]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/implementations/encode_decode/encode_key2any.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ENCODER: Refactor provider implementations, and some cleanup
[thirdparty/openssl.git] / providers / implementations / encode_decode / encode_key2any.c
CommitLineData
8ae40cf5
RL		 1/*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * Low level APIs are deprecated for public use, but still ok for internal use.
12 */
13#include "internal/deprecated.h"
14
15#include <openssl/core.h>
16#include <openssl/core_dispatch.h>
17#include <openssl/core_names.h>
18#include <openssl/crypto.h>
19#include <openssl/params.h>
20#include <openssl/asn1.h>
21#include <openssl/err.h>
22#include <openssl/pem.h>
23#include <openssl/x509.h>
24#include <openssl/pkcs12.h> /* PKCS8_encrypt() */
25#include <openssl/dh.h>
26#include <openssl/dsa.h>
27#include <openssl/ec.h>
28#include "internal/passphrase.h"
29#include "internal/cryptlib.h"
30#include "crypto/ecx.h"
31#include "crypto/rsa.h"
32#include "prov/implementations.h"
33#include "prov/providercommonerr.h"
34#include "prov/bio.h"
35#include "prov/provider_ctx.h"
36#include "prov/der_rsa.h"
37#include "endecoder_local.h"
38
39struct key2any_ctx_st {
40 PROV_CTX *provctx;
41
42 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
43 int cipher_intent;
44
45 EVP_CIPHER *cipher;
46
47 struct ossl_passphrase_data_st pwdata;
48};
49
50typedef int key_to_paramstring_fn(const void *key, int nid,
51 void **str, int *strtype);
52typedef int key_to_der_fn(BIO *out, const void *key, int key_nid,
53 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
54 struct key2any_ctx_st *ctx);
55typedef int write_bio_of_void_fn(BIO *bp, const void *x);
56
57static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
58 void *params, int params_type,
59 i2d_of_void *k2d)
60{
61 /* der, derlen store the key DER output and its length */
62 unsigned char *der = NULL;
63 int derlen;
64 /* The final PKCS#8 info */
65 PKCS8_PRIV_KEY_INFO *p8info = NULL;
66
67
68 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
69 || (derlen = k2d(key, &der)) <= 0
70 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
71 params_type, params, der, derlen)) {
72 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
73 PKCS8_PRIV_KEY_INFO_free(p8info);
74 OPENSSL_free(der);
75 p8info = NULL;
76 }
77
78 return p8info;
79}
80
81static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
82 struct key2any_ctx_st *ctx)
83{
84 X509_SIG *p8 = NULL;
85 char kstr[PEM_BUFSIZE];
86 size_t klen = 0;
87
88 if (ctx->cipher == NULL)
89 return NULL;
90
91 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
92 &ctx->pwdata)) {
93 ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
94 return NULL;
95 }
96 /* First argument == -1 means "standard" */
97 p8 = PKCS8_encrypt(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info);
98 OPENSSL_cleanse(kstr, klen);
99 return p8;
100}
101
102static X509_SIG *key_to_encp8(const void *key, int key_nid,
103 void *params, int params_type,
104 i2d_of_void *k2d, struct key2any_ctx_st *ctx)
105{
106 PKCS8_PRIV_KEY_INFO *p8info =
107 key_to_p8info(key, key_nid, params, params_type, k2d);
108 X509_SIG *p8 = p8info_to_encp8(p8info, ctx);
109
110 PKCS8_PRIV_KEY_INFO_free(p8info);
111 return p8;
112}
113
114static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
115 void *params, int params_type,
116 i2d_of_void k2d)
117{
118 /* der, derlen store the key DER output and its length */
119 unsigned char *der = NULL;
120 int derlen;
121 /* The final X509_PUBKEY */
122 X509_PUBKEY *xpk = NULL;
123
124
125 if ((xpk = X509_PUBKEY_new()) == NULL
126 || (derlen = k2d(key, &der)) <= 0
127 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
128 params_type, params, der, derlen)) {
129 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
130 X509_PUBKEY_free(xpk);
131 OPENSSL_free(der);
132 xpk = NULL;
133 }
134
135 return xpk;
136}
137
138static int key_to_der_pkcs8_bio(BIO *out, const void *key, int key_nid,
139 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
140 struct key2any_ctx_st *ctx)
141{
142 int ret = 0;
143 void *str = NULL;
144 int strtype = V_ASN1_UNDEF;
145
146 if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
147 return 0;
148
149 if (ctx->cipher_intent) {
150 X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
151
152 if (p8 != NULL)
153 ret = i2d_PKCS8_bio(out, p8);
154
155 X509_SIG_free(p8);
156 } else {
157 PKCS8_PRIV_KEY_INFO *p8info =
158 key_to_p8info(key, key_nid, str, strtype, k2d);
159
160 if (p8info != NULL)
161 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
162
163 PKCS8_PRIV_KEY_INFO_free(p8info);
164 }
165
166 return ret;
167}
168
169static int key_to_pem_pkcs8_bio(BIO *out, const void *key, int key_nid,
170 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
171 struct key2any_ctx_st *ctx)
172{
173 int ret = 0;
174 void *str = NULL;
175 int strtype = V_ASN1_UNDEF;
176
177 if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
178 return 0;
179
180 if (ctx->cipher_intent) {
181 X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
182
183 if (p8 != NULL)
184 ret = PEM_write_bio_PKCS8(out, p8);
185
186 X509_SIG_free(p8);
187 } else {
188 PKCS8_PRIV_KEY_INFO *p8info =
189 key_to_p8info(key, key_nid, str, strtype, k2d);
190
191 if (p8info != NULL)
192 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
193
194 PKCS8_PRIV_KEY_INFO_free(p8info);
195 }
196
197 return ret;
198}
199
200static int key_to_der_pubkey_bio(BIO *out, const void *key, int key_nid,
201 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
202 struct key2any_ctx_st *ctx)
203{
204 int ret = 0;
205 void *str = NULL;
206 int strtype = V_ASN1_UNDEF;
207 X509_PUBKEY *xpk = NULL;
208
209 if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
210 return 0;
211
212 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
213
214 if (xpk != NULL)
215 ret = i2d_X509_PUBKEY_bio(out, xpk);
216
217 /* Also frees |str| */
218 X509_PUBKEY_free(xpk);
219 return ret;
220}
221
222static int key_to_pem_pubkey_bio(BIO *out, const void *key, int key_nid,
223 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
224 struct key2any_ctx_st *ctx)
225{
226 int ret = 0;
227 void *str = NULL;
228 int strtype = V_ASN1_UNDEF;
229 X509_PUBKEY *xpk = NULL;
230
231 if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
232 return 0;
233
234 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
235
236 if (xpk != NULL)
237 ret = PEM_write_bio_X509_PUBKEY(out, xpk);
238
239 /* Also frees |str| */
240 X509_PUBKEY_free(xpk);
241 return ret;
242}
243
244/* ---------------------------------------------------------------------- */
245
246#ifndef OPENSSL_NO_DH
247# define dh_param_selection OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
248# define dh_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \
249 | dh_param_selection)
250# define dh_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \
251 | dh_param_selection)
252
253static int dh_type_to_evp(const DH *dh)
254{
255 return DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH;
256}
257
258static int prepare_dh_params(const void *dh, int nid,
259 void **pstr, int *pstrtype)
260{
261 ASN1_STRING *params = ASN1_STRING_new();
262
263 if (params == NULL) {
264 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
265 return 0;
266 }
267
268 if (nid == EVP_PKEY_DHX)
269 params->length = i2d_DHxparams(dh, &params->data);
270 else
271 params->length = i2d_DHparams(dh, &params->data);
272
273 if (params->length <= 0) {
274 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
275 ASN1_STRING_free(params);
276 return 0;
277 }
278 params->type = V_ASN1_SEQUENCE;
279
280 *pstr = params;
281 *pstrtype = V_ASN1_SEQUENCE;
282 return 1;
283}
284
285static int dh_pub_to_der(const void *dh, unsigned char **pder)
286{
287 const BIGNUM *bn = NULL;
288 ASN1_INTEGER *pub_key = NULL;
289 int ret;
290
291 if ((bn = DH_get0_pub_key(dh)) == NULL) {
292 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
293 return 0;
294 }
295 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
296 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
297 return 0;
298 }
299
300 ret = i2d_ASN1_INTEGER(pub_key, pder);
301
302 ASN1_STRING_clear_free(pub_key);
303 return ret;
304}
305
306static int dh_priv_to_der(const void *dh, unsigned char **pder)
307{
308 const BIGNUM *bn = NULL;
309 ASN1_INTEGER *priv_key = NULL;
310 int ret;
311
312 if ((bn = DH_get0_priv_key(dh)) == NULL) {
313 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
314 return 0;
315 }
316 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
317 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
318 return 0;
319 }
320
321 ret = i2d_ASN1_INTEGER(priv_key, pder);
322
323 ASN1_STRING_clear_free(priv_key);
324 return ret;
325}
326
327static int dh_params_to_der_bio(BIO *out, const void *key)
328{
329 return i2d_DHparams_bio(out, key);
330}
331
332static int dh_params_to_pem_bio(BIO *out, const void *key)
333{
334 return PEM_write_bio_DHparams(out, key);
335}
336#endif
337
338/* ---------------------------------------------------------------------- */
339
340#ifndef OPENSSL_NO_DSA
341# define dsa_param_selection OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
342# define dsa_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \
343 | dsa_param_selection)
344# define dsa_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \
345 | dsa_param_selection)
346
347# define dsa_type_to_evp(key) EVP_PKEY_DSA
348
349static int prepare_some_dsa_params(const void *dsa, int nid,
350 void **pstr, int *pstrtype)
351{
352 ASN1_STRING *params = ASN1_STRING_new();
353
354 if (params == NULL) {
355 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
356 return 0;
357 }
358
359 params->length = i2d_DSAparams(dsa, &params->data);
360
361 if (params->length <= 0) {
362 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
363 ASN1_STRING_free(params);
364 return 0;
365 }
366
367 *pstrtype = V_ASN1_SEQUENCE;
368 *pstr = params;
369 return 1;
370}
371
372static int prepare_all_dsa_params(const void *dsa, int nid,
373 void **pstr, int *pstrtype)
374{
375 const BIGNUM *p = DSA_get0_p(dsa);
376 const BIGNUM *q = DSA_get0_q(dsa);
377 const BIGNUM *g = DSA_get0_g(dsa);
378
379 if (p != NULL && q != NULL && g != NULL)
380 return prepare_some_dsa_params(dsa, nid, pstr, pstrtype);
381
382 *pstr = NULL;
383 *pstrtype = V_ASN1_UNDEF;
384 return 1;
385}
386
387static int prepare_dsa_params(const void *dsa, int nid,
388 void **pstr, int *pstrtype)
389{
390 /*
391 * TODO(v3.0) implement setting save_parameters, see dsa_pub_encode()
392 * in crypto/dsa/dsa_ameth.c
393 */
394 int save_parameters = 1;
395
396 return save_parameters
397 ? prepare_all_dsa_params(dsa, nid, pstr, pstrtype)
398 : prepare_some_dsa_params(dsa, nid, pstr, pstrtype);
399}
400
401static int dsa_pub_to_der(const void *dsa, unsigned char **pder)
402{
403 const BIGNUM *bn = NULL;
404 ASN1_INTEGER *pub_key = NULL;
405 int ret;
406
407 if ((bn = DSA_get0_pub_key(dsa)) == NULL) {
408 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
409 return 0;
410 }
411 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
412 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
413 return 0;
414 }
415
416 ret = i2d_ASN1_INTEGER(pub_key, pder);
417
418 ASN1_STRING_clear_free(pub_key);
419 return ret;
420}
421
422static int dsa_priv_to_der(const void *dsa, unsigned char **pder)
423{
424 const BIGNUM *bn = NULL;
425 ASN1_INTEGER *priv_key = NULL;
426 int ret;
427
428 if ((bn = DSA_get0_priv_key(dsa)) == NULL) {
429 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
430 return 0;
431 }
432 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
433 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
434 return 0;
435 }
436
437 ret = i2d_ASN1_INTEGER(priv_key, pder);
438
439 ASN1_STRING_clear_free(priv_key);
440 return ret;
441}
442
443static int dsa_params_to_der_bio(BIO *out, const void *key)
444{
445 return i2d_DSAparams_bio(out, key);
446}
447
448static int dsa_params_to_pem_bio(BIO *out, const void *key)
449{
450 return PEM_write_bio_DSAparams(out, key);
451}
452#endif
453
454/* ---------------------------------------------------------------------- */
455
456#ifndef OPENSSL_NO_EC
457# define ec_param_selection OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
458# define ec_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \
459 | ec_param_selection)
460# define ec_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \
461 | ec_param_selection)
462
463# define ec_type_to_evp(key) EVP_PKEY_EC
464
465static int prepare_ec_explicit_params(const void *eckey,
466 void **pstr, int *pstrtype)
467{
468 ASN1_STRING *params = ASN1_STRING_new();
469
470 if (params == NULL) {
471 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
472 return 0;
473 }
474
475 params->length = i2d_ECParameters(eckey, &params->data);
476 if (params->length <= 0) {
477 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
478 ASN1_STRING_free(params);
479 return 0;
480 }
481
482 *pstrtype = V_ASN1_SEQUENCE;
483 *pstr = params;
484 return 1;
485}
486
487static int prepare_ec_params(const void *eckey, int nid,
488 void **pstr, int *pstrtype)
489{
490 int curve_nid;
491 const EC_GROUP *group = EC_KEY_get0_group(eckey);
492 ASN1_OBJECT *params = NULL;
493
494 if (group == NULL)
495 return 0;
496 curve_nid = EC_GROUP_get_curve_name(group);
497 if (curve_nid != NID_undef) {
498 params = OBJ_nid2obj(curve_nid);
499 if (params == NULL)
500 return 0;
501 }
502
503 if (curve_nid != NID_undef
504 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) {
505 if (OBJ_length(params) == 0) {
506 /* Some curves might not have an associated OID */
507 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID);
508 ASN1_OBJECT_free(params);
509 return 0;
510 }
511 *pstr = params;
512 *pstrtype = V_ASN1_OBJECT;
513 return 1;
514 } else {
515 return prepare_ec_explicit_params(eckey, pstr, pstrtype);
516 }
517}
518
519static int ec_params_to_der_bio(BIO *out, const void *eckey)
520{
521 return i2d_ECPKParameters_bio(out, EC_KEY_get0_group(eckey));
522}
523
524static int ec_params_to_pem_bio(BIO *out, const void *eckey)
525{
526 return PEM_write_bio_ECPKParameters(out, EC_KEY_get0_group(eckey));
527}
528
529static int ec_pub_to_der(const void *eckey, unsigned char **pder)
530{
531 return i2o_ECPublicKey(eckey, pder);
532}
533
534static int ec_priv_to_der(const void *veckey, unsigned char **pder)
535{
536 EC_KEY *eckey = (EC_KEY *)veckey;
537 unsigned int old_flags;
538 int ret = 0;
539
540 /*
541 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
542 * as the pkeyalg->parameter field. (For a named curve this is an OID)
543 * The pkey field is an octet string that holds the encoded
544 * ECPrivateKey SEQUENCE with the optional parameters field omitted.
545 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
546 */
547 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */
548 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS);
549 ret = i2d_ECPrivateKey(eckey, pder);
550 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */
551 return ret; /* return the length of the der encoded data */
552}
553#endif
554
555/* ---------------------------------------------------------------------- */
556
557#ifndef OPENSSL_NO_EC
558# define ecx_pub_selection OSSL_KEYMGMT_SELECT_PUBLIC_KEY
559# define ecx_priv_selection OSSL_KEYMGMT_SELECT_KEYPAIR
560
561# define ed25519_type_to_evp(key) EVP_PKEY_ED25519
562# define ed448_type_to_evp(key) EVP_PKEY_ED448
563# define x25519_type_to_evp(key) EVP_PKEY_X25519
564# define x448_type_to_evp(key) EVP_PKEY_X448
565
566# define prepare_ecx_params NULL
567
568static int ecx_pub_to_der(const void *vecxkey, unsigned char **pder)
569{
570 const ECX_KEY *ecxkey = vecxkey;
571 unsigned char *keyblob;
572
573 if (ecxkey == NULL) {
574 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
575 return 0;
576 }
577
578 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
579 if (keyblob == NULL) {
580 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
581 return 0;
582 }
583
584 *pder = keyblob;
585 return ecxkey->keylen;
586}
587
588static int ecx_priv_to_der(const void *vecxkey, unsigned char **pder)
589{
590 const ECX_KEY *ecxkey = vecxkey;
591 ASN1_OCTET_STRING oct;
592 int keybloblen;
593
594 if (ecxkey == NULL || ecxkey->privkey == NULL) {
595 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
596 return 0;
597 }
598
599 oct.data = ecxkey->privkey;
600 oct.length = ecxkey->keylen;
601 oct.flags = 0;
602
603 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
604 if (keybloblen < 0) {
605 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
606 return 0;
607 }
608
609 return keybloblen;
610}
611
612# define ecx_params_to_der_bio NULL
613# define ecx_params_to_pem_bio NULL
614#endif
615
616/* ---------------------------------------------------------------------- */
617
618#define rsa_param_selection OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS
619#define rsa_pub_selection (OSSL_KEYMGMT_SELECT_PUBLIC_KEY \
620 | rsa_param_selection)
621#define rsa_priv_selection (OSSL_KEYMGMT_SELECT_KEYPAIR \
622 | rsa_param_selection)
623
624static int rsa_type_to_evp(const RSA *rsa)
625{
626 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
627 case RSA_FLAG_TYPE_RSA:
628 return EVP_PKEY_RSA;
629 case RSA_FLAG_TYPE_RSASSAPSS:
630 return EVP_PKEY_RSA_PSS;
631 }
632
633 /* Currently unsupported RSA key type */
634 return EVP_PKEY_NONE;
635}
636
637/*
638 * Helper functions to prepare RSA-PSS params for encoding. We would
639 * have simply written the whole AlgorithmIdentifier, but existing libcrypto
640 * functionality doesn't allow that.
641 */
642
643static int prepare_rsa_params(const void *rsa, int nid,
644 void **pstr, int *pstrtype)
645{
646 const RSA_PSS_PARAMS_30 *pss = rsa_get0_pss_params_30((RSA *)rsa);
647
648 *pstr = NULL;
649
650 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
651 case RSA_FLAG_TYPE_RSA:
652 /* If plain RSA, the parameters shall be NULL */
653 *pstrtype = V_ASN1_NULL;
654 return 1;
655 case RSA_FLAG_TYPE_RSASSAPSS:
656 if (rsa_pss_params_30_is_unrestricted(pss)) {
657 *pstrtype = V_ASN1_UNDEF;
658 return 1;
659 } else {
660 ASN1_STRING *astr = NULL;
661 WPACKET pkt;
662 unsigned char *str = NULL;
663 size_t str_sz = 0;
664 int i;
665
666 for (i = 0; i < 2; i++) {
667 switch (i) {
668 case 0:
669 if (!WPACKET_init_null_der(&pkt))
670 goto err;
671 break;
672 case 1:
673 if ((str = OPENSSL_malloc(str_sz)) == NULL
674 || !WPACKET_init_der(&pkt, str, str_sz)) {
675 goto err;
676 }
677 break;
678 }
679 if (!DER_w_RSASSA_PSS_params(&pkt, -1, pss)
680 || !WPACKET_finish(&pkt)
681 || !WPACKET_get_total_written(&pkt, &str_sz))
682 goto err;
683 WPACKET_cleanup(&pkt);
684
685 /*
686 * If no PSS parameters are going to be written, there's no
687 * point going for another iteration.
688 * This saves us from getting |str| allocated just to have it
689 * immediately de-allocated.
690 */
691 if (str_sz == 0)
692 break;
693 }
694
695 if ((astr = ASN1_STRING_new()) == NULL)
696 goto err;
697 *pstrtype = V_ASN1_SEQUENCE;
698 ASN1_STRING_set0(astr, str, (int)str_sz);
699 *pstr = astr;
700
701 return 1;
702 err:
703 OPENSSL_free(str);
704 return 0;
705 }
706 }
707
708 /* Currently unsupported RSA key type */
709 return 0;
710}
711
712#define rsa_params_to_der_bio NULL
713#define rsa_params_to_pem_bio NULL
714#define rsa_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
715#define rsa_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
716
717/* ---------------------------------------------------------------------- */
718
719static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
720static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
721
722static void *key2any_newctx(void *provctx)
723{
724 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
725
726 if (ctx != NULL)
727 ctx->provctx = provctx;
728
729 return ctx;
730}
731
732static void key2any_freectx(void *vctx)
733{
734 struct key2any_ctx_st *ctx = vctx;
735
736 ossl_pw_clear_passphrase_data(&ctx->pwdata);
737 EVP_CIPHER_free(ctx->cipher);
738 OPENSSL_free(ctx);
739}
740
741static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
742{
743 static const OSSL_PARAM settables[] = {
744 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
745 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
746 OSSL_PARAM_END,
747 };
748
749 return settables;
750}
751
752static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
753{
754 struct key2any_ctx_st *ctx = vctx;
755 OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx);
756 const OSSL_PARAM *cipherp =
757 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
758 const OSSL_PARAM *propsp =
759 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
760
761 if (cipherp != NULL) {
762 const char *ciphername = NULL;
763 const char *props = NULL;
764
765 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
766 return 0;
767 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
768 return 0;
769
770 EVP_CIPHER_free(ctx->cipher);
771 ctx->cipher_intent = ciphername != NULL;
772 if (ciphername != NULL
773 && ((ctx->cipher =
774 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
775 return 0;
776 }
777 return 1;
778}
779
780static int key2any_encode(struct key2any_ctx_st *ctx,
781 const void *key, int type,
782 OSSL_CORE_BIO *cout, key_to_der_fn *writer,
783 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg,
784 key_to_paramstring_fn *key2paramstring,
785 i2d_of_void *key2der)
786{
787 BIO *out = bio_new_from_core_bio(ctx->provctx, cout);
788 int ret = 0;
789
790 if (out != NULL
791 && writer != NULL
792 && ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg))
793 ret = writer(out, key, type, key2paramstring, key2der, ctx);
794
795 BIO_free(out);
796 return ret;
797}
798
799static int key2any_encode_params(struct key2any_ctx_st *ctx, const void *key,
800 OSSL_CORE_BIO *cout,
801 write_bio_of_void_fn *writer)
802{
803 int ret = 0;
804 BIO *out = bio_new_from_core_bio(ctx->provctx, cout);
805
806 if (out != NULL && writer != NULL)
807 ret = writer(out, key);
808
809 BIO_free(out);
810
811 return ret;
812}
813
814#define ALLOWED_SELECTORS \
815 (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS | OSSL_KEYMGMT_SELECT_KEYPAIR)
816
817#define MAKE_ENCODER_KIND(impl, kind, type, evp_type, output) \
818 static OSSL_FUNC_encoder_encode_data_fn \
819 impl##_##kind##2##output##_encode_d; \
820 static OSSL_FUNC_encoder_encode_object_fn \
821 impl##_##kind##2##output##_encode_o; \
822 static int \
823 impl##_##kind##2##output##_encode_d(void *vctx, \
824 const OSSL_PARAM params[], \
825 OSSL_CORE_BIO *cout, \
826 OSSL_PASSPHRASE_CALLBACK *cb, \
827 void *cbarg) \
828 { \
829 struct key2any_ctx_st *ctx = vctx; \
830 int selection = type##_##kind##_selection; \
831 void *key = ossl_prov_import_key(impl##_keymgmt_functions, \
832 ctx->provctx, selection, \
833 params); \
834 int ret; \
835 \
836 if (key == NULL) \
837 return 0; \
838 \
839 ret = impl##_##kind##2##output##_encode_o(ctx, key, cout, \
840 cb, cbarg); \
841 ossl_prov_free_key(impl##_keymgmt_functions, key); \
842 return ret; \
843 } \
844 static int \
845 impl##_##kind##2##output##_encode_o(void *vctx, const void *key, \
846 OSSL_CORE_BIO *cout, \
847 OSSL_PASSPHRASE_CALLBACK *cb, \
848 void *cbarg) \
849 { \
850 int selection = type##_##kind##_selection; \
851 \
852 if (!ossl_assert(selection != 0) \
853 || !ossl_assert((selection & ~ALLOWED_SELECTORS) == 0)) { \
854 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); \
855 return 0; \
856 } \
857 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) \
858 return key2any_encode(vctx, key, impl##_type_to_evp(key), \
859 cout, key_to_##output##_pkcs8_bio, \
860 cb, cbarg, \
861 prepare_##type##_params, \
862 type##_priv_to_der); \
863 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) \
864 return key2any_encode(vctx, key, impl##_type_to_evp(key), \
865 cout, key_to_##output##_pubkey_bio, \
866 cb, cbarg, \
867 prepare_##type##_params, \
868 type##_pub_to_der); \
869 return key2any_encode_params(vctx, key, cout, \
870 type##_params_to_##output##_bio); \
871 } \
872 const OSSL_DISPATCH \
873 impl##_##kind##_to_##output##_encoder_functions[] = { \
874 { OSSL_FUNC_ENCODER_NEWCTX, \
875 (void (*)(void))key2any_newctx }, \
876 { OSSL_FUNC_ENCODER_FREECTX, \
877 (void (*)(void))key2any_freectx }, \
878 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
879 (void (*)(void))key2any_settable_ctx_params }, \
880 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
881 (void (*)(void))key2any_set_ctx_params }, \
882 { OSSL_FUNC_ENCODER_ENCODE_DATA, \
883 (void (*)(void))impl##_##kind##2##output##_encode_d }, \
884 { OSSL_FUNC_ENCODER_ENCODE_OBJECT, \
885 (void (*)(void))impl##_##kind##2##output##_encode_o }, \
886 { 0, NULL } \
887 }
888
889#define MAKE_ENCODER(impl, type, evp_type, output) \
890 MAKE_ENCODER_KIND(impl, param, type, evp_type, output); \
891 MAKE_ENCODER_KIND(impl, pub, type, evp_type, output); \
892 MAKE_ENCODER_KIND(impl, priv, type, evp_type, output)
893
894#define MAKE_ENCODER_NOPARAM(impl, type, evp_type, output) \
895 MAKE_ENCODER_KIND(impl, pub, type, evp_type, output); \
896 MAKE_ENCODER_KIND(impl, priv, type, evp_type, output)
897
898#ifndef OPENSSL_NO_DH
899MAKE_ENCODER(dh, dh, EVP_PKEY_DH, der);
900MAKE_ENCODER(dh, dh, EVP_PKEY_DH, pem);
901#endif
902#ifndef OPENSSL_NO_DSA
903MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, der);
904MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, pem);
905#endif
906#ifndef OPENSSL_NO_EC
907MAKE_ENCODER(ec, ec, EVP_PKEY_EC, der);
908MAKE_ENCODER(ec, ec, EVP_PKEY_EC, pem);
909MAKE_ENCODER_NOPARAM(ed25519, ecx, EVP_PKEY_ED25519, der);
910MAKE_ENCODER_NOPARAM(ed25519, ecx, EVP_PKEY_ED25519, pem);
911MAKE_ENCODER_NOPARAM(ed448, ecx, EVP_PKEY_ED448, der);
912MAKE_ENCODER_NOPARAM(ed448, ecx, EVP_PKEY_ED448, pem);
913MAKE_ENCODER_NOPARAM(x25519, ecx, EVP_PKEY_X25519, der);
914MAKE_ENCODER_NOPARAM(x25519, ecx, EVP_PKEY_X25519, pem);
915MAKE_ENCODER_NOPARAM(x448, ecx, EVP_PKEY_ED448, der);
916MAKE_ENCODER_NOPARAM(x448, ecx, EVP_PKEY_ED448, pem);
917#endif
918/*
919 * RSA-PSS does have parameters, but we don't have a separate output for them,
920 * so we don't pretend we do. Parameter handling remains internal within the
921 * RSA helper functions.
922 */
923MAKE_ENCODER_NOPARAM(rsa, rsa, EVP_PKEY_RSA, der);
924MAKE_ENCODER_NOPARAM(rsa, rsa, EVP_PKEY_RSA, pem);
A mirror of the official openssl repository