From 4a567c9690db97ecbf982e9428727f073bada504 Mon Sep 17 00:00:00 2001 From: qlong Date: Fri, 31 Dec 2010 07:22:48 +0000 Subject: 1. Add new API supports for PEM & X509 key retrieving & verification; 2. Add new MD4 hash supports; 3. Add corresponding test case in Cryptest utility; 4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 124 ++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c (limited to 'CryptoPkg/Library/BaseCryptLib/Pem') diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c new file mode 100644 index 0000000000..e9de39a105 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -0,0 +1,124 @@ +/** @file + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Callback function for password phrase conversion used for retrieving the encrypted PEM. + + @param[out] Buf Pointer to the buffer to write the passphrase to. + @param[in] Size Maximum length of the passphrase (i.e. the size of Buf). + @param[in] Flag A flag which is set to 0 when reading and 1 when writing. + @param[in] Key Key data to be passed to the callback routine. + + @retval The number of characters in the passphrase or 0 if an error occurred. + +**/ +INTN +PasswordCallback ( + OUT CHAR8 *Buf, + IN INTN Size, + IN INTN Flag, + IN VOID *Key + ) +{ + INTN KeyLength; + + ZeroMem ((VOID *)Buf, (UINTN)Size); + if (Key != NULL) { + // + // Duplicate key phrase directly. + // + KeyLength = AsciiStrLen ((CHAR8 *)Key); + KeyLength = (KeyLength > Size ) ? Size : KeyLength; + CopyMem (Buf, Key, KeyLength); + return KeyLength; + } else { + return 0; + } +} + +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + If PemData is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ) +{ + BOOLEAN Status; + BIO *PemBio; + + // + // ASSERT if PemData is NULL or RsaContext is NULL. + // + ASSERT (PemData != NULL); + ASSERT (RsaContext != NULL); + + Status = FALSE; + PemBio = NULL; + + // + // Add possible block-cipher descriptor for PEM data decryption. + // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM. + // + EVP_add_cipher (EVP_des_ede3_cbc()); + EVP_add_cipher (EVP_aes_128_cbc()); + EVP_add_cipher (EVP_aes_192_cbc()); + EVP_add_cipher (EVP_aes_256_cbc()); + + // + // Read encrypted PEM Data. + // + PemBio = BIO_new (BIO_s_mem ()); + BIO_write (PemBio, PemData, (int)PemSize); + if (PemBio == NULL) { + goto _Exit; + } + + // + // Retrieve RSA Private Key from encrypted PEM data. + // + *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password); + if (*RsaContext != NULL) { + Status = TRUE; + } + +_Exit: + // + // Release Resources. + // + BIO_free (PemBio); + + return Status; +} -- cgit v1.2.3