]>
Commit | Line | Data |
---|---|---|
8ae40cf5 | 1 | /* |
fecb3aae | 2 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. |
8ae40cf5 RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * Low level APIs are deprecated for public use, but still ok for internal use. | |
12 | */ | |
13 | #include "internal/deprecated.h" | |
14 | ||
15 | #include <openssl/core.h> | |
16 | #include <openssl/core_dispatch.h> | |
17 | #include <openssl/core_names.h> | |
18 | #include <openssl/crypto.h> | |
19 | #include <openssl/params.h> | |
20 | #include <openssl/asn1.h> | |
21 | #include <openssl/err.h> | |
22 | #include <openssl/pem.h> | |
23 | #include <openssl/x509.h> | |
24 | #include <openssl/pkcs12.h> /* PKCS8_encrypt() */ | |
25 | #include <openssl/dh.h> | |
26 | #include <openssl/dsa.h> | |
27 | #include <openssl/ec.h> | |
2741128e | 28 | #include <openssl/proverr.h> |
8ae40cf5 RL |
29 | #include "internal/passphrase.h" |
30 | #include "internal/cryptlib.h" | |
31 | #include "crypto/ecx.h" | |
32 | #include "crypto/rsa.h" | |
33 | #include "prov/implementations.h" | |
8ae40cf5 RL |
34 | #include "prov/bio.h" |
35 | #include "prov/provider_ctx.h" | |
36 | #include "prov/der_rsa.h" | |
37 | #include "endecoder_local.h" | |
38 | ||
a2e145f8 RL |
39 | #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) |
40 | # define OPENSSL_NO_KEYPARAMS | |
41 | #endif | |
42 | ||
8ae40cf5 RL |
43 | struct key2any_ctx_st { |
44 | PROV_CTX *provctx; | |
45 | ||
78043fe8 TM |
46 | /* Set to 0 if parameters should not be saved (dsa only) */ |
47 | int save_parameters; | |
48 | ||
8ae40cf5 RL |
49 | /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ |
50 | int cipher_intent; | |
51 | ||
52 | EVP_CIPHER *cipher; | |
53 | ||
54 | struct ossl_passphrase_data_st pwdata; | |
55 | }; | |
56 | ||
111dc4b0 | 57 | typedef int check_key_type_fn(const void *key, int nid); |
78043fe8 | 58 | typedef int key_to_paramstring_fn(const void *key, int nid, int save, |
8ae40cf5 | 59 | void **str, int *strtype); |
c319b627 RL |
60 | typedef int key_to_der_fn(BIO *out, const void *key, |
61 | int key_nid, const char *pemname, | |
8ae40cf5 RL |
62 | key_to_paramstring_fn *p2s, i2d_of_void *k2d, |
63 | struct key2any_ctx_st *ctx); | |
64 | typedef int write_bio_of_void_fn(BIO *bp, const void *x); | |
65 | ||
576892d7 SL |
66 | |
67 | /* Free the blob allocated during key_to_paramstring_fn */ | |
68 | static void free_asn1_data(int type, void *data) | |
69 | { | |
1287dabd | 70 | switch (type) { |
576892d7 SL |
71 | case V_ASN1_OBJECT: |
72 | ASN1_OBJECT_free(data); | |
73 | break; | |
74 | case V_ASN1_SEQUENCE: | |
75 | ASN1_STRING_free(data); | |
76 | break; | |
77 | } | |
78 | } | |
79 | ||
8ae40cf5 RL |
80 | static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, |
81 | void *params, int params_type, | |
82 | i2d_of_void *k2d) | |
83 | { | |
84 | /* der, derlen store the key DER output and its length */ | |
85 | unsigned char *der = NULL; | |
86 | int derlen; | |
87 | /* The final PKCS#8 info */ | |
88 | PKCS8_PRIV_KEY_INFO *p8info = NULL; | |
89 | ||
8ae40cf5 RL |
90 | if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL |
91 | || (derlen = k2d(key, &der)) <= 0 | |
92 | || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, | |
93 | params_type, params, der, derlen)) { | |
e077455e | 94 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
95 | PKCS8_PRIV_KEY_INFO_free(p8info); |
96 | OPENSSL_free(der); | |
97 | p8info = NULL; | |
98 | } | |
99 | ||
100 | return p8info; | |
101 | } | |
102 | ||
103 | static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, | |
104 | struct key2any_ctx_st *ctx) | |
105 | { | |
106 | X509_SIG *p8 = NULL; | |
107 | char kstr[PEM_BUFSIZE]; | |
108 | size_t klen = 0; | |
169eca60 | 109 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); |
8ae40cf5 RL |
110 | |
111 | if (ctx->cipher == NULL) | |
112 | return NULL; | |
113 | ||
114 | if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, | |
115 | &ctx->pwdata)) { | |
f5f29796 | 116 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); |
8ae40cf5 RL |
117 | return NULL; |
118 | } | |
119 | /* First argument == -1 means "standard" */ | |
e3c75955 | 120 | p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); |
8ae40cf5 RL |
121 | OPENSSL_cleanse(kstr, klen); |
122 | return p8; | |
123 | } | |
124 | ||
125 | static X509_SIG *key_to_encp8(const void *key, int key_nid, | |
126 | void *params, int params_type, | |
127 | i2d_of_void *k2d, struct key2any_ctx_st *ctx) | |
128 | { | |
129 | PKCS8_PRIV_KEY_INFO *p8info = | |
130 | key_to_p8info(key, key_nid, params, params_type, k2d); | |
6a2b8ff3 | 131 | X509_SIG *p8 = NULL; |
8ae40cf5 | 132 | |
6a2b8ff3 | 133 | if (p8info == NULL) { |
576892d7 | 134 | free_asn1_data(params_type, params); |
6a2b8ff3 RL |
135 | } else { |
136 | p8 = p8info_to_encp8(p8info, ctx); | |
137 | PKCS8_PRIV_KEY_INFO_free(p8info); | |
138 | } | |
8ae40cf5 RL |
139 | return p8; |
140 | } | |
141 | ||
142 | static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, | |
143 | void *params, int params_type, | |
144 | i2d_of_void k2d) | |
145 | { | |
146 | /* der, derlen store the key DER output and its length */ | |
147 | unsigned char *der = NULL; | |
148 | int derlen; | |
149 | /* The final X509_PUBKEY */ | |
150 | X509_PUBKEY *xpk = NULL; | |
151 | ||
152 | ||
153 | if ((xpk = X509_PUBKEY_new()) == NULL | |
154 | || (derlen = k2d(key, &der)) <= 0 | |
155 | || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), | |
156 | params_type, params, der, derlen)) { | |
e077455e | 157 | ERR_raise(ERR_LIB_PROV, ERR_R_X509_LIB); |
8ae40cf5 RL |
158 | X509_PUBKEY_free(xpk); |
159 | OPENSSL_free(der); | |
160 | xpk = NULL; | |
161 | } | |
162 | ||
163 | return xpk; | |
164 | } | |
165 | ||
c319b627 | 166 | /* |
6a2b8ff3 RL |
167 | * key_to_epki_* produce encoded output with the private key data in a |
168 | * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require | |
169 | * that there's an intent to encrypt, anything else is an error. | |
6a2b8ff3 | 170 | * |
e304aa87 | 171 | * key_to_pki_* primarily produce encoded output with the private key data |
6a2b8ff3 RL |
172 | * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if |
173 | * there is an intent to encrypt the data, the corresponding key_to_epki_* | |
174 | * function is used instead. | |
175 | * | |
176 | * key_to_spki_* produce encoded output with the public key data in an | |
177 | * X.509 SubjectPublicKeyInfo. | |
178 | * | |
179 | * Key parameters don't have any defined envelopment of this kind, but are | |
180 | * included in some manner in the output from the functions described above, | |
181 | * either in the AlgorithmIdentifier's parameter field, or as part of the | |
182 | * key data itself. | |
c319b627 | 183 | */ |
6a2b8ff3 RL |
184 | |
185 | static int key_to_epki_der_priv_bio(BIO *out, const void *key, | |
186 | int key_nid, | |
187 | ossl_unused const char *pemname, | |
188 | key_to_paramstring_fn *p2s, | |
189 | i2d_of_void *k2d, | |
190 | struct key2any_ctx_st *ctx) | |
8ae40cf5 RL |
191 | { |
192 | int ret = 0; | |
193 | void *str = NULL; | |
194 | int strtype = V_ASN1_UNDEF; | |
6a2b8ff3 RL |
195 | X509_SIG *p8; |
196 | ||
197 | if (!ctx->cipher_intent) | |
198 | return 0; | |
8ae40cf5 | 199 | |
78043fe8 TM |
200 | if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, |
201 | &str, &strtype)) | |
8ae40cf5 RL |
202 | return 0; |
203 | ||
6a2b8ff3 RL |
204 | p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); |
205 | if (p8 != NULL) | |
206 | ret = i2d_PKCS8_bio(out, p8); | |
8ae40cf5 | 207 | |
6a2b8ff3 | 208 | X509_SIG_free(p8); |
8ae40cf5 | 209 | |
6a2b8ff3 RL |
210 | return ret; |
211 | } | |
8ae40cf5 | 212 | |
6a2b8ff3 RL |
213 | static int key_to_epki_pem_priv_bio(BIO *out, const void *key, |
214 | int key_nid, | |
215 | ossl_unused const char *pemname, | |
216 | key_to_paramstring_fn *p2s, | |
217 | i2d_of_void *k2d, | |
218 | struct key2any_ctx_st *ctx) | |
219 | { | |
220 | int ret = 0; | |
221 | void *str = NULL; | |
222 | int strtype = V_ASN1_UNDEF; | |
223 | X509_SIG *p8; | |
8ae40cf5 | 224 | |
6a2b8ff3 RL |
225 | if (!ctx->cipher_intent) |
226 | return 0; | |
227 | ||
228 | if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, | |
229 | &str, &strtype)) | |
230 | return 0; | |
231 | ||
232 | p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); | |
233 | if (p8 != NULL) | |
234 | ret = PEM_write_bio_PKCS8(out, p8); | |
235 | ||
236 | X509_SIG_free(p8); | |
8ae40cf5 RL |
237 | |
238 | return ret; | |
239 | } | |
240 | ||
6a2b8ff3 RL |
241 | static int key_to_pki_der_priv_bio(BIO *out, const void *key, |
242 | int key_nid, | |
243 | ossl_unused const char *pemname, | |
244 | key_to_paramstring_fn *p2s, | |
245 | i2d_of_void *k2d, | |
246 | struct key2any_ctx_st *ctx) | |
8ae40cf5 RL |
247 | { |
248 | int ret = 0; | |
249 | void *str = NULL; | |
250 | int strtype = V_ASN1_UNDEF; | |
6a2b8ff3 RL |
251 | PKCS8_PRIV_KEY_INFO *p8info; |
252 | ||
253 | if (ctx->cipher_intent) | |
254 | return key_to_epki_der_priv_bio(out, key, key_nid, pemname, | |
255 | p2s, k2d, ctx); | |
8ae40cf5 | 256 | |
78043fe8 TM |
257 | if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, |
258 | &str, &strtype)) | |
8ae40cf5 RL |
259 | return 0; |
260 | ||
6a2b8ff3 | 261 | p8info = key_to_p8info(key, key_nid, str, strtype, k2d); |
8ae40cf5 | 262 | |
6a2b8ff3 RL |
263 | if (p8info != NULL) |
264 | ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); | |
265 | else | |
266 | free_asn1_data(strtype, str); | |
8ae40cf5 | 267 | |
6a2b8ff3 | 268 | PKCS8_PRIV_KEY_INFO_free(p8info); |
8ae40cf5 | 269 | |
6a2b8ff3 RL |
270 | return ret; |
271 | } | |
8ae40cf5 | 272 | |
6a2b8ff3 RL |
273 | static int key_to_pki_pem_priv_bio(BIO *out, const void *key, |
274 | int key_nid, | |
275 | ossl_unused const char *pemname, | |
276 | key_to_paramstring_fn *p2s, | |
277 | i2d_of_void *k2d, | |
278 | struct key2any_ctx_st *ctx) | |
279 | { | |
280 | int ret = 0; | |
281 | void *str = NULL; | |
282 | int strtype = V_ASN1_UNDEF; | |
283 | PKCS8_PRIV_KEY_INFO *p8info; | |
284 | ||
285 | if (ctx->cipher_intent) | |
286 | return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, | |
287 | p2s, k2d, ctx); | |
288 | ||
289 | if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, | |
290 | &str, &strtype)) | |
291 | return 0; | |
292 | ||
293 | p8info = key_to_p8info(key, key_nid, str, strtype, k2d); | |
294 | ||
295 | if (p8info != NULL) | |
296 | ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); | |
297 | else | |
298 | free_asn1_data(strtype, str); | |
299 | ||
300 | PKCS8_PRIV_KEY_INFO_free(p8info); | |
8ae40cf5 RL |
301 | |
302 | return ret; | |
303 | } | |
304 | ||
c319b627 RL |
305 | static int key_to_spki_der_pub_bio(BIO *out, const void *key, |
306 | int key_nid, | |
307 | ossl_unused const char *pemname, | |
308 | key_to_paramstring_fn *p2s, | |
309 | i2d_of_void *k2d, | |
310 | struct key2any_ctx_st *ctx) | |
8ae40cf5 RL |
311 | { |
312 | int ret = 0; | |
313 | void *str = NULL; | |
314 | int strtype = V_ASN1_UNDEF; | |
315 | X509_PUBKEY *xpk = NULL; | |
316 | ||
78043fe8 TM |
317 | if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, |
318 | &str, &strtype)) | |
8ae40cf5 RL |
319 | return 0; |
320 | ||
321 | xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); | |
322 | ||
323 | if (xpk != NULL) | |
324 | ret = i2d_X509_PUBKEY_bio(out, xpk); | |
325 | ||
326 | /* Also frees |str| */ | |
327 | X509_PUBKEY_free(xpk); | |
328 | return ret; | |
329 | } | |
330 | ||
c319b627 RL |
331 | static int key_to_spki_pem_pub_bio(BIO *out, const void *key, |
332 | int key_nid, | |
333 | ossl_unused const char *pemname, | |
334 | key_to_paramstring_fn *p2s, | |
335 | i2d_of_void *k2d, | |
336 | struct key2any_ctx_st *ctx) | |
8ae40cf5 RL |
337 | { |
338 | int ret = 0; | |
339 | void *str = NULL; | |
340 | int strtype = V_ASN1_UNDEF; | |
341 | X509_PUBKEY *xpk = NULL; | |
342 | ||
78043fe8 TM |
343 | if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, |
344 | &str, &strtype)) | |
8ae40cf5 RL |
345 | return 0; |
346 | ||
347 | xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); | |
348 | ||
349 | if (xpk != NULL) | |
350 | ret = PEM_write_bio_X509_PUBKEY(out, xpk); | |
576892d7 SL |
351 | else |
352 | free_asn1_data(strtype, str); | |
8ae40cf5 RL |
353 | |
354 | /* Also frees |str| */ | |
355 | X509_PUBKEY_free(xpk); | |
356 | return ret; | |
357 | } | |
358 | ||
c319b627 RL |
359 | /* |
360 | * key_to_type_specific_* produce encoded output with type specific key data, | |
361 | * no envelopment; the same kind of output as the type specific i2d_ and | |
362 | * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER. | |
363 | * | |
364 | * OpenSSL tries to discourage production of new keys in this form, because | |
365 | * of the ambiguity when trying to recognise them, but can't deny that PKCS#1 | |
366 | * et al still are live standards. | |
367 | * | |
368 | * Note that these functions completely ignore p2s, and rather rely entirely | |
369 | * on k2d to do the complete work. | |
370 | */ | |
371 | static int key_to_type_specific_der_bio(BIO *out, const void *key, | |
372 | int key_nid, | |
373 | ossl_unused const char *pemname, | |
374 | key_to_paramstring_fn *p2s, | |
375 | i2d_of_void *k2d, | |
376 | struct key2any_ctx_st *ctx) | |
377 | { | |
378 | unsigned char *der = NULL; | |
379 | int derlen; | |
380 | int ret; | |
381 | ||
382 | if ((derlen = k2d(key, &der)) <= 0) { | |
e077455e | 383 | ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB); |
c319b627 RL |
384 | return 0; |
385 | } | |
386 | ||
387 | ret = BIO_write(out, der, derlen); | |
388 | OPENSSL_free(der); | |
389 | return ret > 0; | |
390 | } | |
391 | #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio | |
392 | #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio | |
393 | #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio | |
394 | ||
395 | static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key, | |
396 | int key_nid, const char *pemname, | |
397 | key_to_paramstring_fn *p2s, | |
398 | i2d_of_void *k2d, | |
399 | struct key2any_ctx_st *ctx, | |
400 | pem_password_cb *cb, void *cbarg) | |
401 | { | |
402 | return | |
403 | PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, | |
c22b6592 | 404 | NULL, 0, cb, cbarg) > 0; |
c319b627 RL |
405 | } |
406 | ||
407 | static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key, | |
408 | int key_nid, const char *pemname, | |
409 | key_to_paramstring_fn *p2s, | |
410 | i2d_of_void *k2d, | |
411 | struct key2any_ctx_st *ctx) | |
412 | { | |
413 | return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, | |
414 | p2s, k2d, ctx, | |
415 | ossl_pw_pem_password, &ctx->pwdata); | |
416 | } | |
417 | ||
418 | static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key, | |
419 | int key_nid, const char *pemname, | |
420 | key_to_paramstring_fn *p2s, | |
421 | i2d_of_void *k2d, | |
422 | struct key2any_ctx_st *ctx) | |
423 | { | |
424 | return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, | |
425 | p2s, k2d, ctx, NULL, NULL); | |
426 | } | |
427 | ||
a2e145f8 | 428 | #ifndef OPENSSL_NO_KEYPARAMS |
c319b627 RL |
429 | static int key_to_type_specific_pem_param_bio(BIO *out, const void *key, |
430 | int key_nid, const char *pemname, | |
431 | key_to_paramstring_fn *p2s, | |
432 | i2d_of_void *k2d, | |
433 | struct key2any_ctx_st *ctx) | |
434 | { | |
435 | return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, | |
436 | p2s, k2d, ctx, NULL, NULL); | |
437 | } | |
01b77081 | 438 | #endif |
c319b627 | 439 | |
8ae40cf5 RL |
440 | /* ---------------------------------------------------------------------- */ |
441 | ||
442 | #ifndef OPENSSL_NO_DH | |
78043fe8 | 443 | static int prepare_dh_params(const void *dh, int nid, int save, |
8ae40cf5 RL |
444 | void **pstr, int *pstrtype) |
445 | { | |
446 | ASN1_STRING *params = ASN1_STRING_new(); | |
447 | ||
448 | if (params == NULL) { | |
e077455e | 449 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
450 | return 0; |
451 | } | |
452 | ||
453 | if (nid == EVP_PKEY_DHX) | |
454 | params->length = i2d_DHxparams(dh, ¶ms->data); | |
455 | else | |
456 | params->length = i2d_DHparams(dh, ¶ms->data); | |
457 | ||
458 | if (params->length <= 0) { | |
e077455e | 459 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
460 | ASN1_STRING_free(params); |
461 | return 0; | |
462 | } | |
463 | params->type = V_ASN1_SEQUENCE; | |
464 | ||
465 | *pstr = params; | |
466 | *pstrtype = V_ASN1_SEQUENCE; | |
467 | return 1; | |
468 | } | |
469 | ||
c319b627 | 470 | static int dh_spki_pub_to_der(const void *dh, unsigned char **pder) |
8ae40cf5 RL |
471 | { |
472 | const BIGNUM *bn = NULL; | |
473 | ASN1_INTEGER *pub_key = NULL; | |
474 | int ret; | |
475 | ||
476 | if ((bn = DH_get0_pub_key(dh)) == NULL) { | |
477 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); | |
478 | return 0; | |
479 | } | |
480 | if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { | |
481 | ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); | |
482 | return 0; | |
483 | } | |
484 | ||
485 | ret = i2d_ASN1_INTEGER(pub_key, pder); | |
486 | ||
487 | ASN1_STRING_clear_free(pub_key); | |
488 | return ret; | |
489 | } | |
490 | ||
6a2b8ff3 | 491 | static int dh_pki_priv_to_der(const void *dh, unsigned char **pder) |
8ae40cf5 RL |
492 | { |
493 | const BIGNUM *bn = NULL; | |
494 | ASN1_INTEGER *priv_key = NULL; | |
495 | int ret; | |
496 | ||
497 | if ((bn = DH_get0_priv_key(dh)) == NULL) { | |
498 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); | |
499 | return 0; | |
500 | } | |
501 | if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { | |
502 | ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); | |
503 | return 0; | |
504 | } | |
505 | ||
506 | ret = i2d_ASN1_INTEGER(priv_key, pder); | |
507 | ||
508 | ASN1_STRING_clear_free(priv_key); | |
509 | return ret; | |
510 | } | |
511 | ||
0195cdd2 RL |
512 | # define dh_epki_priv_to_der dh_pki_priv_to_der |
513 | ||
c319b627 | 514 | static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) |
8ae40cf5 | 515 | { |
c319b627 RL |
516 | if (DH_test_flags(dh, DH_FLAG_TYPE_DHX)) |
517 | return i2d_DHxparams(dh, pder); | |
518 | return i2d_DHparams(dh, pder); | |
8ae40cf5 RL |
519 | } |
520 | ||
c319b627 RL |
521 | /* |
522 | * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make | |
523 | * corresponding functions here. | |
524 | */ | |
525 | # define dh_type_specific_priv_to_der NULL | |
526 | # define dh_type_specific_pub_to_der NULL | |
111dc4b0 | 527 | |
c319b627 | 528 | static int dh_check_key_type(const void *dh, int expected_type) |
111dc4b0 RL |
529 | { |
530 | int type = | |
c319b627 | 531 | DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; |
111dc4b0 RL |
532 | |
533 | return type == expected_type; | |
534 | } | |
535 | ||
536 | # define dh_evp_type EVP_PKEY_DH | |
537 | # define dhx_evp_type EVP_PKEY_DHX | |
538 | # define dh_input_type "DH" | |
539 | # define dhx_input_type "DHX" | |
c319b627 RL |
540 | # define dh_pem_type "DH" |
541 | # define dhx_pem_type "X9.42 DH" | |
8ae40cf5 RL |
542 | #endif |
543 | ||
544 | /* ---------------------------------------------------------------------- */ | |
545 | ||
546 | #ifndef OPENSSL_NO_DSA | |
78043fe8 TM |
547 | static int encode_dsa_params(const void *dsa, int nid, |
548 | void **pstr, int *pstrtype) | |
8ae40cf5 RL |
549 | { |
550 | ASN1_STRING *params = ASN1_STRING_new(); | |
551 | ||
552 | if (params == NULL) { | |
e077455e | 553 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
554 | return 0; |
555 | } | |
556 | ||
557 | params->length = i2d_DSAparams(dsa, ¶ms->data); | |
558 | ||
559 | if (params->length <= 0) { | |
e077455e | 560 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
561 | ASN1_STRING_free(params); |
562 | return 0; | |
563 | } | |
564 | ||
565 | *pstrtype = V_ASN1_SEQUENCE; | |
566 | *pstr = params; | |
567 | return 1; | |
568 | } | |
569 | ||
78043fe8 TM |
570 | static int prepare_dsa_params(const void *dsa, int nid, int save, |
571 | void **pstr, int *pstrtype) | |
8ae40cf5 RL |
572 | { |
573 | const BIGNUM *p = DSA_get0_p(dsa); | |
574 | const BIGNUM *q = DSA_get0_q(dsa); | |
575 | const BIGNUM *g = DSA_get0_g(dsa); | |
576 | ||
78043fe8 TM |
577 | if (save && p != NULL && q != NULL && g != NULL) |
578 | return encode_dsa_params(dsa, nid, pstr, pstrtype); | |
8ae40cf5 RL |
579 | |
580 | *pstr = NULL; | |
581 | *pstrtype = V_ASN1_UNDEF; | |
582 | return 1; | |
583 | } | |
584 | ||
c319b627 | 585 | static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder) |
8ae40cf5 RL |
586 | { |
587 | const BIGNUM *bn = NULL; | |
588 | ASN1_INTEGER *pub_key = NULL; | |
589 | int ret; | |
590 | ||
591 | if ((bn = DSA_get0_pub_key(dsa)) == NULL) { | |
592 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); | |
593 | return 0; | |
594 | } | |
595 | if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { | |
596 | ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); | |
597 | return 0; | |
598 | } | |
599 | ||
600 | ret = i2d_ASN1_INTEGER(pub_key, pder); | |
601 | ||
602 | ASN1_STRING_clear_free(pub_key); | |
603 | return ret; | |
604 | } | |
605 | ||
6a2b8ff3 | 606 | static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder) |
8ae40cf5 RL |
607 | { |
608 | const BIGNUM *bn = NULL; | |
609 | ASN1_INTEGER *priv_key = NULL; | |
610 | int ret; | |
611 | ||
612 | if ((bn = DSA_get0_priv_key(dsa)) == NULL) { | |
613 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); | |
614 | return 0; | |
615 | } | |
616 | if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { | |
617 | ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); | |
618 | return 0; | |
619 | } | |
620 | ||
621 | ret = i2d_ASN1_INTEGER(priv_key, pder); | |
622 | ||
623 | ASN1_STRING_clear_free(priv_key); | |
624 | return ret; | |
625 | } | |
626 | ||
0195cdd2 RL |
627 | # define dsa_epki_priv_to_der dsa_pki_priv_to_der |
628 | ||
c319b627 RL |
629 | # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey |
630 | # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey | |
631 | # define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams | |
111dc4b0 RL |
632 | |
633 | # define dsa_check_key_type NULL | |
634 | # define dsa_evp_type EVP_PKEY_DSA | |
635 | # define dsa_input_type "DSA" | |
c319b627 | 636 | # define dsa_pem_type "DSA" |
8ae40cf5 RL |
637 | #endif |
638 | ||
639 | /* ---------------------------------------------------------------------- */ | |
640 | ||
641 | #ifndef OPENSSL_NO_EC | |
8ae40cf5 RL |
642 | static int prepare_ec_explicit_params(const void *eckey, |
643 | void **pstr, int *pstrtype) | |
644 | { | |
645 | ASN1_STRING *params = ASN1_STRING_new(); | |
646 | ||
647 | if (params == NULL) { | |
e077455e | 648 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
649 | return 0; |
650 | } | |
651 | ||
652 | params->length = i2d_ECParameters(eckey, ¶ms->data); | |
653 | if (params->length <= 0) { | |
e077455e | 654 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
655 | ASN1_STRING_free(params); |
656 | return 0; | |
657 | } | |
658 | ||
659 | *pstrtype = V_ASN1_SEQUENCE; | |
660 | *pstr = params; | |
661 | return 1; | |
662 | } | |
663 | ||
c319b627 RL |
664 | /* |
665 | * This implements EcpkParameters, where the CHOICE is based on whether there | |
666 | * is a curve name (curve nid) to be found or not. See RFC 3279 for details. | |
c319b627 | 667 | */ |
78043fe8 | 668 | static int prepare_ec_params(const void *eckey, int nid, int save, |
8ae40cf5 RL |
669 | void **pstr, int *pstrtype) |
670 | { | |
671 | int curve_nid; | |
672 | const EC_GROUP *group = EC_KEY_get0_group(eckey); | |
673 | ASN1_OBJECT *params = NULL; | |
674 | ||
675 | if (group == NULL) | |
676 | return 0; | |
677 | curve_nid = EC_GROUP_get_curve_name(group); | |
678 | if (curve_nid != NID_undef) { | |
679 | params = OBJ_nid2obj(curve_nid); | |
680 | if (params == NULL) | |
681 | return 0; | |
682 | } | |
683 | ||
684 | if (curve_nid != NID_undef | |
685 | && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { | |
c319b627 | 686 | /* The CHOICE came to namedCurve */ |
8ae40cf5 RL |
687 | if (OBJ_length(params) == 0) { |
688 | /* Some curves might not have an associated OID */ | |
689 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); | |
690 | ASN1_OBJECT_free(params); | |
691 | return 0; | |
692 | } | |
693 | *pstr = params; | |
694 | *pstrtype = V_ASN1_OBJECT; | |
695 | return 1; | |
696 | } else { | |
c319b627 | 697 | /* The CHOICE came to ecParameters */ |
8ae40cf5 RL |
698 | return prepare_ec_explicit_params(eckey, pstr, pstrtype); |
699 | } | |
700 | } | |
701 | ||
c319b627 | 702 | static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) |
8ae40cf5 | 703 | { |
6187d9ea MC |
704 | if (EC_KEY_get0_public_key(eckey) == NULL) { |
705 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); | |
706 | return 0; | |
707 | } | |
8ae40cf5 RL |
708 | return i2o_ECPublicKey(eckey, pder); |
709 | } | |
710 | ||
6a2b8ff3 | 711 | static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) |
8ae40cf5 RL |
712 | { |
713 | EC_KEY *eckey = (EC_KEY *)veckey; | |
714 | unsigned int old_flags; | |
715 | int ret = 0; | |
716 | ||
717 | /* | |
718 | * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object | |
719 | * as the pkeyalg->parameter field. (For a named curve this is an OID) | |
720 | * The pkey field is an octet string that holds the encoded | |
721 | * ECPrivateKey SEQUENCE with the optional parameters field omitted. | |
722 | * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. | |
723 | */ | |
724 | old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ | |
725 | EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); | |
726 | ret = i2d_ECPrivateKey(eckey, pder); | |
727 | EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ | |
728 | return ret; /* return the length of the der encoded data */ | |
729 | } | |
111dc4b0 | 730 | |
0195cdd2 RL |
731 | # define ec_epki_priv_to_der ec_pki_priv_to_der |
732 | ||
c319b627 | 733 | # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters |
2d495192 | 734 | /* No ec_type_specific_pub_to_der, there simply is no such thing */ |
c319b627 RL |
735 | # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey |
736 | ||
111dc4b0 RL |
737 | # define ec_check_key_type NULL |
738 | # define ec_evp_type EVP_PKEY_EC | |
739 | # define ec_input_type "EC" | |
c319b627 | 740 | # define ec_pem_type "EC" |
f2db0528 RL |
741 | |
742 | # ifndef OPENSSL_NO_SM2 | |
743 | # define sm2_evp_type EVP_PKEY_SM2 | |
744 | # define sm2_input_type "SM2" | |
745 | # define sm2_pem_type "SM2" | |
746 | # endif | |
8ae40cf5 RL |
747 | #endif |
748 | ||
749 | /* ---------------------------------------------------------------------- */ | |
750 | ||
751 | #ifndef OPENSSL_NO_EC | |
8ae40cf5 RL |
752 | # define prepare_ecx_params NULL |
753 | ||
c319b627 | 754 | static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) |
8ae40cf5 RL |
755 | { |
756 | const ECX_KEY *ecxkey = vecxkey; | |
757 | unsigned char *keyblob; | |
758 | ||
759 | if (ecxkey == NULL) { | |
760 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); | |
761 | return 0; | |
762 | } | |
763 | ||
764 | keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); | |
e077455e | 765 | if (keyblob == NULL) |
8ae40cf5 | 766 | return 0; |
8ae40cf5 RL |
767 | |
768 | *pder = keyblob; | |
769 | return ecxkey->keylen; | |
770 | } | |
771 | ||
6a2b8ff3 | 772 | static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) |
8ae40cf5 RL |
773 | { |
774 | const ECX_KEY *ecxkey = vecxkey; | |
775 | ASN1_OCTET_STRING oct; | |
776 | int keybloblen; | |
777 | ||
778 | if (ecxkey == NULL || ecxkey->privkey == NULL) { | |
779 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); | |
780 | return 0; | |
781 | } | |
782 | ||
783 | oct.data = ecxkey->privkey; | |
784 | oct.length = ecxkey->keylen; | |
785 | oct.flags = 0; | |
786 | ||
787 | keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); | |
788 | if (keybloblen < 0) { | |
e077455e | 789 | ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); |
8ae40cf5 RL |
790 | return 0; |
791 | } | |
792 | ||
793 | return keybloblen; | |
794 | } | |
795 | ||
0195cdd2 RL |
796 | # define ecx_epki_priv_to_der ecx_pki_priv_to_der |
797 | ||
c319b627 RL |
798 | /* |
799 | * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo | |
800 | * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der. | |
801 | */ | |
802 | ||
111dc4b0 RL |
803 | # define ecx_check_key_type NULL |
804 | ||
805 | # define ed25519_evp_type EVP_PKEY_ED25519 | |
806 | # define ed448_evp_type EVP_PKEY_ED448 | |
807 | # define x25519_evp_type EVP_PKEY_X25519 | |
808 | # define x448_evp_type EVP_PKEY_X448 | |
809 | # define ed25519_input_type "ED25519" | |
810 | # define ed448_input_type "ED448" | |
811 | # define x25519_input_type "X25519" | |
812 | # define x448_input_type "X448" | |
c319b627 RL |
813 | # define ed25519_pem_type "ED25519" |
814 | # define ed448_pem_type "ED448" | |
815 | # define x25519_pem_type "X25519" | |
816 | # define x448_pem_type "X448" | |
8ae40cf5 RL |
817 | #endif |
818 | ||
819 | /* ---------------------------------------------------------------------- */ | |
820 | ||
8ae40cf5 RL |
821 | /* |
822 | * Helper functions to prepare RSA-PSS params for encoding. We would | |
823 | * have simply written the whole AlgorithmIdentifier, but existing libcrypto | |
824 | * functionality doesn't allow that. | |
825 | */ | |
826 | ||
78043fe8 | 827 | static int prepare_rsa_params(const void *rsa, int nid, int save, |
8ae40cf5 RL |
828 | void **pstr, int *pstrtype) |
829 | { | |
23b2fc0b | 830 | const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa); |
8ae40cf5 RL |
831 | |
832 | *pstr = NULL; | |
833 | ||
834 | switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { | |
835 | case RSA_FLAG_TYPE_RSA: | |
836 | /* If plain RSA, the parameters shall be NULL */ | |
837 | *pstrtype = V_ASN1_NULL; | |
838 | return 1; | |
839 | case RSA_FLAG_TYPE_RSASSAPSS: | |
23b2fc0b | 840 | if (ossl_rsa_pss_params_30_is_unrestricted(pss)) { |
8ae40cf5 RL |
841 | *pstrtype = V_ASN1_UNDEF; |
842 | return 1; | |
843 | } else { | |
844 | ASN1_STRING *astr = NULL; | |
845 | WPACKET pkt; | |
846 | unsigned char *str = NULL; | |
847 | size_t str_sz = 0; | |
848 | int i; | |
849 | ||
850 | for (i = 0; i < 2; i++) { | |
851 | switch (i) { | |
852 | case 0: | |
853 | if (!WPACKET_init_null_der(&pkt)) | |
854 | goto err; | |
855 | break; | |
856 | case 1: | |
857 | if ((str = OPENSSL_malloc(str_sz)) == NULL | |
858 | || !WPACKET_init_der(&pkt, str, str_sz)) { | |
859 | goto err; | |
860 | } | |
861 | break; | |
862 | } | |
a55b00bd | 863 | if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss) |
8ae40cf5 RL |
864 | || !WPACKET_finish(&pkt) |
865 | || !WPACKET_get_total_written(&pkt, &str_sz)) | |
866 | goto err; | |
867 | WPACKET_cleanup(&pkt); | |
868 | ||
869 | /* | |
870 | * If no PSS parameters are going to be written, there's no | |
871 | * point going for another iteration. | |
872 | * This saves us from getting |str| allocated just to have it | |
873 | * immediately de-allocated. | |
874 | */ | |
875 | if (str_sz == 0) | |
876 | break; | |
877 | } | |
878 | ||
879 | if ((astr = ASN1_STRING_new()) == NULL) | |
880 | goto err; | |
881 | *pstrtype = V_ASN1_SEQUENCE; | |
882 | ASN1_STRING_set0(astr, str, (int)str_sz); | |
883 | *pstr = astr; | |
884 | ||
885 | return 1; | |
886 | err: | |
887 | OPENSSL_free(str); | |
888 | return 0; | |
889 | } | |
890 | } | |
891 | ||
892 | /* Currently unsupported RSA key type */ | |
893 | return 0; | |
894 | } | |
895 | ||
c319b627 RL |
896 | /* |
897 | * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| | |
898 | * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. | |
899 | */ | |
6a2b8ff3 | 900 | #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der |
0195cdd2 | 901 | #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der |
c319b627 RL |
902 | #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der |
903 | #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey | |
904 | #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey | |
905 | #define rsa_type_specific_params_to_der NULL | |
111dc4b0 RL |
906 | |
907 | static int rsa_check_key_type(const void *rsa, int expected_type) | |
908 | { | |
909 | switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { | |
910 | case RSA_FLAG_TYPE_RSA: | |
911 | return expected_type == EVP_PKEY_RSA; | |
912 | case RSA_FLAG_TYPE_RSASSAPSS: | |
913 | return expected_type == EVP_PKEY_RSA_PSS; | |
914 | } | |
915 | ||
916 | /* Currently unsupported RSA key type */ | |
917 | return EVP_PKEY_NONE; | |
918 | } | |
919 | ||
920 | #define rsa_evp_type EVP_PKEY_RSA | |
921 | #define rsapss_evp_type EVP_PKEY_RSA_PSS | |
922 | #define rsa_input_type "RSA" | |
923 | #define rsapss_input_type "RSA-PSS" | |
c319b627 RL |
924 | #define rsa_pem_type "RSA" |
925 | #define rsapss_pem_type "RSA-PSS" | |
8ae40cf5 RL |
926 | |
927 | /* ---------------------------------------------------------------------- */ | |
928 | ||
929 | static OSSL_FUNC_decoder_newctx_fn key2any_newctx; | |
930 | static OSSL_FUNC_decoder_freectx_fn key2any_freectx; | |
931 | ||
932 | static void *key2any_newctx(void *provctx) | |
933 | { | |
934 | struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
935 | ||
78043fe8 | 936 | if (ctx != NULL) { |
8ae40cf5 | 937 | ctx->provctx = provctx; |
78043fe8 TM |
938 | ctx->save_parameters = 1; |
939 | } | |
8ae40cf5 RL |
940 | |
941 | return ctx; | |
942 | } | |
943 | ||
944 | static void key2any_freectx(void *vctx) | |
945 | { | |
946 | struct key2any_ctx_st *ctx = vctx; | |
947 | ||
948 | ossl_pw_clear_passphrase_data(&ctx->pwdata); | |
949 | EVP_CIPHER_free(ctx->cipher); | |
950 | OPENSSL_free(ctx); | |
951 | } | |
952 | ||
953 | static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) | |
954 | { | |
955 | static const OSSL_PARAM settables[] = { | |
956 | OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), | |
957 | OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), | |
958 | OSSL_PARAM_END, | |
959 | }; | |
960 | ||
961 | return settables; | |
962 | } | |
963 | ||
964 | static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
965 | { | |
966 | struct key2any_ctx_st *ctx = vctx; | |
a829b735 | 967 | OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx); |
8ae40cf5 RL |
968 | const OSSL_PARAM *cipherp = |
969 | OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); | |
970 | const OSSL_PARAM *propsp = | |
971 | OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); | |
78043fe8 TM |
972 | const OSSL_PARAM *save_paramsp = |
973 | OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); | |
8ae40cf5 RL |
974 | |
975 | if (cipherp != NULL) { | |
976 | const char *ciphername = NULL; | |
977 | const char *props = NULL; | |
978 | ||
979 | if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) | |
980 | return 0; | |
981 | if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) | |
982 | return 0; | |
983 | ||
984 | EVP_CIPHER_free(ctx->cipher); | |
c319b627 | 985 | ctx->cipher = NULL; |
8ae40cf5 RL |
986 | ctx->cipher_intent = ciphername != NULL; |
987 | if (ciphername != NULL | |
988 | && ((ctx->cipher = | |
989 | EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) | |
990 | return 0; | |
991 | } | |
78043fe8 TM |
992 | |
993 | if (save_paramsp != NULL) { | |
994 | if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) | |
995 | return 0; | |
996 | } | |
8ae40cf5 RL |
997 | return 1; |
998 | } | |
999 | ||
c319b627 RL |
1000 | static int key2any_check_selection(int selection, int selection_mask) |
1001 | { | |
1002 | /* | |
1003 | * The selections are kinda sorta "levels", i.e. each selection given | |
1004 | * here is assumed to include those following. | |
1005 | */ | |
1006 | int checks[] = { | |
1007 | OSSL_KEYMGMT_SELECT_PRIVATE_KEY, | |
1008 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY, | |
1009 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS | |
1010 | }; | |
1011 | size_t i; | |
1012 | ||
1013 | /* The decoder implementations made here support guessing */ | |
1014 | if (selection == 0) | |
1015 | return 1; | |
1016 | ||
1017 | for (i = 0; i < OSSL_NELEM(checks); i++) { | |
1018 | int check1 = (selection & checks[i]) != 0; | |
1019 | int check2 = (selection_mask & checks[i]) != 0; | |
1020 | ||
1021 | /* | |
1022 | * If the caller asked for the currently checked bit(s), return | |
1023 | * whether the decoder description says it's supported. | |
1024 | */ | |
1025 | if (check1) | |
1026 | return check2; | |
1027 | } | |
1028 | ||
1029 | /* This should be dead code, but just to be safe... */ | |
1030 | return 0; | |
1031 | } | |
1032 | ||
111dc4b0 | 1033 | static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, |
c319b627 | 1034 | const void *key, int type, const char *pemname, |
111dc4b0 RL |
1035 | check_key_type_fn *checker, |
1036 | key_to_der_fn *writer, | |
c319b627 | 1037 | OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, |
8ae40cf5 RL |
1038 | key_to_paramstring_fn *key2paramstring, |
1039 | i2d_of_void *key2der) | |
1040 | { | |
8ae40cf5 RL |
1041 | int ret = 0; |
1042 | ||
111dc4b0 RL |
1043 | if (key == NULL) { |
1044 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); | |
c319b627 RL |
1045 | } else if (writer != NULL |
1046 | && (checker == NULL || checker(key, type))) { | |
9500c823 | 1047 | BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); |
111dc4b0 RL |
1048 | |
1049 | if (out != NULL | |
c319b627 RL |
1050 | && (pwcb == NULL |
1051 | || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg))) | |
1052 | ret = | |
1053 | writer(out, key, type, pemname, key2paramstring, key2der, ctx); | |
8ae40cf5 | 1054 | |
111dc4b0 RL |
1055 | BIO_free(out); |
1056 | } else { | |
1057 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
1058 | } | |
8ae40cf5 RL |
1059 | return ret; |
1060 | } | |
1061 | ||
c319b627 RL |
1062 | #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY |
1063 | #define DO_PRIVATE_KEY(impl, type, kind, output) \ | |
1064 | if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ | |
1065 | return key2any_encode(ctx, cout, key, impl##_evp_type, \ | |
1066 | impl##_pem_type " PRIVATE KEY", \ | |
1067 | type##_check_key_type, \ | |
1068 | key_to_##kind##_##output##_priv_bio, \ | |
1069 | cb, cbarg, prepare_##type##_params, \ | |
1070 | type##_##kind##_priv_to_der); | |
1071 | ||
1072 | #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY | |
1073 | #define DO_PUBLIC_KEY(impl, type, kind, output) \ | |
1074 | if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ | |
1075 | return key2any_encode(ctx, cout, key, impl##_evp_type, \ | |
1076 | impl##_pem_type " PUBLIC KEY", \ | |
1077 | type##_check_key_type, \ | |
1078 | key_to_##kind##_##output##_pub_bio, \ | |
1079 | cb, cbarg, prepare_##type##_params, \ | |
1080 | type##_##kind##_pub_to_der); | |
1081 | ||
1082 | #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS | |
1083 | #define DO_PARAMETERS(impl, type, kind, output) \ | |
1084 | if ((selection & DO_PARAMETERS_selection_mask) != 0) \ | |
1085 | return key2any_encode(ctx, cout, key, impl##_evp_type, \ | |
1086 | impl##_pem_type " PARAMETERS", \ | |
1087 | type##_check_key_type, \ | |
1088 | key_to_##kind##_##output##_param_bio, \ | |
1089 | NULL, NULL, NULL, \ | |
1090 | type##_##kind##_params_to_der); | |
1091 | ||
1092 | /*- | |
1093 | * Implement the kinds of output structure that can be produced. They are | |
1094 | * referred to by name, and for each name, the following macros are defined | |
1095 | * (braces not included): | |
1096 | * | |
c319b627 RL |
1097 | * DO_{kind}_selection_mask |
1098 | * | |
1099 | * A mask of selection bits that must not be zero. This is used as a | |
1100 | * selection criterion for each implementation. | |
1101 | * This mask must never be zero. | |
1102 | * | |
1103 | * DO_{kind} | |
1104 | * | |
1105 | * The performing macro. It must use the DO_ macros defined above, | |
1106 | * always in this order: | |
1107 | * | |
1108 | * - DO_PRIVATE_KEY | |
1109 | * - DO_PUBLIC_KEY | |
1110 | * - DO_PARAMETERS | |
1111 | * | |
1112 | * Any of those may be omitted, but the relative order must still be | |
1113 | * the same. | |
1114 | */ | |
8ae40cf5 | 1115 | |
6a2b8ff3 RL |
1116 | /* |
1117 | * PKCS#8 defines two structures for private keys only: | |
1118 | * - PrivateKeyInfo (raw unencrypted form) | |
1119 | * - EncryptedPrivateKeyInfo (encrypted wrapping) | |
1120 | * | |
1121 | * To allow a certain amount of flexibility, we allow the routines | |
1122 | * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a | |
1123 | * passphrase callback has been passed to them. | |
1124 | */ | |
1125 | #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask | |
1126 | #define DO_PrivateKeyInfo(impl, type, output) \ | |
1127 | DO_PRIVATE_KEY(impl, type, pki, output) | |
111dc4b0 | 1128 | |
0195cdd2 RL |
1129 | #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask |
1130 | #define DO_EncryptedPrivateKeyInfo(impl, type, output) \ | |
1131 | DO_PRIVATE_KEY(impl, type, epki, output) | |
1132 | ||
c319b627 | 1133 | /* SubjectPublicKeyInfo is a structure for public keys only */ |
c319b627 RL |
1134 | #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask |
1135 | #define DO_SubjectPublicKeyInfo(impl, type, output) \ | |
1136 | DO_PUBLIC_KEY(impl, type, spki, output) | |
8ae40cf5 | 1137 | |
c319b627 RL |
1138 | /* |
1139 | * "type-specific" is a uniform name for key type specific output for private | |
1140 | * and public keys as well as key parameters. This is used internally in | |
1141 | * libcrypto so it doesn't have to have special knowledge about select key | |
1142 | * types, but also when no better name has been found. If there are more | |
1143 | * expressive DO_ names above, those are preferred. | |
1144 | * | |
1145 | * Three forms exist: | |
1146 | * | |
1147 | * - type_specific_keypair Only supports private and public key | |
1148 | * - type_specific_params Only supports parameters | |
1149 | * - type_specific Supports all parts of an EVP_PKEY | |
1150 | * - type_specific_no_pub Supports all parts of an EVP_PKEY | |
1151 | * except public key | |
1152 | */ | |
c319b627 RL |
1153 | #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask |
1154 | #define DO_type_specific_params(impl, type, output) \ | |
1155 | DO_PARAMETERS(impl, type, type_specific, output) | |
c319b627 RL |
1156 | #define DO_type_specific_keypair_selection_mask \ |
1157 | ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) | |
1158 | #define DO_type_specific_keypair(impl, type, output) \ | |
1159 | DO_PRIVATE_KEY(impl, type, type_specific, output) \ | |
1160 | DO_PUBLIC_KEY(impl, type, type_specific, output) | |
c319b627 RL |
1161 | #define DO_type_specific_selection_mask \ |
1162 | ( DO_type_specific_keypair_selection_mask \ | |
1163 | | DO_type_specific_params_selection_mask ) | |
1164 | #define DO_type_specific(impl, type, output) \ | |
1165 | DO_type_specific_keypair(impl, type, output) \ | |
1166 | DO_type_specific_params(impl, type, output) | |
c319b627 RL |
1167 | #define DO_type_specific_no_pub_selection_mask \ |
1168 | ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) | |
1169 | #define DO_type_specific_no_pub(impl, type, output) \ | |
1170 | DO_PRIVATE_KEY(impl, type, type_specific, output) \ | |
1171 | DO_type_specific_params(impl, type, output) | |
8ae40cf5 | 1172 | |
c319b627 RL |
1173 | /* |
1174 | * Type specific aliases for the cases where we need to refer to them by | |
1175 | * type name. | |
1176 | * This only covers key types that are represented with i2d_{TYPE}PrivateKey, | |
1177 | * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters. | |
1178 | */ | |
c319b627 RL |
1179 | #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask |
1180 | #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output) | |
1181 | ||
c319b627 RL |
1182 | #define DO_DH_selection_mask DO_type_specific_params_selection_mask |
1183 | #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output) | |
1184 | ||
c319b627 RL |
1185 | #define DO_DHX_selection_mask DO_type_specific_params_selection_mask |
1186 | #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output) | |
1187 | ||
c319b627 RL |
1188 | #define DO_DSA_selection_mask DO_type_specific_selection_mask |
1189 | #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output) | |
1190 | ||
2d495192 RL |
1191 | #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask |
1192 | #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output) | |
c319b627 | 1193 | |
2d495192 RL |
1194 | #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask |
1195 | #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output) | |
f2db0528 | 1196 | |
c319b627 | 1197 | /* PKCS#1 defines a structure for RSA private and public keys */ |
c319b627 RL |
1198 | #define DO_PKCS1_selection_mask DO_RSA_selection_mask |
1199 | #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output) | |
1200 | ||
1201 | /* PKCS#3 defines a structure for DH parameters */ | |
c319b627 RL |
1202 | #define DO_PKCS3_selection_mask DO_DH_selection_mask |
1203 | #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output) | |
1204 | /* X9.42 defines a structure for DHx parameters */ | |
c319b627 RL |
1205 | #define DO_X9_42_selection_mask DO_DHX_selection_mask |
1206 | #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output) | |
1207 | ||
1208 | /* X9.62 defines a structure for EC keys and parameters */ | |
c319b627 RL |
1209 | #define DO_X9_62_selection_mask DO_EC_selection_mask |
1210 | #define DO_X9_62(impl, type, output) DO_EC(impl, type, output) | |
8ae40cf5 | 1211 | |
c319b627 RL |
1212 | /* |
1213 | * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. | |
1214 | * It takes the following arguments: | |
1215 | * | |
1216 | * impl This is the key type name that's being implemented. | |
1217 | * type This is the type name for the set of functions that implement | |
1218 | * the key type. For example, ed25519, ed448, x25519 and x448 | |
1219 | * are all implemented with the exact same set of functions. | |
1220 | * evp_type The corresponding EVP_PKEY_xxx type macro for each key. | |
1221 | * Necessary because we currently use EVP_PKEY with legacy | |
1222 | * native keys internally. This will need to be refactored | |
1223 | * when that legacy support goes away. | |
1224 | * kind What kind of support to implement. These translate into | |
1225 | * the DO_##kind macros above. | |
1226 | * output The output type to implement. may be der or pem. | |
1227 | * | |
1228 | * The resulting OSSL_DISPATCH array gets the following name (expressed in | |
1229 | * C preprocessor terms) from those arguments: | |
1230 | * | |
1231 | * ossl_##impl##_to_##kind##_##output##_encoder_functions | |
1232 | */ | |
1233 | #define MAKE_ENCODER(impl, type, evp_type, kind, output) \ | |
111dc4b0 | 1234 | static OSSL_FUNC_encoder_import_object_fn \ |
c319b627 | 1235 | impl##_to_##kind##_##output##_import_object; \ |
111dc4b0 | 1236 | static OSSL_FUNC_encoder_free_object_fn \ |
c319b627 RL |
1237 | impl##_to_##kind##_##output##_free_object; \ |
1238 | static OSSL_FUNC_encoder_encode_fn \ | |
1239 | impl##_to_##kind##_##output##_encode; \ | |
111dc4b0 | 1240 | \ |
111dc4b0 | 1241 | static void * \ |
c319b627 RL |
1242 | impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ |
1243 | const OSSL_PARAM params[]) \ | |
111dc4b0 RL |
1244 | { \ |
1245 | struct key2any_ctx_st *ctx = vctx; \ | |
c319b627 | 1246 | \ |
1be63951 | 1247 | return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ |
111dc4b0 RL |
1248 | ctx->provctx, selection, params); \ |
1249 | } \ | |
c319b627 | 1250 | static void impl##_to_##kind##_##output##_free_object(void *key) \ |
111dc4b0 | 1251 | { \ |
1be63951 | 1252 | ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ |
111dc4b0 | 1253 | } \ |
c319b627 RL |
1254 | static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ |
1255 | int selection) \ | |
1256 | { \ | |
1257 | return key2any_check_selection(selection, \ | |
1258 | DO_##kind##_selection_mask); \ | |
1259 | } \ | |
111dc4b0 | 1260 | static int \ |
c319b627 RL |
1261 | impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ |
1262 | const void *key, \ | |
1263 | const OSSL_PARAM key_abstract[], \ | |
1264 | int selection, \ | |
1265 | OSSL_PASSPHRASE_CALLBACK *cb, \ | |
1266 | void *cbarg) \ | |
111dc4b0 RL |
1267 | { \ |
1268 | /* We don't deal with abstract objects */ \ | |
1269 | if (key_abstract != NULL) { \ | |
1270 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ | |
1271 | return 0; \ | |
1272 | } \ | |
c319b627 | 1273 | DO_##kind(impl, type, output) \ |
111dc4b0 RL |
1274 | \ |
1275 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ | |
1276 | return 0; \ | |
1277 | } \ | |
c319b627 RL |
1278 | const OSSL_DISPATCH \ |
1279 | ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \ | |
111dc4b0 RL |
1280 | { OSSL_FUNC_ENCODER_NEWCTX, \ |
1281 | (void (*)(void))key2any_newctx }, \ | |
1282 | { OSSL_FUNC_ENCODER_FREECTX, \ | |
1283 | (void (*)(void))key2any_freectx }, \ | |
111dc4b0 RL |
1284 | { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ |
1285 | (void (*)(void))key2any_settable_ctx_params }, \ | |
1286 | { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ | |
1287 | (void (*)(void))key2any_set_ctx_params }, \ | |
c319b627 RL |
1288 | { OSSL_FUNC_ENCODER_DOES_SELECTION, \ |
1289 | (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ | |
111dc4b0 | 1290 | { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ |
c319b627 | 1291 | (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ |
111dc4b0 | 1292 | { OSSL_FUNC_ENCODER_FREE_OBJECT, \ |
c319b627 | 1293 | (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ |
111dc4b0 | 1294 | { OSSL_FUNC_ENCODER_ENCODE, \ |
c319b627 | 1295 | (void (*)(void))impl##_to_##kind##_##output##_encode }, \ |
111dc4b0 | 1296 | { 0, NULL } \ |
8ae40cf5 RL |
1297 | } |
1298 | ||
c319b627 RL |
1299 | /* |
1300 | * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, | |
1301 | * i2d_{TYPE}params, as they exist. | |
1302 | */ | |
1303 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der); | |
8ae40cf5 | 1304 | #ifndef OPENSSL_NO_DH |
c319b627 RL |
1305 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der); |
1306 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der); | |
8ae40cf5 RL |
1307 | #endif |
1308 | #ifndef OPENSSL_NO_DSA | |
c319b627 RL |
1309 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der); |
1310 | #endif | |
1311 | #ifndef OPENSSL_NO_EC | |
1312 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der); | |
f2db0528 RL |
1313 | # ifndef OPENSSL_NO_SM2 |
1314 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der); | |
1315 | # endif | |
c319b627 RL |
1316 | #endif |
1317 | ||
1318 | /* | |
1319 | * Replacements for PEM_write_bio_{TYPE}PrivateKey, | |
1320 | * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist. | |
1321 | */ | |
1322 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem); | |
1323 | #ifndef OPENSSL_NO_DH | |
1324 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem); | |
1325 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem); | |
1326 | #endif | |
1327 | #ifndef OPENSSL_NO_DSA | |
1328 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem); | |
1329 | #endif | |
1330 | #ifndef OPENSSL_NO_EC | |
1331 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem); | |
f2db0528 RL |
1332 | # ifndef OPENSSL_NO_SM2 |
1333 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); | |
1334 | # endif | |
c319b627 RL |
1335 | #endif |
1336 | ||
1337 | /* | |
1338 | * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the | |
1339 | * implementations specified above, but are more specific. | |
1340 | * The SubjectPublicKeyInfo implementations also replace the | |
1341 | * PEM_write_bio_{TYPE}_PUBKEY functions. | |
1342 | * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), | |
1343 | * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). | |
1344 | */ | |
0195cdd2 RL |
1345 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der); |
1346 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1347 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); |
1348 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); | |
c319b627 RL |
1349 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); |
1350 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); | |
0195cdd2 RL |
1351 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der); |
1352 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1353 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); |
1354 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); | |
c319b627 RL |
1355 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); |
1356 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); | |
1357 | #ifndef OPENSSL_NO_DH | |
0195cdd2 RL |
1358 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der); |
1359 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1360 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); |
1361 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); | |
c319b627 RL |
1362 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); |
1363 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); | |
0195cdd2 RL |
1364 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der); |
1365 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1366 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); |
1367 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); | |
c319b627 RL |
1368 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); |
1369 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); | |
1370 | #endif | |
1371 | #ifndef OPENSSL_NO_DSA | |
0195cdd2 RL |
1372 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der); |
1373 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1374 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); |
1375 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); | |
c319b627 RL |
1376 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); |
1377 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); | |
1378 | #endif | |
1379 | #ifndef OPENSSL_NO_EC | |
0195cdd2 RL |
1380 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); |
1381 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1382 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); |
1383 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); | |
c319b627 RL |
1384 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); |
1385 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); | |
f2db0528 | 1386 | # ifndef OPENSSL_NO_SM2 |
0195cdd2 RL |
1387 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); |
1388 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1389 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); |
1390 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); | |
f2db0528 RL |
1391 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); |
1392 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); | |
1393 | # endif | |
0195cdd2 RL |
1394 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); |
1395 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1396 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); |
1397 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); | |
c319b627 RL |
1398 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); |
1399 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); | |
0195cdd2 RL |
1400 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); |
1401 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1402 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); |
1403 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); | |
c319b627 RL |
1404 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); |
1405 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); | |
0195cdd2 RL |
1406 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der); |
1407 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1408 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); |
1409 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); | |
c319b627 RL |
1410 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); |
1411 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); | |
0195cdd2 RL |
1412 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); |
1413 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); | |
6a2b8ff3 RL |
1414 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); |
1415 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); | |
c319b627 RL |
1416 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); |
1417 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); | |
1418 | #endif | |
1419 | ||
1420 | /* | |
1421 | * Support for key type specific output formats. Not all key types have | |
1422 | * this, we only aim to duplicate what is available in 1.1.1 as | |
1423 | * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams(). | |
1424 | * For example, there are no publicly available i2d_ function for | |
1425 | * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8 | |
1426 | * and SubjectPublicKeyInfo implementations as implemented above. | |
1427 | */ | |
1428 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der); | |
1429 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem); | |
1430 | #ifndef OPENSSL_NO_DH | |
1431 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der); | |
1432 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem); | |
1433 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der); | |
1434 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem); | |
1435 | #endif | |
1436 | #ifndef OPENSSL_NO_DSA | |
1437 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der); | |
1438 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem); | |
1439 | #endif | |
1440 | #ifndef OPENSSL_NO_EC | |
1441 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der); | |
1442 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem); | |
f2db0528 RL |
1443 | # ifndef OPENSSL_NO_SM2 |
1444 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der); | |
1445 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem); | |
1446 | # endif | |
c319b627 RL |
1447 | #endif |
1448 | ||
1449 | /* Convenience structure names */ | |
1450 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der); | |
1451 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem); | |
1452 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der); | |
1453 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem); | |
1454 | #ifndef OPENSSL_NO_DH | |
1455 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */ | |
1456 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */ | |
1457 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */ | |
1458 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */ | |
8ae40cf5 RL |
1459 | #endif |
1460 | #ifndef OPENSSL_NO_EC | |
c319b627 RL |
1461 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der); |
1462 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem); | |
8ae40cf5 | 1463 | #endif |