]>
Commit | Line | Data |
---|---|---|
7c664b1f | 1 | /* |
a28d06f3 | 2 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
7c664b1f RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
16 | #include <openssl/core_dispatch.h> | |
17 | #include <openssl/core_names.h> | |
14c8a3d1 | 18 | #include <openssl/core_object.h> |
7c664b1f | 19 | #include <openssl/crypto.h> |
8ae40cf5 | 20 | #include <openssl/err.h> |
7c664b1f | 21 | #include <openssl/params.h> |
8ae40cf5 RL |
22 | #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */ |
23 | #include <openssl/pkcs12.h> | |
7c664b1f | 24 | #include <openssl/x509.h> |
2741128e | 25 | #include <openssl/proverr.h> |
8ae40cf5 RL |
26 | #include "internal/cryptlib.h" /* ossl_assert() */ |
27 | #include "internal/asn1.h" | |
6963979f RL |
28 | #include "crypto/dh.h" |
29 | #include "crypto/dsa.h" | |
30 | #include "crypto/ec.h" | |
8ae40cf5 | 31 | #include "crypto/ecx.h" |
6963979f | 32 | #include "crypto/rsa.h" |
7c664b1f RL |
33 | #include "prov/bio.h" |
34 | #include "prov/implementations.h" | |
8ae40cf5 | 35 | #include "endecoder_local.h" |
7c664b1f | 36 | |
66066e1b DDO |
37 | #define SET_ERR_MARK() ERR_set_mark() |
38 | #define CLEAR_ERR_MARK() \ | |
39 | do { \ | |
40 | int err = ERR_peek_last_error(); \ | |
41 | \ | |
42 | if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \ | |
43 | && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \ | |
44 | || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \ | |
45 | || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \ | |
46 | ERR_pop_to_mark(); \ | |
47 | else \ | |
48 | ERR_clear_last_mark(); \ | |
49 | } while(0) | |
50 | #define RESET_ERR_MARK() \ | |
51 | do { \ | |
52 | CLEAR_ERR_MARK(); \ | |
53 | SET_ERR_MARK(); \ | |
54 | } while(0) | |
55 | ||
8ae40cf5 RL |
56 | static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, |
57 | unsigned char **data, long *len) | |
58 | { | |
59 | BUF_MEM *mem = NULL; | |
60 | BIO *in = bio_new_from_core_bio(provctx, cin); | |
61 | int ok = (asn1_d2i_read_bio(in, &mem) >= 0); | |
62 | ||
63 | if (ok) { | |
64 | *data = (unsigned char *)mem->data; | |
65 | *len = (long)mem->length; | |
66 | OPENSSL_free(mem); | |
67 | } | |
68 | BIO_free(in); | |
69 | return ok; | |
70 | } | |
71 | ||
72 | static int der_from_p8(unsigned char **new_der, long *new_der_len, | |
73 | unsigned char *input_der, long input_der_len, | |
74 | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) | |
75 | { | |
76 | const unsigned char *derp; | |
77 | X509_SIG *p8 = NULL; | |
78 | int ok = 0; | |
79 | ||
80 | if (!ossl_assert(new_der != NULL && *new_der == NULL) | |
81 | || !ossl_assert(new_der_len != NULL)) | |
82 | return 0; | |
83 | ||
84 | derp = input_der; | |
85 | if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) { | |
86 | char pbuf[PEM_BUFSIZE]; | |
87 | size_t plen = 0; | |
88 | ||
89 | if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { | |
f5f29796 | 90 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); |
8ae40cf5 RL |
91 | } else { |
92 | const X509_ALGOR *alg = NULL; | |
93 | const ASN1_OCTET_STRING *oct = NULL; | |
94 | int len = 0; | |
95 | ||
96 | X509_SIG_get0(p8, &alg, &oct); | |
97 | if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length, | |
98 | new_der, &len, 0) != NULL) | |
99 | ok = 1; | |
100 | *new_der_len = len; | |
101 | } | |
102 | } | |
103 | X509_SIG_free(p8); | |
104 | return ok; | |
105 | } | |
106 | ||
107 | /* ---------------------------------------------------------------------- */ | |
7c664b1f | 108 | |
ece9304c | 109 | static OSSL_FUNC_decoder_freectx_fn der2key_freectx; |
ece9304c RL |
110 | static OSSL_FUNC_decoder_decode_fn der2key_decode; |
111 | static OSSL_FUNC_decoder_export_object_fn der2key_export_object; | |
7c664b1f | 112 | |
6963979f | 113 | struct der2key_ctx_st; /* Forward declaration */ |
7c664b1f | 114 | typedef void *(extract_key_fn)(EVP_PKEY *); |
6963979f | 115 | typedef void (adjust_key_fn)(void *, struct der2key_ctx_st *ctx); |
7c664b1f RL |
116 | typedef void (free_key_fn)(void *); |
117 | struct keytype_desc_st { | |
2c090c1d | 118 | const char *keytype_name; |
7c664b1f RL |
119 | const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ |
120 | ||
2c090c1d RL |
121 | /* The input structure name */ |
122 | const char *structure_name; | |
123 | ||
124 | /* | |
125 | * The EVP_PKEY_xxx type macro. Should be zero for type specific | |
126 | * structures, non-zero when the outermost structure is PKCS#8 or | |
127 | * SubjectPublicKeyInfo. This determines which of the function | |
128 | * pointers below will be used. | |
129 | */ | |
130 | int evp_type; | |
131 | ||
132 | /* The selection mask for OSSL_FUNC_decoder_does_selection() */ | |
133 | int selection_mask; | |
134 | ||
135 | /* For type specific decoders, we use the corresponding d2i */ | |
136 | d2i_of_void *d2i_private_key; | |
137 | d2i_of_void *d2i_public_key; | |
138 | d2i_of_void *d2i_key_params; | |
6963979f | 139 | |
7c664b1f | 140 | /* |
2c090c1d | 141 | * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}() |
7c664b1f RL |
142 | */ |
143 | extract_key_fn *extract_key; | |
6963979f RL |
144 | /* |
145 | * For any key, we may need to make provider specific adjustments, such | |
146 | * as ensure the key carries the correct library context. | |
147 | */ | |
148 | adjust_key_fn *adjust_key; | |
2c090c1d | 149 | /* {type}_free() */ |
7c664b1f RL |
150 | free_key_fn *free_key; |
151 | }; | |
152 | ||
153 | /* | |
ece9304c | 154 | * Context used for DER to key decoding. |
7c664b1f RL |
155 | */ |
156 | struct der2key_ctx_st { | |
157 | PROV_CTX *provctx; | |
158 | const struct keytype_desc_st *desc; | |
159 | }; | |
160 | ||
161 | static struct der2key_ctx_st * | |
162 | der2key_newctx(void *provctx, const struct keytype_desc_st *desc) | |
163 | { | |
164 | struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
165 | ||
166 | if (ctx != NULL) { | |
167 | ctx->provctx = provctx; | |
168 | ctx->desc = desc; | |
169 | } | |
170 | return ctx; | |
171 | } | |
172 | ||
173 | static void der2key_freectx(void *vctx) | |
174 | { | |
175 | struct der2key_ctx_st *ctx = vctx; | |
176 | ||
177 | OPENSSL_free(ctx); | |
178 | } | |
179 | ||
2c090c1d RL |
180 | static const OSSL_PARAM * |
181 | der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc) | |
7c664b1f RL |
182 | { |
183 | static const OSSL_PARAM gettables[] = { | |
ece9304c | 184 | { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, |
7c664b1f RL |
185 | OSSL_PARAM_END, |
186 | }; | |
2c090c1d RL |
187 | static const OSSL_PARAM gettables_w_structure[] = { |
188 | { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, | |
189 | { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, | |
190 | OSSL_PARAM_END, | |
191 | }; | |
7c664b1f | 192 | |
2c090c1d | 193 | return desc->structure_name != NULL ? gettables_w_structure : gettables; |
7c664b1f RL |
194 | } |
195 | ||
2c090c1d RL |
196 | static int der2key_get_params(OSSL_PARAM params[], |
197 | const struct keytype_desc_st *desc) | |
7c664b1f RL |
198 | { |
199 | OSSL_PARAM *p; | |
200 | ||
ece9304c | 201 | p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); |
7c664b1f RL |
202 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER")) |
203 | return 0; | |
2c090c1d RL |
204 | if (desc->structure_name != NULL) { |
205 | p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE); | |
206 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name)) | |
207 | return 0; | |
208 | } | |
7c664b1f RL |
209 | |
210 | return 1; | |
211 | } | |
212 | ||
2c090c1d RL |
213 | static int der2key_check_selection(int selection, |
214 | const struct keytype_desc_st *desc) | |
215 | { | |
216 | /* | |
217 | * The selections are kinda sorta "levels", i.e. each selection given | |
218 | * here is assumed to include those following. | |
219 | */ | |
220 | int checks[] = { | |
221 | OSSL_KEYMGMT_SELECT_PRIVATE_KEY, | |
222 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY, | |
223 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS | |
224 | }; | |
225 | size_t i; | |
226 | ||
227 | /* The decoder implementations made here support guessing */ | |
228 | if (selection == 0) | |
229 | return 1; | |
230 | ||
231 | for (i = 0; i < OSSL_NELEM(checks); i++) { | |
232 | int check1 = (selection & checks[i]) != 0; | |
233 | int check2 = (desc->selection_mask & checks[i]) != 0; | |
234 | ||
235 | /* | |
236 | * If the caller asked for the currently checked bit(s), return | |
237 | * whether the decoder description says it's supported. | |
238 | */ | |
239 | if (check1) | |
240 | return check2; | |
241 | } | |
242 | ||
243 | /* This should be dead code, but just to be safe... */ | |
244 | return 0; | |
245 | } | |
246 | ||
247 | static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, | |
ece9304c RL |
248 | OSSL_CALLBACK *data_cb, void *data_cbarg, |
249 | OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) | |
7c664b1f RL |
250 | { |
251 | struct der2key_ctx_st *ctx = vctx; | |
a829b735 | 252 | void *libctx = PROV_LIBCTX_OF(ctx->provctx); |
7c664b1f RL |
253 | unsigned char *der = NULL; |
254 | const unsigned char *derp; | |
255 | long der_len = 0; | |
256 | unsigned char *new_der = NULL; | |
257 | long new_der_len; | |
258 | EVP_PKEY *pkey = NULL; | |
259 | void *key = NULL; | |
2c090c1d | 260 | int orig_selection = selection; |
66066e1b | 261 | int ok = 0; |
7c664b1f | 262 | |
7c664b1f | 263 | /* |
2c090c1d RL |
264 | * The caller is allowed to specify 0 as a selection mark, to have the |
265 | * structure and key type guessed. For type-specific structures, this | |
266 | * is not recommended, as some structures are very similar. | |
267 | * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter | |
268 | * signifies a private key structure, where everything else is assumed | |
269 | * to be present as well. | |
7c664b1f | 270 | */ |
2c090c1d RL |
271 | if (selection == 0) |
272 | selection = ctx->desc->selection_mask; | |
273 | if ((selection & ctx->desc->selection_mask) == 0) { | |
274 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
275 | return 0; | |
7c664b1f RL |
276 | } |
277 | ||
2c090c1d RL |
278 | SET_ERR_MARK(); |
279 | if (!read_der(ctx->provctx, cin, &der, &der_len)) | |
280 | goto end; | |
7c664b1f | 281 | |
2c090c1d RL |
282 | if (ctx->desc->extract_key == NULL) { |
283 | /* | |
284 | * There's no EVP_PKEY extractor, so we use the type specific | |
285 | * functions. | |
286 | */ | |
b5b6669f | 287 | derp = der; |
2c090c1d RL |
288 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
289 | key = ctx->desc->d2i_private_key(NULL, &derp, der_len); | |
290 | if (key == NULL && orig_selection != 0) | |
291 | goto end; | |
292 | } | |
293 | if (key == NULL | |
294 | && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { | |
295 | key = ctx->desc->d2i_public_key(NULL, &derp, der_len); | |
296 | if (key == NULL && orig_selection != 0) | |
297 | goto end; | |
298 | } | |
299 | if (key == NULL | |
300 | && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { | |
301 | key = ctx->desc->d2i_key_params(NULL, &derp, der_len); | |
302 | } | |
303 | } else { | |
7c664b1f | 304 | /* |
2c090c1d RL |
305 | * There is a EVP_PKEY extractor, so we use the more generic |
306 | * EVP_PKEY functions, since they know how to unpack PKCS#8 and | |
307 | * SubjectPublicKeyInfo. | |
7c664b1f | 308 | */ |
7c664b1f RL |
309 | |
310 | /* | |
2c090c1d RL |
311 | * Opportunistic attempt to decrypt. If it doesn't work, we try |
312 | * to decode our input unencrypted. | |
7c664b1f | 313 | */ |
2c090c1d RL |
314 | if (der_from_p8(&new_der, &new_der_len, der, der_len, |
315 | pw_cb, pw_cbarg)) { | |
316 | OPENSSL_free(der); | |
317 | der = new_der; | |
318 | der_len = new_der_len; | |
319 | } | |
320 | RESET_ERR_MARK(); | |
321 | ||
322 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { | |
323 | derp = der; | |
324 | pkey = d2i_PrivateKey_ex(ctx->desc->evp_type, NULL, &derp, der_len, | |
325 | libctx, NULL); | |
326 | } | |
327 | ||
328 | if (pkey == NULL | |
329 | && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { | |
330 | RESET_ERR_MARK(); | |
331 | derp = der; | |
332 | pkey = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, NULL); | |
333 | } | |
334 | ||
335 | if (pkey != NULL) { | |
336 | /* | |
337 | * Tear out the low-level key pointer from the pkey, | |
338 | * but only if it matches the expected key type. | |
339 | * | |
340 | * TODO: The check should be done with EVP_PKEY_is_a(), but | |
341 | * as long as we still have #legacy internal keys, it's safer | |
342 | * to use the type numbers inside the provider. | |
343 | */ | |
344 | if (EVP_PKEY_id(pkey) == ctx->desc->evp_type) | |
345 | key = ctx->desc->extract_key(pkey); | |
346 | ||
347 | /* | |
348 | * ctx->desc->extract_key() is expected to have incremented | |
349 | * |key|'s reference count, so it should be safe to free |pkey| | |
350 | * now. | |
351 | */ | |
352 | EVP_PKEY_free(pkey); | |
353 | } | |
7c664b1f RL |
354 | } |
355 | ||
6963979f RL |
356 | if (key != NULL && ctx->desc->adjust_key != NULL) |
357 | ctx->desc->adjust_key(key, ctx); | |
358 | ||
2c090c1d RL |
359 | end: |
360 | /* | |
361 | * Prune low-level ASN.1 parse errors from error queue, assuming | |
362 | * that this is called by decoder_process() in a loop trying several | |
363 | * formats. | |
364 | */ | |
365 | CLEAR_ERR_MARK(); | |
366 | ||
7c664b1f RL |
367 | OPENSSL_free(der); |
368 | ||
369 | if (key != NULL) { | |
14c8a3d1 RL |
370 | OSSL_PARAM params[4]; |
371 | int object_type = OSSL_OBJECT_PKEY; | |
7c664b1f RL |
372 | |
373 | params[0] = | |
14c8a3d1 RL |
374 | OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); |
375 | params[1] = | |
376 | OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, | |
2c090c1d RL |
377 | (char *)ctx->desc->keytype_name, |
378 | 0); | |
7c664b1f | 379 | /* The address of the key becomes the octet string */ |
14c8a3d1 RL |
380 | params[2] = |
381 | OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, | |
7c664b1f | 382 | &key, sizeof(key)); |
14c8a3d1 | 383 | params[3] = OSSL_PARAM_construct_end(); |
7c664b1f RL |
384 | |
385 | ok = data_cb(params, data_cbarg); | |
386 | } | |
387 | ctx->desc->free_key(key); | |
388 | ||
389 | return ok; | |
390 | } | |
391 | ||
392 | static int der2key_export_object(void *vctx, | |
393 | const void *reference, size_t reference_sz, | |
394 | OSSL_CALLBACK *export_cb, void *export_cbarg) | |
395 | { | |
396 | struct der2key_ctx_st *ctx = vctx; | |
397 | OSSL_FUNC_keymgmt_export_fn *export = | |
398 | ossl_prov_get_keymgmt_export(ctx->desc->fns); | |
399 | void *keydata; | |
400 | ||
401 | if (reference_sz == sizeof(keydata) && export != NULL) { | |
402 | /* The contents of the reference is the address to our object */ | |
403 | keydata = *(void **)reference; | |
404 | ||
405 | return export(keydata, OSSL_KEYMGMT_SELECT_ALL, | |
406 | export_cb, export_cbarg); | |
407 | } | |
408 | return 0; | |
409 | } | |
410 | ||
2c090c1d RL |
411 | /* ---------------------------------------------------------------------- */ |
412 | ||
413 | #ifndef OPENSSL_NO_DH | |
414 | # define dh_evp_type EVP_PKEY_DH | |
415 | # define dh_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH | |
416 | # define dh_d2i_private_key NULL | |
417 | # define dh_d2i_public_key NULL | |
418 | # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams | |
419 | # define dh_free (free_key_fn *)DH_free | |
420 | ||
6963979f RL |
421 | static void dh_adjust(void *key, struct der2key_ctx_st *ctx) |
422 | { | |
423 | ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
424 | } | |
425 | ||
2c090c1d RL |
426 | # define dhx_evp_type EVP_PKEY_DHX |
427 | # define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH | |
428 | # define dhx_d2i_private_key NULL | |
429 | # define dhx_d2i_public_key NULL | |
430 | # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams | |
431 | # define dhx_free (free_key_fn *)DH_free | |
6963979f | 432 | # define dhx_adjust dh_adjust |
2c090c1d RL |
433 | #endif |
434 | ||
435 | /* ---------------------------------------------------------------------- */ | |
436 | ||
437 | #ifndef OPENSSL_NO_DSA | |
438 | # define dsa_evp_type EVP_PKEY_DSA | |
439 | # define dsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_DSA | |
440 | # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey | |
441 | # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey | |
442 | # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams | |
443 | # define dsa_free (free_key_fn *)DSA_free | |
6963979f RL |
444 | |
445 | static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) | |
446 | { | |
447 | ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
448 | } | |
2c090c1d RL |
449 | #endif |
450 | ||
451 | /* ---------------------------------------------------------------------- */ | |
452 | ||
453 | #ifndef OPENSSL_NO_EC | |
454 | # define ec_evp_type EVP_PKEY_EC | |
455 | # define ec_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY | |
456 | # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey | |
457 | # define ec_d2i_public_key NULL | |
458 | # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters | |
459 | # define ec_free (free_key_fn *)EC_KEY_free | |
460 | ||
6963979f RL |
461 | static void ec_adjust(void *key, struct der2key_ctx_st *ctx) |
462 | { | |
463 | ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
464 | } | |
465 | ||
2c090c1d RL |
466 | /* |
467 | * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo, | |
468 | * so no d2i functions to be had. | |
469 | */ | |
6963979f RL |
470 | |
471 | static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) | |
472 | { | |
473 | ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
474 | } | |
475 | ||
2c090c1d RL |
476 | # define ed25519_evp_type EVP_PKEY_ED25519 |
477 | # define ed25519_evp_extract (extract_key_fn *)evp_pkey_get1_ED25519 | |
478 | # define ed25519_d2i_private_key NULL | |
479 | # define ed25519_d2i_public_key NULL | |
480 | # define ed25519_d2i_key_params NULL | |
481 | # define ed25519_free (free_key_fn *)ecx_key_free | |
6963979f | 482 | # define ed25519_adjust ecx_key_adjust |
2c090c1d RL |
483 | |
484 | # define ed448_evp_type EVP_PKEY_ED448 | |
485 | # define ed448_evp_extract (extract_key_fn *)evp_pkey_get1_ED448 | |
486 | # define ed448_d2i_private_key NULL | |
487 | # define ed448_d2i_public_key NULL | |
488 | # define ed448_d2i_key_params NULL | |
489 | # define ed448_free (free_key_fn *)ecx_key_free | |
6963979f | 490 | # define ed448_adjust ecx_key_adjust |
2c090c1d RL |
491 | |
492 | # define x25519_evp_type EVP_PKEY_X25519 | |
493 | # define x25519_evp_extract (extract_key_fn *)evp_pkey_get1_X25519 | |
494 | # define x25519_d2i_private_key NULL | |
495 | # define x25519_d2i_public_key NULL | |
496 | # define x25519_d2i_key_params NULL | |
497 | # define x25519_free (free_key_fn *)ecx_key_free | |
6963979f | 498 | # define x25519_adjust ecx_key_adjust |
2c090c1d RL |
499 | |
500 | # define x448_evp_type EVP_PKEY_X448 | |
501 | # define x448_evp_extract (extract_key_fn *)evp_pkey_get1_X448 | |
502 | # define x448_d2i_private_key NULL | |
503 | # define x448_d2i_public_key NULL | |
504 | # define x448_d2i_key_params NULL | |
505 | # define x448_free (free_key_fn *)ecx_key_free | |
6963979f | 506 | # define x448_adjust ecx_key_adjust |
f2db0528 RL |
507 | |
508 | # ifndef OPENSSL_NO_SM2 | |
509 | # define sm2_evp_type EVP_PKEY_SM2 | |
510 | # define sm2_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY | |
511 | # define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey | |
512 | # define sm2_d2i_public_key NULL | |
513 | # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters | |
514 | # define sm2_free (free_key_fn *)EC_KEY_free | |
515 | # define sm2_adjust ec_adjust | |
516 | # endif | |
2c090c1d RL |
517 | #endif |
518 | ||
519 | /* ---------------------------------------------------------------------- */ | |
520 | ||
521 | #define rsa_evp_type EVP_PKEY_RSA | |
522 | #define rsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA | |
523 | #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey | |
524 | #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey | |
525 | #define rsa_d2i_key_params NULL | |
526 | #define rsa_free (free_key_fn *)RSA_free | |
527 | ||
6963979f RL |
528 | static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) |
529 | { | |
530 | ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); | |
531 | } | |
532 | ||
2c090c1d RL |
533 | #define rsapss_evp_type EVP_PKEY_RSA_PSS |
534 | #define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA | |
535 | #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey | |
536 | #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey | |
537 | #define rsapss_d2i_key_params NULL | |
538 | #define rsapss_free (free_key_fn *)RSA_free | |
6963979f | 539 | #define rsapss_adjust rsa_adjust |
2c090c1d RL |
540 | |
541 | /* ---------------------------------------------------------------------- */ | |
542 | ||
543 | /* | |
544 | * The DO_ macros help define the selection mask and the method functions | |
545 | * for each kind of object we want to decode. | |
546 | */ | |
547 | #define DO_type_specific_keypair(keytype) \ | |
548 | "type-specific", 0, \ | |
549 | ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ | |
550 | keytype##_d2i_private_key, \ | |
551 | keytype##_d2i_public_key, \ | |
552 | NULL, \ | |
553 | NULL, \ | |
6963979f | 554 | keytype##_adjust, \ |
2c090c1d RL |
555 | keytype##_free |
556 | ||
557 | #define DO_type_specific_pub(keytype) \ | |
558 | "type-specific", 0, \ | |
559 | ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ | |
560 | NULL, \ | |
561 | keytype##_d2i_public_key, \ | |
562 | NULL, \ | |
563 | NULL, \ | |
6963979f | 564 | keytype##_adjust, \ |
2c090c1d RL |
565 | keytype##_free |
566 | ||
567 | #define DO_type_specific_priv(keytype) \ | |
568 | "type-specific", 0, \ | |
569 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ | |
570 | keytype##_d2i_private_key, \ | |
571 | NULL, \ | |
572 | NULL, \ | |
573 | NULL, \ | |
6963979f | 574 | keytype##_adjust, \ |
2c090c1d RL |
575 | keytype##_free |
576 | ||
577 | #define DO_type_specific_params(keytype) \ | |
578 | "type-specific", 0, \ | |
579 | ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
580 | NULL, \ | |
581 | NULL, \ | |
582 | keytype##_d2i_key_params, \ | |
583 | NULL, \ | |
6963979f | 584 | keytype##_adjust, \ |
2c090c1d RL |
585 | keytype##_free |
586 | ||
587 | #define DO_type_specific(keytype) \ | |
588 | "type-specific", 0, \ | |
589 | ( OSSL_KEYMGMT_SELECT_ALL ), \ | |
590 | keytype##_d2i_private_key, \ | |
591 | keytype##_d2i_public_key, \ | |
592 | keytype##_d2i_key_params, \ | |
593 | NULL, \ | |
6963979f | 594 | keytype##_adjust, \ |
2c090c1d RL |
595 | keytype##_free |
596 | ||
597 | #define DO_type_specific_no_pub(keytype) \ | |
598 | "type-specific", 0, \ | |
599 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ | |
600 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
601 | keytype##_d2i_private_key, \ | |
602 | NULL, \ | |
603 | keytype##_d2i_key_params, \ | |
604 | NULL, \ | |
6963979f | 605 | keytype##_adjust, \ |
2c090c1d RL |
606 | keytype##_free |
607 | ||
608 | #define DO_PKCS8(keytype) \ | |
609 | "pkcs8", keytype##_evp_type, \ | |
610 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ | |
611 | NULL, \ | |
612 | NULL, \ | |
613 | NULL, \ | |
614 | keytype##_evp_extract, \ | |
6963979f | 615 | keytype##_adjust, \ |
2c090c1d RL |
616 | keytype##_free |
617 | ||
618 | #define DO_SubjectPublicKeyInfo(keytype) \ | |
619 | "SubjectPublicKeyInfo", keytype##_evp_type, \ | |
620 | ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ | |
621 | NULL, \ | |
622 | NULL, \ | |
623 | NULL, \ | |
624 | keytype##_evp_extract, \ | |
6963979f | 625 | keytype##_adjust, \ |
2c090c1d RL |
626 | keytype##_free |
627 | ||
628 | #define DO_DH(keytype) \ | |
629 | "DH", 0, \ | |
630 | ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
631 | NULL, \ | |
632 | NULL, \ | |
633 | keytype##_d2i_key_params, \ | |
634 | NULL, \ | |
6963979f | 635 | keytype##_adjust, \ |
2c090c1d RL |
636 | keytype##_free |
637 | ||
638 | #define DO_DHX(keytype) \ | |
639 | "DHX", 0, \ | |
640 | ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
641 | NULL, \ | |
642 | NULL, \ | |
643 | keytype##_d2i_key_params, \ | |
644 | NULL, \ | |
6963979f | 645 | keytype##_adjust, \ |
2c090c1d RL |
646 | keytype##_free |
647 | ||
648 | #define DO_DSA(keytype) \ | |
649 | "DSA", 0, \ | |
650 | ( OSSL_KEYMGMT_SELECT_ALL ), \ | |
651 | keytype##_d2i_private_key, \ | |
652 | keytype##_d2i_public_key, \ | |
653 | keytype##_d2i_key_params, \ | |
654 | NULL, \ | |
6963979f | 655 | keytype##_adjust, \ |
2c090c1d RL |
656 | keytype##_free |
657 | ||
658 | #define DO_EC(keytype) \ | |
659 | "EC", 0, \ | |
660 | ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ | |
661 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ | |
662 | keytype##_d2i_private_key, \ | |
663 | NULL, \ | |
664 | keytype##_d2i_key_params, \ | |
665 | NULL, \ | |
6963979f | 666 | keytype##_adjust, \ |
2c090c1d RL |
667 | keytype##_free |
668 | ||
669 | #define DO_RSA(keytype) \ | |
670 | "RSA", 0, \ | |
671 | ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ | |
672 | keytype##_d2i_private_key, \ | |
673 | keytype##_d2i_public_key, \ | |
674 | NULL, \ | |
675 | NULL, \ | |
6963979f | 676 | keytype##_adjust, \ |
2c090c1d RL |
677 | keytype##_free |
678 | ||
679 | /* | |
680 | * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. | |
681 | * It takes the following arguments: | |
682 | * | |
683 | * keytype_name The implementation key type as a string. | |
684 | * keytype The implementation key type. This must correspond exactly | |
685 | * to our existing keymgmt keytype names... in other words, | |
686 | * there must exist an ossl_##keytype##_keymgmt_functions. | |
687 | * type The type name for the set of functions that implement the | |
688 | * decoder for the key type. This isn't necessarily the same | |
689 | * as keytype. For example, the key types ed25519, ed448, | |
690 | * x25519 and x448 are all handled by the same functions with | |
691 | * the common type name ecx. | |
692 | * kind The kind of support to implement. This translates into | |
693 | * the DO_##kind macros above, to populate the keytype_desc_st | |
694 | * structure. | |
695 | */ | |
696 | #define MAKE_DECODER(keytype_name, keytype, type, kind) \ | |
697 | static const struct keytype_desc_st kind##_##keytype##_desc = \ | |
698 | { keytype_name, ossl_##keytype##_keymgmt_functions, \ | |
699 | DO_##kind(keytype) }; \ | |
700 | \ | |
701 | static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ | |
702 | static OSSL_FUNC_decoder_gettable_params_fn \ | |
703 | kind##_der2##keytype##_gettable_params; \ | |
704 | static OSSL_FUNC_decoder_get_params_fn \ | |
705 | kind##_der2##keytype##_get_params; \ | |
706 | \ | |
707 | static void *kind##_der2##keytype##_newctx(void *provctx) \ | |
708 | { \ | |
709 | return der2key_newctx(provctx, &kind##_##keytype##_desc); \ | |
710 | } \ | |
711 | static const OSSL_PARAM * \ | |
712 | kind##_der2##keytype##_gettable_params(void *provctx) \ | |
713 | { \ | |
714 | return \ | |
715 | der2key_gettable_params(provctx, &kind##_##keytype##_desc); \ | |
716 | } \ | |
717 | static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \ | |
718 | { \ | |
719 | return der2key_get_params(params, &kind##_##keytype##_desc); \ | |
720 | } \ | |
721 | static int kind##_der2##keytype##_does_selection(void *provctx, \ | |
722 | int selection) \ | |
7c664b1f | 723 | { \ |
2c090c1d RL |
724 | return der2key_check_selection(selection, \ |
725 | &kind##_##keytype##_desc); \ | |
7c664b1f | 726 | } \ |
2c090c1d RL |
727 | const OSSL_DISPATCH \ |
728 | ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \ | |
ece9304c | 729 | { OSSL_FUNC_DECODER_NEWCTX, \ |
2c090c1d | 730 | (void (*)(void))kind##_der2##keytype##_newctx }, \ |
ece9304c | 731 | { OSSL_FUNC_DECODER_FREECTX, \ |
7c664b1f | 732 | (void (*)(void))der2key_freectx }, \ |
ece9304c | 733 | { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \ |
2c090c1d | 734 | (void (*)(void))kind##_der2##keytype##_gettable_params }, \ |
ece9304c | 735 | { OSSL_FUNC_DECODER_GET_PARAMS, \ |
2c090c1d RL |
736 | (void (*)(void))kind##_der2##keytype##_get_params }, \ |
737 | { OSSL_FUNC_DECODER_DOES_SELECTION, \ | |
738 | (void (*)(void))kind##_der2##keytype##_does_selection }, \ | |
ece9304c RL |
739 | { OSSL_FUNC_DECODER_DECODE, \ |
740 | (void (*)(void))der2key_decode }, \ | |
741 | { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ | |
7c664b1f RL |
742 | (void (*)(void))der2key_export_object }, \ |
743 | { 0, NULL } \ | |
744 | } | |
745 | ||
746 | #ifndef OPENSSL_NO_DH | |
2c090c1d RL |
747 | MAKE_DECODER("DH", dh, dh, PKCS8); |
748 | MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo); | |
749 | MAKE_DECODER("DH", dh, dh, type_specific_params); | |
750 | MAKE_DECODER("DH", dh, dh, DH); | |
751 | MAKE_DECODER("DHX", dhx, dhx, PKCS8); | |
752 | MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo); | |
753 | MAKE_DECODER("DHX", dhx, dhx, type_specific_params); | |
754 | MAKE_DECODER("DHX", dhx, dhx, DHX); | |
7c664b1f RL |
755 | #endif |
756 | #ifndef OPENSSL_NO_DSA | |
2c090c1d RL |
757 | MAKE_DECODER("DSA", dsa, dsa, PKCS8); |
758 | MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo); | |
759 | MAKE_DECODER("DSA", dsa, dsa, type_specific); | |
760 | MAKE_DECODER("DSA", dsa, dsa, DSA); | |
7c664b1f RL |
761 | #endif |
762 | #ifndef OPENSSL_NO_EC | |
2c090c1d RL |
763 | MAKE_DECODER("EC", ec, ec, PKCS8); |
764 | MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo); | |
765 | MAKE_DECODER("EC", ec, ec, type_specific_no_pub); | |
766 | MAKE_DECODER("EC", ec, ec, EC); | |
767 | MAKE_DECODER("X25519", x25519, ecx, PKCS8); | |
768 | MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo); | |
769 | MAKE_DECODER("X448", x448, ecx, PKCS8); | |
770 | MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo); | |
771 | MAKE_DECODER("ED25519", ed25519, ecx, PKCS8); | |
772 | MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo); | |
773 | MAKE_DECODER("ED448", ed448, ecx, PKCS8); | |
774 | MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo); | |
f2db0528 RL |
775 | # ifndef OPENSSL_NO_SM2 |
776 | MAKE_DECODER("SM2", sm2, ec, PKCS8); | |
777 | MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); | |
778 | # endif | |
7c664b1f | 779 | #endif |
2c090c1d RL |
780 | MAKE_DECODER("RSA", rsa, rsa, PKCS8); |
781 | MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); | |
782 | MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair); | |
783 | MAKE_DECODER("RSA", rsa, rsa, RSA); | |
784 | MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8); | |
785 | MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo); |