]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/implementations/encode_decode/decode_der2key.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Mark pop/clear error stack in der2key_decode_p8
[thirdparty/openssl.git] / providers / implementations / encode_decode / decode_der2key.c
CommitLineData
7c664b1f 1/*
a28d06f3 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
7c664b1f
RL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
16#include <openssl/core_dispatch.h>
17#include <openssl/core_names.h>
14c8a3d1 18#include <openssl/core_object.h>
7c664b1f 19#include <openssl/crypto.h>
8ae40cf5 20#include <openssl/err.h>
7c664b1f 21#include <openssl/params.h>
8ae40cf5
RL		 22#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23#include <openssl/pkcs12.h>
7c664b1f 24#include <openssl/x509.h>
2741128e 25#include <openssl/proverr.h>
8ae40cf5
RL		 26#include "internal/cryptlib.h" /* ossl_assert() */
27#include "internal/asn1.h"
6963979f
RL		 28#include "crypto/dh.h"
29#include "crypto/dsa.h"
30#include "crypto/ec.h"
576892d7 31#include "crypto/evp.h"
8ae40cf5 32#include "crypto/ecx.h"
6963979f 33#include "crypto/rsa.h"
10315851 34#include "crypto/x509.h"
7c664b1f
RL		 35#include "prov/bio.h"
36#include "prov/implementations.h"
8ae40cf5 37#include "endecoder_local.h"
7c664b1f 38
6963979f 39struct der2key_ctx_st; /* Forward declaration */
65ef000e
RL		 40typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
41typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
42typedef void free_key_fn(void *);
cf333799
RL		 43typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
44 struct der2key_ctx_st *,
45 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg);
7c664b1f 46struct keytype_desc_st {
2c090c1d 47 const char *keytype_name;
7c664b1f
RL		 48 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
49
2c090c1d
RL		 50 /* The input structure name */
51 const char *structure_name;
52
53 /*
54 * The EVP_PKEY_xxx type macro. Should be zero for type specific
55 * structures, non-zero when the outermost structure is PKCS#8 or
56 * SubjectPublicKeyInfo. This determines which of the function
57 * pointers below will be used.
58 */
59 int evp_type;
60
61 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
62 int selection_mask;
63
64 /* For type specific decoders, we use the corresponding d2i */
06f67612
RL		 65 d2i_of_void *d2i_private_key; /* From type-specific DER */
66 d2i_of_void *d2i_public_key; /* From type-specific DER */
67 d2i_of_void *d2i_key_params; /* From type-specific DER */
cf333799 68 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PKCS#8, possibly encrypted */
06f67612 69 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
6963979f 70
65ef000e
RL		 71 /*
72 * For any key, we may need to check that the key meets expectations.
73 * This is useful when the same functions can decode several variants
74 * of a key.
75 */
76 check_key_fn *check_key;
77
6963979f
RL		 78 /*
79 * For any key, we may need to make provider specific adjustments, such
80 * as ensure the key carries the correct library context.
81 */
82 adjust_key_fn *adjust_key;
2c090c1d 83 /* {type}_free() */
7c664b1f
RL		 84 free_key_fn *free_key;
85};
86
87/*
ece9304c 88 * Context used for DER to key decoding.
7c664b1f
RL		 89 */
90struct der2key_ctx_st {
91 PROV_CTX *provctx;
92 const struct keytype_desc_st *desc;
cf333799
RL		 93 /* Flag used to signal that a failure is fatal */
94 unsigned int flag_fatal : 1;
7c664b1f
RL		 95};
96
cf333799
RL		 97static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
98 unsigned char **data, long *len)
99{
100 BUF_MEM *mem = NULL;
101 BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
102 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
103
104 if (ok) {
105 *data = (unsigned char *)mem->data;
106 *len = (long)mem->length;
107 OPENSSL_free(mem);
108 }
109 BIO_free(in);
110 return ok;
111}
112
113typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
114 OSSL_LIB_CTX *libctx, const char *propq);
115static void *der2key_decode_p8(const unsigned char **input_der,
116 long input_der_len, struct der2key_ctx_st *ctx,
117 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
118 key_from_pkcs8_t *key_from_pkcs8)
119{
120 X509_SIG *p8 = NULL;
121 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
122 const X509_ALGOR *alg = NULL;
123 void *key = NULL;
124
125 ctx->flag_fatal = 0;
9cc97ddf 126
8be513ae 127 ERR_set_mark();
cf333799
RL		 128 if ((p8 = d2i_X509_SIG(NULL, input_der, input_der_len)) != NULL) {
129 char pbuf[PEM_BUFSIZE];
130 size_t plen = 0;
131
8be513ae
DB		 132 ERR_clear_last_mark();
133
cf333799
RL		 134 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg))
135 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
136 else
137 p8inf = PKCS8_decrypt(p8, pbuf, plen);
138 if (p8inf == NULL)
139 ctx->flag_fatal = 1;
140 X509_SIG_free(p8);
141 } else {
8be513ae
DB		 142 /* Pop any errors that might have been raised by d2i_X509_SIG. */
143 ERR_pop_to_mark();
cf333799
RL		 144 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len);
145 }
146 if (p8inf != NULL
147 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
148 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
149 key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
150 PKCS8_PRIV_KEY_INFO_free(p8inf);
9cc97ddf 151
cf333799
RL		 152 return key;
153}
154
155/* ---------------------------------------------------------------------- */
156
157static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
158static OSSL_FUNC_decoder_decode_fn der2key_decode;
159static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
160
7c664b1f
RL		 161static struct der2key_ctx_st *
162der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
163{
164 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
165
166 if (ctx != NULL) {
167 ctx->provctx = provctx;
168 ctx->desc = desc;
169 }
170 return ctx;
171}
172
173static void der2key_freectx(void *vctx)
174{
175 struct der2key_ctx_st *ctx = vctx;
176
177 OPENSSL_free(ctx);
178}
179
2c090c1d
RL		 180static const OSSL_PARAM *
181der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
7c664b1f
RL		 182{
183 static const OSSL_PARAM gettables[] = {
ece9304c 184 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
7c664b1f
RL		 185 OSSL_PARAM_END,
186 };
2c090c1d
RL		 187 static const OSSL_PARAM gettables_w_structure[] = {
188 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
189 { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
190 OSSL_PARAM_END,
191 };
7c664b1f 192
2c090c1d 193 return desc->structure_name != NULL ? gettables_w_structure : gettables;
7c664b1f
RL		 194}
195
2c090c1d
RL		 196static int der2key_get_params(OSSL_PARAM params[],
197 const struct keytype_desc_st *desc)
7c664b1f
RL		 198{
199 OSSL_PARAM *p;
200
ece9304c 201 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
7c664b1f
RL		 202 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
203 return 0;
2c090c1d
RL		 204 if (desc->structure_name != NULL) {
205 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
206 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
207 return 0;
208 }
7c664b1f
RL		 209
210 return 1;
211}
212
2c090c1d
RL		 213static int der2key_check_selection(int selection,
214 const struct keytype_desc_st *desc)
215{
216 /*
217 * The selections are kinda sorta "levels", i.e. each selection given
218 * here is assumed to include those following.
219 */
220 int checks[] = {
221 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
222 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
223 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
224 };
225 size_t i;
226
227 /* The decoder implementations made here support guessing */
228 if (selection == 0)
229 return 1;
230
231 for (i = 0; i < OSSL_NELEM(checks); i++) {
232 int check1 = (selection & checks[i]) != 0;
233 int check2 = (desc->selection_mask & checks[i]) != 0;
234
235 /*
236 * If the caller asked for the currently checked bit(s), return
237 * whether the decoder description says it's supported.
238 */
239 if (check1)
240 return check2;
241 }
242
243 /* This should be dead code, but just to be safe... */
244 return 0;
245}
246
247static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
ece9304c
RL		 248 OSSL_CALLBACK *data_cb, void *data_cbarg,
249 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
7c664b1f
RL		 250{
251 struct der2key_ctx_st *ctx = vctx;
7c664b1f
RL		 252 unsigned char *der = NULL;
253 const unsigned char *derp;
254 long der_len = 0;
7c664b1f 255 void *key = NULL;
2c090c1d 256 int orig_selection = selection;
66066e1b 257 int ok = 0;
7c664b1f 258
7c664b1f 259 /*
2c090c1d
RL		 260 * The caller is allowed to specify 0 as a selection mark, to have the
261 * structure and key type guessed. For type-specific structures, this
262 * is not recommended, as some structures are very similar.
263 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
264 * signifies a private key structure, where everything else is assumed
265 * to be present as well.
7c664b1f 266 */
2c090c1d
RL		 267 if (selection == 0)
268 selection = ctx->desc->selection_mask;
269 if ((selection & ctx->desc->selection_mask) == 0) {
270 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
271 return 0;
7c664b1f
RL		 272 }
273
9cc97ddf
RL		 274 ok = read_der(ctx->provctx, cin, &der, &der_len);
275 if (!ok)
65ef000e 276 goto next;
7c664b1f 277
9cc97ddf
RL		 278 ok = 0; /* Assume that we fail */
279
cf333799 280 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
b5b6669f 281 derp = der;
cf333799
RL		 282 if (ctx->desc->d2i_PKCS8 != NULL) {
283 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx,
284 pw_cb, pw_cbarg);
285 if (ctx->flag_fatal)
286 goto end;
287 } else if (ctx->desc->d2i_private_key != NULL) {
288 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
289 }
65ef000e
RL		 290 if (key == NULL && orig_selection != 0)
291 goto next;
292 }
cf333799 293 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
65ef000e 294 derp = der;
06f67612
RL		 295 if (ctx->desc->d2i_PUBKEY != NULL)
296 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
297 else
298 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
65ef000e
RL		 299 if (key == NULL && orig_selection != 0)
300 goto next;
301 }
cf333799 302 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
65ef000e 303 derp = der;
cf333799
RL		 304 if (ctx->desc->d2i_key_params != NULL)
305 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
306 if (key == NULL && orig_selection != 0)
307 goto next;
7c664b1f 308 }
9cc97ddf
RL		 309
310 /*
311 * Last minute check to see if this was the correct type of key. This
312 * should never lead to a fatal error, i.e. the decoding itself was
313 * correct, it was just an unexpected key type. This is generally for
314 * classes of key types that have subtle variants, like RSA-PSS keys as
315 * opposed to plain RSA keys.
316 */
65ef000e
RL		 317 if (key != NULL
318 && ctx->desc->check_key != NULL
319 && !ctx->desc->check_key(key, ctx)) {
9cc97ddf
RL		 320 ctx->desc->free_key(key);
321 key = NULL;
65ef000e
RL		 322 }
323
6963979f
RL		 324 if (key != NULL && ctx->desc->adjust_key != NULL)
325 ctx->desc->adjust_key(key, ctx);
326
65ef000e 327 next:
2c090c1d 328 /*
9cc97ddf
RL		 329 * Indicated that we successfully decoded something, or not at all.
330 * Ending up "empty handed" is not an error.
2c090c1d 331 */
9cc97ddf 332 ok = 1;
2c090c1d 333
65ef000e
RL		 334 /*
335 * We free memory here so it's not held up during the callback, because
336 * we know the process is recursive and the allocated chunks of memory
337 * add up.
338 */
7c664b1f 339 OPENSSL_free(der);
65ef000e 340 der = NULL;
7c664b1f
RL		 341
342 if (key != NULL) {
14c8a3d1
RL		 343 OSSL_PARAM params[4];
344 int object_type = OSSL_OBJECT_PKEY;
7c664b1f
RL		 345
346 params[0] =
14c8a3d1
RL		 347 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
348 params[1] =
349 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
2c090c1d
RL		 350 (char *)ctx->desc->keytype_name,
351 0);
7c664b1f 352 /* The address of the key becomes the octet string */
14c8a3d1
RL		 353 params[2] =
354 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
7c664b1f 355 &key, sizeof(key));
14c8a3d1 356 params[3] = OSSL_PARAM_construct_end();
7c664b1f
RL		 357
358 ok = data_cb(params, data_cbarg);
359 }
65ef000e
RL		 360
361 end:
7c664b1f 362 ctx->desc->free_key(key);
65ef000e 363 OPENSSL_free(der);
7c664b1f
RL		 364
365 return ok;
366}
367
368static int der2key_export_object(void *vctx,
369 const void *reference, size_t reference_sz,
370 OSSL_CALLBACK *export_cb, void *export_cbarg)
371{
372 struct der2key_ctx_st *ctx = vctx;
373 OSSL_FUNC_keymgmt_export_fn *export =
374 ossl_prov_get_keymgmt_export(ctx->desc->fns);
375 void *keydata;
376
377 if (reference_sz == sizeof(keydata) && export != NULL) {
378 /* The contents of the reference is the address to our object */
379 keydata = *(void **)reference;
380
381 return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
382 export_cb, export_cbarg);
383 }
384 return 0;
385}
386
2c090c1d
RL		 387/* ---------------------------------------------------------------------- */
388
389#ifndef OPENSSL_NO_DH
390# define dh_evp_type EVP_PKEY_DH
2c090c1d
RL		 391# define dh_d2i_private_key NULL
392# define dh_d2i_public_key NULL
393# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
cf333799
RL		 394
395static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
396 struct der2key_ctx_st *ctx,
397 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
398{
399 return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
400 (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
401}
402
06f67612 403# define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY
2c090c1d 404# define dh_free (free_key_fn *)DH_free
65ef000e 405# define dh_check NULL
2c090c1d 406
6963979f
RL		 407static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
408{
409 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
410}
411
2c090c1d 412# define dhx_evp_type EVP_PKEY_DHX
2c090c1d
RL		 413# define dhx_d2i_private_key NULL
414# define dhx_d2i_public_key NULL
415# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
cf333799 416# define dhx_d2i_PKCS8 dh_d2i_PKCS8
06f67612 417# define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY
2c090c1d 418# define dhx_free (free_key_fn *)DH_free
65ef000e 419# define dhx_check NULL
6963979f 420# define dhx_adjust dh_adjust
2c090c1d
RL		 421#endif
422
423/* ---------------------------------------------------------------------- */
424
425#ifndef OPENSSL_NO_DSA
426# define dsa_evp_type EVP_PKEY_DSA
2c090c1d
RL		 427# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
428# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
429# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
cf333799
RL		 430
431static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
432 struct der2key_ctx_st *ctx,
433 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
434{
435 return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
436 (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
437}
438
06f67612 439# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY
2c090c1d 440# define dsa_free (free_key_fn *)DSA_free
65ef000e 441# define dsa_check NULL
6963979f
RL		 442
443static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
444{
445 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
446}
2c090c1d
RL		 447#endif
448
449/* ---------------------------------------------------------------------- */
450
451#ifndef OPENSSL_NO_EC
452# define ec_evp_type EVP_PKEY_EC
2c090c1d
RL		 453# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
454# define ec_d2i_public_key NULL
455# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
cf333799
RL		 456
457static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
458 struct der2key_ctx_st *ctx,
459 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
460{
461 return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
462 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
463}
464
06f67612 465# define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
2c090c1d
RL		 466# define ec_free (free_key_fn *)EC_KEY_free
467
65ef000e
RL		 468static int ec_check(void *key, struct der2key_ctx_st *ctx)
469{
470 /* We're trying to be clever by comparing two truths */
471
472 int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
473
474 return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
475}
476
6963979f
RL		 477static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
478{
32ab57cb 479 ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
6963979f
RL		 480}
481
2c090c1d
RL		 482/*
483 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
484 * so no d2i functions to be had.
485 */
6963979f 486
cf333799
RL		 487static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
488 struct der2key_ctx_st *ctx,
489 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
490{
491 return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
492 (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
493}
494
6963979f
RL		 495static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
496{
32ab57cb 497 ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
6963979f
RL		 498}
499
2c090c1d 500# define ed25519_evp_type EVP_PKEY_ED25519
2c090c1d
RL		 501# define ed25519_d2i_private_key NULL
502# define ed25519_d2i_public_key NULL
503# define ed25519_d2i_key_params NULL
cf333799 504# define ed25519_d2i_PKCS8 ecx_d2i_PKCS8
06f67612 505# define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
32ab57cb 506# define ed25519_free (free_key_fn *)ossl_ecx_key_free
65ef000e 507# define ed25519_check NULL
6963979f 508# define ed25519_adjust ecx_key_adjust
2c090c1d
RL		 509
510# define ed448_evp_type EVP_PKEY_ED448
2c090c1d
RL		 511# define ed448_d2i_private_key NULL
512# define ed448_d2i_public_key NULL
513# define ed448_d2i_key_params NULL
cf333799 514# define ed448_d2i_PKCS8 ecx_d2i_PKCS8
06f67612 515# define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY
32ab57cb 516# define ed448_free (free_key_fn *)ossl_ecx_key_free
65ef000e 517# define ed448_check NULL
6963979f 518# define ed448_adjust ecx_key_adjust
2c090c1d
RL		 519
520# define x25519_evp_type EVP_PKEY_X25519
2c090c1d
RL		 521# define x25519_d2i_private_key NULL
522# define x25519_d2i_public_key NULL
523# define x25519_d2i_key_params NULL
cf333799 524# define x25519_d2i_PKCS8 ecx_d2i_PKCS8
06f67612 525# define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY
32ab57cb 526# define x25519_free (free_key_fn *)ossl_ecx_key_free
65ef000e 527# define x25519_check NULL
6963979f 528# define x25519_adjust ecx_key_adjust
2c090c1d
RL		 529
530# define x448_evp_type EVP_PKEY_X448
2c090c1d
RL		 531# define x448_d2i_private_key NULL
532# define x448_d2i_public_key NULL
533# define x448_d2i_key_params NULL
cf333799 534# define x448_d2i_PKCS8 ecx_d2i_PKCS8
06f67612 535# define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY
32ab57cb 536# define x448_free (free_key_fn *)ossl_ecx_key_free
65ef000e 537# define x448_check NULL
6963979f 538# define x448_adjust ecx_key_adjust
f2db0528
RL		 539
540# ifndef OPENSSL_NO_SM2
541# define sm2_evp_type EVP_PKEY_SM2
f2db0528
RL		 542# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
543# define sm2_d2i_public_key NULL
544# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
cf333799
RL		 545
546static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
547 struct der2key_ctx_st *ctx,
548 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
549{
550 return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
551 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
552}
553
06f67612 554# define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
f2db0528 555# define sm2_free (free_key_fn *)EC_KEY_free
65ef000e 556# define sm2_check ec_check
f2db0528
RL		 557# define sm2_adjust ec_adjust
558# endif
2c090c1d
RL		 559#endif
560
561/* ---------------------------------------------------------------------- */
562
563#define rsa_evp_type EVP_PKEY_RSA
2c090c1d
RL		 564#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
565#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
566#define rsa_d2i_key_params NULL
cf333799
RL		 567
568static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
569 struct der2key_ctx_st *ctx,
570 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
571{
572 return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
573 (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
574}
575
06f67612 576#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
2c090c1d
RL		 577#define rsa_free (free_key_fn *)RSA_free
578
65ef000e
RL		 579static int rsa_check(void *key, struct der2key_ctx_st *ctx)
580{
581 switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
582 case RSA_FLAG_TYPE_RSA:
583 return ctx->desc->evp_type == EVP_PKEY_RSA;
584 case RSA_FLAG_TYPE_RSASSAPSS:
585 return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
586 }
587
588 /* Currently unsupported RSA key type */
589 return 0;
590}
591
6963979f
RL		 592static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
593{
594 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
595}
596
2c090c1d 597#define rsapss_evp_type EVP_PKEY_RSA_PSS
2c090c1d
RL		 598#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
599#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
600#define rsapss_d2i_key_params NULL
cf333799 601#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8
06f67612 602#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
2c090c1d 603#define rsapss_free (free_key_fn *)RSA_free
65ef000e 604#define rsapss_check rsa_check
6963979f 605#define rsapss_adjust rsa_adjust
2c090c1d
RL		 606
607/* ---------------------------------------------------------------------- */
608
609/*
610 * The DO_ macros help define the selection mask and the method functions
611 * for each kind of object we want to decode.
612 */
613#define DO_type_specific_keypair(keytype) \
65ef000e 614 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 615 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
616 keytype##_d2i_private_key, \
617 keytype##_d2i_public_key, \
618 NULL, \
619 NULL, \
06f67612 620 NULL, \
65ef000e 621 keytype##_check, \
6963979f 622 keytype##_adjust, \
2c090c1d
RL		 623 keytype##_free
624
625#define DO_type_specific_pub(keytype) \
65ef000e 626 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 627 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
628 NULL, \
629 keytype##_d2i_public_key, \
630 NULL, \
631 NULL, \
06f67612 632 NULL, \
65ef000e 633 keytype##_check, \
6963979f 634 keytype##_adjust, \
2c090c1d
RL		 635 keytype##_free
636
637#define DO_type_specific_priv(keytype) \
65ef000e 638 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 639 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
640 keytype##_d2i_private_key, \
641 NULL, \
642 NULL, \
643 NULL, \
06f67612 644 NULL, \
65ef000e 645 keytype##_check, \
6963979f 646 keytype##_adjust, \
2c090c1d
RL		 647 keytype##_free
648
649#define DO_type_specific_params(keytype) \
65ef000e 650 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 651 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
652 NULL, \
653 NULL, \
654 keytype##_d2i_key_params, \
655 NULL, \
06f67612 656 NULL, \
65ef000e 657 keytype##_check, \
6963979f 658 keytype##_adjust, \
2c090c1d
RL		 659 keytype##_free
660
661#define DO_type_specific(keytype) \
65ef000e 662 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 663 ( OSSL_KEYMGMT_SELECT_ALL ), \
664 keytype##_d2i_private_key, \
665 keytype##_d2i_public_key, \
666 keytype##_d2i_key_params, \
667 NULL, \
06f67612 668 NULL, \
65ef000e 669 keytype##_check, \
6963979f 670 keytype##_adjust, \
2c090c1d
RL		 671 keytype##_free
672
673#define DO_type_specific_no_pub(keytype) \
65ef000e 674 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 675 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
676 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
677 keytype##_d2i_private_key, \
678 NULL, \
679 keytype##_d2i_key_params, \
680 NULL, \
06f67612 681 NULL, \
65ef000e 682 keytype##_check, \
6963979f 683 keytype##_adjust, \
2c090c1d
RL		 684 keytype##_free
685
686#define DO_PKCS8(keytype) \
687 "pkcs8", keytype##_evp_type, \
688 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
689 NULL, \
690 NULL, \
691 NULL, \
cf333799 692 keytype##_d2i_PKCS8, \
06f67612 693 NULL, \
65ef000e 694 keytype##_check, \
6963979f 695 keytype##_adjust, \
2c090c1d
RL		 696 keytype##_free
697
698#define DO_SubjectPublicKeyInfo(keytype) \
699 "SubjectPublicKeyInfo", keytype##_evp_type, \
700 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
701 NULL, \
702 NULL, \
703 NULL, \
cf333799 704 NULL, \
06f67612 705 keytype##_d2i_PUBKEY, \
65ef000e 706 keytype##_check, \
6963979f 707 keytype##_adjust, \
2c090c1d
RL		 708 keytype##_free
709
710#define DO_DH(keytype) \
65ef000e 711 "DH", keytype##_evp_type, \
2c090c1d
RL		 712 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
713 NULL, \
714 NULL, \
715 keytype##_d2i_key_params, \
716 NULL, \
06f67612 717 NULL, \
65ef000e 718 keytype##_check, \
6963979f 719 keytype##_adjust, \
2c090c1d
RL		 720 keytype##_free
721
722#define DO_DHX(keytype) \
65ef000e 723 "DHX", keytype##_evp_type, \
2c090c1d
RL		 724 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
725 NULL, \
726 NULL, \
727 keytype##_d2i_key_params, \
728 NULL, \
06f67612 729 NULL, \
65ef000e 730 keytype##_check, \
6963979f 731 keytype##_adjust, \
2c090c1d
RL		 732 keytype##_free
733
734#define DO_DSA(keytype) \
65ef000e 735 "DSA", keytype##_evp_type, \
2c090c1d
RL		 736 ( OSSL_KEYMGMT_SELECT_ALL ), \
737 keytype##_d2i_private_key, \
738 keytype##_d2i_public_key, \
739 keytype##_d2i_key_params, \
740 NULL, \
06f67612 741 NULL, \
65ef000e 742 keytype##_check, \
6963979f 743 keytype##_adjust, \
2c090c1d
RL		 744 keytype##_free
745
746#define DO_EC(keytype) \
65ef000e 747 "EC", keytype##_evp_type, \
2c090c1d
RL		 748 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
749 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
750 keytype##_d2i_private_key, \
751 NULL, \
752 keytype##_d2i_key_params, \
753 NULL, \
06f67612 754 NULL, \
65ef000e 755 keytype##_check, \
6963979f 756 keytype##_adjust, \
2c090c1d
RL		 757 keytype##_free
758
759#define DO_RSA(keytype) \
65ef000e 760 "RSA", keytype##_evp_type, \
2c090c1d
RL		 761 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
762 keytype##_d2i_private_key, \
763 keytype##_d2i_public_key, \
764 NULL, \
765 NULL, \
06f67612 766 NULL, \
65ef000e 767 keytype##_check, \
6963979f 768 keytype##_adjust, \
2c090c1d
RL		 769 keytype##_free
770
771/*
772 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
773 * It takes the following arguments:
774 *
775 * keytype_name The implementation key type as a string.
776 * keytype The implementation key type. This must correspond exactly
777 * to our existing keymgmt keytype names... in other words,
778 * there must exist an ossl_##keytype##_keymgmt_functions.
779 * type The type name for the set of functions that implement the
780 * decoder for the key type. This isn't necessarily the same
781 * as keytype. For example, the key types ed25519, ed448,
782 * x25519 and x448 are all handled by the same functions with
783 * the common type name ecx.
784 * kind The kind of support to implement. This translates into
785 * the DO_##kind macros above, to populate the keytype_desc_st
786 * structure.
787 */
788#define MAKE_DECODER(keytype_name, keytype, type, kind) \
789 static const struct keytype_desc_st kind##_##keytype##_desc = \
790 { keytype_name, ossl_##keytype##_keymgmt_functions, \
791 DO_##kind(keytype) }; \
792 \
793 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
794 static OSSL_FUNC_decoder_gettable_params_fn \
795 kind##_der2##keytype##_gettable_params; \
796 static OSSL_FUNC_decoder_get_params_fn \
797 kind##_der2##keytype##_get_params; \
798 \
799 static void *kind##_der2##keytype##_newctx(void *provctx) \
800 { \
801 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
802 } \
803 static const OSSL_PARAM * \
804 kind##_der2##keytype##_gettable_params(void *provctx) \
805 { \
806 return \
807 der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
808 } \
809 static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
810 { \
811 return der2key_get_params(params, &kind##_##keytype##_desc); \
812 } \
813 static int kind##_der2##keytype##_does_selection(void *provctx, \
814 int selection) \
7c664b1f 815 { \
2c090c1d
RL		 816 return der2key_check_selection(selection, \
817 &kind##_##keytype##_desc); \
7c664b1f 818 } \
2c090c1d
RL		 819 const OSSL_DISPATCH \
820 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
ece9304c 821 { OSSL_FUNC_DECODER_NEWCTX, \
2c090c1d 822 (void (*)(void))kind##_der2##keytype##_newctx }, \
ece9304c 823 { OSSL_FUNC_DECODER_FREECTX, \
7c664b1f 824 (void (*)(void))der2key_freectx }, \
ece9304c 825 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
2c090c1d 826 (void (*)(void))kind##_der2##keytype##_gettable_params }, \
ece9304c 827 { OSSL_FUNC_DECODER_GET_PARAMS, \
2c090c1d
RL		 828 (void (*)(void))kind##_der2##keytype##_get_params }, \
829 { OSSL_FUNC_DECODER_DOES_SELECTION, \
830 (void (*)(void))kind##_der2##keytype##_does_selection }, \
ece9304c
RL		 831 { OSSL_FUNC_DECODER_DECODE, \
832 (void (*)(void))der2key_decode }, \
833 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
7c664b1f
RL		 834 (void (*)(void))der2key_export_object }, \
835 { 0, NULL } \
836 }
837
838#ifndef OPENSSL_NO_DH
2c090c1d
RL		 839MAKE_DECODER("DH", dh, dh, PKCS8);
840MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
841MAKE_DECODER("DH", dh, dh, type_specific_params);
842MAKE_DECODER("DH", dh, dh, DH);
843MAKE_DECODER("DHX", dhx, dhx, PKCS8);
844MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
845MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
846MAKE_DECODER("DHX", dhx, dhx, DHX);
7c664b1f
RL		 847#endif
848#ifndef OPENSSL_NO_DSA
2c090c1d
RL		 849MAKE_DECODER("DSA", dsa, dsa, PKCS8);
850MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
851MAKE_DECODER("DSA", dsa, dsa, type_specific);
852MAKE_DECODER("DSA", dsa, dsa, DSA);
7c664b1f
RL		 853#endif
854#ifndef OPENSSL_NO_EC
2c090c1d
RL		 855MAKE_DECODER("EC", ec, ec, PKCS8);
856MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
857MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
858MAKE_DECODER("EC", ec, ec, EC);
859MAKE_DECODER("X25519", x25519, ecx, PKCS8);
860MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
861MAKE_DECODER("X448", x448, ecx, PKCS8);
862MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
863MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
864MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
865MAKE_DECODER("ED448", ed448, ecx, PKCS8);
866MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
f2db0528
RL		 867# ifndef OPENSSL_NO_SM2
868MAKE_DECODER("SM2", sm2, ec, PKCS8);
869MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
870# endif
7c664b1f 871#endif
2c090c1d
RL		 872MAKE_DECODER("RSA", rsa, rsa, PKCS8);
873MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
874MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
875MAKE_DECODER("RSA", rsa, rsa, RSA);
876MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
877MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
A mirror of the official openssl repository