]>
Commit | Line | Data |
---|---|---|
7c664b1f | 1 | /* |
a28d06f3 | 2 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
7c664b1f RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
16 | #include <openssl/core_dispatch.h> | |
17 | #include <openssl/core_names.h> | |
14c8a3d1 | 18 | #include <openssl/core_object.h> |
7c664b1f | 19 | #include <openssl/crypto.h> |
8ae40cf5 | 20 | #include <openssl/err.h> |
7c664b1f | 21 | #include <openssl/params.h> |
8ae40cf5 RL |
22 | #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */ |
23 | #include <openssl/pkcs12.h> | |
7c664b1f | 24 | #include <openssl/x509.h> |
2741128e | 25 | #include <openssl/proverr.h> |
8ae40cf5 RL |
26 | #include "internal/cryptlib.h" /* ossl_assert() */ |
27 | #include "internal/asn1.h" | |
6963979f RL |
28 | #include "crypto/dh.h" |
29 | #include "crypto/dsa.h" | |
30 | #include "crypto/ec.h" | |
576892d7 | 31 | #include "crypto/evp.h" |
8ae40cf5 | 32 | #include "crypto/ecx.h" |
6963979f | 33 | #include "crypto/rsa.h" |
10315851 | 34 | #include "crypto/x509.h" |
7c664b1f RL |
35 | #include "prov/bio.h" |
36 | #include "prov/implementations.h" | |
8ae40cf5 | 37 | #include "endecoder_local.h" |
7c664b1f | 38 | |
6963979f | 39 | struct der2key_ctx_st; /* Forward declaration */ |
65ef000e RL |
40 | typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); |
41 | typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); | |
42 | typedef void free_key_fn(void *); | |
cf333799 | 43 | typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, |
6a2b8ff3 | 44 | struct der2key_ctx_st *); |
7c664b1f | 45 | struct keytype_desc_st { |
2c090c1d | 46 | const char *keytype_name; |
7c664b1f RL |
47 | const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ |
48 | ||
2c090c1d RL |
49 | /* The input structure name */ |
50 | const char *structure_name; | |
51 | ||
52 | /* | |
53 | * The EVP_PKEY_xxx type macro. Should be zero for type specific | |
54 | * structures, non-zero when the outermost structure is PKCS#8 or | |
55 | * SubjectPublicKeyInfo. This determines which of the function | |
56 | * pointers below will be used. | |
57 | */ | |
58 | int evp_type; | |
59 | ||
60 | /* The selection mask for OSSL_FUNC_decoder_does_selection() */ | |
61 | int selection_mask; | |
62 | ||
63 | /* For type specific decoders, we use the corresponding d2i */ | |
06f67612 RL |
64 | d2i_of_void *d2i_private_key; /* From type-specific DER */ |
65 | d2i_of_void *d2i_public_key; /* From type-specific DER */ | |
66 | d2i_of_void *d2i_key_params; /* From type-specific DER */ | |
6a2b8ff3 | 67 | d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ |
06f67612 | 68 | d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ |
6963979f | 69 | |
65ef000e RL |
70 | /* |
71 | * For any key, we may need to check that the key meets expectations. | |
72 | * This is useful when the same functions can decode several variants | |
73 | * of a key. | |
74 | */ | |
75 | check_key_fn *check_key; | |
76 | ||
6963979f RL |
77 | /* |
78 | * For any key, we may need to make provider specific adjustments, such | |
79 | * as ensure the key carries the correct library context. | |
80 | */ | |
81 | adjust_key_fn *adjust_key; | |
2c090c1d | 82 | /* {type}_free() */ |
7c664b1f RL |
83 | free_key_fn *free_key; |
84 | }; | |
85 | ||
86 | /* | |
ece9304c | 87 | * Context used for DER to key decoding. |
7c664b1f RL |
88 | */ |
89 | struct der2key_ctx_st { | |
90 | PROV_CTX *provctx; | |
91 | const struct keytype_desc_st *desc; | |
398f8fe1 RL |
92 | /* The selection that is passed to der2key_decode() */ |
93 | int selection; | |
cf333799 RL |
94 | /* Flag used to signal that a failure is fatal */ |
95 | unsigned int flag_fatal : 1; | |
7c664b1f RL |
96 | }; |
97 | ||
cf333799 RL |
98 | typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, |
99 | OSSL_LIB_CTX *libctx, const char *propq); | |
100 | static void *der2key_decode_p8(const unsigned char **input_der, | |
101 | long input_der_len, struct der2key_ctx_st *ctx, | |
cf333799 RL |
102 | key_from_pkcs8_t *key_from_pkcs8) |
103 | { | |
cf333799 RL |
104 | PKCS8_PRIV_KEY_INFO *p8inf = NULL; |
105 | const X509_ALGOR *alg = NULL; | |
106 | void *key = NULL; | |
107 | ||
6a2b8ff3 | 108 | if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL |
cf333799 RL |
109 | && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) |
110 | && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) | |
111 | key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL); | |
112 | PKCS8_PRIV_KEY_INFO_free(p8inf); | |
9cc97ddf | 113 | |
cf333799 RL |
114 | return key; |
115 | } | |
116 | ||
117 | /* ---------------------------------------------------------------------- */ | |
118 | ||
119 | static OSSL_FUNC_decoder_freectx_fn der2key_freectx; | |
120 | static OSSL_FUNC_decoder_decode_fn der2key_decode; | |
121 | static OSSL_FUNC_decoder_export_object_fn der2key_export_object; | |
122 | ||
7c664b1f RL |
123 | static struct der2key_ctx_st * |
124 | der2key_newctx(void *provctx, const struct keytype_desc_st *desc) | |
125 | { | |
126 | struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
127 | ||
128 | if (ctx != NULL) { | |
129 | ctx->provctx = provctx; | |
130 | ctx->desc = desc; | |
131 | } | |
132 | return ctx; | |
133 | } | |
134 | ||
135 | static void der2key_freectx(void *vctx) | |
136 | { | |
137 | struct der2key_ctx_st *ctx = vctx; | |
138 | ||
139 | OPENSSL_free(ctx); | |
140 | } | |
141 | ||
2c090c1d RL |
142 | static int der2key_check_selection(int selection, |
143 | const struct keytype_desc_st *desc) | |
144 | { | |
145 | /* | |
146 | * The selections are kinda sorta "levels", i.e. each selection given | |
147 | * here is assumed to include those following. | |
148 | */ | |
149 | int checks[] = { | |
150 | OSSL_KEYMGMT_SELECT_PRIVATE_KEY, | |
151 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY, | |
152 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS | |
153 | }; | |
154 | size_t i; | |
155 | ||
156 | /* The decoder implementations made here support guessing */ | |
157 | if (selection == 0) | |
158 | return 1; | |
159 | ||
160 | for (i = 0; i < OSSL_NELEM(checks); i++) { | |
161 | int check1 = (selection & checks[i]) != 0; | |
162 | int check2 = (desc->selection_mask & checks[i]) != 0; | |
163 | ||
164 | /* | |
165 | * If the caller asked for the currently checked bit(s), return | |
166 | * whether the decoder description says it's supported. | |
167 | */ | |
168 | if (check1) | |
169 | return check2; | |
170 | } | |
171 | ||
172 | /* This should be dead code, but just to be safe... */ | |
173 | return 0; | |
174 | } | |
175 | ||
176 | static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, | |
ece9304c RL |
177 | OSSL_CALLBACK *data_cb, void *data_cbarg, |
178 | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) | |
7c664b1f RL |
179 | { |
180 | struct der2key_ctx_st *ctx = vctx; | |
7c664b1f RL |
181 | unsigned char *der = NULL; |
182 | const unsigned char *derp; | |
183 | long der_len = 0; | |
7c664b1f | 184 | void *key = NULL; |
66066e1b | 185 | int ok = 0; |
7c664b1f | 186 | |
398f8fe1 | 187 | ctx->selection = selection; |
7c664b1f | 188 | /* |
2c090c1d RL |
189 | * The caller is allowed to specify 0 as a selection mark, to have the |
190 | * structure and key type guessed. For type-specific structures, this | |
191 | * is not recommended, as some structures are very similar. | |
192 | * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter | |
193 | * signifies a private key structure, where everything else is assumed | |
194 | * to be present as well. | |
7c664b1f | 195 | */ |
2c090c1d RL |
196 | if (selection == 0) |
197 | selection = ctx->desc->selection_mask; | |
198 | if ((selection & ctx->desc->selection_mask) == 0) { | |
199 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
200 | return 0; | |
7c664b1f RL |
201 | } |
202 | ||
8c7c1c84 | 203 | ok = ossl_read_der(ctx->provctx, cin, &der, &der_len); |
9cc97ddf | 204 | if (!ok) |
65ef000e | 205 | goto next; |
7c664b1f | 206 | |
da198adb | 207 | ok = 0; /* Assume that we fail */ |
9cc97ddf | 208 | |
da198adb | 209 | ERR_set_mark(); |
cf333799 | 210 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
b5b6669f | 211 | derp = der; |
cf333799 | 212 | if (ctx->desc->d2i_PKCS8 != NULL) { |
6a2b8ff3 | 213 | key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); |
da198adb DDO |
214 | if (ctx->flag_fatal) { |
215 | ERR_clear_last_mark(); | |
cf333799 | 216 | goto end; |
da198adb | 217 | } |
cf333799 RL |
218 | } else if (ctx->desc->d2i_private_key != NULL) { |
219 | key = ctx->desc->d2i_private_key(NULL, &derp, der_len); | |
220 | } | |
da198adb DDO |
221 | if (key == NULL && ctx->selection != 0) { |
222 | ERR_clear_last_mark(); | |
65ef000e | 223 | goto next; |
da198adb | 224 | } |
65ef000e | 225 | } |
cf333799 | 226 | if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { |
65ef000e | 227 | derp = der; |
06f67612 RL |
228 | if (ctx->desc->d2i_PUBKEY != NULL) |
229 | key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); | |
230 | else | |
231 | key = ctx->desc->d2i_public_key(NULL, &derp, der_len); | |
da198adb DDO |
232 | if (key == NULL && ctx->selection != 0) { |
233 | ERR_clear_last_mark(); | |
65ef000e | 234 | goto next; |
da198adb | 235 | } |
65ef000e | 236 | } |
cf333799 | 237 | if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { |
65ef000e | 238 | derp = der; |
cf333799 RL |
239 | if (ctx->desc->d2i_key_params != NULL) |
240 | key = ctx->desc->d2i_key_params(NULL, &derp, der_len); | |
da198adb DDO |
241 | if (key == NULL && ctx->selection != 0) { |
242 | ERR_clear_last_mark(); | |
cf333799 | 243 | goto next; |
da198adb | 244 | } |
7c664b1f | 245 | } |
da198adb DDO |
246 | if (key == NULL) |
247 | ERR_clear_last_mark(); | |
248 | else | |
249 | ERR_pop_to_mark(); | |
9cc97ddf RL |
250 | |
251 | /* | |
252 | * Last minute check to see if this was the correct type of key. This | |
253 | * should never lead to a fatal error, i.e. the decoding itself was | |
254 | * correct, it was just an unexpected key type. This is generally for | |
255 | * classes of key types that have subtle variants, like RSA-PSS keys as | |
256 | * opposed to plain RSA keys. | |
257 | */ | |
65ef000e RL |
258 | if (key != NULL |
259 | && ctx->desc->check_key != NULL | |
260 | && !ctx->desc->check_key(key, ctx)) { | |
9cc97ddf RL |
261 | ctx->desc->free_key(key); |
262 | key = NULL; | |
65ef000e RL |
263 | } |
264 | ||
6963979f RL |
265 | if (key != NULL && ctx->desc->adjust_key != NULL) |
266 | ctx->desc->adjust_key(key, ctx); | |
267 | ||
65ef000e | 268 | next: |
2c090c1d | 269 | /* |
9cc97ddf RL |
270 | * Indicated that we successfully decoded something, or not at all. |
271 | * Ending up "empty handed" is not an error. | |
2c090c1d | 272 | */ |
9cc97ddf | 273 | ok = 1; |
2c090c1d | 274 | |
65ef000e RL |
275 | /* |
276 | * We free memory here so it's not held up during the callback, because | |
277 | * we know the process is recursive and the allocated chunks of memory | |
278 | * add up. | |
279 | */ | |
7c664b1f | 280 | OPENSSL_free(der); |
65ef000e | 281 | der = NULL; |
7c664b1f RL |
282 | |
283 | if (key != NULL) { | |
14c8a3d1 RL |
284 | OSSL_PARAM params[4]; |
285 | int object_type = OSSL_OBJECT_PKEY; | |
7c664b1f RL |
286 | |
287 | params[0] = | |
14c8a3d1 RL |
288 | OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); |
289 | params[1] = | |
290 | OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, | |
2c090c1d RL |
291 | (char *)ctx->desc->keytype_name, |
292 | 0); | |
7c664b1f | 293 | /* The address of the key becomes the octet string */ |
14c8a3d1 RL |
294 | params[2] = |
295 | OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, | |
7c664b1f | 296 | &key, sizeof(key)); |
14c8a3d1 | 297 | params[3] = OSSL_PARAM_construct_end(); |
7c664b1f RL |
298 | |
299 | ok = data_cb(params, data_cbarg); | |
300 | } | |
65ef000e RL |
301 | |
302 | end: | |
7c664b1f | 303 | ctx->desc->free_key(key); |
65ef000e | 304 | OPENSSL_free(der); |
7c664b1f RL |
305 | |
306 | return ok; | |
307 | } | |
308 | ||
309 | static int der2key_export_object(void *vctx, | |
310 | const void *reference, size_t reference_sz, | |
311 | OSSL_CALLBACK *export_cb, void *export_cbarg) | |
312 | { | |
313 | struct der2key_ctx_st *ctx = vctx; | |
314 | OSSL_FUNC_keymgmt_export_fn *export = | |
315 | ossl_prov_get_keymgmt_export(ctx->desc->fns); | |
316 | void *keydata; | |
317 | ||
318 | if (reference_sz == sizeof(keydata) && export != NULL) { | |
319 | /* The contents of the reference is the address to our object */ | |
320 | keydata = *(void **)reference; | |
321 | ||
398f8fe1 | 322 | return export(keydata, ctx->selection, export_cb, export_cbarg); |
7c664b1f RL |
323 | } |
324 | return 0; | |
325 | } | |
326 | ||
2c090c1d RL |
327 | /* ---------------------------------------------------------------------- */ |
328 | ||
329 | #ifndef OPENSSL_NO_DH | |
330 | # define dh_evp_type EVP_PKEY_DH | |
2c090c1d RL |
331 | # define dh_d2i_private_key NULL |
332 | # define dh_d2i_public_key NULL | |
333 | # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams | |
cf333799 RL |
334 | |
335 | static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len, | |
6a2b8ff3 | 336 | struct der2key_ctx_st *ctx) |
cf333799 | 337 | { |
6a2b8ff3 | 338 | return der2key_decode_p8(der, der_len, ctx, |
cf333799 RL |
339 | (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8); |
340 | } | |
341 | ||
06f67612 | 342 | # define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY |
2c090c1d | 343 | # define dh_free (free_key_fn *)DH_free |
65ef000e | 344 | # define dh_check NULL |
2c090c1d | 345 | |
6963979f RL |
346 | static void dh_adjust(void *key, struct der2key_ctx_st *ctx) |
347 | { | |
348 | ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
349 | } | |
350 | ||
2c090c1d | 351 | # define dhx_evp_type EVP_PKEY_DHX |
2c090c1d RL |
352 | # define dhx_d2i_private_key NULL |
353 | # define dhx_d2i_public_key NULL | |
354 | # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams | |
cf333799 | 355 | # define dhx_d2i_PKCS8 dh_d2i_PKCS8 |
06f67612 | 356 | # define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY |
2c090c1d | 357 | # define dhx_free (free_key_fn *)DH_free |
65ef000e | 358 | # define dhx_check NULL |
6963979f | 359 | # define dhx_adjust dh_adjust |
2c090c1d RL |
360 | #endif |
361 | ||
362 | /* ---------------------------------------------------------------------- */ | |
363 | ||
364 | #ifndef OPENSSL_NO_DSA | |
365 | # define dsa_evp_type EVP_PKEY_DSA | |
2c090c1d RL |
366 | # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey |
367 | # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey | |
368 | # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams | |
cf333799 RL |
369 | |
370 | static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, | |
6a2b8ff3 | 371 | struct der2key_ctx_st *ctx) |
cf333799 | 372 | { |
6a2b8ff3 | 373 | return der2key_decode_p8(der, der_len, ctx, |
cf333799 RL |
374 | (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); |
375 | } | |
376 | ||
06f67612 | 377 | # define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY |
2c090c1d | 378 | # define dsa_free (free_key_fn *)DSA_free |
65ef000e | 379 | # define dsa_check NULL |
6963979f RL |
380 | |
381 | static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) | |
382 | { | |
383 | ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
384 | } | |
2c090c1d RL |
385 | #endif |
386 | ||
387 | /* ---------------------------------------------------------------------- */ | |
388 | ||
389 | #ifndef OPENSSL_NO_EC | |
390 | # define ec_evp_type EVP_PKEY_EC | |
2c090c1d RL |
391 | # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey |
392 | # define ec_d2i_public_key NULL | |
393 | # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters | |
cf333799 RL |
394 | |
395 | static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len, | |
6a2b8ff3 | 396 | struct der2key_ctx_st *ctx) |
cf333799 | 397 | { |
6a2b8ff3 | 398 | return der2key_decode_p8(der, der_len, ctx, |
cf333799 RL |
399 | (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); |
400 | } | |
401 | ||
06f67612 | 402 | # define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY |
2c090c1d RL |
403 | # define ec_free (free_key_fn *)EC_KEY_free |
404 | ||
65ef000e RL |
405 | static int ec_check(void *key, struct der2key_ctx_st *ctx) |
406 | { | |
407 | /* We're trying to be clever by comparing two truths */ | |
408 | ||
409 | int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0; | |
410 | ||
411 | return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2); | |
412 | } | |
413 | ||
6963979f RL |
414 | static void ec_adjust(void *key, struct der2key_ctx_st *ctx) |
415 | { | |
32ab57cb | 416 | ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); |
6963979f RL |
417 | } |
418 | ||
2c090c1d RL |
419 | /* |
420 | * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo, | |
421 | * so no d2i functions to be had. | |
422 | */ | |
6963979f | 423 | |
cf333799 | 424 | static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, |
6a2b8ff3 | 425 | struct der2key_ctx_st *ctx) |
cf333799 | 426 | { |
6a2b8ff3 | 427 | return der2key_decode_p8(der, der_len, ctx, |
cf333799 RL |
428 | (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8); |
429 | } | |
430 | ||
6963979f RL |
431 | static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) |
432 | { | |
32ab57cb | 433 | ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); |
6963979f RL |
434 | } |
435 | ||
2c090c1d | 436 | # define ed25519_evp_type EVP_PKEY_ED25519 |
2c090c1d RL |
437 | # define ed25519_d2i_private_key NULL |
438 | # define ed25519_d2i_public_key NULL | |
439 | # define ed25519_d2i_key_params NULL | |
cf333799 | 440 | # define ed25519_d2i_PKCS8 ecx_d2i_PKCS8 |
06f67612 | 441 | # define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY |
32ab57cb | 442 | # define ed25519_free (free_key_fn *)ossl_ecx_key_free |
65ef000e | 443 | # define ed25519_check NULL |
6963979f | 444 | # define ed25519_adjust ecx_key_adjust |
2c090c1d RL |
445 | |
446 | # define ed448_evp_type EVP_PKEY_ED448 | |
2c090c1d RL |
447 | # define ed448_d2i_private_key NULL |
448 | # define ed448_d2i_public_key NULL | |
449 | # define ed448_d2i_key_params NULL | |
cf333799 | 450 | # define ed448_d2i_PKCS8 ecx_d2i_PKCS8 |
06f67612 | 451 | # define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY |
32ab57cb | 452 | # define ed448_free (free_key_fn *)ossl_ecx_key_free |
65ef000e | 453 | # define ed448_check NULL |
6963979f | 454 | # define ed448_adjust ecx_key_adjust |
2c090c1d RL |
455 | |
456 | # define x25519_evp_type EVP_PKEY_X25519 | |
2c090c1d RL |
457 | # define x25519_d2i_private_key NULL |
458 | # define x25519_d2i_public_key NULL | |
459 | # define x25519_d2i_key_params NULL | |
cf333799 | 460 | # define x25519_d2i_PKCS8 ecx_d2i_PKCS8 |
06f67612 | 461 | # define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY |
32ab57cb | 462 | # define x25519_free (free_key_fn *)ossl_ecx_key_free |
65ef000e | 463 | # define x25519_check NULL |
6963979f | 464 | # define x25519_adjust ecx_key_adjust |
2c090c1d RL |
465 | |
466 | # define x448_evp_type EVP_PKEY_X448 | |
2c090c1d RL |
467 | # define x448_d2i_private_key NULL |
468 | # define x448_d2i_public_key NULL | |
469 | # define x448_d2i_key_params NULL | |
cf333799 | 470 | # define x448_d2i_PKCS8 ecx_d2i_PKCS8 |
06f67612 | 471 | # define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY |
32ab57cb | 472 | # define x448_free (free_key_fn *)ossl_ecx_key_free |
65ef000e | 473 | # define x448_check NULL |
6963979f | 474 | # define x448_adjust ecx_key_adjust |
f2db0528 RL |
475 | |
476 | # ifndef OPENSSL_NO_SM2 | |
477 | # define sm2_evp_type EVP_PKEY_SM2 | |
f2db0528 RL |
478 | # define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey |
479 | # define sm2_d2i_public_key NULL | |
480 | # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters | |
cf333799 RL |
481 | |
482 | static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len, | |
6a2b8ff3 | 483 | struct der2key_ctx_st *ctx) |
cf333799 | 484 | { |
6a2b8ff3 | 485 | return der2key_decode_p8(der, der_len, ctx, |
cf333799 RL |
486 | (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); |
487 | } | |
488 | ||
06f67612 | 489 | # define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY |
f2db0528 | 490 | # define sm2_free (free_key_fn *)EC_KEY_free |
65ef000e | 491 | # define sm2_check ec_check |
f2db0528 RL |
492 | # define sm2_adjust ec_adjust |
493 | # endif | |
2c090c1d RL |
494 | #endif |
495 | ||
496 | /* ---------------------------------------------------------------------- */ | |
497 | ||
498 | #define rsa_evp_type EVP_PKEY_RSA | |
2c090c1d RL |
499 | #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey |
500 | #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey | |
501 | #define rsa_d2i_key_params NULL | |
cf333799 RL |
502 | |
503 | static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, | |
6a2b8ff3 | 504 | struct der2key_ctx_st *ctx) |
cf333799 | 505 | { |
6a2b8ff3 | 506 | return der2key_decode_p8(der, der_len, ctx, |
cf333799 RL |
507 | (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8); |
508 | } | |
509 | ||
06f67612 | 510 | #define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY |
2c090c1d RL |
511 | #define rsa_free (free_key_fn *)RSA_free |
512 | ||
65ef000e RL |
513 | static int rsa_check(void *key, struct der2key_ctx_st *ctx) |
514 | { | |
515 | switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) { | |
516 | case RSA_FLAG_TYPE_RSA: | |
517 | return ctx->desc->evp_type == EVP_PKEY_RSA; | |
518 | case RSA_FLAG_TYPE_RSASSAPSS: | |
519 | return ctx->desc->evp_type == EVP_PKEY_RSA_PSS; | |
520 | } | |
521 | ||
522 | /* Currently unsupported RSA key type */ | |
523 | return 0; | |
524 | } | |
525 | ||
6963979f RL |
526 | static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) |
527 | { | |
528 | ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
529 | } | |
530 | ||
2c090c1d | 531 | #define rsapss_evp_type EVP_PKEY_RSA_PSS |
2c090c1d RL |
532 | #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey |
533 | #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey | |
534 | #define rsapss_d2i_key_params NULL | |
cf333799 | 535 | #define rsapss_d2i_PKCS8 rsa_d2i_PKCS8 |
06f67612 | 536 | #define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY |
2c090c1d | 537 | #define rsapss_free (free_key_fn *)RSA_free |
65ef000e | 538 | #define rsapss_check rsa_check |
6963979f | 539 | #define rsapss_adjust rsa_adjust |
2c090c1d RL |
540 | |
541 | /* ---------------------------------------------------------------------- */ | |
542 | ||
543 | /* | |
544 | * The DO_ macros help define the selection mask and the method functions | |
545 | * for each kind of object we want to decode. | |
546 | */ | |
547 | #define DO_type_specific_keypair(keytype) \ | |
65ef000e | 548 | "type-specific", keytype##_evp_type, \ |
2c090c1d RL |
549 | ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ |
550 | keytype##_d2i_private_key, \ | |
551 | keytype##_d2i_public_key, \ | |
552 | NULL, \ | |
553 | NULL, \ | |
06f67612 | 554 | NULL, \ |
65ef000e | 555 | keytype##_check, \ |
6963979f | 556 | keytype##_adjust, \ |
2c090c1d RL |
557 | keytype##_free |
558 | ||
559 | #define DO_type_specific_pub(keytype) \ | |
65ef000e | 560 | "type-specific", keytype##_evp_type, \ |
2c090c1d RL |
561 | ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ |
562 | NULL, \ | |
563 | keytype##_d2i_public_key, \ | |
564 | NULL, \ | |
565 | NULL, \ | |
06f67612 | 566 | NULL, \ |
65ef000e | 567 | keytype##_check, \ |
6963979f | 568 | keytype##_adjust, \ |
2c090c1d RL |
569 | keytype##_free |
570 | ||
571 | #define DO_type_specific_priv(keytype) \ | |
65ef000e | 572 | "type-specific", keytype##_evp_type, \ |
2c090c1d RL |
573 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ |
574 | keytype##_d2i_private_key, \ | |
575 | NULL, \ | |
576 | NULL, \ | |
577 | NULL, \ | |
06f67612 | 578 | NULL, \ |
65ef000e | 579 | keytype##_check, \ |
6963979f | 580 | keytype##_adjust, \ |
2c090c1d RL |
581 | keytype##_free |
582 | ||
583 | #define DO_type_specific_params(keytype) \ | |
65ef000e | 584 | "type-specific", keytype##_evp_type, \ |
2c090c1d RL |
585 | ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ |
586 | NULL, \ | |
587 | NULL, \ | |
588 | keytype##_d2i_key_params, \ | |
589 | NULL, \ | |
06f67612 | 590 | NULL, \ |
65ef000e | 591 | keytype##_check, \ |
6963979f | 592 | keytype##_adjust, \ |
2c090c1d RL |
593 | keytype##_free |
594 | ||
595 | #define DO_type_specific(keytype) \ | |
65ef000e | 596 | "type-specific", keytype##_evp_type, \ |
2c090c1d RL |
597 | ( OSSL_KEYMGMT_SELECT_ALL ), \ |
598 | keytype##_d2i_private_key, \ | |
599 | keytype##_d2i_public_key, \ | |
600 | keytype##_d2i_key_params, \ | |
601 | NULL, \ | |
06f67612 | 602 | NULL, \ |
65ef000e | 603 | keytype##_check, \ |
6963979f | 604 | keytype##_adjust, \ |
2c090c1d RL |
605 | keytype##_free |
606 | ||
607 | #define DO_type_specific_no_pub(keytype) \ | |
65ef000e | 608 | "type-specific", keytype##_evp_type, \ |
2c090c1d RL |
609 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ |
610 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
611 | keytype##_d2i_private_key, \ | |
612 | NULL, \ | |
613 | keytype##_d2i_key_params, \ | |
614 | NULL, \ | |
06f67612 | 615 | NULL, \ |
65ef000e | 616 | keytype##_check, \ |
6963979f | 617 | keytype##_adjust, \ |
2c090c1d RL |
618 | keytype##_free |
619 | ||
6a2b8ff3 RL |
620 | #define DO_PrivateKeyInfo(keytype) \ |
621 | "PrivateKeyInfo", keytype##_evp_type, \ | |
2c090c1d RL |
622 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ |
623 | NULL, \ | |
624 | NULL, \ | |
625 | NULL, \ | |
cf333799 | 626 | keytype##_d2i_PKCS8, \ |
06f67612 | 627 | NULL, \ |
65ef000e | 628 | keytype##_check, \ |
6963979f | 629 | keytype##_adjust, \ |
2c090c1d RL |
630 | keytype##_free |
631 | ||
632 | #define DO_SubjectPublicKeyInfo(keytype) \ | |
633 | "SubjectPublicKeyInfo", keytype##_evp_type, \ | |
634 | ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ | |
635 | NULL, \ | |
636 | NULL, \ | |
637 | NULL, \ | |
cf333799 | 638 | NULL, \ |
06f67612 | 639 | keytype##_d2i_PUBKEY, \ |
65ef000e | 640 | keytype##_check, \ |
6963979f | 641 | keytype##_adjust, \ |
2c090c1d RL |
642 | keytype##_free |
643 | ||
644 | #define DO_DH(keytype) \ | |
65ef000e | 645 | "DH", keytype##_evp_type, \ |
2c090c1d RL |
646 | ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ |
647 | NULL, \ | |
648 | NULL, \ | |
649 | keytype##_d2i_key_params, \ | |
650 | NULL, \ | |
06f67612 | 651 | NULL, \ |
65ef000e | 652 | keytype##_check, \ |
6963979f | 653 | keytype##_adjust, \ |
2c090c1d RL |
654 | keytype##_free |
655 | ||
656 | #define DO_DHX(keytype) \ | |
65ef000e | 657 | "DHX", keytype##_evp_type, \ |
2c090c1d RL |
658 | ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ |
659 | NULL, \ | |
660 | NULL, \ | |
661 | keytype##_d2i_key_params, \ | |
662 | NULL, \ | |
06f67612 | 663 | NULL, \ |
65ef000e | 664 | keytype##_check, \ |
6963979f | 665 | keytype##_adjust, \ |
2c090c1d RL |
666 | keytype##_free |
667 | ||
668 | #define DO_DSA(keytype) \ | |
65ef000e | 669 | "DSA", keytype##_evp_type, \ |
2c090c1d RL |
670 | ( OSSL_KEYMGMT_SELECT_ALL ), \ |
671 | keytype##_d2i_private_key, \ | |
672 | keytype##_d2i_public_key, \ | |
673 | keytype##_d2i_key_params, \ | |
674 | NULL, \ | |
06f67612 | 675 | NULL, \ |
65ef000e | 676 | keytype##_check, \ |
6963979f | 677 | keytype##_adjust, \ |
2c090c1d RL |
678 | keytype##_free |
679 | ||
680 | #define DO_EC(keytype) \ | |
65ef000e | 681 | "EC", keytype##_evp_type, \ |
2c090c1d RL |
682 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ |
683 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
684 | keytype##_d2i_private_key, \ | |
685 | NULL, \ | |
686 | keytype##_d2i_key_params, \ | |
687 | NULL, \ | |
06f67612 | 688 | NULL, \ |
65ef000e | 689 | keytype##_check, \ |
6963979f | 690 | keytype##_adjust, \ |
2c090c1d RL |
691 | keytype##_free |
692 | ||
693 | #define DO_RSA(keytype) \ | |
65ef000e | 694 | "RSA", keytype##_evp_type, \ |
2c090c1d RL |
695 | ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ |
696 | keytype##_d2i_private_key, \ | |
697 | keytype##_d2i_public_key, \ | |
698 | NULL, \ | |
699 | NULL, \ | |
06f67612 | 700 | NULL, \ |
65ef000e | 701 | keytype##_check, \ |
6963979f | 702 | keytype##_adjust, \ |
2c090c1d RL |
703 | keytype##_free |
704 | ||
705 | /* | |
706 | * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. | |
707 | * It takes the following arguments: | |
708 | * | |
709 | * keytype_name The implementation key type as a string. | |
710 | * keytype The implementation key type. This must correspond exactly | |
711 | * to our existing keymgmt keytype names... in other words, | |
712 | * there must exist an ossl_##keytype##_keymgmt_functions. | |
713 | * type The type name for the set of functions that implement the | |
714 | * decoder for the key type. This isn't necessarily the same | |
715 | * as keytype. For example, the key types ed25519, ed448, | |
716 | * x25519 and x448 are all handled by the same functions with | |
717 | * the common type name ecx. | |
718 | * kind The kind of support to implement. This translates into | |
719 | * the DO_##kind macros above, to populate the keytype_desc_st | |
720 | * structure. | |
721 | */ | |
722 | #define MAKE_DECODER(keytype_name, keytype, type, kind) \ | |
723 | static const struct keytype_desc_st kind##_##keytype##_desc = \ | |
724 | { keytype_name, ossl_##keytype##_keymgmt_functions, \ | |
725 | DO_##kind(keytype) }; \ | |
726 | \ | |
727 | static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ | |
2c090c1d RL |
728 | \ |
729 | static void *kind##_der2##keytype##_newctx(void *provctx) \ | |
730 | { \ | |
731 | return der2key_newctx(provctx, &kind##_##keytype##_desc); \ | |
732 | } \ | |
2c090c1d RL |
733 | static int kind##_der2##keytype##_does_selection(void *provctx, \ |
734 | int selection) \ | |
7c664b1f | 735 | { \ |
2c090c1d RL |
736 | return der2key_check_selection(selection, \ |
737 | &kind##_##keytype##_desc); \ | |
7c664b1f | 738 | } \ |
2c090c1d RL |
739 | const OSSL_DISPATCH \ |
740 | ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \ | |
ece9304c | 741 | { OSSL_FUNC_DECODER_NEWCTX, \ |
2c090c1d | 742 | (void (*)(void))kind##_der2##keytype##_newctx }, \ |
ece9304c | 743 | { OSSL_FUNC_DECODER_FREECTX, \ |
7c664b1f | 744 | (void (*)(void))der2key_freectx }, \ |
2c090c1d RL |
745 | { OSSL_FUNC_DECODER_DOES_SELECTION, \ |
746 | (void (*)(void))kind##_der2##keytype##_does_selection }, \ | |
ece9304c RL |
747 | { OSSL_FUNC_DECODER_DECODE, \ |
748 | (void (*)(void))der2key_decode }, \ | |
749 | { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ | |
7c664b1f RL |
750 | (void (*)(void))der2key_export_object }, \ |
751 | { 0, NULL } \ | |
752 | } | |
753 | ||
754 | #ifndef OPENSSL_NO_DH | |
6a2b8ff3 | 755 | MAKE_DECODER("DH", dh, dh, PrivateKeyInfo); |
2c090c1d RL |
756 | MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo); |
757 | MAKE_DECODER("DH", dh, dh, type_specific_params); | |
758 | MAKE_DECODER("DH", dh, dh, DH); | |
6a2b8ff3 | 759 | MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo); |
2c090c1d RL |
760 | MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo); |
761 | MAKE_DECODER("DHX", dhx, dhx, type_specific_params); | |
762 | MAKE_DECODER("DHX", dhx, dhx, DHX); | |
7c664b1f RL |
763 | #endif |
764 | #ifndef OPENSSL_NO_DSA | |
6a2b8ff3 | 765 | MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo); |
2c090c1d RL |
766 | MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo); |
767 | MAKE_DECODER("DSA", dsa, dsa, type_specific); | |
768 | MAKE_DECODER("DSA", dsa, dsa, DSA); | |
7c664b1f RL |
769 | #endif |
770 | #ifndef OPENSSL_NO_EC | |
6a2b8ff3 | 771 | MAKE_DECODER("EC", ec, ec, PrivateKeyInfo); |
2c090c1d RL |
772 | MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo); |
773 | MAKE_DECODER("EC", ec, ec, type_specific_no_pub); | |
774 | MAKE_DECODER("EC", ec, ec, EC); | |
6a2b8ff3 | 775 | MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo); |
2c090c1d | 776 | MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo); |
6a2b8ff3 | 777 | MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo); |
2c090c1d | 778 | MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo); |
6a2b8ff3 | 779 | MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo); |
2c090c1d | 780 | MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo); |
6a2b8ff3 | 781 | MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo); |
2c090c1d | 782 | MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo); |
f2db0528 | 783 | # ifndef OPENSSL_NO_SM2 |
6a2b8ff3 | 784 | MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo); |
f2db0528 RL |
785 | MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); |
786 | # endif | |
7c664b1f | 787 | #endif |
6a2b8ff3 | 788 | MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); |
2c090c1d RL |
789 | MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); |
790 | MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair); | |
791 | MAKE_DECODER("RSA", rsa, rsa, RSA); | |
6a2b8ff3 | 792 | MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo); |
2c090c1d | 793 | MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo); |