]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/implementations/encode_decode/decode_der2key.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update copyright year
[thirdparty/openssl.git] / providers / implementations / encode_decode / decode_der2key.c
CommitLineData
7c664b1f 1/*
a28d06f3 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
7c664b1f
RL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
16#include <openssl/core_dispatch.h>
17#include <openssl/core_names.h>
14c8a3d1 18#include <openssl/core_object.h>
7c664b1f 19#include <openssl/crypto.h>
8ae40cf5 20#include <openssl/err.h>
7c664b1f 21#include <openssl/params.h>
8ae40cf5
RL		 22#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23#include <openssl/pkcs12.h>
7c664b1f 24#include <openssl/x509.h>
2741128e 25#include <openssl/proverr.h>
8ae40cf5
RL		 26#include "internal/cryptlib.h" /* ossl_assert() */
27#include "internal/asn1.h"
6963979f
RL		 28#include "crypto/dh.h"
29#include "crypto/dsa.h"
30#include "crypto/ec.h"
8ae40cf5 31#include "crypto/ecx.h"
6963979f 32#include "crypto/rsa.h"
7c664b1f
RL		 33#include "prov/bio.h"
34#include "prov/implementations.h"
8ae40cf5 35#include "endecoder_local.h"
7c664b1f 36
66066e1b
DDO		 37#define SET_ERR_MARK() ERR_set_mark()
38#define CLEAR_ERR_MARK() \
39 do { \
40 int err = ERR_peek_last_error(); \
41 \
42 if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
43 && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \
44 || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \
45 || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \
46 ERR_pop_to_mark(); \
47 else \
48 ERR_clear_last_mark(); \
49 } while(0)
50#define RESET_ERR_MARK() \
51 do { \
52 CLEAR_ERR_MARK(); \
53 SET_ERR_MARK(); \
54 } while(0)
55
8ae40cf5
RL		 56static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
57 unsigned char **data, long *len)
58{
59 BUF_MEM *mem = NULL;
60 BIO *in = bio_new_from_core_bio(provctx, cin);
61 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
62
63 if (ok) {
64 *data = (unsigned char *)mem->data;
65 *len = (long)mem->length;
66 OPENSSL_free(mem);
67 }
68 BIO_free(in);
69 return ok;
70}
71
72static int der_from_p8(unsigned char **new_der, long *new_der_len,
73 unsigned char *input_der, long input_der_len,
74 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
75{
76 const unsigned char *derp;
77 X509_SIG *p8 = NULL;
78 int ok = 0;
79
80 if (!ossl_assert(new_der != NULL && *new_der == NULL)
81 || !ossl_assert(new_der_len != NULL))
82 return 0;
83
84 derp = input_der;
85 if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) {
86 char pbuf[PEM_BUFSIZE];
87 size_t plen = 0;
88
89 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
f5f29796 90 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
8ae40cf5
RL		 91 } else {
92 const X509_ALGOR *alg = NULL;
93 const ASN1_OCTET_STRING *oct = NULL;
94 int len = 0;
95
96 X509_SIG_get0(p8, &alg, &oct);
97 if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length,
98 new_der, &len, 0) != NULL)
99 ok = 1;
100 *new_der_len = len;
101 }
102 }
103 X509_SIG_free(p8);
104 return ok;
105}
106
107/* ---------------------------------------------------------------------- */
7c664b1f 108
ece9304c 109static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
ece9304c
RL		 110static OSSL_FUNC_decoder_decode_fn der2key_decode;
111static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
7c664b1f 112
6963979f 113struct der2key_ctx_st; /* Forward declaration */
7c664b1f 114typedef void *(extract_key_fn)(EVP_PKEY *);
6963979f 115typedef void (adjust_key_fn)(void *, struct der2key_ctx_st *ctx);
7c664b1f
RL		 116typedef void (free_key_fn)(void *);
117struct keytype_desc_st {
2c090c1d 118 const char *keytype_name;
7c664b1f
RL		 119 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
120
2c090c1d
RL		 121 /* The input structure name */
122 const char *structure_name;
123
124 /*
125 * The EVP_PKEY_xxx type macro. Should be zero for type specific
126 * structures, non-zero when the outermost structure is PKCS#8 or
127 * SubjectPublicKeyInfo. This determines which of the function
128 * pointers below will be used.
129 */
130 int evp_type;
131
132 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
133 int selection_mask;
134
135 /* For type specific decoders, we use the corresponding d2i */
136 d2i_of_void *d2i_private_key;
137 d2i_of_void *d2i_public_key;
138 d2i_of_void *d2i_key_params;
6963979f 139
7c664b1f 140 /*
2c090c1d 141 * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}()
7c664b1f
RL		 142 */
143 extract_key_fn *extract_key;
6963979f
RL		 144 /*
145 * For any key, we may need to make provider specific adjustments, such
146 * as ensure the key carries the correct library context.
147 */
148 adjust_key_fn *adjust_key;
2c090c1d 149 /* {type}_free() */
7c664b1f
RL		 150 free_key_fn *free_key;
151};
152
153/*
ece9304c 154 * Context used for DER to key decoding.
7c664b1f
RL		 155 */
156struct der2key_ctx_st {
157 PROV_CTX *provctx;
158 const struct keytype_desc_st *desc;
159};
160
161static struct der2key_ctx_st *
162der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
163{
164 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
165
166 if (ctx != NULL) {
167 ctx->provctx = provctx;
168 ctx->desc = desc;
169 }
170 return ctx;
171}
172
173static void der2key_freectx(void *vctx)
174{
175 struct der2key_ctx_st *ctx = vctx;
176
177 OPENSSL_free(ctx);
178}
179
2c090c1d
RL		 180static const OSSL_PARAM *
181der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
7c664b1f
RL		 182{
183 static const OSSL_PARAM gettables[] = {
ece9304c 184 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
7c664b1f
RL		 185 OSSL_PARAM_END,
186 };
2c090c1d
RL		 187 static const OSSL_PARAM gettables_w_structure[] = {
188 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
189 { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
190 OSSL_PARAM_END,
191 };
7c664b1f 192
2c090c1d 193 return desc->structure_name != NULL ? gettables_w_structure : gettables;
7c664b1f
RL		 194}
195
2c090c1d
RL		 196static int der2key_get_params(OSSL_PARAM params[],
197 const struct keytype_desc_st *desc)
7c664b1f
RL		 198{
199 OSSL_PARAM *p;
200
ece9304c 201 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
7c664b1f
RL		 202 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
203 return 0;
2c090c1d
RL		 204 if (desc->structure_name != NULL) {
205 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
206 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
207 return 0;
208 }
7c664b1f
RL		 209
210 return 1;
211}
212
2c090c1d
RL		 213static int der2key_check_selection(int selection,
214 const struct keytype_desc_st *desc)
215{
216 /*
217 * The selections are kinda sorta "levels", i.e. each selection given
218 * here is assumed to include those following.
219 */
220 int checks[] = {
221 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
222 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
223 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
224 };
225 size_t i;
226
227 /* The decoder implementations made here support guessing */
228 if (selection == 0)
229 return 1;
230
231 for (i = 0; i < OSSL_NELEM(checks); i++) {
232 int check1 = (selection & checks[i]) != 0;
233 int check2 = (desc->selection_mask & checks[i]) != 0;
234
235 /*
236 * If the caller asked for the currently checked bit(s), return
237 * whether the decoder description says it's supported.
238 */
239 if (check1)
240 return check2;
241 }
242
243 /* This should be dead code, but just to be safe... */
244 return 0;
245}
246
247static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
ece9304c
RL		 248 OSSL_CALLBACK *data_cb, void *data_cbarg,
249 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
7c664b1f
RL		 250{
251 struct der2key_ctx_st *ctx = vctx;
a829b735 252 void *libctx = PROV_LIBCTX_OF(ctx->provctx);
7c664b1f
RL		 253 unsigned char *der = NULL;
254 const unsigned char *derp;
255 long der_len = 0;
256 unsigned char *new_der = NULL;
257 long new_der_len;
258 EVP_PKEY *pkey = NULL;
259 void *key = NULL;
2c090c1d 260 int orig_selection = selection;
66066e1b 261 int ok = 0;
7c664b1f 262
7c664b1f 263 /*
2c090c1d
RL		 264 * The caller is allowed to specify 0 as a selection mark, to have the
265 * structure and key type guessed. For type-specific structures, this
266 * is not recommended, as some structures are very similar.
267 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
268 * signifies a private key structure, where everything else is assumed
269 * to be present as well.
7c664b1f 270 */
2c090c1d
RL		 271 if (selection == 0)
272 selection = ctx->desc->selection_mask;
273 if ((selection & ctx->desc->selection_mask) == 0) {
274 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
275 return 0;
7c664b1f
RL		 276 }
277
2c090c1d
RL		 278 SET_ERR_MARK();
279 if (!read_der(ctx->provctx, cin, &der, &der_len))
280 goto end;
7c664b1f 281
2c090c1d
RL		 282 if (ctx->desc->extract_key == NULL) {
283 /*
284 * There's no EVP_PKEY extractor, so we use the type specific
285 * functions.
286 */
b5b6669f 287 derp = der;
2c090c1d
RL		 288 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
289 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
290 if (key == NULL && orig_selection != 0)
291 goto end;
292 }
293 if (key == NULL
294 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
295 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
296 if (key == NULL && orig_selection != 0)
297 goto end;
298 }
299 if (key == NULL
300 && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
301 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
302 }
303 } else {
7c664b1f 304 /*
2c090c1d
RL		 305 * There is a EVP_PKEY extractor, so we use the more generic
306 * EVP_PKEY functions, since they know how to unpack PKCS#8 and
307 * SubjectPublicKeyInfo.
7c664b1f 308 */
7c664b1f
RL		 309
310 /*
2c090c1d
RL		 311 * Opportunistic attempt to decrypt. If it doesn't work, we try
312 * to decode our input unencrypted.
7c664b1f 313 */
2c090c1d
RL		 314 if (der_from_p8(&new_der, &new_der_len, der, der_len,
315 pw_cb, pw_cbarg)) {
316 OPENSSL_free(der);
317 der = new_der;
318 der_len = new_der_len;
319 }
320 RESET_ERR_MARK();
321
322 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
323 derp = der;
324 pkey = d2i_PrivateKey_ex(ctx->desc->evp_type, NULL, &derp, der_len,
325 libctx, NULL);
326 }
327
328 if (pkey == NULL
329 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
330 RESET_ERR_MARK();
331 derp = der;
332 pkey = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, NULL);
333 }
334
335 if (pkey != NULL) {
336 /*
337 * Tear out the low-level key pointer from the pkey,
338 * but only if it matches the expected key type.
339 *
340 * TODO: The check should be done with EVP_PKEY_is_a(), but
341 * as long as we still have #legacy internal keys, it's safer
342 * to use the type numbers inside the provider.
343 */
344 if (EVP_PKEY_id(pkey) == ctx->desc->evp_type)
345 key = ctx->desc->extract_key(pkey);
346
347 /*
348 * ctx->desc->extract_key() is expected to have incremented
349 * |key|'s reference count, so it should be safe to free |pkey|
350 * now.
351 */
352 EVP_PKEY_free(pkey);
353 }
7c664b1f
RL		 354 }
355
6963979f
RL		 356 if (key != NULL && ctx->desc->adjust_key != NULL)
357 ctx->desc->adjust_key(key, ctx);
358
2c090c1d
RL		 359 end:
360 /*
361 * Prune low-level ASN.1 parse errors from error queue, assuming
362 * that this is called by decoder_process() in a loop trying several
363 * formats.
364 */
365 CLEAR_ERR_MARK();
366
7c664b1f
RL		 367 OPENSSL_free(der);
368
369 if (key != NULL) {
14c8a3d1
RL		 370 OSSL_PARAM params[4];
371 int object_type = OSSL_OBJECT_PKEY;
7c664b1f
RL		 372
373 params[0] =
14c8a3d1
RL		 374 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
375 params[1] =
376 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
2c090c1d
RL		 377 (char *)ctx->desc->keytype_name,
378 0);
7c664b1f 379 /* The address of the key becomes the octet string */
14c8a3d1
RL		 380 params[2] =
381 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
7c664b1f 382 &key, sizeof(key));
14c8a3d1 383 params[3] = OSSL_PARAM_construct_end();
7c664b1f
RL		 384
385 ok = data_cb(params, data_cbarg);
386 }
387 ctx->desc->free_key(key);
388
389 return ok;
390}
391
392static int der2key_export_object(void *vctx,
393 const void *reference, size_t reference_sz,
394 OSSL_CALLBACK *export_cb, void *export_cbarg)
395{
396 struct der2key_ctx_st *ctx = vctx;
397 OSSL_FUNC_keymgmt_export_fn *export =
398 ossl_prov_get_keymgmt_export(ctx->desc->fns);
399 void *keydata;
400
401 if (reference_sz == sizeof(keydata) && export != NULL) {
402 /* The contents of the reference is the address to our object */
403 keydata = *(void **)reference;
404
405 return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
406 export_cb, export_cbarg);
407 }
408 return 0;
409}
410
2c090c1d
RL		 411/* ---------------------------------------------------------------------- */
412
413#ifndef OPENSSL_NO_DH
414# define dh_evp_type EVP_PKEY_DH
415# define dh_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
416# define dh_d2i_private_key NULL
417# define dh_d2i_public_key NULL
418# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
419# define dh_free (free_key_fn *)DH_free
420
6963979f
RL		 421static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
422{
423 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
424}
425
2c090c1d
RL		 426# define dhx_evp_type EVP_PKEY_DHX
427# define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
428# define dhx_d2i_private_key NULL
429# define dhx_d2i_public_key NULL
430# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
431# define dhx_free (free_key_fn *)DH_free
6963979f 432# define dhx_adjust dh_adjust
2c090c1d
RL		 433#endif
434
435/* ---------------------------------------------------------------------- */
436
437#ifndef OPENSSL_NO_DSA
438# define dsa_evp_type EVP_PKEY_DSA
439# define dsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_DSA
440# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
441# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
442# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
443# define dsa_free (free_key_fn *)DSA_free
6963979f
RL		 444
445static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
446{
447 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
448}
2c090c1d
RL		 449#endif
450
451/* ---------------------------------------------------------------------- */
452
453#ifndef OPENSSL_NO_EC
454# define ec_evp_type EVP_PKEY_EC
455# define ec_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
456# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
457# define ec_d2i_public_key NULL
458# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
459# define ec_free (free_key_fn *)EC_KEY_free
460
6963979f
RL		 461static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
462{
463 ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
464}
465
2c090c1d
RL		 466/*
467 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
468 * so no d2i functions to be had.
469 */
6963979f
RL		 470
471static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
472{
473 ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
474}
475
2c090c1d
RL		 476# define ed25519_evp_type EVP_PKEY_ED25519
477# define ed25519_evp_extract (extract_key_fn *)evp_pkey_get1_ED25519
478# define ed25519_d2i_private_key NULL
479# define ed25519_d2i_public_key NULL
480# define ed25519_d2i_key_params NULL
481# define ed25519_free (free_key_fn *)ecx_key_free
6963979f 482# define ed25519_adjust ecx_key_adjust
2c090c1d
RL		 483
484# define ed448_evp_type EVP_PKEY_ED448
485# define ed448_evp_extract (extract_key_fn *)evp_pkey_get1_ED448
486# define ed448_d2i_private_key NULL
487# define ed448_d2i_public_key NULL
488# define ed448_d2i_key_params NULL
489# define ed448_free (free_key_fn *)ecx_key_free
6963979f 490# define ed448_adjust ecx_key_adjust
2c090c1d
RL		 491
492# define x25519_evp_type EVP_PKEY_X25519
493# define x25519_evp_extract (extract_key_fn *)evp_pkey_get1_X25519
494# define x25519_d2i_private_key NULL
495# define x25519_d2i_public_key NULL
496# define x25519_d2i_key_params NULL
497# define x25519_free (free_key_fn *)ecx_key_free
6963979f 498# define x25519_adjust ecx_key_adjust
2c090c1d
RL		 499
500# define x448_evp_type EVP_PKEY_X448
501# define x448_evp_extract (extract_key_fn *)evp_pkey_get1_X448
502# define x448_d2i_private_key NULL
503# define x448_d2i_public_key NULL
504# define x448_d2i_key_params NULL
505# define x448_free (free_key_fn *)ecx_key_free
6963979f 506# define x448_adjust ecx_key_adjust
f2db0528
RL		 507
508# ifndef OPENSSL_NO_SM2
509# define sm2_evp_type EVP_PKEY_SM2
510# define sm2_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
511# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
512# define sm2_d2i_public_key NULL
513# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
514# define sm2_free (free_key_fn *)EC_KEY_free
515# define sm2_adjust ec_adjust
516# endif
2c090c1d
RL		 517#endif
518
519/* ---------------------------------------------------------------------- */
520
521#define rsa_evp_type EVP_PKEY_RSA
522#define rsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
523#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
524#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
525#define rsa_d2i_key_params NULL
526#define rsa_free (free_key_fn *)RSA_free
527
6963979f
RL		 528static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
529{
530 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
531}
532
2c090c1d
RL		 533#define rsapss_evp_type EVP_PKEY_RSA_PSS
534#define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
535#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
536#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
537#define rsapss_d2i_key_params NULL
538#define rsapss_free (free_key_fn *)RSA_free
6963979f 539#define rsapss_adjust rsa_adjust
2c090c1d
RL		 540
541/* ---------------------------------------------------------------------- */
542
543/*
544 * The DO_ macros help define the selection mask and the method functions
545 * for each kind of object we want to decode.
546 */
547#define DO_type_specific_keypair(keytype) \
548 "type-specific", 0, \
549 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
550 keytype##_d2i_private_key, \
551 keytype##_d2i_public_key, \
552 NULL, \
553 NULL, \
6963979f 554 keytype##_adjust, \
2c090c1d
RL		 555 keytype##_free
556
557#define DO_type_specific_pub(keytype) \
558 "type-specific", 0, \
559 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
560 NULL, \
561 keytype##_d2i_public_key, \
562 NULL, \
563 NULL, \
6963979f 564 keytype##_adjust, \
2c090c1d
RL		 565 keytype##_free
566
567#define DO_type_specific_priv(keytype) \
568 "type-specific", 0, \
569 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
570 keytype##_d2i_private_key, \
571 NULL, \
572 NULL, \
573 NULL, \
6963979f 574 keytype##_adjust, \
2c090c1d
RL		 575 keytype##_free
576
577#define DO_type_specific_params(keytype) \
578 "type-specific", 0, \
579 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
580 NULL, \
581 NULL, \
582 keytype##_d2i_key_params, \
583 NULL, \
6963979f 584 keytype##_adjust, \
2c090c1d
RL		 585 keytype##_free
586
587#define DO_type_specific(keytype) \
588 "type-specific", 0, \
589 ( OSSL_KEYMGMT_SELECT_ALL ), \
590 keytype##_d2i_private_key, \
591 keytype##_d2i_public_key, \
592 keytype##_d2i_key_params, \
593 NULL, \
6963979f 594 keytype##_adjust, \
2c090c1d
RL		 595 keytype##_free
596
597#define DO_type_specific_no_pub(keytype) \
598 "type-specific", 0, \
599 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
600 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
601 keytype##_d2i_private_key, \
602 NULL, \
603 keytype##_d2i_key_params, \
604 NULL, \
6963979f 605 keytype##_adjust, \
2c090c1d
RL		 606 keytype##_free
607
608#define DO_PKCS8(keytype) \
609 "pkcs8", keytype##_evp_type, \
610 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
611 NULL, \
612 NULL, \
613 NULL, \
614 keytype##_evp_extract, \
6963979f 615 keytype##_adjust, \
2c090c1d
RL		 616 keytype##_free
617
618#define DO_SubjectPublicKeyInfo(keytype) \
619 "SubjectPublicKeyInfo", keytype##_evp_type, \
620 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
621 NULL, \
622 NULL, \
623 NULL, \
624 keytype##_evp_extract, \
6963979f 625 keytype##_adjust, \
2c090c1d
RL		 626 keytype##_free
627
628#define DO_DH(keytype) \
629 "DH", 0, \
630 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
631 NULL, \
632 NULL, \
633 keytype##_d2i_key_params, \
634 NULL, \
6963979f 635 keytype##_adjust, \
2c090c1d
RL		 636 keytype##_free
637
638#define DO_DHX(keytype) \
639 "DHX", 0, \
640 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
641 NULL, \
642 NULL, \
643 keytype##_d2i_key_params, \
644 NULL, \
6963979f 645 keytype##_adjust, \
2c090c1d
RL		 646 keytype##_free
647
648#define DO_DSA(keytype) \
649 "DSA", 0, \
650 ( OSSL_KEYMGMT_SELECT_ALL ), \
651 keytype##_d2i_private_key, \
652 keytype##_d2i_public_key, \
653 keytype##_d2i_key_params, \
654 NULL, \
6963979f 655 keytype##_adjust, \
2c090c1d
RL		 656 keytype##_free
657
658#define DO_EC(keytype) \
659 "EC", 0, \
660 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
661 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
662 keytype##_d2i_private_key, \
663 NULL, \
664 keytype##_d2i_key_params, \
665 NULL, \
6963979f 666 keytype##_adjust, \
2c090c1d
RL		 667 keytype##_free
668
669#define DO_RSA(keytype) \
670 "RSA", 0, \
671 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
672 keytype##_d2i_private_key, \
673 keytype##_d2i_public_key, \
674 NULL, \
675 NULL, \
6963979f 676 keytype##_adjust, \
2c090c1d
RL		 677 keytype##_free
678
679/*
680 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
681 * It takes the following arguments:
682 *
683 * keytype_name The implementation key type as a string.
684 * keytype The implementation key type. This must correspond exactly
685 * to our existing keymgmt keytype names... in other words,
686 * there must exist an ossl_##keytype##_keymgmt_functions.
687 * type The type name for the set of functions that implement the
688 * decoder for the key type. This isn't necessarily the same
689 * as keytype. For example, the key types ed25519, ed448,
690 * x25519 and x448 are all handled by the same functions with
691 * the common type name ecx.
692 * kind The kind of support to implement. This translates into
693 * the DO_##kind macros above, to populate the keytype_desc_st
694 * structure.
695 */
696#define MAKE_DECODER(keytype_name, keytype, type, kind) \
697 static const struct keytype_desc_st kind##_##keytype##_desc = \
698 { keytype_name, ossl_##keytype##_keymgmt_functions, \
699 DO_##kind(keytype) }; \
700 \
701 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
702 static OSSL_FUNC_decoder_gettable_params_fn \
703 kind##_der2##keytype##_gettable_params; \
704 static OSSL_FUNC_decoder_get_params_fn \
705 kind##_der2##keytype##_get_params; \
706 \
707 static void *kind##_der2##keytype##_newctx(void *provctx) \
708 { \
709 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
710 } \
711 static const OSSL_PARAM * \
712 kind##_der2##keytype##_gettable_params(void *provctx) \
713 { \
714 return \
715 der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
716 } \
717 static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
718 { \
719 return der2key_get_params(params, &kind##_##keytype##_desc); \
720 } \
721 static int kind##_der2##keytype##_does_selection(void *provctx, \
722 int selection) \
7c664b1f 723 { \
2c090c1d
RL		 724 return der2key_check_selection(selection, \
725 &kind##_##keytype##_desc); \
7c664b1f 726 } \
2c090c1d
RL		 727 const OSSL_DISPATCH \
728 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
ece9304c 729 { OSSL_FUNC_DECODER_NEWCTX, \
2c090c1d 730 (void (*)(void))kind##_der2##keytype##_newctx }, \
ece9304c 731 { OSSL_FUNC_DECODER_FREECTX, \
7c664b1f 732 (void (*)(void))der2key_freectx }, \
ece9304c 733 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
2c090c1d 734 (void (*)(void))kind##_der2##keytype##_gettable_params }, \
ece9304c 735 { OSSL_FUNC_DECODER_GET_PARAMS, \
2c090c1d
RL		 736 (void (*)(void))kind##_der2##keytype##_get_params }, \
737 { OSSL_FUNC_DECODER_DOES_SELECTION, \
738 (void (*)(void))kind##_der2##keytype##_does_selection }, \
ece9304c
RL		 739 { OSSL_FUNC_DECODER_DECODE, \
740 (void (*)(void))der2key_decode }, \
741 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
7c664b1f
RL		 742 (void (*)(void))der2key_export_object }, \
743 { 0, NULL } \
744 }
745
746#ifndef OPENSSL_NO_DH
2c090c1d
RL		 747MAKE_DECODER("DH", dh, dh, PKCS8);
748MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
749MAKE_DECODER("DH", dh, dh, type_specific_params);
750MAKE_DECODER("DH", dh, dh, DH);
751MAKE_DECODER("DHX", dhx, dhx, PKCS8);
752MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
753MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
754MAKE_DECODER("DHX", dhx, dhx, DHX);
7c664b1f
RL		 755#endif
756#ifndef OPENSSL_NO_DSA
2c090c1d
RL		 757MAKE_DECODER("DSA", dsa, dsa, PKCS8);
758MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
759MAKE_DECODER("DSA", dsa, dsa, type_specific);
760MAKE_DECODER("DSA", dsa, dsa, DSA);
7c664b1f
RL		 761#endif
762#ifndef OPENSSL_NO_EC
2c090c1d
RL		 763MAKE_DECODER("EC", ec, ec, PKCS8);
764MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
765MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
766MAKE_DECODER("EC", ec, ec, EC);
767MAKE_DECODER("X25519", x25519, ecx, PKCS8);
768MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
769MAKE_DECODER("X448", x448, ecx, PKCS8);
770MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
771MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
772MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
773MAKE_DECODER("ED448", ed448, ecx, PKCS8);
774MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
f2db0528
RL		 775# ifndef OPENSSL_NO_SM2
776MAKE_DECODER("SM2", sm2, ec, PKCS8);
777MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
778# endif
7c664b1f 779#endif
2c090c1d
RL		 780MAKE_DECODER("RSA", rsa, rsa, PKCS8);
781MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
782MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
783MAKE_DECODER("RSA", rsa, rsa, RSA);
784MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
785MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
A mirror of the official openssl repository