]>
git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
2 PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
4 Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include "InternalCryptLib.h"
10 #include <openssl/pem.h>
13 Callback function for password phrase conversion used for retrieving the encrypted PEM.
15 @param[out] Buf Pointer to the buffer to write the passphrase to.
16 @param[in] Size Maximum length of the passphrase (i.e. the size of Buf).
17 @param[in] Flag A flag which is set to 0 when reading and 1 when writing.
18 @param[in] Key Key data to be passed to the callback routine.
20 @retval The number of characters in the passphrase or 0 if an error occurred.
33 ZeroMem ((VOID
*)Buf
, (UINTN
)Size
);
36 // Duplicate key phrase directly.
38 KeyLength
= (INTN
)AsciiStrLen ((CHAR8
*)Key
);
39 KeyLength
= (KeyLength
> Size
) ? Size
: KeyLength
;
40 CopyMem (Buf
, Key
, (UINTN
)KeyLength
);
48 Retrieve the RSA Private Key from the password-protected PEM key data.
50 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
51 @param[in] PemSize Size of the PEM key data in bytes.
52 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
53 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
54 RSA private key component. Use RsaFree() function to free the
57 If PemData is NULL, then return FALSE.
58 If RsaContext is NULL, then return FALSE.
60 @retval TRUE RSA Private Key was retrieved successfully.
61 @retval FALSE Invalid PEM key data or incorrect password.
66 RsaGetPrivateKeyFromPem (
67 IN CONST UINT8
*PemData
,
69 IN CONST CHAR8
*Password
,
77 // Check input parameters.
79 if ((PemData
== NULL
) || (RsaContext
== NULL
) || (PemSize
> INT_MAX
)) {
84 // Add possible block-cipher descriptor for PEM data decryption.
85 // NOTE: Only support most popular ciphers AES for the encrypted PEM.
87 if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
91 if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
95 if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
102 // Read encrypted PEM Data.
104 PemBio
= BIO_new (BIO_s_mem ());
105 if (PemBio
== NULL
) {
109 if (BIO_write (PemBio
, PemData
, (int)PemSize
) <= 0) {
114 // Retrieve RSA Private Key from encrypted PEM data.
116 *RsaContext
= PEM_read_bio_RSAPrivateKey (PemBio
, NULL
, (pem_password_cb
*)&PasswordCallback
, (void *)Password
);
117 if (*RsaContext
!= NULL
) {
123 // Release Resources.
131 Retrieve the EC Private Key from the password-protected PEM key data.
133 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
134 @param[in] PemSize Size of the PEM key data in bytes.
135 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
136 @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved
137 EC private key component. Use EcFree() function to free the
140 If PemData is NULL, then return FALSE.
141 If EcContext is NULL, then return FALSE.
143 @retval TRUE EC Private Key was retrieved successfully.
144 @retval FALSE Invalid PEM key data or incorrect password.
149 EcGetPrivateKeyFromPem (
150 IN CONST UINT8
*PemData
,
152 IN CONST CHAR8
*Password
,
160 // Check input parameters.
162 if ((PemData
== NULL
) || (EcContext
== NULL
) || (PemSize
> INT_MAX
)) {
167 // Add possible block-cipher descriptor for PEM data decryption.
168 // NOTE: Only support most popular ciphers AES for the encrypted PEM.
170 if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
174 if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
178 if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
185 // Read encrypted PEM Data.
187 PemBio
= BIO_new (BIO_s_mem ());
188 if (PemBio
== NULL
) {
192 if (BIO_write (PemBio
, PemData
, (int)PemSize
) <= 0) {
197 // Retrieve EC Private Key from encrypted PEM data.
199 *EcContext
= PEM_read_bio_ECPrivateKey (PemBio
, NULL
, (pem_password_cb
*)&PasswordCallback
, (void *)Password
);
200 if (*EcContext
!= NULL
) {
206 // Release Resources.