encode_key2any.c 53 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465
  1. /*
  2. * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Low level APIs are deprecated for public use, but still ok for internal use.
  11. */
  12. #include "internal/deprecated.h"
  13. #include <openssl/core.h>
  14. #include <openssl/core_dispatch.h>
  15. #include <openssl/core_names.h>
  16. #include <openssl/crypto.h>
  17. #include <openssl/params.h>
  18. #include <openssl/asn1.h>
  19. #include <openssl/err.h>
  20. #include <openssl/pem.h>
  21. #include <openssl/x509.h>
  22. #include <openssl/pkcs12.h> /* PKCS8_encrypt() */
  23. #include <openssl/dh.h>
  24. #include <openssl/dsa.h>
  25. #include <openssl/ec.h>
  26. #include <openssl/proverr.h>
  27. #include "internal/passphrase.h"
  28. #include "internal/cryptlib.h"
  29. #include "crypto/ecx.h"
  30. #include "crypto/rsa.h"
  31. #include "prov/implementations.h"
  32. #include "prov/bio.h"
  33. #include "prov/provider_ctx.h"
  34. #include "prov/der_rsa.h"
  35. #include "endecoder_local.h"
  36. #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
  37. # define OPENSSL_NO_KEYPARAMS
  38. #endif
  39. struct key2any_ctx_st {
  40. PROV_CTX *provctx;
  41. /* Set to 0 if parameters should not be saved (dsa only) */
  42. int save_parameters;
  43. /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
  44. int cipher_intent;
  45. EVP_CIPHER *cipher;
  46. struct ossl_passphrase_data_st pwdata;
  47. };
  48. typedef int check_key_type_fn(const void *key, int nid);
  49. typedef int key_to_paramstring_fn(const void *key, int nid, int save,
  50. void **str, int *strtype);
  51. typedef int key_to_der_fn(BIO *out, const void *key,
  52. int key_nid, const char *pemname,
  53. key_to_paramstring_fn *p2s, i2d_of_void *k2d,
  54. struct key2any_ctx_st *ctx);
  55. typedef int write_bio_of_void_fn(BIO *bp, const void *x);
  56. /* Free the blob allocated during key_to_paramstring_fn */
  57. static void free_asn1_data(int type, void *data)
  58. {
  59. switch (type) {
  60. case V_ASN1_OBJECT:
  61. ASN1_OBJECT_free(data);
  62. break;
  63. case V_ASN1_SEQUENCE:
  64. ASN1_STRING_free(data);
  65. break;
  66. }
  67. }
  68. static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
  69. void *params, int params_type,
  70. i2d_of_void *k2d)
  71. {
  72. /* der, derlen store the key DER output and its length */
  73. unsigned char *der = NULL;
  74. int derlen;
  75. /* The final PKCS#8 info */
  76. PKCS8_PRIV_KEY_INFO *p8info = NULL;
  77. if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
  78. || (derlen = k2d(key, &der)) <= 0
  79. || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
  80. params_type, params, der, derlen)) {
  81. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  82. PKCS8_PRIV_KEY_INFO_free(p8info);
  83. OPENSSL_free(der);
  84. p8info = NULL;
  85. }
  86. return p8info;
  87. }
  88. static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
  89. struct key2any_ctx_st *ctx)
  90. {
  91. X509_SIG *p8 = NULL;
  92. char kstr[PEM_BUFSIZE];
  93. size_t klen = 0;
  94. OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
  95. if (ctx->cipher == NULL)
  96. return NULL;
  97. if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
  98. &ctx->pwdata)) {
  99. ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
  100. return NULL;
  101. }
  102. /* First argument == -1 means "standard" */
  103. p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
  104. OPENSSL_cleanse(kstr, klen);
  105. return p8;
  106. }
  107. static X509_SIG *key_to_encp8(const void *key, int key_nid,
  108. void *params, int params_type,
  109. i2d_of_void *k2d, struct key2any_ctx_st *ctx)
  110. {
  111. PKCS8_PRIV_KEY_INFO *p8info =
  112. key_to_p8info(key, key_nid, params, params_type, k2d);
  113. X509_SIG *p8 = NULL;
  114. if (p8info == NULL) {
  115. free_asn1_data(params_type, params);
  116. } else {
  117. p8 = p8info_to_encp8(p8info, ctx);
  118. PKCS8_PRIV_KEY_INFO_free(p8info);
  119. }
  120. return p8;
  121. }
  122. static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
  123. void *params, int params_type,
  124. i2d_of_void k2d)
  125. {
  126. /* der, derlen store the key DER output and its length */
  127. unsigned char *der = NULL;
  128. int derlen;
  129. /* The final X509_PUBKEY */
  130. X509_PUBKEY *xpk = NULL;
  131. if ((xpk = X509_PUBKEY_new()) == NULL
  132. || (derlen = k2d(key, &der)) <= 0
  133. || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
  134. params_type, params, der, derlen)) {
  135. ERR_raise(ERR_LIB_PROV, ERR_R_X509_LIB);
  136. X509_PUBKEY_free(xpk);
  137. OPENSSL_free(der);
  138. xpk = NULL;
  139. }
  140. return xpk;
  141. }
  142. /*
  143. * key_to_epki_* produce encoded output with the private key data in a
  144. * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
  145. * that there's an intent to encrypt, anything else is an error.
  146. *
  147. * key_to_pki_* primarily produce encoded output with the private key data
  148. * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
  149. * there is an intent to encrypt the data, the corresponding key_to_epki_*
  150. * function is used instead.
  151. *
  152. * key_to_spki_* produce encoded output with the public key data in an
  153. * X.509 SubjectPublicKeyInfo.
  154. *
  155. * Key parameters don't have any defined envelopment of this kind, but are
  156. * included in some manner in the output from the functions described above,
  157. * either in the AlgorithmIdentifier's parameter field, or as part of the
  158. * key data itself.
  159. */
  160. static int key_to_epki_der_priv_bio(BIO *out, const void *key,
  161. int key_nid,
  162. ossl_unused const char *pemname,
  163. key_to_paramstring_fn *p2s,
  164. i2d_of_void *k2d,
  165. struct key2any_ctx_st *ctx)
  166. {
  167. int ret = 0;
  168. void *str = NULL;
  169. int strtype = V_ASN1_UNDEF;
  170. X509_SIG *p8;
  171. if (!ctx->cipher_intent)
  172. return 0;
  173. if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
  174. &str, &strtype))
  175. return 0;
  176. p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
  177. if (p8 != NULL)
  178. ret = i2d_PKCS8_bio(out, p8);
  179. X509_SIG_free(p8);
  180. return ret;
  181. }
  182. static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
  183. int key_nid,
  184. ossl_unused const char *pemname,
  185. key_to_paramstring_fn *p2s,
  186. i2d_of_void *k2d,
  187. struct key2any_ctx_st *ctx)
  188. {
  189. int ret = 0;
  190. void *str = NULL;
  191. int strtype = V_ASN1_UNDEF;
  192. X509_SIG *p8;
  193. if (!ctx->cipher_intent)
  194. return 0;
  195. if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
  196. &str, &strtype))
  197. return 0;
  198. p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
  199. if (p8 != NULL)
  200. ret = PEM_write_bio_PKCS8(out, p8);
  201. X509_SIG_free(p8);
  202. return ret;
  203. }
  204. static int key_to_pki_der_priv_bio(BIO *out, const void *key,
  205. int key_nid,
  206. ossl_unused const char *pemname,
  207. key_to_paramstring_fn *p2s,
  208. i2d_of_void *k2d,
  209. struct key2any_ctx_st *ctx)
  210. {
  211. int ret = 0;
  212. void *str = NULL;
  213. int strtype = V_ASN1_UNDEF;
  214. PKCS8_PRIV_KEY_INFO *p8info;
  215. if (ctx->cipher_intent)
  216. return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
  217. p2s, k2d, ctx);
  218. if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
  219. &str, &strtype))
  220. return 0;
  221. p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
  222. if (p8info != NULL)
  223. ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
  224. else
  225. free_asn1_data(strtype, str);
  226. PKCS8_PRIV_KEY_INFO_free(p8info);
  227. return ret;
  228. }
  229. static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
  230. int key_nid,
  231. ossl_unused const char *pemname,
  232. key_to_paramstring_fn *p2s,
  233. i2d_of_void *k2d,
  234. struct key2any_ctx_st *ctx)
  235. {
  236. int ret = 0;
  237. void *str = NULL;
  238. int strtype = V_ASN1_UNDEF;
  239. PKCS8_PRIV_KEY_INFO *p8info;
  240. if (ctx->cipher_intent)
  241. return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
  242. p2s, k2d, ctx);
  243. if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
  244. &str, &strtype))
  245. return 0;
  246. p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
  247. if (p8info != NULL)
  248. ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
  249. else
  250. free_asn1_data(strtype, str);
  251. PKCS8_PRIV_KEY_INFO_free(p8info);
  252. return ret;
  253. }
  254. static int key_to_spki_der_pub_bio(BIO *out, const void *key,
  255. int key_nid,
  256. ossl_unused const char *pemname,
  257. key_to_paramstring_fn *p2s,
  258. i2d_of_void *k2d,
  259. struct key2any_ctx_st *ctx)
  260. {
  261. int ret = 0;
  262. void *str = NULL;
  263. int strtype = V_ASN1_UNDEF;
  264. X509_PUBKEY *xpk = NULL;
  265. if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
  266. &str, &strtype))
  267. return 0;
  268. xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
  269. if (xpk != NULL)
  270. ret = i2d_X509_PUBKEY_bio(out, xpk);
  271. /* Also frees |str| */
  272. X509_PUBKEY_free(xpk);
  273. return ret;
  274. }
  275. static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
  276. int key_nid,
  277. ossl_unused const char *pemname,
  278. key_to_paramstring_fn *p2s,
  279. i2d_of_void *k2d,
  280. struct key2any_ctx_st *ctx)
  281. {
  282. int ret = 0;
  283. void *str = NULL;
  284. int strtype = V_ASN1_UNDEF;
  285. X509_PUBKEY *xpk = NULL;
  286. if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
  287. &str, &strtype))
  288. return 0;
  289. xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
  290. if (xpk != NULL)
  291. ret = PEM_write_bio_X509_PUBKEY(out, xpk);
  292. else
  293. free_asn1_data(strtype, str);
  294. /* Also frees |str| */
  295. X509_PUBKEY_free(xpk);
  296. return ret;
  297. }
  298. /*
  299. * key_to_type_specific_* produce encoded output with type specific key data,
  300. * no envelopment; the same kind of output as the type specific i2d_ and
  301. * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER.
  302. *
  303. * OpenSSL tries to discourage production of new keys in this form, because
  304. * of the ambiguity when trying to recognise them, but can't deny that PKCS#1
  305. * et al still are live standards.
  306. *
  307. * Note that these functions completely ignore p2s, and rather rely entirely
  308. * on k2d to do the complete work.
  309. */
  310. static int key_to_type_specific_der_bio(BIO *out, const void *key,
  311. int key_nid,
  312. ossl_unused const char *pemname,
  313. key_to_paramstring_fn *p2s,
  314. i2d_of_void *k2d,
  315. struct key2any_ctx_st *ctx)
  316. {
  317. unsigned char *der = NULL;
  318. int derlen;
  319. int ret;
  320. if ((derlen = k2d(key, &der)) <= 0) {
  321. ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
  322. return 0;
  323. }
  324. ret = BIO_write(out, der, derlen);
  325. OPENSSL_free(der);
  326. return ret > 0;
  327. }
  328. #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio
  329. #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio
  330. #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio
  331. static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key,
  332. int key_nid, const char *pemname,
  333. key_to_paramstring_fn *p2s,
  334. i2d_of_void *k2d,
  335. struct key2any_ctx_st *ctx,
  336. pem_password_cb *cb, void *cbarg)
  337. {
  338. return
  339. PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher,
  340. NULL, 0, cb, cbarg) > 0;
  341. }
  342. static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
  343. int key_nid, const char *pemname,
  344. key_to_paramstring_fn *p2s,
  345. i2d_of_void *k2d,
  346. struct key2any_ctx_st *ctx)
  347. {
  348. return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
  349. p2s, k2d, ctx,
  350. ossl_pw_pem_password, &ctx->pwdata);
  351. }
  352. static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key,
  353. int key_nid, const char *pemname,
  354. key_to_paramstring_fn *p2s,
  355. i2d_of_void *k2d,
  356. struct key2any_ctx_st *ctx)
  357. {
  358. return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
  359. p2s, k2d, ctx, NULL, NULL);
  360. }
  361. #ifndef OPENSSL_NO_KEYPARAMS
  362. static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
  363. int key_nid, const char *pemname,
  364. key_to_paramstring_fn *p2s,
  365. i2d_of_void *k2d,
  366. struct key2any_ctx_st *ctx)
  367. {
  368. return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
  369. p2s, k2d, ctx, NULL, NULL);
  370. }
  371. #endif
  372. /* ---------------------------------------------------------------------- */
  373. #ifndef OPENSSL_NO_DH
  374. static int prepare_dh_params(const void *dh, int nid, int save,
  375. void **pstr, int *pstrtype)
  376. {
  377. ASN1_STRING *params = ASN1_STRING_new();
  378. if (params == NULL) {
  379. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  380. return 0;
  381. }
  382. if (nid == EVP_PKEY_DHX)
  383. params->length = i2d_DHxparams(dh, &params->data);
  384. else
  385. params->length = i2d_DHparams(dh, &params->data);
  386. if (params->length <= 0) {
  387. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  388. ASN1_STRING_free(params);
  389. return 0;
  390. }
  391. params->type = V_ASN1_SEQUENCE;
  392. *pstr = params;
  393. *pstrtype = V_ASN1_SEQUENCE;
  394. return 1;
  395. }
  396. static int dh_spki_pub_to_der(const void *dh, unsigned char **pder)
  397. {
  398. const BIGNUM *bn = NULL;
  399. ASN1_INTEGER *pub_key = NULL;
  400. int ret;
  401. if ((bn = DH_get0_pub_key(dh)) == NULL) {
  402. ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
  403. return 0;
  404. }
  405. if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
  406. ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
  407. return 0;
  408. }
  409. ret = i2d_ASN1_INTEGER(pub_key, pder);
  410. ASN1_STRING_clear_free(pub_key);
  411. return ret;
  412. }
  413. static int dh_pki_priv_to_der(const void *dh, unsigned char **pder)
  414. {
  415. const BIGNUM *bn = NULL;
  416. ASN1_INTEGER *priv_key = NULL;
  417. int ret;
  418. if ((bn = DH_get0_priv_key(dh)) == NULL) {
  419. ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
  420. return 0;
  421. }
  422. if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
  423. ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
  424. return 0;
  425. }
  426. ret = i2d_ASN1_INTEGER(priv_key, pder);
  427. ASN1_STRING_clear_free(priv_key);
  428. return ret;
  429. }
  430. # define dh_epki_priv_to_der dh_pki_priv_to_der
  431. static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder)
  432. {
  433. if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
  434. return i2d_DHxparams(dh, pder);
  435. return i2d_DHparams(dh, pder);
  436. }
  437. /*
  438. * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make
  439. * corresponding functions here.
  440. */
  441. # define dh_type_specific_priv_to_der NULL
  442. # define dh_type_specific_pub_to_der NULL
  443. static int dh_check_key_type(const void *dh, int expected_type)
  444. {
  445. int type =
  446. DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH;
  447. return type == expected_type;
  448. }
  449. # define dh_evp_type EVP_PKEY_DH
  450. # define dhx_evp_type EVP_PKEY_DHX
  451. # define dh_input_type "DH"
  452. # define dhx_input_type "DHX"
  453. # define dh_pem_type "DH"
  454. # define dhx_pem_type "X9.42 DH"
  455. #endif
  456. /* ---------------------------------------------------------------------- */
  457. #ifndef OPENSSL_NO_DSA
  458. static int encode_dsa_params(const void *dsa, int nid,
  459. void **pstr, int *pstrtype)
  460. {
  461. ASN1_STRING *params = ASN1_STRING_new();
  462. if (params == NULL) {
  463. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  464. return 0;
  465. }
  466. params->length = i2d_DSAparams(dsa, &params->data);
  467. if (params->length <= 0) {
  468. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  469. ASN1_STRING_free(params);
  470. return 0;
  471. }
  472. *pstrtype = V_ASN1_SEQUENCE;
  473. *pstr = params;
  474. return 1;
  475. }
  476. static int prepare_dsa_params(const void *dsa, int nid, int save,
  477. void **pstr, int *pstrtype)
  478. {
  479. const BIGNUM *p = DSA_get0_p(dsa);
  480. const BIGNUM *q = DSA_get0_q(dsa);
  481. const BIGNUM *g = DSA_get0_g(dsa);
  482. if (save && p != NULL && q != NULL && g != NULL)
  483. return encode_dsa_params(dsa, nid, pstr, pstrtype);
  484. *pstr = NULL;
  485. *pstrtype = V_ASN1_UNDEF;
  486. return 1;
  487. }
  488. static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder)
  489. {
  490. const BIGNUM *bn = NULL;
  491. ASN1_INTEGER *pub_key = NULL;
  492. int ret;
  493. if ((bn = DSA_get0_pub_key(dsa)) == NULL) {
  494. ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
  495. return 0;
  496. }
  497. if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
  498. ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
  499. return 0;
  500. }
  501. ret = i2d_ASN1_INTEGER(pub_key, pder);
  502. ASN1_STRING_clear_free(pub_key);
  503. return ret;
  504. }
  505. static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder)
  506. {
  507. const BIGNUM *bn = NULL;
  508. ASN1_INTEGER *priv_key = NULL;
  509. int ret;
  510. if ((bn = DSA_get0_priv_key(dsa)) == NULL) {
  511. ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
  512. return 0;
  513. }
  514. if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
  515. ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
  516. return 0;
  517. }
  518. ret = i2d_ASN1_INTEGER(priv_key, pder);
  519. ASN1_STRING_clear_free(priv_key);
  520. return ret;
  521. }
  522. # define dsa_epki_priv_to_der dsa_pki_priv_to_der
  523. # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey
  524. # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey
  525. # define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams
  526. # define dsa_check_key_type NULL
  527. # define dsa_evp_type EVP_PKEY_DSA
  528. # define dsa_input_type "DSA"
  529. # define dsa_pem_type "DSA"
  530. #endif
  531. /* ---------------------------------------------------------------------- */
  532. #ifndef OPENSSL_NO_EC
  533. static int prepare_ec_explicit_params(const void *eckey,
  534. void **pstr, int *pstrtype)
  535. {
  536. ASN1_STRING *params = ASN1_STRING_new();
  537. if (params == NULL) {
  538. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  539. return 0;
  540. }
  541. params->length = i2d_ECParameters(eckey, &params->data);
  542. if (params->length <= 0) {
  543. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  544. ASN1_STRING_free(params);
  545. return 0;
  546. }
  547. *pstrtype = V_ASN1_SEQUENCE;
  548. *pstr = params;
  549. return 1;
  550. }
  551. /*
  552. * This implements EcpkParameters, where the CHOICE is based on whether there
  553. * is a curve name (curve nid) to be found or not. See RFC 3279 for details.
  554. */
  555. static int prepare_ec_params(const void *eckey, int nid, int save,
  556. void **pstr, int *pstrtype)
  557. {
  558. int curve_nid;
  559. const EC_GROUP *group = EC_KEY_get0_group(eckey);
  560. ASN1_OBJECT *params = NULL;
  561. if (group == NULL)
  562. return 0;
  563. curve_nid = EC_GROUP_get_curve_name(group);
  564. if (curve_nid != NID_undef) {
  565. params = OBJ_nid2obj(curve_nid);
  566. if (params == NULL)
  567. return 0;
  568. }
  569. if (curve_nid != NID_undef
  570. && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) {
  571. /* The CHOICE came to namedCurve */
  572. if (OBJ_length(params) == 0) {
  573. /* Some curves might not have an associated OID */
  574. ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID);
  575. ASN1_OBJECT_free(params);
  576. return 0;
  577. }
  578. *pstr = params;
  579. *pstrtype = V_ASN1_OBJECT;
  580. return 1;
  581. } else {
  582. /* The CHOICE came to ecParameters */
  583. return prepare_ec_explicit_params(eckey, pstr, pstrtype);
  584. }
  585. }
  586. static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
  587. {
  588. if (EC_KEY_get0_public_key(eckey) == NULL) {
  589. ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
  590. return 0;
  591. }
  592. return i2o_ECPublicKey(eckey, pder);
  593. }
  594. static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder)
  595. {
  596. EC_KEY *eckey = (EC_KEY *)veckey;
  597. unsigned int old_flags;
  598. int ret = 0;
  599. /*
  600. * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
  601. * as the pkeyalg->parameter field. (For a named curve this is an OID)
  602. * The pkey field is an octet string that holds the encoded
  603. * ECPrivateKey SEQUENCE with the optional parameters field omitted.
  604. * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
  605. */
  606. old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */
  607. EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS);
  608. ret = i2d_ECPrivateKey(eckey, pder);
  609. EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */
  610. return ret; /* return the length of the der encoded data */
  611. }
  612. # define ec_epki_priv_to_der ec_pki_priv_to_der
  613. # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters
  614. /* No ec_type_specific_pub_to_der, there simply is no such thing */
  615. # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey
  616. # define ec_check_key_type NULL
  617. # define ec_evp_type EVP_PKEY_EC
  618. # define ec_input_type "EC"
  619. # define ec_pem_type "EC"
  620. # ifndef OPENSSL_NO_SM2
  621. # define sm2_evp_type EVP_PKEY_SM2
  622. # define sm2_input_type "SM2"
  623. # define sm2_pem_type "SM2"
  624. # endif
  625. #endif
  626. /* ---------------------------------------------------------------------- */
  627. #ifndef OPENSSL_NO_ECX
  628. # define prepare_ecx_params NULL
  629. static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
  630. {
  631. const ECX_KEY *ecxkey = vecxkey;
  632. unsigned char *keyblob;
  633. if (ecxkey == NULL) {
  634. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
  635. return 0;
  636. }
  637. keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
  638. if (keyblob == NULL)
  639. return 0;
  640. *pder = keyblob;
  641. return ecxkey->keylen;
  642. }
  643. static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder)
  644. {
  645. const ECX_KEY *ecxkey = vecxkey;
  646. ASN1_OCTET_STRING oct;
  647. int keybloblen;
  648. if (ecxkey == NULL || ecxkey->privkey == NULL) {
  649. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
  650. return 0;
  651. }
  652. oct.data = ecxkey->privkey;
  653. oct.length = ecxkey->keylen;
  654. oct.flags = 0;
  655. keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
  656. if (keybloblen < 0) {
  657. ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
  658. return 0;
  659. }
  660. return keybloblen;
  661. }
  662. # define ecx_epki_priv_to_der ecx_pki_priv_to_der
  663. /*
  664. * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
  665. * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der.
  666. */
  667. # define ecx_check_key_type NULL
  668. # define ed25519_evp_type EVP_PKEY_ED25519
  669. # define ed448_evp_type EVP_PKEY_ED448
  670. # define x25519_evp_type EVP_PKEY_X25519
  671. # define x448_evp_type EVP_PKEY_X448
  672. # define ed25519_input_type "ED25519"
  673. # define ed448_input_type "ED448"
  674. # define x25519_input_type "X25519"
  675. # define x448_input_type "X448"
  676. # define ed25519_pem_type "ED25519"
  677. # define ed448_pem_type "ED448"
  678. # define x25519_pem_type "X25519"
  679. # define x448_pem_type "X448"
  680. #endif
  681. /* ---------------------------------------------------------------------- */
  682. /*
  683. * Helper functions to prepare RSA-PSS params for encoding. We would
  684. * have simply written the whole AlgorithmIdentifier, but existing libcrypto
  685. * functionality doesn't allow that.
  686. */
  687. static int prepare_rsa_params(const void *rsa, int nid, int save,
  688. void **pstr, int *pstrtype)
  689. {
  690. const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
  691. *pstr = NULL;
  692. switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
  693. case RSA_FLAG_TYPE_RSA:
  694. /* If plain RSA, the parameters shall be NULL */
  695. *pstrtype = V_ASN1_NULL;
  696. return 1;
  697. case RSA_FLAG_TYPE_RSASSAPSS:
  698. if (ossl_rsa_pss_params_30_is_unrestricted(pss)) {
  699. *pstrtype = V_ASN1_UNDEF;
  700. return 1;
  701. } else {
  702. ASN1_STRING *astr = NULL;
  703. WPACKET pkt;
  704. unsigned char *str = NULL;
  705. size_t str_sz = 0;
  706. int i;
  707. for (i = 0; i < 2; i++) {
  708. switch (i) {
  709. case 0:
  710. if (!WPACKET_init_null_der(&pkt))
  711. goto err;
  712. break;
  713. case 1:
  714. if ((str = OPENSSL_malloc(str_sz)) == NULL
  715. || !WPACKET_init_der(&pkt, str, str_sz)) {
  716. goto err;
  717. }
  718. break;
  719. }
  720. if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
  721. || !WPACKET_finish(&pkt)
  722. || !WPACKET_get_total_written(&pkt, &str_sz))
  723. goto err;
  724. WPACKET_cleanup(&pkt);
  725. /*
  726. * If no PSS parameters are going to be written, there's no
  727. * point going for another iteration.
  728. * This saves us from getting |str| allocated just to have it
  729. * immediately de-allocated.
  730. */
  731. if (str_sz == 0)
  732. break;
  733. }
  734. if ((astr = ASN1_STRING_new()) == NULL)
  735. goto err;
  736. *pstrtype = V_ASN1_SEQUENCE;
  737. ASN1_STRING_set0(astr, str, (int)str_sz);
  738. *pstr = astr;
  739. return 1;
  740. err:
  741. OPENSSL_free(str);
  742. return 0;
  743. }
  744. }
  745. /* Currently unsupported RSA key type */
  746. return 0;
  747. }
  748. /*
  749. * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
  750. * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
  751. */
  752. #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der
  753. #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der
  754. #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
  755. #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
  756. #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
  757. #define rsa_type_specific_params_to_der NULL
  758. static int rsa_check_key_type(const void *rsa, int expected_type)
  759. {
  760. switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
  761. case RSA_FLAG_TYPE_RSA:
  762. return expected_type == EVP_PKEY_RSA;
  763. case RSA_FLAG_TYPE_RSASSAPSS:
  764. return expected_type == EVP_PKEY_RSA_PSS;
  765. }
  766. /* Currently unsupported RSA key type */
  767. return EVP_PKEY_NONE;
  768. }
  769. #define rsa_evp_type EVP_PKEY_RSA
  770. #define rsapss_evp_type EVP_PKEY_RSA_PSS
  771. #define rsa_input_type "RSA"
  772. #define rsapss_input_type "RSA-PSS"
  773. #define rsa_pem_type "RSA"
  774. #define rsapss_pem_type "RSA-PSS"
  775. /* ---------------------------------------------------------------------- */
  776. static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
  777. static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
  778. static void *key2any_newctx(void *provctx)
  779. {
  780. struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
  781. if (ctx != NULL) {
  782. ctx->provctx = provctx;
  783. ctx->save_parameters = 1;
  784. }
  785. return ctx;
  786. }
  787. static void key2any_freectx(void *vctx)
  788. {
  789. struct key2any_ctx_st *ctx = vctx;
  790. ossl_pw_clear_passphrase_data(&ctx->pwdata);
  791. EVP_CIPHER_free(ctx->cipher);
  792. OPENSSL_free(ctx);
  793. }
  794. static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
  795. {
  796. static const OSSL_PARAM settables[] = {
  797. OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
  798. OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
  799. OSSL_PARAM_END,
  800. };
  801. return settables;
  802. }
  803. static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  804. {
  805. struct key2any_ctx_st *ctx = vctx;
  806. OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
  807. const OSSL_PARAM *cipherp =
  808. OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
  809. const OSSL_PARAM *propsp =
  810. OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
  811. const OSSL_PARAM *save_paramsp =
  812. OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
  813. if (cipherp != NULL) {
  814. const char *ciphername = NULL;
  815. const char *props = NULL;
  816. if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
  817. return 0;
  818. if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
  819. return 0;
  820. EVP_CIPHER_free(ctx->cipher);
  821. ctx->cipher = NULL;
  822. ctx->cipher_intent = ciphername != NULL;
  823. if (ciphername != NULL
  824. && ((ctx->cipher =
  825. EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
  826. return 0;
  827. }
  828. if (save_paramsp != NULL) {
  829. if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
  830. return 0;
  831. }
  832. return 1;
  833. }
  834. static int key2any_check_selection(int selection, int selection_mask)
  835. {
  836. /*
  837. * The selections are kinda sorta "levels", i.e. each selection given
  838. * here is assumed to include those following.
  839. */
  840. int checks[] = {
  841. OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
  842. OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
  843. OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
  844. };
  845. size_t i;
  846. /* The decoder implementations made here support guessing */
  847. if (selection == 0)
  848. return 1;
  849. for (i = 0; i < OSSL_NELEM(checks); i++) {
  850. int check1 = (selection & checks[i]) != 0;
  851. int check2 = (selection_mask & checks[i]) != 0;
  852. /*
  853. * If the caller asked for the currently checked bit(s), return
  854. * whether the decoder description says it's supported.
  855. */
  856. if (check1)
  857. return check2;
  858. }
  859. /* This should be dead code, but just to be safe... */
  860. return 0;
  861. }
  862. static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
  863. const void *key, int type, const char *pemname,
  864. check_key_type_fn *checker,
  865. key_to_der_fn *writer,
  866. OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
  867. key_to_paramstring_fn *key2paramstring,
  868. i2d_of_void *key2der)
  869. {
  870. int ret = 0;
  871. if (key == NULL) {
  872. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
  873. } else if (writer != NULL
  874. && (checker == NULL || checker(key, type))) {
  875. BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
  876. if (out != NULL
  877. && (pwcb == NULL
  878. || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg)))
  879. ret =
  880. writer(out, key, type, pemname, key2paramstring, key2der, ctx);
  881. BIO_free(out);
  882. } else {
  883. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
  884. }
  885. return ret;
  886. }
  887. #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
  888. #define DO_PRIVATE_KEY(impl, type, kind, output) \
  889. if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \
  890. return key2any_encode(ctx, cout, key, impl##_evp_type, \
  891. impl##_pem_type " PRIVATE KEY", \
  892. type##_check_key_type, \
  893. key_to_##kind##_##output##_priv_bio, \
  894. cb, cbarg, prepare_##type##_params, \
  895. type##_##kind##_priv_to_der);
  896. #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
  897. #define DO_PUBLIC_KEY(impl, type, kind, output) \
  898. if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \
  899. return key2any_encode(ctx, cout, key, impl##_evp_type, \
  900. impl##_pem_type " PUBLIC KEY", \
  901. type##_check_key_type, \
  902. key_to_##kind##_##output##_pub_bio, \
  903. cb, cbarg, prepare_##type##_params, \
  904. type##_##kind##_pub_to_der);
  905. #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
  906. #define DO_PARAMETERS(impl, type, kind, output) \
  907. if ((selection & DO_PARAMETERS_selection_mask) != 0) \
  908. return key2any_encode(ctx, cout, key, impl##_evp_type, \
  909. impl##_pem_type " PARAMETERS", \
  910. type##_check_key_type, \
  911. key_to_##kind##_##output##_param_bio, \
  912. NULL, NULL, NULL, \
  913. type##_##kind##_params_to_der);
  914. /*-
  915. * Implement the kinds of output structure that can be produced. They are
  916. * referred to by name, and for each name, the following macros are defined
  917. * (braces not included):
  918. *
  919. * DO_{kind}_selection_mask
  920. *
  921. * A mask of selection bits that must not be zero. This is used as a
  922. * selection criterion for each implementation.
  923. * This mask must never be zero.
  924. *
  925. * DO_{kind}
  926. *
  927. * The performing macro. It must use the DO_ macros defined above,
  928. * always in this order:
  929. *
  930. * - DO_PRIVATE_KEY
  931. * - DO_PUBLIC_KEY
  932. * - DO_PARAMETERS
  933. *
  934. * Any of those may be omitted, but the relative order must still be
  935. * the same.
  936. */
  937. /*
  938. * PKCS#8 defines two structures for private keys only:
  939. * - PrivateKeyInfo (raw unencrypted form)
  940. * - EncryptedPrivateKeyInfo (encrypted wrapping)
  941. *
  942. * To allow a certain amount of flexibility, we allow the routines
  943. * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
  944. * passphrase callback has been passed to them.
  945. */
  946. #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
  947. #define DO_PrivateKeyInfo(impl, type, output) \
  948. DO_PRIVATE_KEY(impl, type, pki, output)
  949. #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
  950. #define DO_EncryptedPrivateKeyInfo(impl, type, output) \
  951. DO_PRIVATE_KEY(impl, type, epki, output)
  952. /* SubjectPublicKeyInfo is a structure for public keys only */
  953. #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
  954. #define DO_SubjectPublicKeyInfo(impl, type, output) \
  955. DO_PUBLIC_KEY(impl, type, spki, output)
  956. /*
  957. * "type-specific" is a uniform name for key type specific output for private
  958. * and public keys as well as key parameters. This is used internally in
  959. * libcrypto so it doesn't have to have special knowledge about select key
  960. * types, but also when no better name has been found. If there are more
  961. * expressive DO_ names above, those are preferred.
  962. *
  963. * Three forms exist:
  964. *
  965. * - type_specific_keypair Only supports private and public key
  966. * - type_specific_params Only supports parameters
  967. * - type_specific Supports all parts of an EVP_PKEY
  968. * - type_specific_no_pub Supports all parts of an EVP_PKEY
  969. * except public key
  970. */
  971. #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask
  972. #define DO_type_specific_params(impl, type, output) \
  973. DO_PARAMETERS(impl, type, type_specific, output)
  974. #define DO_type_specific_keypair_selection_mask \
  975. ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask )
  976. #define DO_type_specific_keypair(impl, type, output) \
  977. DO_PRIVATE_KEY(impl, type, type_specific, output) \
  978. DO_PUBLIC_KEY(impl, type, type_specific, output)
  979. #define DO_type_specific_selection_mask \
  980. ( DO_type_specific_keypair_selection_mask \
  981. | DO_type_specific_params_selection_mask )
  982. #define DO_type_specific(impl, type, output) \
  983. DO_type_specific_keypair(impl, type, output) \
  984. DO_type_specific_params(impl, type, output)
  985. #define DO_type_specific_no_pub_selection_mask \
  986. ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask)
  987. #define DO_type_specific_no_pub(impl, type, output) \
  988. DO_PRIVATE_KEY(impl, type, type_specific, output) \
  989. DO_type_specific_params(impl, type, output)
  990. /*
  991. * Type specific aliases for the cases where we need to refer to them by
  992. * type name.
  993. * This only covers key types that are represented with i2d_{TYPE}PrivateKey,
  994. * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters.
  995. */
  996. #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask
  997. #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output)
  998. #define DO_DH_selection_mask DO_type_specific_params_selection_mask
  999. #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output)
  1000. #define DO_DHX_selection_mask DO_type_specific_params_selection_mask
  1001. #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output)
  1002. #define DO_DSA_selection_mask DO_type_specific_selection_mask
  1003. #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output)
  1004. #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask
  1005. #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output)
  1006. #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask
  1007. #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output)
  1008. /* PKCS#1 defines a structure for RSA private and public keys */
  1009. #define DO_PKCS1_selection_mask DO_RSA_selection_mask
  1010. #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output)
  1011. /* PKCS#3 defines a structure for DH parameters */
  1012. #define DO_PKCS3_selection_mask DO_DH_selection_mask
  1013. #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output)
  1014. /* X9.42 defines a structure for DHx parameters */
  1015. #define DO_X9_42_selection_mask DO_DHX_selection_mask
  1016. #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output)
  1017. /* X9.62 defines a structure for EC keys and parameters */
  1018. #define DO_X9_62_selection_mask DO_EC_selection_mask
  1019. #define DO_X9_62(impl, type, output) DO_EC(impl, type, output)
  1020. /*
  1021. * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
  1022. * It takes the following arguments:
  1023. *
  1024. * impl This is the key type name that's being implemented.
  1025. * type This is the type name for the set of functions that implement
  1026. * the key type. For example, ed25519, ed448, x25519 and x448
  1027. * are all implemented with the exact same set of functions.
  1028. * evp_type The corresponding EVP_PKEY_xxx type macro for each key.
  1029. * Necessary because we currently use EVP_PKEY with legacy
  1030. * native keys internally. This will need to be refactored
  1031. * when that legacy support goes away.
  1032. * kind What kind of support to implement. These translate into
  1033. * the DO_##kind macros above.
  1034. * output The output type to implement. may be der or pem.
  1035. *
  1036. * The resulting OSSL_DISPATCH array gets the following name (expressed in
  1037. * C preprocessor terms) from those arguments:
  1038. *
  1039. * ossl_##impl##_to_##kind##_##output##_encoder_functions
  1040. */
  1041. #define MAKE_ENCODER(impl, type, evp_type, kind, output) \
  1042. static OSSL_FUNC_encoder_import_object_fn \
  1043. impl##_to_##kind##_##output##_import_object; \
  1044. static OSSL_FUNC_encoder_free_object_fn \
  1045. impl##_to_##kind##_##output##_free_object; \
  1046. static OSSL_FUNC_encoder_encode_fn \
  1047. impl##_to_##kind##_##output##_encode; \
  1048. \
  1049. static void * \
  1050. impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \
  1051. const OSSL_PARAM params[]) \
  1052. { \
  1053. struct key2any_ctx_st *ctx = vctx; \
  1054. \
  1055. return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \
  1056. ctx->provctx, selection, params); \
  1057. } \
  1058. static void impl##_to_##kind##_##output##_free_object(void *key) \
  1059. { \
  1060. ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \
  1061. } \
  1062. static int impl##_to_##kind##_##output##_does_selection(void *ctx, \
  1063. int selection) \
  1064. { \
  1065. return key2any_check_selection(selection, \
  1066. DO_##kind##_selection_mask); \
  1067. } \
  1068. static int \
  1069. impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \
  1070. const void *key, \
  1071. const OSSL_PARAM key_abstract[], \
  1072. int selection, \
  1073. OSSL_PASSPHRASE_CALLBACK *cb, \
  1074. void *cbarg) \
  1075. { \
  1076. /* We don't deal with abstract objects */ \
  1077. if (key_abstract != NULL) { \
  1078. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
  1079. return 0; \
  1080. } \
  1081. DO_##kind(impl, type, output) \
  1082. \
  1083. ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
  1084. return 0; \
  1085. } \
  1086. const OSSL_DISPATCH \
  1087. ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \
  1088. { OSSL_FUNC_ENCODER_NEWCTX, \
  1089. (void (*)(void))key2any_newctx }, \
  1090. { OSSL_FUNC_ENCODER_FREECTX, \
  1091. (void (*)(void))key2any_freectx }, \
  1092. { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
  1093. (void (*)(void))key2any_settable_ctx_params }, \
  1094. { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
  1095. (void (*)(void))key2any_set_ctx_params }, \
  1096. { OSSL_FUNC_ENCODER_DOES_SELECTION, \
  1097. (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \
  1098. { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \
  1099. (void (*)(void))impl##_to_##kind##_##output##_import_object }, \
  1100. { OSSL_FUNC_ENCODER_FREE_OBJECT, \
  1101. (void (*)(void))impl##_to_##kind##_##output##_free_object }, \
  1102. { OSSL_FUNC_ENCODER_ENCODE, \
  1103. (void (*)(void))impl##_to_##kind##_##output##_encode }, \
  1104. OSSL_DISPATCH_END \
  1105. }
  1106. /*
  1107. * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
  1108. * i2d_{TYPE}params, as they exist.
  1109. */
  1110. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der);
  1111. #ifndef OPENSSL_NO_DH
  1112. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der);
  1113. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der);
  1114. #endif
  1115. #ifndef OPENSSL_NO_DSA
  1116. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der);
  1117. #endif
  1118. #ifndef OPENSSL_NO_EC
  1119. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der);
  1120. # ifndef OPENSSL_NO_SM2
  1121. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der);
  1122. # endif
  1123. #endif
  1124. /*
  1125. * Replacements for PEM_write_bio_{TYPE}PrivateKey,
  1126. * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist.
  1127. */
  1128. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem);
  1129. #ifndef OPENSSL_NO_DH
  1130. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem);
  1131. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem);
  1132. #endif
  1133. #ifndef OPENSSL_NO_DSA
  1134. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem);
  1135. #endif
  1136. #ifndef OPENSSL_NO_EC
  1137. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
  1138. # ifndef OPENSSL_NO_SM2
  1139. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
  1140. # endif
  1141. #endif
  1142. /*
  1143. * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the
  1144. * implementations specified above, but are more specific.
  1145. * The SubjectPublicKeyInfo implementations also replace the
  1146. * PEM_write_bio_{TYPE}_PUBKEY functions.
  1147. * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
  1148. * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
  1149. */
  1150. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der);
  1151. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem);
  1152. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der);
  1153. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem);
  1154. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der);
  1155. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem);
  1156. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der);
  1157. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem);
  1158. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der);
  1159. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem);
  1160. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der);
  1161. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem);
  1162. #ifndef OPENSSL_NO_DH
  1163. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der);
  1164. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem);
  1165. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der);
  1166. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem);
  1167. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der);
  1168. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem);
  1169. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der);
  1170. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem);
  1171. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der);
  1172. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem);
  1173. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der);
  1174. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem);
  1175. #endif
  1176. #ifndef OPENSSL_NO_DSA
  1177. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der);
  1178. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem);
  1179. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der);
  1180. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem);
  1181. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der);
  1182. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem);
  1183. #endif
  1184. #ifndef OPENSSL_NO_EC
  1185. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
  1186. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
  1187. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
  1188. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
  1189. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
  1190. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
  1191. # ifndef OPENSSL_NO_SM2
  1192. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
  1193. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
  1194. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
  1195. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
  1196. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
  1197. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
  1198. # endif
  1199. # ifndef OPENSSL_NO_ECX
  1200. MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der);
  1201. MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem);
  1202. MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der);
  1203. MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem);
  1204. MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der);
  1205. MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem);
  1206. MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
  1207. MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
  1208. MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
  1209. MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
  1210. MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
  1211. MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
  1212. MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der);
  1213. MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem);
  1214. MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der);
  1215. MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem);
  1216. MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der);
  1217. MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem);
  1218. MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
  1219. MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
  1220. MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
  1221. MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
  1222. MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
  1223. MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
  1224. # endif
  1225. #endif
  1226. /*
  1227. * Support for key type specific output formats. Not all key types have
  1228. * this, we only aim to duplicate what is available in 1.1.1 as
  1229. * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams().
  1230. * For example, there are no publicly available i2d_ function for
  1231. * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8
  1232. * and SubjectPublicKeyInfo implementations as implemented above.
  1233. */
  1234. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der);
  1235. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem);
  1236. #ifndef OPENSSL_NO_DH
  1237. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der);
  1238. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem);
  1239. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der);
  1240. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem);
  1241. #endif
  1242. #ifndef OPENSSL_NO_DSA
  1243. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der);
  1244. MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem);
  1245. #endif
  1246. #ifndef OPENSSL_NO_EC
  1247. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der);
  1248. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem);
  1249. # ifndef OPENSSL_NO_SM2
  1250. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der);
  1251. MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem);
  1252. # endif
  1253. #endif
  1254. /* Convenience structure names */
  1255. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der);
  1256. MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem);
  1257. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der);
  1258. MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem);
  1259. #ifndef OPENSSL_NO_DH
  1260. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */
  1261. MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */
  1262. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */
  1263. MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */
  1264. #endif
  1265. #ifndef OPENSSL_NO_EC
  1266. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der);
  1267. MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem);
  1268. #endif