VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/key.cpp@ 96763

Last change on this file since 96763 was 96763, checked in by vboxsync, 2 years ago

IPRT/crypto: Put the optional OpenSSL related members in RTCRKEYINT at the end of the structure and added a flag to indicate whether they're there or not. This means users of the structure other than key.cpp and key-openssl.cpp can safely ignore the IPRT_WITH_OPENSSL flag. This is relevant for build programs like bldRTSignTool. bugref:8691

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 13.8 KB
Line 
1/* $Id: key.cpp 96763 2022-09-16 09:10:51Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - Cryptographic Keys.
4 */
5
6/*
7 * Copyright (C) 2006-2022 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37
38/*********************************************************************************************************************************
39* Header Files *
40*********************************************************************************************************************************/
41#include "internal/iprt.h"
42#include <iprt/crypto/key.h>
43
44#include <iprt/asm.h>
45#include <iprt/assert.h>
46#include <iprt/err.h>
47#include <iprt/mem.h>
48#include <iprt/memsafer.h>
49#include <iprt/string.h>
50#include <iprt/crypto/rsa.h>
51#include <iprt/crypto/pkix.h>
52
53#include "internal/magics.h"
54#include "key-internal.h"
55
56
57/**
58 * Internal crypto key instance creator.
59 *
60 * This does most of the common work, caller does the 'u' and cBits jobs.
61 *
62 * @returns IPRT status code.
63 * @param ppThis Where to return the key instance.
64 * @param enmType The key type.
65 * @param fFlags The key flags.
66 * @param pvEncoded The encoded key bits.
67 * @param cbEncoded The size of the encoded key bits (in bytes).
68 */
69DECLHIDDEN(int) rtCrKeyCreateWorker(PRTCRKEYINT *ppThis, RTCRKEYTYPE enmType, uint32_t fFlags,
70 void const *pvEncoded, uint32_t cbEncoded)
71{
72 PRTCRKEYINT pThis = (PRTCRKEYINT)RTMemAllocZ(sizeof(*pThis) + (fFlags & RTCRKEYINT_F_SENSITIVE ? 0 : cbEncoded));
73 if (pThis)
74 {
75 pThis->enmType = enmType;
76 pThis->fFlags = fFlags;
77#if defined(IPRT_WITH_OPENSSL)
78 pThis->fFlags |= RTCRKEYINT_F_INCLUDE_ENCODED;
79 pThis->cbEncoded = cbEncoded;
80 if (!(fFlags & RTCRKEYINT_F_SENSITIVE))
81 pThis->pbEncoded = (uint8_t *)(pThis + 1);
82 else
83 {
84 pThis->pbEncoded = (uint8_t *)RTMemSaferAllocZ(cbEncoded);
85 if (!pThis->pbEncoded)
86 {
87 RTMemFree(pThis);
88 return VERR_NO_MEMORY;
89 }
90 }
91 memcpy(pThis->pbEncoded, pvEncoded, cbEncoded);
92#else
93 RT_NOREF(pvEncoded, cbEncoded);
94#endif
95 pThis->cRefs = 1;
96 pThis->u32Magic = RTCRKEYINT_MAGIC;
97 *ppThis = pThis;
98 return VINF_SUCCESS;
99 }
100 return VERR_NO_MEMORY;
101}
102
103
104/**
105 * Creates an RSA public key from a DER encoded RTCRRSAPUBLICKEY blob.
106 *
107 * @returns IPRT status code.
108 * @param phKey Where to return the key handle.
109 * @param pvKeyBits The DER encoded RTCRRSAPUBLICKEY blob.
110 * @param cbKeyBits The size of the blob.
111 * @param pErrInfo Where to supply addition error details. Optional.
112 * @param pszErrorTag Error tag. Optional.
113 */
114DECLHIDDEN(int) rtCrKeyCreateRsaPublic(PRTCRKEY phKey, const void *pvKeyBits, uint32_t cbKeyBits,
115 PRTERRINFO pErrInfo, const char *pszErrorTag)
116{
117 /*
118 * Decode the key data first since that's what's most likely to fail here.
119 */
120 RTASN1CURSORPRIMARY PrimaryCursor;
121 RTAsn1CursorInitPrimary(&PrimaryCursor, pvKeyBits, cbKeyBits, pErrInfo, &g_RTAsn1DefaultAllocator,
122 RTASN1CURSOR_FLAGS_DER, pszErrorTag ? pszErrorTag : "rsa");
123 RTCRRSAPUBLICKEY PublicKey;
124 RT_ZERO(PublicKey);
125 int rc = RTCrRsaPublicKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &PublicKey, pszErrorTag ? pszErrorTag : "PublicKey");
126 if (RT_SUCCESS(rc))
127 {
128 /*
129 * Create a key instance for it.
130 */
131 PRTCRKEYINT pThis;
132 rc = rtCrKeyCreateWorker(&pThis, RTCRKEYTYPE_RSA_PUBLIC, RTCRKEYINT_F_PUBLIC, pvKeyBits, cbKeyBits);
133 if (RT_SUCCESS(rc))
134 {
135 rc = RTAsn1Integer_ToBigNum(&PublicKey.Modulus, &pThis->u.RsaPublic.Modulus, 0);
136 if (RT_SUCCESS(rc))
137 {
138 pThis->cBits = RTBigNumBitWidth(&pThis->u.RsaPublic.Modulus);
139 rc = RTAsn1Integer_ToBigNum(&PublicKey.PublicExponent, &pThis->u.RsaPublic.Exponent, 0);
140 if (RT_SUCCESS(rc))
141 {
142
143 /* Done. */
144 RTAsn1VtDelete(&PublicKey.SeqCore.Asn1Core);
145 *phKey = pThis;
146 return VINF_SUCCESS;
147 }
148 }
149 RTCrKeyRelease(pThis);
150 }
151 RTAsn1VtDelete(&PublicKey.SeqCore.Asn1Core);
152 }
153 *phKey = NIL_RTCRKEY;
154 return rc;
155}
156
157
158RTDECL(int) RTCrKeyCreateFromPublicAlgorithmAndBits(PRTCRKEY phKey, PCRTASN1OBJID pAlgorithm, PCRTASN1BITSTRING pPublicKey,
159 PRTERRINFO pErrInfo, const char *pszErrorTag)
160{
161 /*
162 * Validate input.
163 */
164 AssertPtrReturn(phKey, VERR_INVALID_POINTER);
165 *phKey = NIL_RTCRKEY;
166
167 AssertPtrReturn(pAlgorithm, VERR_INVALID_POINTER);
168 AssertReturn(RTAsn1ObjId_IsPresent(pAlgorithm), VERR_INVALID_PARAMETER);
169
170 AssertPtrReturn(pPublicKey, VERR_INVALID_POINTER);
171 AssertReturn(RTAsn1BitString_IsPresent(pPublicKey), VERR_INVALID_PARAMETER);
172
173 /*
174 * Taking a weird shortcut here.
175 */
176 PCRTCRPKIXSIGNATUREDESC pDesc = RTCrPkixSignatureFindByObjId(pAlgorithm, NULL);
177 if (pDesc && strcmp(pDesc->pszObjId, RTCRX509ALGORITHMIDENTIFIERID_RSA) == 0)
178 return rtCrKeyCreateRsaPublic(phKey,
179 RTASN1BITSTRING_GET_BIT0_PTR(pPublicKey),
180 RTASN1BITSTRING_GET_BYTE_SIZE(pPublicKey),
181 pErrInfo, pszErrorTag);
182 Assert(pDesc == NULL);
183 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_CIPHER_ALGO_NOT_KNOWN, "oid=%s", pAlgorithm->szObjId);
184}
185
186
187RTDECL(int) RTCrKeyCreateFromSubjectPublicKeyInfo(PRTCRKEY phKey, struct RTCRX509SUBJECTPUBLICKEYINFO const *pSrc,
188 PRTERRINFO pErrInfo, const char *pszErrorTag)
189{
190 AssertPtrReturn(pSrc, VERR_INVALID_POINTER);
191 AssertReturn(RTCrX509SubjectPublicKeyInfo_IsPresent(pSrc), VERR_INVALID_PARAMETER);
192 return RTCrKeyCreateFromPublicAlgorithmAndBits(phKey, &pSrc->Algorithm.Algorithm, &pSrc->SubjectPublicKey,
193 pErrInfo, pszErrorTag);
194}
195
196
197/**
198 * Creates an RSA private key from a DER encoded RTCRRSAPRIVATEKEY blob.
199 *
200 * @returns IPRT status code.
201 * @param phKey Where to return the key handle.
202 * @param pvKeyBits The DER encoded RTCRRSAPRIVATEKEY blob.
203 * @param cbKeyBits The size of the blob.
204 * @param pErrInfo Where to supply addition error details. Optional.
205 * @param pszErrorTag Error tag. Optional.
206 */
207DECLHIDDEN(int) rtCrKeyCreateRsaPrivate(PRTCRKEY phKey, const void *pvKeyBits, uint32_t cbKeyBits,
208 PRTERRINFO pErrInfo, const char *pszErrorTag)
209{
210 /*
211 * Decode the key data first since that's what's most likely to fail here.
212 */
213 RTASN1CURSORPRIMARY PrimaryCursor;
214 RTAsn1CursorInitPrimary(&PrimaryCursor, pvKeyBits, cbKeyBits, pErrInfo, &g_RTAsn1SaferAllocator,
215 RTASN1CURSOR_FLAGS_DER, pszErrorTag ? pszErrorTag : "rsa");
216 RTCRRSAPRIVATEKEY PrivateKey;
217 RT_ZERO(PrivateKey);
218 int rc = RTCrRsaPrivateKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &PrivateKey, pszErrorTag ? pszErrorTag : "PrivateKey");
219 if (RT_SUCCESS(rc))
220 {
221 /*
222 * Create a key instance for it.
223 */
224 PRTCRKEYINT pThis;
225 rc = rtCrKeyCreateWorker(&pThis, RTCRKEYTYPE_RSA_PRIVATE, RTCRKEYINT_F_PRIVATE | RTCRKEYINT_F_SENSITIVE,
226 pvKeyBits, cbKeyBits);
227 if (RT_SUCCESS(rc))
228 {
229 rc = RTAsn1Integer_ToBigNum(&PrivateKey.Modulus, &pThis->u.RsaPrivate.Modulus, 0);
230 if (RT_SUCCESS(rc))
231 {
232 pThis->cBits = RTBigNumBitWidth(&pThis->u.RsaPrivate.Modulus);
233 rc = RTAsn1Integer_ToBigNum(&PrivateKey.PrivateExponent, &pThis->u.RsaPrivate.PrivateExponent, 0);
234 if (RT_SUCCESS(rc))
235 {
236 rc = RTAsn1Integer_ToBigNum(&PrivateKey.PublicExponent, &pThis->u.RsaPrivate.PublicExponent, 0);
237 if (RT_SUCCESS(rc))
238 {
239 /* Done. */
240 RTAsn1VtDelete(&PrivateKey.SeqCore.Asn1Core);
241 RTMemWipeThoroughly(&PrivateKey, sizeof(PrivateKey), 3);
242 *phKey = pThis;
243 return VINF_SUCCESS;
244 }
245 }
246 }
247 RTCrKeyRelease(pThis);
248 }
249 RTAsn1VtDelete(&PrivateKey.SeqCore.Asn1Core);
250 RTMemWipeThoroughly(&PrivateKey, sizeof(PrivateKey), 3);
251 }
252 *phKey = NIL_RTCRKEY;
253 return rc;
254}
255
256
257RTDECL(uint32_t) RTCrKeyRetain(RTCRKEY hKey)
258{
259 PRTCRKEYINT pThis = hKey;
260 AssertPtrReturn(pThis, UINT32_MAX);
261 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, UINT32_MAX);
262
263 uint32_t cRefs = ASMAtomicIncU32(&pThis->cRefs);
264 AssertMsg(cRefs > 1 && cRefs < 1024, ("%#x\n", cRefs));
265 return cRefs;
266}
267
268
269/**
270 * Destructor.
271 *
272 * @returns 0
273 * @param pThis The key to destroy.
274 */
275static int rtCrKeyDestroy(PRTCRKEYINT pThis)
276{
277 /* Invalidate the object. */
278 pThis->u32Magic = ~RTCRKEYINT_MAGIC;
279
280 /* Type specific cleanup. */
281 switch (pThis->enmType)
282 {
283 case RTCRKEYTYPE_RSA_PUBLIC:
284 RTBigNumDestroy(&pThis->u.RsaPublic.Modulus);
285 RTBigNumDestroy(&pThis->u.RsaPublic.Exponent);
286 break;
287
288 case RTCRKEYTYPE_RSA_PRIVATE:
289 RTBigNumDestroy(&pThis->u.RsaPrivate.Modulus);
290 RTBigNumDestroy(&pThis->u.RsaPrivate.PrivateExponent);
291 RTBigNumDestroy(&pThis->u.RsaPrivate.PublicExponent);
292 break;
293
294 case RTCRKEYTYPE_INVALID:
295 case RTCRKEYTYPE_END:
296 case RTCRKEYTYPE_32BIT_HACK:
297 AssertFailed();
298 }
299 pThis->enmType = RTCRKEYTYPE_INVALID;
300
301#if defined(IPRT_WITH_OPENSSL)
302 /* Free the encoded form if sensitive (otherwise it follows pThis). */
303 if (pThis->pbEncoded)
304 {
305 if (pThis->fFlags & RTCRKEYINT_F_SENSITIVE)
306 RTMemSaferFree((uint8_t *)pThis->pbEncoded, pThis->cbEncoded);
307 else
308 Assert(pThis->pbEncoded == (uint8_t *)(pThis + 1));
309 pThis->pbEncoded = NULL;
310 }
311#endif
312
313 /* Finally, free the key object itself. */
314 RTMemFree(pThis);
315 return 0;
316}
317
318
319RTDECL(uint32_t) RTCrKeyRelease(RTCRKEY hKey)
320{
321 if (hKey == NIL_RTCRKEY)
322 return 0;
323 PRTCRKEYINT pThis = hKey;
324 AssertPtrReturn(pThis, UINT32_MAX);
325 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, UINT32_MAX);
326
327 uint32_t cRefs = ASMAtomicDecU32(&pThis->cRefs);
328 AssertMsg(cRefs < 1024, ("%#x\n", cRefs));
329 if (cRefs != 0)
330 return cRefs;
331 return rtCrKeyDestroy(pThis);
332}
333
334
335RTDECL(RTCRKEYTYPE) RTCrKeyGetType(RTCRKEY hKey)
336{
337 PRTCRKEYINT pThis = hKey;
338 AssertPtrReturn(pThis, RTCRKEYTYPE_INVALID);
339 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, RTCRKEYTYPE_INVALID);
340 return pThis->enmType;
341}
342
343
344RTDECL(bool) RTCrKeyHasPrivatePart(RTCRKEY hKey)
345{
346 PRTCRKEYINT pThis = hKey;
347 AssertPtrReturn(pThis, false);
348 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, false);
349 return RT_BOOL(pThis->fFlags & RTCRKEYINT_F_PRIVATE);
350}
351
352
353RTDECL(bool) RTCrKeyHasPublicPart(RTCRKEY hKey)
354{
355 PRTCRKEYINT pThis = hKey;
356 AssertPtrReturn(pThis, false);
357 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, false);
358 return RT_BOOL(pThis->fFlags & RTCRKEYINT_F_PUBLIC);
359}
360
361
362RTDECL(uint32_t) RTCrKeyGetBitCount(RTCRKEY hKey)
363{
364 PRTCRKEYINT pThis = hKey;
365 AssertPtrReturn(pThis, 0);
366 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, 0);
367 return pThis->cBits;
368}
369
370
371RTDECL(int) RTCrKeyQueryRsaModulus(RTCRKEY hKey, PRTBIGNUM pModulus)
372{
373 PRTCRKEYINT pThis = hKey;
374 AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
375 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
376 AssertReturn(pThis->enmType == RTCRKEYTYPE_RSA_PRIVATE || pThis->enmType == RTCRKEYTYPE_RSA_PUBLIC, VERR_WRONG_TYPE);
377 AssertPtrReturn(pModulus, VERR_INVALID_POINTER);
378
379 if (pThis->enmType == RTCRKEYTYPE_RSA_PRIVATE)
380 return RTBigNumAssign(pModulus, &pThis->u.RsaPrivate.Modulus);
381 return RTBigNumAssign(pModulus, &pThis->u.RsaPublic.Modulus);
382}
383
384
385RTDECL(int) RTCrKeyQueryRsaPrivateExponent(RTCRKEY hKey, PRTBIGNUM pPrivateExponent)
386{
387 PRTCRKEYINT pThis = hKey;
388 AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
389 AssertReturn(pThis->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
390 AssertReturn(pThis->enmType == RTCRKEYTYPE_RSA_PRIVATE, VERR_WRONG_TYPE);
391 AssertPtrReturn(pPrivateExponent, VERR_INVALID_POINTER);
392
393 return RTBigNumAssign(pPrivateExponent, &pThis->u.RsaPrivate.PrivateExponent);
394}
395
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette