	OUT VOID **RsaContext\r
	71	)\r
	72	{\r
	73	BOOLEAN Status;\r
	74	BIO *PemBio;\r
	75	\r
	76	//\r
16d2c32c	77	// Check input parameters.\r
4a567c96	78	//\r
7c342378	79	if ((PemData == NULL) \|\| (RsaContext == NULL) \|\| (PemSize > INT_MAX)) {\r
16d2c32c	80	return FALSE;\r
16d2c32c	81	}\r
da9e7418	82	\r
4a567c96	83	//\r
4a567c96	84	// Add possible block-cipher descriptor for PEM data decryption.\r
b8af2c9e	85	// NOTE: Only support most popular ciphers AES for the encrypted PEM.\r
4a567c96	86	//\r
dda39f3a	87	if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {\r
	88	return FALSE;\r
	89	}\r
7c342378	90	\r
dda39f3a	91	if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {\r
	92	return FALSE;\r
	93	}\r
7c342378	94	\r
dda39f3a	95	if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {\r
	96	return FALSE;\r
	97	}\r
	98	\r
	99	Status = FALSE;\r
4a567c96	100	\r
	101	//\r
	102	// Read encrypted PEM Data.\r
	103	//\r
	104	PemBio = BIO_new (BIO_s_mem ());\r
4a567c96	105	if (PemBio == NULL) {\r
	106	goto _Exit;\r
	107	}\r
	108	\r
7c342378	109	if (BIO_write (PemBio, PemData, (int)PemSize) <= 0) {\r
5b2956ea YT	110	goto _Exit;\r
	111	}\r
	112	\r
4a567c96	113	//\r
	114	// Retrieve RSA Private Key from encrypted PEM data.\r
	115	//\r
7c342378	116	RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb )&PasswordCallback, (void *)Password);\r
4a567c96	117	if (*RsaContext != NULL) {\r
	118	Status = TRUE;\r
	119	}\r
	120	\r
	121	_Exit:\r
	122	//\r
	123	// Release Resources.\r
	124	//\r
	125	BIO_free (PemBio);\r
	126	\r
	127	return Status;\r
	128	}\r