Merge pull request #2574 from bartonjs/unix_pfx

Add support for PFX files on Unix

Author: stephentoub

src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.NativeCrypto.cs

@@ -12,12 +12,21 @@ internal static partial class NativeCrypto
     {
         private delegate int NegativeSizeReadMethod<in THandle>(THandle handle, byte[] buf, int cBuf);
 
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int BioTell(SafeBioHandle bio);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int BioSeek(SafeBioHandle bio, int pos);
+
         [DllImport(Libraries.CryptoInterop)]
         private static extern int GetX509Thumbprint(SafeX509Handle x509, byte[] buf, int cBuf);
 
         [DllImport(Libraries.CryptoInterop)]
         private static extern int GetX509NameRawBytes(IntPtr x509Name, byte[] buf, int cBuf);
 
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern SafeX509Handle ReadX509AsDerFromBio(SafeBioHandle bio);
+
         [DllImport(Libraries.CryptoInterop)]
         internal static extern IntPtr GetX509NotBefore(SafeX509Handle x509);
 

src/Common/src/Interop/Unix/libcrypto/Interop.BIO.cs

@@ -18,6 +18,9 @@ internal static partial class libcrypto
         [DllImport(Libraries.LibCrypto)]
         internal static extern SafeBioHandle BIO_new(IntPtr type);
 
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern SafeBioHandle BIO_new_file(string filename, string mode);
+
         [DllImport(Libraries.LibCrypto)]
         internal static extern IntPtr BIO_s_mem();
 

src/Common/src/Interop/Unix/libcrypto/Interop.EvpPkey.Rsa.cs

@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System.Runtime.InteropServices;
+
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class libcrypto
+    {
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern SafeRsaHandle EVP_PKEY_get1_RSA(SafeEvpPkeyHandle pkey);
+    }
+}

src/Common/src/Interop/Unix/libcrypto/Interop.EvpPkey.cs

@@ -0,0 +1,14 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Runtime.InteropServices;
+
+internal static partial class Interop
+{
+    internal static partial class libcrypto
+    {
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern void EVP_PKEY_free(IntPtr pkey);
+    }
+}

src/Common/src/Interop/Unix/libcrypto/Interop.Pkcs12.cs

@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Runtime.InteropServices;
+
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class libcrypto
+    {
+        [DllImport(Libraries.LibCrypto)]
+        internal static unsafe extern SafePkcs12Handle d2i_PKCS12(IntPtr zero, byte** ppin, int len);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern SafePkcs12Handle d2i_PKCS12_bio(SafeBioHandle bio, IntPtr zero);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern void PKCS12_free(IntPtr p12);
+        
+        [DllImport(Libraries.CryptoInterop, CharSet = CharSet.Ansi)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool PKCS12_parse(SafePkcs12Handle p12, string pass, out SafeEvpPkeyHandle pkey, out SafeX509Handle cert, out SafeX509StackHandle ca);
+    }
+}

src/Common/src/Interop/Unix/libcrypto/Interop.Rsa.cs

@@ -21,6 +21,10 @@ internal static partial class libcrypto
         [DllImport(Libraries.LibCrypto)]
         internal static unsafe extern SafeRsaHandle d2i_RSAPublicKey(IntPtr zero, byte** ppin, int len);
 
+        [DllImport(Libraries.LibCrypto)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool RSA_up_ref(IntPtr rsa);
+
         [DllImport(Libraries.LibCrypto)]
         internal static extern void RSA_free(IntPtr rsa);
 

src/Common/src/Interop/Unix/libcrypto/Interop.d2i.cs

@@ -14,7 +14,7 @@ internal static partial class libcrypto
 
         internal unsafe delegate int I2DFunc<in THandle>(THandle handle, byte** @out);
 
-        internal static unsafe THandle OpenSslD2I<THandle>(D2IFunc<THandle> d2i, byte[] data)
+        internal static unsafe THandle OpenSslD2I<THandle>(D2IFunc<THandle> d2i, byte[] data, bool checkHandle=true)
             where THandle : SafeHandle
         {
             // The OpenSSL d2i_* functions are set up for cascaded calls, so they increment *ppData while reading.
@@ -27,7 +27,10 @@ internal static unsafe THandle OpenSslD2I<THandle>(D2IFunc<THandle> d2i, byte[]
 
                 THandle handle = d2i(IntPtr.Zero, ppData, data.Length);
 
-                CheckValidOpenSslHandle(handle);
+                if (checkHandle)
+                {
+                    CheckValidOpenSslHandle(handle);
+                }
 
                 return handle;
             }

src/Common/src/Microsoft/Win32/SafeHandles/SafeEvpPkeyHandle.Unix.cs

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Win32.SafeHandles
+{
+    internal sealed class SafeEvpPkeyHandle : SafeHandle
+    {
+        private SafeEvpPkeyHandle() :
+            base(IntPtr.Zero, ownsHandle: true)
+        {
+        }
+
+        protected override bool ReleaseHandle()
+        {
+            Interop.libcrypto.EVP_PKEY_free(handle);
+            SetHandle(IntPtr.Zero);
+            return true;
+        }
+
+        public override bool IsInvalid
+        {
+            get { return handle == IntPtr.Zero; }
+        }
+    }
+}

src/Common/src/Microsoft/Win32/SafeHandles/SafePkcs12Handle.Unix.cs

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Win32.SafeHandles
+{
+    internal sealed class SafePkcs12Handle : SafeHandle
+    {
+        private SafePkcs12Handle() :
+            base(IntPtr.Zero, ownsHandle: true)
+        {
+        }
+
+        protected override bool ReleaseHandle()
+        {
+            Interop.libcrypto.PKCS12_free(handle);
+            SetHandle(IntPtr.Zero);
+            return true;
+        }
+
+        public override bool IsInvalid
+        {
+            get { return handle == IntPtr.Zero; }
+        }
+    }
+}

src/Common/src/Microsoft/Win32/SafeHandles/SafeRsaHandle.Unix.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System;
+using System.Diagnostics;
 using System.Security;
 using System.Runtime.InteropServices;
 
@@ -26,5 +27,22 @@ public override bool IsInvalid
         {
             get { return handle == IntPtr.Zero; }
         }
+
+        internal static SafeRsaHandle DuplicateHandle(IntPtr handle)
+        {
+            Debug.Assert(handle != IntPtr.Zero);
+
+            // Reliability: Allocate the SafeHandle before calling RSA_up_ref so
+            // that we don't lose a tracked reference in low-memory situations.
+            SafeRsaHandle safeHandle = new SafeRsaHandle();
+
+            if (!Interop.libcrypto.RSA_up_ref(handle))
+            {
+                throw Interop.libcrypto.CreateOpenSslCryptographicException();
+            }
+
+            safeHandle.SetHandle(handle);
+            return safeHandle;
+        }
     }
 }