]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/implementations/encode_decode/decode_der2key.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
PROV: Add RSA-PSS specific OSSL_FUNC_KEYMGMT_LOAD function
[thirdparty/openssl.git] / providers / implementations / encode_decode / decode_der2key.c
CommitLineData
7c664b1f 1/*
a28d06f3 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
7c664b1f
RL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
16#include <openssl/core_dispatch.h>
17#include <openssl/core_names.h>
14c8a3d1 18#include <openssl/core_object.h>
7c664b1f 19#include <openssl/crypto.h>
8ae40cf5 20#include <openssl/err.h>
7c664b1f 21#include <openssl/params.h>
8ae40cf5
RL		 22#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23#include <openssl/pkcs12.h>
7c664b1f 24#include <openssl/x509.h>
2741128e 25#include <openssl/proverr.h>
8ae40cf5
RL		 26#include "internal/cryptlib.h" /* ossl_assert() */
27#include "internal/asn1.h"
6963979f
RL		 28#include "crypto/dh.h"
29#include "crypto/dsa.h"
30#include "crypto/ec.h"
576892d7 31#include "crypto/evp.h"
8ae40cf5 32#include "crypto/ecx.h"
6963979f 33#include "crypto/rsa.h"
10315851 34#include "crypto/x509.h"
7c664b1f
RL		 35#include "prov/bio.h"
36#include "prov/implementations.h"
8ae40cf5 37#include "endecoder_local.h"
7c664b1f 38
66066e1b
DDO		 39#define SET_ERR_MARK() ERR_set_mark()
40#define CLEAR_ERR_MARK() \
41 do { \
42 int err = ERR_peek_last_error(); \
43 \
44 if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
45 && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \
46 || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \
65ef000e
RL		 47 || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR \
48 || ERR_GET_REASON(err) == ASN1_R_NOT_ENOUGH_DATA)) \
66066e1b
DDO		 49 ERR_pop_to_mark(); \
50 else \
51 ERR_clear_last_mark(); \
52 } while(0)
53#define RESET_ERR_MARK() \
54 do { \
55 CLEAR_ERR_MARK(); \
56 SET_ERR_MARK(); \
57 } while(0)
58
8ae40cf5
RL		 59static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
60 unsigned char **data, long *len)
61{
62 BUF_MEM *mem = NULL;
9500c823 63 BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
8ae40cf5
RL		 64 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
65
66 if (ok) {
67 *data = (unsigned char *)mem->data;
68 *len = (long)mem->length;
69 OPENSSL_free(mem);
70 }
71 BIO_free(in);
72 return ok;
73}
74
75static int der_from_p8(unsigned char **new_der, long *new_der_len,
76 unsigned char *input_der, long input_der_len,
77 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
78{
79 const unsigned char *derp;
80 X509_SIG *p8 = NULL;
81 int ok = 0;
82
83 if (!ossl_assert(new_der != NULL && *new_der == NULL)
84 || !ossl_assert(new_der_len != NULL))
85 return 0;
86
87 derp = input_der;
88 if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) {
89 char pbuf[PEM_BUFSIZE];
90 size_t plen = 0;
91
92 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
f5f29796 93 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
8ae40cf5
RL		 94 } else {
95 const X509_ALGOR *alg = NULL;
96 const ASN1_OCTET_STRING *oct = NULL;
97 int len = 0;
98
99 X509_SIG_get0(p8, &alg, &oct);
100 if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length,
101 new_der, &len, 0) != NULL)
102 ok = 1;
103 *new_der_len = len;
104 }
105 }
106 X509_SIG_free(p8);
107 return ok;
108}
109
110/* ---------------------------------------------------------------------- */
7c664b1f 111
ece9304c 112static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
ece9304c
RL		 113static OSSL_FUNC_decoder_decode_fn der2key_decode;
114static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
7c664b1f 115
6963979f 116struct der2key_ctx_st; /* Forward declaration */
65ef000e
RL		 117typedef void *extract_key_fn(EVP_PKEY *);
118typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
119typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
120typedef void free_key_fn(void *);
7c664b1f 121struct keytype_desc_st {
2c090c1d 122 const char *keytype_name;
7c664b1f
RL		 123 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
124
2c090c1d
RL		 125 /* The input structure name */
126 const char *structure_name;
127
128 /*
129 * The EVP_PKEY_xxx type macro. Should be zero for type specific
130 * structures, non-zero when the outermost structure is PKCS#8 or
131 * SubjectPublicKeyInfo. This determines which of the function
132 * pointers below will be used.
133 */
134 int evp_type;
135
136 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
137 int selection_mask;
138
139 /* For type specific decoders, we use the corresponding d2i */
06f67612
RL		 140 d2i_of_void *d2i_private_key; /* From type-specific DER */
141 d2i_of_void *d2i_public_key; /* From type-specific DER */
142 d2i_of_void *d2i_key_params; /* From type-specific DER */
143 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
6963979f 144
7c664b1f 145 /*
2c090c1d 146 * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}()
7c664b1f
RL		 147 */
148 extract_key_fn *extract_key;
65ef000e
RL		 149
150 /*
151 * For any key, we may need to check that the key meets expectations.
152 * This is useful when the same functions can decode several variants
153 * of a key.
154 */
155 check_key_fn *check_key;
156
6963979f
RL		 157 /*
158 * For any key, we may need to make provider specific adjustments, such
159 * as ensure the key carries the correct library context.
160 */
161 adjust_key_fn *adjust_key;
2c090c1d 162 /* {type}_free() */
7c664b1f
RL		 163 free_key_fn *free_key;
164};
165
166/*
ece9304c 167 * Context used for DER to key decoding.
7c664b1f
RL		 168 */
169struct der2key_ctx_st {
170 PROV_CTX *provctx;
171 const struct keytype_desc_st *desc;
172};
173
174static struct der2key_ctx_st *
175der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
176{
177 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
178
179 if (ctx != NULL) {
180 ctx->provctx = provctx;
181 ctx->desc = desc;
182 }
183 return ctx;
184}
185
186static void der2key_freectx(void *vctx)
187{
188 struct der2key_ctx_st *ctx = vctx;
189
190 OPENSSL_free(ctx);
191}
192
2c090c1d
RL		 193static const OSSL_PARAM *
194der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
7c664b1f
RL		 195{
196 static const OSSL_PARAM gettables[] = {
ece9304c 197 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
7c664b1f
RL		 198 OSSL_PARAM_END,
199 };
2c090c1d
RL		 200 static const OSSL_PARAM gettables_w_structure[] = {
201 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
202 { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
203 OSSL_PARAM_END,
204 };
7c664b1f 205
2c090c1d 206 return desc->structure_name != NULL ? gettables_w_structure : gettables;
7c664b1f
RL		 207}
208
2c090c1d
RL		 209static int der2key_get_params(OSSL_PARAM params[],
210 const struct keytype_desc_st *desc)
7c664b1f
RL		 211{
212 OSSL_PARAM *p;
213
ece9304c 214 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
7c664b1f
RL		 215 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
216 return 0;
2c090c1d
RL		 217 if (desc->structure_name != NULL) {
218 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
219 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
220 return 0;
221 }
7c664b1f
RL		 222
223 return 1;
224}
225
2c090c1d
RL		 226static int der2key_check_selection(int selection,
227 const struct keytype_desc_st *desc)
228{
229 /*
230 * The selections are kinda sorta "levels", i.e. each selection given
231 * here is assumed to include those following.
232 */
233 int checks[] = {
234 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
235 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
236 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
237 };
238 size_t i;
239
240 /* The decoder implementations made here support guessing */
241 if (selection == 0)
242 return 1;
243
244 for (i = 0; i < OSSL_NELEM(checks); i++) {
245 int check1 = (selection & checks[i]) != 0;
246 int check2 = (desc->selection_mask & checks[i]) != 0;
247
248 /*
249 * If the caller asked for the currently checked bit(s), return
250 * whether the decoder description says it's supported.
251 */
252 if (check1)
253 return check2;
254 }
255
256 /* This should be dead code, but just to be safe... */
257 return 0;
258}
259
260static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
ece9304c
RL		 261 OSSL_CALLBACK *data_cb, void *data_cbarg,
262 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
7c664b1f
RL		 263{
264 struct der2key_ctx_st *ctx = vctx;
a829b735 265 void *libctx = PROV_LIBCTX_OF(ctx->provctx);
7c664b1f
RL		 266 unsigned char *der = NULL;
267 const unsigned char *derp;
268 long der_len = 0;
269 unsigned char *new_der = NULL;
270 long new_der_len;
271 EVP_PKEY *pkey = NULL;
272 void *key = NULL;
2c090c1d 273 int orig_selection = selection;
66066e1b 274 int ok = 0;
7c664b1f 275
7c664b1f 276 /*
2c090c1d
RL		 277 * The caller is allowed to specify 0 as a selection mark, to have the
278 * structure and key type guessed. For type-specific structures, this
279 * is not recommended, as some structures are very similar.
280 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
281 * signifies a private key structure, where everything else is assumed
282 * to be present as well.
7c664b1f 283 */
2c090c1d
RL		 284 if (selection == 0)
285 selection = ctx->desc->selection_mask;
286 if ((selection & ctx->desc->selection_mask) == 0) {
287 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
288 return 0;
7c664b1f
RL		 289 }
290
2c090c1d
RL		 291 SET_ERR_MARK();
292 if (!read_der(ctx->provctx, cin, &der, &der_len))
65ef000e 293 goto next;
7c664b1f 294
65ef000e
RL		 295 /* We try the typs specific functions first, if available */
296 if (ctx->desc->d2i_private_key != NULL
297 && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
298 RESET_ERR_MARK();
b5b6669f 299 derp = der;
65ef000e
RL		 300 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
301 if (key == NULL && orig_selection != 0)
302 goto next;
303 }
304 if (key == NULL
06f67612 305 && (ctx->desc->d2i_PUBKEY != NULL || ctx->desc->d2i_public_key != NULL)
65ef000e
RL		 306 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
307 RESET_ERR_MARK();
308 derp = der;
06f67612
RL		 309 if (ctx->desc->d2i_PUBKEY != NULL)
310 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
311 else
312 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
65ef000e
RL		 313 if (key == NULL && orig_selection != 0)
314 goto next;
315 }
316 if (key == NULL
317 && ctx->desc->d2i_key_params != NULL
318 && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
319 RESET_ERR_MARK();
320 derp = der;
321 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
322 }
323 if (key == NULL
324 && ctx->desc->extract_key != NULL) {
7c664b1f 325 /*
2c090c1d
RL		 326 * There is a EVP_PKEY extractor, so we use the more generic
327 * EVP_PKEY functions, since they know how to unpack PKCS#8 and
328 * SubjectPublicKeyInfo.
7c664b1f 329 */
7c664b1f 330
2c090c1d 331 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
65ef000e
RL		 332 /*
333 * Opportunistic attempt to decrypt. If it doesn't work, we try
334 * to decode our input unencrypted.
335 */
336 if (der_from_p8(&new_der, &new_der_len, der, der_len,
337 pw_cb, pw_cbarg)) {
338 OPENSSL_free(der);
339 der = new_der;
340 der_len = new_der_len;
341 }
342 RESET_ERR_MARK();
343
2c090c1d 344 derp = der;
576892d7
SL		 345 pkey = evp_privatekey_from_binary(ctx->desc->evp_type, NULL,
346 &derp, der_len, libctx, NULL);
2c090c1d
RL		 347 }
348
06f67612
RL		 349 /*
350 * As long as we have algos without a specific d2i_<TYPE>_PUBKEY,
351 * this code must remain...
352 */
2c090c1d
RL		 353 if (pkey == NULL
354 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
355 RESET_ERR_MARK();
356 derp = der;
4669015d 357 pkey = ossl_d2i_PUBKEY_legacy(NULL, &derp, der_len);
2c090c1d
RL		 358 }
359
360 if (pkey != NULL) {
361 /*
362 * Tear out the low-level key pointer from the pkey,
363 * but only if it matches the expected key type.
364 *
81f9af34 365 * The check should be done with EVP_PKEY_is_a(), but
2c090c1d
RL		 366 * as long as we still have #legacy internal keys, it's safer
367 * to use the type numbers inside the provider.
368 */
369 if (EVP_PKEY_id(pkey) == ctx->desc->evp_type)
370 key = ctx->desc->extract_key(pkey);
371
372 /*
373 * ctx->desc->extract_key() is expected to have incremented
374 * |key|'s reference count, so it should be safe to free |pkey|
375 * now.
376 */
377 EVP_PKEY_free(pkey);
378 }
7c664b1f
RL		 379 }
380
65ef000e
RL		 381 if (key != NULL
382 && ctx->desc->check_key != NULL
383 && !ctx->desc->check_key(key, ctx)) {
384 CLEAR_ERR_MARK();
385 goto end;
386 }
387
6963979f
RL		 388 if (key != NULL && ctx->desc->adjust_key != NULL)
389 ctx->desc->adjust_key(key, ctx);
390
65ef000e 391 next:
2c090c1d
RL		 392 /*
393 * Prune low-level ASN.1 parse errors from error queue, assuming
394 * that this is called by decoder_process() in a loop trying several
395 * formats.
396 */
397 CLEAR_ERR_MARK();
398
65ef000e
RL		 399 /*
400 * We free memory here so it's not held up during the callback, because
401 * we know the process is recursive and the allocated chunks of memory
402 * add up.
403 */
7c664b1f 404 OPENSSL_free(der);
65ef000e 405 der = NULL;
7c664b1f
RL		 406
407 if (key != NULL) {
14c8a3d1
RL		 408 OSSL_PARAM params[4];
409 int object_type = OSSL_OBJECT_PKEY;
7c664b1f
RL		 410
411 params[0] =
14c8a3d1
RL		 412 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
413 params[1] =
414 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
2c090c1d
RL		 415 (char *)ctx->desc->keytype_name,
416 0);
7c664b1f 417 /* The address of the key becomes the octet string */
14c8a3d1
RL		 418 params[2] =
419 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
7c664b1f 420 &key, sizeof(key));
14c8a3d1 421 params[3] = OSSL_PARAM_construct_end();
7c664b1f
RL		 422
423 ok = data_cb(params, data_cbarg);
424 }
65ef000e
RL		 425
426 end:
7c664b1f 427 ctx->desc->free_key(key);
65ef000e 428 OPENSSL_free(der);
7c664b1f
RL		 429
430 return ok;
431}
432
433static int der2key_export_object(void *vctx,
434 const void *reference, size_t reference_sz,
435 OSSL_CALLBACK *export_cb, void *export_cbarg)
436{
437 struct der2key_ctx_st *ctx = vctx;
438 OSSL_FUNC_keymgmt_export_fn *export =
439 ossl_prov_get_keymgmt_export(ctx->desc->fns);
440 void *keydata;
441
442 if (reference_sz == sizeof(keydata) && export != NULL) {
443 /* The contents of the reference is the address to our object */
444 keydata = *(void **)reference;
445
446 return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
447 export_cb, export_cbarg);
448 }
449 return 0;
450}
451
2c090c1d
RL		 452/* ---------------------------------------------------------------------- */
453
454#ifndef OPENSSL_NO_DH
455# define dh_evp_type EVP_PKEY_DH
456# define dh_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
457# define dh_d2i_private_key NULL
458# define dh_d2i_public_key NULL
459# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
06f67612 460# define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY
2c090c1d 461# define dh_free (free_key_fn *)DH_free
65ef000e 462# define dh_check NULL
2c090c1d 463
6963979f
RL		 464static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
465{
466 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
467}
468
2c090c1d
RL		 469# define dhx_evp_type EVP_PKEY_DHX
470# define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
471# define dhx_d2i_private_key NULL
472# define dhx_d2i_public_key NULL
473# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
06f67612 474# define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY
2c090c1d 475# define dhx_free (free_key_fn *)DH_free
65ef000e 476# define dhx_check NULL
6963979f 477# define dhx_adjust dh_adjust
2c090c1d
RL		 478#endif
479
480/* ---------------------------------------------------------------------- */
481
482#ifndef OPENSSL_NO_DSA
483# define dsa_evp_type EVP_PKEY_DSA
484# define dsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_DSA
485# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
486# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
487# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
06f67612 488# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY
2c090c1d 489# define dsa_free (free_key_fn *)DSA_free
65ef000e 490# define dsa_check NULL
6963979f
RL		 491
492static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
493{
494 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
495}
2c090c1d
RL		 496#endif
497
498/* ---------------------------------------------------------------------- */
499
500#ifndef OPENSSL_NO_EC
501# define ec_evp_type EVP_PKEY_EC
502# define ec_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
503# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
504# define ec_d2i_public_key NULL
505# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
06f67612 506# define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
2c090c1d
RL		 507# define ec_free (free_key_fn *)EC_KEY_free
508
65ef000e
RL		 509static int ec_check(void *key, struct der2key_ctx_st *ctx)
510{
511 /* We're trying to be clever by comparing two truths */
512
513 int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
514
515 return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
516}
517
6963979f
RL		 518static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
519{
32ab57cb 520 ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
6963979f
RL		 521}
522
2c090c1d
RL		 523/*
524 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
525 * so no d2i functions to be had.
526 */
6963979f
RL		 527
528static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
529{
32ab57cb 530 ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
6963979f
RL		 531}
532
2c090c1d 533# define ed25519_evp_type EVP_PKEY_ED25519
32ab57cb 534# define ed25519_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_ED25519
2c090c1d
RL		 535# define ed25519_d2i_private_key NULL
536# define ed25519_d2i_public_key NULL
537# define ed25519_d2i_key_params NULL
06f67612 538# define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
32ab57cb 539# define ed25519_free (free_key_fn *)ossl_ecx_key_free
65ef000e 540# define ed25519_check NULL
6963979f 541# define ed25519_adjust ecx_key_adjust
2c090c1d
RL		 542
543# define ed448_evp_type EVP_PKEY_ED448
32ab57cb 544# define ed448_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_ED448
2c090c1d
RL		 545# define ed448_d2i_private_key NULL
546# define ed448_d2i_public_key NULL
547# define ed448_d2i_key_params NULL
06f67612 548# define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY
32ab57cb 549# define ed448_free (free_key_fn *)ossl_ecx_key_free
65ef000e 550# define ed448_check NULL
6963979f 551# define ed448_adjust ecx_key_adjust
2c090c1d
RL		 552
553# define x25519_evp_type EVP_PKEY_X25519
32ab57cb 554# define x25519_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_X25519
2c090c1d
RL		 555# define x25519_d2i_private_key NULL
556# define x25519_d2i_public_key NULL
557# define x25519_d2i_key_params NULL
06f67612 558# define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY
32ab57cb 559# define x25519_free (free_key_fn *)ossl_ecx_key_free
65ef000e 560# define x25519_check NULL
6963979f 561# define x25519_adjust ecx_key_adjust
2c090c1d
RL		 562
563# define x448_evp_type EVP_PKEY_X448
32ab57cb 564# define x448_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_X448
2c090c1d
RL		 565# define x448_d2i_private_key NULL
566# define x448_d2i_public_key NULL
567# define x448_d2i_key_params NULL
06f67612 568# define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY
32ab57cb 569# define x448_free (free_key_fn *)ossl_ecx_key_free
65ef000e 570# define x448_check NULL
6963979f 571# define x448_adjust ecx_key_adjust
f2db0528
RL		 572
573# ifndef OPENSSL_NO_SM2
574# define sm2_evp_type EVP_PKEY_SM2
575# define sm2_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
576# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
577# define sm2_d2i_public_key NULL
578# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
06f67612 579# define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
f2db0528 580# define sm2_free (free_key_fn *)EC_KEY_free
65ef000e 581# define sm2_check ec_check
f2db0528
RL		 582# define sm2_adjust ec_adjust
583# endif
2c090c1d
RL		 584#endif
585
586/* ---------------------------------------------------------------------- */
587
588#define rsa_evp_type EVP_PKEY_RSA
589#define rsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
590#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
591#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
592#define rsa_d2i_key_params NULL
06f67612 593#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
2c090c1d
RL		 594#define rsa_free (free_key_fn *)RSA_free
595
65ef000e
RL		 596static int rsa_check(void *key, struct der2key_ctx_st *ctx)
597{
598 switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
599 case RSA_FLAG_TYPE_RSA:
600 return ctx->desc->evp_type == EVP_PKEY_RSA;
601 case RSA_FLAG_TYPE_RSASSAPSS:
602 return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
603 }
604
605 /* Currently unsupported RSA key type */
606 return 0;
607}
608
6963979f
RL		 609static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
610{
611 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
612}
613
2c090c1d
RL		 614#define rsapss_evp_type EVP_PKEY_RSA_PSS
615#define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
616#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
617#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
618#define rsapss_d2i_key_params NULL
06f67612 619#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
2c090c1d 620#define rsapss_free (free_key_fn *)RSA_free
65ef000e 621#define rsapss_check rsa_check
6963979f 622#define rsapss_adjust rsa_adjust
2c090c1d
RL		 623
624/* ---------------------------------------------------------------------- */
625
626/*
627 * The DO_ macros help define the selection mask and the method functions
628 * for each kind of object we want to decode.
629 */
630#define DO_type_specific_keypair(keytype) \
65ef000e 631 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 632 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
633 keytype##_d2i_private_key, \
634 keytype##_d2i_public_key, \
635 NULL, \
636 NULL, \
06f67612 637 NULL, \
65ef000e 638 keytype##_check, \
6963979f 639 keytype##_adjust, \
2c090c1d
RL		 640 keytype##_free
641
642#define DO_type_specific_pub(keytype) \
65ef000e 643 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 644 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
645 NULL, \
646 keytype##_d2i_public_key, \
647 NULL, \
648 NULL, \
06f67612 649 NULL, \
65ef000e 650 keytype##_check, \
6963979f 651 keytype##_adjust, \
2c090c1d
RL		 652 keytype##_free
653
654#define DO_type_specific_priv(keytype) \
65ef000e 655 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 656 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
657 keytype##_d2i_private_key, \
658 NULL, \
659 NULL, \
660 NULL, \
06f67612 661 NULL, \
65ef000e 662 keytype##_check, \
6963979f 663 keytype##_adjust, \
2c090c1d
RL		 664 keytype##_free
665
666#define DO_type_specific_params(keytype) \
65ef000e 667 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 668 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
669 NULL, \
670 NULL, \
671 keytype##_d2i_key_params, \
672 NULL, \
06f67612 673 NULL, \
65ef000e 674 keytype##_check, \
6963979f 675 keytype##_adjust, \
2c090c1d
RL		 676 keytype##_free
677
678#define DO_type_specific(keytype) \
65ef000e 679 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 680 ( OSSL_KEYMGMT_SELECT_ALL ), \
681 keytype##_d2i_private_key, \
682 keytype##_d2i_public_key, \
683 keytype##_d2i_key_params, \
684 NULL, \
06f67612 685 NULL, \
65ef000e 686 keytype##_check, \
6963979f 687 keytype##_adjust, \
2c090c1d
RL		 688 keytype##_free
689
690#define DO_type_specific_no_pub(keytype) \
65ef000e 691 "type-specific", keytype##_evp_type, \
2c090c1d
RL		 692 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
693 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
694 keytype##_d2i_private_key, \
695 NULL, \
696 keytype##_d2i_key_params, \
697 NULL, \
06f67612 698 NULL, \
65ef000e 699 keytype##_check, \
6963979f 700 keytype##_adjust, \
2c090c1d
RL		 701 keytype##_free
702
703#define DO_PKCS8(keytype) \
704 "pkcs8", keytype##_evp_type, \
705 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
706 NULL, \
707 NULL, \
708 NULL, \
06f67612 709 NULL, \
2c090c1d 710 keytype##_evp_extract, \
65ef000e 711 keytype##_check, \
6963979f 712 keytype##_adjust, \
2c090c1d
RL		 713 keytype##_free
714
715#define DO_SubjectPublicKeyInfo(keytype) \
716 "SubjectPublicKeyInfo", keytype##_evp_type, \
717 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
718 NULL, \
719 NULL, \
720 NULL, \
06f67612 721 keytype##_d2i_PUBKEY, \
2c090c1d 722 keytype##_evp_extract, \
65ef000e 723 keytype##_check, \
6963979f 724 keytype##_adjust, \
2c090c1d
RL		 725 keytype##_free
726
727#define DO_DH(keytype) \
65ef000e 728 "DH", keytype##_evp_type, \
2c090c1d
RL		 729 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
730 NULL, \
731 NULL, \
732 keytype##_d2i_key_params, \
733 NULL, \
06f67612 734 NULL, \
65ef000e 735 keytype##_check, \
6963979f 736 keytype##_adjust, \
2c090c1d
RL		 737 keytype##_free
738
739#define DO_DHX(keytype) \
65ef000e 740 "DHX", keytype##_evp_type, \
2c090c1d
RL		 741 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
742 NULL, \
743 NULL, \
744 keytype##_d2i_key_params, \
745 NULL, \
06f67612 746 NULL, \
65ef000e 747 keytype##_check, \
6963979f 748 keytype##_adjust, \
2c090c1d
RL		 749 keytype##_free
750
751#define DO_DSA(keytype) \
65ef000e 752 "DSA", keytype##_evp_type, \
2c090c1d
RL		 753 ( OSSL_KEYMGMT_SELECT_ALL ), \
754 keytype##_d2i_private_key, \
755 keytype##_d2i_public_key, \
756 keytype##_d2i_key_params, \
757 NULL, \
06f67612 758 NULL, \
65ef000e 759 keytype##_check, \
6963979f 760 keytype##_adjust, \
2c090c1d
RL		 761 keytype##_free
762
763#define DO_EC(keytype) \
65ef000e 764 "EC", keytype##_evp_type, \
2c090c1d
RL		 765 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
766 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
767 keytype##_d2i_private_key, \
768 NULL, \
769 keytype##_d2i_key_params, \
770 NULL, \
06f67612 771 NULL, \
65ef000e 772 keytype##_check, \
6963979f 773 keytype##_adjust, \
2c090c1d
RL		 774 keytype##_free
775
776#define DO_RSA(keytype) \
65ef000e 777 "RSA", keytype##_evp_type, \
2c090c1d
RL		 778 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
779 keytype##_d2i_private_key, \
780 keytype##_d2i_public_key, \
781 NULL, \
782 NULL, \
06f67612 783 NULL, \
65ef000e 784 keytype##_check, \
6963979f 785 keytype##_adjust, \
2c090c1d
RL		 786 keytype##_free
787
788/*
789 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
790 * It takes the following arguments:
791 *
792 * keytype_name The implementation key type as a string.
793 * keytype The implementation key type. This must correspond exactly
794 * to our existing keymgmt keytype names... in other words,
795 * there must exist an ossl_##keytype##_keymgmt_functions.
796 * type The type name for the set of functions that implement the
797 * decoder for the key type. This isn't necessarily the same
798 * as keytype. For example, the key types ed25519, ed448,
799 * x25519 and x448 are all handled by the same functions with
800 * the common type name ecx.
801 * kind The kind of support to implement. This translates into
802 * the DO_##kind macros above, to populate the keytype_desc_st
803 * structure.
804 */
805#define MAKE_DECODER(keytype_name, keytype, type, kind) \
806 static const struct keytype_desc_st kind##_##keytype##_desc = \
807 { keytype_name, ossl_##keytype##_keymgmt_functions, \
808 DO_##kind(keytype) }; \
809 \
810 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
811 static OSSL_FUNC_decoder_gettable_params_fn \
812 kind##_der2##keytype##_gettable_params; \
813 static OSSL_FUNC_decoder_get_params_fn \
814 kind##_der2##keytype##_get_params; \
815 \
816 static void *kind##_der2##keytype##_newctx(void *provctx) \
817 { \
818 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
819 } \
820 static const OSSL_PARAM * \
821 kind##_der2##keytype##_gettable_params(void *provctx) \
822 { \
823 return \
824 der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
825 } \
826 static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
827 { \
828 return der2key_get_params(params, &kind##_##keytype##_desc); \
829 } \
830 static int kind##_der2##keytype##_does_selection(void *provctx, \
831 int selection) \
7c664b1f 832 { \
2c090c1d
RL		 833 return der2key_check_selection(selection, \
834 &kind##_##keytype##_desc); \
7c664b1f 835 } \
2c090c1d
RL		 836 const OSSL_DISPATCH \
837 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
ece9304c 838 { OSSL_FUNC_DECODER_NEWCTX, \
2c090c1d 839 (void (*)(void))kind##_der2##keytype##_newctx }, \
ece9304c 840 { OSSL_FUNC_DECODER_FREECTX, \
7c664b1f 841 (void (*)(void))der2key_freectx }, \
ece9304c 842 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
2c090c1d 843 (void (*)(void))kind##_der2##keytype##_gettable_params }, \
ece9304c 844 { OSSL_FUNC_DECODER_GET_PARAMS, \
2c090c1d
RL		 845 (void (*)(void))kind##_der2##keytype##_get_params }, \
846 { OSSL_FUNC_DECODER_DOES_SELECTION, \
847 (void (*)(void))kind##_der2##keytype##_does_selection }, \
ece9304c
RL		 848 { OSSL_FUNC_DECODER_DECODE, \
849 (void (*)(void))der2key_decode }, \
850 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
7c664b1f
RL		 851 (void (*)(void))der2key_export_object }, \
852 { 0, NULL } \
853 }
854
855#ifndef OPENSSL_NO_DH
2c090c1d
RL		 856MAKE_DECODER("DH", dh, dh, PKCS8);
857MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
858MAKE_DECODER("DH", dh, dh, type_specific_params);
859MAKE_DECODER("DH", dh, dh, DH);
860MAKE_DECODER("DHX", dhx, dhx, PKCS8);
861MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
862MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
863MAKE_DECODER("DHX", dhx, dhx, DHX);
7c664b1f
RL		 864#endif
865#ifndef OPENSSL_NO_DSA
2c090c1d
RL		 866MAKE_DECODER("DSA", dsa, dsa, PKCS8);
867MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
868MAKE_DECODER("DSA", dsa, dsa, type_specific);
869MAKE_DECODER("DSA", dsa, dsa, DSA);
7c664b1f
RL		 870#endif
871#ifndef OPENSSL_NO_EC
2c090c1d
RL		 872MAKE_DECODER("EC", ec, ec, PKCS8);
873MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
874MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
875MAKE_DECODER("EC", ec, ec, EC);
876MAKE_DECODER("X25519", x25519, ecx, PKCS8);
877MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
878MAKE_DECODER("X448", x448, ecx, PKCS8);
879MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
880MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
881MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
882MAKE_DECODER("ED448", ed448, ecx, PKCS8);
883MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
f2db0528
RL		 884# ifndef OPENSSL_NO_SM2
885MAKE_DECODER("SM2", sm2, ec, PKCS8);
886MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
887# endif
7c664b1f 888#endif
2c090c1d
RL		 889MAKE_DECODER("RSA", rsa, rsa, PKCS8);
890MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
891MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
892MAKE_DECODER("RSA", rsa, rsa, RSA);
893MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
894MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
A mirror of the official openssl repository