VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/key-openssl.cpp@ 96763

Last change on this file since 96763 was 96763, checked in by vboxsync, 2 years ago

IPRT/crypto: Put the optional OpenSSL related members in RTCRKEYINT at the end of the structure and added a flag to indicate whether they're there or not. This means users of the structure other than key.cpp and key-openssl.cpp can safely ignore the IPRT_WITH_OPENSSL flag. This is relevant for build programs like bldRTSignTool. bugref:8691

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 8.8 KB
Line 
1/* $Id: key-openssl.cpp 96763 2022-09-16 09:10:51Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - Cryptographic Keys, OpenSSL glue.
4 */
5
6/*
7 * Copyright (C) 2006-2022 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37
38/*********************************************************************************************************************************
39* Header Files *
40*********************************************************************************************************************************/
41#include "internal/iprt.h"
42#include <iprt/crypto/key.h>
43
44#include <iprt/err.h>
45#include <iprt/string.h>
46#include <iprt/crypto/digest.h>
47
48
49#ifdef IPRT_WITH_OPENSSL
50# include "internal/iprt-openssl.h"
51# include "internal/magics.h"
52# include "internal/openssl-pre.h"
53# include <openssl/evp.h>
54# include "internal/openssl-post.h"
55# ifndef OPENSSL_VERSION_NUMBER
56# error "Missing OPENSSL_VERSION_NUMBER!"
57# endif
58
59# include "key-internal.h"
60
61
62/**
63 * Creates an OpenSSL key for the given IPRT one, returning the message digest
64 * algorithm if desired.
65 *
66 * @returns IRPT status code.
67 * @param hKey The key to convert to an OpenSSL key.
68 * @param fNeedPublic Set if we need the public side of the key.
69 * @param pszAlgoObjId Alogrithm stuff we currently need.
70 * @param ppEvpKey Where to return the pointer to the key structure.
71 * @param ppEvpMdType Where to optionally return the message digest type.
72 * @param pErrInfo Where to optionally return more error details.
73 */
74DECLHIDDEN(int) rtCrKeyToOpenSslKey(RTCRKEY hKey, bool fNeedPublic, void /*EVP_PKEY*/ **ppEvpKey, PRTERRINFO pErrInfo)
75{
76 *ppEvpKey = NULL;
77 AssertReturn(hKey->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
78 AssertReturn(fNeedPublic == !(hKey->fFlags & RTCRKEYINT_F_PRIVATE), VERR_WRONG_TYPE);
79 AssertReturn(hKey->fFlags & RTCRKEYINT_F_INCLUDE_ENCODED, VERR_WRONG_TYPE); /* build misconfig */
80
81 rtCrOpenSslInit();
82
83 /*
84 * Translate the key type from IPRT to EVP speak.
85 */
86 int idKeyType;
87 switch (hKey->enmType)
88 {
89 case RTCRKEYTYPE_RSA_PRIVATE:
90 case RTCRKEYTYPE_RSA_PUBLIC:
91 idKeyType = EVP_PKEY_RSA;
92 break;
93 default:
94 return RTErrInfoSetF(pErrInfo, VERR_NOT_SUPPORTED, "Unsupported key type: %d", hKey->enmType);
95 }
96
97 /*
98 * Allocate a new key structure and set its type.
99 */
100 EVP_PKEY *pEvpNewKey = EVP_PKEY_new();
101 if (!pEvpNewKey)
102 return RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new/%d failed", idKeyType);
103
104 /*
105 * Load the key into the structure.
106 */
107 const unsigned char *puchPublicKey = hKey->pbEncoded;
108 EVP_PKEY *pRet;
109 if (fNeedPublic)
110 *ppEvpKey = pRet = d2i_PublicKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
111 else
112 *ppEvpKey = pRet = d2i_PrivateKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
113 if (pRet)
114 return VINF_SUCCESS;
115
116 /* Bail out: */
117 EVP_PKEY_free(pEvpNewKey);
118 return RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED,
119 fNeedPublic ? "d2i_PublicKey failed" : "d2i_PrivateKey failed");
120}
121
122
123/**
124 * Creates an OpenSSL key for the given IPRT one, returning the message digest
125 * algorithm if desired.
126 *
127 * @returns IRPT status code.
128 * @param hKey The key to convert to an OpenSSL key.
129 * @param fNeedPublic Set if we need the public side of the key.
130 * @param pszAlgoObjId Alogrithm stuff we currently need.
131 * @param ppEvpKey Where to return the pointer to the key structure.
132 * @param ppEvpMdType Where to optionally return the message digest type.
133 * @param pErrInfo Where to optionally return more error details.
134 */
135DECLHIDDEN(int) rtCrKeyToOpenSslKeyEx(RTCRKEY hKey, bool fNeedPublic, const char *pszAlgoObjId,
136 void /*EVP_PKEY*/ **ppEvpKey, const void /*EVP_MD*/ **ppEvpMdType, PRTERRINFO pErrInfo)
137{
138 *ppEvpKey = NULL;
139 if (ppEvpMdType)
140 *ppEvpMdType = NULL;
141 AssertReturn(hKey->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
142 AssertReturn(fNeedPublic == !(hKey->fFlags & RTCRKEYINT_F_PRIVATE), VERR_WRONG_TYPE);
143 AssertReturn(hKey->fFlags & RTCRKEYINT_F_INCLUDE_ENCODED, VERR_WRONG_TYPE); /* build misconfig */
144
145 rtCrOpenSslInit();
146
147 /*
148 * Translate algorithm object ID into stuff that OpenSSL wants.
149 */
150 int iAlgoNid = OBJ_txt2nid(pszAlgoObjId);
151 if (iAlgoNid == NID_undef)
152 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN,
153 "Unknown public key algorithm [OpenSSL]: %s", pszAlgoObjId);
154 const char *pszAlgoSn = OBJ_nid2sn(iAlgoNid);
155
156# if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER)
157 int idAlgoPkey = 0;
158 int idAlgoMd = 0;
159 if (!OBJ_find_sigid_algs(iAlgoNid, &idAlgoMd, &idAlgoPkey))
160 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,
161 "OBJ_find_sigid_algs failed on %u (%s, %s)", iAlgoNid, pszAlgoSn, pszAlgoObjId);
162 if (ppEvpMdType)
163 {
164 const EVP_MD *pEvpMdType = EVP_get_digestbynid(idAlgoMd);
165 if (!pEvpMdType)
166 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,
167 "EVP_get_digestbynid failed on %d (%s, %s)", idAlgoMd, pszAlgoSn, pszAlgoObjId);
168 *ppEvpMdType = pEvpMdType;
169 }
170# else
171 const EVP_MD *pEvpMdType = EVP_get_digestbyname(pszAlgoSn);
172 if (!pEvpMdType)
173 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,
174 "EVP_get_digestbyname failed on %s (%s)", pszAlgoSn, pszAlgoObjId);
175 if (ppEvpMdType)
176 *ppEvpMdType = pEvpMdType;
177# endif
178
179 /*
180 * Allocate a new key structure and set its type.
181 */
182 EVP_PKEY *pEvpNewKey = EVP_PKEY_new();
183 if (!pEvpNewKey)
184 return RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", iAlgoNid);
185
186 int rc;
187# if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER)
188 if (EVP_PKEY_set_type(pEvpNewKey, idAlgoPkey))
189 {
190 int idKeyType = EVP_PKEY_base_id(pEvpNewKey);
191# else
192 int idKeyType = pEvpNewKey->type = EVP_PKEY_type(pEvpMdType->required_pkey_type[0]);
193# endif
194 if (idKeyType != NID_undef)
195
196 {
197 /*
198 * Load the key into the structure.
199 */
200 const unsigned char *puchPublicKey = hKey->pbEncoded;
201 EVP_PKEY *pRet;
202 if (fNeedPublic)
203 *ppEvpKey = pRet = d2i_PublicKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
204 else
205 *ppEvpKey = pRet = d2i_PrivateKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
206 if (pRet)
207 return VINF_SUCCESS;
208
209 /* Bail out: */
210 rc = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED,
211 fNeedPublic ? "d2i_PublicKey failed" : "d2i_PrivateKey failed");
212 }
213 else
214# if OPENSSL_VERSION_NUMBER < 0x10001000 || defined(LIBRESSL_VERSION_NUMBER)
215 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_type() failed");
216# else
217 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_base_id() failed");
218 }
219 else
220 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR,
221 "EVP_PKEY_set_type(%u) failed (sig algo %s)", idAlgoPkey, pszAlgoSn);
222# endif
223
224 EVP_PKEY_free(pEvpNewKey);
225 return rc;
226}
227
228#endif /* IPRT_WITH_OPENSSL */
229
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette