[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pem / CryptPem.c

/** @file\r
  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.\r
\r
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/pem.h>\r
\r
/**\r
  Callback function for password phrase conversion used for retrieving the encrypted PEM.\r
\r
  @param[out]  Buf      Pointer to the buffer to write the passphrase to.\r
  @param[in]   Size     Maximum length of the passphrase (i.e. the size of Buf).\r
  @param[in]   Flag     A flag which is set to 0 when reading and 1 when writing.\r
  @param[in]   Key      Key data to be passed to the callback routine.\r
\r
  @retval  The number of characters in the passphrase or 0 if an error occurred.\r
\r
**/\r
INTN\r
PasswordCallback (\r
  OUT  CHAR8  *Buf, \r
  IN   INTN   Size, \r
  IN   INTN   Flag, \r
  IN   VOID   *Key\r
  )\r
{\r
  INTN  KeyLength;\r
\r
  ZeroMem ((VOID *)Buf, (UINTN)Size);\r
  if (Key != NULL) {\r
    //\r
    // Duplicate key phrase directly.\r
    //\r
    KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key);\r
    KeyLength = (KeyLength > Size ) ? Size : KeyLength;\r
    CopyMem (Buf, Key, (UINTN) KeyLength);\r
    return KeyLength;\r
  } else {\r
    return 0;\r
  }\r
}\r
\r
/**\r
  Retrieve the RSA Private Key from the password-protected PEM key data.\r
\r
  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.\r
  @param[in]  PemSize      Size of the PEM key data in bytes.\r
  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.\r
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved\r
                           RSA private key component. Use RsaFree() function to free the\r
                           resource.\r
\r
  If PemData is NULL, then ASSERT().\r
  If RsaContext is NULL, then ASSERT().\r
\r
  @retval  TRUE   RSA Private Key was retrieved successfully.\r
  @retval  FALSE  Invalid PEM key data or incorrect password.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaGetPrivateKeyFromPem (\r
  IN   CONST UINT8  *PemData,\r
  IN   UINTN        PemSize,\r
  IN   CONST CHAR8  *Password,\r
  OUT  VOID         **RsaContext\r
  )\r
{\r
  BOOLEAN  Status;\r
  BIO      *PemBio;\r
\r
  //\r
  // ASSERT if PemData is NULL or RsaContext is NULL.\r
  //\r
  ASSERT (PemData    != NULL);\r
  ASSERT (RsaContext != NULL);\r
  ASSERT (PemSize    <= INT_MAX);\r
\r
  Status = FALSE;\r
  PemBio = NULL;\r
\r
  //\r
  // Add possible block-cipher descriptor for PEM data decryption.\r
  // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.\r
  //\r
  EVP_add_cipher (EVP_des_ede3_cbc());\r
  EVP_add_cipher (EVP_aes_128_cbc());\r
  EVP_add_cipher (EVP_aes_192_cbc());\r
  EVP_add_cipher (EVP_aes_256_cbc());\r
\r
  //\r
  // Read encrypted PEM Data.\r
  //\r
  PemBio = BIO_new (BIO_s_mem ());\r
  BIO_write (PemBio, PemData, (int)PemSize);\r
  if (PemBio == NULL) {\r
    goto _Exit;\r
  }\r
\r
  //\r
  // Retrieve RSA Private Key from encrypted PEM data.\r
  //\r
  *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);\r
  if (*RsaContext != NULL) {\r
    Status = TRUE;\r
  }\r
\r
_Exit:\r
  //\r
  // Release Resources.\r
  //\r
  BIO_free (PemBio);\r
\r
  return Status;\r
}\r
Commit	Line	Data
4a567c96	1	/** @file\r
	2	PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.\r
	3	\r
96488aa2	4	Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
4a567c96	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include "InternalCryptLib.h"\r
	16	#include <openssl/pem.h>\r
	17	\r
	18	/**\r
	19	Callback function for password phrase conversion used for retrieving the encrypted PEM.\r
	20	\r
	21	@param[out] Buf Pointer to the buffer to write the passphrase to.\r
	22	@param[in] Size Maximum length of the passphrase (i.e. the size of Buf).\r
	23	@param[in] Flag A flag which is set to 0 when reading and 1 when writing.\r
	24	@param[in] Key Key data to be passed to the callback routine.\r
	25	\r
	26	@retval The number of characters in the passphrase or 0 if an error occurred.\r
	27	\r
	28	**/\r
	29	INTN\r
	30	PasswordCallback (\r
	31	OUT CHAR8 *Buf, \r
	32	IN INTN Size, \r
	33	IN INTN Flag, \r
	34	IN VOID *Key\r
	35	)\r
	36	{\r
	37	INTN KeyLength;\r
	38	\r
	39	ZeroMem ((VOID *)Buf, (UINTN)Size);\r
	40	if (Key != NULL) {\r
	41	//\r
	42	// Duplicate key phrase directly.\r
	43	//\r
96488aa2	44	KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key);\r
4a567c96	45	KeyLength = (KeyLength > Size ) ? Size : KeyLength;\r
96488aa2	46	CopyMem (Buf, Key, (UINTN) KeyLength);\r
4a567c96	47	return KeyLength;\r
	48	} else {\r
	49	return 0;\r
	50	}\r
	51	}\r
	52	\r
	53	/**\r
	54	Retrieve the RSA Private Key from the password-protected PEM key data.\r
	55	\r
	56	@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
	57	@param[in] PemSize Size of the PEM key data in bytes.\r
	58	@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
	59	@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
	60	RSA private key component. Use RsaFree() function to free the\r
	61	resource.\r
	62	\r
	63	If PemData is NULL, then ASSERT().\r
	64	If RsaContext is NULL, then ASSERT().\r
	65	\r
	66	@retval TRUE RSA Private Key was retrieved successfully.\r
	67	@retval FALSE Invalid PEM key data or incorrect password.\r
	68	\r
	69	**/\r
	70	BOOLEAN\r
	71	EFIAPI\r
	72	RsaGetPrivateKeyFromPem (\r
	73	IN CONST UINT8 *PemData,\r
	74	IN UINTN PemSize,\r
	75	IN CONST CHAR8 *Password,\r
	76	OUT VOID **RsaContext\r
	77	)\r
	78	{\r
	79	BOOLEAN Status;\r
	80	BIO *PemBio;\r
	81	\r
	82	//\r
	83	// ASSERT if PemData is NULL or RsaContext is NULL.\r
	84	//\r
	85	ASSERT (PemData != NULL);\r
	86	ASSERT (RsaContext != NULL);\r
d3945da6	87	ASSERT (PemSize <= INT_MAX);\r
da9e7418	88	\r
4a567c96	89	Status = FALSE;\r
	90	PemBio = NULL;\r
	91	\r
	92	//\r
	93	// Add possible block-cipher descriptor for PEM data decryption.\r
	94	// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.\r
	95	//\r
	96	EVP_add_cipher (EVP_des_ede3_cbc());\r
	97	EVP_add_cipher (EVP_aes_128_cbc());\r
	98	EVP_add_cipher (EVP_aes_192_cbc());\r
	99	EVP_add_cipher (EVP_aes_256_cbc());\r
	100	\r
	101	//\r
	102	// Read encrypted PEM Data.\r
	103	//\r
	104	PemBio = BIO_new (BIO_s_mem ());\r
	105	BIO_write (PemBio, PemData, (int)PemSize);\r
	106	if (PemBio == NULL) {\r
	107	goto _Exit;\r
	108	}\r
	109	\r
	110	//\r
	111	// Retrieve RSA Private Key from encrypted PEM data.\r
	112	//\r
	113	RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb )&PasswordCallback, (void *)Password);\r
	114	if (*RsaContext != NULL) {\r
	115	Status = TRUE;\r
	116	}\r
	117	\r
	118	_Exit:\r
	119	//\r
	120	// Release Resources.\r
	121	//\r
	122	BIO_free (PemBio);\r
	123	\r
	124	return Status;\r
	125	}\r