VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/key.cpp@ 96407

Last change on this file since 96407 was 96407, checked in by vboxsync, 2 years ago

scm copyright and license note update

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 13.7 KB
Line 
1/* $Id: key.cpp 96407 2022-08-22 17:43:14Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - Cryptographic Keys.
4 */
5
6/*
7 * Copyright (C) 2006-2022 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37
38/*********************************************************************************************************************************
39* Header Files *
40*********************************************************************************************************************************/
41#include "internal/iprt.h"
42#include <iprt/crypto/key.h>
43
44#include <iprt/asm.h>
45#include <iprt/assert.h>
46#include <iprt/err.h>
47#include <iprt/mem.h>
48#include <iprt/memsafer.h>
49#include <iprt/string.h>
50#include <iprt/crypto/rsa.h>
51#include <iprt/crypto/pkix.h>
52
53#include "internal/magics.h"
54#include "key-internal.h"
55
56
57/**
58 * Internal crypto key instance creator.
59 *
60 * This does most of the common work, caller does the 'u' and cBits jobs.
61 *
62 * @returns IPRT status code.
63 * @param ppThis Where to return the key instance.
64 * @param enmType The key type.
65 * @param fFlags The key flags.
66 * @param pvEncoded The encoded key bits.
67 * @param cbEncoded The size of the encoded key bits (in bytes).
68 */
69DECLHIDDEN(int) rtCrKeyCreateWorker(PRTCRKEYINT *ppThis, RTCRKEYTYPE enmType, uint32_t fFlags,
70 void const *pvEncoded, uint32_t cbEncoded)
71{
72 PRTCRKEYINT pThis = (PRTCRKEYINT)RTMemAllocZ(sizeof(*pThis) + (fFlags & RTCRKEYINT_F_SENSITIVE ? 0 : cbEncoded));
73 if (pThis)
74 {
75 pThis->enmType = enmType;
76 pThis->fFlags = fFlags;
77#if defined(IPRT_WITH_OPENSSL)
78 pThis->cbEncoded = cbEncoded;
79 if (!(fFlags & RTCRKEYINT_F_SENSITIVE))
80 pThis->pbEncoded = (uint8_t *)(pThis + 1);
81 else
82 {
83 pThis->pbEncoded = (uint8_t *)RTMemSaferAllocZ(cbEncoded);
84 if (!pThis->pbEncoded)
85 {
86 RTMemFree(pThis);
87 return VERR_NO_MEMORY;
88 }
89 }
90 memcpy(pThis->pbEncoded, pvEncoded, cbEncoded);
91#else
92 RT_NOREF(pvEncoded, cbEncoded);
93#endif
94 pThis->cRefs = 1;
95 pThis->u32Magic = RTCRKEYINT_MAGIC;
96 *ppThis = pThis;
97 return VINF_SUCCESS;
98 }
99 return VERR_NO_MEMORY;
100}
101
102
103/**
104 * Creates an RSA public key from a DER encoded RTCRRSAPUBLICKEY blob.
105 *
106 * @returns IPRT status code.
107 * @param phKey Where to return the key handle.
108 * @param pvKeyBits The DER encoded RTCRRSAPUBLICKEY blob.
109 * @param cbKeyBits The size of the blob.
110 * @param pErrInfo Where to supply addition error details. Optional.
111 * @param pszErrorTag Error tag. Optional.
112 */
113DECLHIDDEN(int) rtCrKeyCreateRsaPublic(PRTCRKEY phKey, const void *pvKeyBits, uint32_t cbKeyBits,
114 PRTERRINFO pErrInfo, const char *pszErrorTag)
115{
116 /*
117 * Decode the key data first since that's what's most likely to fail here.
118 */
119 RTASN1CURSORPRIMARY PrimaryCursor;
120 RTAsn1CursorInitPrimary(&PrimaryCursor, pvKeyBits, cbKeyBits, pErrInfo, &g_RTAsn1DefaultAllocator,
121 RTASN1CURSOR_FLAGS_DER, pszErrorTag ? pszErrorTag : "rsa");
122 RTCRRSAPUBLICKEY PublicKey;
123 RT_ZERO(PublicKey);
124 int rc = RTCrRsaPublicKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &PublicKey, pszErrorTag ? pszErrorTag : "PublicKey");
125 if (RT_SUCCESS(rc))
126 {
127 /*
128 * Create a key instance for it.
129 */
130 PRTCRKEYINT pThis;
131 rc = rtCrKeyCreateWorker(&pThis, RTCRKEYTYPE_RSA_PUBLIC, RTCRKEYINT_F_PUBLIC, pvKeyBits, cbKeyBits);
132 if (RT_SUCCESS(rc))
133 {
134 rc = RTAsn1Integer_ToBigNum(&PublicKey.Modulus, &pThis->u.RsaPublic.Modulus, 0);
135 if (RT_SUCCESS(rc))
136 {
137 pThis->cBits = RTBigNumBitWidth(&pThis->u.RsaPublic.Modulus);
138 rc = RTAsn1Integer_ToBigNum(&PublicKey.PublicExponent, &pThis->u.RsaPublic.Exponent, 0);
139 if (RT_SUCCESS(rc))
140 {
141
142 /* Done. */
143 RTAsn1VtDelete(&PublicKey.SeqCore.Asn1Core);
144 *phKey = pThis;
145 return VINF_SUCCESS;
146 }
147 }
148 RTCrKeyRelease(pThis);
149 }
150 RTAsn1VtDelete(&PublicKey.SeqCore.Asn1Core);
151 }
152 *phKey = NIL_RTCRKEY;
153 return rc;
154}
155
156
157RTDECL(int) RTCrKeyCreateFromPublicAlgorithmAndBits(PRTCRKEY phKey, PCRTASN1OBJID pAlgorithm, PCRTASN1BITSTRING pPublicKey,
158 PRTERRINFO pErrInfo, const char *pszErrorTag)
159{
160 /*
161 * Validate input.
162 */
163 AssertPtrReturn(phKey, VERR_INVALID_POINTER);
164 *phKey = NIL_RTCRKEY;
165
166 AssertPtrReturn(pAlgorithm, VERR_INVALID_POINTER);
167 AssertReturn(RTAsn1ObjId_IsPresent(pAlgorithm), VERR_INVALID_PARAMETER);
168
169 AssertPtrReturn(pPublicKey, VERR_INVALID_POINTER);
170 AssertReturn(RTAsn1BitString_IsPresent(pPublicKey), VERR_INVALID_PARAMETER);
171
172 /*
173 * Taking a weird shortcut here.
174 */
175 PCRTCRPKIXSIGNATUREDESC pDesc = RTCrPkixSignatureFindByObjId(pAlgorithm, NULL);
176 if (pDesc && strcmp(pDesc->pszObjId, RTCRX509ALGORITHMIDENTIFIERID_RSA) == 0)
177 return rtCrKeyCreateRsaPublic(phKey,
178 RTASN1BITSTRING_GET_BIT0_PTR(pPublicKey),
179 RTASN1BITSTRING_GET_BYTE_SIZE(pPublicKey),
180 pErrInfo, pszErrorTag);
181 Assert(pDesc == NULL);
182 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_CIPHER_ALGO_NOT_KNOWN, "oid=%s", pAlgorithm->szObjId);
183}
184
185
186RTDECL(int) RTCrKeyCreateFromSubjectPublicKeyInfo(PRTCRKEY phKey, struct RTCRX509SUBJECTPUBLICKEYINFO const *pSrc,
187 PRTERRINFO pErrInfo, const char *pszErrorTag)
188{
189 AssertPtrReturn(pSrc, VERR_INVALID_POINTER);
190 AssertReturn(RTCrX509SubjectPublicKeyInfo_IsPresent(pSrc), VERR_INVALID_PARAMETER);
191 return RTCrKeyCreateFromPublicAlgorithmAndBits(phKey, &pSrc->Algorithm.Algorithm, &pSrc->SubjectPublicKey,
192 pErrInfo, pszErrorTag);
193}
194
195
196/**
197 * Creates an RSA private key from a DER encoded RTCRRSAPRIVATEKEY blob.
198 *
199 * @returns IPRT status code.
200 * @param phKey Where to return the key handle.
201 * @param pvKeyBits The DER encoded RTCRRSAPRIVATEKEY blob.
202 * @param cbKeyBits The size of the blob.
203 * @param pErrInfo Where to supply addition error details. Optional.
204 * @param pszErrorTag Error tag. Optional.
205 */
206DECLHIDDEN(int) rtCrKeyCreateRsaPrivate(PRTCRKEY phKey, const void *pvKeyBits, uint32_t cbKeyBits,
207 PRTERRINFO pErrInfo, const char *pszErrorTag)
208{
209 /*
210 * Decode the key data first since that's what's most likely to fail here.
211 */
212 RTASN1CURSORPRIMARY PrimaryCursor;
213 RTAsn1CursorInitPrimary(&PrimaryCursor, pvKeyBits, cbKeyBits, pErrInfo, &g_RTAsn1SaferAllocator,
214 RTASN1CURSOR_FLAGS_DER, pszErrorTag ? pszErrorTag : "rsa");
215 RTCRRSAPRIVATEKEY PrivateKey;
216 RT_ZERO(PrivateKey);
217 int rc = RTCrRsaPrivateKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &PrivateKey, pszErrorTag ? pszErrorTag : "PrivateKey");
218 if (RT_SUCCESS(rc))
219 {
220 /*
221 * Create a key instance for it.
222 */
223 PRTCRKEYINT pThis;
224 rc = rtCrKeyCreateWorker(&pThis, RTCRKEYTYPE_RSA_PRIVATE, RTCRKEYINT_F_PRIVATE | RTCRKEYINT_F_SENSITIVE,
225 pvKeyBits, cbKeyBits);
226 if (RT_SUCCESS(rc))
227 {
228 rc = RTAsn1Integer_ToBigNum(&PrivateKey.Modulus, &pThis->u.RsaPrivate.Modulus, 0);
229 if (RT_SUCCESS(rc))
230 {
231 pThis->cBits = RTBigNumBitWidth(&pThis->u.RsaPrivate.Modulus);
232 rc = RTAsn1Integer_ToBigNum(&PrivateKey.PrivateExponent, &pThis->u.RsaPrivate.PrivateExponent, 0);
233 if (RT_SUCCESS(rc))
234 {
235 rc = RTAsn1Integer_ToBigNum(&PrivateKey.PublicExponent, &pThis->u.RsaPrivate.PublicExponent, 0);
236 if (RT_SUCCESS(rc))
237 {
238 /* Done. */
239 RTAsn1VtDelete(&PrivateKey.SeqCore.Asn1Core);
240 RTMemWipeThoroughly(&PrivateKey, sizeof(PrivateKey), 3);
241 *phKey = pThis;
242 return VINF_SUCCESS;
243 }
244 }
245 }
246 RTCrKeyRelease(pThis);
247 }
248 RTAsn1VtDelete(&PrivateKey.SeqCore.Asn1Core);
249 RTMemWipeThoroughly(&PrivateKey, sizeof(PrivateKey), 3);
250 }
251 *phKey = NIL_RTCRKEY;
252 return rc;
253}
254
255
256RTDECL(uint32_t) RTCrKeyRetain(RTCRKEY hKey)
257{
258 PRTCRKEYINT pThis = hKey;
259 AssertPtrReturn(pThis, UINT32_MAX);
260 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, UINT32_MAX);
261
262 uint32_t cRefs = ASMAtomicIncU32(&pThis->cRefs);
263 AssertMsg(cRefs > 1 && cRefs < 1024, ("%#x\n", cRefs));
264 return cRefs;
265}
266
267
268/**
269 * Destructor.
270 *
271 * @returns 0
272 * @param pThis The key to destroy.
273 */
274static int rtCrKeyDestroy(PRTCRKEYINT pThis)
275{
276 /* Invalidate the object. */
277 pThis->u32Magic = ~RTCRKEYINT_MAGIC;
278
279 /* Type specific cleanup. */
280 switch (pThis->enmType)
281 {
282 case RTCRKEYTYPE_RSA_PUBLIC:
283 RTBigNumDestroy(&pThis->u.RsaPublic.Modulus);
284 RTBigNumDestroy(&pThis->u.RsaPublic.Exponent);
285 break;
286
287 case RTCRKEYTYPE_RSA_PRIVATE:
288 RTBigNumDestroy(&pThis->u.RsaPrivate.Modulus);
289 RTBigNumDestroy(&pThis->u.RsaPrivate.PrivateExponent);
290 RTBigNumDestroy(&pThis->u.RsaPrivate.PublicExponent);
291 break;
292
293 case RTCRKEYTYPE_INVALID:
294 case RTCRKEYTYPE_END:
295 case RTCRKEYTYPE_32BIT_HACK:
296 AssertFailed();
297 }
298 pThis->enmType = RTCRKEYTYPE_INVALID;
299
300#if defined(IPRT_WITH_OPENSSL)
301 /* Free the encoded form if sensitive (otherwise it follows pThis). */
302 if (pThis->pbEncoded)
303 {
304 if (pThis->fFlags & RTCRKEYINT_F_SENSITIVE)
305 RTMemSaferFree((uint8_t *)pThis->pbEncoded, pThis->cbEncoded);
306 else
307 Assert(pThis->pbEncoded == (uint8_t *)(pThis + 1));
308 pThis->pbEncoded = NULL;
309 }
310#endif
311
312 /* Finally, free the key object itself. */
313 RTMemFree(pThis);
314 return 0;
315}
316
317
318RTDECL(uint32_t) RTCrKeyRelease(RTCRKEY hKey)
319{
320 if (hKey == NIL_RTCRKEY)
321 return 0;
322 PRTCRKEYINT pThis = hKey;
323 AssertPtrReturn(pThis, UINT32_MAX);
324 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, UINT32_MAX);
325
326 uint32_t cRefs = ASMAtomicDecU32(&pThis->cRefs);
327 AssertMsg(cRefs < 1024, ("%#x\n", cRefs));
328 if (cRefs != 0)
329 return cRefs;
330 return rtCrKeyDestroy(pThis);
331}
332
333
334RTDECL(RTCRKEYTYPE) RTCrKeyGetType(RTCRKEY hKey)
335{
336 PRTCRKEYINT pThis = hKey;
337 AssertPtrReturn(pThis, RTCRKEYTYPE_INVALID);
338 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, RTCRKEYTYPE_INVALID);
339 return pThis->enmType;
340}
341
342
343RTDECL(bool) RTCrKeyHasPrivatePart(RTCRKEY hKey)
344{
345 PRTCRKEYINT pThis = hKey;
346 AssertPtrReturn(pThis, false);
347 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, false);
348 return RT_BOOL(pThis->fFlags & RTCRKEYINT_F_PRIVATE);
349}
350
351
352RTDECL(bool) RTCrKeyHasPublicPart(RTCRKEY hKey)
353{
354 PRTCRKEYINT pThis = hKey;
355 AssertPtrReturn(pThis, false);
356 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, false);
357 return RT_BOOL(pThis->fFlags & RTCRKEYINT_F_PUBLIC);
358}
359
360
361RTDECL(uint32_t) RTCrKeyGetBitCount(RTCRKEY hKey)
362{
363 PRTCRKEYINT pThis = hKey;
364 AssertPtrReturn(pThis, 0);
365 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, 0);
366 return pThis->cBits;
367}
368
369
370RTDECL(int) RTCrKeyQueryRsaModulus(RTCRKEY hKey, PRTBIGNUM pModulus)
371{
372 PRTCRKEYINT pThis = hKey;
373 AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
374 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
375 AssertReturn(pThis->enmType == RTCRKEYTYPE_RSA_PRIVATE || pThis->enmType == RTCRKEYTYPE_RSA_PUBLIC, VERR_WRONG_TYPE);
376 AssertPtrReturn(pModulus, VERR_INVALID_POINTER);
377
378 if (pThis->enmType == RTCRKEYTYPE_RSA_PRIVATE)
379 return RTBigNumAssign(pModulus, &pThis->u.RsaPrivate.Modulus);
380 return RTBigNumAssign(pModulus, &pThis->u.RsaPublic.Modulus);
381}
382
383
384RTDECL(int) RTCrKeyQueryRsaPrivateExponent(RTCRKEY hKey, PRTBIGNUM pPrivateExponent)
385{
386 PRTCRKEYINT pThis = hKey;
387 AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
388 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
389 AssertReturn(pThis->enmType == RTCRKEYTYPE_RSA_PRIVATE, VERR_WRONG_TYPE);
390 AssertPtrReturn(pPrivateExponent, VERR_INVALID_POINTER);
391
392 return RTBigNumAssign(pPrivateExponent, &pThis->u.RsaPrivate.PrivateExponent);
393}
394
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette